We have a new blog on freedom and privacy: erehwon.dev.null

Discussion in 'privacy general' started by mirimir, Sep 19, 2015.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    It's a Tor onion service: http://dbshmc5frbchaum2.onion/

    It will feature reviews and how-to guides. I'll be doing a series of guides about the site itself.

    We invite collaborators, proposed posts, and comments. We focus on defense. Everything is allowed except spamming, doxxing, and such.

     
  2. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Not to mention static HTML is much more safe and secure and simple. No problem with having JS completely disabled.

    Sounds interesting Mirimir, in both detail and totality.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Thanks :) Need more content, though ...
     
  4. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    245
    This is what I get from Firefox: Error: Server not found. Hm...
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I knew that was coming ;)

    You have a few options. To get that URL directly, you need Tor. You could install VirtualBox, and then import the Whonix VMs. Or you could boot with the Tails LiveDVD. Or you could install Tor browser bundle.

    Or without Tor, you could instead browse http://dbshmc5frbchaum2.onion.to That's not generally safe for random onion services. But there's nothing dangerous at our blog, except information ;)
     
  6. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    95
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I did see that.
    Thadeus Zu seems to run on a lot ;)

    He does say:
    But I'm not going to waste my time on IRC ;)

    Also, lots of folks say that Tor is compromised ;)
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I just put up "Implementing Physical Networking (iVPN-Tor) / Workspace Isolation with Raspberry Pi 2".
    • gateway Pi2 with iVPN client and Tor
    • workspace Pi2 with Tor Browser
    LUKS and LVM2 are optional for both.
     
  9. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    It's occurred to me, but a lot of the anonymity guides recommend setting up a virtual machine, often running a full desktop operating systems (usually a linux-based system). But with what we know about the government exploiting vulnerabilities within the underlying architecture at a hardware, system, and software level and the risk of government malware compromising these systems. It occurred to me that this approach gives such adversaries a surface area to attack. Now I dig the idea of bringing back microcomputers, especially with the flexibility of raspberry pi. But wouldn't it also make more sense to setup a thin client? A thin client, similar to Chrome OS, would more than satisfy the need to connect to a remote service or server. Just seems that less hardware and fewer system services would be be the preferred platform for this type of activity. I've been following some of the projects involving raspberry pi and my recent research into chrome OS got me thinking. I'm just curious if there is a specific reason that we develop these privacy tools for full desktop systems. The only thing that I can think of is that they are targeting the masses. Similar to how Lindows targeted consumers that wanted a pre-fab system that could server as a functional substitution for a windows machine.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Reducing attack surface is a key goal in Qubes. But I'm dubious about Chrome OS. There's the Google connection, for one thing. And I don't think of it as security-focused. But maybe it's just my ignorance. I do agree that it's wasteful to run multiple copies of a full OS in the host and VMs. But using multiple copies is one way (albeit brute force) of keeping them isolated.

    For our blog, tor and lighttpd are each running in a Debian VM. I can see how using "lighter" VM-like things might expose less supporting stuff to adversaries. But then they would be exposing whatever mechanisms allowed them to use that stuff in the host OS. The question, then, is how secure those mechanisms might be. I can imagine doing better than VirtualBox. But I'm not so sure how likely doing better than Qubes would be.

    I wonder if I could run Qubes on a hosted server, and use tor and lighttpd AppVMs for an onion service site. Maybe someone who knows Qubes well could comment on that idea.
     
