HomeBlogsfletch's blog

Conversation With The Author

Sun, 05/18/2008 - 05:04 — fletch

We on the ParanoidLinux team are a little star struck that Cory seems to like our idea! So here's the juicy gossip.

Dave Fletcher  	Wed, May 14, 2008 at 3:23 PM
To: doctorow@craphound.com
Hello Mr. Doctorow.

Several BoingBoing readers were talking in the new #boingboing IRC
channel about Little Brother and have decided it would be really great
to actually create it! So we've started a new Debian based
distribution.

Thank you so much for this inspiration!

We were wondering if you had any neat other ideas for such a
distribution (other than what's already in Little Brother) that never
made it to the printed page.

If you'd like to chat in real time you can find us on irc.freenode.net
channel: #paranoidlinux. http://mibbit.com has a lovely web based IRC
program if you don't want to install anything. Thanks again for such a
neat idea!

Cheers,

--fletch
Cory Doctorow  	Wed, May 14, 2008 at 7:41 PM
To: Dave Fletcher 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey, Dave! This is SO COOL! You're actually the SECOND bunch to happen
on this idea -- you guys should totally get together -- see below!


- -------- Original Message --------
Subject: Re: Incognito: Creating a real "ParanoidLinux" from "Little
Brother"?
Date: Thu, 08 May 2008 12:17:44 +0100
From: Cory Doctorow 
To: XXXXX
CC: XXXXX
References: <4822643E.1010108@gmail.com> <4822C7DB.2080503@lavabit.com>
<4822DDE2.9000400@gmail.com>

I have no objection! I'd be honored!

My only concern would be that no one (including me) claims a trademark
(or attempts to register one) on the name. As far as I'm concerned, all
my coinages are fair game for anyone, but I'd be saddened if someone
tried to assert the exclusive right to use one of them.

Many thanks!

