Please help me :)

Discussion in 'privacy general' started by mirimir, May 10, 2018.

  1. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Oh, the other obvious thing is in the US - people don't want their ISP knowing what they're doing. Likewise in the UK, people don't want the risk of the govt. mandated ISP internet connection records collection and storage. IOW, the ISP has joined the ranks of the enemy.
     
  2. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Would having an ISP that is based out of the UK help with that?
    I am not aware of any foreign isps offering services in the uk.
    It would then mean the isp is out of the jurisdiction of the uk government and security services.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    All ISPs operating in the UK need to comply with the Internet Connection Record collection and storage requirement of the IPA. Doesn't matter where the HO is. If they refused to comply, then it's easy enough to shut the service (ultimately because the cables and twisted pair ARE in jurisdiction). The same is less true of VPN services, though to an extent those with servers located in the UK could be threatened with shutdown of that server, or perhaps worse, an order to monitor the connection. Although my personal stance has always been that I support lawful warranted individual monitoring with articulated reasonable suspicion. The current situation has already been found unlawful and they are supposed to be making the IPA more minimal and proportional (but they will not fully comply, and they will spend years fighting in court).

    The problem of course with the mass surveillance is that those ICRs are a juicy target for misuse and theft. For instance, it would be obvious what online banking you used (hence phishing more effective), or as a target for blackmail. It would be very easy to correlate with commercially available data from the brokers plus the ICR and they would have a terrible inside track.
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Yes good point deBoetie about the cabling.

    No one likes criminal activity and like you if it had proper oversight and the uk gov actually took data protection seriously i would not be so worried myself.
    But as it stands I worry about data being lost or given away by the government and companies.
     
  5. razorboy

    razorboy Registered Member

    Joined:
    Dec 26, 2010
    Posts:
    200
    Location:
    North
    This is a very interesting thread. I'm an ignoramus on the subject. Seeing that "don't have wi-fi" is one of the golden rules on the subject, I assume that we are referring to wired systems, at home or work.

    Noting this: ""If you really care, it's also good to use a host machine that's not linked to you through prior use.""

    ..... what if you use a portable machine with coffee-shop wi-fi - a machine which has never been on your home network (or any other network.) Can the laptop become an unknown, unidentifiable machine in cyberspace?

    Thanks
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    If you want to deal seriously with this, the answer lies in Virtual Machines. I have posted at length about this in the past. Proper virtual machines will obfuscate the physical motherboard characteristics unique to that one motherboard. Further by utilizing VM's you are able to constantly change MAC's, etc.... so that in essence you can appear on a different physical machine daily. The host OS on your laptop will always use items connected to the motherboard running it, but your internet workspace will never see that motherboard or OS. Workspace only will report and see the items contained in the VM. I could write many pages on this.
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    I don't agree with the premise that there are any golden rules. There are no failsafe technical remediations. You are in the business of reducing risk within practical demands of life and what you are attempting to protect against.

    Your scenario is more about operational security (opsec) than about what you need to do technically to support that. So, for example, you have to think carefully about how you might execute on any communication personally, and keep that distinct from other stuff you do.

    As mirimir points out, the use of Virtual machines provides probably the most practical support for most levels of activity, short of abandoning tech altogether (which is not such a bad idea for lots of reasons!)
     
  8. razorboy

    razorboy Registered Member

    Joined:
    Dec 26, 2010
    Posts:
    200
    Location:
    North
    Do we mean Process virtual machines or System virtual machines?

    Is there an ABC or Idiot's Guide to VM?

    Will most Linux distro's work?

    I'm thinking of use of a W7>>Linux laptop, never used at home.

    Thanks for the wisdom.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Either W7 or Linux can act as host for the most popular virtualising software (Oracle's VirtualBox, open source, or Vmware). You can then run a huge variety of guests in the virtual machines, including Windows, Linux, BSD.

    I'd not have a hard drive in the machine at all, and just boot off a USB3 drive or the optical drive.

    Firejail is a useful adjunct on Linux, you can use that to further harden browsers etc, and it offers mechanisms for changing machine id.

    @mirimir will be able to tell you regarding machine/browser fingerprinting, Debian variants may have the same fingerprint on a given machine, ditto Red Hat variants.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Not really. It'd just become a machine that only connects via public WiFi APs.

