Requesting some knowledgeable anons to lay out the basics of maintaining anonymity on the webs, both surface and dark, for less than educated n00bs. General instruction of how one might seek legal but (((forbidden))) information without winding up on a list somewhere
Links to trustworthy guides and VPNs welcome and appreciated
Other urls found in this thread:
nsa.gov
prism-break.org
nakedsecurity.sophos.com
twitter.com
fsf.org
eff.org
isc.sans.edu
youtube.com
networkworld.com
twitter.com
>nsa.gov
They are all about security and will be more than willing to help you.
They know already anyway.
>General instruction of how one might seek legal but (((forbidden))) information without winding up on a list somewhere
You're on a list just for asking that question. You're on a list if you use Linux or read Linux Journal, the well-known "extremist" publication. You're on a list if you've ever used a search engine to search for Tails. You're on a list if you use a VPN for non-work purposes, or one that's incorporated outside the US, or if you connect to servers outside the US. At this point, the idea isn't to avoid getting on a list, but to get so many people on the list that the list becomes useless.
There is no such thing as a trustworthy VPN. No VPN owner is going to go to prison for you.
Do not use Windows. It is a spying platform.
Do not use social media. Period.
Do not use spyware like Skype and Discord.
Do not bareback sites that don't already have your information. In other words, you can use a regular browser from your home IP to, say, do your online banking or, better yet, don't do online banking. Use Tor for everything else, or a VPN for things for which Tor isn't suited.
On the rare occasions on which you're using a browser other than Tor Browser, use an adblocker. Better yet, a hosts solution that will blackhole adservers + Google, Facebook, and other widespread threats
Use the Tor Browser Bundle with the security slider set to high instead of a tor daemon + your own setup unless you really know what you're doing.
Do not use your real name or any potentially identifying information online. Want to tell user about how your brother is a fuckup who's going through a bankruptcy? I hate to discourage content on imageboards, but DON'T. Or if you must, it's not your brother, it's a cousin. Better yet, "a guy I know." Ever better yet, "a gal I know".
Assume that any online communication method that you're using that isn't end-to-end encrypted is compromised.
Remember that vast amounts of currently-undecryptable internet traffic (including Tor traffic, VPN traffic that which can't be compromised already, PGP-encrypted emails, etc.) is being slurped up and stored in data centers like the NSA's in Utah for future decryption should quantum computers ever become viable.
Privacytools.io
Read this entire page and implement all its suggestions
Host your own XMPP server with OMEMO for instant messaging and VoIP (XEP Extension)
That website is constantly shilled on here. I wouldn’t be surprised if this poster has a vested interest in the VPNs advertised on the front page. Instead, use PRISM break or reddit’s /r/degoogle board as a guide.
They can't even manage proper OPSEC.
nakedsecurity.sophos.com
Speaking of Tor, when is the browser bundle going to release ESR 60?
opinion discarded
Should we use random user agents that are regenerated every few minutes or just use the most common one? I'm leaning towards the random one as that will make user agents basically useless… or at least will phase them into being that way, since you can't track who's who at all using this method, really.
Alternate between the N most common ones. Alternatively, we all just change it to NICE TRY CIA NIGGER.
How do you do either of those? The add ons I find only let you do predefined ones and custom ones, but you can't automatically cycle between the most common ones, just random ones. Also, wouldn't setting your user agent to a single string like that make you REALLY identifiable?
Neither. You should be using Tor Browser for almost everything for which HTTP user agents are relevant, and Tor Browser sets a bland user agent that is shared by all Tor Browser users, when helps you blend in.
If you don't want to use Tor Browser, keep in mind that changing your user agent will thwart only the most unsophisticated adversary. Your browser sends other HTTP headers, and if you don't change those, too, not only can you be tracked that way, but improbable or impossible combinations of user-agent + other headers (like a header that advertises brotli decompression paired with a user-agent for a browser that doesn't implement it) will immediately stick out. And that's not even getting into stuff like canvas fingerprinting.
