As someone living on the other side of the Great Firewall of China it's become VERY clear that a government can effectively censor the internet(without VPN to get out it's terrible), provided that the government in question put enough effort into it.
As I said in another comment, the Chinese government has beaten Tor. You can't download it or even read about it(almost everything Tor related is blocked). Even when you have it you can't connect, as all bridge IPs are blocked the moment the gov discovers them.
It's slow as hell to boot and on top of this the Chinese government is still able to monitor those who can connect with traffic analysis(a Tor weakness).
I'm something of a lazy cipherpunk and had hoped that most services and sites would have moved onto darknets like i2p by now. But sadly this is not the case, however it is the place where we finally need to go.
TLDR: I don't use Tor because it don't work, plain and simple. Never mind the insecurity mentioned by Zed, and no one here is talking about this.
At the end of the day when you're dealing with a government that has absolutely no qualms about simply taking you away and killing you discreetly, regardless of who you are, there is no hack clever enough to protect you.
"At the end of the day when you're dealing with a government that has absolutely no qualms about simply taking you away and killing you discreetly, regardless of who you are, there is no hack clever enough to protect you."
The thing is that for many people the risk of getting killed is worth it, and protecting the source is not the ultimate goal.
History has shown us that dissidents will often and gladly risk their own lives to get their message out. And often, despite the risks, they've managed to evade detection and capture even when they were up against huge, ruthless spy networks like those of the Soviet Union, post-war East Germany, or the Gestapo.
If enough people were using it, I'd think that a) some of them would be government operatives and b) the traffic could be analyzed to identify and remove internet access from a large number of the participants. I don't know that much about darknets so maybe the traffic analysis is not so straightforward.
They could switch from a blacklist to a whitelist and then you would only be able to connect to other nodes if they were run surreptitiously on pre-approved networks.
Properly used, good steganographic software will hide your use of encryption. Ideally, your communication stream will seem perfectly innocuous to all observers.
Of course, in real life nothing is perfect. So there's always a chance your use of encryption will be detected. But using steganography properly should still reduce that chance to well below that of obviously encrypted systems like TOR, Freenet, etc.
Also, just as importantly, the more people use steganography, the greater the cost of widespread monitoring will become.
As pointed out in other replies in this thread, when you use regular encryption or systems like TOR, you're effectively raising a big red flag for anyone who cares to monitor your communication. So detection is really easy.
But if you use steganography, the snoopers will have to work much harder to even stand a chance of detecting that there's anything unusual about your communication. Multiply this by thousands or millions of people using steganography (especially if it's embedded in huge data transfers, like video streams) and the resource drain for effective, widespread monitoring could become unsustainable.
Right now the snoopers can go after the low-hanging fruit of obviously encrypted communications, and then maybe use rubber hose cryptanalysis to decrypt it, or simply block it. Steganography has the potential change the game drastically.
Stealth circumvention tools are even harder to write than just plain old circumvention tools, which we already are struggling with. It's a disaster waiting to happen. See Haystack and this comment by Thomas: http://news.ycombinator.com/item?id=1690871.
"Get circumvention at all wrong and you achieve the opposite of what the tool is intended for: you put a big red flag on people breaking their local laws. ... Don't build circumvention tools."
That attitude is so wrongheaded I hardly know where to begin.
First of all, anyone who uses something like TOR in China has already put a huge (and very very obvious) red flag on their communications stream.
So, if those people are going to be trying to break through the firewall anyway, why should't they do so with the best tools available? Why shouldn't they try to hide their communication in a stream of innocuous traffic rather than obviously red-flagging it?
And why shouldn't concerned programmers write tools to make the hiding of such information more effective?
Look, many people are going to try to communicate even when they're forbidden from doing so, and they're going to try to circumvent censorship. So we can either try to make it easier for them, or harder. I'm on the side of making it easier.
Sure, some people are going to get caught despite using steganographic software. But I'm willing to bet a lot fewer of them will get caught than using bare encryption systems like TOR.
If you're going to put a big blinking red light on all your packets so that the largest, best-armed surveillance state in the world can collect and analyze them, I guess there's very little harm in waving rubber chickens over them too. Go ahead with the stego.
You might want to read Neils Provos' stegdetect stuff, first. The world needs more fun grad student projects, and you wouldn't want people to have to rehash the same stuff he broke 10 years ago.
Sure, steganography and steganalysis are in an arms race, just like encryption and cryptanalysis.
But if the existence of such an arms race doesn't stop someone from using encryption it shouldn't stop them from using steganography.
Of course, you need to be prudent about it. Use the most secure techniques available, and don't use methods you know have been broken.
Finally, know that you are taking a risk, that nothing is 100% foolproof, and the more powerful and determined your adversary the more of a risk you're taking.
The difference is that with cryptography the actors are nation states v. nation states. With steganography the actors are activists v. nation states.
Also, what makes you think activists have the technical expertise available to know what the "most secure techniques available" are and what methods have been broken?
"The difference is that with cryptography the actors are nation states v. nation states. With steganography the actors are activists v. nation states."
I don't know where you got the idea that nation states are the only ones who use cryptography. Plenty of activists, along with other non-state actors do so all the time.
