7

For clarification, I am looking for the best way to release this program anonymously, not how to remain anonymous and such in general life (that is a different -already answered- question).

I've created a program myself not pirated/cracked and would like to release it to the world but do not want anyone to know I created it...

What is the best way to realistically assume that the author will not be determined?

Do I simply walk around the tube station and drop a usb with it and hope someone picks it up and uploads it to a torrent site (a big stretch). I would also like to limit all potential exposure -physical and digital.

My program is not malware and is something people would use but like I said, I do not want to be tracked at all.

Additional Details From Comments (I delete my comments so there is not so much clutter)

  • This is a standard compiled program with source code files as well. I've created binaries for linux and compiled a .dmg for mac as well as an .msi for windows (for the non-technical users). I actually do not have an IOS app (or any mobile app).

  • We can assume that it is ok to know the creator posthumously, thus in ~100 years.

  • I anticipate this program to become widespread. As such many people will want to determine the origins. I cannot give details about the program or it's functionality.

  • I am looking for a form of realistic statistical security (seen in cryptology theory; IE mathematically guessing RSA will take X amount of cpu hours). I would think that there are ways to be statistically anonymous (IE having more possibilities of where/who a person is than possible cpu hours)

  • Assume an adversary with considerable resources. I cannot give details on the anticipated adversary.

  • The level of protection is simply avoiding 'substantial' evidence. I do not care so much if the identity is suspected (even heavily) based on supposition, but I am look for a way to avoid the vast amounts of hard evidence left behind that could be tied to the author.

  • I have taken some precautions and I hope to be as ambiguous as possible (without having this question closed). Also, the whole branch of this question is completely isolated in every meaningful way from the program and its author. Likewise, the distro of the program will be isolated from me etc... My goal with this post is to garner feedback and peer review some ideas of my own...

  • I do not care if someone(s) else take credit for my app, in fact that may be better for its survival (and mine;)

  • This program does not need to be hosted by myself nor do any of its components. For release, I am looking for a solution like a bit-torrent where it is decentralised.

  • The initial release will be fire-and-forget. I have made every effort to make my code available and understandable in hopes that many other developers will be able to tweak it should future changes be needed. I have taken so many steps to make this software future compatible but only time will tell. To that note, I may release additional 'patches' but that depends on many factors...

