How to Browse the Web and Leave No Trace

How to Browse the Web and Leave No Trace

-- Tom

 

Funny ... can't read with ads blocked What's that about leaving no traces?

OK, reading startpage proxy. They use NordVPN's app, showing VPN servers, to illustrate tracking? Why not Lightbeam or whatever? But OK, incognito mode, VPNs and Tor. That's cool. But no Whonix

 

Pretty good information except I would advise do not run tails on a usb stick. Use tails installed on a live cd and do not do so while your real OS hardrive is still in the machine. If you need to access services that require signup with email address use one of the throwaway email providers, they do work.

 

What are the differences between running TAILS OS on a USB stick and a live CD?

 

Niteranger, USB stick can be written to so is vulnerable to malware the same as any other regular os.
The cd/dvd based os cannot be written to, (assuming you use burn once cd/dvd rom) Therefore is immune to all known malware that might overwrite files, inject boot sector virus etc

 

You have to configure a persistent volume that can be written to on the stick, otherwise I'm not sure how the stick would get written to. Also isn't the optical drive option a lot slower?

As for sites blocking visitors with adblockers they just don't get it DO THEY that ads to some of us are so irritating it has the opposite effect.

 

So, running TAILS with TOR on a USB stick is for anonymity and not good against malware attacks. Is there anyway to improve on this assuming I'm not using a WORM CD/DVD because of its slower speed than a USB stick? And using a WORM CD/DVD means I cannot save anything on it like what @Reality mentioned, right?

Thanks

 

Niteranger, consider malware and loss of anonymity to be the same thing. Worst case scenario: malware modifies your tails kernel without you being aware of it. There are many ways that could happen on a writable drive but not to a cd/dvd rom.
If you need to save stuff you can configure a persistant encrypted volume on a separate device like a usb stick. Using it while online is a risk. cd is slower yes. As always it is a case of security vs peformance you have to decide which is more important.

 

So can install Windows security software(eg. AV/AM, anti-exe, SRP, SBIE etc) into TAILS on a USB stick for protection against malware. I'll be running Tor for anonymity.

If yes, how to do that since boot up is direct from the USB stick?

Thanks

 

There is no point to avoid leaving traces, you can't because it is not under your control.

What you can is to avoid using your real name, but if you do so , forget about using your home ISP, online shopping, administration's sites, etc...

 

Using Tor should give me a certain degree of anonymity and using encrypted services.

The issue here is malware attack rather than anonymity. What I'm interested is can I protect TAILS/TOR like the way to protect Windows ie.using AV/AM, SRP, SBIE, anti-exe etc but on a USB stick?

Thanks

 

Tails is based on Linux Debian and is generally designed to be used as is. It is an operating system unto itself. To make a USB stick from (within) Windows it's a bit involved. You need two USB sticks. One is an "interim tails" then you make the final tails which is what you'll use. I'd suggest going to their website as the documentation is very good.

As to adding your own software, it doesn't work in the way you would normally expect - the nearest you can achieve that is: (bolding mine)

More on Persistence (bolding mine)

 

So, are you saying that a USB once a Tails .iso is written to it, cannot be made Read Only

When Tails is running, hard drives are NOT mounted, so unless malware gets into the running session - the only place it could be is in Memory, and unless you mount the hard drives they are not available for anything. If you mount them, you can then save to them.

-- Tom

 

You mean hardware read only? Sure if you can find one. I used to have a usb with a read only switch but I haven't seen one in a store for years.
If you mean to mount the tails drive as read only I'm not sure how secure that is or not.
All of this depends how important anonymity is to you. If all you want is to browse while not being tracked by adware usb tails might be fine. If you are a journalist and you have information that could bring down a government you might want to take it a step further. Using cd just reduces the attack surface.

 

My computer has a SD card slot in the front. I have a few 4 gig SD cards. They all have the old read only switch on them. Wouldn't that work?
Or even say and SD card reader attached to a USB port.? Most laptops now days have Card reader slots.

 

For example, my Tails USB flash drive reveals it is rwx by root account only, i.e. drwx------
I suppose I could modify it easily from the root account to be: dr-x------ and test to see if that works.
Note: This is the default (rwx) after I have utilized the Tails Installer to install to the USB drive from the ISO file while in a previous version of Tails to do the installation of the newer version of Tails, e.g. Tails (32-bit) version 2.12.

-- Tom

 

This is how I see it. The tech companies design security weaknesses into their products in order to pander to the whims of corporations and government agencies all of whom have their own agendas none of which is about respecting the users privacy. Hackers know this too. They know the backdoors, the exploits, the zero days are there. Its just a matter of finding them and it's probably not that hard to examine processes and look for the likely suspects. I'm sure also details of built in exploits get leaked. All of which make our systems a hackers playground. That is why I say do not trust ANY software, protocol or settings will be secure unless it is physicaly impossible for it not to be. I believe it is physicaly impossible for a cd rom drive to overwrite files on a cd rom so that is a good place to start.

 

I'm not suggesting everyone dump their hardrives and use a slow cd rom for everything, but I dont think slow access times has much of an effect when using the internet. Once the browser is loaded into ram, cd access times are not an issue. They do not want us to have read only capability. Microsoft quietly disabled the read only flag years ago. USB stick manufacturers removed the read only switch.

 

I don't believe for a moment that tech companies design security weaknesses into their products. I do, however, believe that tech companies design their products without aforethought of security being designed into them from the start.

-- Tom

 

I think Snowdon would laugh his behind off if you told him that.
You know the NSA was doing this for decades. They paid ten million dollars to RSA for them to approve an algorithm they knew was flawed. Thats just one example.
Malware is big business no one has an interest in preventing it.

 

Snowdon wouldn't laugh, because your example is a close relationship to undermine the system, while a wider sample of companies that suck at security still do not have a clue about how to design secure software with aforethought.

-- Tom

 

Doesnt tails automatically mount in read only mode if you're not using persistance on the same drive? I thought it did.
My concern would be persistant hardware based malware could be configured to intervene pre boot and change something. Tails was originaly designed to run as live cd. The Tails devs warn that usb is not as secure. I look at articles written about tails and my 6th sense detects a gentle push towards using usb stick instead. That immediately raises a red flag with me.

 

Apparently not, and yes I am not using persistence, since I am able to save anything I want to my hard drive by mounting it as needed then unmounting it after the save is complete.

-- Tom

 

It's probably safe enough to boot Tails from USB flash.

But it's hard to know just what malware could manage. Could it write to a USB set to read-only? Could it mount the system disk, and write to it? Who can say for sure?

I do think that writing to a write-once CD/DVD is less likely than either. Because once the dark bits have been created, they can't be made clear again. However, I don't know how trailing empty space is handled. If it's left clear, I suppose that it could be written to. But even so, that stuff wouldn't be part of the CD file system, so I don't see how it could get read.

 

Probably not if CD was finalized.