My "Advanced Privacy and Anonymity Using VMs, VPN’s, Tor, etc" guides are online!

Mirimir:

Only one word fantastic. iVPN is the company I use for my VPN. Sam has been mentioning in writing that they were doing a series of 8 articles that were due to come out in a bit. I have lurked on here for awhile without an account. So even though I am seemingly brand new here I have read what you have had to say for years. I am a writer dude. This is an exceptional achievement. You are to be congratulated and thanked for the contribution.

 

@RollingThunder

Thanks

What would you like to see next?

I've gotten some feedback that a even the basic setup in part 2 is too much for many new VPN users. But I'm not sure what a simpler setup might look like. There are already enough guides on installing VPNs. The next major improvement is routing and firewall rules, and that is not a simple topic (unless it's "run this script").

 

Well, your guides are going to play a key role in my setup. I am new to having an account on Wilders. Like I mentioned I have been lurking here sans account for quite awhile. I have reviewed all 8 of your papers and am currently doing a serious read of number 4. I can share with you that you are not over my head. The determining factor of how far I go is balancing the level of security I believe I need with my individual trust factors, paranoia of outside systems (which is high) and a personal risk analysis. I am going to be here awhile now that I have actually gone to the extent to create an account. So you will hear the developments as I struggle through this. Thanks again.

 

Mirimir:

It seems that you are after serious feedback and not just casual jocularity. I will provide you with my take on the universe. I am a published author. I have written quite a number of white papers. In writing you have to consider who your audience is. When I read your iVPN 8 part series I see your audience as being one that is technologically sophisticated, privacy and anonymity minded, conspiracy theoried and those that have criminal intention. This is not a criticism. You have designed a series of articles that give public information to a concept where none really existed before without spending days, weeks, months sifting through carding forums in TOR's hidden services. So, Mirimir, here is the thing. If you decide that you want to write something for most average IQ's of society it needs to be dumbed way down. I do not think that classification of person was your intended target. You put sophisticated knowledge out there. Do not in any way feel like you have done a dis-service to anyone. You have not, you have like a good author chosen your audience. Let me give you an example. As beneficial as encryption is to this society it has not caught on. PGP for instance is great software. Aside from the technically minded, PGP never caught on. Why? The answer is simple. It is difficult to use and has to be that way. For anything technological to become prevalent in society it has to attract the 90 year old, it has to attract the drugged out teenager, it has to attract the middle age male who works for a living. That is a very hard and diverse population to write for. In other words keep doing what you are doing. People who value it are already monitoring and using your material. Those who are not, well ...

 

@RollingThunder

My primary goal in learning all that, and writing the guides, has always been to help make strong tools for privacy and anonymity available to activists and dissidents. I also enjoy playing with the technology

I've been playing some with ideas for easy-to-use LiveCDs that include VMs, VPNs and Tor. Who knows, maybe something will come of it.

Perhaps Qubes will develop into a user-friendly OS for the mass market. If it does, it could easily implement every idea in my guides. Indeed, some years ago, it was reading about Qubes and precursors of Whonix that started me down that path. I didn't want to wait.

 

Personally, I am glad you did not wait. While my account is new on Wilders I am not one of the masses. You bring up something that is interesting. Qubes. Do you have any comments about installing Whonix inside Qubes? In other words using Qubes as the bare metal host? The thought occurred and find it at least somewhat interesting. Comments?

 

You wouldn't install Whonix in Qubes. You would (and adrelanos has speculated about) implement the same design using Qubes components. Qubes has "VMs" for individual apps, not OSs. It also has virtual networking modules, for VPNs and for Tor. It's a very cool system.

 

I like the LiveCD idea. I understand what RolllingThunder is saying in his feedback, but I think to set up onself the sort of system you outline in your guides is going to already require a person to be pretty technically sophisticated and motivated to learn. So to me, your guides are written appropriately for their potential audience.

I don't know that there is a way to make the guides much simpler or more dumbed down, because the process is ultimately not that simple. To me the solution that ultimately works for grandma and people with no time to figure things out is a technical solution (not a guide solution). It would be something that requires little or no configuration on the part of the user.

Yes, Whonix wouldn't make sense in Qubes, since Qubes is arlready running everything in separate VMs. It's just a different approach to the problem and one would need to set things up in a Qubes way.

In fact Qubes is already designed with a TorVM component (http://qubes-os.org/trac/wiki/UserDoc/TorVM) that seems to me to serve the function that Whonix serves. I guess you could then setup the basic NetworkVM in Qubes to run through a VPN, if you wanted Tor over VPN. I don't know how you would do it for multiple VPNs or VPN over Tor.

Here's the main dev's explanation of how Qubes works: http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html. It includes a section, "How is Qubes better than just running a bunch of VMs in VMWare or Virtual Box?"

 

@CB474, @ Mirimir. I have seen both Ubuntu and Debian before and like them both. I am probably going to adopt one or the other as my host bare metal system. I concur with whomever said I need stability over application development as the only three apps the host will run will be OpenVPN, DNScrypt, and Virutalbox. Ubuntu is more tailored toward the ease of use desktop environment (the home user). For that reason I may just find myself in Debian. I will keep you informed.

 

If you choose Debian for the better security and stability in the host OS, keep in mind that it's not exactly hard to use. As I've been saying, since you're not going to be doing any multimedia stuff on the host OS, I'm hard pressed to see the difference between Ubuntu and Debian in terms of ease of use. None of these are minimalist distros with little set up out of the box, so "easiness" tends to just come down to whether or not Flash and printing and things like that work well upon initial installation (and I think no distro is better than Mint in this respect). But these are all distros that come out of the box with full desktop environments and ought to work pretty well right off the bat. In addition, since Ubuntu is essentially just a derivative of Debian, under the hood they're pretty much going to be the same and there's going to be zero ease of use differences there.

The real advantage of Ubuntu, I think, is just that it's updated more frequently if one wants more up to date applications and if you like the Unity desktop then there's that. But desktop choices are largely separate from specific Linux distro choices and under the hood configuration experience. I.e. you can set up just about any desktop on any Linux distro and most have spins pre-configured with every different desktop you could want.