Staying anonymous when posting

Not really the place to ask about this sort of thing, but can anyone tell me how an user can stay anonymous while posting files and documents online? I assume that TOR is a must, I use a VPN. But what else must I do? For example…

* Is it necessary to have a separate 'hot box' for user activities?
* Should I post only when I am not at home?
* Should I set up an online persona to act as a 'backstop' before doing user activities? See hooktube.com/watch?v=S8GPTvq1m-w for details from TheGrugq

Also, are there any other Zig Forums boards that might be useful to me while researching this topic?

Attached: proxy.duckduckgo.com.jpeg (474x474, 22.9K)

>>>Zig Forums

End yourself

Care to elaborate on that?

The #1 way of staying anonymous is to get out of here and post on 4chan

Remember TOR is not a magic wand that whisks away the feds. It's a specific tool that gives specific benefits if used correctly. You give yourself things you do in TOR, and things you do outside of TOR. You never do TOR things outside of TOR, and you never do non-TOR things in TOR. Mixing the two is how you loose anonymity.
Using a public network vastly increases anonymity over using a private network.
The hot box does add anonymity and lets you easily destroy a single physical device with any "hot" stuff on it if need be.
None of this is strictly "necessary" if you aren't doing things that get you in hot water with the people who have the capability to catch you. If by "necessary" you mean maximum anonymity, then yes, everything is necessary. But enough anonymity for you may not be the maximum.
Also remember that anonymity at it's heart is a state of mined and a series of behaviors. You could have all the tech in the world but if you post a picture and in the background the bar code on your boarding pass is readable none of it matters.
Go to >>>Zig Forums for more.

Thanks Yankee! Unless you're a Southerner, of course!

Never do TOR things outside of TOR, and you never do non-TOR things in TOR… Call me a stupid faggot, but, does that mean I shouldn't to user and Zig Forums stuff inside TOR as I've done it outside of TOR?

And what would you suggest for someone who merely wants to share books that would be useful to Zig Forums and anons in general?

Zig Forums is compromised my fellow anonymous user, 4chan is truly the best place for staying hidden. Go post there

Police is too busy catching people who post pics of themselves smoking crack on facebook.

Only if you're worried about your computer getting rooted.

Only if you think that the powers that be can get your IP or are monitoring you personally (i.e. not just dragnet surveillance)

Only if you commit to getting your persona straight so you don't accidentally drop real information when talking. If you're not an experienced liar, your default action is going to be to tell the truth when questioned, and if you're tired/distracted/asked a question that you respond to before thinking you might accidentally give up real information.

If you're not committed to living out your new persona, just don't say anything. Don't try to do any fancy "cover story" shit, you'll just end up blowing your own foot off.

He's interesting tbh. He knows a lot about technical stuff, but he's a massive fucking faggot. Also he's a middle aged man living in Thailand. Make of that what you will.

Not possible anymore

Not true. There are ways of preventing even the NSA from determining who you are. They just involve more of a focus on operations than on technology. If you're not already a person of interest yourself, simply using Tor with a text based browser would suffice.

1: NSA's spying is just a shitty dragnet operation
Yes, what they do is they collect information from suckers who use social media and don't bother to to protect themselves from analytics, they're not gonna bother to send fucking sam fisher at night to wiretap your router and install a firmware rootkit on your PC just because you run Gentoo on a librebooted thinkpad and think ya slick.

2: Intruders (including the NSA) hate HTTPS, big time, HTTPS encrypts the data you send and receive between you and the website you're browsing, which means the only thing your ISP (let alone other intruders) sees is that you're browsing "8ch.net" but it doesn't know whether you are on "8ch.net/k" or "8ch.net/tech" or what data you sent or received.
So unless that website's owner himself sells your info to the j00s you're probably safe.

In fewer words, using non-botnet software and OS while forcing HTTPS and not using any social media whatsoever puts you on top of 99% of suckers around the world in terms of privacy, and is enough to evade the fag known as NSA


TOR is okay, just don't be an idiot.


Tech illiterate fearmongering boomer at action.

Attached: 1530448764528.jpg (1920x1920, 1.65M)

My flag is unknown? i'm not even using a VPN or TOR.
Let's test again.

What the fuck? well it's better that way anyway.