Plenty of cryptography is also designed by individuals not in the service of any nation state (as far as we know, anyway). In fact, some argue that such encryption is more trustworthy than encryption developed by nation states themselves.
"Also, what makes you think activists have the technical expertise available to know what the "most secure techniques available" are and what methods have been broken?"
I can't speak for any and all activists. It's really up to them to acquire such expertise or get advice from people who have such expertise.
That said, the problem here is no different from figuring out which encryption to use. So your criticism applies equally to encryption as it does to steganography.
I don't know where you got the idea that nation states are the only ones who use cryptography. Plenty of activists, along with other non-state actors do so all the time.
We're not talking about users, we're talking about attackers and developers. Why would users have anything to do with our discussion?
Plenty of cryptography is also designed by individuals not in the service of any nation state (as far as we know, anyway). In fact, some argue that such encryption is more trustworthy than encryption developed by nation states themselves.
Developed by academics, but tested by both academics and the government. The testing is the thing that's actually important.
I can't speak for any and all activists. It's really up to them to acquire such expertise or get advice from people who have such expertise.
The point is that the technical expertise is not available. It's not up to them. It's not available. What you suggest they do is not possible.
That said, the problem here is no different from figuring out which encryption to use. So your criticism applies equally to encryption as it does to steganography.
Nope. Get back to me when we get government backed standards and recommendations for anonymity (hint: we have them for crypto).
"We're not talking about users, we're talking about attackers and developers. Why would users have anything to do with our discussion?"
Actually, in the message you responded to, I was specifically talking about users. I've been talking about users of crypto/stego all along!
They're the ones who take virtually all of the risk. The people who write the crypto/stego often aren't even in the same country, and they do their development in countries where crypto/stego are perfectly legal.
So I don't know why you started talking about developers all of a sudden.
However, I thought you might have switched subjects, so I specifically addressed crypto development in my second paragraph.
"Developed by academics, but tested by both academics and the government. The testing is the thing that's actually important."
That testing is only worthwhile if your threat model does not include the government itself, which has a vested interest in breaking all encryption, whether or not it has been "certified" by them.
"The point is that the technical expertise is not available. It's not up to them. It's not available. What you suggest they do is not possible."
How is it not available? There are plenty of people who design and analyze stego. There's your expertise.
"Get back to me when we get government backed standards and recommendations for anonymity (hint: we have them for crypto)."
That testing is only worthwhile if your threat model does not include the government itself, which has a vested interest in breaking all encryption, whether or not it has been "certified" by them.
The government also has a vested intrest that the cryptography used by itself and its citizens be reasonably secure, else industrial espionage and other similar activities become trivial. Note that the NSA approved AES for the protection of Top Secret information. If you want to argue the NSA deliberately let the majority of classified information in the United States be protected by a flawed algorithm you're going to have to provide some proof.
How is it not available? There are plenty of people who design and analyze stego. There's your expertise.
The people that are good at building and designing crypto and stego (Are there any good stego systems? Doubt it.) systems are outside the paygrade of most companies, nevermind activists. The expertise is not available.
--
Your arguments are disconnected from reality and don't really have any particularly notable knowledge of this domain. This conversation has been a net loss, and judging by your average of ~2 karma per comment, other people seem to agree. I'll let you have the last word if you'd like it, but please refrain from wasting so much space in the future.
And your two-sentence reply that didn't specifically address a single point in my post is supposed to be some deep, thorough analysis?
Pot, meet kettle.
Despite this, I'll do you the kindness of actually addressing the point you made by giving you a big, "so what?"
Activists and dissidents often go up against nation states. That's the nature of the business. And they knowingly take risks to do so.
The question is, are they simply going to use bare encryption, thereby virtually guaranteeing to draw attention to themselves in a state like China? Or are they going to wrap their encrypted message in a layer of steganography, thus giving themselves at least a chance to avoid detection in the first place?
You made an asinine comparison, between cryptography/cryptanalysis (where advances involve fundamental breakthroughs in mathematics and information theory) and stegonography/steganalysis (where advances have been made, recently, from simple measurement studies).
How in-depth do you want me to get with you? I gave you an actual (high-level, easy-to-read, summarized) academic source. You clearly haven't read it. Why not go take some time with it and come back not sounding like a crank?
"How about a third option: they use a method of communication that wont get them killed. You're presenting a false dichotomy."
Got any suggestions? Because I know the millions of Chinese who attempt to circumvent China's firewall daily would love to hear about it.
The point is that probably 90% of the time, these people aren't using anything better than bare encryption (if that), and they're drawing attention to themselves anyway. If they're going to do that anyway, I think it makes much more sense to hide the communication via stego.
Hard problems don't become easier just because they find social justice applications. Math doesn't care what China does to its dissidents, as Wang Xiaoyun has made pretty clear to us.
I'm envisioning a piece of software that lets you IM folks, but with the messages steganographically embedded in emoticons and the cleartext messages autogenerated.
The more different types of traffic that messages could be hidden in, the better.
But, personally, I think the best place to hide them right now is video streams.
