Winston Smith Project

Last updated March 06, 2023

The Winston Smith Project (Italian : Progetto Winston Smith, or PWS) is an informational and operational project for the defence of human rights on the Internet and in the digital era.^[1] The project was started in 1999 as an anonymous association and it is characterised by the absence of a physical reference identity.

PWS aims to make users aware of the risks of violation of privacy on the Internet and threats to freedom of speech. PWS is engaged in spreading the informational tools and counter-censorship technologies that allow users to maintain confidentiality in their communications, anonymity in the network and freedom of expression.

PWS has generated and maintains the e-privacy, Big Brother Awards Italy, Privacy Box and Project 95% initiatives.

Objectives

PWS upholds the thesis that the Big Brother described in George Orwell's novel is gradually gaining form, passively and with silent acceptance by the people. It is gradually inserted into our lives through the false statement: "it is right to sacrifice one's privacy in exchange for greater security".

According to security experts such as Bruce Schneier, following events such as the SISMI-Telecom scandal, official bodies which monitor telecommunications are acquiring a de facto totalitarian power, whatever the official political situation. If the target is really to increase public security, the mere presence of monitoring agencies constitutes an element of insecurity.^{[ citation needed ]}

Because of the ignorance of citizens regarding security, official agencies push for an ever increasing situation which damages human rights.^{[ vague ]} PWS is engaged in spreading tools to protect users from such risk. Fortunately, those tools exist because the Internet is based upon open technologies.

Individual security can be achieved only by using preventive protection tools on private computers. It cannot be delegated to others such as Internet service providers.

PWS aims to increase the use of technologies such as data encryption and anonymity. This can be achieved by using programs written according to the guidelines of secure software, such as:

the software in use (including the operating system) must be an open system, allowing the user, if so inclined and capable, to verify its effective behaviour.
the cryptographic algorithms employed must be public. Only thus can the community perform a mathematical analysis (cryptanalysis) and a study of potential attacks, in order to achieve a continuous improvement.

If either of these conditions is missing, the software cannot be considered secure, as it is then based upon the concept of security through obscurity, which has never been proved a valid security paradigm. Events such as JAP,^[2] PGP 5.x and 6.x^[3] have shown the unreliability of this model.

To be consistent with the proposed technologies, the PWS website is not available on the Internet, but through Freenet, with the following key:

USK@RU-C2q5kN7K62WO3seMMjSTUY8izF2vCFyVFOnLf~Q0,wxvGO2QMT6IN9c7dNUhHeHnXVVwhq8YLbQL~DlMA7YE,AQACAAE/pws/3

A mirror is also available on the Internet to increase accessibility. ^[4]

To contact members of PWS conventional e-mail addresses are not used, but rather the nym alias ws@nym.panta-rhei.eu.org, whose PGP key is published on a keyserver.^[5]

Project resources

Anonymity in the network is guaranteed by the Mix-net technology, first studied by David Chaum in 1981. This technology requires that user resources be employed and shared in collaboration. The reciprocal sharing of resources through secure algorithms ensures that an attacker able to monitor the network passively (reading all traffic in all segments) or actively (generating arbitrary traffic) would be unable to discover the identities of individuals.

Software such as anonymous remailer, Tor and Freenet are based on these advanced concepts, and have evolved through the years.

The architecture of these networks is based on collaboration and availability of shared resources. As a start, groups of volunteers like PWS are making eight servers available, dedicated to the support of this network.^[6]

Law proposal

At the 2005 annual convention organized by Bileta,^[7] an association active since 1986 for the study of laws concerning the use of technology in Britain and Ireland, PWS presented a study concerning data retention.^[8]

Data retention is the automatic collection of network data in support of investigative bodies and law enforcement. Before several reforms concerning security, it was necessary in some jurisdictions to possess a mandate by a judicial authority before collecting data to be used in investigations. With the decentralization of technologies due to the spread of Internet, many private bodies have been invested with the responsibility for data collection.

Such automatic data collection of Internet traffic is possible using freely available software, such as Wireshark or tcpdump, originally conceived to aid network technicians in debugging and maintenance.

