|
Home > Archive > Anonymous Servers > March 2006 > Help wanted: AAMGATE server operators
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Help wanted: AAMGATE server operators
|
|
| StealthMonger 2006-03-23, 8:52 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Appended below is a new server script AAMGATE for strongly-anonymous
surfing. Please consider running it at your site.
Providing an anonymous service gives you excellent cover and plausible
deniability for your own activities.
The optional supporting programs esub and esubbf were coincidentally
published here just a couple days ago. It should still be on your
news server.
Here's the script.
#!/bin/sh
# AAMGATE --
# Copy arbitrary Internet pages to alt.anonymous.messages, encrypted.
# User instructions:
# Encrypt wget command-line parameters to the public key of an AAMGATE
# server and mail it to that server with sufficient hashcash through a
# chain of remailers. Results of the wget will be tarred, gzipped,
# split if necessary, encrypted to the key you supply, given a
# Subject: that you determine, and posted to alt.anonymous.messages.
# You take a full feed of a.a.m at all times without interruption, and
# separate the wheat from the chaff only behind closed doors. Is this
# private surfing, or what?
# Operator instructions:
# Set up an AAMGATE server as follows. Create a new user aamgate on a
# host able to receive mail and post news. Create a new GnuPG key for
# aamgate. Store the passphrase in ~/.key with mode 0400. Install
# this script in ~/bin and arrange for each mail to be presented to it
# on stdin. Announce the new server and publish its public key.
# Method of operation:
# For each received mail, AAMGATE creates a fresh temporary directory
# to accumulate the results. The mail is checked for valid hashcash
# and decrypted. If the wget parameters are legitimate and safe, wget
# is run with a quota determined by the bits of hashcash. The results
# go into the temporary directory. The result is tarred and gzipped.
# If it's small enough, as determined by the hashcash bit count, it's
# split as necessary and each piece is encrypted to the user's
# supplied symmetric key, given a Subject: determined by the user, and
# published to a.a.m.
# The following keyword-value pairs are recognized. Where possible,
# the syntax and semantics are close to those of the remailers.
# Encrypt-Key: the GnuPG symmetric key to encrypt the tgz file.
# Subject: The Subject: line for the postings to a.a.m, or for esub.
# Request: The wget command line parameters.
# Encrypt-Subject: If supplied, Subject: is determined by IDEA esub.
# Encrypt-Subject-BF: As Encrypt-Subject: but Blowfish, not IDEA.
# If neither Encrypt-Subject parameter is supplied, the response(s)
# will have the supplied Subject, unprocessed. Otherwise, AAMGATE
# generates a fresh subject (for each posting individually in case of
# split) using the original IDEA algorithm or its new Blowfish
# equivalent. Note that the user should generate Encrypt-Key,
# Subject, and Encrypt-Subject* (if used) fresh for each AAMGATE
# request, to prevent even the operator from linking requests.
# To-Do
# SECURITY REVIEW.
# Accept a wider range of wget command-line parameters.
# Support curl, as well as wget.
# Provide for random-size split of the response.
# Accept rpow as well as (or instead of) hashcash. http://rpow.net.
# License: GPL
# Version: 0.5
# Author: StealthMonger
# <StealthMonger@nym.panta-rhei.eu.org>
# <StealthMonger@nym.alias.net>
# <StealthMonger@hod.aarg.net> (not working, 060321)
# Borrowed from autoconf for portability:
a_letters='abcdefghijklmnopqrstuvwxyz'
a_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
a_Letters=$a_letters$a_LETTERS
a_digits='0123456789'
