My colleague Ethan Zuckerman has published two very important posts on his blog over the past week.
If you live in a country where Internet censorship and surveillance is a concern, read Anonymous Blogging with Wordpress and Tor. He prefaces his guide with the following warning:
My disclaimer: If you follow these directions exactly, you’ll sharply reduce the chances that your identity will be linked to your online writing through technical means - i.e., through a government or law enforcement agency obtaining records from an Internet Service Provider. Unfortunately, I cannot guarantee that they work in all circumstances, including your circumstances, nor can I accept liability, criminal or civil, should use or misuse of these directions get you into legal, civil or personal trouble.
These directions do nothing to prevent you from being linked through other technical means, like keystroke logging (the installation of a program on your computer to record your keystrokes) or traditional surveillance (watching the screen of your computer using a camera or telescope). The truth is, most people get linked to their writing through non-technical means: they write something that leaves clues to their identity, or they share their identity with someone who turns out not to be trustworthy. I can’t help you on those fronts except to tell you to be careful and smart. For a better guide to the “careful and smart” side of things, I recommend EFF’s “How to Blog Safely” guide.
Not long after writing his important guide, Ethan spent a day with Roger Dingledine (creator of Tor, the tool of choice for circumventing Internet censorship in places like China these days) speaking to "a dozen or so political activists from a nation with a tough track record on human rights and free speech issues. " Based on what he learned from that day, Ethan wrote second post titled "We've got to adjust some of our threat models". Read the whole post for links to many excellent online tools that can be used by activists. He talks, however, about how it's impossible for most geeks to anticipate all the police surveillance techniques dissidents are actually faced with on the ground in their countries. People have been arrested after using Skype in some countries because police caught them with parabolic microphones, keystroke logging, or simply seizing people's computers and accessing their buddy lists. Ethan notes some thoughts he and Roger had about coping with these issues, then concludes:
I suspect Roger and I will both get smarter about several topics - keystroke logging, secure messaging, the difficulty of modifying the Skype binary, filesystems encrypted with graphical passwords - as we work with our friends over the next few months. But it’s worth noting that we wouldn’t be thinking about these problems if we hadn’t had the chance to talk with folks working on the front lines. Tools like Martus - which allows human rights organizations to encrypt and store offsite reports about rights violations - only get developed when smart geeks start working closely with human rights workers. Occasionally, we get lucky and a tool for anonymous browsing turns out to be a boon for circumventing censorship… but that’s the exception, not the rule.
To a certain extent, this is the problem I was trying to solve with Geekcorps - I wanted to get software developers interested in problems in the developing world and see what solutions they could come up with in conjunction with African and Asian geeks. I don’t know that I can put cryptographers on airplanes to repressive nations and ask them to get smart about realworld security problems and strategies, but it’s a strategy worth thinking about.
Unfortunately, most of the time, the people who are really smart about computer security are remarkably stupid about users. PGP’s key signing mechanisms and distributed network of trust is a solution that only a geek could love. Try explaining “transitive trust” to human rights activists who work from cybercafes, don’t own their own computers, and are listening to you in their third language - you’ll figure out pretty quickly why activists who know they’re being watched use Yahoo! Mail rather than the PGP system you’ve spent a day training them on. Solutions like Hushmail are steps in the right direction, but tools need to be as easy as comparable tools… which is why I spent a lot of time pushing people towards the https interface to Gmail as a great first step in increasing their security.
We need a lot more contact between the activists and the geeks to design the tools we really need. We need more folks like Roger to take days from their schedule, get on airplanes and explain what they can and can’t do. We need more activists to give us feedback on what their problems really are. We need folks like “Sleepless in Sudan” to help document how they stayed invisible, and friends like Alaa to explain why they’ve elected to be visible despite real and present danger.
And finally, we need to understand that every tool we build has multiple uses. The fine folks at Blazing Tools may feel like they’re doing the world a service when they introduce the “Perfect Keylogger” to catch cheating spouses or protect their children from Republican congressmen - would they feel as good if they learned their tools were imprisoning dissidents? I fear that for every Tor - a tool that’s proved useful in far more ways than might have been imagined - there are other tools that turn out to have dark uses we haven’t yet considered.
Read the whole post if you care at all about free speech and technology. The discussion that follows in the comments is also very enlightening, conducted by some of the best minds in the field.