Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

Change your thoughts and you change your world.


rocksolid / Rocksolid Nodes Help / BBS Mail to Replace Mix Master -- Slightly Steganographic BBS Mail?

SubjectAuthor
* BBS Mail to Replace Mix Master -- Slightly Steganographic BBS Mail?Byrl Raze Buckbriar
`- Re: BBS Mail to Replace Mix Master -- Slightly Steganographic BBS Mail?Retro Guy

1
Subject: BBS Mail to Replace Mix Master -- Slightly Steganographic BBS Mail?
From: Byrl Raze Buckbriar
Newsgroups: rocksolid.nodes.help
Organization: OCTADE
Date: Mon, 16 Sep 2024 02:20 UTC
Attachments: unnamed (application/pgp-signature)
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: news0@octade.net (Byrl Raze Buckbriar)
Newsgroups: rocksolid.nodes.help
Subject: BBS Mail to Replace Mix Master -- Slightly Steganographic BBS Mail?
Date: Mon, 16 Sep 2024 02:20:56 +0000
Organization: OCTADE
Message-ID: <fb19af4bf2a6ae046aa9d0a71cc34b0d$1@octade.net>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="PGP-SHA256";
boundary="Signature=_Sun__15_Sep_2024_21_21_08_-0500_uFiXJVY/ICiJbrTE"
Injection-Info: i2pn2.org;
logging-data="2222037"; mail-complaints-to="usenet@i2pn2.org";
posting-account="OI6weT9bZt7saiRF3+XsJJTIMUPjpyh/q6ChV6DtztU";
User-Agent: OCTADE
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Newsreader: OCTADE
View all headers

I am looking at the BBS Mail scheme. This would be a steganographic hack. It seems that two parties could encrypt their messages offline and then format them to look identical to BBS Mail articles and exchange them through the newsgroup.

Would there be any tells or formatting from the Rocksolid Light server that would give this away or break the scheme or allow an observer to distinguish between a BBS Mail article composed offline?

If the offline encrypted articles are indistinguishable from those made by the server that would be useful, especially in a Tor network with many Rocksolid peers and anonymous registrations. This could be set up to be significantly more robust and safe than mixmaster-type remailers, and done with the ease of an email client. And a small CLI formatting and encryption script could be automated in some GUI email clients, such as Claws-Mail and Sylpheed. Once set up the users would not need to mess around with any command-line or crazy config boo baz, netting pure foo.

One could have anonymous communication with the ease of Thunderbird, Sylpheed, etc. yet very strong anonymity and unlinkability. The sender hop to the hidden onion service of the Rocksolid Peer is one layer of protection. The Rocksolid Peer's hop to another TOR hidden peer is another layer of protection from eavesdropping, and so on, to however many peers it takes to reach the recipient's peer--and the recipient could pull from any number of peers. Then finally, there is another onion network shroud for the recipient client pulling the messages from the encrypted BBS Mail newsgroup.

If the Message-ID and headers are sanitized and generic to not identify the origin peer, that would be even more crazy anonymous. The message could go from origin and be injected to multiple remote peers in random order at random timings, obfuscating origin even more.

Such a scheme is simpler than remailers with indistinctness of the offline BBS Mail compositions. Tell me if I lack something in this muse.

--
Byrl Raze Buckbriar . OCTADE . < https://octade.net >
Hacker Hotline . voice & SMS . (781) OCT-AGON
KeyOxide . < https://keyoxide.org/keyoxide0@octade.net >