Is Intel spying on us?
Suggest some good Libre CPUs
ARM
You should use the most common user agent.
BOTH X86 and ARM are Botnet. ARM is better, but not much
PowerPCs (such as late Macs or TALOS II if you can afford it) or pre-2004 Intel and pre-2010 AMD processors.
Only because it doesn't have IME/PSP, doesn't mean it uses a trustworthy architecture.
RISC-V is the only good answer.
>twitter.com
Unless you have your own chip fab, you're not going to have a RISC-V processor free of backdoors.
Most of those PowerPC Macs are 32-bit however
What about Libre SD cards and drives.
Fsf endorsed hardwares :
fsf.org
most of these have intel chips, which is certainly not free
I think Intel is shady for dealing with Microsoft, but I never understood the whole "spying on you through your CPU" thing. I mean, does the CPU have instructions to forward everything you process through the Internet? Network statistics certainly don't seem to indicate so; the traffic would be enormous.
1. Buy a used machine cash, with cash you got after purchasing something else cash (to avoid the money strips that track you). Make sure no surveillance cameras saw you or wear a hat and sunglasses. Do not use ATM money to buy your used system.
2. Never take that computer to your house, or bring it around your other devices like your cellphone. Use a lead lined bag if you need to.
3. Find a secure location to connect to the web with no security cameras, don't bring any of your other devices with you like your cell phone. Best if you go on foot to this location (to avoid RFID in you license plate), go inside a mall or parking garage (to avoid the government blimps that track your movement) and wear shoulder pads that are removable and walk with a different rhythm so you give off a different "fingerprint" to the surveillance blimps. If you can't go on foot, then park in a garage underground like a mall and then walk from there. You can also crawl through a sewer or other underground system, change your cloths underground then move on to your next location. Repeat on the way back.
3. Clean the HDD on the system by writing 0's to the HDD max number of times. Remove the wifi card if you can. Get an common external one that is capable of having its MAC address changed. Cover up the camera and microphone, or better yet, remove them.
4. Boot a very common OS off a flash drive or CD that was never in one of your other systems. Best if it goes to RAM and not written to the HDD.
5. Use an external WIFI dongle or one that you can change the mac address on. Change the MAC once your booted up.
6. Download Tor or use an OS that already has TOR built in.
7. Connect to public WiFi. you might want to sit in a location next door to the WiFi your connecting to.
8. Connect to Tor, browse. Never type normally on the keyboard like you do your home system. Type with one hand, preferably your non dominant hand, and randomly pace your rhythm when you type. Your typing rhythm can be tracked and is unique to you.
9. Never use any name, email, or alias you have ever used ever on that system. Never log into any social media of yours or any account you've head. Use only newly created fake accounts that will ONLY be used from this system. Same goes for passwords.
-------------------------
You can also just use snail mail to pass messages, avoiding cameras, and never get your finger prints on anything, use cut out letters from magazines, don't write, or print anything with a printer or computer. Use a return address that is not yours but is real. Make sure you didn't look up this address on google, use a phone book.
-------------------
Other methods you could use it pass messages in public spaces and then have someone pick it up and then post the message form their device. Kinda like a real world TOR space where everyone picks up others real messages, and then posts if for them to the appropriate place online.
------------
Setting up some kinda lazer or mirror system using Morris code that transferred messages across real space and then had another user input them online for you.
Do you do these?
NSA can use it to flash you OS with malware code, then opening up your whole system to attack or surveillance. They would most likely have to be targeting you, but you would have no way of knowing it happened as it would just come through as a normal "update."
No but if you wanted to be 100% anonymous, that is the level you would need to go to. We're talking Osama Bin Laden level here.
Osama never left his compound for years, and had one guy hand off messages through a chain of contacts, then one guy who switched phones often would relay the message to people who needed to know.
