+ + This application assumes you will be using your own encryption scheme where the encrypted messages are made up of digits 0-9. Typically these will be one-time pad messages such as described here. This application performs no encryption of it's own and should not be trusted with unencrypted messages. +
+- Do it! + Before you start, you'll need to have a method of encrypting messages. Unencrypted messages should never be entered into the application. For a method to securely encrypt messages, see here. +
+ ++ For the sake of example, this will walk you through setting up a wordpress blog and creating a numbers station which will periodically post to it. There are also other options for uploading posts. +
+ ++ Wordpress is free blogging software, and one of the most popular at that. Many web hosts provide wordpress blogs for free and Wordpress.com is just one of those hosts, but that's the one we're going to use for this example since it's fairly straightforward. +
+ +
+
+ + Now that you have a blog to post to, you will need to set up your numbers station settings. +
+ +/xmlrpc.php
+ example.wordpress.com, then the address to enter would be https://example.wordpress.com/xmlrpc.phpYour password is stored in your user files. Anyone with access to your user files would also be able to post to the blog
++ Once you save your station settings, the application should now run on the given schedule and upload messages. Each time it runs it will generate a random message to be sent next time. Whenever you would like to send a real message, all you need to do is replace the stored one with the real message. +
+ ++ Now the real message is saved and will be sent at the next appointed time.
- Because it's fun + Suppose you have secret messages you are sending. Even if you are able to encrypt your messages perfectly, an adversary will still be able to tell when messages are sent which can reveal important information. +
++ Suppose you are planning a protest and send many messages in the days leading up to the protest. For someone monitoring your communication, even if they don't know the content of the messages they can guess that you were somehow involved in the protest. +
++ The solution to this problem is to send messages regularly. The messages can just be dummies most of the time, but then when you need to send a real message, an adversary won't be able to tell that anything is different. +
++ This is the technique used by numbers stations, which are radio stations suspected to be run by governments to send messages to their spies abroad. The reason they are so mysterious is also the reason they are so effective: you have no idea if or when they are sending a real message. +
++ -- + + The main requirement is that the messages which you do send are indistinguishable from random messages because otherwise an adversary could tell the real and fake messages apart. +
+ +
+
+ + The main window shows a label for the current station name (1) and a button to open the station selection window (2). The 'Settings' button (3) opens application settings, while the 'Station Settings' (5) button opens settings specific to the current selected station. The 'Help' button (4) should open this help document. +
+ ++ The message display area (6) shows the contents of the message which will be sent at the next scheduled time. This message can be edited, and then saved via (7). +
+ +
+
+ + The username an password entered here are stored unencrypted. Anyone with access to your computer account would be able to access the resources accessible via the credentials. +
+ ++ Currently two method of upload are supported: SFTP and wordpress. +
+ +
+ SFTP uploads the file to the specified server as www/message.txt. It also generates an atom feed file and uploads it as www/feed.xml (subsequent runs will add to the feed file instead of overwriting it).
+
+ Wordpress will upload the message directly to the specified wordpress blog using XML-RPC. XML-RPC should be available on most wordpress installations, though it may need to be enabled. +
+ ++ Alternatively you can opt to run an external program to handle the message. The external program/script will recieve the path to message file as an argument. You could use this to run the message through a blog generator such as Pelican (Note that the external program will have to handle uploading the message as well). +
+ ++ Prefixes provide a way for the randomly generated messages to avoid using valid message identifiers. To do this, simply add message identifiers to the prefix list, dummy messages will subsequently be generated ensuring they don't start with the listed prefixes. +
+ ++ For background, one-time pad cypers typically use a message identifier as the first part of the message. This allows the recipient to determine which one-time pad to use for decryption. If a dummy message generated randomly accidentally starts with a valid message identifier, then the recipient might try to decrypt a nonsense message resulting in confusion. +
+ ++ The downside of storing the prefixes on the computer is that anyone with access to the computer (e.g. via malware) would be able to tell when a real message was sent (vs. otherwise they might only know that secret messages are likely being sent). +
+ ++ The alternative to providing prefixes is to use one-time pads with long enough message identifiers that the odds of a random message colliding with them is negligible. +
+ ++ From the given start date and time, each station is run on the specified period. This means that it will upload the stored message according to the upload settings, then a new dummy message will be generated for the next time the station is run. +
+ +
+ If the "Manage schedule externally" checkbox is ticked, then the Numbers Station application won't schedule the station to run. Instead, an external scheduler (e.g. Windows Task Scheduler, or cron for *nix systems) can be used. The station can be triggered by running {numbers station executable} --station "{station name}". The application executable path can be found in the about screen.