how to build a secure/private notebook

Discussion in 'privacy technology' started by prnoid_ntrepreneur, Feb 10, 2014.

Thread Status:
Not open for further replies.
  1. prnoid_ntrepreneur

    prnoid_ntrepreneur Registered Member

    Joined:
    Feb 10, 2014
    Posts:
    8
    Location:
    Antarctica
    hi people im new to the forum my name's tony. basically, im not a tech savvy dude (not compared to alot of you anyway) but i am studying to become an investigative journalist. i never considered privacy/security a big issue a while back to be honest but this past year ive really opened my mind on just how dangerous it is on the web and in cyber space.

    ive done a quite a bit of research on the topic of privacy and anonymity but its so technical and confusing. ive kind of narrowed down what i need to do but i need some help. basically ive got a few questions that if anybody can help with it would be appreciated and would also serve as an archive of some sort for anybody asking the same thing. in advance i apologize if these questions have been asked and answer before.

    1. so i understand that the best setup is tor in conjunction with a good vpn but what actually is a great secure vpn that is trusted by the privacy crowd and has a good record as well as a reasonable price?

    2. how do you actually use the vpn and tor together. is it ok for general safe browsing to use the tor browser bundle with a vpn and how would that actually be setup.

    3. is the tor browser automaticaly configured to not leak your ip address through scripts and flash etc and fight device fingerprinting?

    4. is the tor browser automatically configured to use guard nodes for the first node?

    5. how do you pay for a vpn client anonymously?

    6. im a pc guy but i was given a macbook air through a scholarship. do i need to install some aftermarket firewall to be able to block ports and block functions that would help privacy or does the standard mac osx firewall handle those things?

    7. i heard the tor browser bundle comes with a plugin that makes it seem like its not on an osx machine but rather a pc, is that true?

    8. is it easy to patch the tor bundle browser so that it's always up to date and secure?

    9. i know there are alot of penetration testing websites for dns leaks, scripts etc that give you a result on how good your privacy setup is. which one is the best one that covers all the requirements?

    10. How slow will a VPN+Tor setup be if on a 15Mbps internet connection?

    11. i heard that you need to change the dns settings for you connection but im confused by that. lets assume your isp only allows internet connection if you go through their dns, what do i have to do in this case or am i misunderstanding something?

    so basically my setup would be tor browser bundle in conjunction with a vpn. am i missing something here and do you guys have any tips or advice/suggestions.

    appreciate any help i can get. this is a difficult time for freedom especially freedom of the press and without that we are all screwed.
     
  2. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    I believe Snowden used Linux Tails. He also covered his laptop with a blanket when he was entering the password, I assume to counter video surveillance.

    You can't use flash with Tor browser, you can't install any addons in the Tor browser, you have to use it the way it was set up. Not even an adblocker.

    You send cash by mail. Be careful about the cameras in the post office.


    Don't bother. Abandon MacOS or Windows alltogether and install linux. Mac and Windows are widely believed to have a backdoor. That's why Snowden didn't used them.

    Tor is very slow. Your VPN connection speed won't matter because Tor will be the bottleneck.

    Yeah. I would use one laptop for personal stuff and another one for your journalist work. I would never leave your laptop that you use for journalist work out of sight since key-loggers can be easily installed.
     
  3. prnoid_ntrepreneur

    prnoid_ntrepreneur Registered Member

    Joined:
    Feb 10, 2014
    Posts:
    8
    Location:
    Antarctica
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Last edited: Feb 11, 2014
  5. root_my_face

    root_my_face Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    10
    To be properly secure your going to need to;

    - use Tails from a CD (USB can be hacked / overwritten), with a verified download signature
    - save any files to a truecrypt (or otherwise encrypted) usb
    - have strong passwords that are kept in a password manager such as keepassx (preferably on the aformentioned usb)
    - be careful using a VPN and tor together (to be honest, I'd suggest forgetting the VPN and just using tor/tails, unless you know what you are doing)
    - have good OPSEC (search youtube for 'Grugq opsec')
    - know how to encrypt / decrypt using GPG

    Using Tails/Debian/Ubuntu (i.e. fairly user friendly versions of linux) is not that different to Mac/OS X (Mac is actually built on linux).

    A backdoor is a way for someone else (e.g. the NSA / a hacker) to get access to your computer. A VPN/Tor will encrypt your traffic so that people (/the NSA) can't read it, and mask your IP address (your computer's identity/location) so that they don't know where you are. However this isn't going to help if you have a backdoor that is sending screenshots to the NSA.
     
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    OP,
    You don't have to permanently install linux on your Mac. You can keep on using Mac OS X or whatever the most recent version of of Mac you have for daily facebook/netflix/non sensitive email and other non private tasks. Whenever you want to do actual sensitive journalist work/research then just pop in Tails CD.
    If your job is not that sensitive then I would forgo putting a blanket over your laptop or using VPN. Just use TOR, Snowden's documents have shown that NSA cannot decrypt all TOR communications.
    Good luck.
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  8. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The first post mentioned possible use of Tor Browser Bundle.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, they could implant malware during a particular Tails session. And they might get to your storage partition, if you ran from a USB and enabled that. They might even manage to mount your machine's drive(s).
     
  11. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,785
    Location:
    US
    They won't be able to bypass the mechanical USB switch, better yet they won't be able to write to a DVD-R.
    As for the current session, I guess there isn't much that the end user can do, especially if they found a vulnerability in one of the plug ins.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I wonder how those USB write-protect switches work. Are they fail-safe?

    The only way to be sure about disk writes is having no HDD/SSD present.
     
  13. prnoid_ntrepreneur

    prnoid_ntrepreneur Registered Member

    Joined:
    Feb 10, 2014
    Posts:
    8
    Location:
    Antarctica
    well id probably rather use whonix than tails if im going to go with a whole new OS but i really dont think i can pull it off perfectly without shooting myself in the foot. but im thinking why go through all that trouble i mean im not some elite hacker, im just a student who is aspiring to be a great journalist. my aim for anonymity and privacy is mostly paranoia because i dont feel comfortable with someone or a group snooping on my research. right now my aim is to learn and become wiser.

    root_my_face i would rather use a vpn because i dont feel comfortable with my isp knowing im using tor so id rather connect to a vpn first then use the tbb. tails doesnt allow that. i know whonix can be used that way but again whonix is not for novice users like me. im pretty competent compared to most people but not to most on this forum.

    is using a vpn and tbb in mac osx really that bad of an anon/privacy setup if im not using email or storing sensitive data?
     
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    The easiest route for you would be to have 2 separate machines. Keep the one you have your sensitive material on off line all the time. Use the other one to compile your data. Transfer the data from one machine to the other via an encrypted USB stick. This way you don't have to learn how to be any sort of super hacker. And no matter how much you learn there's not any state more secure/private/anonymous than a permanently, physically disconnected box. And you can use whatever OS you want. Your only concern then for that box would be to keep it encrypted.

    The trade off of course is whether or not you have the money/means to acquire the 2'nd box. But the one you're keeping off line doesn't need to be anything fancy. Just have enough HD space to store whatever you need. Besides that the specs can be low, like XP with 1 GB RAM and a single core CPU. They practically give away machines like that these days. Get on Craigslist and someone would probably be willing to trade one for a stick of gum.
     
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.