    Last edited: Sep 22, 2015
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @Techwiz - interesting thoughts, and it's my feeling that it's the services and windowing systems that need the isolation, not the OS (as in kernel of itself). To some extent, that is what Qubes is doing, with the templated AppVMs and isolation of network/usb services. It just happens that these things run on a "full" OS, but they wouldn't have to, it's a convenience thing.
    I suppose the other thing that's happening to help us (and yes, it does seem "wasteful"!) is the economics of RAM and the cost of cores. An Rpi2 1GHz core is about $10, while a 2GHz J1900 core is maybe $20. So running a full OS - as long as it's limited in terms of what services it's offering - is not so bad, whether physical boxes, hypervisor or Type 2 VM.
    I do want more attention to hardening-by-default even in desktop OS kernels, reference the grsecurity debacle. But I wouldn't choose ChromeOS because of privacy concerns and effective lack of local storage.
    One of the things that running a cluster of RPis seems to offer is the ability to roll-your-own segregation of services, possibly with things like data diodes using GPIO. And I've even been wondering whether the more terse remoting capabilities of Wayland (as a replacement for X) would allow the UI to run separately (in a physically different address space) from the application logic. Might at least work for non-video, non-gaming applications.
     
  12. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    Well I share your trepidation about trusting Google or any third-party for that matter. I guess I sort of envisioned a torbook for the masses that would make connecting and setup simple for non-tech users (higher adoption) and bring greater security in a convenient package. One of the things that I think lindows got right was that some 90% of the population assume an operating system comes pre-installed with the computer you buy. We see similar sentiment embodied in efforts to market smartphones with CyanogenMod. I guess I'm just a bit surprised we don't have a torbook on the market (at least none of that I'm aware). I suppose this might also have to do with the fact that the same excitement that leads geeks to find new uses for raspberry pi is lost on a boring thin client like Chrome OS. Not to mention, that I have a feeling we are seeing history repeat itself. Microcomputers and colleges teaching computer science and programming helped jump started the computer and information age. I can only imagine where we will be with raspberry pi and k-12 teaching computer science and programming. Anyways, I appreciate the feedback and my hats off to you for all of your hard work. I don't imagine that it was easy. My first year and half with linux documentation and forums has been quite the adventure.
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Right. And that in Eastern Europe just before the Soviet Union fell jump started the malware age :eek:
    Thanks. The hardest part was my stupid mistakes ;) Little things can go very wrong very fast, when SSH is your only link to some box on the other side of the planet :oops:
     
  14. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    I must admit that I've been lurking around the grsecurity discussion now for a couple weeks, despite being a total linux newbie. My studies are in information security, so concepts such as compartmentalization, defense in layers, and security through obscurity are the cornerstones of my education. So far in my research, common vulnerabilities exploits seem to focus on design and implementation flaws. So you won't find any disagreement from be when it comes to recommending hardening-by-default for commercial and enterprise solutions. One of the the things that stood out for me coming a from a C++ perspective into learning about Linux-bases systems (which the free audit through the Linux foundation was an incredible resource) was how compartmentalized Linux-based systems are by default compared to Windows and the efficient use of namespaces for process isolation. I agree with you on the privacy issues and that the limited local storage and hardware severely limit chrome-books. But the point that I was attempting to make is that, there are several positive features of running a thin client. That thin client doesn't need to run chrome OS. In fact, a privacy-oriented sub-net operating system, perhaps a Tor OS, could replace the chrome browser (with an enhanced Tor Browser), its web applications (with portable apps), and cloud-dependency (with external data storage). Such a thin client might not work for a power users that wants a full desktop operating system, but like chrome OS, this thin client would perform rudimentary task very well. You could browse the dark web, send and receive private correspondence, and the security model could probably improve upon Chrome OS security and privacy. For starters, the thin client wouldn't be geared for targeted advertising (so any advertising ID google has in chrome OS) would never be built into the operating system. Services like tor 2 web work would be flipped around. Users would route through a service that masks their thin client to appear as some other non-anonymous operating systems and browser, with support for HTML5 (maybe flash), etc. The spoofed information wouldn't need to be unique because everyone leaving the dark web would blend in with the crowd. Perhaps I'm over reaching what is possible, but it seems to me that the first place to start fixing privacy on the internet is bring back plausible deniability and throw out concepts that were designed to make it easier to fingerprint and track you. I have a lot of respect for the folks working to develop the tor browser, but I think we've established already there is a limit to how we can configure and control client side, when the backbone of the internet is working against privacy.
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @Techwiz - thanks, I guess we're aiming for the same things. Perhaps there are two clear threads here, a) how do we get a trustworthy (and usually minimal) "thin" client; and b) given that there ain't no such thing (at least for a while) - how do we compartmentalise to minimise the damage.
    Regarding the thin client, the Linux kernel is not at all thin, and I'm dismayed that "simple" things like Pax aren't in by default (whereas you can pop Emet on Windows easily). SELinux is hard to apply to desktops, grsecurity is up in the air, and Apparmor is somewhat a labor of love. I like Firejail (which uses namespaces amongst other things), and think it's essential for things like Firefox. Whatever base you choose, you're still exposed to the wonders of X if you want a desktop, and that weakens most hardening solutions substantially. What's more, with browsers and Flash, you're inviting cuckoos into the nest because most applications are not using the namespaces and other kernel facilities at all!
    This still leaves me with having to deal with inevitable zero-days with compartmentalisation - ultimately, I do not trust the big, complex kernel not to have any, therefore the only solution is physical address space isolation, which is partially achieved with VMs or Qubes (you have to trust the virtualisation on the basis that they're smaller than the kernel), or with different boxes.
    Then as you say, there is the issue of spoofing and blending in. Concepts in Qubes can apply, in terms of creating a range of domains/persona, with the ability to revert (to reduce fingerprinting), in conjunction with any browser-specific spoofing/address obfuscation going on. Again, Whonix on Qubes might assist with that. But it also allows you to cleanly operate the inevitable public persona where it is inevitable - and with care not that harmful - to be tracked.
    I'm beyond peeved that all this stuff is necessary, but here we are. I would be quite receptive to a high quality maintained security-focussed desktop distribution subscription for money, and maybe this is necessarily how the open-source model for this level of security has to work.
     