    Any machine that hits the Internet could get tagged. Or at least, characteristics could get logged. Avoiding that is hard. And knowing whether you've successfully done so is arguably impossible.

    Even so, compartmentalization helps a lot. I accept that everything I do on this VM is linkable to Mirimir. And that's OK, because only Mirimir uses it. I use the host machine for other stuff. Mainly other personas that use Tor. But I do not use this VM host for anything involving my meatspace identity. And I also use other hosts for personas that I really don't want linked to Mirimir. Because there's no way to be certain that information about the host machine leaks through VMs. Consider rowhammer, for example :eek: Or the WebGL leak that @deBoetie mentioned.

    If you're really paranoid, you could run everything from a microSD card in a USB adapter. Unlike an SSD or USB, you can actually chew and swallow a microSD card. At least, if your teeth are in good shape ;) Or even an MicroSDXC card, if you want more than 64GB. And of course, you'd use full-disk encryption on that.

    But you still need to worry about hardware information that might get logged, even though you're using VMs. Although I don't know KVM very well, I suspect that it can be locked down better than VirtualBox can. Or maybe even better, Qubes.
     
  11. razorboy

    razorboy Registered Member

    Joined:
    Dec 26, 2010
    Posts:
    200
    Location:
    North
    """But you still need to worry about hardware information that might get logged,..."""

    It seems to me that the machine hardware information is the ONLY thing to worry about if one is a mobile poster, for example. If you are trying to foment revolution via WI-FI at MacDonalds on a clean machine (no personal stuff, never turned on at home) and VM, the only identification liable to occur is of the physical machine. Then you need to know if the use/ownership connection between you and the machine can be established by the CIA or KGB. Yes?
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Right. So use a machine that you purchased as anonymously as possible. Maybe at a swap meet, in a distant town. Or even at a small shop, far from home, paying cash. Or buy a bunch of old broken laptops, some common model. And then mix up parts to create ones for use.

    But once you've used it, you gotta assume that it's been logged. So only use it again for stuff that's OK to get linked. Maybe you could accumulate stock of components with stuff that would most likely get logged. Perhaps a supply of surplus motherboards and (if they're discrete) network cards. I'm sure that there's some model laptop that's old enough for motherboards to be inexpensive, but capable enough for basic Linux.
     
  13. razorboy

    razorboy Registered Member

    Joined:
    Dec 26, 2010
    Posts:
    200
    Location:
    North
    Or even at a small shop, far from home, paying cash.

    Would a new or refurb have hardware data IDing it as coming from Joe's Electronics?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Sure. But if there's no record of who owns it, so what? And OK, yes, it could point to the original owner ;)
     
  15. razorboy

    razorboy Registered Member

    Joined:
    Dec 26, 2010
    Posts:
    200
    Location:
    North
    Wow........... Forensic Files, 2019.
     
  16. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    You also have to know that its actually possible to shoot yourself in the foot by buying a used laptop for $$. What if the original owner was a pedo or worse (if that's possible)? Hopefully nobody is looking for that machine, LOL!

    There is another simple step to consider that is majorly tough to defeat. Run a linux host, then setup a clean linx VM. Snapshot it to make sure it stays perfectly clean and one click returns you to "virgin clean". Now from within that VM run a TBB (Tor Browser Bundle) on the VM Desktop and ONLY use the TBB for your actual internet workspace. By creation the TBB will display YOU as a generic user with fingerprinting, screen size and all kinds sensitive stuff being obfuscated by the browser design. In other words if you do it correctly sites will only see the standard generic ID stuff as every other user. You would appear as me and I you X thousands of users. I have studied and tracked this. Even if you save a file it stays locked inside the TBB and doesn't make it to the VM Desktop unless you intentionally move it there. For lazy folks you can place numerous TBB's on the Desktop and then only use a specific TBB for ONE site - assuming its a low risk type of site. For higher risk you use a separate VM for each TBB. If you take the time to research how clean and anonymous TBB can make you it'll be worth your time. All the above said; I still place multiple VPN's in front of even this TOR circuit and I still get decent speeds.
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, yeah. There is that :(
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.