On Thu, 30 Oct 2014 19:39:47 -0400 (EDT), John Kennerson <nobody@isis.cpunk.us>
wrote:
>In article <g2h45alpmhutstfp1d1ikhcgno82vb9jpd@4ax.com>
>Mr. 2 Cents <noname@noname.invalid> wrote:
>>
>> On Thu, 30 Oct 2014 09:49:02 -0400 (EDT), John Kennerson <nobody@isis.cpunk.us>
>> wrote:
>>
>> >Has anybody got a book on how to post binaries to USENET
>> >anonymously?
>> >
>> >I see loads of binaries getting posted and I think the posters
>> >can't be tracked. Can anyone point me to a book or something that
>> >will show how to do that?
>>
>> I do not know of a book with such information. You can dig up some decent tips
>> through a google search.
>>
>> Your biggest challenge is to find a Usenet service provider that will allow you
>> to subscribe anonymously. Specifically, your payment method must be anonymous,
>> e.g. money order, western union,etc.
>>
>> Next, you must find a trustworthy VPN service which will obscure your real IP
>> address while at the same time allowing you to connect via nntp.
>>
>> You can never connect to your NSP with your real IP address. Most NSPs will
>> keep logs of the IP address you connect from and they will just roll over when
>> they get a subpoena. The NSP's have no desire to spend money or put themselves
>> in jeopardy to protect a user.
>>
>> Next, you must be sure you always use TLS cipher for your connections and
>> transfers so as to obscure the content of your traffic from your ISP.
>>
>> The process is very complex and if you make one mistake, one time, you will be
>> in jeopardy. If you are occasionally posting copyrighted material, you will be
>> less of a target than if you are posting high profile illegal material such as
>> child pornography. In the case of kiddie porn, not only will the authorities of
>> many countries work at hunting you down, but other Usenet users will do what
>> they can to locate and identify you, as they should.
>>
>> Remember, you have to trust too many people for this to be foolproof. You need
>> to trust your security cipher (sslv3 was just proved to be defective), you need
>> to trust your ISP, good luck with that. You need to REALLY trust your VPN to not
>> keep logs, good luck with that too. You need to trust your NSP, for the most
>> part they are the scum of the Earth. You need to trust your own technical
>> competency to ensure there is no identifying information embedded in anything
>> you post, this goes way beyond exif metadata and lastly you need to be perfect
>> and never make a mistake in the process.
>>
>> Ask yourself, "Can I afford to get caught? Can I afford at least $100,000 in
>> legal fees? Can I afford to do time in a Federal Penitentiary or the non-US
>> equivalent?"
>
>Thanks for the advice. I am not trying to post copyrighted
>material. I am intending to post evidence of criminal wrongdoing -
>and remain alive after I have done so. There are challenges to this.
Posting such a thing to Usenet does not seem like a very direct or effective way
to communicate with law enforcement.
|
|