Iranians can use WASTE for local secure encrypted networks

Discussion in 'Keeping Your Anonymity In Iran' started by Unregistered, Jun 24, 2009.

  1. I recommend everyone to take a look at WASTE, a nice program originally made by NULLSOFT.

    WASTE Documentation: WASTE Documentation and FAQ

    WASTE Download: WASTE: Files

    It looks like WASTE can be a very useful tool for Iranians inside Iran (and outside) to create small private encrypted networks where they can be able to exchange files and information (also chat and messaging).

    Highlighted Features of WASTE:

    An independent decentralized WAN
    WASTE doesn't depend upon one singular centralized host server/client as it is designed to have multiple WASTE clients that allow people to connect to them in order to make a strong P2P mesh network. WASTE is a dynamic software package that can keep track of new clients; after you trade public keys with some one a new connection will be created between you. Then their IP-address will stay in your connections for a quick reconnection.

    It is private
    WASTE keeps the private network private by only allowing connections between known users, and by using strong encryption to secure those links.

    All of the user connections are visible and you have complete control
    over their actions: such as the banning of their connection address so that they may not connect to you. For an added layer of security use a common network name and even those that have your IP and public key will not be able to see you.

    It is secure
    As every user has a private and public key, every user is unique
    thus allow for encrypted exchanges: encrypted chat and encrypted transfers.

    Before you run off to worry about your encryption key sizes, keep in mind that it's typically easier to break in and recover a private key than it is to crack/factor it. So be sure to keep your keys safe and your systems secure!

    It has a tough 1,536bit Key
    Some cryptography experts think 1,024-bit keys are too weak for certain kinds of sensitive data like root certificates of an organization's certificate authority or public key infrastructure, for instance. If Moore's Law holds true, it won't be long (perhaps three or four years) before we see 8-GHz Pentium VI machines, increasing the odds of implementing high-speed number crunchers. So we should be quite all right for some time with 1,536bit keys. The only ones you should have anything to worry about would be some form of government agency, the people that have the $$$ and computer power to come even close to cracking such a key. Just dont do anything terrorist like or pirate and they wont give a shit what documents/accounting/video production your sending.

    It has basic chat & messaging
    Instant Messaging allows users to communicate with other users on a private WASTE network in much the same way as when using AIM/ICQ/etc.Group chat allows two or more users to chat on a WASTE network in much the same way as when using AIM/ICQ/IRC/etc.
  2. It may even be possible to "torrify" WASTE, that is running it inside Tor network, but I have not tried this. Guides on "torrifying" other programs to use Tor network is probably to be found on the Tor Project side itself. Tor: anonymity online
  3. Just discovered that WASTE also can be run on an encrypted USB drive. This is good, as then both the program and its private and public keys can be hidden inside the encrypted container in the USB drive, so if you loose your USB drive or someone take it from you, then they are not able to figure out what software or information you have stored on it.

    To make WASTE a portable app, do this:

    First, install it on your local computer, but DO NOT run the configuration wizard. Just close the program after installation, at the stage when the configuration wizard pops up, do NOT type in anything in that configuration wizard, just close the program down.

    The brows to C:\Program Files\ in your local computer and copy the whole WASTE folder and place it inside your encrypted USB file container. Next thing you can do is uninstall the program from your local computer.

    Then, next time you run the program from your USB drive, it will start the configuration wizard automatically. Create your nickname and create a network, keys and stuff.
  4. Puzzles me a bit that this thread has not gotten any attention or comments. It may look like most people underestimate this little program.

    WASTE is GENIOUS in its design, very powerful, it is free, it is small and easy to distribute, and it is opensource (sourcecode available), thus any paranoid can take a look at the code and compile it oneself if one does not trust the precompiled exe.

    If I were member of some opposition group, and had to fight for my freedom, I would spread this program like wildfire to every person I could trust, and teach them how to use it.

    This program is perfect for distribution and exchange of information in small local groups of people, and having several small groups connected to each other by leaders in each group. Very effective and secure for organizing resistance and protest events, smuggle information in and out of borders, distributing links to foreign websites witch provide help and support. It is very "anonymous" in its nature by the fact it is old and very little known and not mentioned in the press. It is not sentralized and thus can not be blocked like skype, yahoo, gmail, facebook and others.

    It is a perfect tool for working in the shadows, low profile and EFFECTIVE!

    Really hope someone will see the power of this little program. It will for sure be helpful for those who fight for freedom inside Iran.

    Just spend an hour to learn the program, test it out with a close friend, and you will see its power :)
  5. wagner painted

    The main (little) challenge with this program, is if you have a dynamic IP. Then it will probably be needed for you to sign up for some free DNS services, like or
    so your friends in the network can find you when they want to communicate with you inside WASTE.

