My Tails + TOR setup - good to go?

My Tails + TOR setup - good to go?
Hello!

[sorry if this is not the appropriate board for this. Please, direct me to an appropriate one if that is the case] So, here's the deal. Say, selling and eating tomatoes in my country is illegal (a good start, isn't it? :D)

Let's say selling tomatoes can be a lucrative business, and I want to sell tomatoes on a specialized .onion website. Of course, I want to stay anonymous, since selling the aforementioned vegetables could land one in jail for 20 years.

Here is the setup I am considering using:

A throwaway PC not linked to me in any way with a Tails USB. Tails spoofs my MAC address. A chain of 3 VPNs paid for with Bitcoin anonymously. TOR with java disabled. A wi-fi router that works with SIM (both not linked to my real name, of course). Also, an important question: will a USB wifi SIM router be good for the task?

So this is my setup. Good enough? Mind you, my country is not very technologically advanced, it's not the US and we don't have the allmighty NSA here.

Also, a question.

For example, the tomato selling darknet website somehow is able to learn my true IP (by tricking me into downloading something or whatever). Will the VPN chain protect me in this case? Will the tomato site's nefarious owner only see the last IP address from the VPN chain?

Other urls found in this thread:

en.wikipedia.org/wiki/J_(programming_language))
twitter.com/SFWRedditVideos

The technology side of the equation was never the problem since the coming of VPN's, TOR, Crypto and other encryption/proxy techniques. Only incompetence will get you caught on that side. (Think maffia ignoring warnings about updated verification keys)

The real issue is anything involving giving the buyer a phisical good [Tomatoes] in exchange for crypto. The police can and will be indistiguisable from a legitimate buyer. You're going to have to accept the police might be all and your only client you'll ever supply. Drug dealers use mail. not even police can stakeout an record the identity of every person dropping in mail in every mailbox in the country. Drones are more identifyable but can be usefull for crossing borders and customs checking for [tomatoes].

What size and weight are your [tomatoes]?

This is an appropriate webzone for your hyperquery.
Bitcoin transactions are completely transparent and open to inspection by anyone, so after the last IP in the VPN chain is sniffed in your scenario, the remaining barriers to de-anonymization are A) that VPN's cooperativeness with authorities and B) whatever barriers you've between yourself and the bitcoin wallet that paid for that VPN. The remaining VPNs don't help in this scenario, except for adding additional "VPN must be cooperative" barriers between the first VPN and your actual IP.
The other likely de-anonymization route is the server you're hosting this site on.
Your tails and computer security stuff comes into play twice
1. it's much harder for your "trick me to downloading something or whatever" scenario to actually work. Mainly as you're security-aware and probably aren't logging into your Google and Steam account from this computer.
2. when the police bust into your house or find the computer or vice-versa, your pants won't be completely down.
I term I recommend you work into any plan is disclaimability. Your ability to, when compromised, say with a straight face that you have no clue what any of this is about and are just a normal citizen who uses the internet for cuck porn, only. A Tails USB and other secret squirrel shit is going to damage any such claims.

Great contr, just want to point out that that's the first instinct all guilty people portray. (Not that an innocent wouldn't also eventually claim to have no clue). It is better to just mirror the police/investigator's emotions and questions rather than proclaim innocense and "Being unaware" of what's going on.

Investigators will also attempt to make you lie about seemingly unimportant things like "Why do you have 3 VPN's?" One could answere several plausible things, like porn, but if investigators find that that's not actually what you used it for then that gives them a foot in the door of your personal life, web of lies and denyability. It wont get you in jail just yet but circumstantial evidence is grey area, and you want every advantage you can get.

Watch interrogations on youtube and how to beat lie detector to give yourself more preparation.

Why are you posting this here? Are you a fed? Anyone with a non-zero IQ knows that Zig Forums is just LARPers with no real criminals.
I hope this is a random number, and not the actual sentence of the country you live in.
Every post here is saved by Sunshine. You are deanonymizing yourself by posting your security measures.
You don't have the NSA, but you have the freedom to cover your ass with Tails without persecution?

You really don't need anything more than Tor. Especially if you are just connecting to a hidden service.
If they have code execution they can probably figure it out after enough time. I'd avoid opening links and files when you don't have a firewall blocking all connections other than to your first hop.

Wew.
Also, you can't disable Java on Tor because Tor has no integration with Java. Unless you're using Orchid. Protip: You're not using Orchid.
lolwut?

In countries that offer suspects protection against self-incrimination, you don't try to find a plausible answer, you just don't answer at all. If you've been committing crimes on a darknet but you've been found anyway, something significant brought the piggies to your door, and you're not going to talk your way out of it. The best thing you can do is shut up and not give them any additional information.

don't use tails.
Tails uses systemd which has been known to leak dns queries due to Google dns integrated by default.

