"Crossing t's" and "Dotting i's" of Private Internet Use

We’re about to start using a privacy-oriented internet browsing system, and want to make sure that we are “crossing our t’s”, and “dotting our i’s” before we do.

We’ve read quite a bit on Wilders, and have been very impressed by, and appreciative of, the expertise offered by many of the regulars here. The approach we’re taking has been particularly influenced by the 'VPN's & VM's' system suggested by Mirimir.

Our computer has an Intel Quad Core i7-4770, 16GB RAM, and 4 1TB RE4 SATA Discs. We’re using Kubuntu 13.04 for the host OS, and Xubuntu 12.04 for the guest OS. [Kubuntu, rather than Xubuntu, in the host to take advantage of the i7’s power]. Both host and guest OS’s whole disc encrypted. VirtualBox used to set up VM. Our plan is to connect one VPN from the host to a different VPN in the guest OS Xubuntu VM. We’re much more interested in isolation than compartmentalization, and don’t plan on setting up separate VM’s for distinct tasks, but instead will do all tasks in one VM. As a result, we’re thinking we won’t set up separate pfSense VM’s, but instead will use firewalls for each of the VPN’s to prevent VPN and DNS leaks, and to make sure everything goes through the VPN tunnels. Our internet connection is 50Mbps down, 5 Mbps up, with a dynamic IP. We don’t plan on using a wireless connection ever with this computer, and also don’t plan on ever connecting it to the internet without this ‘VPN’s & VM’ system operating.

Our goals are to protect the privacy of the content of our web browsing as much as possible, and to not reveal our real IP address nor our actual physical geolocation.

Does the above system seem like it should work? And are there additional steps needed when using a ‘VPN’s & VM’ system like this? Should we disable geolocation in browsers, and/or elsewhere? Remove GeoClue from Xubuntu and Kubuntu? Disable clipboard in Virtualbox? Spoof user agent? We want to make sure we are paying attention to potentially important details.

 

That sounds reasonable.

I see four 1 TB RE4s. I presume that you'll be using RAID10, yes? Also, I'm wondering why Kubuntu would take better advantage of the i7’s power than Xubuntu would. These days, I'm back to recommending Ubuntu, or better perhaps Debian. For FDE, I strongly recommend dm-crypt with LUKS, not Truecrypt.

I always disable geolocation, but it doesn't matter that much in a VM that never sees the Internet except through two chained VPNs, with neither it or the host using WiFi.

With only one VM, you have no isolation between multiple browsing sessions. You have so much RAM, so why not run a bunch of VMs? And in fact pfSense isn't very hard to set up.

 

I wonder why this guy needs this, not my problem but (1) post wonders which go to that great of detail are on a mission, what mission? Who knows.

 

Very appreciative to get your input, Mirimir. We were planning on using RAID10, but have had some difficulty setting it up with an uncooperative motherboard. I know we could use software RAID10, but given that we don’t plan to store much of anything on this computer, we’re thinking we might as well forget RAID10, and tap into the full power of those four discs. Is there any reason to use RAID10 for a privacy system like this, other than for storing data?

Unless we understood this wrong, we have the impression that Xubuntu doesn’t fully utilize the i7 like Kubunutu does. Are we mistaken? Anyway, based on your above comment, maybe we should switch to Ubuntu or Debian. Why are you recommending those two rather than Xubuntu 12.04?

[I assume you mean VM, and that VP is a typo] We’re reluctant to run multiple VM’s for no other reason than just trying to keep things as simple as possible, to reduce the number of things that might go wrong. Would running another VM significantly help protect our privacy?

I don’t understand this comment at all. It seems like you are implying something, but I don’t even have a guess what that might be. I think you’re saying we’re on a “mission”, but I don’t get why you’d say we are on any more of a mission than anyone else here. Actually, we’ve been thinking this ‘VPNs & VMs’ approach would involve less effort than many of the other approaches we’ve read about on this forum. If we are on some kind of "mission", it's to prevent prying eyes from infringing on our privacy, in light of the startlingly eye-opening Snowden NSA revelations over the last few months.

