On 15/10/2021 01:09, PrivacyArms wrote:
To clarify my question: Is there an anonymous network (GPA) for secure/private
messaging better than Tor?
Regarding the other question: What can criminals can do to stay anonymous which
is outside the law (hacking/stealing computers/wifi), more?
Anonymity is hard, and low-latency anonymity is almost impossible. A
brief history:
In 1981 David Chaum described mix networks (including onion routing).
This was only possible because of the then-recent invention of public
key cryptography. This idea was then instantiated as the Cypherpunks
anonymous remailer, then the Mixmaster remailer.
A further development, Mixminion, was in the works in the early to mid
noughties, but was derailed when its chief coder, Nick Matthewson,
decided to work on TOR instead.
Anonymous remailers could work, but they are pretty much moribund now.
The same year, in "True Names", Vernor Vinge described a "feed", whereby
short encrypted messages were aggregated and broadcast. Chaum described
a similar idea, incorporating dummy traffic, and other plans involving
private information retrieval. [2]
None of these have come to fruition.
So no, there are no "strict" anonymous networks in existence. By
"strict" I mean mathematically provable, without requiring trusting
another person.
Nor are there any effective widely-deployed anonymous networks which
only require trusting any one out of many people.
There are several less-than-strict techniques, which may or may not
work. You could "use other people's computers" by chaining through a
few web proxies. You could internet cafes, hack into wifi (perhaps using
a box connected via an IR link) or relay through a chain of pwned boxen.
Sneaky people might well think of some more, but I wouldn't put them in
an email. :)
Secure messaging, as opposed to anonymous messaging, where
confidentiality rather than anonymity is the requirement, is of course
possible - there are several apps, or you could almost write your own
(don't do it, I said "almost"!).
Just make sure it is really end=to=end and there are NO dedicated [1]
servers involved anywhere - there is no cryptographic need for a
dedicated server in a secure messaging network. If there is one then you
are trusting it to do something; and remember the 6th law:
"Only those you trust can betray you."
Peter Fairbrother
[1] by dedicated I mean you have to use a particular server. If you have
to use any one of several servers it might be OK if you (can) run your
own server. Or it might not. No server is safer]
[2] Chaum's 1981 MS thesis, "Untraceable Electronic Mail, Return
Addresses, and Digital Pseudonyms" contains almost all the types of
strict anonymous communication ever invented, worth a read.
http://www.cs.utexas.edu/~shmat/courses/cs395t_fall04/chaum81.pdf
Vernor Vinge's True Names is of course required reading:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjqu4Pr7MvzAhVTglwKHRBJBfEQFnoECAIQAQ&url=http%3A%2F%2Fwww.scotswolf.com%2FTRUENAMES.pdf&usg=AOvVaw0u3GgYC_zdrgFmYrmP2DAA