Cory

Daniel Boese wrote:
> anonym wrote:
> | On 08/05/08 04:23, Daniel Boese wrote:
> |> As you may or may not be aware, Cory Doctorow has recently written
> |> and released a novel, "Little Brother", as described at
> |> http://craphound.com/littlebrother/ . (He makes copies freely
> |> available for download at
> |> http://craphound.com/littlebrother/download/ .)
> |
> |> The book is set about two or three years in the future. He mentions
> |> something called "Paranoid Linux", which is described as "an
> |> operating system that assumes that its operator is under assault from
> |> the government (it was intended for use by Chinese and Syrian
> |> dissidents), and it does everything it can to keep your
> |> communications and documents a secret. It even throws up a bunch of
> |> "chaff" communications that are supposed to disguise the fact that
> |> you're doing anything covert. So while you're receiving a political
> |> message one character at a time, ParanoidLinux is pretending to surf
> |> the Web and fill in questionnaires and flirt in chat-rooms.
> |> Meanwhile, one in every five hundred characters you receive is your
> |> real message, a needle buried in a huge haystack.", and "ParanoidXbox
> |> was paranoid. Every bit that went over the air was scrambled to
> |> within an inch of its life. You could wiretap it all you wanted, but
> |> you'd never figure out who was talking, what they were talking about,
> |> or who they were talking to. Anonymous web, email and IM."
> |
> |
> |> Incognito, available at
> |> http://www.browseanonymouslyanywhere.com/incognito/index.php , is
> |> already fairly close to the above description.
> |
> | It should be mentioned that the Tor network, which Incognito makes heavy
> | use of, currently does not offer much in terms of stenography, cover
> | traffic or anything similar to that part Paranoid Linux. I don't think
> | it's on the agenda at all either, probably due to the many
> | implementation and design issues and resulting performance problems. In
> | fact, if that level of security/anonymity is required, I would suggest
> | not making use of public communication channels like the Internet at
all.
>
> Anonym, thank you for your cogent response.
>
> I think that the cover-traffic described for ParanoidLinux is for small,
> individual messages, rather than for overall online activity - reducing
> one's bandwidth by a factor of 500 for ordinary browsing would seem to
> make browsing infeasible.
>
> I would guess that the steganographic network required for better
> protection from traffic analysis simply doesn't exist at the moment. I
> had thought Tor was closer to what was described by ParanoidLinux than
> it turns out to be, and none of the other
> anonymity/pseudonymity-focussed networks that I've been able to learn of
> so far, such as Freenet, Entropy, I2P, and GNUnet, are currently any
> better.
>
>
> |> Perhaps Incognito could be the base on which a real-life version of
> |> "Paranoid Linux" could be created?
> |
> |> Anonym, what would you say to a new version of Incognito with a new
> |> name being released?
> |
> | Is this only about a name change?
> |
> | If so, and if you suggest that the current project is renamed, I'm not
> | so sure. The word "paranoid" has a certain negative feeling, like it's
> | intended user base are of the wild-eyed conspiracy theorist/lunatic/
> | criminal/whatever kind. That's not my intention, at least.
>
> I don't feel the same level of negative connotation with the word
> 'Paranoid' that you suggest; of course, I'm well outside the cultural
> norm, and can't always rely on my own opinions to predict others'
> responses.
>
> | Incognito's main target is normal people with a need for a little
> | privacy in these days of constant decline, especially non-nerds not able
> | to setup all the required software correctly, or those who just don't
> | bother doing it themselves.
> |
> | In addition, I really like the name Incognito, both as it's quite unique
> | and captures the essence of what the distribution is all about very
well.
> |
> | That being said, since Incognito is Free Software, there is nothing
> | prohibiting you from distributing your own re-branded version named
> | whatever you want, albeit I don't see the point of doing so.
>
> At the moment, I am specifically thinking of the case of "whistleblower
> bloggers", and how to make it easier for them to pseudonymously place
> their text and photos online without being detected by their employer or
> government.
>
> For an example, let's assume that our would-be blogger has a set of
> e-documents which can prove the criminal malfeasance of one of his
> superiors, and wants to upload them to Wikileaks (ala
> http://wikileaks.org/wiki/Tor ); but the only networked computers he has
> available can also be accessed by that superior. He can use Incognito to
> deal with any monitoring software, by simply avoiding having that
> software ever being loaded upon boot. However, there are other means of
> his superior learning his secret passwords and contacts and so on, such
> as a hardware-based keylogger. There are several software-based methods
> to replace keyboard entry, such as web-based or software on-screen
> keyboards; perhaps the next version of Incognito could include one or
> more such options?
>
> For another example, all digital cameras have "noise signatures" which
> could be used to trace them. As shown at
> http://www.instructables.com/id/Avoiding-Camera-Noise-Signatures/?ALLSTE...
> , there are several steps that can be taken to reduce those signatures;
> again, perhaps the next version of Incognito could include some of the
> tools for doing so. Being able to edit and remove the EXIF data in
> photos would also be handy; ExifTool from
> http://www.sno.phy.queensu.ca/~phil/exiftool/ may be a good start.
>
> For still another example, simply being aware that some printers add
> tracking dots (as described at
> http://en.wikipedia.org/wiki/Printer_steganography ) may be worth
> considering before pushing 'print'; the page
>
http://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracki...
>
> may be worth attaching to Incognito's printing command, suggesting that
> the user check what model of printer is being used before they confirm
> that they want to print.
>
>
> |> Cory Doctorow, would you object to the use of the term you created?
> |
> |
> |
> |> Thank you for your time, -- Daniel Boese, aka DataPacRat   VA3BOS
> |> "Why should I believe that?"
> |
> | Cheers!
>
>
>
>
> Thank you for your time,
- --
Cory Doctorow
doctorow@craphound.com

latest collection: craphound.com/overclocked
latest novel: craphound.com/someone

blog: boingboing.net
vanity: craphound.com
podcast: feeds.feedburner.com/doctorow_podcast
Free novel: Little Brother: craphound.com/littlebrother
Free novel: Someone Comes to Town: craphound.com/someone
Free novel: Eastern Standard Tribe: craphound.com/est
Free novel: Down and Out in the Magic Kingdom: craphound.com/down
Free stories: Overclocked: craphound.com/overclocked
Free stories: A Place So Foreign: craphound.com/place

