Not really the place to ask about this sort of thing, but can anyone tell me how an user can stay anonymous while posting files and documents online? I assume that TOR is a must, I use a VPN. But what else must I do? For example…
* Is it necessary to have a separate 'hot box' for user activities? * Should I post only when I am not at home? * Should I set up an online persona to act as a 'backstop' before doing user activities? See hooktube.com/watch?v=S8GPTvq1m-w for details from TheGrugq
Also, are there any other Zig Forums boards that might be useful to me while researching this topic?
The #1 way of staying anonymous is to get out of here and post on 4chan
Jeremiah Collins
Remember TOR is not a magic wand that whisks away the feds. It's a specific tool that gives specific benefits if used correctly. You give yourself things you do in TOR, and things you do outside of TOR. You never do TOR things outside of TOR, and you never do non-TOR things in TOR. Mixing the two is how you loose anonymity. Using a public network vastly increases anonymity over using a private network. The hot box does add anonymity and lets you easily destroy a single physical device with any "hot" stuff on it if need be. None of this is strictly "necessary" if you aren't doing things that get you in hot water with the people who have the capability to catch you. If by "necessary" you mean maximum anonymity, then yes, everything is necessary. But enough anonymity for you may not be the maximum. Also remember that anonymity at it's heart is a state of mined and a series of behaviors. You could have all the tech in the world but if you post a picture and in the background the bar code on your boarding pass is readable none of it matters. Go to >>>Zig Forums for more.
Brandon Perez
Thanks Yankee! Unless you're a Southerner, of course!
Never do TOR things outside of TOR, and you never do non-TOR things in TOR… Call me a stupid faggot, but, does that mean I shouldn't to user and Zig Forums stuff inside TOR as I've done it outside of TOR?
And what would you suggest for someone who merely wants to share books that would be useful to Zig Forums and anons in general?
Nolan Martin
Zig Forums is compromised my fellow anonymous user, 4chan is truly the best place for staying hidden. Go post there
Austin Thompson
Police is too busy catching people who post pics of themselves smoking crack on facebook.
William Robinson
Only if you're worried about your computer getting rooted.
Only if you think that the powers that be can get your IP or are monitoring you personally (i.e. not just dragnet surveillance)
Only if you commit to getting your persona straight so you don't accidentally drop real information when talking. If you're not an experienced liar, your default action is going to be to tell the truth when questioned, and if you're tired/distracted/asked a question that you respond to before thinking you might accidentally give up real information.
If you're not committed to living out your new persona, just don't say anything. Don't try to do any fancy "cover story" shit, you'll just end up blowing your own foot off.
He's interesting tbh. He knows a lot about technical stuff, but he's a massive fucking faggot. Also he's a middle aged man living in Thailand. Make of that what you will.
Kayden Fisher
Not possible anymore
Aaron White
Not true. There are ways of preventing even the NSA from determining who you are. They just involve more of a focus on operations than on technology. If you're not already a person of interest yourself, simply using Tor with a text based browser would suffice.
Juan Wright
1: NSA's spying is just a shitty dragnet operation Yes, what they do is they collect information from suckers who use social media and don't bother to to protect themselves from analytics, they're not gonna bother to send fucking sam fisher at night to wiretap your router and install a firmware rootkit on your PC just because you run Gentoo on a librebooted thinkpad and think ya slick.
2: Intruders (including the NSA) hate HTTPS, big time, HTTPS encrypts the data you send and receive between you and the website you're browsing, which means the only thing your ISP (let alone other intruders) sees is that you're browsing "8ch.net" but it doesn't know whether you are on "8ch.net/k" or "8ch.net/tech" or what data you sent or received. So unless that website's owner himself sells your info to the j00s you're probably safe.
In fewer words, using non-botnet software and OS while forcing HTTPS and not using any social media whatsoever puts you on top of 99% of suckers around the world in terms of privacy, and is enough to evade the fag known as NSA
My flag is unknown? i'm not even using a VPN or TOR. Let's test again.
Noah Hall
What the fuck? well it's better that way anyway.
Robert Anderson
What would be non-botnet software/OS?