What would be non-botnet software/OS?

Software that doesn't spy on you and sell your info
Preferably the type of software that doesn't send a single packet of info.
for example just off the top of my head
Browsers: ungoogled chromium and waterfox, these are the only two acceptable browsers (But you also need to configure the correct addons, ask me about them if you're interested)
torrent: qbittorrent, picotorrent, transmission
voice, chat and messaging: tox, mumble (maybe IRC if you and your friends are autistic enough)
OS: Any linux (maybe windows 7 if you know how to configure it, but you most likely don't)

Rule of the thumb: If they offer you a program that isn't open source but is free of cost, they sell your data, look at google chrome and honeypot for example, how do you think they make money? By selling your fucking data to advert companies and the Govt.

meant google chrome and honeypot

What the fuck, am i becoming demented?

oh, is Dis.co.rd censored?
well i'm glad i'm not losing my sanity

I'd also like to add that you need to have a computer without Intel's vPro/AMT/Intel anti-theft or AMD's PSP.

If the botnet is in the kernel and you don't have access to its source code, no amount of configuration is going to get it out.

Intel ME is valuable to them only if they're making a target attack against YOU, and if they're making a targeted attack against YOU in the first place you need to rethink your life decisions
My post was directed to the average normalfag who wants to be 99.99% private without having to drastically change his habits.

I could make a post for the more paranoid people if you want

Wrong, here's what you do
You pirate a fresh copy of windows7SP1 no updates, you run blackbird on it, install tinywall and configure it to block Windows's packets, then run a packet sniffer, you'll notice that 0 packets are being sent or received.

Or if they get some information about your location and decide to see if anyone with an ME capable computer is you by dumping and getting the EPROCESS list from memory on all ME computers in the area, searching for "Tor" in the dumped memory to narrow the search down to all computers using Tor, then grab the full memory dump of all these computers at varying times and comparing memory contents to see if any such computers have visited sites they know your online persona has visited recently. They now have a very short list of potential people to investigate.

Windows' botnet is part of the kernel. Do you know what the "kernel" is, user? You talk about disabling updates without realizing that that could be just like toggling a dummy switch that disables all updates except the spyware updates. You also fail to realize that the spyware functionality could be implementing its own TCP stack and not using standard windows API to make network connections, and would therefore not be subject to any firewall rules and would not show up on any packet sniffers.

The only way to trust any software is for it to be open source.

Now that I think about it, they wouldn't even have to just use the ME to get all the information. Just use the ME as the persistence mechanism for some spyware. Have it insert a new thread in the ETHREAD list to set up a new process running in the kernel, and write a process into memory that will do all the spying automatically and report if the user visits any sites the NSA told it to report on when they activated the backdoor.

Or if they get some information about your location and decide to see if anyone with an ME capable computer is you by dumping and getting the EPROCESS list from memory on all ME computers in the area
Really now, all that for a dragnet operation?

That would be retarded.

If they're looking into people posting ungood things and notice someone they can't identify, they could do it. It wouldn't be very difficult.

How? Because it gets past your firewall idea?

Perhaps you're correct
No
It's retarded because it's wasted effort, a sniffer through a network tap will find ALL the packets being sent/received

Not if it's sent through some sort of covert channel. Just wait for the user to connect to a site that is either cooperative or compromised, and append any relevant data (username and hostname, SSID of all the recently connected to wifi hotspots, etc) as an extra HTTP PUT request.

"that's not how it works"

start reading nigger

Please tell me how it's impossible to set up a server you control to accept an extra HTTP PUT request added to the end of another set of requests.

Anything, anything, anything you send or received, will be detected and logged by the tap.

That's not what I'm saying. I'm saying that there will be no way to differentiate a normal connection to most web 2.0 sites and one that's had an extra HTTP request added to it to send information to the server. Modern sites are fairly dynamic; there's no fixed number of requests that happen every single time every single person connects to the site. You could connect one day and get, say, six HTTP GET requests and two HTTP PUT requests while the page is loading. The next day you could get seven HTTP GET requests and one HTTP PUT requests. The guy sitting next to you could get four HTTP GET requests and one HTTP PUT request because he's got a different user agent and set of ACCEPT headers.