Join my mailing list and find out about upcoming books, stories,
articles and appearances:

http://www.ctyme.com/mailman/listinfo/doctorow

READ CAREFULLY. By reading this email, you agree, on behalf of your
employer, to release me from all obligations and waivers arising from
any and all NON-NEGOTIATED  agreements, licenses, terms-of-service,
shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure,
non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have
entered into with your employer, its partners, licensors, agents and
assigns, in perpetuity, without prejudice to my ongoing rights and
privileges. You further represent that you have the authority to release
me from any BOGUS AGREEMENTS on behalf of your employer.
[Quoted text hidden]
- --
Cory Doctorow
doctorow@craphound.com

latest collection: craphound.com/overclocked
latest novel: craphound.com/someone

blog: boingboing.net
vanity: craphound.com
podcast: feeds.feedburner.com/doctorow_podcast
Free novel: Little Brother: craphound.com/littlebrother
Free novel: Someone Comes to Town: craphound.com/someone
Free novel: Eastern Standard Tribe: craphound.com/est
Free novel: Down and Out in the Magic Kingdom: craphound.com/down
Free stories: Overclocked: craphound.com/overclocked
Free stories: A Place So Foreign: craphound.com/place

Join my mailing list and find out about upcoming books, stories,
articles and appearances:

http://www.ctyme.com/mailman/listinfo/doctorow

READ CAREFULLY. By reading this email, you agree, on behalf of your
employer, to release me from all obligations and waivers arising from
any and all NON-NEGOTIATED  agreements, licenses, terms-of-service,
shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure,
non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have
entered into with your employer, its partners, licensors, agents and
assigns, in perpetuity, without prejudice to my ongoing rights and
privileges. You further represent that you have the authority to release
me from any BOGUS AGREEMENTS on behalf of your employer.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIK6L1kCbbvh/CN68RAvQ1AJ9Z1/+h+UXHzIGbRnFxksSR7yAuZACdG17y
jp6Xc0EtUHHhZMQznoDtiBw=
=ex5x
-----END PGP SIGNATURE-----
Dave Fletcher  	Wed, May 14, 2008 at 8:20 PM
To: Cory Doctorow 
Thanks! We have contacted them and hope to hear back shortly.

Cheers,

--fletch
[Quoted text hidden]
Cory Doctorow  	Wed, May 14, 2008 at 8:23 PM
To: Dave Fletcher 
No, thank YOU! This is incredibly exciting!

Cory

Dave Fletcher wrote:
> Thanks! We have contacted them and hope to hear back shortly.
>
> Cheers,
>
> --fletch
>
>
> On Wed, May 14, 2008 at 7:41 PM, Cory Doctorow  wrote:
[Quoted text hidden]
Dave Fletcher  	Thu, May 15, 2008 at 12:45 PM
To: Cory Doctorow 
Here's our project pages if you want to keep an eye on progress:

home page: http://home.gna.org/paranoidlinux/

project page: https://gna.org/projects/paranoidlinux/

I'll probably stop by Berkeley or SF next week and say "hi" and get my
book signed :-)

Oh and I have a question: The Turk.. is that "Philz Coffee" on 24th
and Folsom St.? Just wondering, it used to be my old coffee dive
before I moved out to suburbs. If it is, maybe I'll buy Phil a copy,
I've known him a long time.

Cheers,

--fletch
[Quoted text hidden]
Cory Doctorow  	Thu, May 15, 2008 at 1:12 PM
To: Dave Fletcher 
Is Philz the place with the handmade coffees and all the bulk food tubs?
If so, yup!
[Quoted text hidden]
--
[Quoted text hidden]
Dave Fletcher  	Thu, May 15, 2008 at 1:19 PM
To: Cory Doctorow 
Haha yeah "one cup at a time" coffee, food in tubs. A grungy place
with hipsters and bands playing on Friday night. Great fun :-)

Cheers,

--fletch
[Quoted text hidden]
Cory Doctorow  	Thu, May 15, 2008 at 1:21 PM
To: Dave Fletcher 
That's the one!
[Quoted text hidden]
--
[Quoted text hidden]
Cory Doctorow  	Fri, May 16, 2008 at 6:15 AM
To: Dave Fletcher 
Thanks, Dave! I'd love to blog this once it's a little fleshed-out --
can you ping me when you think it's ready for primetime?

