Thanks, "there aren't any authorities that I trust" - indeed. The aspect of the current crazy situation I tend to worry about most is that of false positives from algorithms doing data mining, getting on some automated watchlist and having your life hell thereafter with no recourse. If they have to take real-life effort and people involved to get a warrant, then that increased cost to them is a form of protection from over-reach. I mean, they can make my life bad in lots of ways regardless, I'd rather they had to specifically be interested in me first for some articulated reason.... I like your idea of using the VPN to cover the initial ISP leg, then hopping onto JonDonym. Also like the idea of a bootable ISO VM with no hdd, neat. There's a trick with pendrive Linux I use which might be relevant, e.g. using Slackware Puppy on a usb stick, but instead of relying on the write lock tab on sd cards (which I don't think is secure), I whip the usb stick out once the OS is loaded but before I go browsing anywhere. Everything's then in RAM, and the usb stick can't be written to - it's not there! This also allows you to update the distro periodically or add packages as needed, without browsing anywhere, and then saving it to the usb stick. Persisted data can be on a separate Truecrypt stick (not hidden OS), but there won't be any traces once the OS is shutdown.
I also worry about getting flagged for special attention, but only on the ISP side. I must use something encrypted, and a popular VPN service seems the least attention-getting. Once I'm two or three VPNs out, I don't worry about using JondoNym and/or Tor. And I don't care very much what websites see, or what tracking I attract. If I need to access some website that blocks Tor, I just use a proxy or VPN to bypass the block. The consensus on the JonDonym forum seems to be routing JonDonym via Tor, rather than vice versa. There's even a Tor SOCKS5 proxy option in the JonDonym client. But I think it better to tunnel more-anonymous stuff through less-anonymous stuff, and slower stuff through faster stuff. So that means tunneling JonDonym through VPNs, and Tor through JonDonym. That's an interesting approach. I know that bootable USBs load into RAM, but I've never tried removing the USB stick. Thanks
These guides are always must reads for me. Everything you post in here is in fact. I've learned so much from you. I was kicking around the idea awhile back about moving everything portable onto a USB stick, and have a nice DataTraveler 4000 (64 MB) sitting around that'd be ideal for the job. But just never got around to it. Now I'm thinking about it again.
Many thanks mirimir for your contributions. Your technical expertise, vast general knowledge, and most importantly rare insight into human nature and realities disguised as political rhetoric, make these guides simply invaluable. It takes a certain type of person to not only intuitively grasp and understand complex shifting landscapes, but also find a way to adapt and make it work in their favor. An example (of which there are many) can be found in numerous threads regarding VPN logging / privacy policy etc. Not sure if others have noticed, but mirimir has stated off hand on a few occasions, when it comes to VPNs and logging/privacy policy etc. (an issue many have) the wording (and by default issue in general) is relatively inconsequential as long as you adhere to a fundamental principle. The reality is, you shouldn't place your faith (let alone your freedom) in what anyone states / says (e.g. logging /privacy policy) let alone a "for profit" business. Case in point Bush vs Gore; whereby the supreme court ignored the constitution, invented a ruling and elected a president based upon a majority vote made up of republican appointed justices whose political ideologies / loyalties just happened to align with Bush. An important lesson exposing the victory of expediency vs principals in politics, in turn revealing the true power of political allies / loyalties. A more direct example can be found in the supreme court affordable act cases (obamacare) specifically oral arguments of Paul D. Clement vs Solicitor General Donald Verrilli (hats off to Mr Clement btw!). I believe Marcus Aurelius summed it up best "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth". Although these tendencies invariably shape our view / opinions for better or worse, one fundamental principle remains forever constant. That is, mankind's inherent selfishness and sense of distrust in ones neighbor (more often than not leading to hatred). To put into context, your VPN could log all your personal details and internet traffic, they could keep tabs and monitor all your activities. However (as mirimir noted) if your VPN was located in say Iran and requests were coming from a conflicting country (*cough* Israel) or the US and its allies; or better yet, if your VPN was located in Russia and the adversary and/or 3rd party requesting access was located in say Ukraine (Russia/Ukraine conflict) let alone the US and some if its allies (e.g. Netherlands flight MH17); I believe the expression "Not a snowballs chance in a cat scanner" would aptly describe a scenario in which your personal information is ever disclosed upon request by said adversary / 3rd party. Not to say choosing a VPN which respects privacy isn't important, it's an important first step, however it shouldn't be the sole focus. I see mirimir has taken time to reference SOI (spheres of influence) to help people better understand Geo-political landscapes / climates in order to assist in choosing VPNS. In addition, a reference was also made to UN voting records to assist those less familiar with foreign diplomatic relations. When I first came across mirimir's posts and saw how responses were always on point and framed in a real-world context (as opposed to theoretical text book replies) I immediately took note, and have been a fan ever since The only issue is, now that my setup (based upon your guides) is near completion, one can't help but feel a sense of hesitation, consternation and trepidation. That is, simply knowing your guides are uploaded for all to see, it theoretically allows a skilled adversary a blueprint to counter-act such a brilliant setup. Like the recipe for Coke / KFC.. if they ever got out.. One wonders how much it would cost for you take down said guides (or the advanced ones anyway). With the insight you've shown and the discipline required and outlined in your setup to achieve said setup, maybe I'd be doing you a favor Much respect and thanks again to mirimir p.s. please forgive the grammar am 18hours in
Thanks About, the guides: obscurity <> security. Also, there's no expectation that using VPN chains provides anything like strong anonymity. Tor doesn't either, according to the runtime warning. But it comes a lot closer. I use VPN chains for pseudonymity, and to hide my Tor and/or JonDonym use from my ISP, and sometimes from websites.
