PRIVATE COMMUNICATION ON THE CLEARNET
--

Even when we think we're communicating in private, whether by email, text messages, private messages on social media etc, the fact is that a bunch of 3rd parties, like tech companies, governments, ISPs and advertisers, all see that data too. And it's not just that they can see it, they're actively collecting and analyzing all of it.

One of the downsides of encrypting messages and emails to combat this, is that since so few people are doing that, you will stick out like a sore thumb to anyone who is monitoring the data, and probably will receive closer scrutiny. For example, it'd be pretty easy to filter out all messages that contain PGP headers.

What if we could still encrypt the data, but make it look like ordinary plain text, made up of dictionary words? If it was done in a dynamic way, so it was different for every person, it would be hard to detect using passive data mining techniques. That would allow us to use existing services like gmail, twitter, facebook, reddit etc on the clearnet, while still protecting our message content.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

ASEMICA

I found an awesome little command line script called Asemica on Github, and it does just that.

https://github.com/linenoise/asemica

It takes a message like this:

"Yeah, sure my phone number is 1234567890. Be there at 3pm"

And transforms it into something like this, and it does it using the Markov chain mathematical theory:

"attribute CLSID BF ZA Z Where actual Q _ SQRT Square root Object Adding a ‘hot' color 'car' object Accommodating older non VBScript aware too concerned with Ajax can accept able More HTML CSS Event BODY Expected Because I ' Array 'chris example Assuming your Java Classes also Firefox JavaScript Also Assignment Dragonfly Opera ChromeT The AIFF format Moreover onunl oad Note Before Boolean Browser Because JSON Native document ' 'change' goThere ocati on Al Di el ect 'change' getPrice build all BC Application Any Node CDATA begins dialing operation Event Boolean Displays as Allman in April IN B Chrome About Microsoft's flavor of America EST tempus sagittis Nulla Praesent luptatum delenit ai nOutput size ' A Accessing Java ARchive Top For A Back None Centers the AIFF format BC ActiveX BC Absol utePosit ion db BC ActiveX filter Functions A 'hot' color All CSS CSS Event BUTTON Although HTML Check both IE ' 'change' verifySong addEvent addEventLi stenerC A A 'car' object Another After MSIE as C C ' Array As Allman "

The script requires three main things to run. First it needs a source message that you wish to obfuscate. The second is a corpus source, which is a large piece of text like a book, and this acts as the basis for what words are used, and how they're arranged. This can be local, or called from an external server. Finally there's the output file for the ciphertext.

./asemic enc -i message.txt -c corpus.txt -o cipher.txt

You can even go a step further by piping the source message through openssl to encrypt it, meaning anyone wanting to decrypt would need the correct password.

And that's not all. You go further still, by adding PGP encryption into the mix too, meaning the message can only be read by a specific recipient.

USE CASES

The output from this script is a little too long for some social networking sites like Twitter, but you could include pastebin or twitlonger type links when you're communicating, so outsiders would have no idea what's happening.

I think it would also work well for private messaging on reddit etc, perhaps even in the comments on subreddits where the mods know what's going on.

The script also has an option to format the output like an email. When you combine that with the extra PGP encrypted message step, it gives you an option to send secure private messages on any email service.

KEYBASE

The thing that ties this all together is Keybase, allowing you to look up people, and find their verified email address, public key, and social media accounts.

The public profiles also contain two extra fields - an about you section, and one for you location. These could be used to store a link to your current corpus source, perhaps a large text file from archive.org or even a long html page, and the other could store your current decryption password for public posts.

You could change these as often as you like, meaning unless someone was actively tracking your profile and messages, then your message history would remain private.

Decentralized protocols like Identifi could eventually fill this role too in the future, so you wouldn't have to rely on a centralized website.

https://github.com/identifi/identifi

And there's always the option to use no external service, if you and the recipients have pre-arranged your corpus source and keys. This would be the most secure, and untraceable.

USER EXPERIENCE

This process is a little complicated and involved, but what if it could be streamlined? A browser extension could perform these tasks at the click of a button, although the browser might not be the most secure method.

Another option would be a background process that runs on your system, which can encrypt and decrypt any selected text, with certain key combinations.

CONCLUSION

I think this kind of thing is a stopgap solution. Ideally, all these services would be decentralized and encrypted as standard, but that's not the world we currently live in.

This method does, however, give you a way to keep using the vast infrastructure of existing services, without the massive downside of your data being automatically mined and spied on. What do you think?

--
BY NODE