As many of you know we are working on improving Internet anonymity, during the collapse and potentially on the rebuilding. We introduced the AmRD concept. Some have question if we should build the American Redoubt Darknet and even using the word “Darknet” itself. I can see their point. Even though I think the picture painted by the media is somewhat unfair (what is new?), the truth is Darknets are havens of porn, prostitution, hard-edged criminals, drug deals, kiddy fiddlers and other criminals. However under all of these malicious uses of the Darknet technology lays the real point. Darknets are the most advanced game in town allowing for anonymous and secure communications. That is it. That is why these various examples of filth use it. Just because all sorts of low criminals use Darknets it does not make the technology itself suspect. For example the so-called rebels in Egypt and Syria are leveraging TOR to communicate, buy and sell arms. As the Ukraine government puts in Internet controls, don’t you want to know the best way to get around these potential controls now? We on the God-fearing libertarian, liberty focused side should master these skills building our own Darknets using this technology.
After introducing the American Redoubt Darknet project we then talked about implementing SSL on all Patriot / Liberty related blogs and websites and why. Then I introduced the Liberty blogosphere to the concept that you should not be using Internet Explorer for any Internet browsing. Because IE is directly connected to your operating system, in my opinion (IMO) it is fundamentally less secure. When you implement Firefox you can then use the nice plugin that is SSL Everywhere. With these upgrades, everyone who visits this site is behind a “more secure” TLS connection. This will stop some attacks and make dragnet surveillance difficult. None of these are a complete solution. There does not exist a “magic bullet.” We are using the concept of defense in-depth, or perhaps better, anonymity in-depth. This is a U.S. military taught concept. We use multiple processes, procedures and technologies to defend us, thus if one fails we are not immediately exposed. Defense in-depth. Anonymity in-depth, security in-depth.
In addition each and every one of you who may not be a “direct” Freedom Operator who uses these technologies are providing “cover” for those who are actually in the field conducting Freedom Operations. If you are using Firefox and SSL the “…adversaries..” must take time and computing resources to break your traffic, and find you are not doing much, just to be sure you are not a Patriot operator doing something that matter. This is very important when the system begins to break down.
One of the tools we will use is The Onion Router (TOR). TOR is a project to provide more anonymous access to the Internet, which receives the majority of its funding from the U.S. military. It was designed by Defense Advanced Research Projects Agency (DARPA) and the Office of Naval Research (ONR). It is called an Onion Router. The reason is that instead of routing your TCP/IP which is your identity directly to each and every website your visit, it “wraps” your identity (TCP/IP address) in multiple levels of encryption and randomizes your encrypted path. Thus it is very hard to “unwrap” (level of the onion) to find out your IP address. There are multiple documented (and other) weaknesses in TOR.
Why does the Department of Defense (DOD) care about this? I am unsure. From reading Open Sources (non-government sensitive information) it appears that the U.S. government is interested in technologies that can help their agents in other countries use the Internet without state-wide actors like Iran or China finding out what sites these people are visiting. Thus if state department boy in Iran goes to the CIA website, the DOD appears interested in making it easy for them to do that. I do not know this, but it seems logical from the information I have. Similar to TCP/IP and the Internet in general, both of which were invented by the DOD to help it communicate in time of crisis, a potential unattended consequence of this TOR technology, is that it allows all people who use it including Americans to make their online activities more difficult for other parts of the government to dragnet capture everything you are doing online. In other words it could be that the NSA boys are not happy at the DOD boys. What is new?
