Re: [OT] mitigating or defeating syntax analysis
scar (18.04.2008 02:04): not exactly sure how to articulate this, but i'll do my best. assume there is a global adversary trying to track down an anonymous Tor-user by using syntax analysis. that is to say, gathering sets of sentences or paragraphs from e-mails or forums, etc. and then recognizing similarities in the syntax (that is, the way the sentence or paragraph is written) in order group anonymous text with non-anonymous text and ultimately reveal the identity of an anonymous user, based on the way they write, basically. the field of psycholinguistics would probably be a good resource for this type of analysis. i hope that's clear enough. so, Tor can help defeat network traffic analysis. now, how can the anonymous user (or, more accurately, talker/writer/blogger) mitigate or defeat this syntax analysis? are there any scholarly papers or websites with this information, or at least talking more about syntax analysis (perhaps there is a more proper technical term)? for example, i think one rule would be to always use proper capitalization and punctuation, something i never do in my non-anonymous writing. ;) One way is to use machine translators: translate your English text to another language, and then back to English. Sure this will eliminate most language patterns (and in some cases even the meaning of your text :-). -- SATtva | security privacy consulting www.vladmiller.info | www.pgpru.com
Re: [OT] mitigating or defeating syntax analysis
Il 18/04/2008 10:12, Vlad SATtva Miller ha scritto: One way is to use machine translators: translate your English text to another language, and then back to English. Typing habits are also patterns. Switch the keyboard layout, or use a software keyboard with your mouse, or type with the little finger of your left hand only. Tor works against traffic analysis, but whatever you do with Tor always reveals something about you. Jan
Re: [OT] mitigating or defeating syntax analysis
On Apr 17 2008, scar wrote: are there any scholarly papers or websites with this information, or at least talking more about syntax analysis (perhaps there is a more proper technical term)? Hi Scar, You might be interested in this paper: http://ai.eller.arizona.edu/COPLINK/publications/CACM_From%20Fingerprint%20to%20Writeprint.pdf http://portal.acm.org/citation.cfm?id=1121949.1121951 Cheers, Michael
Re: [OT] mitigating or defeating syntax analysis
On Thu, Apr 17, 2008 at 12:04:05PM -0700, scar wrote: i hope that's clear enough. so, Tor can help defeat network traffic analysis. now, how can the anonymous user (or, more accurately, talker/writer/blogger) mitigate or defeat this syntax analysis? are there any scholarly papers or websites with this information, or at least talking more about syntax analysis (perhaps there is a more proper technical term)? http://freehaven.net/anonbib/#rao-pseudonymity is another interesting read. --Roger
Re: [OT] mitigating or defeating syntax analysis
CACM_From Fingerprint to Writeprint.pdf Which a terrible, politically naive/uninformed [example ... one out ==MANY== I could make: Switzerland - with the top scientific analysis made via the EPFL, the Ecole Polytechnique Federale de Lausanne, of the bin Laden videos--which have been found to be counterfeits--and the other, similar TEXT (on Gladio, e.g., and to get the idea) analysis/conclusions made by Daniele Ganser, from the ETHZ, the Eidgenoessische Technische Hochschule Zuerich, and of the University of Zurich too if am not mistaken] and velleitarian article. Hmmm ... /Roy Lanek -- S seperti pinang dibelah dua--like a halved S . s l a c k w a r e SS pinang [means: two things that are quite S + linux SS different!, because you can never halve a S pinang tree with an axe neatly]
A Question to people from UK
This is a not strictly tor-related matter, but related to anonymity in the wider approach. I was told in the UK you are obliged to deliver your private gpg/pgp keys to the authorities as soon as you use one of these programs for yourself. I am aware of the fact, that in the UK you are threatened with quite harsh laws (imprisonment for several years) if you do not deliver the key to encrypted harddisks und else on demand. What is new to me is the obligation to deliver mentioned keys. I hope this is a hoax, but just for informational reasons it would be nice if someone with the appropriate knowledge could clarify this. thx in advance. Regards Hans
Re: A Question to people from UK