 

Using motherboard RAID is never a good idea. It's low-end consumer junk. If you're going to use hardware RAID, plan to spend at least 300 USD on a PCIe card.

In my experience, Linux software RAID works very well, and handles disk failures very gracefully. In Ubuntu, and maybe also in Debian, there are GUI interfaces to everything, from RAID management to dm-crypt with LUKS.

RAID10 is a mirrored pair (RAID1) of striped (RAID0) disks. With four disks, it's the best compromise of performance and reliability. It gives you both performance increase (shorter seek time and higher throughput) and better reliability. There's no data loss after losing one disk, and perhaps even after losing two disks, if they're members of different RAID0 components. RAID5 is no longer recommended. With five disks, RAID6 would be faster than RAID10 with a hot-swap spare, but less reliable, because RAID6 rebuilds after disk failure are slower and more failure-prone than RAID10 rebuilds.

Please provide a link for the claim about i7 utilization.

Debian is probably the most secure choice. I'm convinced by adrelanos' arguments. See <-https://www.whonix.org/wiki/Dev/Operating_System->.

I don't know Kubuntu. I did like Xubuntu, but there a few quirks. I had problems getting audio working right with it on a new machine, and Ubuntu just worked.

Yes, it was a typo.

Using multiple VMs, with different VPN chains, improves your privacy by fragmenting and compartmentalizing your activities. It's harder for observers to build a complete picture. And it may be harder to link to your true identity. That's especially an issue if you've been active online, because there's a profile waiting to be linked. And if you suddenly go off the map, it's obvious that you either died or changed identity

Before proceeding, please review my updated guides, which have just gone up at <-https://www.ivpn.net/privacy-guides->.

 

I just took a quick look at those updated guides at IVPN,...wow, they look really helpful! Thank you very much, Mirimir! Looking forward to reading them carefully. And I'll look for that link about i7's, and post it when I find it...

 

How about a mission to appreciate your own constitutional rights which involves being protected under 4th amendment from unreasonable searches and seizures.

 

I know, I just found it mysterious how he calls himself "We" and talks about "We" in a third person, its sounds nefarious and intriguing. Also how he came from nowhere and already knows so much.

 

[SHADOW="grey"]lurker[/SHADOW]

 

He may actually be NSA informant. Im sure there is one in here, afterall we discuss security topics and NSA is trying to bypass those.

 

I’ve read through a substantial amount of your new guides on IVPN, Mirimir, and I must say that what you’ve done there is extremely impressive. For those who haven’t looked at them yet, it is well worth your time to do so. I’m not only very impressed by your obviously extensive knowledge about these issues, but also by your willingness to take so much of your time to share that knowledge. I’m sure I’m not the first person to thank you, but let me add my very heartfelt thanks.

We take your point vis-à-vis the privacy value of compartmentalizing, and now plan to add additional VM’s to our mix. But we’re thinking we’d like to start with a more simple set up, and then add more VM’s once we’ve had a chance to learn and practice the simpler set up. We will be extra careful during this initial practice phase about what identifying stuff we do online, given that we won’t yet be really compartmentalizing. So for now, we’ll probably start with two different VPN’s, one in the host OS connected to the other in the guest OS VM. VPN2 will never see our ISP-assigned IP, and we’ll never use wireless nor connect this computer online without at least this two VPN/ one VM set up.

We’re thinking we’d like to just leave this system running 24/7. Is this a good idea, and if not, why not? Also, we’re thinking of configuring it so that if the VPN connection dies, a third VPN will automatically and immediately start. Does this approach make sense, or is it better to just have the internet connection immediately stop if the VPN fails?