a_alnum=$a_Letters$a_digits
# Sed expression to map a string onto a valid variable name.
a_sh="eval sed 'y%*$a_letters%P$a_LETTERS%;s%[^_$a_alnum]%_%g'"
# Process a mail request
export PATH=$HOME/bin:/bin:$PATH
DIR=$HOME/aamgate$$
mkdir $DIR
mkdir $DIR/result
cd $DIR/result
while read kwd OFFER wds && test "$kwd" != "X-Hashcash:" ; do : ; done
if ( hashcash -cd -b 10 -f $HOME/hashcash.sdb -r aamgate@`hostname` \
"$OFFER" 2>hashcash-stderr ) ; then
if ( gpg --passphrase-fd 3 3<$HOME/.key --batch --no-tty \
2>gpg-stderr > parameters) ; then
# de-fang user input before using:
sed y%\($\)\\[\\]'\`\"%________% parameters 2>defang-err |
( while read kwd vals ; do
eval AG_`echo "$kwd" | $a_sh`="$vals"
done # Prefix user-supplied name with "AG_": prevent collision.
# Service price (bits-10) deters multi-megabyte downloads:
LOG2=$((`echo "$OFFER" | sed 's/^[^:]*:\([0-9]*\).*$/\1/'`-10))
if test $LOG2 -gt 21 ; then LOG2=21; fi
SIZE_LIMIT=$((2**$LOG2)) # Applies to the gzipped result.
QUOTA=$((8*SIZE_LIMIT))
if ( echo "$AG_REQUEST_" |
egrep -q '^(http|https|ftp)://[-a-zA-Z0-9./~?]*$' ) ; then
wget --quota=$QUOTA -P wgot "$AG_REQUEST_" >> opt 2>>err
else
echo "$AG_REQUEST_" does not seem to be a legitimate URL. \[vbcol=seagreen]
fi
cd ..
tar zcpf result.tgz result
GOT_SIZE=`ls -l result.tgz | sed \
's/\t/ /g;s/^[^ ]* *[^ ]* *[^ ]* *[^ ]* *\([0-9]*\).*$/\1/'`
if test $GOT_SIZE -gt $SIZE_LIMIT ; then
echo Compressed tar file size $GOT_SIZE exceeds size limit \
$SIZE_LIMIT >> result/opt
rm -rf result/wgot
tar zcpf result.tgz result
fi
split result.tgz -b 20k
echo "$AG_ENCRYPT_KEY_" > ekey
test -n "$AG_SUBJECT_" || AG_SUBJECT_="nosubject"
for f in x*; do
echo Newsgroups: alt.anonymous.messages > $f.post
if test -n "$AG_ENCRYPT_SUBJECT_" ; then
echo Subject: \
`esub "$AG_ENCRYPT_SUBJECT" "$AG_SUBJECT_"` \[vbcol=seagreen]
elif test -n "$AG_ENCRYPT_SUBJECT_BF_" ; then
echo Subject: \
`esubbf "$AG_ENCRYPT_SUBJECT_BF_" "$AG_SUBJECT_"` \[vbcol=seagreen]
else
echo Subject: "$AG_SUBJECT_" >> $f.post
fi
echo >> $f.post
gpg -a -c --passphrase-fd 4 4<ekey --batch --no-tty $f
cat $f.asc >> $f.post
# inews -D -S -h $f.post > /tmp/$f.past
inews -S -h $f.post
done
)
fi
fi
cd ..
rm -rf $DIR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
iD8DBQFEIbF+DkU5rhlDCl4RAqbEAJ9gYn0psqAf
Xxwa9ivXpKabpu/VDgCfT3g8
MGWf6QSeBbtAumVo6wBlGtY=
=uz+Z
-----END PGP SIGNATURE-----
| |
| Anonymous via the Cypherpunks Tonga Remailer 2006-03-23, 8:53 pm |
| In article <20060322230739.B0EFF47ABC@remailer-debian.panta-rhei.eu.org>
StealthMonger <Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
> Appended below is a new server script AAMGATE for strongly-anonymous
> surfing. Please consider running it at your site.
