As many of you know, we have decided to volunteer our energy and experience in helping the Liberty movement in general and the American Redoubt cause in particular to communicate in a very anonymous and some what more secure method.  I hope this will eventually grow into a total Liberty focused “darknet” or private, more secure and highly anonymous network and thus call this project the American Redoubt Darknet (ARD) or AmRD project.  I am inviting any person who has IT experience and is supportive of the Liberty movement and / or American Redoubt objectives to join me and pool our resources and talents in helping people use the Internet now, and potentially in a “rebuilding” mode in a more secure and anonymous manner.  Currently we have a series of actions that after significant research I feel will greatly improve the Liberty / American Redoubt community.

1.  Encourage all Liberty bloggers to move to strict SSL.
2.  Use non-IE browsers such as Firefox when browsing.
3.  Use the EFF’s security plugin HTTPS Everywhere.
4.  Use the TAILS operating system when access the liberty blog-o-sphere

I can guarantee that if the Liberty movement is listening, people and entities who oppose free, and private communications have started to take notice because it may make their desire to listen to all private conversations a little harder.

The next upgrade to your security is a bit different.  It does not involve validation or security of data in movement, i.e. when you use are sending or receiving data over the Internet.   It involves what we call in the business protection of “data at rest” or DAR.  DAR means data, video or audio that you want to keep secure things like Word documents, Excel spreadsheets that you do not want to compromised or shared.   Once again an example from JJS over at RFR.  He talks about putting out a list of Redobuters, or a payment list of people who have sent him money.  He has code list and locations of people who you may want to communicate in during a man-made or natural disaster.  All of this information should be heavily encrypted.

Another way to build on “going dark” we are describing is that you use TAILS to boot your operating system.  However, where do you store any data you want to crate and transfer?  Well you store it on a Truecrypt encrypted file system on a USB drive.  When you start TAILS there is an option when it says “press tab” for more option.  If you do, next to the word “silent” (which you want to keep because I didn’t and it was annoying to watch) you can type the words truecrypt.  The reason they make you do that is the makers of TAILS which is heavily funded by the TOR Project are questioning continued support for Truecrypt.  As I see nothing wrong with Truecrypt I will question my continued support for TAILS.  It is not for developers to dictate what tools free people use.  This is the methodology of of the police surveillance regulatory State, corrupt large companies such as Microsoft and Apple, it is called force.  Right now TAILS and Truecrypt are playing nice together, and thus I support both.  After you press tab and type truecrypt on the “boot screen” when TAILS is first booting up, it will load the required modules so you can use a Truecrypt encrypted USB drive.   This means you can then work on the document using Open Office which is also loaded on TAILS, save it to a USB stick that is encrypted with Truecrypt and when you need to, you can then upload it to the INTERNET with very good anonymity.

Now to remind everyone, I do not believe in over reliance on security.  I believe if you are facing state-wide actors the best you can do with security is make it difficult for them, and or delay them. Once they find you and / or your computer, it is a matter of time.  However, by using good strong encryption (like PGP) you can raise the level of those that can access the information.  Once again, your local Sheriff department is not breaking PGP or Truecrypt.  After considerable research, the way I recommend you secure your private computer files is using a free program called Truecrypt.  Truecrypt makes it very hard to “unlock” your files, but in addition to that Truecrypt make encrypted files “very difficult” to prove that they even exist.  They call it deniability.  This is a potentially a very useful capability.  BTW, this once again you read and understand the 10 Rules for OPSEC especially the rule where you “…never miss an opproutnity to shut the -blank- up.”

TrueCrypt (TC) is a sneaky little program that appears to work very well.  Truecrypt is free program that makes files “encrypted” or hides their meaning.  You cannot access the files without a password.   Truecrypt does this by using a multitude of various encryption algorithms to make your files unreadable unless you enter the right password or “a key.”  However TrueCrypt (TC) does one more major thing, it makes the now encrypted files look like random unreadable data on this disk.  This “deniability” has been show in court to be as important as the encryption itself.  If “…certain entities with global reach…” cannot prove that, yes there are encrypted files on that drive, they cannot for example serve a warrant for this or that file.