The thing about steganography is that the smaller your hidden message is and the larger the data it's hiding in is, the less of a chance there is of it being detected, and also the greater the cost of such detection will be.
Think of it this way:
How effective you are at hiding your message, and the cost of hostile detection are proportional to:
size of covertext
--------------------------
size of hidden message
In my opinion, the ideal medium for two-way, realtime steganographic communication would be something like Skype, where large, bidirectional video streams are used. It might not be too hard to hack up some webcam filter that injects hidden messages in to the outgoing videostream and another filter to decode messages from the incoming videostream.
For one-way communication (or even two-way, delayed communication) any of the video hosting services like Youtube or Vimeo would be great. This should be even easier to implement than the Skype filters I describe above, as the processing can be done offline at your own leisure.
If using steganography to hide information in these videostreams becomes common, the cost to snoopers trying to find messages in them will become simply gigantic. And those costs will only increase as videostream sizes dramatically increase as they inevitably advance to offering higher resolutions (in the short-term), and even 3D-video (in the long-term).
An extra tip, if you're going to try something like this, is to make sure to use crappy/defective webcams that naturally inject noise in to the videostream anyway, and maybe film whatever you're filming on a nicely chaotic background like a closeup of trees billowing in the wind, ocean waves crashing on the shore, etc... that should hopefully provide plenty of chaos for your message to hide in.
This is silly. You can programatically detect e.g. anomalous keyframes from traffic today. Anything you do to try and embed messages in any rich media format (audio, lossy images, video, &c) can be reversed and turned into a filter. The filters won't even need to be accurate; they'll baseline, wait for you to trip a threshold, and then send people to your door to collect your machine.
I'm particularly amused by the comment about using complicated images of ocean waves and trees, as if computers were just mechanical humans trying to make sense of the shapes in the picture.
X is a video of a completely featureless white screen.
Y is a video of a jungle canopy in the midst of a storm.
At some point in both videos, one pixel changes color slightly. Which video do you think it will be easier to spot the change in?
Of course, the amount of information that can be transmitted in the color change of one pixel is ridiculously small, so in a real life example more pixels (or perhaps some other data in the video) would need to be used to embed the message, but the video size can grow along with the size of the hidden message.
As for "anomaly detection", the thresholds at which such detectors function have to be tuned in such a way that they don't give too many false positives to make them useless.
And they're not magic. They can only detect certain types of anomalies, not any an all past or future steganographic techniques that could conceivably be used to hide the message.
Steganographic techniques can and have been designed to mimic expected statistical profiles. Take a look, for instance, at Peter Wayner's work on Mimic Functions:
The other thing I should note is that even if it is (theoretically) possible to detect a message hidden via steganography, the cost of doing so goes up as the amount of data the message is hidden in increases.
Even detecting a message hidden with even the simplest steganographic technique will be much higher than detecting the use of bare encryption, which is already out in the open.
So widespread use of steganography in large datastreams like youtube videos and Skype will create a huge computational burden on the snoopers attempting steganalysis.
Steganalysis doesn't work by noticing a pixel gone awry in a video of a storm. Your notion of how this works seems drawn from movie plots, like the guys who sneak past motion detectors by moving real, real slow. Also, "the contributing editor of the Infoworld Test Labs and author of the Morgan Kaufman book _Disappearing Cryptography_, as summarized by Wikipedia" loses to academic crypto researchers. Sorry.
Come back when you have such a peer reviewed algorithm actually implemented in software. Until then you're just talking about a "sufficiently advanced compiler."
What would prevent the Chinese government from just blocking I2P?
Also, while Tor isn't used in China there seem to be some other Proxy Services that are used. A non-tech-savvy friend of mine who is Chinese citizen and moved back to China one year ago, uses some kind of proxy service to connect to sites like Facebook. I have the impression that the knowledge how to circumvent the firewall is rather common in China.
There are many paid VPN services available to those who have credit cards. These VPN services are based outside China. But this is quite expensive for most Chinese people to use.
The reason Tor isn't used in China is that most of the bridge relay IP addresses are blacklisted by Chinese ISP's and net-cops. Now the list of bridge relays are not public, but China has enough man power(working full time I might add) to get ahold of nearly all the ip's and block them.
Actually it wouldn't be too difficult to automate this at all.
Knowlege to circumvent the wall is available, it's the resources to do so that are lacking.
I2P currently is too small to show up on the Chinese governments radar. Apart from this I don't know how I2P gets the ip's of the darknet node. The only guaranteed way to be safe is to have a Freind to Friend network, with absolutely no public connection nodes.
As I said in another comment, the Chinese government has beaten Tor. You can't download it or even read about it(almost everything Tor related is blocked). Even when you have it you can't connect, as all bridge IPs are blocked the moment the gov discovers them.
It's slow as hell to boot and on top of this the Chinese government is still able to monitor those who can connect with traffic analysis(a Tor weakness).
I'm something of a lazy cipherpunk and had hoped that most services and sites would have moved onto darknets like i2p by now. But sadly this is not the case, however it is the place where we finally need to go.
TLDR: I don't use Tor because it don't work, plain and simple. Never mind the insecurity mentioned by Zed, and no one here is talking about this.