• avi

    Anonymous Communications

    Anonymity is hard. One f**k up and the game is up. The art of remaining anonymous is constantly evolving and what works one day may not work the next. There are very few people that know *all* of the ways communications are monitored and how to protect your privacy. There are however some best practices that you must use in order to give yourself the best chance.

    BM via torbrowser

    The yet simplest way to use the BitMessage P2P is by using:
    Therein one can send & receive BM, but neither join chan nor subscribe broadcast. This gives you the security of both torbrowser and Bitmessage. If you register a mailinator or yopmail throw-away-address there are no loose ends. However, the hoster of bitmsg.me is now a single point of failure / attack and the hoster can spy on their customers. So encrypt your BM's, don't type in plaintext BMs. In case of shutdown you can fallback to the native BM client (have some keys prepared even before failure). So bitmsg.me is an easy to handle infrastructure for encrypted messaging (exchange your pub keys outside of it though). It avoids traditional e-mail analysis by NSA. To step up security, use the native PyBitmessage client.

    Anonymous Email

    Low-grade anonymous email cannot effectively be achieved by using a mainstream email provider. Yahoo and Hotmail services will append your IP to the mail headers. So be absolutely sure to never send any messages (or even log in) without using Tor.
    Worse still, Google and other mainstream webmail services typically offer other services that "conveniently" allow you to share the same account/cookie between them. Cookies can grab your MAC address on your network interface, GeoIP locate your exact address, and keep a log of all actions ever made with that MAC address.
    Of course you need to be careful with things like entering your street address/zip code into their corresponding mapping services, or for that matter, ever using a yellow pages. Careful and judicious use of various cookie control mechanisms or throwaway computing is required. It is also rumored that hotmail will pull your browser time info and place it on emails, thus narrowing your geographical location.
    As the final nail in the coffin against Google and company, these providers scan in real time each and every email ever received to your account in storage for advertising classification and government agencies. Every you have thought you had deleted can be obtained in a court order.
    Your last option for anonymous mail is to use a proper mix network. However, these networks require a good deal of configuration and setup to join, and once you do, they are only one way. There are two main anonymous remailer networks in existence, MixMaster and MixMinion MixMinion is designed to succeed MixMaster, but it is still in development and thus has debug logs, etc in place that can be confiscated and used to betray anonymity. There are web gateways available to use, but again they are only one way. Note, however, that the last mixminion release was in 2007 and the last mixmaster release was in 2008. The project lead of mixminion says that it is "mostly dead" .
    It is also possible to set up a return path, or Nym through certain mix networks. Hushmail provides nym service as part of their paid accounts, and Panta Rhei maintains a list of NymServers as well. As of 2011/08/13, www.panta-rhei.eu.org does not resolve and panta-rhei-eu.org has no whois entry. It appears that nym.mixmin.net is up as of 2011/08/13.
    If you only need a throwaway email address for or for signing up for a google groups or other forum account, you can use Mailinator.com, dodgeit.com or pookmail.com. Note that these temporary mailboxes have no passwords. Also don't forget to use Tor or some other IP obfuscater
    Note
    If you use a webmail account, you should expect that your email is NOT PRIVATE. According to the ECPA (see also), after 180 days it becomes possible to demand email from a server without a warrant, and for non-criminal matters. This means all that has to happen is a civil attorney decides they want to see your email because they might have a reason to sue you, so they write a subpoena demanding all email older than 180 days from your provider, and it is theirs.
    A few interesting anonymity/privacy mailing services have also arisen lately because of this loophole. StealthMessage, Self Destructing Email and MailJedi all provide "self-destruct" capabilities for email, so that you don't have to worry about messages you send sitting in someone's inbox to be discovered later. StealthMessage for some reason does not work for me, however. It also requires Javascript and is pretty clunky.
    Once again, I would not rely on any of these services to actually destroy your mail or otherwise keep it private, especially in the case of subpoena, National Security Letter, or coercive tactics. If you need this level of assurance, you must manage your own GPG key using a front end or plugin to your mail client.
    Question: What about Tor Mail? The operators of TorMail are anonymous and should *not* be trusted with your private messages. There are allegations online that TorMail is run by the Russian government, use proper methods (throw away addresses and throw away GPG keys) for safety measures.