Brandon Rodriguez
Software that doesn't spy on you and sell your info Preferably the type of software that doesn't send a single packet of info. for example just off the top of my head Browsers: ungoogled chromium and waterfox, these are the only two acceptable browsers (But you also need to configure the correct addons, ask me about them if you're interested) torrent: qbittorrent, picotorrent, transmission voice, chat and messaging: tox, mumble (maybe IRC if you and your friends are autistic enough) OS: Any linux (maybe windows 7 if you know how to configure it, but you most likely don't)
Rule of the thumb: If they offer you a program that isn't open source but is free of cost, they sell your data, look at google chrome and honeypot for example, how do you think they make money? By selling your fucking data to advert companies and the Govt.
Noah Green
meant google chrome and honeypot
What the fuck, am i becoming demented?
Carson Clark
oh, is Dis.co.rd censored? well i'm glad i'm not losing my sanity
Kevin Cruz
I'd also like to add that you need to have a computer without Intel's vPro/AMT/Intel anti-theft or AMD's PSP.
If the botnet is in the kernel and you don't have access to its source code, no amount of configuration is going to get it out.
Levi Adams
Intel ME is valuable to them only if they're making a target attack against YOU, and if they're making a targeted attack against YOU in the first place you need to rethink your life decisions My post was directed to the average normalfag who wants to be 99.99% private without having to drastically change his habits.
I could make a post for the more paranoid people if you want
Wrong, here's what you do You pirate a fresh copy of windows7SP1 no updates, you run blackbird on it, install tinywall and configure it to block Windows's packets, then run a packet sniffer, you'll notice that 0 packets are being sent or received.
Sebastian Robinson
Or if they get some information about your location and decide to see if anyone with an ME capable computer is you by dumping and getting the EPROCESS list from memory on all ME computers in the area, searching for "Tor" in the dumped memory to narrow the search down to all computers using Tor, then grab the full memory dump of all these computers at varying times and comparing memory contents to see if any such computers have visited sites they know your online persona has visited recently. They now have a very short list of potential people to investigate.
Windows' botnet is part of the kernel. Do you know what the "kernel" is, user? You talk about disabling updates without realizing that that could be just like toggling a dummy switch that disables all updates except the spyware updates. You also fail to realize that the spyware functionality could be implementing its own TCP stack and not using standard windows API to make network connections, and would therefore not be subject to any firewall rules and would not show up on any packet sniffers.
The only way to trust any software is for it to be open source.
Lincoln Bailey
Now that I think about it, they wouldn't even have to just use the ME to get all the information. Just use the ME as the persistence mechanism for some spyware. Have it insert a new thread in the ETHREAD list to set up a new process running in the kernel, and write a process into memory that will do all the spying automatically and report if the user visits any sites the NSA told it to report on when they activated the backdoor.
Bentley Fisher
Or if they get some information about your location and decide to see if anyone with an ME capable computer is you by dumping and getting the EPROCESS list from memory on all ME computers in the area Really now, all that for a dragnet operation?
That would be retarded.
Asher Scott
If they're looking into people posting ungood things and notice someone they can't identify, they could do it. It wouldn't be very difficult.
How? Because it gets past your firewall idea?
Nathan Harris
Perhaps you're correct No It's retarded because it's wasted effort, a sniffer through a network tap will find ALL the packets being sent/received
Jacob Gray
Not if it's sent through some sort of covert channel. Just wait for the user to connect to a site that is either cooperative or compromised, and append any relevant data (username and hostname, SSID of all the recently connected to wifi hotspots, etc) as an extra HTTP PUT request.
Xavier Rogers
"that's not how it works"
start reading nigger
Jordan Stewart
Please tell me how it's impossible to set up a server you control to accept an extra HTTP PUT request added to the end of another set of requests.
Isaac Perry
Anything, anything, anything you send or received, will be detected and logged by the tap.
Logan Thompson
That's not what I'm saying. I'm saying that there will be no way to differentiate a normal connection to most web 2.0 sites and one that's had an extra HTTP request added to it to send information to the server. Modern sites are fairly dynamic; there's no fixed number of requests that happen every single time every single person connects to the site. You could connect one day and get, say, six HTTP GET requests and two HTTP PUT requests while the page is loading. The next day you could get seven HTTP GET requests and one HTTP PUT requests. The guy sitting next to you could get four HTTP GET requests and one HTTP PUT request because he's got a different user agent and set of ACCEPT headers.