  16. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    95
    @mirimir
    Per Krebs investigation: Thadeus Zu's twiitter account is being use just not by one person but a group of people talking to each other in code. It may seem nonsensical but they are using youtube songs, pictures, pixel counts in pics, to communicate with each other. Amigo, Hombre, Ninjas etc. They use a lot of misdirection. Every TLE is looking for this group but are unable to track them down. Taunting the NSA, FBI, GCHQ, Krebs, Toronto Police must be a group with incredible technical skills or else they would have been found by now. They seem to be able to gather intelligence on the future moves of TLE as stated by this group under @deuszu

    .
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Yes, I've seen a few [some anonymous setup]->Twitter things. I wonder if a Pond->Twitter gateway is possible. The challenge is that Twitter can just nuke the posting account.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I just added a post with instructions that I used for setting up the server.

    Comments appreciated, here or there :)
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    The blog now hosts detailed instructions for building a custom Debian installer, installing on the server, and creating and configuring Tor-gateway and server VMs.

    I've locked everything down as well as I know. What's missing are app security and integrity monitoring. And DOS protection. With luck, it won't get pwned before I learn and implement that stuff :eek:
     
  20. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    If I visit your site mirmir, will I still be allowed to board a commercial airliner in the USA?

    :)

    "A flyer designed by the FBI and the Department of Justice to promote suspicious activity reporting in internet cafes lists basic tools used for online privacy as potential signs of terrorist activity. The document, part of a program called “Communities Against Terrorism”, lists the use of “anonymizers, portals, or other means to shield IP address” as a sign that a person could be engaged in or supporting terrorist activity. The use of encryption is also listed as a suspicious activity along with steganography, the practice of using “software to hide encrypted data in digital photos” or other media. In fact, the flyer recommends that anyone “overly concerned about privacy” or attempting to “shield the screen from view of others” should be considered suspicious and potentially engaged in terrorist activities."

    "https://publicintelligence.net/do-you-like-online-privacy-you-may-be-a-terrorist/

    Internet Cafe Flyer:
    https://info.publicintelligence.net/FBI-SuspiciousActivity/Internet_Cafe.pdf

    Gawd Bless The USA.
     
