No smokes screens and cherry picking here, just the plain facts, which remain the same, honest people don't need locks to keep them honest.
I'm finding this division between "honest" people and everyone else rather dubious and amusing - especially in the light of modern research. From Milligram to Z|mbardo to current research on lying, the evidence is strong that "normal" "regular" "good" citizens, the Ivy League pillars of the community, are all susceptible to beastly behavior, cheating, lying - like everyone else. But perhaps more dangerous, because of their self-deception, reputation management, and wolf-in-sheep's clothing behavior. But in the context of the threats we face, I'm less concerned with individuals than with known institutions and gangs - whose behavior is indeed illegal and disreputable, and that's not only the criminal ones, it's the state-operated ones too. I agree with the problem that avoiding being low-hanging fruit is being demolished by industrialised automated attacks performed by various actors. There is no easy way of evading that if applied indiscriminately, and running an obscure system is likely to make you victim of a targeted attack! I presume that the big corporate gorillas like Google and Apple will be very proactive in trying to protect their fiefdoms from attack by "outsiders" because that's vital to their business models. They want to own you on their own terms, but they do not want competitors owning you, and destroying your confidence in the marketplace. I think that's the likely result of what's happening though, regardless of what technical expertise the consumer has - the internet marketplace is untrustworthy and dangerous, and that truth will get out.
Hypothetically, if the person who stole your wallet still claims to be "good and "honest" but shows no remorse and only admits guilt under duress, you wouldn't believe him nor be too amused! Its not that a good person can't do bad things, its that when they cross that line and don't fix their premeditated bad behavior you'd no longer refer to them as "good". If someone is caught engaging in deception, then they shouldn't expect to be called honest and if they're honest, they wouldn't cover it up even if they weren't caught. Simplicity at it's best! When we talk about security, you'd have to ask yourself, secure from what, or who? I'm stating the obvious... it's dishonest people for the most part, so honesty and dishonesty are always going to be ever present factors when you're considering how to protect yourself from scumbags. What I'm dubious about is the redefining of the meanings of words to bring about change. Case in point...terrorism. To change foundational principles by watering them down sets a dangerous precedent. Some things never change no matter what research says and honesty is one of them. That people can turn from one side to the other and in the process exhibit any behavior you just mentioned, is nothing new. It's ironic that because of dishonesty places like Wilders need to exist and yet its very antitheses has the potential to be pounced on from a great height. Mmm strange, that. In the way that a multitude of puppets can pose a lot of danger, I too think the PTB are much more of a worry. Nonetheless Id hesitate to put a difference between criminals and officialdom, in fact, the higher up they are, the worse they are likely to be. Are you meaning obscure as in not blending in? If so, I think noone_particulars reasoning in post 171 here says it all. Regardless of how long it might take one to achieve, the alternative is worse. Excerpt from noone_particular (bold emphasis mine) Ideally, you don't want your browser sessions to look any different than anyone elses. Even so, recognizing your browser in a session is not the same as identifying the user of that browser. A profile of a users activities is of very little value if it doesn't uniquely identify that user. Deanonymizing the user is the goal of most attacks against Tor. The vast majority of these attacks are aimed at the browser, not at Tor itself. Cross-site requests are one of the primary mechanisms used in those attacks. IMO, it's much more important to eliminate vectors that can be used to deanonymize you than it is to blend in with other Tor users. For now I'd say that's what they like to portray, but in reality they are a good deal more in each others pockets than they let on. I don't like to say it but by the time people realize that, there's going to be numerous casualties
I think that approach with Tor browser homogeneity is a good one, although it attracts attention because it is using Tor. I'm leaning towards using a vanilla Linux distro (in a VM) and browser without plugins, but using Firejail and/or VM snapshot reversion as an alternative. Doesn't provide anonymity unless Tor/VPN are used in some combo, but in a way, is more vanilla still, and provides little surface for permanent attack (providing the VM isn't subverted, but by then that's likely a targeted attack). An alternative I'm also using is a Pendrive Linux USB distro, which I can update, but for browsing, I physically remove the USB drive before browsing anywhere. I find this a bit more flexible than running off LiveCD.
Thanks. I remember you mentioning the Pendrive option some time ago in a previous post and I'm 99% sure the computer I'm now using doesn't support booting from USB either. It's of the same vintage as my computer that blew the PSU recently. I only have a CD drive not DVD, and I'm not sure what would fit on that. I really like the idea of a RAM drive, but I'm still stuck on 512 MB RAM so that and trying out a VM is a no go. I'm not sure whether to try that other 512 stick which is probably fried bringing current computer to 1GB. I wouldn't want it to upset what is working ATM. The HDD survived, but the RAM more than likely not. When all is said and done, the kicker is that ip address. It must be adequately obfuscated or there goes your anonymity, which hopefully is in line with what the OP is talking about. There's very few ways to do that without "trusting" a 3rd party, especially the likes of online proxies. I was interested to read a link from this post. There's been hardware offerings before but they've always been proven to be less secure than claimed. Whats your take on this? https://www.wilderssecurity.com/threads/how-to-anonymously-access-wi-fi-from-2-5-miles-away.377617/
Trying to combine security and privacy/anonymity is very hard, as readers here know. My feeling is that using open wifi for anonymity purposes is the best you can throw (with or without the extra remoting that the article uses), whereas using VPN/Tor from your ISP trades some de-cloaking risk for convenience. Of course, there are the "normal" opsec disciplines needed for that, so it depends what you're trying to achieve. In the medium term, I expect secure anonomysing systems to emerge, probably based on things like torrent and bitchain. But you have to give up any notions of real-time, browsing, IM, and so on, it'd be a medium latency message-passing system. Hope you can get an upgrade to your machine soon... I'd be tempted by one of the new RPi 4-cores in the circumstances.
