The only way to be anonymous on the Internet…

It seems the NSA managed to gain access to Al Jazeera’s internal communications system, and that got me remembering some recent comments on Internet security.

From someone highly qualified to speak on the subject.

Don’t believe that there is any method of online communication that is free from surveillance of some kind.

‘The Grugq’, an information security ‘pornstar’ based here in Bangkok, explains that even systems like the TOR Network are not guaranteed to be 'safe’ or free from the prying eyes of those who are paid to know all online.

The publicly available tools for making yourself anonymous and free from surveillance are woefully ineffective when faced with a nationstate adversary. We don’t even know how flawed our mental model is, let alone what our counter-surveillance actions actually achieve. As an example, the Tor network has only 3000 nodes, of which 1000 are exit nodes. Over a 24hr time period a connection will use approximately 10% of those exit nodes (under the default settings). If I were a gambling man, I’d wager money that there are at least 100 malicious Tor exit nodes doing passive monitoring. A nation state could double the number of Tor exit nodes for less than the cost of a smart bomb. A nation state can compromise enough ISPs to have monitoring capability over the majority of Tor entrance and exit nodes.

The point being that the inordinate budget and access that these agencies have is still not known, making it impossible for anyone or anything to guarantee being untraceable.

Basically, all I am trying to say is that the surveillance capability of the adversary (if you pick a nationstate for an adversary) exceeds the evasion capability of the existing public tools. And we don’t even know what we should be doing to evade their surveillance.

Practicing effective counterintelligence on the internet is an extremely difficult process and requires planning, evaluating options, capital investment in hardware, and a clear goal in mind. If you just want to “stay anonymous from the NSA”, or whomeever… good luck with that. My advice? Pick different adversaries.


Now read this

Why Series A does not exist in Southeast Asia

Bernard Leong, my friend, noted Asia tech pundit and founder of Singapore-based tech blog SGE (among other things), raises some great discussion points in response to my previous post about Southeast Asia’s biggest four startup problems.... Continue →