Now why am I not a “fan boy” of TOR. Well, because they get the majority of their funding from the military. Look, we have seen time and time again how some “…adversaries with global reach …” artificially retard the development of security and anonymity technologies. The US surveillance state killing the natural growth of security technology is a crime on the level with their godless and anti-Constitutional dragnet surveillance approach. Certain agencies such as the NSA are run by a military officer. DAPRA and ONR are also run by military officers. Am I crazy to think, that NSA may pick up the phone and call DARPA and say “…look Phil you are making my life over here difficult, do this or that and it will help us out a lot. See you at the O club tonight.” I fight against my “tin foil” hat syndrome, but sometimes I think I should have a fully functional faraday cage motorcycle helmet. In other words I suspect everything. Is the entire TOR project one big NSA honey pot? I.e. let’s try to put technology out there to attract all of the users we want to watch so it is easier to find and monitor them? Is that tin foil level of concern? I have alluded to that fact previously. I am unsure, however what I do know it is one of the largest, most well-developed anonymous approaches available now. Also Edward Snowden used the Tor Network to send information about PRISM to the Washington Post and The Guardian in June 2013. And recently a TOR developer notice that a computer they ordered from Amazon, was delivered to VA and then put back on a truck and delivered to their office. “Andrea Shepard, a Seattle-based core developer for the Tor Project, suspects her recently ordered keyboard may have been intercepted by the NSA.” No dear Andrea I do not think the No Such Agency guys took your laptop. They are much more professional than this. The law enforcement and intelligence agencies in the U.S. are as numerous and byzantine as any over large bloated Empire. This feels like a BATFE level operation, in other words not professional. The Lord only knows which one of them stole your laptop and then put stuff into it. Have you figured out what they put in it? That would be worth a study.
Now Bishop, a follower of the blog found this article last night before this post was pressed, it showed that the FBI another “…adversary with global reach…” successfully hacked TOR and downloaded all of the email on TOR and is using it to prosecute people. Now they wrote a custom virus to go after TOR, but they got it. This is good and bad. It is good that they didn’t just serve a warrant in a Swiss court to get the data. It is bad in that they actually were able to penetrate the security of TOR Email. There have been other examples of US government agencies attacking TOR. The most infamous was the FBI attacking TOR and finding out who was behind the Silk Road at the time the number one drug peddling operation run deep in TOR’s darknet called TOR’s hidden services. All in all there have been several successful attacks on TOR services, but there does not seem to be any thing wrong with TOR’s basic technology.
Anyway, in addition to Snowden using TOR, and someone trying to hack their developer’s mail ordered laptop, and after spending many, many hours of watching the TOR guys present, studying their technologies and reading entire mountains of academic work discussing and picking apart TOR, either they have a very good geek sales force, or they are serious about anonymity. Thus I have moved my recommendation from “…don’t trust it…” to the TOR network can be “…part of the solution.” In the AmRD project we will use TOR, but we will not rely exclusively on TOR to anonymise our communications. More on that in a future posts.
Once I show you how to use Tor, what you will be actually doing is sending all of your Internet traffic through their Onion Network (OR). This will make things slower. Sorry but that is the price you pay for more security. Instead of your traffic coming directly from your computer to a website, which logs it, it will be wrapped (like an onion) in multiple layers of encryption and randomly bounced around the world-wide TOR nodes. After a random number of bounces the TOR nodes will begin to unwrap or “peel” the onion and push your traffic to where it needs to go. By “wrapping” your Internet traffic in multiple layers of encryption it makes it “just that much harder” to find out who you are. Your Internet traffic will bounce, and bounce your traffic through “TOR nodes” and then it will come out on what they call a TOR exit node and go to the regular Internet. This is where the other suggestion I have recommend come into play. If it comes out TOR unencrypted, it can easily be viewed and people who are running bad TOR nodes can know where you are going. If your traffic comes out over SSL, that is great because even the TOR Exit Node cannot easily see your traffic. And more importantly if they are attacking it you should will be notified by your SSL / TLS shield “breaking.”
If you are using TOR and 90% of the time you see this blog as “locked” and then you see this website as “unlocked,” or get a warning “SSL certificate not verified” Warning! You may be passing through a TOR exit node that most likely is trying to look at your traffic. Like “…adversaries with global reach…” If that happens you click the TOR browser button “Get new identity” which re-randomizes your connection and normally picks a new Exit Node. Get your favorite protest / Liberty blogs to implement SSL to help you protect that last hop. Then ensure their SSL cert is coming up before you post any comments. If you are using TOR with the TOR browser bundle and EFF SSL Everywhere you have upgraded your security and anonymity to the top 10% of the Internet, maybe the top 3%.
From Wikipedia: Onion routing (OR) is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone peeling an onion, each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message.
Onion routing was developed by Michael G. Reed, Paul F. Syverson, and David M. Goldschlag, and patented by the United States Navy in US Patent No. 6266704 (1998). As of 2009, Tor is the predominant technology that employs onion routing.