On Fri, Apr 18, 2008 at 03:11:52PM +0200, Hans Schnehl wrote: I was told in the UK you are obliged to deliver your private gpg/pgp keys to the authorities as soon as you use one of these programs for yourself. [snip] I hope this is a hoax, but just for informational reasons it would be nice if someone with the appropriate knowledge could clarify this. This isn't anything I'm aware of in UK law, and I'm pretty sure I would have heard about it if it were. The Regulation of Investigatory Powers Act (RIPA) 2000 details the powers the police have to demand decrypts and keys. You can read more about it at http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information Dave -- Dave Page [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED]
Re: [OT] mitigating or defeating syntax analysis
On Fri, Apr 18, 2008 at 11:10:05AM +0200, Jan Reister wrote: Il 18/04/2008 10:12, Vlad SATtva Miller ha scritto: One way is to use machine translators: translate your English text to another language, and then back to English. Typing habits are also patterns. Switch the keyboard layout, or use a software keyboard with your mouse, or type with the little finger of your left hand only. Tor works against traffic analysis, but whatever you do with Tor always reveals something about you. To be clear, this is both a recognition of where the hard problems are and a design choice not just fatalism. Onion routing has always been about separating anonymity of the channel from anonymity of the data and providing the first but leaving the second up to the needs of the application. http://www.onion-router.net/Summary.html http://www.onion-router.net/Publications.html#or-infohiding Every iteration, including Tor, has stressed that just anonymizing the channel is a hard enough job. So it has always been the primary focus while doing things about anonymizing transmitted data is important but not as immediately central. In the days when proxies were relatively novel and controls for cookies and active content in browsers were nonexistent or minimal, we had both anonymizing and nonanonymizing http proxies. For all anonymizing communication networks, data anonymity depends on channel anonymity: if you are identified by the channel, it doesn't matter that you anonymized the data. But usually the other direction is independent. When Crowds came along it was a nice clear contrast because their channel anonymity against the nodes carrying the traffic depended on anonymizing the data. On the specific topic of text patterns I would be curious to know if there is any analysis on how well the jumping frog technique suggested above works in practice. And to add one more reference to check out, at the other extreme from what we've been talking about, cf. Natural Language Watermarking and Tamperproofing by Atallah et al. in Information Hiding 2002. aloha, Paul
Re: [OT] mitigating or defeating syntax analysis--continued
one out ==MANY== plus another one which is on the top of the stack right now ... arrived just now--from the site by the way and noblesse oblige I have to contact via tor from time to time [sorry, it's in French]: La biographie cachee du pere du president ukrainien 18 avril 2008 Depuis Moscou (Russie) http://www.voltairenet.org/article156562.html L'historien Yuri Vilner vient de publier une biographie du pere du president ukrainien, Viktor Yuschenko, sous le titre Andrei Yuschenko, la personnalite et la legende. Il etablit, sur la base de documents d'archives, que, l'autobiographie publiee par ce dernier est une entreprise de dissimulation. Sur la base de documents d'archives, il reconstitue sa vie durant l'entre-deux-guerres et la Seconde Guerre mondiale. Il apparait qu'Andrei Yuschenko a milite dans un parti fasciste, qu'il fut gardien dans un camp d'extermination nazi, puis, selon toute vraisemblance, fut recrute par les services Etats-uniens dans leur lutte contre les Sovietiques. La plupart des dirigeants actuels pro-occidentaux d'Europe centrale sont des enfants de collaborateurs des nazis qui furent recuperes par la CIA. And is an article which talks of a study going--in its remarks--in the same direction the work by Daniele Ganser [see above] goes. � Wonder on the *syntax studies* by the *researchers* in Arizona: would they be applied also to perform this kind of [archive] analysis? /Roy Lanek -- S gajah di pelupuk mata tak tampak, semut S . s l a c k w a r e SS diseberang lautan tampak--an elephant on S + linux SS the eyelid can't be seen ... but an ant S on the other side of the sea can!