    Posting to Usenet

    For the benefit of the unwashed: Usenet is a massive collection of discussion groups spanning all sorts of topics. Just about any type of discussion you might imagine takes place on Usenet, and you can browse and search all posts ever made via google. There's just one problem. You can browse and search all posts ever made via google. This means that if you ever post something to Usenet, it remains there. Forever. Thus anonymity is highly desirable.
    Posting to Usenet is actually easier than writing anonymous email, because you don't have to set up the return path. In this case, you can simply use a Mixmaster web interface (see also) or some other remailer (use Tor) and send mail to one of the mail2news gateways. You can then view your results on Google Groups or one of any number of public NNTP servers.
    To post a reply to a given post, you need to enter an "In-Reply-To: <MessageId>" header line with the Message ID of the message you would like to reply to (in addition to the usual "Re:" subject prefix). You can find a message's ID via google groups by clicking on "Options" and then "Show Original". Since it's relatively easy to screw this up, please practice this in misc.test or alt.test before posting to real groups.
    Unfortunately, many newsgroups are unavailable via the mail2news gateways. To post to these groups, you will either have to create a google account (which is problematic due to a universal cookie google creates discussed previously), or sign up to a commercial Usenet provider and pay via Money order. If you plan on signing up to a commercial usenet provider, you should ensure that they enable web access, because there are few Tor exit servers that will allow you to access the NNTP (Usenet) port. Some examples that may meet your needs include Usenet.com, NewsFeeds.com, NewsGroups.com, Binaries.net, and MegaNetNews.com. Be sure to avoid the temptation of using the same account for anonymous posting as you use for downloading warez/movies/etc from the binaries groups, since most likely you will be unable to do the latter over Tor.
    Also be aware that there are two limitations with google's news server. The first is that google.com keeps a cookie that tracks which groups you have visited. This cookie persists for multiple sessions and is potentially shared with their main search page, and every other google service. It's not too much of a stretch for them to also track IPs that have used that cookie as well (or worse, save info about map queries), meaning that if you forget to use Tor and access google groups, or any google service, they can potentially correlate your interest in one particular anonymous post to your IP via the cookie that was used both times. The solution is to either use a bootable CD for this sort of work, or be diligent about purging cookies. The same goes for posting to web forums.
    The second issue with google groups is that some people configure their clients to append an X-No-Archive header, which prevents google from keeping the post on its servers. This means you may be unable to see replies unless you use a public NNTP server, especially in some privacy conscious newsgroups.

    IRC/Instant Messaging

    If you need to talk to a bunch of people quicker than Usenet allows, or wish to meet with a particular person anonymously, then IRC is probably your best bet. You most likely want to avoid Instant Messaging, since it is too easy for a third party to profile your social network. Furthermore some IM networks enable you to put in an alias for your friends. Many people will just set this as your real name. The problem with this is that it is transmitted to the IM server, which means all that has to happen is for anyone who knows your real identity to set an alias, and bingo, your real name has been revealed.

    Choosing an IRC Client

    For Linux and Windows IRC clients, I recommend Gaim / Pidgin. Veterans may balk at my choice, but Gaim / Pidgin is nice for a few reasons:
    1. It supports OTR and Gaim Encryption
      OTR and Gaim Encryption are person-to-person encryption methods. This is useful when you need to be on an IRC server that you can't trust. Gaim Encryption works a lot better as far as enabling itself automatically, but it tends to be worse off at handling two locations for the same buddy than OTR is. Both of them have the nasty property of getting confused when either you or your buddy use different clients (like at work and at home, for example), but OTR is easier to reset.
    2. It supports Tor hidden services
      Gaim speaks SOCKS5, which means you can use any of the Tor hidden service IRC servers. You can either set a global SOCKS5 server under Preferences->Network, or you can set it per account that you add, under "Show More Settings".
    3. It doesn't respond to CTCP TIME
      CTCP TIME is a request you give to a client to ask it what time it thinks it is. This can reveal your timezone and thus general geographic location. In general, when discussing time or planning meetings with people, you should give the time in UTC, to be both considerate of their timezone being different than yours, and to avoid giving your location away.
    A close second to Gaim is X-Chat, which is available for Linux, Windows, and Mac OS. X-Chat doesn't support OTR or client-based encryption, but it does support IRC over SSL, where as Gaim currently does not. X-Chat supports SOCKS5, so hidden services should be accessible. X-Chat WILL respond to CTCP TIME, but it has a convenient menu option that allows you to edit it (hidden under Settings->Lists.. CTCP Replies).
    Also for Mac OS, Adium does support OTR, but most likely won't support IRC until the v1.5 milestone for group chat is reached.
    Diehard command line users can use irssi or any other client with tsocks (that version supports hidden services!), but they should remember to do /ignore * CTCPS and /ignore * DCC to block CTCP and DCC as well. irssi can also be configured to use privoxy as an http proxy directly without the need for tsocks. Note that for this to work, you need to dig through the privoxy default.action config file to change the limit-connect line to be +limit-connect{1-} (to instruct privoxy that it is OK to forward non-web ports).
    Note
    Both Gaim and X-Chat WILL send both your username and your hostname to the IRC server by default. Both can be configured to send a different username, however. X-Chat's config is right in the server list menu, where as Gaim's is under "Show More Options.." in the preferences for the account. I'm not sure how to solve the hostname problem, short of running hostname foo as root on Unix, or editing the source. Hopefully you followed the advice above about not naming your machine after your self or your street address.
    Also, you want to make sure your IRC client never responds to DCC file transfers or chats automatically. A DCC connection is a direct connection over the Internet to your IRC client. Naturally, this will give away your IP address. Gaim typically will ask you if you want to accept the connection, where as X-Chat users will need to enter /ignore * DCC.