So yes, you'll see the packets sending your username, hostname, IP, MAC address, and list of recently connected wifi hotspots to the server that's participating (willingly or unwillingly) with the NSA's data collection program. It's just that you won't recognize that that's what those packets are doing, since from your perspective it just looks like a standard HTTP request being made to a site you're connecting to, and because the number and type of requests may change on a daily basis, you'll have no way of determining that this set of HTTP requests looks different than it should.

Oh, so just stenography?
well i don't think they'll go that far but i don't give a shit i'm switching to Alpine in a couple of weeks

Use Tails. Compartmentalize. Encrypt eveything. You could go on basically forever with improving your own information security.

...

Sort of like stenography, in the sense that you're hiding information in plain sight.

They might not, but the term of the day is: "paranoia is not retroactive."

That would be a good idea.


Tails is good because it doesn't save state. So you can bounce from location to location with a fresh operating system each time.

As far as encrypting everything goes, if you're a burger make sure not to brag about it. As in, don't post in threads on Zig Forums about how no one will ever find your raifu hentai stash, because it's super-duper encrypted. Normally your Fifth Amendment right to not self incriminate extends to not being able to be forced to decrypt your files, but if the feds can indicate that they have probable cause to believe you have illegal content encrypted there (such as if you talk about "how no one can ever catch you because everything's encrypted" like in one IRL case), they can force you to decrypt your files or else hold you in contempt of court.


It's never too late to install Linux. Eventually the information the government has on you will become stale, especially if you ever move or change habits.

Is there anyway to keep all of my school work and shit? Should I keep my current PC and exclusively use it for school work while doing bad goy stuff on a different computer?

What does "school work" entail?

Document editing and powerpoint presentations and other stuff like that can be done with libreoffice. Libreoffice allows you to save files in .ppt and .docx formats, as well as simple .txt formats. Linux has all the standard browsers available for internet stuff, and the handling of internet content is all handled in-browser (apart from third party plugins like Flash which are thankfully dying and aren't used very much anymore outside of newgrounds), so it's not like Firefox or Chromium on Linux will work differently from Firefox or Chromium on Windows.

As far as saving documents, you could just copy over all relevant stuff to a USB stick or CD and copy it to your new Linux installation. Libreoffice can read .docx files, so it's not like you'll have to worry about formatting. And because documents don't contain executable code (unless you use VBA scripts, which don't run in Libreoffice anyways), you don't have to be paranoid about your docx or pptx files infecting your Linux install somehow.

If you're worried about getting rooted you might want to have a different computer, or at least do all your bad goy stuff in a virtual machine. It's possible to break out of a virtual machine, but exploits to do that are rare as hen's teeth and don't work well on modern operating systems (Windows XP or newer or Linux 2.x kernel or newer) anyways. But if you're really paranoid, you could just get a cheapo burner computer and use that. Just cover any cameras and pull out any speakers or microphones, and get a computer without Intel's Management Engine if you're paranoid. I'm not sure exactly which processors have ME, but I believe only the Core processors have it integrated in the CPU; Atoms and Pentiums can use the Management Engine but only through the old method of having it included in the southbridge (part of the motherboard). So any shitty netbook probably won't have it.

If you do use one computer for all your stuff, use two different browsers to separate your non-anonymous and anonymous personas. If you use the same browser for both, it's possible for a site you visit for non-anonymous activities to set some local data to indicate which IP you're using, then for a site you visit while "anonymous" to read it and figure out who you are. It's possible to wipe that data manually, but with all the different ways for data to be stored (normal cookies, local storage, site preferences, browser history, etc) and with all the ways for you to voluntarily give identifiable information out linking two browsing sessions (HTTP user agent, HTTP ACCEPT headers, plugin versions, screen size, screen resolution, all the information exposed through HTML5, etc), it's too easy to fuck things up and accidentally your anonymity to just manually scrub everything.

Multiple. You could run your linux distro on a separate partition, back up all of your important files onto an external drive, then install linux as your only operating system (open/libre office should be able to open all of your school assignments with no trouble), or you could even do option number 2, while backing up your files onto some online cloud service while you make the switch **if you're a coinfag, SONM recently launched, which will anonymously back up your data).

The pedophiles can help you. They have a vested interest in anonymity.

Good advice. i need to get more tech literate so I can do this stuff.