Bitcoin Forum
November 11, 2024, 12:15:52 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: How does this set-up look to you all?
No Pass - 3 (60%)
Pass - 2 (40%)
Total Voters: 5

Pages: [1]
  Print  
Author Topic: How to Stay Anonymous and Secure Online: Please rate this Guide.  (Read 7112 times)
mastergrid (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 11, 2012, 04:22:47 AM
Last edit: March 11, 2012, 04:48:42 AM by mastergrid
 #1

Hello Everyone,

I am a total newbie/dinosaur of computer technology who has been spending the past few weeks immersed in this forum. This is a wonderful community filled with awesome info. After doing some research, I finally found a guide to securing myself as well as remaining anonymous. But, before I go ahead and implement this, I wanted your opinions. The main thing I learned on these forums is to always be diligent about your set-up and do your proper homework.

 http://pastebin.com/sp6YAvGb
 



P.S. Incidentally, I found this set-up on Forbes.com article on "How to stay anonymous online."






JennyHill
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 11, 2012, 06:15:50 PM
 #2

https://bitcointalk.org/index.php?topic=68079.0

This is a really good post on your topic. You should consider reading through that one first.
jake262144
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
March 11, 2012, 06:20:07 PM
 #3

[Encryption]
The TrueCrypt tutorial seems to be the weakest part of the whole howto. You should really study the documentation and use that tool to its full potential.

Ummm... disabling the swap file?
Ever heard of deploying full disk encryption (FDE) instead?
You need to set up FDE and two operating systems: the overt one (the system to be used for day-to-day activities) and the concealed one (the one with virtual machines and stuff).
This can be easily achieved with TrueCrypt, and unless you screw something up you should maintain plausible deniability.
FDE makes the whole step 3 (Securing Your Hard Drive) pretty much moot.

Be advised to disable standby on a FDE-secured machine - when that machine sleeps, the FDE keys are still in RAM.
If using Windows XP, Server 2003 or earlier, disable hibernation as well - as there is no API for performing crypto operations on the hibernation file, full security cannot be guaranteed.

Quote
ALWAYS REMEMBER TO DISMOUNT ANY TRUECRYPT VOLUME CONTAINING ANY SENSITIVE INFORMATION WHEN YOU ARE NOT USING YOUR COMPUTER
Don't forget to mention that there are automation settings for that in TrueCrypt preferences.

[Data sanitization]
If the disk needs to be sanitized, do so before messing with encryption. Consequently, step 6 should be moved to position 0 in your tutorial.
Copy the sensitive data to another (encrypted) medium, backup valuable non-sensitive data, and sanitize the drive.

File shredder... really?
Why not just hose the drive with random data? Be advised that everything on the drive is about to go bye-bye.
dd if=/dev/urandom(1) of=/dev/sdX ... ; repeat until satisfied.
If you don't feel comfortable with linux use DBAN.  
If you do that, no force on earth will be able to scrub any old data off that drive.
By all means do install a file shredder in the OS but use it as an emergency tool.

Don't use SSD drives for storing sensitive data - due to the nature of their operation (wear leveling algorithms and controller-level compression) you can never guarantee full erasure.
Don't use damaged hard drives developing bad sectors - once a bad sector has been detected and replaced the only way to write to it is to use specialized low-level software.
SpinRite can be used to reinstate bad sectors into service. It is not cheap, however.

[Cryptography limitations]
Don't expect cryptography to save you if you get identified as the perpetrator of an unlawful act.
Depending on where you live, you might be compelled by law to hand over all decryption keys to the LE (law enforcement) agency.
The investigators might threaten and intimidate you into releasing the keys. Rubber hose cryptanalysis is a powerful tool.

You never mentioned such basic aspects of security as physical security - a LE agency investigating you might plant a (hardware?) key logger or surveillance cameras to capture your precious passwords.
How lamentable will your situation be if you rely solely on TrueCrypt, oh my  Grin

I guess what the last paragraph amounts to is, please don't break the law - for your own best interest.
Let this be my final piece of advice.

