Secure Messaging ScoreCard... from EFF

Um...no mention of bitmessage at all.

 

I was surprised the GPG wasn't listed. Gnu Privacy Guard is one of the better command-line encryption tools. There was no mention of W.A.S.T.E. either, although very few people know of it, so that's not a surprise.

What are your recommendations for groupware? I mean "Groupware" as in encrypting all communications among members of a work group, no matter what OS or computers they use.

 

Sorry, I didn't write that very clearly.

My idea of "groupware" is that everyone in a group - say, three to 32 people in separate locations - can use their computer as if they were all in the same building surrounded by a fence and armed guards. In other words, they all have access to shared files (as they would if they were in a Windows Domain or using Open Directory under OS X or OpenLDAP under Linux), and they all can use a wiki, and they can have video and/or regular chat sessions - all without anyone being able to listen in, including the service provider.

Does anyone know of such a software package?

That was the idea behind W.A.S.T.E., but I don't know if anyone has implemented it.

William Warren

 

If I understand the idea, it's more like peer-to-peer, without a central server. The software handles the encryption for multiple users, so that a file can be sent to any one, or more than one, or all participants in a group.

New members can only join by invitation; someone has to send them an encryption key. It's open-source software, licensed under GPL.

See the Sourceforge site for details.

William Warren

 

I just took a close look at the SourceForge site: it seems W.A.S.T.E., is only available for 32-bit Windows systems, with limited-functionality versions for OS X and Linux.

It looks like the project is no longer being supported. I'll do some further checking, but in the meantime, there are other options.

I just heard a talk by someone from the TOR project, and she described a boot-from-dvd version that includes secure messaging and leaves no traces behind once the machine is turned off. Details are at Tor Project: FAQ.

William Warren

 

@William Warren, the tool you are describing is called TAILS. It is short for "The Amnesiac Incognito Live System". The homepage is Tails - Privacy for anyone anywhere It is available for download there or via bittorrent (https://tails.boum.org/torrents/files/tails-i386-1.2.3.torrent).

In addition to booting from the ISO, TAILS can also be deployed to a bootable USB stick, which is what I do personally. On top of THAT, it can be run inside of a virtual machine (from ISO or USB) from within whatever OS you are running now. It supports a persistent volume that allows you to keep information from session to session.

I've been using TAILS for almost 2 years and TOR a little longer than that. You take a hit on TOR speed-wise but in my opinion it's worth it.

Feel free to ask any questions about TOR or TAILS, happy to help (that goes for anyone).

ETA - I know this isn't a tutorial but the devil can be int he details. When running TAILS off of USB in a Virtual Machine, if you choose to go that route, most Virtual Machine providers won't boot from USB. The simple fix for that is to run something called the Plop Boot Manager. It is an ISO that can be burned to disk if you like that will then redirect booting to USB or floppy or hard drive.

It's available at http://download.plop.at/files/bootmngr/plpbt-5.0.14.zip (main website is Plop / Elmar Hanlhofer - Home It's a pretty slick workaround for physical machines that have a CD/DVD drive but cannot, for whatever reason, boot from USB.

 

That functionality is "sorta" available in bitmessage using a group or shared key. The problem with bitmessage is that the new version limits the size of the message and you technically can't attach files (you dump the unicode text into the body of the message...nasty).

 

Thank you, that's nice to know.

What I'd really like to have is TAILS setup for group communications, similar to what W.A.S.T.E. is intended for, so that I could spin a bootable CD or DVD whenever I felt like contributing to a group of like-minded users, and have it all disappear as soon as I turn off the power.

Of course, it would be useful in other contexts, too.

The idea would be that "we" could boot from a TAILS look-alike DVD, and trade any info, files, or whatever, without it being traceable to either the source or the group. The only difference from TAILS would be that it would be one-to-many instead of peer-to-peer.

Ideas?

William Warren