So yes, you'll see the packets sending your username, hostname, IP, MAC address, and list of recently connected wifi hotspots to the server that's participating (willingly or unwillingly) with the NSA's data collection program. It's just that you won't recognize that that's what those packets are doing, since from your perspective it just looks like a standard HTTP request being made to a site you're connecting to, and because the number and type of requests may change on a daily basis, you'll have no way of determining that this set of HTTP requests looks different than it should.
Juan Scott
Oh, so just stenography? well i don't think they'll go that far but i don't give a shit i'm switching to Alpine in a couple of weeks
Robert Davis
Use Tails. Compartmentalize. Encrypt eveything. You could go on basically forever with improving your own information security.
Josiah Morris
...
Robert Bailey
Sort of like stenography, in the sense that you're hiding information in plain sight.
They might not, but the term of the day is: "paranoia is not retroactive."
That would be a good idea.
Tails is good because it doesn't save state. So you can bounce from location to location with a fresh operating system each time.
As far as encrypting everything goes, if you're a burger make sure not to brag about it. As in, don't post in threads on Zig Forums about how no one will ever find your raifu hentai stash, because it's super-duper encrypted. Normally your Fifth Amendment right to not self incriminate extends to not being able to be forced to decrypt your files, but if the feds can indicate that they have probable cause to believe you have illegal content encrypted there (such as if you talk about "how no one can ever catch you because everything's encrypted" like in one IRL case), they can force you to decrypt your files or else hold you in contempt of court.
It's never too late to install Linux. Eventually the information the government has on you will become stale, especially if you ever move or change habits.
David Foster
Is there anyway to keep all of my school work and shit? Should I keep my current PC and exclusively use it for school work while doing bad goy stuff on a different computer?
Noah Turner
What does "school work" entail?
Document editing and powerpoint presentations and other stuff like that can be done with libreoffice. Libreoffice allows you to save files in .ppt and .docx formats, as well as simple .txt formats. Linux has all the standard browsers available for internet stuff, and the handling of internet content is all handled in-browser (apart from third party plugins like Flash which are thankfully dying and aren't used very much anymore outside of newgrounds), so it's not like Firefox or Chromium on Linux will work differently from Firefox or Chromium on Windows.
As far as saving documents, you could just copy over all relevant stuff to a USB stick or CD and copy it to your new Linux installation. Libreoffice can read .docx files, so it's not like you'll have to worry about formatting. And because documents don't contain executable code (unless you use VBA scripts, which don't run in Libreoffice anyways), you don't have to be paranoid about your docx or pptx files infecting your Linux install somehow.
If you're worried about getting rooted you might want to have a different computer, or at least do all your bad goy stuff in a virtual machine. It's possible to break out of a virtual machine, but exploits to do that are rare as hen's teeth and don't work well on modern operating systems (Windows XP or newer or Linux 2.x kernel or newer) anyways. But if you're really paranoid, you could just get a cheapo burner computer and use that. Just cover any cameras and pull out any speakers or microphones, and get a computer without Intel's Management Engine if you're paranoid. I'm not sure exactly which processors have ME, but I believe only the Core processors have it integrated in the CPU; Atoms and Pentiums can use the Management Engine but only through the old method of having it included in the southbridge (part of the motherboard). So any shitty netbook probably won't have it.
If you do use one computer for all your stuff, use two different browsers to separate your non-anonymous and anonymous personas. If you use the same browser for both, it's possible for a site you visit for non-anonymous activities to set some local data to indicate which IP you're using, then for a site you visit while "anonymous" to read it and figure out who you are. It's possible to wipe that data manually, but with all the different ways for data to be stored (normal cookies, local storage, site preferences, browser history, etc) and with all the ways for you to voluntarily give identifiable information out linking two browsing sessions (HTTP user agent, HTTP ACCEPT headers, plugin versions, screen size, screen resolution, all the information exposed through HTML5, etc), it's too easy to fuck things up and accidentally your anonymity to just manually scrub everything.
Luis Thomas
Multiple. You could run your linux distro on a separate partition, back up all of your important files onto an external drive, then install linux as your only operating system (open/libre office should be able to open all of your school assignments with no trouble), or you could even do option number 2, while backing up your files onto some online cloud service while you make the switch **if you're a coinfag, SONM recently launched, which will anonymously back up your data).
Jaxson Powell
The pedophiles can help you. They have a vested interest in anonymity.
Ethan Murphy
Good advice. i need to get more tech literate so I can do this stuff.