    I am not sure if using a dyndns will pose a risk for those using it, but I am sure many internet-gurus here will be able to analyze such risk.

    Beside of this little challenge, the program must be perfect for the job, at least for those who have static ip
  6. Let's bump this bitch like a motherfucker then.
  7. Great, here is one idea for effective use:

    Over time, spread WASTE, set up networks and then organize future ACTION.
    When the time comes for the action to take place, spread the word using WASTE, from subnetwork to subnetwork to subnetwork, the message is received all over the country in a few minutes so well planned action can happen countrywide simultaniously on some opposition leaders command, and take authorities completely by surprise. Of course, for this to work one must make sure there are no rats in the networks, at least not among the network leaders, which ofcourse should keep some details secret until the last minute...THEN publish complete info and let it spread like wildfire using WASTE, streets all over the country are overcrowded in minutes...
  8. echo-IRAN Member

    Because it's a plug. You don't expect me to come home after my arms hurt because of stone throwing and have to read your wall of text? Just saying. GTFO
  9. Sorry, I don't understand what you mean by saying "it's a plug". Please feel free to elaborate using some understandable language.

    Beside of this, it's OK to be tired after stone throwing, but that should not make you think every single post in here is addressed to you personally. Most people in here are probably addressing their posts to this community, and not to you personally. So please don't feel that YOU have any responsibility to answer any and all posts in here.

    Get some sleep, it will probably do you good.
  10. Unnecessary bump.
  11. One of WASTE's most useful features: Generating garbage traffic.

    Set a low bandwidth limit, both upload and download.
    Turn on Saturation. This will generate continuous garbage traffic, bound within the set bandwidth limit.

    This will disguise the time that actual messages are sent, as there is a constant flow of worthless data the messages are hidden in, and when they are sent, no fluctuation in bandwidth occurs.
  12. Oh, and just for a little bit of history:

    WASTE was created by Justin Frankel, of nullsoft, the maker of Winamp, before AOL bought that company.

    WASTE was released as GPL for one day, before AOL had it pulled from their download servers. It has since spread, since AOL underestimated the internet and the power of open source.

    It's name is a reference to a book, The Crying of Lot 49, as an underground mail system.

    We Await Silent Tristero's Empire.

    You can use it to transfer files as well.

    Some other open source programs you may find useful:

    DIA: A diagramming tool:
    Dia - GNOME Live!
    Dia is easy to use, and can generate powerful graphics with ease, like floorplans.

    TRUECRYPT: An encryption tool:
    TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux
    Unbreakable encryption, without the passphrase. But do keep in mind, torture does tend to make you spill a passphrase much faster than bruteforce encryption key cracking.

    DICEWARE: A passphrase generation tool:
    Diceware Passphrase Home
    Using nothing more than a single six-sided dice, you can generate, AND REMEMBER long secure passphrases.

    And more information:

    Open Source Machine
    A multimachine 'machine shop' anyone can make out of some concrete, old engine blocks, and various easy to acquire bits. It can even be human powered, and can be built in such a way to manufacture a city manhole cover (!) and can be used to carry out all kinds of other machining.

    Use knowledge for good purposes.
    Freedom is earned like respect.
  13. echo-IRAN Member

    I think nobody's interested is because waste doesn't provide anonymity. There are plenty of easier ways to send secret things between a small network of people.
  14. echo

    I would not invite you to join, or hand over my WASTE-key to you unless I know you personally and trust you. WASTE is not a public network for anonymous people, WASTE is a network tool for people who know each others identity and trust eachother enough to exchange personal pubic keys so their can create internal encrypted networks.
  15. And you can make your connection "anonymous" by torify it, that is to use the Tor network to hide who is connected to the WASTE network. This is somewhat like having a VPN connection between A and B thrue the Tor network, with the major difference that in WASTE up to 50 people can be connected and communicate together simultaniously in each local WASTE network, exchanging files/information/chat.
  16. Garbage traffic is great for creating "SMOKE" :)

    Some years ago I got really pissed when I heard about the fact that various governments monitored internet traffic, and would "tag" anyone who sent encrypted email and put such persons under more or less surveilance. I immediately started to learn everything I could about encryption, joined an underground encryption group, and found my absolute favourite remailer encryption program, which was then a program named "Jack B Nymble".

    The one thing I liked best about Jack B Nymble was that you could configure it to send tons of garbage messages all day long, which I did. My idea was simple: If those governments was storing every encrypted message, then I should for sure help them get more work to do.

    This idea could be of some use for the iranians. But probably need to be thought of carefully. If every iranian protester with an internet connection start sending truckloads of encrypted garbage, then it could help create so much smoke that real communication will go unnoticed....just an idea.