    Choosing an IRC Network

    Unfortunately, a few of the major IRC networks, have been abused by script kiddies to the point where they had to ban Tor. Brain dead solution if you ask me (what's wrong with an email-confirmed NickServ?), but when you're dealing with monkeys fighting monkeys, what can you expect but that they hurl shit at each other. Unfortunately, legitimate folks in need of anonymous communication get caught in the crossfire. However, if you need to get on to either of these networks, you can try to use a regular open proxy, or for stronger anonymity you can try to bounce off one of these proxies after Tor, and/or bounce off a UNIX shell.
    If you use X-Chat, you can conveniently choose a network from the "Server List" menu. Otherwise, pick a network from that site and go to its website for a server list.
    You can also pick one of the hidden service servers listed on the Hidden Wiki. I'm a fan of the OFTC site, because it also has a public interface so that non-tor users can still talk with you.

    Creating Web Content

    On the Public Web

    If being on the "real web" is your goal, there is at least one hosting provider that will accept Bitcoin or Liberty Reserve, and will register your domain and provide anonymous hosting for you. Alternatively, by using a combination of money orders and other physical interaction techniques, it may be possible to achieve the same end from cheaper hosting providers who do not explicitly offer anonymous service.
    However, if you are hosting content that may anger a large US corporation or otherwise could be construed to violate US law (even if you believe you are doing something completely legal, the First Amendment is no protection against lawsuits from a company with far more dollars than sense), you are best served by finding hosting in another country.
    A search for offshore hosting yields several hits. Incidentally, you should verify that any offshore hosting provider you go with is actually offshore, especially if you are seeking offshore hosting to escape censorship (some companies provide offshore hosting, but are in fact incorporated in the US, making them subject to DMCA takedowns and the like). The best way to verify this is to query their domain name via whois and their IP address via ARIN.
    Yet another option you might consider using to add an extra layer of obfuscation is to get an account with one of the aforementioned OpenVPN providers. You can then host your website at any physical location you choose, independent of the server IP address. Note that it won't take much work for someone who can monitor traffic at the server to determine your source IP, so this technique should only be used in combination with an anonymous co-location account above if true anonymity is required. And then at this point all you buy yourself is a little advance warning when the VPN service shuts you down before the Colo provider does.
    Another interesting (but ultimately not very effective) option is to take a page from the spammer's book, and combine a VPN solution with some ARP wizardry. This only buys you minimal anonymity though. It is probably only a matter of hours before jack disconnection trial and error at the ISP reveals the real destination of the packets. But an interesting technique nonetheless.
    If you are dead-set on using OpenVPN, one possibility is to connect to your OpenVPN provider over Tor or HTTP proxy, allowing you to host content as if your IP was at the OpenVPN provider's network, yet your server is at some other anonymous location concealed by the Tor network. This process is only slightly more complicated than setting up OpenVPN by itself, although the resulting connection will most likely be neither speedy nor stable.