There are many types of disk encryption I have reviewed, the big ones are Bitlocker, PGP and Windows encryption capability. PGP has been sold to Symantec and is their Whole Disk encryption.  If you have no computer ability and are not storing data you are worried about the government access your data use may want to use it.  I think it is very good, however as a commercial company and it is proprietary private software we cannot know they have any “back doors” or “override” keys for Symantec Whole Disk Encryption.   Bitlocker is also a commercial company and their code is not up for peer review.  Thus I cannot say if they have put any back doors into their software.  The open source PGP is very good, and its code base is up for peer review, however it appears that TrueCrypt has proven itself in several legal cases.  For various technical and legal reasons I have decided that my recommendation will be TrueCrypt.

Deniability.  And this brings up a major, very important point and is a little training for the Liberty / American Redoubt movement.  If you ever are in a situation where people are asking you about files protected by encryption such as Truecrypt it is legally critical that you never, ever acknowledge that any files exist.  It is some the smart legal people call  “foregone conclusion” doctrine.   If you do, if you are moronic enough (and thus deserving of a Bardic taunting)  then certain legal precedents suggest, cretin entities have the right to force you to “de-crypt” those files as it is a “forgone conclusion” that the files exist.   When you use Truecrypt correctly it will be very hard for them to even prove files exist.  Perhaps “…entities with global computer network reach..” can crack the locks on Truecrypt however there has been no case that we can find where they have.  I have serious doubts that entities with fewer resources have the ability to break TrueCrypt.     I am not a lawyer, go find a lawyer, talk to a lawyer, this is not legal advice, just my layman’s reading of the case and my opinion.

There have been multiple examples of entities not being able to break into Truecrypt.  The most significant one is a person who had data on hard drives when arrested.  The person was accused by the Fed.Gov forces of being a pedophile.    “In 2012 the United States 11th Circuit Court of Appeals ruled that a John Doe TrueCrypt user could not be compelled to decrypt several of his hard drives.The court’s ruling noted that FBI forensic examiners were unable to get past TrueCrypt’s encryption (and therefore were unable to access the data) unless Doe either decrypted the drives or gave the FBI the password, and the court then ruled that Doe’s Fifth Amendment right to remain silent legally prevented the Government from making him or her do so.”

In another case a Brazil banker was arrested with encrypted Truecrypt hard drives.  The Brazilian government could not break into the hard drives and requested the U.S. FBI help.  Apparently the FBI didn’t even try to break the encryption Truecrypt used, but tried to guess the user’s password.  This is why making complex passwords is so important.   “In July 2008, several TrueCrypt-secured hard drives were seized from a Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas’ disks for over 12 months, but were still unable to decrypt them.”

In God we Trust, in all other things, we test

Now TrueCrypt does raise some concerns.  Who makes TrueCrypt?  No one knows!  Is that amazing or what?  The developers have gone out of their way to not reveal who they are.  That makes a lot of people nervous.  Now for the most part, the concern of TrueCrypt having “back doors” and such have not been that much of a concern because TrueCrypt releases all of its source code freely on the Internet.  In other words “how TrueCrypt is built” is freely available to anyone to review.   Thus anyone with the skill set can look it over to the best of their ability to ensure there are no back doors.  Still the developers could be “..an entity with global computer network reach…”  and the backdoor could be something that hackers just playing around might not find.  After recent revelations of how far certain entities are willing to go to compromise the security of the Internet and bulk collection,  people started to wonder a bit more, about who and what TrueCrypt was and is it as secure as it seems.  We went from Tin Foil hats to full blown faraday cage motorcycle helmets.

Thus the hackers did what they do.  They decided to have a publicly funded project to technically review all of TrueCrypt source code for two major objectives, one is to prove the source code as release “makes” the application you install.  The second is to review to the best of their ability that there is no backdoor or intentional weaknesses in the TrueCrypt code.    The publicly funded project called “Audit TrueCrypt”  successful raised the required dollar amount in less than 48 hours.  That many people are interested in making sure TrueCrypt really is secure.  It is was started in approximately OCT2013 and is now underway.  The TrueCrypt developers which normally refuse all contact with the public have been in contact with the developers to respond to their questions.  That is a very positive development.

Thus what we have is a way to hide your data files that has been proven to apparently be very hard for entities around the world to break.  We have a publicly funded audit of the software by some of the world’s best cryptologist and hackers.  Thus I feel that while the Audit of Truecrypt is ongoing that we can trust TrueCrypt (TC) as much as we can trust any other encryption technology to help us implement the American Redoubt Darknet (AmRD).   Under the next post we will show you how to use.

Next part only for guys who know.  If you are a computer or networking professional supportive of the American Redoubt objectives and would like to assist in the AmRD project contact me.  If you have skills and / or desire, contact me anonymously.