I assume this is going to target Windows update, don't know about Linux. Even then, downloading updates from a library would in all likelihood not target you because then the NSA would have to take over the library's Internet in particular. Is there some way to verify updates?
Also you could try just not updating so often. Use the packages you trust.
eff.org
intels new kill switch that works without internet and dont even mind if ypur pc os turned off.
isc.sans.edu
I'm sure all the common OS's are compromised, and if you want to avoid browser fingerprinting, you want to use a common OS and hardware setup.
Keep in mind, NSA usually gets a hold of things during the development phase. So just about anything developed to be super secret, is probably already hacked by NSA or the creators would have been locked up in Federal prison on trumped up charges, or disappeared. Or what they mainly do now is have some SJW claim he/she touched them in their secret parts so they get fired. Then they put someone in charge who will do what they want.
Why is it that it's just Intel mentioned in these articles? What about AMD? Surely they'd be compromised too, right?
Probably yes, but it was never confirmed. I can't image they would not be. Best bet would be the old Motorola procs in the older Mac Pros.
You just triggered me user, every time someone says this I feel terrible for dumping my old Mac Pro.
I don't get what we're supposed to use for privacy besides Firefox or Tor. All those libre browsers that supposedly have no spyware are really just Firefox with all the spying options turned off, but also without privacy addons. Brave, for example, I don't think it has something like uMatrix and the like on it, so if you just configure Firefox right it'll be better than Brave.
and STAY THERE
>>>/reddit/
that's the hard part
pretty much
You lost me there, user. Well played, kek.
got it
ProtonVPN is a good choice
Absolutely disgusting. Just because the CPU isn't running spyware, doesnt mean your G4 isn't using proprietary blobs. The best solution at this point is Libreboot TALOS II, or the EOMA68 which is due in November.
Wow, yeah... what a bargain.
I'll stick to downloading my updates over a VPN, thank you.
But Osama Bin Laden was killed sometime in December of 2003. All of the shit you said still applies, though.
Next thing you'll tell me is, you want to do dangerous white male extremist things like running Linux.
Firefox is quite hackable, but it takes a lot of effort and know how to de-botnet completely. Even then, you can't be sure you got everything, and every tweak you made could be in vain after they put some hidden new function that spies on you in the next update.
Every single one of these companies despises your privacy concerns. Microsoft, Apple, Google, Mozilla, Amazon, Facebook, all forms of social media, your ISP, your cell phone provider, your electric company, your bank, your favorite retail chain who just wants your name and email address so they can update you on their latest deals ;^), your insurance company, your city's police department, your gym, your HOA, your favorite restaurant, your local fucking library, and last but not least, your employer. Everybody wants a piece of you and your data so they can learn how to better sell you shit that you don't need or keep tabs on your whereabouts should you ever become an enemy of the state. The internet democratized all human knowledge and opened the floodgates of learning, and with that revolution came a hefty price: individual freedom.
...
Go right ahead.
AMD is safe upto 2013
Who would want to use anything built on the Bulldozer architecture?
Just use the newest chrome or firefox useragent on windows 7 or 10. As of now try one of:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
The internet is under control. Why i2p or another descentralized web still so slow?
he said being anonymous on the web (tor browser) not chating
it just did
it's all fun and games until the random switcher uses Safari on Android and suddenly it's as unique as your ip
the fsf sells laptops that use old intel cpus from before they put the backdoors in
Explain how to do this.
up
Those are actually real.
They have them around the americas border.
bump because this thread has good shit
...
Isn't brave based on chromium?
The desktop version used their own fork of Electron at first, while the mobile version is a Chromium fork all along.
Dude if one thing that we must learn is that when you use tor you use it all the time. That's what I do.
Use git ?
Get git to use tor.
Use a browser ?
Get your browser go trough tor (or better use the tor browser) ecetera.
See:
youtube.com
Use ublock origin and umatrix, and use a whitelist methodology.
