[liberationtech] security issues around country-specific training/advice sites?

Sat Mar 3 13:37:40 PST 2012

Hi all,

So I've been asked recently about how one might provide information that is
widely accessible to individuals in repressive countries.

I see the first issue being: creating a *unique* site for
activists/journalists/citizens to acquire information that is necessary for
opposition creates a one-stop target for the intelligence of said country,
they have only to discover whom is accessing the site in order to find a
list of targets.

I see a few options:

1. create a .onion site that is only accessible within Tor
2. create a facebook page that offers information and an email address one
can contact (at least this offers the plausible-deniability out that they
are accessing facebook, however i'm guessing its not much better than a
unique site, since it will still provide a clear domain path, however it
can be accessed primarily via HTTPS which, as we know, offers only a
modicum of protection, depending on many factors.
3. create a public READ-ONLY google document that can be accessed
anonymously by anyone with the link, distribute the link via social media.

Obviously #1 is the best option. However its also slightly esoteric and
doesn't align with standard internet-use practices. Are there any other
options I should be considering here? #2 and 3 are fairly similar, though
#3 offers an additional potential of "anonymity." However all of these
options necessitate some prior information to truly access them
successfully (only access via a trusted VPN, or Tor, use a public computer
that is not traceable to you, etc) and this limits the potential impact
while greatly increasing the risk, since the idea is that this should be a
site for those who know they need help but don't know much about what help
they need.

Is there anyway to make a site that proffers advice and provides a contact
email (as well as advice about how to more safely contact said email)? I'm
guessing there's really little that can be done to limit the potential
visibility of visitors to the site other than keeping no IP logs, however
the ISP may still have them, etc.

thanks in advance

Brian

PS you can certainly respond to me via my PGP key located below.

-- 

Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley

public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCEEF938A1DBDD587<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120303/c618f9cd/attachment.html>