how to build a secure/private notebook

hi people im new to the forum my name's tony. basically, im not a tech savvy dude (not compared to alot of you anyway) but i am studying to become an investigative journalist. i never considered privacy/security a big issue a while back to be honest but this past year ive really opened my mind on just how dangerous it is on the web and in cyber space.

ive done a quite a bit of research on the topic of privacy and anonymity but its so technical and confusing. ive kind of narrowed down what i need to do but i need some help. basically ive got a few questions that if anybody can help with it would be appreciated and would also serve as an archive of some sort for anybody asking the same thing. in advance i apologize if these questions have been asked and answer before.

1. so i understand that the best setup is tor in conjunction with a good vpn but what actually is a great secure vpn that is trusted by the privacy crowd and has a good record as well as a reasonable price?

2. how do you actually use the vpn and tor together. is it ok for general safe browsing to use the tor browser bundle with a vpn and how would that actually be setup.

3. is the tor browser automaticaly configured to not leak your ip address through scripts and flash etc and fight device fingerprinting?

4. is the tor browser automatically configured to use guard nodes for the first node?

5. how do you pay for a vpn client anonymously?

6. im a pc guy but i was given a macbook air through a scholarship. do i need to install some aftermarket firewall to be able to block ports and block functions that would help privacy or does the standard mac osx firewall handle those things?

7. i heard the tor browser bundle comes with a plugin that makes it seem like its not on an osx machine but rather a pc, is that true?

8. is it easy to patch the tor bundle browser so that it's always up to date and secure?

9. i know there are alot of penetration testing websites for dns leaks, scripts etc that give you a result on how good your privacy setup is. which one is the best one that covers all the requirements?

10. How slow will a VPN+Tor setup be if on a 15Mbps internet connection?

11. i heard that you need to change the dns settings for you connection but im confused by that. lets assume your isp only allows internet connection if you go through their dns, what do i have to do in this case or am i misunderstanding something?

so basically my setup would be tor browser bundle in conjunction with a vpn. am i missing something here and do you guys have any tips or advice/suggestions.

appreciate any help i can get. this is a difficult time for freedom especially freedom of the press and without that we are all screwed.

 

I believe Snowden used Linux Tails. He also covered his laptop with a blanket when he was entering the password, I assume to counter video surveillance.

You can't use flash with Tor browser, you can't install any addons in the Tor browser, you have to use it the way it was set up. Not even an adblocker.

You send cash by mail. Be careful about the cameras in the post office.

Don't bother. Abandon MacOS or Windows alltogether and install linux. Mac and Windows are widely believed to have a backdoor. That's why Snowden didn't used them.

Tor is very slow. Your VPN connection speed won't matter because Tor will be the bottleneck.

Yeah. I would use one laptop for personal stuff and another one for your journalist work. I would never leave your laptop that you use for journalist work out of sight since key-loggers can be easily installed.

 

@prnoid_ntrepreneur: Have you thought about using Tails? An article about Tails is http://lifehacker.com/5916551/browse-like-bond-use-any-computer-without-leaving-a-trace-with-tails. Maybe you could use Tails on your Mac, with your PC for non-sensitive stuff.

 

To be properly secure your going to need to;

- use Tails from a CD (USB can be hacked / overwritten), with a verified download signature
- save any files to a truecrypt (or otherwise encrypted) usb
- have strong passwords that are kept in a password manager such as keepassx (preferably on the aformentioned usb)
- be careful using a VPN and tor together (to be honest, I'd suggest forgetting the VPN and just using tor/tails, unless you know what you are doing)
- have good OPSEC (search youtube for 'Grugq opsec')
- know how to encrypt / decrypt using GPG

Using Tails/Debian/Ubuntu (i.e. fairly user friendly versions of linux) is not that different to Mac/OS X (Mac is actually built on linux).

A backdoor is a way for someone else (e.g. the NSA / a hacker) to get access to your computer. A VPN/Tor will encrypt your traffic so that people (/the NSA) can't read it, and mask your IP address (your computer's identity/location) so that they don't know where you are. However this isn't going to help if you have a backdoor that is sending screenshots to the NSA.

 

OP,
You don't have to permanently install linux on your Mac. You can keep on using Mac OS X or whatever the most recent version of of Mac you have for daily facebook/netflix/non sensitive email and other non private tasks. Whenever you want to do actual sensitive journalist work/research then just pop in Tails CD.
If your job is not that sensitive then I would forgo putting a blanket over your laptop or using VPN. Just use TOR, Snowden's documents have shown that NSA cannot decrypt all TOR communications.
Good luck.

 

@prnoid_ntrepreneur: In case you don't know: How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID.

 

Interesting read. But how are they going to implant a malware on an OS that runs from a CD and never writes anything on the hard drive?

 

The first post mentioned possible use of Tor Browser Bundle.

 

Well, they could implant malware during a particular Tails session. And they might get to your storage partition, if you ran from a USB and enabled that. They might even manage to mount your machine's drive(s).

 

They won't be able to bypass the mechanical USB switch, better yet they won't be able to write to a DVD-R.
As for the current session, I guess there isn't much that the end user can do, especially if they found a vulnerability in one of the plug ins.

 

I wonder how those USB write-protect switches work. Are they fail-safe?

The only way to be sure about disk writes is having no HDD/SSD present.

 

well id probably rather use whonix than tails if im going to go with a whole new OS but i really dont think i can pull it off perfectly without shooting myself in the foot. but im thinking why go through all that trouble i mean im not some elite hacker, im just a student who is aspiring to be a great journalist. my aim for anonymity and privacy is mostly paranoia because i dont feel comfortable with someone or a group snooping on my research. right now my aim is to learn and become wiser.

root_my_face i would rather use a vpn because i dont feel comfortable with my isp knowing im using tor so id rather connect to a vpn first then use the tbb. tails doesnt allow that. i know whonix can be used that way but again whonix is not for novice users like me. im pretty competent compared to most people but not to most on this forum.

is using a vpn and tbb in mac osx really that bad of an anon/privacy setup if im not using email or storing sensitive data?

 

The easiest route for you would be to have 2 separate machines. Keep the one you have your sensitive material on off line all the time. Use the other one to compile your data. Transfer the data from one machine to the other via an encrypted USB stick. This way you don't have to learn how to be any sort of super hacker. And no matter how much you learn there's not any state more secure/private/anonymous than a permanently, physically disconnected box. And you can use whatever OS you want. Your only concern then for that box would be to keep it encrypted.

The trade off of course is whether or not you have the money/means to acquire the 2'nd box. But the one you're keeping off line doesn't need to be anything fancy. Just have enough HD space to store whatever you need. Besides that the specs can be low, like XP with 1 GB RAM and a single core CPU. They practically give away machines like that these days. Get on Craigslist and someone would probably be willing to trade one for a stick of gum.

 

How to Setup a VPN in Tails OS Running Tor