My current setup testing (Advice Welcomes Graciously)

If anyone would be kind enough to read what I've done with my browsers I would appreciate any poitive feed back and/or criticisms.

I was having problems with the new Firefox and Sandboxie. With sound. I did find a fix that works sometimes. suddenly, animated gifs aren't working, even in private messages. today at least. I've never had these problems with Firefox and Sandboxie before.
Recommendation:

Another contributor, and I must say one is quite an asset to Wilders, Bo, in the Sandboxie forum.
[ change "security.sandbox.content.level" to 2 or 1 or 0, "security.sandbox.content.level" to 2 or 1 or 0., If that don't work, try disabling Multiprocess, in about:config, change value to false: "browser.tabs.remote.autostart", make sure browser.tabs.remote.autostart.2 is also set to false-, If that dont work, try disabling Multiprocess, in about:config, change value to false: "browser.tabs.remote.autostart", .]

I did try "change "security.sandbox.content.level" to 2 or 1 or 0" and it works sometimes.
So I decided to try portable Cybeefox installed inside of a truecrypt container.
(So I decided to try portable Cyberfox portable in a Truecrypt folder. So far I have one for Wilders (The folder name titles Wilders) and one for Facebook (titled Facebook). Anything more personal I will use a different virtual machine. I changed the addons a little bitto give them a different fingerprint. I wonder though if it would be a better idea to put Facebook and Wilders in separate containers and use different letters to open them up..) - Does this seem to be okay" I have to use older versions of addons because the newer ones don't work.

CyberfoxPortable_52.7.2.0
**************************************************
[As per Mirmir's instructions, I have made these changes.]

About:config
Geo.enabled - False
media.peerconnection.enabled - False
Toggle "webgl.disabled" to "true"
In NoScript options, check "Forbid WebGL" in the "Embeddings" tab.
Install Canvas defender addon.
Install Disable WebRTC addon.
Install NoScript addon, and check "Forbid WebGL" in "Embeddings" tab, in options
**************************************************
[I had to use earlier versions of most addons but they have updated some since.]

Addons: video downloadhelper
Canvas Defender 1.1.0 - (I use to have to disable this addon before I could get Gmail to load, but no more).
Disable WebRTC 1.0.16
Adblock plus
Adblock origin
**************************************************
In Options - when Cyberfox Opens - Blank Page
Play DRM content - unchecked
Use tracking protection in private windows checked
Geographical Location - unchecked
WebRTC peer connection - unchecked
*******************************************
History Custom Setiings:
Always use private window - Unchecked
Remember search and form history - Unchecked
Remember my browsing and download history - Unchecked
Checked - accept cookies from sites - Unchecked
Accept third party cookies - Never
Keep until "I close Cyberfox"
Clear History when Cyberfox closes (in settings everything checked) and also delete sata from the History bar at the top, everything from the beginning of time.
********************************************************
Remember logins - unchecked
Tell me when a website asks to store data for offline use
********************************************************
I have Shadow Defender with 4,200 MB used for RAM and write cache encrypted
I use Sanboxie with Eraser to wipe remnants and possible malware and "Drop Rights" is checked
I am not sure that Shadow Defender uses RAM only as long as I stay within my limit, but I have only used Recuva to scan and test it. I don't have near the expertice to do a proper study.
************************************************************
I know that using Windoes as my host machine so I am going to learn more about Lynix. I've used Whonix and did learn how to install a different browser and music player. But I have no idea what version of Lynix that I should use as my host. But I have read that I can install Lynix and keep Windows too. Just decide which one I want to use.

 

I think Bo's your best resource for Sandboxie, and issues with FF.

Perhaps you might find using virtual machines with a Linux guest would be a productive start? Personally, I never browse (or do much really), from the host itself.

Somewhat analogous to Sandboxie, on Linux we have Firejail which is in some ways more flexible and powerful, and ships with a lot of application specific profiles. This works fine with FF of all types, although now the sandboxing is done by FF itself, there are numerous restrictions imposed by Firejail and AppArmor if you wish. One really nice thing is that Firejail allows multiple profiles/command lines for a given program, so that you can start FF up in a number of different ways (so that it's wiped every time, or starts up in a different home profile).