OP is FBI niggerfaggot
You mention security then spend the entire post talking about anonymity. Don't make the mistake of believing you are secure going through VPN or TOR.
>twice a week go around metro with whiteboard marker writing "get drugs safely - torproject.org" and "melina trump nudes @ tails.boum.org !" and other clickbaity shit
fun times
0. OSINT
1. scan with nmap/nikto/nessus/etc
2. search for suitable exploits on exploit-db
3. compile and run exploit
4. try to either upload a web shell, or establish a reverse shell
5. figure out kernel version, look up suitable exploits on exploit-db i.e. dirtycow
6. privilege escalation with said exploit
7. data exfiltration
oh yeah and reverse shells require a netcat listener but maybe that's already obvious
buddy you need to be less paranoid about da gubbamint spying and more concerned with CVEs, XSS, MITB malware, TDSes delivering an EK payload specific to your OS and browser version, etc.
>>>/facebook/
They may not actively watch you just for TOR, yet your IP will be put in a database.
Don't use any intel hardware & only use AMD hardware pre-2013
This, RISC-V is a meme. "Open source" in this scenario just means "patent-free". Unless you have millions in the pocket you can't make a decent RISC-V processor.
wot r dem big ol acronymnonigs user
You have an entire OS running on your CPU that has full access to every part of your computer.
Too be honest I always thought this was kind of neat
It's neat, but it's not in your favour in any way.
a thing nobody has mentioned yet is that typing patterns give you out. the botnet can already more or less correlate writing style and patterns with individuals
many journalists and researchers have been exposed by their manner of typing under anonymous publications
It may sound stupid, almost under "don't use the same username everywhere" tier, but it's a very real threat
with this comes a need to obfuscate patterns. there is anonymouth, but its buggy as fuck, last commit in $2013, and it's a pain in the ass to get working + no binary release
the social side to privacy is very important, even when its not apparent at first. for (a shitty) example, the image in my post has a very low chance of coming across as distinct, particularly for the setting (Zig Forums) it was posted in. if i posted something that stood out more and continued on posting, someone obsessive enough could pick pieces apart and find stuff little by little due to a mediumish board population. ive seen users doxx each other on small chans purely on typing patterns, images and other factors
stay safe
dixit the faggot not using Tor.
Tor is in the same camp as selinux, systemd, SPECK and other works. Literally made by (((them)))
Yes & No. VPN owners can fuck you without you noticing. That's the real issue - there is no reason to trust them being honest. VPN owners however don't have to sacrifice your ass to save themself from the gov. It just means running a system that leaves no logs so the owner can fully cooperate and still hand out nothing.
AMD will let you disable psp now supposedly
They are tainted, you cannot take their word for truth.
What attack surface does installing something like Tridactyl (vim browser for FFQuantum) expose?
it asks for a metric fuckton of permissions but is hosted on github. I assume if hoster gets intercepted it could fuck up all traffic through my browser.
bamp for interest.
how over is it for me now that I posted here?
I didn't believe it either but Google it
we comin 4 u white boi
This
And you decided to go lowercase only?
It's pretty over. In a few days you're moving from your parents' house to a comfortable federal prison with gym and library.
just use incognito mode for everything bro, nothing bad will ever happen if you do so :^)
And always use HTTPS when if you can use it.
I believe Qubes takes the best approach as an operating system when it comes to security, since it uses tinfoil levels of sandboxing to protect against everything short of hardware backdoors and yet-undiscovered vulnerabilities in the Xen hypervisor. Malware could pwn your Tor browser and gain root access and it still wouldn't matter because it would be in an unprivileged guest VM with no access to the host's real IP or networking configuration. This would have made the Playpen busts impossible. Not to mention the protection you get from dragnet surveillance and private advertising corps with this method.
You can do this with namespaces and security modules as well.
Also you don't need every single program including ls and grep to put into a separate machine. You can use Tor Browser in Virtualbox for example.