I have two new privacy guides online!

Discussion in 'privacy technology' started by mirimir, Sep 4, 2014.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
  2. dasblub

    dasblub Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    1
    THANKS!
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I have never used a VPN service, so I know nothing!

    Do you have a commercial interest in IPVN.net?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    They do pay me to write guides, as a freelance. The guides are purely informational, and not promotional. At least, unless one thinks well of them because they pay me ;) I have no other commercial interest in iVPN, as a partner, employee, affiliate or whatever.
     
    Last edited: Sep 4, 2014
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Well done mirimir. I just glanced over the second article. I will read them more thoroughly later.
     
  6. guest

    guest Guest

    Congratulations! Now mirimir is officially on the top list of NSA's most wanted. =V

    Nah joking lol. Thank you for the guides. I'm thinking that these should be pinned or something.
     
  7. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Again, you know your stuff, man.
     
  8. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    @mirimir

    Exceptionally high compliment. You have probably gathered that I have an all consuming interest in Privacy and Anonymity. It is my passion. Your knowledge never ceases to amaze me. Mirimir when it comes to anonymity and privacy I am extremely advanced, and yet you come up with material that literally blows me away sometimes. Good work there guy!!!! I hope you continue to publish for iVPN.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Well done mirimir.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Everyone, thanks for the praise. It's sweet. I've learned a lot in the course of writing them.

    And please, find stuff in them that's wrong, areas that are weak, and so on. I definitely don't want to mislead people. I've considered expanding "Adversaries and Anonymity Systems" into a full review article, with cites to the literature.
     
  11. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    thank you mirimir as always :)
     
  12. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Ok, I just read "Will a VPN protect me" more thoroughly. I really like the categorization by levels of security privacy and anonymity and what is needed at each level. Deep anonymity requires a lot of thought and effort to achieve. Relative privacy and light anonymity is fairly easy and is all most of us need in most circumstances.

    One thing that you don't mention in sections 7, 8, and 9 where you are dealing with real serious threats and totalitarian censorship, is the use of USB sticks for offline transfer of sensitive data. I recently saw a report on one totalitarian state with severe censorship and there was a thriving black market in USB data. USB sticks were both sold with data on them and there were sellers who would put that data on the stick for clients. Most of them used dedicated USB stick copiers that could copy the same data to multiple sticks at the same time. The data was censored media content but it could easily be something like the TOR browser or list of VPNgate servers. USB sticks can be encrypted and data can be hidden on them. Software can be run from them without being installed on the host computer. You can even put a whole operating system on them and boot to it when needed and leave the host computer completely untouched by what was done in that session. They are easily hidden and destroyed just like the USB wifi dongles.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    @MisterB

    That's an excellent point. I focused on communication, and didn't say much about OS and storage encryption. One problem is that most people who have PCs probably use Windows, and many now just use Android or Apple. And I'm pretty ignorant about all three.

    I'll add more about all that, but I need to research first. I would appreciate suggestions, with links.
     
  14. x942

    x942 Guest

    Feel free to PM if you have any questions. My previous job had me working security and forensics on all three of those platforms but primarily Android and Apple (iPhone/Mac). Great job on the guides!
     
  15. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
  16. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Beyond cool. Essential knowledge.
     
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    Mirimir, it is one thing to be technically proficient but quite another to be that and able to convey it in as palatable fashion as possible to the many. You've managed to do that. Great articles, good job, and well written.
     
  18. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    Great reading just finished although barely understood half of it ! But good to get the jist of I was intrigued by "instant-wipe hotkey"

    Sounds very mission impossible to have a hot key that can wipe your encrypted boot headers or delete your hdd making it unreadable even for forensics I thought stuff does not exist?
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    See https://www.wilderssecurity.com/threads/how-to-encrypt-ubuntu.327715/#post-2086767

    For a hot key, just put "head -c 1052672 /dev/urandom > /dev/sdb1; sync" (replacing "sdb1" with your LUKS partition) in "wipe.sh". Then setup a hot key to run "wipe.sh". See http://stackoverflow.com/questions/4200800/in-bash-how-do-i-bind-a-function-key-to-a-command . But be very careful. Learn and test on a VM with dm-crypt/LUKS. Be very sure that you have a good backup of the LUKS header. And also be very sure that you have a good backup of the system.
     
  20. Paranoid Eye

    Paranoid Eye Registered Member

    Joined:
    Dec 15, 2013
    Posts:
    174
    Location:
    io
    Very interesting have yet to make the bold move to linux distros but that is a very good reason too!
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, in Windows you have the possibility of TrueCrypt hidden OS, which is arguably better. However, it also seems more prone to error, judging from what I see on Wilders :( But maybe that's just because more people use it.
     
  22. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I've been gone so long... great job my friend! Hope I can stay around longer with no travel! :)
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Hey :)
     
  24. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Could you clarify what you feel the purpose of the VPNs in front of the JonDonym service would be? One of the advantages I see to the JonDonym service is specifically that it IS subject to warranted inspection by the authorities, which I'm OK with (I'm extremely unhappy about the bulk/unwarranted stuff!). Seems to me that taking elaborate steps to avoid warranted inspection is more likely to annoy and therefore expose you to attack and investigation (even if you're doing lawful things).

    What's your view of using a VM which reverts to a snapshot (rather than a hidden OS)?
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I don't like "warranted inspection by the authorities" because there aren't any authorities that I trust.

    I added JonDonym to the anonymity chains for obscuring online activity from governments, because it's harder to crack than VPN services. I put VPNs in front of JonDonym in order to hide it from ISPs, because it's far less popular than either Tor or VPN services. Generally, it's best to appear uninteresting to ISPs, because they know who you are, and VPNs are the most common approach.
    That's a viable approach, as long as you don't need to save anything, or can hide encrypted USB flash drives or whatever. But you do need to trust VirtualBox not to save anything. Maybe better would be setting up your workspace VM, and then using bootcd to create a bootable ISO. Then you can run a VM with no hard disk attached.
     
Loading...