    Last edited: Oct 4, 2015
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    So hey, only access it via Tor. And only use Tor via some popular VPN service. And if you're really paranoid, only use the VPN service anonymously via public WiFi hotspot.

    ;)
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    All pages are now GnuPG signed :)

    Code:
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    
    mQINBFXlYZwBEACc7cE9JW0Db5L6uTcmQRnxZnZ2bzA3xXgHizn9qfCy8SMMrOAh
    cN8vLAUjbOn1K1z7mfsCwsbl2r4DnEs0VVSSvOBJTusqbtJhSWlowdHzmvTj1UTa
    xo9QTjRUbN1isl/FDqtPgTQ1WnpRu3YM8hHFq3smAqCZfVK21XMT6Iqzshn8mCF2
    VYtQrIWel/lm4/DY5oDELSdGwSUwbizXiLwmrAvWpkReHr9wEErDWfCAQEo9jFk6
    ccB/eNVdrugEKXYvvubM//3eobG2b5Xc7FTYYJVGBsUKNptJUpog6R05aupwcuef
    xurFywFVsX4MH8Xmpk58oMmQyyPkVvf7N1xWO1CCXG9SUMZGiO3/YQZEgP1cmUSA
    6O+8uS1SzV4Cyc2iV4zg0ONXIsczhPxeZY2G+l3he4Fl1L99Q680QqBErnaFkaiX
    pN62oMB8Akp6KuS76JmLO4kkLzPOpR6lmQrBb0guzy81s6HizLNe3b7QtegqGXjK
    i9E0EvXDYUUt43SUd0efhxqeo819+HUzAFFCstXrTJBKMVFGaQcGDxBKt+wcAxGP
    49POz1J0uN0h5gnFeIBUQwjW0SyzJPbNsaPWU2002aiEXlyd4rX9HXmleJsAxNFx
    1ES7mlxi84Y1y2eX5kt55iB4hysD1E/tpdIAUhHQbPnUZDAjP5OFbSlL1wARAQAB
    tC5FcmVod29uIFRlYW0gPHNpcmVsaWFoQHNpZ2FpbnRldnloMnJ6dncub25pb24+
    iQI9BBMBCgAnBQJV9M/LAhsjBQkJZgGABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA
    AAoJEM4xM9W+SltHWZUP/23ViAc5hFCjQHn5yklFaOl4Q8BdZn9G+KoAotX/4thu
    ATlgfXSCLCE8EXRQr7uM6F/6wYtAcU3rP54vAtifwajuZlshVgwvR9zsdoS6WOiT
    GJwAdvsHMBp52jhtu42G3uQHFTsfQxzoxMmmcHCvrUqyBY3jyybKvNpnyrKXc+Iw
    aflVLvnv3kETdQiIy6xju55CkL3GBVviU7i8PocavGg+zq+HpP+FhZ1UrTZAOmTb
    CcE6nmVh/suXBxCwih5fJ4TWDT+690V7UVT8AQHQBEvi62+V6toZxqwMTQ6rEcG7
    TmlKoPnPmJdIelHd7H3ZfLavF3w/3Q2Gt+3CMq/bAhdgPalEAXHL2nXrNNuzf0D+
    SJvPMTtl7wCwhg7ltDEFxp/kiJSN4uj5/a0nnzyjXJPv17Jfu2Yv4U+7iZ2LHdcd
    dI5H9gLoMTwzdOjHX3Fg8nJLrHgfWEgcLfV80YmVTEr/tmKU5CCLcmV4cCJ6cgzD