Use Heads instead, it uses a proper *nix init system so you don't have retarded shit like a DNS specification in the init.

Your real problem is going to be in accepting crypto currency. All transactions are transparent. That's how they caught the guy who ran freedom hosting and a bunch of dealers. What you want is to exchange your dirty coins for clean ones but I don't think there are services that offer that anymore. Also, your VPN payment is traceable unless you cleaned your crypto currency and if they keep logs it all leads back to your ip anyway. Also, you don't need multiple VPN.

Brutha, here in our country you have no contact with the buyer directly. You do not even have to touch the tomatoe shipments.

You have couriers. When you hire a courier over TOR, they pay a deposit. You then arrange a purchase for the price of their deposit. The courier picks it up (it's a secret stash), breaks it down into small packs (1g, 2g, whatever) and makes secret stashes, then takes pictures and writes down the coordinates of the spot.

When a buyer goes to the site and purchases a stash, he only knows the general location (which part of the city). Then he get the pictures and the coordinates, goes there and recovers the stash.

It's this simple.

Couriers (who make stashes) and those who transport the tomatoes between cities - those are the guys who usually gets caught. The police has learned already how to look for suspicious guys crawling on their fours in the woods with flashlights and such.

Using mixers. After mixing, withdrawing bitcoins via localbitcoins.com


The server (if you mean the darknet market) is not hosted by me, of course. It's a big market that's been around for years. Yes, they might be leaking out info to the gov, who knows... Maybe it's a part of their deal with the government so they can operate in relative peace.


Otherwise, thank you for your post, it was an interesting read.

So, the point is to not let things get to the point where the police knows your IP address.

Hence 3 VPNs, all located in different distant countries that do not have diplomatic relations with my country. The VPNs should keep no logs (yea, I know it's impossible to know whether they keep logs or not, but well, what can we do..)


I didn't know where else to post it, lol. I looked up some darknet 4chan-esque resources and just posted there. I'll try to look for other websites too. Anyways, this board is what a quick search turned up.


For selling in large quantities - 10 years to life in prison, lmao.


How so?


Not sure I get what you mean.
I'm not so much worried about Tails, I'm more worried about my ISP seeing I'm using TOR a LOT.

What about the NoScript extension?


I'm not a native English speaker. Basically, it's a usb router where you plug in a SIM in order to connect to the internet.


Exactly!
So my goal is not getting to the point where LEOs knock down my door.


Why shouldn't I use multiple VPN?


There are still some mixers around, and AFAIK I can add another layer of security by exchanging BTC for Monero and back after the mixer has laundered my dirty BTC. I'll be looking into it, tho.

Your use case does not look like you are using it a lot. I literally do 99% of my web browsing + irc + youtube + other chats all through Tor. I try to make a lot of legitimate traffic so that the time when I do things which may be questionably legal doesn't stand out.
He's mocking you about not knowing the difference between javascript and java.

Well, maybe you're right. But I would need to log in to the store often to manage things, issue orders to couriers, order big batches of tomatoes and so on. Dunno if it's considered "a lot" since it's mostly text traffic, no movies or big files.


Ah, I know it's. Java is just shorter to type.

Yeah, but java is something totally different so you shouldn't do that.

Mr. is on the right track, but I'm not mocking you. If you're planning to use technology in the course of committing felonies, however, you should know the difference between Java and Javascript, and Tor (not TOR) and the Tor Browser Bundle. Details matter when you're staring down the barrel of decades of prison time.
I assume you mean a 3G/4G modem that connects to your computer via USB. That's not WiFi. Again, details matter. A public WiFi connection (e.g. through a university's or coffee shop's unsecured network) is possibly a better choice. Or a neighbor's cracked WiFi connection. I'll leave others to opine about that, however.

And J is shorter to type than Java. But J is its own programming language, too (en.wikipedia.org/wiki/J_(programming_language)) which is different than Java, which is different than Javascript.
DETAILS MATTER
Ignore this fact at your peril.

Hello. There are two kinds of SIM modems:

one is plugged in directly, the other is a wi-fi hotspot.


Absolutely! I'm still researching, and won't start until I'm sure I've done it all right.

Public wi-fi connections are a good thing, too. I'm looking into this option too.