Collection of personal data is forbidden in the European Union according to the principle of freedom of secrecy of correspondence. For this reason a law proposal has been investigated to regulate the collection of log and backup data, which would define which data are to be considered sensitive, and allowing technicians to perform maintenance operations, but at the same time preventing the unauthorized access to personal data by external parties. This law proposal was presented to the Italian Parliament by deputy Maurizio Turco in 2006. This law proposal was not accepted. Instead, the validity of the current Italian Law Decree 144/2005, due to expire on 31 December 2007, has been extended in time, to continue allowing the collection of personal data with a view to combating international terrorism.

E-Privacy conference

PWS organizes the annual E-Privacy conference, which is the first such Italian conference concerning aspects of privacy in the network. Contributions are given by both technical and law experts. This conference has been held in the Palazzo Vecchio in Florence, with the exception of the 2002 edition, which was hosted at the University of Florence.

Each edition has had a main theme:

2002: E-privacy, confidentiality and individual rights in the network, opposing Big Brother in the third millennium Topics covered: Italian Law 675/1996, political trends to pass laws reducing freedom in the net, Freenet, PGP/GPG, anonymous remailer and steganography.
2003: Defending identity and freedom of expression against requests for more security Topics treated included: data retention, TCPA, analysing threat models to define a minimum personal security standard, digital signatures, cryptography as a basic user defence tool.
2004: Data retention and the right to oblivion Topics included: data retention, RFID, the right to delete sensitive data, surveillance as an answer to terrorism, anonymous peer-to-peer (P2P) networking, abuses of video surveillance, decentralized technologies.
2005: Data retention and privacy in the network: darknet was considered, as well as presenting the P-Box project, then Free software, civil responsibilities and privacy violations, the OpenPGP standard, a law proposal to regulate automatic data collection, Biometry.
2006: The main theme was not set. Topics discussed were: spyware, trusted computing, DRM, possible misuses of electronic voting, dangers to privacy caused by search engines.
2007: Social control and technocontrol. Topics included: VOIP, personal identity and digital identity, accessibility, the Tanga articles and IT incidents.

The 2008 conference was hypothesized to be held on the 9th and 10 May in the Palazzo Vecchio located in Florence.

"e-privacy" is also the name of a mailing list. Its e-mail address is e-privacy@firenze.linux.it, subscription is free and archives are publicly available online.^[9]

P-Box project

Anonymity technologies are based on collaborative groups of users who reciprocally choose to share their resources. These anonymous networks can be accessed even from devices with low computing power and low communications bandwidth. To help diffuse these technologies PWS has introduced P-Boxes^[10] (Privacy Boxes), which are small and simple devices to help protect privacy.

Three models have been developed:

P-Box Model I: a modified Xbox, with the Linux operating system, running standard services and the Mixminion remailer.
P-Box Model II: a PC Soekris 4501, with the Linux operating system, running Mixminion, TOR, Mixmaster and the Postfix mail server.
P-Box Model III: based on a Soekris 4801, it includes the same applications as model II. It can also be used as access point and includes the e-mail server protocols IMAP and POP3.

Big Brother Awards (Italian section)

Big Brother Awards (BBA) is an initiative of Privacy International with the motto "watching the watchman worldwide". PWS manages the polling and award assignation to the Italian bodies with the worst performance in the field of human rights. Several categories exist, according to the rights violation achieved:

Lifelong threat: the body or agency which has caused most damage to privacy throughout its existence.
Worst public agency: given to the public agency (government institution, public body, authority, etc.) which caused most damage to privacy in the current year.
Worst private enterprise: awarded to private or corporate institutions with the worst privacy record in the current year.
Most invasive technology: the technology with the worst impact on privacy.
Boot mouth: the "best" (most terrifying, ridiculous, erroneous, falsely tranquillizing) statement said or printed about privacy in the current year.
People's lament: who received most votes, also in different categories.