user63407
  • 71
  • 2
  • if you're making an iOS app, I think it requires a certificate, so you must be talking about Android and possibly Windows Phone (or Blackberry) – makerofthings7 Dec 12 '14 at 19:35
  • Write your program in a language you didn't use before (at least not publicly) and won't use in the future, don't use the same libraries you used before/will use in the future, try to make your code look different than what you usually write (indentation style, etc), then upload it to Github through Tor on a Tails VM. –  Dec 12 '14 at 20:57
  • @AndréDaniel, I appreciate the suggestions. I have actually made an effort to program it as generically as possible (copying other open source project's heuristics); unfortunately, I am unable to program it in a language I have never programmed in... As for your anon suggestion, that is essentially what I was thinking but after I do that and physically destroy the pc, what did I miss? Also, github may remove it before enough copies are made and trying to reinitialise it in the world would be far riskier... – user63407 Dec 12 '14 at 21:09
  • 2
    Is this roughly what Satoshi did with Bitcoin? In which case you could pretty much do that. – cpast Dec 12 '14 at 21:24
  • 2
    How likely is this account to be tied back to you? If you take any suggestions from any possible answers, how likely is such software to be linked back to this answer? Any truly powerful adversary isn't going to ignore this question. – Lawtonfogle Dec 12 '14 at 21:33
  • @user63407 satoshi used email over tor I think. I also doubt that his identity is hidden to NSA. But I also guess that NSA doesn't like to reveal his identity, to hide their methods. If you do something you have to live with the possibility that people find out it was you. – user10008 Dec 12 '14 at 21:39
  • Do you want to prevent others from claiming authorship? – atk Dec 13 '14 at 02:39
  • @user63407 depends upon your needs. For example, you might digitally sign the package and destroy the private key, preventing even you from proving ownership (via dsig anyhow). – atk Dec 13 '14 at 02:46
  • 3
    Also, who would be interested in identifying the author? If it's a three letter agency it's a lot different from if you just expect it to be journalists – atk Dec 13 '14 at 04:58
  • As @Lawtonfogle noted, this question itself and your Stack Exchange account are a security hole themselves. Do you know how the authorities caught the founder of the original Silk Road? When he was initially developing it, he posted a question on Stack Overflow. – user2752467 Dec 13 '14 at 18:49
  • @atk, good point about the digital signature but that is not necessary here. While initially, I assume only amateurs will search, I must assume that over time, more resources will be devoted; thus, I am planning for the worst case. Also, I merely want to outlive recognition. I understand that given enough time and money nearly anything is possible, also I'm not that egotistical, the program will garner curiosity but will take a while (if ever) to garner national security resources. Also, JustinLardinois, read my response to lawton -this account is not linked to the dev work... – user63407 Dec 13 '14 at 19:15
  • So, how long do you estimate before the various agencies will get involved (detective, police, news, TLA)? Your security measures will need to be sufficient for each when they pop up, but if you estimate that it will be amateurs fir 99 years and everyone the last year, you need amateur-resistant detection for 99 years and sufficient evidence degradation or resistance for 1 year of nation state investigation. Knowing the answer is critical to forming an effective strategy. – atk Dec 13 '14 at 19:22
  • Also, is this fire-and-forget, or will you be maintaining the software? – atk Dec 13 '14 at 19:23
  • @atk, for your first comment, I have already said ~100yrs. This may be longer or shorter depending on how long I live and how popular the program becomes over time. For you second question, I have updated my original post. – user63407 Dec 13 '14 at 19:29
  • @user63407, I interpreted your pervious statement as wanting to keep your identity secret for 100 years, which is different from what I was asking. Please confirm that you are now saying that nobody will investigate who you are for 100 years. – atk Dec 13 '14 at 22:20
  • @atk, people will want to know from the start but the amount of resources devoted to finding out will scale up over time. I am sure people will start investigating almost immediately -just mainly amateurs at first. – user63407 Dec 14 '14 at 14:31
  • Please add the following tags: "OPSEC", "Deniability", "Nonrepudiation", "Covert Action". – DTK Dec 14 '14 at 16:05
  • @user63407, in that case, like i asked before, when do you expect what levels of resources to be expent to identify you? again, defending your identity depends upon the resources applied. If journalists are expected to investigate from years 3-100, then you can leave evidence that degrades over 3 years. – atk Dec 14 '14 at 17:18
  • @atk, I have to assume that investigation (by everyone) will start from 0day but realistically large resources will not be allocated for some time. – user63407 Dec 16 '14 at 14:24
  • 1
    ok, so you're looking to evade the NSA, FBI, GRU, Mossad, etx, for 99 years, starting on day 1. And you posted your request for how on a public forum, probably from a device you have used in the past, thereby tying the request to yourself, thereby starting behind the 8 ball. And if anyone knew how to avoid all of them successfully and anonymously without mocving to a country that they do not monitor (ha!) or crawling down a deep dark hole, you think that that person would post it here. And once posted, that the technique would work for 100 years. Good luck with that. – atk Dec 16 '14 at 19:49

2 Answers2

6

This is an interesting question because it is almost entirely nontechnical. One presumes from your question that you are releasing something that would offend more than one national government.

Digital Opsec

  • Compartmentation: Only work on it using resources that are not associated to you. One cross-contamination will burn you (that is how DPR was sent up -- he once used his Silk Road laptop from home and once posted with a reference only DPR would know about Silk Road under his own name). This means a laptop only for this program that has the battery removed when you are within 200 meters of your home
  • When you compile it, run the compiled binary through "strings". If you see anything that is a word you use, determine if it can be removed
  • Use variable names, subroutine names, object class names that are consistent with another lexicon. Careto was attributed to the Spanish because the analyzed binary had names in Spanish, one of which was the word careto, meaning an ugly mask
  • Strip the executable and any libraries before packaging it