Isn't it easier and more secure to just use Tor? http://tor.eff.org/
| |
| StealthMonger 2006-03-23, 8:53 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anonymous via the Cypherpunks Tonga Remailer <nobody@cypherpunks.to> writes:
> In article <20060322230739.B0EFF47ABC@remailer-debian.panta-rhei.eu.org>
> StealthMonger <Use-Author-Supplied-Address-Header@[127.1]> wrote:
[vbcol=seagreen]
> Isn't it easier and more secure to just use Tor? http://tor.eff.org/
The Tor documentation itself provides the answer:
... for low-latency systems like Tor, end-to-end traffic
correlation attacks [8, 21, 31] allow an attacker who can observe
both ends of a communication to correlate packet timing and volume,
quickly linking the initiator to her destination.
http://tor.eff.org/cvs/tor/doc/desi.../challenges.pdf
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
iD8DBQFEIvBSDkU5rhlDCl4RAkRJAJ9fGvTNcfr4
zczXA4242saLMBWm5QCgro0Q
h4/fGqJihKsAg5OVjl5K42U=
=T4LE
-----END PGP SIGNATURE-----
| |
| Anonyma 2006-03-23, 8:53 pm |
| >> Isn't it easier and more secure to just use Tor? http://tor.eff.org/
>
> The Tor documentation itself provides the answer:
But the time it would take for a web page to be sent through the
remailer network makes it impossible to use for browsing.
| |
| StealthMonger 2006-03-23, 8:53 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anonyma <anon-bounces@deuxpi.ca> writes:
> But the time it would take for a web page to be sent through the
> remailer network makes it impossible to use for browsing.
That's a price you have to pay for anonymity.
Use wwwoffle http://www.gedanken.demon.co.uk/wwwoffle/ on your machine
to build a cache or archive of websites. Populate the cache using
AAMGATE. Do your browsing only from the cache.
Or, do your browsing as usual and reserve AAMGATE for downloads that
you don't want linked to your name or to your site.
Note too that if you operate an AAMGATE server, you can browse in real
time and plausibly claim later that AAMGATE was doing it in response
to untraceable requests. Be sure that you publicize the server well,
so that it has enough traffic to hide your own.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
iD8DBQFEIzKzDkU5rhlDCl4RAuK2AJ4kgBZuViJV
xNd87Ri2zQUkV29r5QCfSupm
cPt6lDqG3YbVxShPh/ygcSA=
=epGf
-----END PGP SIGNATURE-----
| |
| Borked Pseudo Mailed 2006-03-25, 9:53 am |
| In article <20060324012339.9516D47C6E@remailer-debian.panta-rhei.eu.org>
StealthMonger <Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
> Note too that if you operate an AAMGATE server, you can browse in real
> time and plausibly claim later that AAMGATE was doing it in response
> to untraceable requests. Be sure that you publicize the server well,
> so that it has enough traffic to hide your own.
There lies the problem. There simply won't be enough people willing to
wait hours to see a web page to get enough traffic to hide in. Only a
few people would go to all that trouble to download a web page.
| |
| StealthMonger 2006-03-25, 9:54 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Borked Pseudo Mailed <nobody@pseudo.borked.net> writes:
> In article <20060324012339.9516D47C6E@remailer-debian.panta-rhei.eu.org>
> StealthMonger <Use-Author-Supplied-Address-Header@[127.1]> wrote:
[vbcol=seagreen]
> There lies the problem. There simply won't be enough people willing to
> wait hours to see a web page to get enough traffic to hide in. Only a
> few people would go to all that trouble to download a web page.
You can send as many of your own requests through the remailer cloud
as you want; since they arrive anonymously, nobody else can know that
they're your own.
And coming soon: client scripts to simplify using AAMGATE.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
iD8DBQFEJFQMDkU5rhlDCl4RAjAIAKClou7Xbax3
hs+LssoxdFBEGDoUdQCffnKR
T0qtKg+getlSMEP5f7ZCZGA=
=dnhE
-----END PGP SIGNATURE-----
|
|
|
|
|