Project 95%

Project 95% (Ninety Five Percent – No False Privacy) is a project advocating awareness in Internet issues. The Internet was born as a free and decentralized network, but its most common use relies on a few centralized services. A blatant example is the number of users who are increasingly more dependent on webmail services such as Gmail, Hotmail and Yahoo! Mail. Even though there is an understandable tendency favouring ease of use, as the customers can access their services from disparate locations, the downside is the vast usage of profiling instruments on the part of free service providers, with the view of providing more targeted web marketing.

It is not PWS's intention to tag any specific commercial service as a danger to privacy, but to point out that a greater confidentiality can be achieved using individual mail servers, private webmail programs, privately owned domains.

This is perfectly achievable using freely available software and their configuration can be automated even for non technically competent users.

95% is the percentage of reliability of a home based server, connected to the Internet through a flat ADSL line, to demonstrate that it is not necessary to employ the offerings of centralized enterprises to obtain good services. Hence the NFP project, which informs on the technical possibilities that a modern computer can offer, to connect to the Internet fully and without undue effort on the part of the user.

The P-Box is an example of a technological answer to these necessities.

Related Research Articles

Freenet is a peer-to-peer platform for censorship-resistant, anonymous communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.

A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.

Mixmaster is a Type II anonymous remailer which sends messages in fixed-size packets and reorders them, preventing anyone watching the messages go in and out of remailers from tracing them. It is an implementation of a Chaumian Mix network.

An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are cypherpunk anonymous remailers, mixmaster anonymous remailers, and nym servers, among others, which differ in how they work, in the policies they adopt, and in the type of attack on the anonymity of e-mail they can resist. Remailing as discussed in this article applies to e-mails intended for particular recipients, not the general public. Anonymity in the latter case is more easily addressed by using any of several methods of anonymous publication.

A cypherpunk anonymous remailer is a Type I anonymous remailer that takes messages encrypted with PGP or GPG, or in some cases in plain text, and forwards them removing any identifying information from the header.

The Penet remailer was a pseudonymous remailer operated by Johan "Julf" Helsingius of Finland from 1993 to 1996. Its initial creation stemmed from an argument in a Finnish newsgroup over whether people should be required to tie their real name to their online communications. Julf believed that people should not—indeed, could not—be required to do so. In his own words:

A pseudonymous remailer or nym server, as opposed to an anonymous remailer, is an Internet software program designed to allow people to write pseudonymous messages on Usenet newsgroups and send pseudonymous email. Unlike purely anonymous remailers, it assigns its users a user name, and it keeps a database of instructions on how to return messages to the real user. These instructions usually involve the anonymous remailer network itself, thus protecting the true identity of the user.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

<span class="mw-page-title-main">Security-focused operating system</span> Operating systems, that are focused on anonymous, privacy and security.

This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security.

A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social networks, and anonymity proxy networks such as Tor via an anonymized series of connections.

Java Anon Proxy (JAP) also known as JonDonym, was a proxy system designed to allow browsing the Web with revocable pseudonymity. It was originally developed as part of a project of the Technische Universität Dresden, the Universität Regensburg and Privacy Commissioner of the state of Schleswig-Holstein. The client-software is written in the Java programming language. The service has been closed since August 2021.

Mixminion is the standard implementation of the Type III anonymous remailer protocol. Mixminion can send and receive anonymous e-mail.

Anonymizer, Inc. is an Internet privacy company, founded in 1995 by Lance Cottrell, author of the Mixmaster anonymous remailer. Anonymizer was originally named Infonex Internet. The name was changed to Anonymizer in 1997 when the company acquired a web based privacy proxy of the same name developed by Justin Boyan at Carnegie Mellon University School of Computer Science. Boyan licensed the software to C2Net for public beta testing before selling it to Infonex. One of the first web privacy companies founded, Anonymizer creates a VPN link between its servers and its users computer, creating a random IP address, rather than the one actually being used. This can be used to anonymously report a crime, avoid spam, avoid Internet censorship, keep the users identity safe and track competitors, among other uses.

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information of the user by hiding the client computer's identifying information. Anonymous proxy is the opposite of transparent proxy, which sends user information in the connection request header.

Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data. Digital privacy can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.