Also -- something weird going on with your SSL cert there...

Cory
[Quoted text hidden]
--
[Quoted text hidden]

Comments

Tue, 10/07/2008 - 00:22 — Steganographer

First time this has been done?

Not by a long stretch.

Before committing to any one idea I would suggest that the readers to check out: Anonym.OS

Also check out Gentoo before committing to a distro; "power users" like myself regularly build up ParanoidLinux-like systems all of the time by using powerful distros like Gentoo and Knopppix.

Other knowledgeable people I met on the IRC channel agreed that Gentoo is the best idea. When we figure out the goals of PL we should get a better idea of the options - I'll suggest Gentoo and DSL in the other wiki posts anyway.

Sun, 10/12/2008 - 02:05 — f3l1x

Please... Not Knoppix

Please anything but knoppix.
"The only thing that hasn't changed since 9/11 is that the government is still *u**ing up"
-Steal This Book Today

Wed, 10/22/2008 - 23:27 — CyberSp00k

Why not Knoppix?

f3l1x,

Can you expand on that rather minimal assertion?

Sp00ky

"No matter how paranoid you are, it isn't paranoid enough." -- X-files

Thu, 10/23/2008 - 00:01 — f3l1x

Weeell...

I have had bad experiences with it on a computer and a VM and now I think its conspiring against me.
You can if you want, its just a personal feud.

f3l1x
"The only thing that hasn't changed since 9/11 is that the government is still *u**ing up"
-Steal This Book Today

Thu, 10/23/2008 - 00:26 — CyberSp00k

Ubuntu ... OK by me

Thanks for the additional info.

I've only used Knoppix STD (the live boot CD version) to demonstrate how pitifully lame MS Windows "security" is.

Ubuntu has worked fine for me on everything from my minimal P1 200MMX w/ 128M memory to my 2.4 GHz Intel Core 2 Duo w/ 4G memory.

Just goes to show that we all have different experiences.

Sp00ky

"No matter how paranoid you are, it isn't paranoid enough." -- X-files

added context 10/21/2008

Sun, 10/26/2008 - 01:52 — f3l1x

Na man... Kernel

Hard as Michael Jackson in front of a 6 year old for beginners, but much better for hardouts. (I'm not a hardout, but one of my friend is, and he LOVES the complete flexibility of kernel)

f3l1x
"The only thing that hasn't changed since 9/11 is that the government is still *u**ing up"
-Steal This Book Today

Mon, 06/09/2008 - 01:49 — Anonymous

"Debian based distro"

I know that Linux is what Cory mentions in his book and all, but I would think that something with stronger security as its focus, like OpenBSD, would be more in keeping with the goals of the book. Start with a strong, open base and build up from there.

If you are gonna start from Linux, don't forget one of the older distros out there for just that sort of thing, Tin Foil Hat Linux (http://tinfoilhat.shmoo.com/).

Sun, 06/15/2008 - 22:11 — Anonymous

Ubuntu

Since you're already focusing on a Debian base, why not try to work a bit with the Ubuntu people? Ubuntu is already pretty well focused on privacy, though not to the degree of Paranoid as described in the book, and its fairly easy to work with, even for those new to Linux. While I realize you might want to keep this feeling rather leet, all Linux distros should have at least one of their main goals be to expand Linux to more common people.

So, before I continue rambling, I'll stop.
Peace.
~The guy in the corner

Tue, 10/07/2008 - 00:30 — Steganographer

Not Ubuntu

I would certainly recommend against Ubuntu - and I don't see it being any more privacy conscience than any other linux distro. We want to bring the power of linux to non-power users by automating the numerous processes involved in creating a truly secure and anonymous environment - not by boxing them in with gnome and other large anti-features.

Besides, there are other more modular distros than Ubuntu that would ease development and implementation tremendously.

Tue, 10/07/2008 - 00:32 — Steganographer

Not Ubuntu

Have you tried at least 6 other distros before recommending Ubuntu?