TOR vs VPNs. Why can’t I endorse so-call private VPN’s such as those endorsed on Survival Blog and other websites? When you use a VPN service, the VPN provider sees and can record all of your Internet traffic. Because of this, what you have to ask yourself is, will the VPN provider go to jail to protect my online activities? If the VPN provider will not go to jail to protect your identity like Lava Bytes or Silent Circle (email) (who shut down their entire company rather than give up their user list), then when the warrant, or warrants are served they will provide all of your Internet traffic to the authorities. Notice that PrivacyAboard’s website acknowledges this fact. What they do not say is have they received any type of “global” warrant for their SSL keys so that certain agencies can just track who they want. This is from PrivacyAbroad’s own website.
Q: Has PrivacyAbroad or any of your providers been asked to disclose customer information to any agency?
Yes. Our provider simply explained the procedure per Swiss law which states that reasonable cause showing criminal activity must be presented to a Swiss court for a warrant to be issued. That is the law and that is what PrivacyAbroad and our providers adhere to. We are not in business to protect criminals and if an official warrant is ever presented to us we will adhere to the wishes of the Swiss court.
Who defines who is a criminal? Is buying and selling pot in Washington State, a part of the American Redoubt a crime? The state and their people say no, the federal government says yes. Priest that lurk this blog can correct me, but it is my understanding of my Traditional Catholic faith, and my understanding of the original intent of our God-given rights articulated in the U.S. Constitution that a state has the right to regulate these type of things in their own borders. Local communities should have the maximum possible flexibility and authority in managing themselves.
Is buying and selling firearms made inside Montana a crime? The state says no, and the Federal government says yes. Again, per my Christian belief system, which is much more important to me than my political belief system, local communities have the right to manage these things. Is the New York SAFE act when they say you have a “full capacity” magazine that you are trying to sell is illegal? Is selling your semi-automatic rifle a crime? And if the State of New York says to PrivacyAbroad “…this person selling this full capacity magazine is a criminal and we want to know who he communicated with…” By PrivacyAbroad own words they will provide that information to the New York SAFE Act people if the proper paperwork is filed. Once the State of New York used the Swiss courts to file the warrant. I can assure you as we move forward, more of what we do, from worshiping as we want, to communicating with who we want or moving information back and forth will be considered “a crime.” In some countries it is illegal to convert to Christianity. In Mexico at one time it was illegal to practice the Catholic faith. Thus with this structural flaw in the approach of the VPN is that they know or can know your Internet activities and they will not go to jail to protect you, I cannot endorse them. BTW, I like PrivacyAbroad, it appears to be owned by a Christian group of individuals and at least raises the bar for who can request your records and how much paperwork they have to go through. In the U.S. they just send a form letter to get your Internet browsing history, when using an off shore VPN they have to do much more than that. What Privacy Abroad should do is keep no records what so ever of people’s browsing history and figure out under Swiss law how to notify any of its customer if ever served a warrant for their information. VPNs are better than nothing, but TOR is better than VPNs and is free.
The only real way to so-call security and in reality anonymity is through a process where there are no records of your Internet activities that the authorities can request. And TOR goes a long way to that end. The only way to have a certain level of trust in a person or a company, which is nothing more than a collection of persons, is if they say, they will not cooperate in any request for information. The best way to assure this is “…we do not keep records…” thus there is nothing for the “…adversaries with world-wide reach…” to request.
TOR network, a group of independent privately owned nodes that are primarily focused on allowing you to reach the Internet does that. My issue with TOR is that it receives the majority of its funding from the U.S. government. Thus I wonder if there is some unknown structural flaw in the system. There does not appear to be, but I am suspect. In addition the “…adversaries with global reach…” have started to set up their own TOR nodes. They are trying to own enough nodes to conduct intelligence operations against its users and to watch “out flowing” traffic so they can find out who is going where. That is why I am encouraging all Liberty / Patriot related websites, blogs and forums to implement SSL. And I am encouraging you to use SSL Everywhere from the Electronic Freedom group. This makes it just that much harder for “…global adversaries…” to spy on all of your online communications using dragnet like tactics. My other issues with TOR is that it is a “top down” system with a set of less than 20 core servers. In addition there are about 10 people in the world who control that set of core TOR servers. Thus I suspect in the coming political troubles that may happen inside the U.S. that those people will have incredible pressure put on them to shut down or weaken TOR. Even with my misgivings I am suggesting you consider including TOR in your toolbox to lower your profile when on the Internet. By using TOR, state-wide actors may be able to find out who you are, but it is my belief that no other level of adversary has the means and reach. Your local Sheriff department is not hacking TOR. There is no centrally managed TOR server to server warrants against, and TOR maintains little to no records by design.