Agreed, there should be no expectations regarding VPN chains / Tor to provide strong anonymity. I believe they are simply pieces of a puzzle, misplacing any of the remainder pieces is tantamount to a mechanical watch missing a certain movement. Not only won't it function correctly, all the other intricate jewels / movements are useless without it. They need to be all running in sync, unrelentingly and precise in order to achieve the correct time. I think your advanced guides provide quite a detailed map to attain strong anonymity, but only to those who have the necessary mindset to incorporate all aspects of your guide as directed (as they would already have experience creating similar complex layered defenses, albeit perhaps in different areas) I think these people need to already possess an intuitive ability to make decisions on the fly based upon an inherent ability to instantly analyse a wealth of stimuli logically and dismiss that which isn't relevant, whilst simultaneous factoring in a perceived threat matrix, all the while separating emotion from the process. By perceived threat matrix, I mean it could be a decision to forgo an action knowing full well the negatives far outweigh the benefits (e.g. where an outcome is dependent on too many unknown variables, thereby inherently increasing the risk that said outcome will cause you issues) which means flanking the problem and coming up with a viable secondary option which factors out the unknown variables and ensures all angles are covered. To something as mundane as sacrificing a present gain knowing it will help you tomorrow afternoon at your all important meeting. That is, calculating on the fly that the small present sacrifice saves you some time, which will allow you to do A, which then helps you to finish B, which will influence your mood and make you feel C which then helps balance dopamine/seratonin levels, allowing for better rested sleep, leading to waking up with higher spirits, which increases self confidence, which inevitably can only benefit you at your meeting that afternoon etc. etc. I believe without this mindset, the advise given in your guide with regards to anonymity and your advanced setup guide ends up not reaching its full potential. Especially since your dealing in such an intricate area, where the smallest strand, that is, the smallest or seemingly unimportant act (a click here, a decision to download there) can result in an irrevocably compromised system. Unfortunately, unlike a roof where the leak is visible as there are few parts, the struggle for any semblance of privacy / anonymity on the internet could be said to be made up of thousands of inter-connectedparts. If one doesn't understand how one part can affect another part and the vital importance of keeping all parts not only in sync but compartmentalized where need be (not only speaking technically but also real-world implications) how can one hope to keep it all together and most importantly, adapt to changing circumstances and improvise where necessary? Ah, gone off on a tangent again.. noticed ou mention your reasoning behind using VPNS a few times reminds me of a response you gave on the subject of lulz/anonymous
Generally, one can tunnel any data protocol/stream through another data protocol/stream. Basically, you're just adding another header to the packets, and fragmenting as needed. That's how you route HTTPS through Tor or VPN, Tor through VPN, VPN through Tor or another VPN, and so on. There are sometimes limitations, such as Tor routing TCP but not UDP. But JonDonym can route both TCP and UDP, so you can tunnel either VPN or Tor through it. You just need a JonDonym gateway, typically a VM. The JonDonym client provides a proxy, which you use much like Tor's SOCKS proxy. The default is 127.0.0.1:4001. So you setup a JonDonym gateway just like the Tor gateway in Whonix. In Whonix, the Tor gateway VM by default has the IP 192.168.0.10 and the workstation VM by default has the IP 192.168.0.11. Apps on the workstation VM are configured to use various SOCKS5 ports on the gateway VM. The default browser port is 192.168.0.10:9050, for example. And so, if a JonDonym client were running on the gateway VM, apps on the workstation VM would be configured to use 192.168.0.10:4001. One of those apps could be the Tor client. The Tor manual explains for to specify proxies for accessing the Tor network. One might use a Debian VM with two network interfaces for the JonDonym client. Just as with the Tor gateway in Whonix, the WAN interface would provide access to the Internet via VirtualBox, or perhaps through a pfSense VPN-client VM. The LAN interface would provide access to the JonDonym proxy to workspace VMs on a shared VirtualBox internal network. One might instead use a pfSense VM, as I've done for VPN and Tor clients. But I haven't tested that yet. I'm not sure whether the JonDonym client will run on pfSense (which is based on FreeBSD).
YOU... have learned a lot lil' ol' me over the years? Geez man, I'm blushing here. Oh, and I meant a 32 GB stick actually, not 64 megs (obviously I'm not running an OS/setup off that).
