Liberté Linux Motivation and Philosophy
Project scope
Liberté Linux is not a generic live Linux distribution with anonymity
features. Its primary focus is to let you communicate, stealthily and
securely, with other people in a hostile environment. Here, hostile
environment is one where someone resourceful seeks to find out your identity
because of something you do. You might be a dissident in an oppressive
Islamic regime, perhaps, or an anti-government cell coordinator in China. A
highly-ranked mole in the US intelligence service, passing information to his
handler in the Belarusian embassy. Or, a whistle-blower in an international
petroleum corporation. All these possibilities have something in common:
high technological capacity
of the authority in place, and willingness to use this capacity to find out
who you are in order to stop you. Of course, you might just consider using
Liberté because you dislike the idea of a
bureaucrat somewhere
deciding whether something you do online is legitimate or not. You are
welcome.
Modern surveillance capabilities
In order to develop proper means for communicating in hostile environment (the
purpose of Liberté), one must therefore estimate this technological capacity
of the authority actors in place (typically, governmental or corporate). If
you are not too technologically or scientifically educated, or if signal
intelligence sounds somewhat mythical to you, then you will be rather
challenged to properly assess such a capability, distinguishing facts from
fantasy. Fortunately, here I will lay out these capabilities for you straight
and to the point.
First, some simple overview. A highly technologically capable authority (e.g.,
a military counter-intelligence unit) can:
- intercept your internet traffic, including e-mail, instant messaging, VoIP,
and Wi-Fi connections (the latter doesn’t involve ISPs)
- intercept your phone and fax communication, including landlines, cell
phones, satellite phones, and radio telephone extensions (the latter doesn’t
involve Telcos)
- associate your geographic location with a cell phone IMEI number or with a
SIM card number
- reliably associate your calls with your voice patterns (speaker recognition)
- associate your geographic location with your digital financial transactions
This passive surveillance can be performed constantly and concurrently for a
large number of people (who are not specifically suspect of anything), and all
data gathered can be retained indefinitely. We see that the technological
resources of a modern authority are virtually unlimited, and any task that can
be automated is implemented and engaged.
However, the non-technological resources of an authority are definitely
limited. The authority cannot:
- break modern encryption protocols
- perform active surveillance on non-suspects (e.g., break into computers)
- have officers or employees read / listen to large amounts of communication
- recognize your face from a satellite (although UAV is a different story)
For instance, here is a possible flow of intercepted audio communication that
is actually listened to:
- two men in some third-world country, one of them eating shawarma, and both
of them waving hands, converse via cell phones
- their communication is intercepted along with all phone communication from a
region of interest
- language is detected, and speech is (rather unreliably) converted to text
- the above are stored for future reference
- the text is analyzed for keywords, with a positive match
- a dumb yet linguistically capable “trained monkey” in a military base in the
middle of nowhere is presented with a summarized conversation text, the full
conversation text, and an audio stream of the conversation into the headphones
- the monkey reads the summary and listens to a part of the conversation, and
then, 5 minutes closer to his demob, forwards the intercepted item to a
somewhat more capable “grunt”
- the grunt translates the intercepted audio into something that an analytics
officer can read, and forwards the item to his superior
- the translated interception item, annotated with the identities of both
conversation parties, arrives on the desk (i.e., the computer monitor) of a
borderline autistic analytics officer, averting him from yet another cunning
plan to sleep with his commander’s new secretary
The sequence above serves to illustrate the bottleneck of all intelligence
work: qualified human resources.
Undercover communication
It should be obvious by now, that the only way to communicate stealthily and
securely is to avoid raising suspicion to the level at which the authorities
might consider it worthwhile to put you under active surveillance (e.g., park
a van with TEMPEST equipment by your
apartment). Moreover, the medium for such a communication must be the
Internet, since since it is the only publicly available medium that has seen
any serious development of anonymous and/or secure communication.
Let’s go over some specific methods of clandestine information exchange over
the net:
- Encrypted e-mail: Although apparently secure, this method puts the
communicating parties at great risk of detection. E-mail servers are
centralized, and accounts are easily associated with message transmission
times and locations. Once a single member of the communication network becomes
suspect, the whole network is immediately exposed. This holds for all similar
server-dependent protocols.
- E-mail accessed exclusively over
onion routing:
This is a much better approach than just e-mail, but it is still susceptible
to traffic analysis, and to control of the communication channel by an
external party.
- Usenet posts: This is a good approach to clandestine communication. Since
Usenet is a distributed system, traffic analysis is non-trivial, and messages
can be steganographically hidden inside innocent-looking posts (e.g., SPAM) in
some high-traffic unmoderated group. Many users will read the message,
oblivious to its true contents—thus protecting the message recipient from
scrutiny.
- Freenet analogues of the above,
such as Freemail and Frost: Certainly a better alternative to e-mail and
Usenet, a Freenet client is too heavy for fast and mobile deployment—a
requirement for Liberté Linux. Also, Freenet is somewhat raw at the moment.
However, it might become the best alternative at some point in the future.
- Tor hidden services:
A lightweight and reliable alternative to Freenet tools, hidden services
suffer from one drawback: both parties must be online during message
transmission. Otherwise, the security of this solution is rather
well-researched, and traffic analysis appears to be far from trivial.
Moreover, Tor is a subject of active
development and research, making this approach a long-term one.
Liberté therefore uses Tor hidden services for stealth communication, with
support for similar networks like I2P eepSites.