Alt.Anonymous.Messages Newsgroup

There has been some research done on this particular anonymous newsgroup.<p>“Deanonymising alt anonymous messages”<p><a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=l5JBMyxvuH8" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=l5JBMyxvuH8</a><p>The accompanying blog post is here:<p><a href="https:&#x2F;&#x2F;ritter.vg&#x2F;blog-deanonymizing_amm.html" rel="nofollow">https:&#x2F;&#x2F;ritter.vg&#x2F;blog-deanonymizing_amm.html</a><p>The inherent security of the technique is actually quite strong. The tooling is terrible and many other problems exist with AAM, but in general the idea of having a shared “inbox” is good for anonymity. There is no way to tell which message is intended for whom. Receiving messages is unlinked, which is obviously good for anonymity. Sending requires a different set of technologies to ensure that the message delivery is unlinked. Tor solves part of this problem.<p>AAM had serious limitations. Things fall down a bit with the underlying technology for newsgroups and PGP and so on not being designed for anonymity, “fail closed” security, or ease of use (and difficulty of misuse).<p>A bespoke system could work, but the limiting factor is selecting an “inbox” that is widely distributed and heavily used (the anonymity is directly correlated to how many people access the inbox&#x2F;inbox container.)<p># Case Study: YardBird’s group (mostly) escapes arrest<p>A similar method for secrecy was used by a CSAM group. It was penetrated by the police when they arrested a member who turned informant to reduce his sentence. The police monitored the group from inside for months (I remember it being over a year). Despite having complete access to all the communications <i>and</i> technical surveillance data <i>and</i> international cooperation between police forces, the majority of the group evaded arrest.<p>There was a set of operating rules that the group followed and everyone who did so escaped the net. I wrote about it in 2013 if anyone is interested in digging deeper into the story.<p><a href="https:&#x2F;&#x2F;grugq.github.io&#x2F;blog&#x2F;2013&#x2F;12&#x2F;01&#x2F;yardbirds-effective-usenet-tradecraft&#x2F;" rel="nofollow">https:&#x2F;&#x2F;grugq.github.io&#x2F;blog&#x2F;2013&#x2F;12&#x2F;01&#x2F;yardbirds-effective-...</a>

Some time ago I created a chat that uses the same principles, it&#x27;s funny to have some ideas validated by something that has been around for over 20 years and that I didn&#x27;t know existed.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;domingues&#x2F;vortex&#x2F;">https:&#x2F;&#x2F;github.com&#x2F;domingues&#x2F;vortex&#x2F;</a>

I would like to see something like this that can scale to 100B+ messages per day (ie. A world scale messaging app), whilst still not revealing who is talking to who.<p>Clearly the &#x27;send all messages to everyone&#x27; approach cannot.<p>But I wonder if there is an approach that can, with the added complexity that the users use mobile devices and care about battery life and bandwidth usage.<p>I suspect there is not a design that can still provide anonymity against an attacker who can see all network traffic, but if there is, I&#x27;d like to know about it!

No Linux version available? :(

(2017)