 

Yes, you want to minimize risks of compromising the host. I just manage VMs and update packages.

 

I've also taken to producing TOTP codes from Yubikey CCID, and also copying passwords from a password manager on the host, up to the VM. The programs on the host are also Firejailed to prevent network access. This way, the secrets are in a different process address space, and there's the strong level of isolation between Guest and Host (exploits are rare).

To clarify the operation of firejail, you can specify a home directory for an instance and the sites open in that browser will see NOTHING of what happens in an alternative directory (I think this is one of the objectives of OP?) So for example, you could command:

firejail --profile=fbdirectory cyberfox -no-remote
firejail --profile=wildersdirectory cyberfox -no-remote

and the instances of cyberfox would have no knowledge of each other, would have completely distinct profiles. I personally don't operate distinct VMs for this purpose, though of course you can do so if desired (and you could make the disks on one of them immutable in virtualbox if you wanted the session to disappear afterwards.

If your intent was also to encrypt stuff as well, that could be done with LUKS on host/vm or both. SSD is recommended!

 

Yes, I've used Debian VMs with LUKS. I've also used RAID with virtual disks on different physical disks. Just out of curiosity.

 

I would go to SSD's instantly if I could resolve the backup protocol to my satisfaction. deBoetie and Mirimir - we are alike with host notions.

deBoetie example: I have a 150 Gig partition running LVM on LUKS separate from many other unique partitions running other OS's. How do I then do a sector based backup so I can always write back my image in the exact same space? This is child's play on a SATA platter. Moving even one sector would damage other systems adjoining the one in question. SSD's are always moving crap around and my systems are quite complex in construction. I cannot rest on the notion of a "hot image" backup. I only do forensic backups and SSD's don't appear friendly in that regard. It takes many hours, and sometimes days to construct my systems from scratch. SSD's are lightning fast and for family computers where a "hot image" is acceptable they are the way to go. Am I missing something?

 

I don't do image backups. I only work in VMs, anyway. So at most I backup copies of the VM files. And generally, I just backup user data. My hosts are all Linux, so it's convenient to use USB drives (mostly SSDs) encrypted with LUKS.

For the VPN testing work, for example, I tested each VPN in separate Windows and OS X VMs. Cloned from fresh installs. If I tested a VPN more than once, I used a fresh clone. And I kept a copy of every VM, for reference.

 

Likewise, I've given up on image backups (effectively that's reserved for the VMs). If something goes wrong, I rebuild from scratch if system restore or timeshift doesn't work, in part because I am never sure if the previous state is as clean as I hoped. Persistent data is rigorously separated from image operation, as it is for VM. Rebuild isn't complex because there's little software on the host anyway. I don't think I could bear running away from SSD for this purpose, once hooked it's impossible to go back!

I would really love a distro which allowed the same convenient functionality as snapshots or pendrive operation as the VM guests would do. Probably the closest to that is Qubes, with the template VMs, of course that's virtualised.

Slightly tangentially, I've been able to use LUKS with Yubikey HMAC in a slot as well as a conventional long-strong, which seems to work well (a debian package). However, thinking it through, because of the nature of FDE, I'm not comfortable with someone having the second factor, because I think they would be able to brute force the resultant unless it's much stronger than a PIN, because of the exposed nature of FDE as opposed to account login. What might work is a HMAC generator which slowed down responses when the challenges came too fast and maybe stopped for a while. So my conclusion is that for this application, you have to put up with the long-strong.

 

Yeah. I use the "initial letter of a long quote" approach. So I just need to remember which quote for which machine.

 

Thanks buddy. I think It's time that I start learning more about Linux. I've used Whonix but but understanding is limited. It's so different.

 

If I remember correctly, you once recommended that I use Linux has that host. Is there a way to install Linux while keeping Windows and choosing which operation system to start as host?

 

That sounds fantastic, thanks!

 

I have read conflicting reports of SSD's retaining information. difficulty with overwriting data (although Privazer claims to have no problem wiping an SSD and then I have heard that SSD's are a a forensic nightmare for recovering deleted data.