    Hope there are more modern encryption programs than JB Nymble to do such work.
  17. echo-IRAN Member

    I have nothing against it but imagine looking for the manual of AAA's when being bombed.

    Why not just VPN? If they are blocked, any non-http traffic will be at risk too, or at risk of detection. TOR has hidden service, a ready to run browser and chat. Or, an email list and encryption. If a Waste group is infiltrated or detected, all will be wasted.
  18. echo, if iranian government cut off internet connection to the outside world, then no iranians can use Tor, but they can still use WASTE.

    I don't say everyone should use WASTE, I just suggest it as an additonal tool for communication, thats all. Diversity is good and make it more difficult for the iranian government to stop protesters exchanging information.
  19. echo-IRAN Member

    TOR is great for creating smoke by being a relay, you certainly get all sorts of garbage. By being an exit note, you have the license to anything without legal trouble in many countries.
  20. echo-IRAN Member

    In that case Apache http server (or any other simple servers) for windows. Use https, or just serve encrypted files.
  21. heidir Member

    I think this a very interesting thread, at least in theory, because one of the keys to warfare is secure communication, because you need it for organization ... I was wondering if such a system was possible just last night ...

    "attack him where he is not prepared, appear where you are not expected. These military devices, leading to victory, must not be divulged beforehand." Art of War

    Twittering about an upcoming demonstration warns the enemy and allows him to prepare. Indeed he may be laying a trap, creating the illusion that it is opposition laying the plans when in fact he is preparing a snare ;)
  22. Peer to peer wireless communication

    Wireless allows the connection of two computers using ad-hoc. With high gain antennas, communication over distances of kilometers is possible. The signal is difficult to intercept unless one is located in or very near the path.

    Make a Wireless Peer-to-Peer Connection
  23. Build your own secure wireless network

    ♠ Wireless Router & Repeater Kit

    802.11g Wireless Router & Repeater Kit

    The RadioLabs High power (250mW) Router/Repeater Kit is the most effective way to extend the range of your wireless network. With no additional external antennas you will be able to effectively double the range of your wireless network. Whether filling in dead spots or setting up a home/office wireless system the RadioLabs o2Link High Power Router/ Repeater kit is the way to go. With the addition of directional antennas you can set up a wireless bridge for even more range. Our wireless bridge kits (line-of-sight and non-line-of-sight) allow for a point-point installation for a distance of up to 5 miles. These are the same radios used in our bridge kits, so you can purchase this kit to make your own using any antennas RadioLabs offers.

    Each Wireless Router/Repeater kit includes one High Power O2Point Access point / Repeater and one O2Link Router / Repeater. The router connects directly to any broadband Cable or DSL modem through the WAN port. The two units are then put into dedicated WDS + AP mode for simultaneous Bridge and repeat.

    Wireless Security:

    The RadioLabs O2Link Repeater kit has a revolutionary WPA2 security mode. It will allow you to do a simultaneous Bridge, Repeat and WPA2, WPA, WEP or MAC address filtering. You can't get a higher secuirty level on your wireless system.

    Check out the high gain narrow beam antennas.
  24. Are you sure?

    I did not poke around on your site. Do you offer expert level documentation on how to get that level of security you speak of? How you you suggest nonexperts set it up? They are not setting it up in their backyards. It looks like tools are available for cracking those protocols all over the place?

    Failure in Iran, China, Burma, etc., means torture, then death. Are you sure about your system or are you just plugging it here because you need a sale? Maybe the folks whose life depends upon the security you claim will kill you if it fails.

    WPA2 crack - Google Search

    There is "something" about "Anonymous" that draws in all sorts of people, many with no skills to this and other related Anonymous discussion boards. Systems and technologies are at times untried, unproven, and discussions are juvenile.

    I would suggest that anyone willing to risk their life on any of these technologies to NOT implement in haste.
  25. Waste encrypts the data stream, which is then encrypted by WPA2.

    This was not a plug, just trying to give people ideas. Iran has a lot of very intelligent people who can figure out the risk of using a given technology.

    Using technology without operational security will eventually lead to compromise.

    Trust no one.
  26. iknowpersian Member

    it seems that waste is great, but...can it be used as Internet tunnel?
    I mean, can I install it and send traffic through it, so my friends in iran can have access to not filtered internet?!
  27. No chain is stronger than its weakest link.

    The weak link here is the portion of the Internet controlled by the Government of Iran. One must assume that all traffic is monitored and that encrypted traffic will send up a flag to the intelligence services for scrutiny. Your friends would probably get a visit from the authorities, demanding to know what they were up to.

    Waste is best suited for a stand-alone network separate from the government-controlled communication services. Anything that transits normal communications services, be it phone, Internet, SMS or whatever, is most likely monitored.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins