Author Topic: Secure Person to Person Information Transfer  (Read 3949 times)

Offline t00nces2

  • Prepper
  • **
  • Posts: 53
  • Karma: 3
  • New TSP Forum member
    • Todd's Home Repair
Secure Person to Person Information Transfer
« on: July 17, 2013, 06:32:31 AM »
There has been a lot of talk about the government keeping our transmitted correspondence and information. This really pisses me off, and it pisses me off even more that some people I really respect think it is okay because they believe it helps the government fight terrorism. They argue that no one actually "listens" or sees" it unless there is a "problem". To me it seems to be no different than a government official coming into your house and documenting every item inside your home with the understanding that the file would not be opened unless someone inside the government determined there was some kind of "problem".

Unfortunately, to some inside government, the peaceful association and communication of free people seeking liberty from an over reaching governmental intrusion are considered terrorists... http://www.youtube.com/watch?v=AzVKQCnLJns

So, I would like to help you learn how to trade secure correspondence (or as secure as you can get). Keep in mind, THERE IS NO SUCH THING AS ABSOLUTE SECURITY! That in mind, there are things you can do.

1. You need to have a computer that has not, is not, and will not be connected to the internet, or networked with computers that have been, are ore will be.

2. Install Thunderbird, GnuPG and Enigmail onto that computer along with a standalone keyserver.

3. Once configured, generate keys that will expire.

4. Securely trade keys with the person(s) you wish to correspond.

5. Write the message you wish to send securely on the computer that has not, is not, and never will be connected to the internet.

6. Encrypt the message using GnuPG.

7. Copy and paste encrypted message into a notepad plain text document.

8. Save encrypted correspondence onto an empty formatted storage device USB, Floppy (does anybody still know what a floppy is?), SD card or other device.

9. You can now transfer the doc to a connected computer and insert into an e-mail or hand directly to the person (most secure). You can also post the message on a message board and delete the message as soon as it is received.

10. Change keys regularly.

This is not ABSOLUTE security, and I would appreciate any pointers and discussion and improvements. Thus far, I have done all the steps with the exception of having a computer isolated from the internet (not that hard to do, I just don't have one set up), and I have not set up a standalone keyserver on one of my machines (but I do intend to).

There are other security protocols I have worked with and would love to work with others with: Truerypt (I have mentioned before) and steganography are two that come to mind.

Offline ForgedPatriot

  • Senior Survivalist
  • ****
  • Posts: 229
  • Karma: 5
  • Scaring the general public since 68'
Re: Secure Person to Person Information Transfer
« Reply #1 on: July 17, 2013, 10:41:41 AM »
Have you ever used IronKey secure USB drives?

http://www.ironkey.com/en-US/secure-portable-storage/250-personal.html

Government level encryption, self destruction of data after 10 consecutive incorrect password attempts, etc.


Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17112
  • Karma: 380
  • #ImissAmerica
    • Journey to Greener Pastures
Re: Secure Person to Person Information Transfer
« Reply #2 on: July 17, 2013, 11:44:41 AM »
No need to load Thunderbird if you are not connected to the 'net. Just cut and paste thru notepad or some other text editor.

Offline t00nces2

  • Prepper
  • **
  • Posts: 53
  • Karma: 3
  • New TSP Forum member
    • Todd's Home Repair
Re: Secure Person to Person Information Transfer
« Reply #3 on: July 17, 2013, 03:30:35 PM »
Have you ever used IronKey secure USB drives?

http://www.ironkey.com/en-US/secure-portable-storage/250-personal.html

Government level encryption, self destruction of data after 10 consecutive incorrect password attempts, etc.



FP... I have heard Jack mention it, have you ever used it? I like the ten try and erase feature. Have you ever tried TrueCrypt? The container can be used on FAT drives, sent through mail, encrypted, decrypted. Very cool program.

No need to load Thunderbird if you are not connected to the 'net. Just cut and paste thru notepad or some other text editor.

Yes, I think I remember working with it some, but it has been a while. Do you highlight the text and right click? I have GnuPG installed, so I will be giving it a try without using t-bird.

Offline mxitman

  • Dedicated Contributor
  • ******
  • Posts: 1733
  • Karma: 125
  • Entrepreneur/HVAC Mechanic/Electrician
    • Heezy
Re: Secure Person to Person Information Transfer
« Reply #4 on: July 17, 2013, 05:32:08 PM »
Nothing is out of the league of anyone in our Gov, Who made up this Secure device or software...maybe somewhere backed or with hidden keys within our own Gov, like the software that ends up in foreign companies and sometimes they find a backdoor after years of using it?

I would think the best solution is to meet FTF, like the old spy movies...sounds more exciting that way anyhow...I don't have anything that sensitive to worry about right now, so I haven't looked into anything...

BTW...if you didn't know already Gmail and other popular public mail servers saves your message automatically even while typing...ohh how thoughtful of them...so convenient too...they did it for eavesdropping, The towelyban was writing email messages then saving them unsent, by saving automatically they also see what may be written and then undone before the final version.

They would then share the passwords to the account instead of sending the emails, and you would just log in and read your saved unsent messages.. ;D

Maybe try that with a different type of host, of course there is always hidden messages in pictures...

Offline t00nces2

  • Prepper
  • **
  • Posts: 53
  • Karma: 3
  • New TSP Forum member
    • Todd's Home Repair
Re: Secure Person to Person Information Transfer
« Reply #5 on: July 17, 2013, 06:46:48 PM »
Nothing is out of the league of anyone in our Gov, Who made up this Secure device or software...maybe somewhere backed or with hidden keys within our own Gov, like the software that ends up in foreign companies and sometimes they find a backdoor after years of using it?

I would think the best solution is to meet FTF, like the old spy movies...sounds more exciting that way anyhow...I don't have anything that sensitive to worry about right now, so I haven't looked into anything...

BTW...if you didn't know already Gmail and other popular public mail servers saves your message automatically even while typing...ohh how thoughtful of them...so convenient too...they did it for eavesdropping, The towelyban was writing email messages then saving them unsent, by saving automatically they also see what may be written and then undone before the final version.

They would then share the passwords to the account instead of sending the emails, and you would just log in and read your saved unsent messages.. ;D

Maybe try that with a different type of host, of course there is always hidden messages in pictures...

You are right to a certain extent. If you use Google or Yahoo to compose your mail, it is available on their server. If you use an e-mail client such as Thunderbird or Outlook, the correspondence is composed and saved on your computer. Where Outlook is constructed by Microsoft and may have a back door or two written in by design, Mozilla Thunderbird is open source. If there were a back door in T-bird, the open source community would document and fix the security threat.

Now, I believe that the government can look into your computer as crystal clearly as you can look out at TotallyFatChicksCoveredWithChoclate.com, so there is a very good possibility they can keylog as you type.

Offline ForgedPatriot

  • Senior Survivalist
  • ****
  • Posts: 229
  • Karma: 5
  • Scaring the general public since 68'
Re: Secure Person to Person Information Transfer
« Reply #6 on: July 19, 2013, 09:04:42 PM »
FP... I have heard Jack mention it, have you ever used it? I like the ten try and erase feature. Have you ever tried TrueCrypt? The container can be used on FAT drives, sent through mail, encrypted, decrypted. Very cool program.

I have never had a real need for one in the past, but with times the way they are I may be reconsidering that train of thought. I have had True Crypt on my computer in the past as well.

Offline ForgedPatriot

  • Senior Survivalist
  • ****
  • Posts: 229
  • Karma: 5
  • Scaring the general public since 68'
Re: Secure Person to Person Information Transfer
« Reply #7 on: July 19, 2013, 09:31:16 PM »
Saw these Hamas covert communications techniques on the web (supposedly Hamas, but who really knows). Some were pretty interesting, and pertain to secure ways to communicate person to person.

The saved draft:

The idea is simple – one email account is opened and the user name and password given to multiple users. All users can log in, type a message, save it as a draft, and then log out. A different user can log in and read the messages left behind. Not once was a email sent and zero personal emails are attached. (of course this one wont matter if big brother is watching what you type in real time or via keystroke recording, etc)

Terrorists have taken this method to new heights. For example: they have put together 30 day communication plans that include a different email account for each day with 30 different user names and 30 different passwords. Its goes like this:


•Day 1 a message is saved as a draft – recipients then log in, read the message, delete it, and never return to that email address ever again.
•Day 2 a different message is saved as a draft in a different email account with a different username and password – recipients log in, read the message, delete it, and never return to that email address ever again.


The Virtual World:

The use of Virtual Worlds, like Second Life, is now the rave in covert communications for Hamas and other terrorists.
Second Life allows you to create a “resident” avatar and then travel through a virtual world doing whatever you want. You can socialize, have sex with other avatars (be warned: you’ll probably end up with some he-she sitting in China pretending to be a hottie), buy and sell real estate, buy a Rolex, buy an island (like Hamas did). You can even buy an AK-47 and learn how to use it from other more knowledgeable Avatars (Hamas). Second Life has a GDP – Gross Domestic Product. Yes, like a country – roughly $100 million a year and growing. People are spending, making, and losing real money in this world.


Here are 3 advantages that Second Life and other Virtual Worlds provide:

•Virtual worlds provide secure voice, chat, IM, and video streaming from avatar to avatar or avatar to a group.
•Virtual worlds provide secure means of laundering money of all currencies through more ways than here in reality.
•Virtual worlds provide virtual lessons on how to use weapons and make explosives, etc.

Of course there is steganography (there are some apps out there), check out drop.io as well.
How about disposable phone numbers, as well as trac fones, etc? notmynumber.net

There is tinychat, mailcatch, etc. There are tons of ways to communicate covertly.









Offline BlueHound

  • Survivalist Mentor
  • *****
  • Posts: 401
  • Karma: 18
  • Non Timebo Mala
Re: Secure Person to Person Information Transfer
« Reply #8 on: July 21, 2013, 12:14:45 AM »
I agree with mxitman, be careful with anything made or owned by Microsoft, including Outlook.com (hotmail.com) and Skype...

How Microsoft handed the NSA access to encrypted messages

I no longer type anything directly into hotmail.com, outlook.com, gmail.com, mail.yahoo.com, hushmail.com, or any others.  I mention Hushmail.com because they can decrypt your emails and they have given decrypted emails to the US government when they received court orders.  Here's an article about Hushmail...Encrypted E-Mail Company Hushmail Spills to Feds

Instead, I have been using Thunderbird, Enigmail, and PGP for emails on my computer (thanks t00nces2).  As long as there are no keyloggers on my computer, my privacy should be safe.  For added security, you can also use an email system that is located in a foreign country, such as mail.ru (a Russian email system).

I've been doing this, not because I have anything to hide, but because I object to the government violating my 4th amendment rights.  Unfortunately, many of the people that I communicate with do not feel the need to protect their Constitutional rights, so they don't use encryption.

Offline BlueHound

  • Survivalist Mentor
  • *****
  • Posts: 401
  • Karma: 18
  • Non Timebo Mala
Re: Secure Person to Person Information Transfer
« Reply #9 on: July 21, 2013, 12:14:03 PM »
For added security, you can also use an email system that is located in a foreign country, such as mail.ru (a Russian email system).

You will need to know Russian or know how to translate the pages to register and login to mail.ru, unless you use these English-language links:

Mail.ru Registration in English

Mail.ru Login in English

Using a foreign email system is most effective if you communicate with others who also have a foreign email account.  This should help reduce the likelihood of the gub'ment intercepting and "analyzing" your emails.  And Russia is unlikely to honor any court orders from the West.  If nothing else, it's another layer of security. 

You may say, but instead of the NSA reading my emails, now the Russians are.  If that bothers you, you can still use PGP to encrypt your emails without drawing the attention of the Western govt.

By the way, Thunderbird recognizes mail.ru, so when you add your account, you don't have to manually setup the POP3 or SMTP settings.

If you don't want to use a Russian email system, there are hundreds of others around the world.  Check this out...

http://www.fepg.net/foreign.html

Offline ForgedPatriot

  • Senior Survivalist
  • ****
  • Posts: 229
  • Karma: 5
  • Scaring the general public since 68'
Re: Secure Person to Person Information Transfer
« Reply #10 on: July 26, 2013, 01:54:18 PM »
BlueHound said:
Quote
I've been doing this, not because I have anything to hide, but because I object to the government violating my 4th amendment rights.  Unfortunately, many of the people that I communicate with do not feel the need to protect their Constitutional rights, so they don't use encryption.

Exactly! 99.9% of the people that I deal with via email...for the most part even face to face, are not concerned about secure email or secure communications. It only works if you have someone on the other end that can decrypt what you are sending and are as concerned about it as you are.