Re: [OT] mitigating or defeating syntax analysis
whereas others are pretty unsuitable to resisting the more successful approaches in this field. agreed, with possibly social engineering [*provoking* and tricking the sender e.g.] being the hardest to defend via software. On the other hand, and quoting Adorno, --to make/keep people stupid demands the same energy it needs to make/keep them intelligent.-- I suspect the *watchers* don't have too many *willige Helfers* who belong to latter category. /Roy -- S tak bisa menari dikatakan lantai yang S . s l a c k w a r e SS berjungkit--cannot dance but blame the S + linux SS floor as uneven [blaming the wrong reason] S
Re: [OT] mitigating or defeating syntax analysis
The Wikipedia Stylometry article is also not totally useless here. This is a much better one. I wonder if, in the category poor-man palliatives, training crm114^1 on the outgoing text, and then submitting preliminarily something that has been edited so to be anonymous and *pasteurized*, to verify if it's recognized, can help. /Roy 1. CRM114 Discriminator http://crm114.sourceforge.net/ -- S sudah jatuh, tertimpa tangga pula--a S . s l a c k w a r e SS person slips, and a ladder falls on him S + linux SS [all the bad things seems to happen at S the same time]
Re: A Question to people from UK
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dave Page @ 2008/04/18 06:19: On Fri, Apr 18, 2008 at 03:11:52PM +0200, Hans Schnehl wrote: I was told in the UK you are obliged to deliver your private gpg/pgp keys to the authorities as soon as you use one of these programs for yourself. [snip] I hope this is a hoax, but just for informational reasons it would be nice if someone with the appropriate knowledge could clarify this. This isn't anything I'm aware of in UK law, and I'm pretty sure I would have heard about it if it were. The Regulation of Investigatory Powers Act (RIPA) 2000 details the powers the police have to demand decrypts and keys. You can read more about it at http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information Dave you may want to check [1] back from may 2006. Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. there was also some other talk about this here back then[2][3]. i don't see any recent developments regarding this, though 1. http://www.zdnet.co.uk/misc/print/0,100169,39269746,00.htm 2. http://archives.seul.org/or/talk/May-2006/msg00283.html 3. http://archives.seul.org/or/talk/May-2006/msg00284.html -BEGIN PGP SIGNATURE- iD8DBQFICR8VXhfCJNu98qARCFYiAJ0VOfOHOauHhzQIJF1czjLlKmoiAgCePk36 E9duKQApkYoklHBNPYhnLNQ= =iibE -END PGP SIGNATURE-
Re: A Question to people from UK
On Friday 18 April 2008 23:22, scar wrote: Dave Page @ 2008/04/18 06:19: The Regulation of Investigatory Powers Act (RIPA) 2000 details the powers the police have to demand decrypts and keys. You can read more about it at http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/ electronic-information you may want to check [1] back from may 2006. Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Yes, but that's not what the original poster asked: On Fri, Apr 18, 2008 at 03:11:52PM +0200, Hans Schnehl wrote: I was told in the UK you are obliged to deliver your private gpg/pgp keys to the authorities as soon as you use one of these programs for yourself. UK law does not oblige you to hand over your private keys to the authorities as soon as you use GnuPG or PGP. Dave -- Dave Page [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED]
Re: [OT] mitigating or defeating syntax analysis
On Thursday 17 April 2008 15:04:05 scar wrote: assume there is a global adversary trying to track down an anonymous Tor-user by using syntax analysis. that is to say, gathering sets of sentences or paragraphs from e-mails or forums, etc. and then recognizing similarities in the syntax (that is, the way the sentence or paragraph is written) in order group anonymous text with non-anonymous text and ultimately reveal the identity of an anonymous user, based on the way they write, basically. the field of psycholinguistics would probably be a good resource for this type of analysis. Most reasonable tor clients will go through the trouble to use an SSL/TLS-encapsulated protocol to make sure their communication isn't trivially readable at the exit node. It's a little more work, but SMTP, IMAP and web browsing can conceivably all be enciphered even as it travels the normal internet. Most Unix system administrators already know why to use SSH as opposed to telnet, for similar reasons. i hope that's clear enough. so, Tor can help defeat network traffic analysis. now, how can the anonymous user (or, more accurately, talker/writer/blogger) mitigate or defeat this syntax analysis? are there any scholarly papers or websites with this information, or at least talking more about syntax analysis (perhaps there is a more proper technical term)? for example, i think one rule would be to always use proper capitalization and punctuation, something i never do in my non-anonymous writing. ;) I'm under the impression that trying to use Tor to help obfuscate what you're doing beyond Layer 4 is using the wrong tool for the job.