Comments on: Howto defeat EU’s data retention act

By: vidarlo

vidarlo — Wed, 09 Jan 2008 06:43:59 +0000

DeathBoy, could you elobarate on that? I did not write the text, but it seems quite googd enough for me.

As I gather the real thing is not encryption, but twarting traffic analysis to reveal whom is communicating.

And I can’t see any really huge problems.

By: DeathBoy

DeathBoy — Tue, 08 Jan 2008 22:54:26 +0000

It’s abundantly clear that you don’t know the first thing about security or encryption.

I was passed this link by a friend, and I’m worried about how many people will read it and think it will make them somehow safer than leaving a note in a personals ad.

If you don’t know what you’re talking about, please don’t make it even harder for the layman to understand by expounding such poorly put together ideas. This makes people’s chances of security worse, not better.

Anyone digging this isn’t helping, either.

By: Delay.no : Howto defeat EU’s data retention act

Delay.no : Howto defeat EU’s data retention act — Mon, 07 Jan 2008 23:40:43 +0000

[...] copied from http://bitsex.net/english/2008/how-to-avoid-eu-data-retention-act/ with [...]

By: AC

AC — Mon, 07 Jan 2008 06:21:09 +0000

Here’s an implementation of a double-blind time-limited drop-box via DNS:
http://landonf.bikemonkey.org/code/security/DNS_Dead_Drop.20060128201048.26517.luxo.html

It’s not undetectable — the RD bit is not widely used — but it’s likely under the radar, especially if you use a DNS server located in another, non-cooperative country. Does tor support routing DNS queries out the network? That would be somewhat resilient to detection.

One nice thing about the methodology is that when posting the message, only ‘1′ bits are observable. ‘0′ bits are never sent, so try doing analysis on: 11111111111…

Retrieving the message, the 1s and 0s are (obviously) available, but your message is encrypted, right?