    Over Tor

    To serve content on the Tor network, you have to set up your own web server and configure a tor hidden service. When you start tor, it should print where it expects to find a torrc and that one doesn't exist. Copy torrc.sample to this location, and uncomment the HiddenServiceDir and HiddenServicePort options. HiddenServiceDir should be an empty directory. The first time you start tor after this modification has been made, two files will be created in this directory. The hostname file will contain your hidden service name.
    Once your service is configured, you will need to set up Apache. If you run a Linux box, doing this should be pretty straight forward. There is some Windows documentation for it as well.
    After your hidden service is configured, it should be available to anyone who uses Tor via the .onion hostname, and also via the proxy gateway at serifos. This means if you link to your hidden service from the hidden wiki, it should be searchable via google.
    When running a hidden service, you have two major threats: Intersection attacks, and predecessor attacks. Intersection attacks narrow in on your identity by using ("intersecting") various characteristics deduced from your uptime, update frequency, web server version information, etc. The most dangerous type of intersection attack applies if you run a Tor node on the same machine as your hidden service. In this case, it is possible for an attacker to record uptime/reachability of all Tor nodes in the database, and find the node that most closely matches the reachability history of your hidden service. If you want to run a Tor node, it is best not to run it on the same machine as your hidden service.
    Predecessor attacks are most applicable if you are not running a Tor node. Essentially the adversary will make repeated requests to your hidden service in some detectable timing pattern, and attempt to correlate this with how often one of their malicious Tor nodes is used to create a new circuit and sends this timing signature of encrypted cells. Given the number of users on the Tor network, this attack is probably very difficult to mount effectively (though it supposedly has been done). It can be mitigated by choosing trustworthy entry nodes from the Tor Node Status page for use in an EntryNodes nick1,nick2,nick3 directive in your torrc (also, remember to set StrictEntryNodes 1). The torrc option EntryGuards can be used to simulate this effect, but it is not as reliable as explicitly picking trusted nodes. The two can be used in combination, however.
    You might also want to take the extra step to only allow SSL connections to your service. This may be excessively paranoid, since there is end-to-end encryption for hidden services, but nonetheless it may be desired to provide another layer of authentication of the hidden service itself. To do this, you will need to install and configure mod_ssl, and generate a self-signed certificate with the Common Name being the same as your .onion hostname.

    Over I2P

    I2P calls a hidden service an "eepsite" and is very similar to a Tor hidden service, except they have a web console that allows you to create the public key. This HOWTO walks you through using that web interface, and this forum post then gives you the relevant vhost section to add to your Apache http.conf.
    Once you are set up, you should post your key to the i2p forum (use either Tor or I2P).
    Note that I2P has its own set of possible vulnerabilities. I personally regard I2P eepsites as less safe than Tor hidden services, at least currently. Their network has much fewer users, and its distributed node directory makes it vulnerable to partitioning attacks that can gradually narrow in on eepsite hosters. I2P also does not support the ability to choose your trusted peers (ie the EntryNodes option in Tor) or to not be listed in the node directory. Supposedly these features are planned eventually, but I wouldn't recommend hosting extremely sensitive material on I2P until they are implemented.

    Apache Tidbits

    There are a few Apache config file tags you should make sure are set to reasonable values. These include ServerAdmin, ServerTokens Prod, ServerSignature Off, and for Tor/I2P, make sure all your virtualhosts bind to localhost. Also, you will probably want to disable modification time reporting if you allow access to directories without index.html files, since this can be used to narrow in on your location. IndexOptions IgnoreClient SuppressLastModified will do this. Note that HTTP/1.1 HEAD requests will still reveal modification time, but these times are given in GMT.
    It should also be noted that for both I2P and Tor, any vulnerabilities in your web server/web applications are direct threats to your anonymity. All an attacker needs is a way to execute ifconfig through your cgi scripts, and your anonymity is gone. So take great care to secure your website if you are going the I2P or Tor route.

