1. Virtual machines can provide a false sense of security, understand what they can and can’t do.
2. Does this prevent data leakage to the disk, or other media?
3. What encryption is available?
4. What else might I be concerned about? For example, all digital cameras leave a digital fingerprint. Publishing pictures using the same camera on two different forums can be linked together, and if one is anonymous whee the other isn’t you can be identified.

http://wiki.noreply.org/noreply/VirtualPrivacyMachine

Some interesting De-anonymization examples that should fail in any solution, even with flash, java, and other plug-ins enabled are:

http://www.frostjedi.com/terra/scripts/ip_unmasker.php?mode=utf16
http://ha.ckers.org/weird/tor.cgi
http://evil.hackademix.net/proxy_bypass

My story:

I learned at an early age not to trust anyone. All I can even say today on this anonymous form is I have reasons you can’t begin to imagine. Try living in a world that hates you, and not hating it back. I have lived in a society that hates me for things I don’t even control. I have never done anything for anyone to hate me, and yet everyone does. I can’t say a single peer of mine in this entire country has publicly spoken out. I have good reason to believe most committed sucide early on, were murdered, or have lengthy prison sentences.

I was probably the only non-Muslim on September 11 that was glad to see the trade centers go down. Those trade centers represented to me hope. Why should I care about an entire society that tortured me my entire life.

In that case, let me please post some ideas I’ve had for what I would like to have to be an effective activist, with the hopes that some developers will make them a reality. Really, it would just be a linux/BSD LiveCD with the following:

Full multimedia/web media support (except where it requires anything with closed source)

Two strictly separated Firefox browsers – one with integrated Tor and I2P support (plus accessories like Privoxy, NoScript, AdBlock, TorButton, etc.) that CANNOT escape those networks, and one conventional Firefox for non-anonymous browsing, with VERY strong visual clues about which is being used (ie, one has a gray skin and one has a bright red skin, and consider the colorblind as well).

Syndie (magnificent little program with a lot of potential)

FreeNet/GNUnet (if it’s even worth using, I haven’t kept up)

GPG + Mail client (Thunderbird w/ EnigMail or another)

TrueCrypt

Pidgin+OTR

IRC client

Various P2P file-sharing clients

Secure FTP server that allows full-TLS transfers, listing and authentication *with a GUI* (may not even exist?)

Full wifi support including wifi security/cracking tools and MAC address changer

Full support for crypto smart cards and crypto USB dongles

Open Office or other word processor

Media creation/editing tools

CD/DVD burning tools

A GPG signature on the .iso!

I would use this paired with a computer that has no operating system installed – just a number of encrypted TrueCrypt volumes that contain my data, profiles, and application attributes. I would keep the master key for these volumes encrypted with a non-exportable key on a smart card or dongle. This system, implemented properly, provides the following benefits:

There is zero chance of any executable files being modified or installed.

The is absolutely no data available from a “computer kidnapping” without the smart card itself – which can be kept on one’s person at all times and thoroughly destroyed quickly and easily.

It allows secure and private communication, browsing and publishing of many varieties through many media.

Please, please, someone with the knowledge to do so, PLEASE create this! You will be doing the world a huge favor, and will be a greater freedom fighter than you can imagine!

You might consider contacting some of the OLPC people.

-sv

I know as I develop our corporate network within China that we will respect Chinese law and require that all Internet browsing from within China pass through the ‘Chinese firewall’. Since we will inform people that this is the case I expect that they will behave accordingly.

Bev, Alaa, thanks for both weighing in on the security/paranoia/leaky boats issues. As I think more about the secrecy issues, I wonder if there’s a distinction between people who’ve decided to be active, visible and face the consequences of their activism, versus those who want to be active but can’t yet get their heads around those consequences. I think it’s important to make it possible for that second group to use anonymity to begin working on what they’d want to share as activists… but both because the tools aren’t the problem and because the boats leak, it’s a mistake to reassure that second group that encryption alone will protect them. Instead, perhaps activists have to get their heads around the issue that eventually being active is going to involve being visible and facing those consequences.

For the friends I helped last week, that’s a hard pill to swallow – those who are active basically have had their lives destroyed. Then again, I don’t have to tell either of you how serious the consequences of being an activist can be.

Thanks for sharing these thoughts, everyone.

One of the tactics we use is to be as open as possible when we publish information in Zimbabwe. When we need to communicate about specific and sensitive issues such as meetings, funding proposals, sources of money (etc) then we engage encryption.

At Kubatana we have found that people have responded very positively to us as an organisation because they can come visit, telephone and have face to face contact with us.

Sadly, as Alaa mentions, it is more often the case of being, as we call it here “shopped” (spied on) by so called allies within your own movement. There are just too many ways you can be caught out and to block them all is impossible. But encrpyt essentials.

Fair. I think for this sort of minimal use case those concerns are at this point really overblown. If anything, you’re better off in the Linux case here, since you can remove unnecessary or unsafe functionalities, which is going to be difficult/impossible with a Windows install. If you want a general purpose computer, though, that happens to have secure communications software, you’re right that Windows is probably a better choice (though I’d argue much less secure.)

One of the questions we are asking is whether folks outside the country in question can get access to these machines via remote desktop and other utilities to be able to search for keyloggers, etc.
You’ve certainly got that with a Linux system; arguably (given shell access and the amenability of Linux systems to remote manageability) much more powerfully in the Linux case than in the Windows case.

I’d suggest a much better way to ensure there are no keyloggers/etc. installed is to use a liveCD or other similar tool, where the base system is read-only and can’t be modified by anyone. At that point, you’re secure against anything except hardware attack, which can’t be diagnosed remotely anyway.* (I have no idea if such a thing can be done with Windows.)

At any rate, I don’t have much time to do anything with this these days, but I know someone who might be interested in getting involved and has the necessary skills to whip up a simple proof-of-concept liveCD for you. With luck they’ll get one of the Berkman job openings they are applying for and you’ll be able to discuss it with them in person soon ;)

*NB: for the particularly paranoid case, I think you can avoid the keylogger problem on all platforms by using accessibility tools (on-screen keyboards, available on all major platforms, for example, or dasher), which would meant that the third-party spyer would have to reconstruct mouse movements and map those to strings instead of tapping the keyboard.)

Additional levels of security require the user to take extra steps which can be an inconvience (installing software, passwords/keys etc…) and sometimes the soluition that are reccomended are overly complex (like the https/gmail vs. pgp/gpg example you give).

Anonymity and censorship circumvention options are becoming more and more user friendly and effective. Users facing censorship and surveillance have a variety of options that are not too difficult to implement, but not for users who face threats of computer seizure, keylogger/trojan installation when authorities sieze their laptops etc…

For example, if your latop is seized and then returnes you should probaby wipe and re-install. How many people will actually do that?

Another option? Only use your computer for normal, personal use, when engaging in activism use a bootable OS (like knoppix), no need to worry about keylogers etc… but you’ll likely want to have a remote storage system for your docs email etc…

On of the ares that seem to be missing is services. there seems to be a lot of sowftare development and training activities but not that many people/ngo’s etc… that provide services for activists/ngo’s who can’t really afford them.

As mention above one of the common ones I hear is the need for remote storage. But also for hosts for circumvention software etc…

Semms to me that there is a need to look into solution for providiong services as well as training and software to confront some of these issues you’ve raised.