Tails, or The Amnesic Incognito Live System, is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to be booted as a live DVD or live USB, and leaves no digital footprint on the machine unless explicitly told to do so. It can also be run as a virtual machine, with some additional security risks. The Tor Project provided financial support for its development in the beginnings of the project, and continues to do so alongside numerous corporate and anonymous sponsors.

Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.

Whonix is a Kicksecure–based security hardened Linux distribution. Its main goals are to provide strong privacy and anonymity on the Internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux. All communications are forced through the Tor network.

Roger Dingledine is an American computer scientist known for having co-founded The Tor Project. A student of mathematics, computer science, and electrical engineering, Dingledine is also known by the pseudonym arma. As of December 2016, he continues in a leadership role with the Tor Project, as a project Leader, Director, and Research Director. His father, Raymond Dingledine, is a professor in Emory School of Medicine.

References

↑ Bianchini, Gianni, Marco Calamari, and Andrea Glorioso. "Today is the tomorrow we should have worried about yesterday: a proposal for an Italian law regulating usage, retention and deletion of georeferenced and chronoreferenced automatically collected data containing unique user identifiers". 20th BILETA Conference.{{cite journal}}: CS1 maint: multiple names: authors list (link)
↑ Greene, Thomas C. (21 August 2008). "Net anonymity service back-doored". The Register . SecurityFocus.com. Retrieved 6 August 2010.
↑ Ross, David (18 November 2003). "PGP: Backdoors and Key Escrow". rossde.com. Retrieved 6 August 2010.
↑ "Il Progetto Winston Smith / The Winston Smith Project". winstonsmith.info (in Italian and English). Retrieved 6 August 2010.]
↑ "Public Key Server - Get 0x1FB41E19'". Massachusetts Institute of Technology . Retrieved 6 August 2010.
↑ "Statistiche delle risorse del Progetto Winston Smith". winstonsmith.info (in Italian). Retrieved 6 August 2010.
↑ Bileta
↑ Bianchini, Gianni; Calamari, Marco A.; Glorioso, Andrea (6–7 April 2005), "Today is the tomorrow we should have worried about yesterday" (PDF), winstonsmith.info, BILETA 2005, Queen's University Belfast , retrieved 6 August 2010{{citation}}: CS1 maint: location (link)
↑ "Archivi mailing list e-privacy". Italian Linux Society (in Italian). Retrieved 6 August 2010.
↑ "Privacy BOX - "we want boxes, not programs"". winstonsmith.info (in English and Italian). Retrieved 6 August 2010.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Bianchini, Gianni, Marco Calamari, and Andrea Glorioso. "Today is the tomorrow we should have worried about yesterday: a proposal for an Italian law regulating usage, retention and deletion of georeferenced and chronoreferenced automatically collected data containing unique user identifiers". 20th BILETA Conference.{{cite journal}}: CS1 maint: multiple names: authors list (link)

[2] Greene, Thomas C. (21 August 2008). "Net anonymity service back-doored". The Register . SecurityFocus.com. Retrieved 6 August 2010.

[3] Ross, David (18 November 2003). "PGP: Backdoors and Key Escrow". rossde.com. Retrieved 6 August 2010.

[4] "Il Progetto Winston Smith / The Winston Smith Project". winstonsmith.info (in Italian and English). Retrieved 6 August 2010.]

[5] "Public Key Server - Get 0x1FB41E19'". Massachusetts Institute of Technology . Retrieved 6 August 2010.

[6] "Statistiche delle risorse del Progetto Winston Smith". winstonsmith.info (in Italian). Retrieved 6 August 2010.

[7] Bileta

[8] Bianchini, Gianni; Calamari, Marco A.; Glorioso, Andrea (6–7 April 2005), "Today is the tomorrow we should have worried about yesterday" (PDF), winstonsmith.info, BILETA 2005, Queen's University Belfast , retrieved 6 August 2010{{citation}}: CS1 maint: location (link)

[9] "Archivi mailing list e-privacy". Italian Linux Society (in Italian). Retrieved 6 August 2010.

[10] "Privacy BOX - "we want boxes, not programs"". winstonsmith.info (in English and Italian). Retrieved 6 August 2010.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]