    Anonymous Blogging

    For those who don't really want a full website, but instead a forum to post information, setting up a blog account is a good alternative. Typically all that is involved is creating an email address, and then creating an account at a blog provider such as Blogger or LiveJournal.
    Blogger seems to not display the signup link unless you have javascript enabled, which is annoying if you use NoScript. However, the rest of posting functionality, etc seems to be just fine without Javascript, which is comforting, especially when reading comments to your entries. Also, they don't require the email address to be valid, which is a plus.
    Invisiblog is also a potential place to host your blog as well, though it is considerably more involved than Blogger.com or LiveJournal. The anonymity comes from the fact that you post via the MixMaster anonymous remailer network. However, in my opinion, this service has three pretty sizable problems:
    1. You have to use Tor anyway
      As they mention numerous times in their docs and FAQ, you should not make a habit of visiting your blog to check if posts arrive, since your IP would thus show up more often than anyone else's, especially for new posts/a new blog. In my opinion, you should not access your blog unprotected at all, because any hits without a refurl indicate that that visitor is either a regular or a maintainer.
    2. They do not allow web-based remailer gateways
      This is a major stumbling block. Mixmaster is really difficult to set up for your average user, at least compared to Tor. I'm not quite sure why they ban web based remailers. Perhaps they are not aware that people can access them through anonymous means.
    3. The URLs are cryptic and hard to communicate
      I realize it probably was easier to just take the GPG key ID as a unique ID than to allow users to try to pick a unique title and handle rejection of duplicates, but this is a barrier to communicating the URL effectively.
    I should also mention that the EFF has published some information about anonymous blogging. All of the anonymity stuff is covered in this HOWTO, of course, but they also give some legal information that may be of use to you.
    Note
    Blogging in general is seeing increased mixing with social network software. As such, you need to be especially careful about your Social Network and your audience of your blog. If most of the people who end up viewing and posting to your "anonymous" blog are your friends, family and coworkers, you don't really have any anonymity.

    Document Metadata

    Many document formats conveniently embed personally identifying attributes called metadata,and this data is analyzed by companies like Google and Facebook when you upload them. This can be problematic to whistle blowers who need to produce/deliver incriminating memos and photos to journalists, and also to academic researchers who wish to electronically publish their work anonymously. For image files, search for "delete Exif data" for applications that can do this for you.

    Microsoft Office

    • Do Not Use MS Products*
    Microsoft Office embeds your name, machine name, initials, company name, and revision information in documents that you create.
    According to Microsoft's knowledge base article on the Metadata, the best way to remove all personal metadata from a document is to go to Tools | Options | Security Tab | "Remove personal information from this file on save". Be warned that this does NOT remove hidden text and comment text that may have been added, but those tasks are also covered in that article.
    Microsoft also provides the Remove Hidden Data Tool that apparently accomplishes those same functions but from outside of Microsoft Office.
    This NSA Guide to sanitizing documents might also be of some interest, but I think the Microsoft KB articles cover the info better and in more depth.

    LibreOffice/OpenOffice

    By default, users of LibreOffice/OpenOffice are not safe either. Both of these programs will save personal information in XML markup at the top of documents. It can be removed by going to File | Properties and unchecking "Apply User Data", and also clicking on "Delete". Unfortunately it does not remove creation and modification times. It's not clear how to do this without editing the file raw in a plain text editor such as notepad.

    Document DRM

    Document DRM can come in all shapes and sizes, mostly with the intent to restrict who can view a document and how many times they can view or print it (in some cases even keeping track of everyone who has handled a document). For whistleblowers who need to circumvent DRM to distribute a document, the most universal approach is to use the "Print Screen" key to take a screenshot of your desktop with each page of the document and paste each screenshot into Windows Paint and save it. Some DRM software will attempt to prevent this behavior. This can be circumvented by installing the 30 day trial of the product VMWare Workstation and installing a copy of Windows and the DRM reader onto it. You can then happily take screenshots using VMWare's "Capture Screen" or even the "Capture Movie" feature, and the DRM software will be none the wiser. With a little image cropping, you can produce a series of images that can be distributed or printed freely.
    The VMWare approach may be problematic for DRM that relies on a TPM chip. The current versions of VMWare neither emulate nor provide pass-through access to the TPM. However, TPM-based DRM systems are still in the prototype stage, and since it is possible to emulate and virtualize a TPM, it should only be a matter of time before some form of support is available in VMWare.
    Depending on the DRM software itself, cracks may also be available to make this process much more expedient. Casual searching doesn't turn up much, most likely due the relative novelty (and public scarcity) of document-oriented DRM. Note that when doing your own google searching for this type of material, be sure to check the bottom of the page for notices of DMCA 512 takedowns censoring search results. It is usually possible to recover URLs from chillingeffects' C&D postings. That, or use a google interface from another country such as Germany.