    SUHJww4uA7fVkW3NMFiLX++Eefx9PFmoh943hGUNqnz2AIE1yqCzIDZ7zBC0D25j
    P28L14t4yH/pMWXlzjunGKAdPTD6VA2CT4sDJrS+LFMQkaFOXKUJTipa7UqQ5bwE
    ClgNcVFtbshJ1IaiijRFWVHdOOdpjpklH1pctYe2k73S6TuWVZi4WCuDwB+5pP5A
    uQINBFXlYZwBEADaHQw+AAjxTTQ4CNqmJiI5j0L0iIBbc0rgPxZxj6A8/2D5V+nK
    xSEmWg0+FCeYZed+P/FKu3XbYsiDXLKIi3+OC7UXUD8mHKfJz4quPdwOd3gOoCcJ
    KZgFxkn7K/PcwN3HXOFySq4YQkhraJYnAzCcK0z4kzcIacf8WGjSA5r1AWEmJkp4
    fZRwXHI5YY0E2OaS6uqLWVcrr7AaFNvlO9Xq2Jy5v8PVShDyQqFMh0oM5CFvvKYd
    s54x+5XhXkfqhE9RHT5qntosHtoO1VEiYk/a1xN6IAqCwF6PiDuT0DoHioQEY1aI
    7qalgSMSlYnATVEKMzmqD2Xfy+Mh4AynGHgi+mnDwA1ltIhvc9aJfSn2NTvANaqC
    GX4g5ocf8WHqta4PbuP3eV8cEivwWnyp5ff4RdWr075gfA9fcK+ZXAPTrkz74Hfm
    NZPJLmkpW8TQZd3mZnNEOQeiJXbyNk+s3gYWnpxl6SouN0JLPnZg6lvmfIKDBzPC
    gEoZSj6J5ocPopgsBImZVtsxNfFiaEc2VM02v3bCIMXzZ2S0ezU2sGZksPqHG3NX
    /uokJRHA2GxVAj3hag8SbZSSE487vkNErcoXnn8ufIPCQOYuuEM5KWy+1M2/93Kj
    DumSkTNEmvbGPqT2buq4ZBBy1HTR3k66RM1jWInssj0T6TJXbI9DgI2/AwARAQAB
    iQIlBBgBCgAPBQJV5WGcAhsMBQkJZgGAAAoJEM4xM9W+SltHA+YP/R1mHGHcHDdm
    Ua0fj84Oo4I7QswriSpJpPziRSWyQmv3LOYiHvXaYZsenR3cHuDrel6Zqxsz1M+d
    OtvXOq5K6SyDHh1hEZRGa37NzZJR7ZbPTHjI6ezJr7HHXJlVc6dSGvCzDBhMr6hv
    ZVL6B3lB1tO67Wu7Uhh8Uz/YCUZWI7qpXBqcBQmtbYzSihPVHjEW9poaZ20zNdwd
    0srj8UMoYLegu0JlJq4Hg1pqPuBqInYwOvTWLW1mhJ0UfV1WT3fiQZXYMww8hAEE
    kIQfS0WRHGP8MCfKpOo33WbVafdlJ8Upc/OakvpXP+n7zwfE/JiBG7tjzXhk+reS
    baVmOciWjUWftIQe+mwg2iGtkNzTQfjiXTSbd3S1iV0Q9Z7NO+FChchsQaDMAZ8R
    6WzB06/5gsz1WufPGVICYBfqERxgFYA11jsq6yEiOM5g5jZytl7YaYifaAlp3sJ0
    XmYRaovlE0dBsufW77JyaGXbaEx2hGiwDPzovup0zQf2GFo+Ulf34rfgmI4Hq5Ua
    8dKR5tCc2Vm9NZ1iiLOU6opVOQUCe03a6PpUL9PmVrCzUFrm1m1I4+XnTn0JN0+p
    h51bt3ygm7TISPWnU6BzsPupjR6F0FfMq8N4N5Ban9QnxgaxBs2ro4qSMrfrJbYS
    0dAiULGZycRNUi4lJ/O1QmyOsmRn9Yem
    =8uFH
    -----END PGP PUBLIC KEY BLOCK-----
     
    Last edited: Oct 16, 2015
Loading...