COMSEC: Beyond Encryption

Discussion in 'privacy technology' started by mirimir, Jan 26, 2015.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Last edited: Jan 27, 2015
  2. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Sound but vague advice at points for sure, though mixed with 90% meme level pictures and "humor" which works against its meaning of being a guide your life could depend upon. The vague rundown of operating systems is painful. The end is just "LOOK AT ALL THESE FUNNY PICTURES I FOUND ON THE INTERNET".

    Stuff like that is good though ^

    Along with threat modeling and idea of worst case consequence.



    Of course, maybe I'm too spoiled on mirimir quality guides. ;)
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I was mostly pleased to see someone pushing compartmentation :)

    Or is it compartmentalization?

    I guess that it depends on whether I'm pretending to be American or British. Could someone please help me out a little here?
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    That was an interesting "read". Started out by throwing linux under the bus though. One man's opinion.

    I personally really took notice of the pgp discussion regarding wide circulation of keys. I have always shared their opinion on that one!

    Mirimir - I would go with compartmentalization in my "world".

    My personal addition: this would be a tough one for many of us here. Purely from a opsec vantage; it would be prudent to "shed" psuedo's quite often and start fresh. If you started a new one every month or two and became somewhat deliberate in changing the personality of the new psuedo, it would add strength to your opsec. You would sacrifice your "following" because folks wouldn't know someone like Mirmir, they would see the "new kid on the block". That new kid would blend in and the real person behind Mirimir might just be safer. Same for me, and several others here. Just a notion that has pretty much merit if you ask me.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Mirimir is one of my few long-term personas. I've tried using only short-term personas, and it's hard to accomplish anything. Nobody pays much attention to what you say. So for me it's a trade-off. But then, Mirimir also has many personas :)

    The author is clearly an Apple fanboy :)
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I can totally relate to the "nobody pays attention" thing. At another site I was a "staffer" on encryption and like you the established persona could get stuff through the pipe and put into play. It got to the point I was fearful of compromise so that persona died. Changed computers, vpns, everything. I spent the next few years there lurking in the shadows and posting content relevant to hundred post member conversations. So, I totally get your dilemma.
     
  7. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I think that for something like posting on a forum, nobody is going to put in a huge effort tracing you down unless you say things that are going attract the wrong kind of attention like advocating for violence or whatnot. But if you're doing much more than forum posting, the smartest route seems changing you're moniker as frequently as possible and not maintaining any steady contacts.

    Most of the OPSEC described there was sound but pretty basic. I'd venture to guess that if Sabu or the others in Lulzsec used the chained VPN setup and didn't discuss personal information (or only provided disinformation which may be better), they'd be free. Or better yet, work as a lone wolf.
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Thanks, not relevant for me, but a useful mindset.

    I particularly liked the point about reducing expectations of immediacy/low latency. My feeling is that browsers are a form of posh dumb terminal, designed to suck you into central services you cannot trust and sophisticated enough that they are tracking magnets. So IM and browser-based communication would be vulnerable.

    Probably people underestimate the planning and discipline required to run different personas well. I remember reading about some WW2 deceptions, which required teams of people to run the fake.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I've become all too familiar with latency :)

    I sometimes use hosted servers that I reach so indirectly (via VPNs and Tor) that latency gets to be 0.5 to 1 second, or more. But these are fast servers, with fast uplinks. And packet loss isn't bad.

    So I've had to learn patience. And to recycle old skills from the days of systems with slow CPUs and little RAM.
     
  10. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    https://firstlook.org/theintercept/2015/01/28/how-to-leak-to-the-intercept/
     
Loading...