    Image Metadata

    Metadata automatically recorded by digital cameras and photo editing utilities may also be problematic for anonymity. There are three main formats for image metadata: EXIF, IPTC, and XMP. Each format has several fields that should be removed from any image produced by a photographer or depicting a subject who requires anonymity. Fields such as camera model and serial numbers, owner names, locations, date, time and timezone information are all directly detrimental to anonymity. In fact, there is even a metadata spec for encoding GPS data in images. Camera equipped cell phones with GPS units installed for E911 purposes could conceivably add GPS tags automatically to pictures.
    The WikiMedia Commons contains a page with information on programs capable of editing this data for each OS. My preferred method is to use the perl program ExifTool, which can strip all metadata from an image with a single command: exiftool -All= image.jpg. MacOS and Linux users should be able to download and run the exiftool program without any fuss(for Ubuntu install package libimage-exiftool-perl). Windows users will have to install ActivePerl and run perl exiftool -All= image.jpg instead. Running exiftool without the -All= switch will display existing metadata. The -U switch will show raw tags that the tool does not yet fully understand. As far as I can tell, the -All= switch is in fact able remove tags that the tool does not fully understand.
    Another easy way to remove all metadata from an image it to open it in MS Paint, copy it, and paste it into another copy of paint. The Windows clipboard only copies the raw pixels and leaves the metadata behind.

    Bit Torrents/P2P apps

    Over Tor

    A few different Bit Torrent programs are beginning to support routing tracker (and data) traffic over Tor. This HOWTO describes doing so using Azureus. However, PLEASE DO NOT ROUTE DATA TRAFFIC OVER TOR. The Tor network is still small, and cannot support the additional strain. At some point in the future, Tor may implement some form of load balancing to support bulk traffic, but this has not happened yet. So please be polite and only send tracker traffic over the Tor net. FIXME: That HOWTO is pretty bad. Find/write a better one.
    This means that you should only really follow the instructions in Section 4.1. The instructions are a little confusing, but basically you want to edit your preferences to tell Azureus that your tracker server's external IP is your .onion address from Tor. So long as the port here matches the public port in your tor hidden service config, you should then be able to give people the .onion address. If they set up Azureus to use tor to proxy tracker data (NOT TORRENT DATA), they should be able to connect to your torrent.
    Be aware, however, that it is still possible for the MPAA to connect to your torrent through tor, and then watch the IP addresses of where data is coming from. However, it remains to be seen if they will actually put the effort forth to do this for every torrent everywhere.

    Over I2P

    Unlike Tor, the I2P network is designed to handle client bittorrent traffic running over it, and thus providing maximum anonymity (at the expense of roughly 1/3 the bandwidth efficiency).
    Once you're connected to I2P, you can use search.i2p and orion.i2p to track down torrents. Be sure to contribute and create your own torrents when possible.
    Incidentally, an anonymous I2P hacker has altered the Java-based gnutella filesharing program Phex in order to make it run entirely over I2P. I2PHex can be found on the I2P forum.
    FIXME: At some point make a new section dedicated to comparing/contrasting WASTE, MUTE, I2PHex, DC++/Tor, GNUNet (which has the unbelievably idiotic property of case-sensitive searches) and other anonymous filesharing nets. Everything but I2PHex is broken right now though, so perhaps this is all that needs to be written. I2PHex actually works pretty well.

    Guerrilla Data Exchange

    If P2P doesn't provide a targeted enough distribution for you yet you do not wish to set up a full scale website, it is possible to exchange large files via data exchange services.
    So far, the best services I've found are badongo (1GB limit), verzend.be (1GB limit), and megashares (1.5GB limit). None of those require either login or javascript. Oxyshare (700M limit) also will provide an ftp account with free registration.
    Of course, all these services should only be accessed through Tor, and you should not trust them to keep your data confidential. If you wish to control distribution of your particular item, encrypting it symmetrically with GPG is your best bet. gpg -c will do symmetric password-based encryption from the command line, and GUI versions are also available. I would not rely on weaker encryption such as zipfile encryption, since it has been repeatedly broken in the past. However, a new, open zip format called 7-zip supports AES-256 encryption, and is probably more widely installed than GPG.
    For video content, both Google Video and YouTube are options. But again, use tor. The legal climate of the US is such that neither of these services are whistleblower-safe. Again, in the case of Google Video, you need to be especially careful about cookies (and subsequent correlation of search engine usage with your Video account).