Now TOR has made it very, easy to use TOR. Here are the install instructions. They have the TOR “browser bundle.” The TOR browser bundle is a specially compiled Firefox browser that has much of its security turned on. Basically you download the TOR Browser bundle. It will install the “TOR” browser, which again is a version of the Firefox browser. It will then push all of the traffic of that browser through the TOR network. I have confirmed that websites like the Charles Carroll Society (CCS), Radio Free Redoubt (RFR) and SurvivalBlog (SB) are all accessible via TOR. A neat little trick is going to a more anonymous search engine like Duck Duck Go and search for “what is my IP.” This will give you your IP address, and that is like your Internet street address. Download the TOR bundle, fire it up it already has SSL Everywhere installed. Ensure you are using the TOR browser and the little “onion” is on and green. Then go back to Duck Duck Go and search for what is my IP address again. You will see it change. Often to the strangest places. The TOR network is bouncing your traffic all over the globe and randomize the TOR Exit Node you are using. If you are doing something (one thing), and then want to do something else, you can simply click “new Identity.” It will give you a different random IP address and often (every time I did it) a different random Exit Node. A point, obviously using TOR makes the Internet appear to respond more slowly. That is to be expected, however I have found that many sites I visit now, are generally text-based like Survivalblog and respond fine when using TOR. However please expect a different level of experience when using TOR then when browsing the Internet giving everyone your physical street address. Yes you do that when you don’t use TOR, I can find out at minimal what block you are on by knowing your IP address.
Thus, when you browse CCS, RFR or SB websites and any other Liberty or Patriot related website, please download and install the TOR browser bundle. When you are visiting forums and such, and / or commenting on things, use TOR. When you sign up for throw way email accounts, please use TOR and give no personal information. Why do you not just switch over to TOR Browser bundle for all browsing? Because the TOR Browser turns off many, many things you use everyday because all of those technologies have found to be “leaky” and capture your information. For example Flash and Java Script. Flash is not supported in the TOR browser bundle because even if your browser is making you more anonymous Flash gathers information about your location and shares that information with the website you are visiting. I was recently in a foreign country. I used my normal browser to view Hulu.com which is a place I watch some T.V. shows now that I have cancelled my satellite and cable subscriptions. Hulu.com refused my connection because they saw me going from a foreign country. I then loaded the TOR browser and returned to Hulu.com. At first it allowed me to browse the website. However when I tried to watch a movie, it said “…you do not have Adobe Flash enabled.” I then enabled Flash (for a test, do not do this). Hulu.com was then once again able to see I was coming from a foreign location and denied my connection. Technologies like Flash, Java Script and many others can “leak” your information and thus the TOR browser turns them off. I have tested and confirmed this myself
This means that some web sites will not work. They are running these insecure technologies. Thus you may still want to use a normal Firefox browser with SSL Everywhere to browse those sites. No liberty / patriot related blog (or any other political speech) blog should use these technologies because of the ability to gather a lot of user information. The best way to secure the movement to “what comes next” is to not have databases, or retain any information on your users.
The Onion Network (TOR) is the next upgrade in the American Redoubt Darknet. It is not perfect, but I believe it is better than not using anything, using Private VPNs or other options. And it is free. I would love to see the vast majority of users using at minimal TOR to get to the CCS, and I will be able to tell as the “countries from” will be very strange. Please protect yourself so that you can remain operational longer.
As usual, if you would like to help, please email me at alex (at) alexanderbarron (dot) com. Do not email me at firstname.lastname@example.org. If you see any part of this, that is not accurate or can improve this please comment below and I will fix it. If you questions on downloading the TOR browser bundle and getting it working, please also post your question.