Yup, you are right. Thank you for your advice, user.

you're the blackest gorilla nigger 3I've ever seen

WRY

Start with refurbish imports which is a throwaway of a throwaway.
Hopefully, that's not a hand-me-down.
The problem is these can be traced with:
Official buyer and possibly connections if hand-me-down -> Official receipt record containing -> FCC ID / MAC addresses (bt/wifi/lan) -> OS-level intentional exploits
Software level spoofing is unsafe. Imagine having to use DNS through systemd then one day they decided to change the config defaults or some inside bug occurs exposing your DNS or your DNS servers are all down and OS tried to use malicious fallback (linux in general).
Get an LB-Link usb-wifi anonymously then spoof that. It works with open sauce code and no drivers or external kernel modules needed. They're also sold on certain RYF stores but most lb-link work out of the box with kernel 4.12 i think.
VPN is unsafe.
If the SIM is bought with your credentials or card it is obviously unsafe. Don't even try walmart. Security cameras, SIM cards are sold with traceable bar code (and store bar codes) so if they manage to flag that SIM they can backtrace you with the official receipt (if you filled out correct name address) or have a general idea where the person is based from the store's location.
This is a mix of safe and unsafe. Cell ID values expose your general location and can be triangulated by agents but you can just replace the SIM but usually not the IMEI. Maybe with Balong tool you can change IMEI but that's illegal. As long as you keep off your personal credentials from passing through the modem and remain anonymous it would be fine.
The problem is if the router's OS has backdoors where it phones your Cell ID + IMSI info (closed source android phones presumably have this). All it needs is to phone that 1KiB info and it costs them nothing and what costs nothing is usually implemented.

wifi router+modem/SIM
Huawei toolbox or similar to monitor if your cell id suddenly changed when they're spoofing cell IDs (IMSI catchers that analyze data)
As much as possible try to feel if the connections have huge latency and delay which is likely a sign.
Bare IP with modem/SIM is okay. no need to route with VPN. just use tor directly.
Make sure you do DNS setting at the hardware/router level NOT software level as said previously but if you're not using local dsl/fiber then you're fine.

also a tip:
Use yagi or other directional antennas over your modem.
Huawei is pretty advanced and you can use Balong and toolbox to monitor, change IMEI and lock or block Bands (but not cell id of the same band. at least it can make you avoid hand-overs). Other models may allow you to lock cell ID but I'm still looking into it.
Omni-directional antennas may make your router seek stronger quality and nearer signals like that IMSI catcher van parked outside.

Hello. It appear you're tech savvy, and I'll need some time to process your post.

But this part:


Why, tho, especially if it's not one VPN but, for example, 3 ?

Note my reasoning for the several VPNs:

p.s. the SIM, of course, is not bought with my credentials.

Also, I'm not in the US (not even in any of the Americas)

Hey bois, a quick questions.

Do TOR's obfs4 bridges act like a VPN service?

if someone was to discover your true IP on TOR, would they see your real IP or the bridge's IP?

They can ask as many providers possible. All of them keep logs so pinpointing the source is never a hard thing to do. VPN is a trap since you'll have to pay for the service and who knows what kind of transactions these require? A lot of VPN services are even run by intelligence agencies and it's pretty cheap thing to do.

Meanwhile you have some curryniggas running phishing and tech support fraud on million dollar scale from their windows xp pc's running Google chrome and 16 year old's using their mom's credit cards to buy ddos services and bragging about it publicly under accounts linked to them.

Sometimes it feels like the law enforcement just doesn't give a fuck anymore. They just pick few people to make examples of and think that solves the problem.

What are you even worried about? That tor will somehow leak IP but your VPN/proxy config won't? That's ridiculous.

You sound like a retard so technology isn't your main issue here. You'll brag about your [tomato] business to someone or make another stupid mistake that reveals your identity independent from your internet. Even on this board you type with a special snowflake posting style that makes your posts stand out like a sore thumb, who's to say you won't do the same shit on your [tomato] site and get recognized?

Funny thread, though. Eating [tomato], lol. You fucking degenerate. Just go to Colorado like all the other potheads, mate.


Curryniggas are in a different country from where they commit the crime, and their own LE is dysfunctional. Even so, what's the point here? That OP can move to currystan and sell all the [tomato] he wants? I guess he could, but then he'd have a bigger problem, namely: living in currystan.

More like the media doesn't give a fuck. They have an agenda, and news about cybercriminals (unless they're autistic incels targeting roasties) don't advance that agenda, nor do people click on those headlines, so they don't bother reporting much when they get caught.

Could someone recap for me, I'm lost in the comments

Clever. Physical goods still involve risk but really clever system as long as you keep the surveillance state at bay.

In my country they dont rlly care. My local weed shop is placed safely behind the police station. Saves them travel time if anyone is being a nuissance.

Indeed. I wonder why it's not done like this in the US, too.