    The Vector of Information

    When publishing information anonymously, the biggest threat you need to watch for is the vector of information. Every piece of information has a source and thus a path. The more people know about the source, the more likely your physical identity to be discovered as being a part of this path.
    For example, if you are one of a few people who should have had access to a given piece of data, then attempting to post it anonymously may be dangerous. Depending on the nature of the data, you may wish to either hold on to it while things 'cool down' (and other people might have a chance to come across it and also be implicated), or you may wish you disseminate it as rapidly as possible. If it is material of a nature where the source will seek legal action (or fire you), you may be better served by being patient to allow solid and circumstantial evidence to disintegrate, and/or covert enough to make proving anything impossible. However, if it is material that the source may be willing to kill for in order to keep secret, you should aim for as rapid and wide a distribution as possible, so as to take the heat off of you as soon as possible.
    Oftentimes many pieces of data or many publications can combine to form a more detailed profile of you than they could on their own. Consider the subset of people that would be able to publish information about corruption at your work, information about the networks at your former school, and also info on how to hack a regional wireless provider that has coffee shops near your home. Taken alone, any one of these topics could provide a comfortable cushion to keep you relatively safe from direct suspicion and scrutiny, but taken together, it is easy to see that even any two of them could point the finger directly at you. For this reason, if you are publishing a mix of topics, you may wish to serve each as a separate Tor hidden service or Usenet identity.
    Note that it is also possible to use machine learning and artificial intelligence techniques to determine if the same author has written two different documents. This means that if your life depends upon your anonymity, and it is likely that big government and/or very wealthy corporations will do anything to try to track you down over the long run, you are advised to attempt to alter your vocabulary and sentence structure (and possibly spelling) if you publish both anonymously and publicly. However, for most situations this level of paranoia is completely uncalled for. For example, it almost certainly won't hold up in court unless supporting evidence is provided.
    Of course, all of this paranoia about AI tracking you down is completely irrelevant if you do something stupid like post your Tor service URL to a mailinglist under your physical name, post an article on the public web or mailinglist and then also post it on your "anonymous" web site, or post a tarball full of sourcecode where all file ownership and CVS info contain your username. Use your head.
    One particularly easy mistake to make that I have come close to making once or twice myself is to be discussing a topic on IRC, Usenet, etc, and then turn around and discuss it as another identity on another forum or mailinglist, to a degree of detail that it is clear to someone who is also on both forums that the two identities are the same. Think twice, post once. ;)

    The Social Network

    The Social Network is The Man's favorite method of tracking you down. Everyone likes to impress their friends, but if you do so at the cost of revealing your pseudonym to them, you put yourself at risk. The Man (and more dangerously his paid informants) like to hang out on IRC networks and be regaled with tales of danger and intrigue. Be wary of people who seem over eager to hear about your exploits, and do NOT fall into the trap of feeling you need to "prove" yourself to anyone who challenges your credibility or skill. While it's fucking badass you hacked Paris Hilton's cellphone and the very Agents who were chasing you, you're gonna have to learn to be an unknown hero and not brag about it. It sucks, but it's better than jail. Learn to practice Zen and/or dose on some Ego destroying drugs, but keep your mouth shut. Try to take silent comfort in the fact that The Man had it coming. If you really must brag, create a brand-new nym and post to Usenet or something. Maybe drop some "accidental" clues that might lead an investigation down a blind alley while you're at it. But do be careful.
    The social network can also be used in more subtle ways, such as the fact that friends/relatives will tend to visit web content you publish without a referrer URL, since they most likely will receive the link directly from you. If they do not use Tor, their IP addresses can be harvested in this way, creating a trail that begins to single you out.
    Note that your pseudonym can also be revealed via Vector of Information. For example, if all you do is rant about conspiracy theory with your friends and coworkers, if you then go and publish information about these conspiracy theories anonymously on the web, if any of your coworkers happen to stumble upon your anonymous site, they are likely to be able to determine it is you. More seriously, any other information you publish on that site will also be attributable to you. For this reason, you may wish to use a variety of online personalities and publishing points. Doing this may be overkill, however, especially if you trust those who would recognize your material not to divulge your true identity to others. If jail time is involved (and sadly, it almost always is these days), trust no one.

    However, at the same time, note that a properly controlled social network can be an enormous benefit to your ability to conduct certain types of transactions. Especially if the members of the network never learn who you actually are or where you reside. Having a publicly accessible social network is unbelievably stupid, however. The key is you must develop some way to control access. This control is what keeps organized crime in existence, and it has the notable disadvantage of existing in the physical world.