I find these comments very distasteful, and disappointing; especially given what a high opinion I’ve had of this Wilders forum as I’ve read through it. I used the word “we” because there are two of us working on getting this system up and running. I use the word “I” when referring just to myself, and “we” when referring to myself plus another person. That makes me “nefarious and intriguing”? Really? With all due respect, that seems like a rather absurd and confused conclusion. Compounded by the quite strange concern that I “came out of nowhere and already knows so much”. I’ve been reading through quite a bit of these forums the last few months, educating myself. Yes, I’ve been lurking. Is there anything whatsoever wrong with that? My impression has been that it’s perfectly fine to read forums like this without posting comments. Now I’m the subject of some half-baked McCarthy-like innuendo that I may be working for the NSA because I use the word “we” to refer to the two of us, and because I have some knowledge before making my first post?! Utterly bizarre. No, Taliscicero and Mattdocs, I’m not in any way connected to the NSA or any other government agency; indeed, I’m very interested in protecting my privacy from organizations like the NSA as well as from invasive corporations. I have a lot of respect for many of the regulars who post here. Many are very knowledgeable and gracious. Perhaps you two would be helped by following their example, and coming from a kinder and more welcoming place toward someone new here.

 

Hey, thanks

I've been working on them, in a way, for over two years. I've posted bits and pieces on Wilders, but never got around to collecting and rewriting. And it's not just that iVPN paid me, although that was sweet. It's that I had a partner to review and comment, suggest changes in organization, and so on. I doubt that I would have ever done it without iVPN's support.

That sounds reasonable.

If everything is properly routed and firewalled, leaving networking up 24/7 isn't a problem. Solutions like "stop everything if the VPN goes down" or "start another VPN if the VPN goes down" are totally inadequate. All it takes to be hosed are a few packets going out the wrong way. You want routing and firewall rules that block everything except for the desired VPN connections.

However, if you're depending on full-disk encryption for local privacy and security, it's dangerous to leave stuff up when you're not using it.

 

Thank you, Mirimir, for your very helpful advice.

As we’ve been thinking this through, we’re realizing even more clearly that this initial simpler set up of two different VPN’s & one VM isn’t enough to protect the privacy of the content of our browsing. We will definitely need to compartmentalize with multiple VM’s later. But in the meantime, it still makes sense to us to get the hang of it by initially practicing with this simpler set up. I guess the main thing we’ll be protecting with this simpler set up will be our ISP-assigned IP address, and geolocation.

When I started this thread a few days ago, my focus was on crossing t’s and dotting i’s by determining---before we start using this system---which of the ancillary details needed to still be addressed (things like: browser fingerprinting, spoofing the user agent, changing MAC address, disabling clipboard in VirtualBox). But as I’m thinking it through, and reading Mirimir’s (amazing) new guides at IVPN, I’m realizing that maybe none of that needs to be done vis-à-vis protecting location, since VPN2 never knows its actual ISP-assigned IP address nor its geolocation. Maybe it’s also irrelevant to deal even with location-oriented details like removing GeoClue from Xubuntu?

Is the above paragraph correct? Strictly looking at the issue of location privacy only: assuming we’ve properly configured firewall and routing rules for each of the VPN’s with our set up (VPN1 in host OS connects to VPN2 in guest OS VM, never connects naked to net without this set up, never uses wireless), is that enough to protect our real IP address and geolocation? Or are there any other steps we need to take to protect the privacy of our location?

 

Right, the VPN client in the VM (VPN2) never sees the Internet except through the host VPN (VPN1). As long as you can control that, there's no need to disable other stuff that tries to track location. Doing as much of that as you can does provide backup, of course. But the primary defense is controlling Internet connectivity.

Yes, I think that it's enough.

 

Mirimir…here is that link you asked for relating to my comment about i7 CPU performance in relation to different Ubuntu versions: http://www.phoronix.com/scan.php?page=article&item=ubuntu_1304_12042&num=2 . I mistakenly remembered it relating to Kubuntu vs. Xubuntu, but actually the comparison was between 12.04 vs. 13.04 versions. Unless we’ve got this wrong, we’re thinking the 13.04 Ubunutu flavors better utilize the power of the i7 than do the 12.04 Ubuntu flavors do…

 

OK, cool

Thanks.

But I'm not switching until the next LTE.