 

That's a pretty neat idea

Do you think it is possible to brute for a TC container for fully encrypted ext HD with a password of, say, a mix of 35 upper case, lower case, numbers and symbols, ? Also, if you encrypt a USB or ext HD, is there a small portion of data that somehow gets left encrypted.

 

Yes. You can dual boot. I've never done it. And you need to be careful, because Windows has this feature of formatting partitions that it doesn't understand.

Unless you need Windows for gaming or other CPU/graphics intensive stuff, I recommend running it as a VM. Or in a separate computer.

 

IF your mix is truly random and 5 or 6 bits per character, then that sounds like it will deliver way in excess of 80 bits password entropy (plus some from key stretching), which is supposedly good for a few years. So it might be overkill. It worries me slightly when people use the famous quotes approach, because they can be programmed into a directed password cracking tool - that already happens, they use common passwords and any strings you have on your machines or communications if they can get hold of them. So if I do tBontBtitq?! - it doesn't take a Shakespeare buff to crack that one.

Personally, I use Diceware words based on physical dice roll. Because I touch type, I can crank out long passwords fast and reliably, given that the words are in muscle memory and I don't have to scratch my head about special rules for capitalisation or decoration, and they're easy enough to remember, I find. I'm also reassured about the reality of my entropy.

If using TC, the header is of course unencrypted in a way (unless you keep it elsewhere and write it every time), but that does not help your adversary much. Remember the wrench threat!

Regarding Yubikey HMAC and the Luks package, it is possible to program the YK Hmac so that it requires a finger press to emit the response, which would obviously hamper brute forcing since that takes seconds. That of course relies on the touch mechanism being non-subvertable, which might be OK for most adversaries.

To echo @mirimir , if you like gaming, have that on a completely distinct machine, the stuff gaming software does is dire. The other problem of dual booting is that the other (possibly compromised) OS can write to the boot software of the alternate OS and do things like write rootkits to it. Unless you have some form of TPM backed secure boot, that is hard to protect against. You're better off having no permanently attached drives and connecting the environment you want at the time to the machine, and even then, you need to worry about mac addresses and other machine-identifying markers.

 

That sounds absolutely wonderful. I think it's time to for start transitioning to Linux, especially on the host machine so I'm glad to know that there are is powerful sandboxing tool. It sounds wonderful, thanks.

 

You have warned me of this before and it has been eating at me ever since.

 

I have an SSD, 675G, 8G Ram upgradable to 24G. I just need to learn how to decid what I want to use as the host. I'm thinking that I could use Windows 7 for my real identity but maybe that's not a good idea. I've read that you can choose which host to boot at will. I could always use a W7 in a VM for my real identity. Then eventually learn how to chain VM's like Mirmir does. I'll have to admit that I would get a kick outmof that.

My question is, doesn't Linux leave traces of personal information on the SSD, too?

 

What might work is a HMAC generator which slowed down responses when the challenges came too fast and maybe stopped for a while. So my conclusion is that for this application, you have to put up with the long-strong.

If I'm understanding you correctly you could slow down any attempts to crack the password to you FDE? I still haven't learned how to encrypt a hard drive. I'm somewhat embarrassed since I've been here so long but I'm going to be making a lot of changes.

 

It is possible to configure - say - the Yubikey so that it requires a keypress to emit the HMAC response to a challenge, and that takes order of a second or two, even if automated. As you say, the idea is to slow down the rate at which brute-forcing can happen, so that potentially a weaker passphrase can be used. But, you're then closer to a single factor which the adversary has.

Any passphrase you supply is treated with a salt to derive a key, and the real disk encryption key is normally held in an encrypted header unlocked by your passphrase/salt combination - this allows you to change your passphrase without changing the encryption key (which would necessitate re-encrypting the whole disk). So when you enter your FDE password, the header is decrypted and the disk key put into memory so that the contents can be decrypted on the fly.

This is also why it's important to backup/manage the header carefully - without it, your disk contents are unrecoverable.

 

If I use a password with 45 or 50 characters, no words, upper and lower case, numbers and symbols, can that actually be cracked with current technology?

 

Unlikely, I think

 

Thanks