Attachments: unnamed (application/pgp-signature)
Subject: Re: BBS Mail to Replace Mix Master -- Slightly Steganographic BBS Mail?
From: Retro Guy
Newsgroups: rocksolid.nodes.help
Organization: Rocksolid Light
Date: Mon, 16 Sep 2024 12:33 UTC
References: 1
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!i2pn.org!i2pn2.org!.POSTED!not-for-mail
From: retroguy@novabbs.com (Retro Guy)
Newsgroups: rocksolid.nodes.help
Subject: Re: BBS Mail to Replace Mix Master -- Slightly Steganographic BBS
Mail?
Date: Mon, 16 Sep 2024 12:33:45 +0000
Organization: Rocksolid Light
Message-ID: <e83f80d631c69ad711ebc0aadab8e141@www.novabbs.org>
References: <fb19af4bf2a6ae046aa9d0a71cc34b0d$1@octade.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org;
logging-data="2273308"; mail-complaints-to="usenet@i2pn2.org";
posting-account="gg+dDWHMzVrdxGO9Gmt8aqyeWDXqlxfqiuS0jX/WMXY";
User-Agent: Rocksolid Light
X-Face: .&YR-G(w(DZ$$,}%k=]*5*!p'=(anr"IT`wZG'2VWdfl\r)l[42u7JH`n(JUQ*e5*A|XCDf
?&\X&uwkl38"CYX3O8m}C8E4p'%N$2#kSTVzx{Ly|DjLT\Vk7NE}NQ(VC$Yq]i:7|z[.9iv^g>*8_B
H0=hZt'[%)4kG|
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Rslight-Site: $2y$10$6A2GG73a9glX3hWTRMq2OODwF/ri/XeGzLuVW4a.WEyG9bhXJrr46
X-Rslight-Posting-User: a93aefeeff923def71455caae2dbfb277a59e046
View all headers

On Mon, 16 Sep 2024 2:20:56 +0000, Byrl Raze Buckbriar wrote:

> I am looking at the BBS Mail scheme. This would be a steganographic
> hack. It seems that two parties could encrypt their messages offline and
> then format them to look identical to BBS Mail articles and exchange
> them through the newsgroup.
>
> Would there be any tells or formatting from the Rocksolid Light server
> that would give this away or break the scheme or allow an observer to
> distinguish between a BBS Mail article composed offline?

I see no reason a message could not be generated that would look exactly
like the rslight BBS Mail message.

> If the offline encrypted articles are indistinguishable from those made
> by the server that would be useful, especially in a Tor network with
> many Rocksolid peers and anonymous registrations. This could be set up
> to be significantly more robust and safe than mixmaster-type remailers,
> and done with the ease of an email client. And a small CLI formatting
> and encryption script could be automated in some GUI email clients, such
> as Claws-Mail and Sylpheed. Once set up the users would not need to mess
> around with any command-line or crazy config boo baz, netting pure foo.
>
> One could have anonymous communication with the ease of Thunderbird,
> Sylpheed, etc. yet very strong anonymity and unlinkability. The sender
> hop to the hidden onion service of the Rocksolid Peer is one layer of
> protection. The Rocksolid Peer's hop to another TOR hidden peer is
> another layer of protection from eavesdropping, and so on, to however
> many peers it takes to reach the recipient's peer--and the recipient
> could pull from any number of peers. Then finally, there is another
> onion network shroud for the recipient client pulling the messages from
> the encrypted BBS Mail newsgroup.

Rslight will just post the BBS Mail message to one particular group. How
it propagates depends on what it's 'remote' server does with it. Rslight
does not add or append to the Path: header, but it does add headers to
identify that it is a rslight server. These headers could of course be
added by anyone wanting to impersonate a rslight server.

> If the Message-ID and headers are sanitized and generic to not identify
> the origin peer, that would be even more crazy anonymous. The message
> could go from origin and be injected to multiple remote peers in random
> order at random timings, obfuscating origin even more.

By default a rslight messsage-id is a has of part of the message. This
can be changed in the code (not by config files). Same with headers
(requires code changes, which are not difficult).

You probably would enjoy discussing this with SugarBug here. Seems
similar to his interests.

If you come up with something you want to pursue specifically, we can
discuss code changes to handle it, but for now I just maintain what we
have (fix bugs, etc.). I never intended rslight to be a highly secure,
highly encrypted system, just a web interface to Usenet, but we have
grown to include BBS Mail (which is encrypted), so why not :)

We will always maintain the current system, which is accessible and
useful to the average web user, but no reason we can't add some more
secure comms underneath for other use cases.

--
Retro Guy

1

rocksolid light 0.9.8
clearnet tor