Fog Creek Software
Discussion Board




Securing data transfer in a rogue state

I've always been curious as to be below question
Is it possible for an isp to monitor websites, emails, files transferred via ftp. etc?
If thats the case, is there a way to secures ones data transfer.?
I'm an ordinary pc user, but being in a country that is authoritarian and has a high level of censorship is scary enough. Even though nothing that i do is illegal.

Peter Paranoid
Friday, April 23, 2004

If you really want to draw attention to yourself look into encrypted tunnels.

Just me (Sir to you)
Friday, April 23, 2004

Look into steganography. that way you can do all your datatransfer and just look like any other porn addict to the outside world.

You are from the USA, right?

Just me (Sir to you)
Friday, April 23, 2004

Nope, I'm an expat in China.

Peter Paranoid
Friday, April 23, 2004

The problem is that after you encrypt everything, an authoritarian state can still do two things to you: 1) surprise confiscation of your data; 2) depriving you of internet access.

I don't think too many of us have easy solutions for 2. You basically have to depend on Internet Cafes and work arounds to the chinese national firewall.

But with 1, make sure your files or the filesystems the files are stored on are fully encrypted. And don't tell them the password even if they beat you up!

Li-fan Chen
Friday, April 23, 2004

It may also be illegal to encrypt you files. With laws like that a state can get you to look like a criminal for even thinking about using encryption. It also helps any state make the case that trying to get the password out of you by interrigation is justified. So if you have to disappear from the face of the earth because PGP, to them it's just a cost of doing business.

I don't know what the legal boundaries are in China, but I would fathom it may be slightly more liberal than the legal restrictions in extremely authoritarian states.

Li-fan Chen
Friday, April 23, 2004

Steganography is basically one of the cipher high arts, the militaries are much better at doing this right than the civies. Meaning, they are more likely able to determine: 1. Someone hid something in this jpeg; 2. What it says or what method of Steganography was utilized. There are no commonly used libraries in the civie world that helps everyday joe evade detection of secret communication, and there more little peer review is done by the steganography experts in the civic world. In that kind of environment you dont' really want to play around with it if it's illegal in your country, you'll get in trouble for treason and other crap if you are being detected and they'll just claim you are  very suspicious because not only do you encrypt your data you also try to hide the fact you are trying to send secret messages.

I don't know.. if you are living in such a bad country, you should just move to a better country.

Li-fan Chen
Friday, April 23, 2004

Peter,

You're courting trouble if you doing something so blatant as encrypting transmissions.  That's a tipoff to anybody watching that you have something to hide.

The important thing is that anything you do should appear to be perfectly innocent.  Unless you're doing something that really could get you into trouble, keep it in the open.  If you do have something to hide, make it look like you aren't hiding anything. Poe's The Purloined Letter provides a good example.

Not knowing the types of things that you're trying to hide, I can't make reasonable suggestions for doing it.  This also isn't the right forum to do it.  But consider if you really have anything to hide first.

Clay Dowling
Friday, April 23, 2004

In all honesty, i dont have anything to hide, I can't get good news access here. Even the bbc online is banned. How can a Brit live without his bbc :)
So basically, a friend in U.K, pastes articles of interest in a word doc and ftps it to me. It varies on what i need, its not always word docs. In a nutshell, whats perfectly legal in the west is questionable in the far east, and i'm not talking about porn.
The thing is, i'm not thinking of fortress style encryptian, I'm happy using an ftp program/server that has reliable security when i do data transfer. In other words, the isp can't really see whats passing through.
I was looking at Globalscapes Secure FTP Server 2.0
http://www.globalscape.com/gsftps/features.asp
Would these features be suitable for what I need, without raising too much eyebrows.?

Peter Paranoid
Friday, April 23, 2004

The chinese are more efficient and more paranoid than the Saudis, but even so I doubt if you will have any problem. If your friend emails you the stuff you're fine. - just zip it. It's the Chinese they want to stop seeing the BBC not you.

Stephen Jones
Friday, April 23, 2004

Seuay igpay atinlay

Levercay
Friday, April 23, 2004

Lever, *LOL*

Li-fan Chen
Friday, April 23, 2004

Sounds like your buddy should put up a relay proxy like Bypass or officesurfer (plug - http://badblue.com/helpofs.htm - /plug).  A relay proxy can help disguise URL's you're surfing to and serve up pages as if you're browsing from the proxy box and not your own restricted system.

dir at badblue com
Friday, April 23, 2004

*  Recent Topics

*  Fog Creek Home