Notes:
(1) Frandom is an order of magnitude faster than /dev/urandom. Good stuff.
jake262144
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
March 11, 2012, 06:26:52 PM
 #4

Oh, one other thing:

Quote
"How to secure your computer and surf fully anonymous BLACK-HAT STYLE"

Do you know what the difference between "black-hat" and "black-hat style" is? A great deal of knowledge and experience.
Still, black hat hackers do get successfully prosecuted when they break the law.
Don't expect that simply following any guide - no matter how good it might be - will be enough to make you immune.
Zedz
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 11, 2012, 08:56:32 PM
 #5

There is no security in the Microshit Windows world
Dansko
Newbie
*
Offline Offline

Activity: 40
Merit: 0



View Profile WWW
March 12, 2012, 01:09:49 PM
 #6

If you want security dont use Windows! Linux All the way!  Grin.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
March 12, 2012, 02:38:01 PM
 #7

Live boot cd/usb key on ram without hard disk, is a good idea?

jake262144
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
March 13, 2012, 09:40:37 AM
 #8

Live boot cd/usb key on ram without hard disk, is a good idea?
A great idea but much less flexible than a hidden OS.

A vanilla liveCD/USB would need to be reconfigured each time it is launched - you'd need to store the necessary packages somewhere.
Downloading TOR and/or other non-standard tools moments before hiding behind them isn't exactly the best of ideas.
Setting up all the necessary tools each time is not only tedious but error prone - think of the consequences of inadvertently missing a step.

A persistent liveUSB is a great tool able to remember the changed packages and configuration but since it's not full-disk encrypted, its purpose is obvious to any onlooker.

If you deploy TrueCrypt in FDE-mode and create a whole hidden operating system, as long as you don't do something dumb (anyone interested in the topic should carefully study the documention) no force on earth can prove the existence of this OS.
If you're forced to decrypt - e.g. while crossing a border, you decrypt the day-to-day (decoy) system containing no sensitive information.
fivebells
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


View Profile
March 13, 2012, 12:29:01 PM
 #9

...before I go ahead and implement this, I wanted your opinions.
  This setup is a horrendous kludge, requiring laborious startup every time you want to get on the web.  Nothing wrong with that if you need results in a hurry and it's the best you can do at the moment but it seems quite likely that better instructions/automation for this will be available in a few months, in which case hours of effort could be saved just by waiting.  (At the very least, a script which starts the VMs and services and hooks them up to each other would be a good idea.  I am also a bit surprised that an extra linux VM is needed for bridging the tor traffic.  Can't you do that on the windows side?  But I don't know much about windows.)

I got a little excited when he started talking about freenode, because I have found it quite hard to set up a truly anonymous account on it which can be accessed over tor.  Disappointing that he didn't go that far.
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
March 13, 2012, 12:32:46 PM
 #10

Live boot cd/usb key on ram without hard disk, is a good idea?
A great idea but much less flexible than a hidden OS.

A vanilla liveCD/USB would need to be reconfigured each time it is launched - you'd need to store the necessary packages somewhere.
Downloading TOR and/or other non-standard tools moments before hiding behind them isn't exactly the best of ideas.
Setting up all the necessary tools each time is not only tedious but error prone - think of the consequences of inadvertently missing a step.

A persistent liveUSB is a great tool able to remember the changed packages and configuration but since it's not full-disk encrypted, its purpose is obvious to any onlooker.

If you deploy TrueCrypt in FDE-mode and create a whole hidden operating system, as long as you don't do something dumb (anyone interested in the topic should carefully study the documention) no force on earth can prove the existence of this OS.
If you're forced to decrypt - e.g. while crossing a border, you decrypt the day-to-day (decoy) system containing no sensitive information.
+1
Truecrypt in FDE wins hands down, especially when the feds are at your door and you've run outta thermite. Wink
twoglovedanny
Newbie
*
Offline Offline

Activity: 48
Merit: 0



View Profile
March 14, 2012, 01:49:06 AM
 #11

Great guide for the paranoid.
Binary Finery
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
March 15, 2012, 03:13:32 PM
 #12

You're more likely to draw attention trying to implement all this stuff...
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!