Liberté Linux is not a generic live Linux distribution with anonymity features. Its primary focus is to let you communicate, stealthily and securely, with other people in a hostile environment. Here, hostile environment is one where someone resourceful seeks to find out your identity because of something you do. You might be a dissident in an oppressive Islamic regime, perhaps, or an anti-government cell coordinator in China. A highly-ranked mole in the US intelligence service, passing information to his handler in the Belarusian embassy. Or, a whistle-blower in an international petroleum corporation. All these possibilities have something in common: high technological capacity of the authority in place, and willingness to use this capacity to find out who you are in order to stop you. Of course, you might just consider using Liberté because you dislike the idea of a bureaucrat somewhere deciding whether something you do online is legitimate or not. You are welcome.
Modern surveillance capabilities
In order to develop proper means for communicating in hostile environment (the purpose of Liberté), one must therefore estimate this technological capacity of the authority actors in place (typically, governmental or corporate). If you are not too technologically or scientifically educated, or if signal intelligence sounds somewhat mythical to you, then you will be rather challenged to properly assess such a capability, distinguishing facts from fantasy. Fortunately, here I will lay out these capabilities for you straight and to the point.
First, some simple overview. A highly technologically capable authority (e.g., a military counter-intelligence unit) can:
- intercept your internet traffic, including e-mail, instant messaging, VoIP, and Wi-Fi connections (the latter doesn't involve ISPs)
- intercept your phone and fax communication, including landlines, cell phones, satellite phones, and radio telephone extensions (the latter doesn't involve Telcos)
- associate your geographic location with a cell phone IMEI number or with a SIM card number
- reliably associate your calls with your voice patterns (speaker recognition)
- associate your geographic location with your digital financial transactions
This passive surveillance can be performed constantly and concurrently for a large number of people (who are not specifically suspect of anything), and all data gathered can be retained indefinitely. We see that the technological resources of a modern authority are virtually unlimited, and any task that can be automated is implemented and engaged.
However, the non-technological resources of an authority are definitely limited. The authority cannot:
- break modern encryption protocols
- perform active surveillance on non-suspects (e.g., break into computers)
- have officers or employees read / listen to large amounts of communication
- recognize your face from a satellite (although UAV is a different story)
For instance, here is a possible flow of intercepted audio communication that is actually listened to:
- two men in some third-world country, one of them eating shawarma, and both of them waving hands, converse via cell phones
- their communication is intercepted along with all phone communication from a region of interest
- language is detected, and speech is (rather unreliably) converted to text
- the above are stored for future reference
- the text is analyzed for keywords, with a positive match
- a dumb yet linguistically capable “trained monkey” in a military base in the middle of nowhere is presented with a summarized conversation text, the full conversation text, and an audio stream of the conversation into the headphones
- the monkey reads the summary and listens to a part of the conversation, and then, 5 minutes closer to his demob, forwards the intercepted item to a somewhat more capable “grunt”
- the grunt translates the intercepted audio into something that an analytics officer can read, and forwards the item to his superior
- the translated interception item, annotated with the identities of both conversation parties, arrives on the desk (i.e., the computer monitor) of a borderline autistic analytics officer, averting him from yet another cunning plan to sleep with his commander's new secretary
The sequence above serves to illustrate the bottleneck of all intelligence work: qualified human resources.
It should be obvious by now, that the only way to communicate stealthily and securely is to avoid raising suspicion to the level at which the authorities might consider it worthwhile to put you under active surveillance (e.g., park a van with TEMPEST equipment by your apartment). Moreover, the medium for such a communication must be the Internet, since since it is the only publicly available medium that has seen any serious development of anonymous and/or secure communication.
Let's go over some specific methods of clandestine information exchange over the net:
- Encrypted e-mail
- Although apparently secure, this method puts the communicating parties at great risk of detection. E-mail servers are centralized, and accounts are easily associated with message transmission times and locations. Once a single member of the communication network becomes suspect, the whole network is immediately exposed. This holds for all similar server-dependent protocols.
- E-mail accessed exclusively over onion routing
- This is a much better approach than just e-mail, but it is still susceptible to traffic analysis, and to control of the communication channel by an external party.
- Usenet posts
- This is a good approach to clandestine communication. Since Usenet is a distributed system, traffic analysis is non-trivial, and messages can be steganographically hidden inside innocent-looking posts (e.g., SPAM) in some high-traffic unmoderated group. Many users will read the message, oblivious to its true contents—thus protecting the message recipient from scrutiny.
- Freenet analogues of the above, such as Freemail and Frost
- Certainly a better alternative to e-mail and Usenet, a Freenet client is too heavy for fast and mobile deployment—a requirement for Liberté Linux. Also, Freenet is somewhat raw at the moment. However, it might become the best alternative at some point in the future.
- Tor hidden services
- A lightweight and reliable alternative to Freenet tools, hidden services suffer from one drawback: both parties must be online during message transmission. Otherwise, the security of this solution is rather well-researched, and traffic analysis appears to be far from trivial. Moreover, Tor is a subject of active development and research, making this approach a long-term one.
Liberté therefore uses Tor hidden services for stealth communication, with support for similar networks like I2P eepSites.