The Castalia Foundation is proud to announce that we have solved the global computer surveillance problem by using floppy-disk drives and off-the-shelf backdoored-computers. We are now sharing this solution so that millions of others can enjoy secure-messaging for the first time in decades.
Although the backdoored-CPU problem could also be partly solved by using Atari ST, Amiga, or other capable pre-2005 computers, the problem would remain that the user must trust these systems to be secure. Our solution does not require secure CPUs. Instead, we offer a logical remedy.
If you bought your computer after 2005, it likely has another smaller-computer embedded into its CPU (Central Processing Unit). This smaller computer is a chip-on-chip surveillance system that spies on everything you do. It knows your passwords, it knows the websites you visit; the movies you watch; the emails you write; and even that you are reading this article right now. Everything you can see on your screen; it can see on your screen too.
Your computer will, given the instruction to do so, relay all of this information to whoever has access to the chip-on-chip surveillance system.
"Who has access to everything on my computer via this system?" we imagine you ask.
Rogue governments; hackers; the CIA; and every other maniac you can imagine. On Intel systems, this backdoor is called the 'Intel Management Engine'; on AMD systems it is called the "Platform Security Processor".
If you use encrypted email, that's useless: The 'Intel Managment Engine' can just read the emails straight off your screen. Alternatively, the surveillance processor can just read the encryption keys straight off your hard disk. "But, my keys are password protected!" you protest. That's no protection either: The Intel Managment engine was recording your keystrokes when you typed your passwords.
We will begin by describing why simply using a pre-2005 system is probably not sufficient security; then we will describe how three modern 'surveillance' computers can be arranged in a logical system to create a secure messaging platform despite their CPUs being backdoored.
Doubtless, in their original form, the Atari or Amiga (running Motorola 68k processors) are not backdoored. This is for the reason that the internet simply did not exist in any practical form at the time that these computers were manufactured. Consequently, we can assume the Atari and Amiga can run secure encryption systems because the CPU manfacturers did not anticipate these computers being co-opted in a surveillance grid.
Today, it is possible to set up a secure Atari or Amiga and connect it to the internet. However, we run into several problems:
1. The software for these machines will likely not be preserved on the original factory-issued media. Therefore it could have been meddled with.
2. If large numbers of people switch to Atari, for example, the market does not have enough second-hand Atari machines to fulfil demand. Also, the CIA will buy Atari computers up en-masse and/or target those buying them.
3. If a particular method of connecting the Atari to the internet for secure communications is popularized, then this method may be targeted by those same people who are currently surveilling you.
4. We still end up trusting the CPU, which is a 'black box' for most users.
In summary, the Atari or Amiga is a viable solution for basic secure messaging, but this method will not scale. That said, using an old Atari, for example, is certainly a solution that is light-years ahead of anything currently available from Intel or AMD.
Even with a non-backdoored Atari system, we are relying on a single-CPU / mainboard to connect to the internet; decrypt; and encrypt messages. This method is problematic because data can potentially be leaked between these stages; there is no mechanical boundary between them. Using one integrated circuit / CPU system for all three stages is a serious vulnerability.
1. Purchase three PC computers capable of running Linux. Two of these computers will need to be stripped of their WiFi and bluetooth cards to ensure they cannot be accessed via these channels. You will find that desktop PCs are the better option for this. Desktop computers are more likely to have removable networking cards etc. Check with the seller on eBay, or the original spec-sheet for the computer, to ensure that the Wifi / bluetooth system is not inseperably welded to the mainboard. Generally, avoid laptops.
2. Purchase two 3.5 inch floppy disk drives. If you buy a sufficiently old desktop PC, then these drives may already be built into the computers. If not, you can find external USB hard disk drives all over eBay.
3. Purchase a box of 3.5 inch floppy disks. These will be used for data transfer.
4. Install a version of Linux on the three desktop PCs. Debian will do fine.
5. Designate roles for the computers. You could write their 'names' clearly on the outside of the cases of the computers. We will name our first computer: "Writer", our second computer "Reader" and our third computer "Sender".
6. Connect your 'Sender' computer to the internet using an ethernet cable (or WiFi if you are feeling more sloppy about security). Technically it should not matter, as the 'Sender' computer never sees an unencrypted message. Your 'Writer' and 'Reader' computers should NEVER be connected to the internet. If they are, the system becomes totally insecure.
7. Write a message on your 'Writer' computer and encrypt it using PGP and the Public Key of the person you are sending the message to. See the guide here for more information.
9. Format a fresh floppy disk on the 'Sender' computer. This is a slightly techncial stage. If in doubt, ask a friend. This can be achieved with a standard 1.44mb floppy disk on Debian using the command line and this command:
sudo ufiformat -f 1440 -v /dev/sdb
You must then add a basic FAT (or other) filesystem to the floppy disk (don't worry if that sounds like nonsense at this point), using the command:
/sbin/mkfs.vfat /dev/sdb
Now the disk is ready to use.
10. Copy your encyrpted message onto the floppy disk.
11. Set the disk to read-only by flipping the tab on the floppy disk. This ensures that your 'Sender' computer, which is connected to the internet, cannot write any data to the disk which might be later read by the 'Writer' computer and used to send it a 'trigger code', Effectively, you have set up a one-way relay between your 'Writer' and 'Reader' computers.
12. Transfer the floppy disk to your 'Sender' computer.
13. Copy the encrypted message across.
14. Paste it into an email and send it to your friend via the internet.
15. Wait for an email response from your friend.
16. Save the response to another floppy disk. Flip the tab on the floppy disk to set it to 'read only' mode.
17. Transfer this floppy disk to the 'Reader' computer.
18. Decrypt the message on your 'Reader' computer.
19. Read the decrypted message.
19. Format the floppy disk to erase the message. For added security you can write junk data across the disk floppy. Here is a starting point for that.
20. Success!
It's important to be aware that anyone you write to will need to implement the same system to secure the messaging system. The Castalia Foundation's solution will not work properly if you are writing to someone who has not taken the same precautions and set up a similar three-phase encryption system using floppy-disk relays.
As you can see, we are using one computer exclusively to write messages; one computer to exclusively read messages. Finally, we are using a third computer to exclusively send and recieve post-encrypted messages. Because the 'Writer' and 'Reader' computers are not connected to the internet, it does not matter that they run backdoored-CPUs. Their only potential link to the internet is via the floppy-disk relay system.