Offline Opsec

  • Compartmentation: As The Offspring said, http://youtu.be/G2gTFBhQ7Ko. That means EVERYTHING: cell phones, cell phone service (personal is Sprint, program is Ma Bell), laptops, usernames, passwords, email addresses, email hosting providers (personal is gmail, then program is hotmail), EVERYTHING
    • If it is used for the program, it is never used for your purposes
    • If it is used for your purposes, it is never used for the program
    • If you check your Facebook once from your laptop for the program, you have been made
      • BTW, members of APT1 used a hijacked machine to Twitter, to get around the Great Firewall of China, and that is how they were made
      • cf DPR above
  • Resources used for the development and maintenance of the program, the support of the program and the communication about the program should be owned by the non-natural person (see below) and should never be used for anything else (see compartmentation, above)
  • Plausible deniability: when something is going on with your program, be doing something else, have an alibi every time
  • Be blase and naive about the existence and function of your program. "Oh, did someone make that? Not sure why they would. It sounds interesting. Tell me about".
  • Create a legal fiction (read "corporation") to own your program, and do not have any ties to it. Some jurisdictions are friendlier to anonymous non-natural persons (a legal term for a corporation or trust). http://www.npr.org/blogs/money/2012/07/27/157421340/how-to-set-up-an-offshore-company.
  • Understand the difference between anonymity and pseudonymity
  • Keep the development of the program, the person who owns the intellectual property of the program, the assets of that entity (bank account, tax-filings, patents), and the servers that are used to sell / distribute it in different jurisdictions. This would mean that to discover the full extent of the involvement, your adversary would have to get cooperation and collaboration with authorities in more countries
    • Corporation in Belize, taxes filed as a Belizian corporation operating internationally
    • Software development in Canada
    • Bank account in Dominican Republic
    • Assignment of intellectual property to an Irish subsidiary of the corporation
    • Web servers in multiple countries
  • Have a plan in-place for when you are made. There is no such thing as a fool-proof plan
DTK
  • 1,190
  • 7
  • 8
  • To add on, any physical resources (like the dedicated laptop) should be purchased with cash, preferably with serial numbers that aren't easily traced back to you, from a store far away from where you live. – user2752467 Dec 13 '14 at 19:14
  • 1
    Even further, (some) cars, phones, watches and other devices use gps and other technologies to track your location or leave a footprint. Depending upon the adversary, it may be necessary to leave these completely at home. But that makes travel very difficult, because busses in western nations often have cameras, so something must be done to avoid those cameras filming you and recognizing you, or filming you and tracking the unknown person back to a particular region. This problem is extremely hard... – atk Dec 13 '14 at 19:17
  • @JustinLardinois, that is necessary if you work in a virtual global network... Also, the risk assessment of physically being tagged is far greater than digitally being tagged. ATK, that is what I was referring to. – user63407 Dec 13 '14 at 19:19
  • Oh, and fingerprints, hair and other dna samples, etc might matter depending upon the adversary. – atk Dec 13 '14 at 19:24
  • 1
    @DTK, Thank you for the first meaningful response. The biggest takeaway is compartmentalisation. You are however, leaving out a very important one **-misinformation.** Also, my program does not need to be hosted by myself. The idea is to *release* it to enough people that it cannot be centralised and thus 'banned'. (also I do not have the amount of money needed to setup all these legal entities) – user63407 Dec 13 '14 at 19:24
  • @user63407 I leave off misinformation deliberately, because that is almost always the hardest one to get right, and more often than not, the person will accidentally say a detail of the right thing when working really hard to say the wrong thing. COINTEL is not for kids or amateurs. – DTK Dec 14 '14 at 15:41
  • @user63407 When you think about costs, weigh them against the cost of getting made. If you have reason to believe you have a 10% chance to spend a decade as a guest of a foreign power with no access to your home country's embassy, 10k$ sounds like a bargain for the protection. Raid your pension (many allow a one-time cash withdrawal for significant hardship), wash it several times (could be a book in-and-of itself), DTN. Good luck – DTK Dec 14 '14 at 15:48
  • The OPSEC Professionals Association has some training materials at "http://www.opsecprofessionals.org/training.html" – DTK Dec 14 '14 at 15:49
  • @DTK, you give some great points. In regards to the finances, in this case, I simply do not need all of that overhead because there will be no ongoing hosting/support/cenrtalised distro/etc by me (or if there is, it will be like a repeat of the first deployment). – user63407 Dec 16 '14 at 14:35
  • Don't forget the problem of people identifying you through your writing style, or similarly your coding style or even the designs of your UIs. The code shouldn't look like anything you've ever written, or talked about. There are also identifiable traits in your post. Sentence starting with I've, hyphen missing a space for an en-dash, elipses at the end of a sentence, slashes as "or". "tube" is regional, the time of the post, etc. When you write your docs, they can't look like you wrote them. https://www.schneier.com/blog/archives/2011/08/identifying_peo_2.html – mgjk Dec 16 '14 at 14:44
-2

Go to some public wifi access point (e.g. some coffee shop, internet cafe, etc.), plug in your USB stick and upload it somewhere publicly available (e.g. github/sourceforge if you also want to make the source code available).

daolaf
  • 7
  • 2
    This creates too much of a trail (registration, logs, geographics, video, etc) and I can simply do that at home via VPNs, Proxies, and Tor. The point is, I myself do not want to be tracked at all. I want to nearly eliminate all possible indexing between myself and the distro – user63407 Dec 12 '14 at 19:49