My "Online Privacy Through OPSEC and Compartmentalization" is finally up

Discussion in 'privacy general' started by mirimir, Sep 5, 2017.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  2. plat1098

    plat1098 Guest

    Incredibly substantial four-part read. Still reading through it but wanted to take time out to say "many thanks." :thumb:
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Nice reading, thnx.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Thanks, y'all :) I loved researching that. But a lot of writing.
     
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Very impressive mirimir, a fascinating read.
     
    Last edited: Sep 6, 2017
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Thanks, an important companion to your technical compartmentalisation guides.

    A quick point, I wondered for the general reader, whether a glossary of terms (e.g. like TLA) would be useful.

    It's ironic that Max Hill, the Independent reviewer of anti-terrorism legislation in the UK has suggested that users who remain anonymous should not benefit from encryption..... Which maximises the risks a user has to the kind of collusion you refer to.

    I didn't see a rather obvious de-anonymisation technique in the research quoted, which is that the set of browser tabs a user has open will very likely result in a distinctive trace when the browser is started - you would get a pretty distinctive suite of timestamps and urls which could be correlated either by ISP/TLA or backend. This is quite apart from any attempts to prevent browser fingerprinting, that would not help.
     
    Last edited: Sep 6, 2017
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    :)
    That's an excellent idea. I'll do that.
    There are many authoritarian jerks out there :(
    That is pretty obvious, indeed. I don't have browsers open saved tabs. But I do tend to start by opening Wilders, HN and so on. Opening Thunderbird and Keybase. That's not an issue for Mirimir, because he doesn't avoid tracking very hard. But if I did want to avoid tracking, that'd be a problem, for sure. So thanks, I'll add a comment about that.
     
  8. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    I think password harvesting is another one people don't consider they could be id'd by using the same or similar passwords across multiple sites or multiple personas.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    True.
     
  10. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Good point, and even when you adopt long strong ones, that could be distinctive if you go overboard. I think perhaps using 16 character randoms, as well as being strong-enough, would also be common enough as a pattern.

    Usernames are probably worse - I've considered only providing guids, but even that is going to be a distinctive pattern. Perhaps "user" is the only thing they ever need to know.

    As for memorable questions, I trust everyone reading here will avoid them with a very long bargepole.

    Plus, being born on 1/1/19xx is probably quite common.
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    Probably when you are active at all, and what you are typically active with, is going to be quite distinctive. Of course, if you are able to rigorously stick to each persona's distinct pattern, then that's OK. But it would be very easy to slip into starting everything up at the same time, for instance.

    I'm getting increasingly to the view that browsing is a very privacy destructive pattern, and that the real way forward is structured message exchange by automated agents (which could be made to have their own patterns and padding). There is no technical reason why marketplaces should not be based this way (think EDI), although a huge number of commercial reasons it's not happening - not to the consumer's benefit it has to be said.

    I'm from the era when batch processing was the default mode, and frankly, I much prefer those days, I actively dislike being on the end of a mainframe terminal which browsers have become (plus the eye-candy). And I do not want to give my eyes to these people on the current deal, I want my machine to be humming away on my behalf but leaving me free to do other things in my life.

    The other approach is to spread some confusing chaff, but even that's quite hard to do in an automated way, because of the peculiarities of human patterns. I've already considered this with banking sites since ISPs will be monitoring those Urls, and I do not want them (or the people they sell or lose it to), to know which one I actually bank with.
     
  12. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    If you need to remain anonymous there are probably a thousand traps you could fall into. Probably the most difficult to avoid is discussing ideas online, long before those ideas came together to form a basis for a project, which eventually becomes something that would put your own well being in jeopardy if you are id'd as being associated with it.
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    My thoughts are to position yourself in a small group (<12 members) where there is a technical expertise for working on a common project/task. The convention of the group all takes place in onion. For that model the major task is to correctly select the group members avoiding a mole. Ultimately trust no personna. I did this for over 15 years and we so far have never had an issue. Writing style is not observable in onion unless you gain TRUST to access the server in use. That is all I have to add about this thread. Such a model will only play out where extremes are in play and not for the general internet crowd.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.