Silk Road forums
Discussion => Security => Topic started by: zetterberg99 on May 17, 2013, 07:49 pm
-
When I started on the road I was really dumb. Made no effort to research on the boards about security, encryption, shipping, anything really. Luckily I made it through all that alright. I've been here long enough now (and have done enough research) to realize that I need to upgrade my security. I'm hoping that some of the more tech-savvy members can help me out in a few places.
Initially I was using TBB installed on my macbook, from my home internet, to order packages to my home address (fake name and clean house at least :-\). I've been upgrading step by step and am in a better spot now:
* Mailing to new address not associated with me (clean house, using real resident's name)
* Accessing via TAILS liveDVD
* Learned PGP encryption
The issues I'm concerned about really are the traces of my previous tor activity on my computer and using PGP on this DVD.
- It sounds like the best way to clean my laptop so that it would be safe in the event of being seized by LE is it to backup all files I need and reset the factory settings (utilizing the 7-pass overwrite option). Does this jibe with the general consensus?
- Secondly, since persistence is not yet supported by TAILs on a DVD, is there anyway for me to save a pgp Key or do I have to create a new one every time I log on? If its not possible to save one then I should probably look into a liveUSB, but it sounds as though I will have issues booting it on my mac. I have read some threads on this mac/usb issue but haven't found a solid solution yet which is why I went with a DVD in the first place.
- Finally, once I have a clean computer and am accessing via TAILs, would it be safe to connect from my home internet, or is the possibility of my ISP recognizing and flagging Tor use at my house (with my stash) too great? I'm sure this depends on the individual but the more opinions the safer we all are.
Thanks in advance!
zetterberg99
-
It sounds like the best way to clean my laptop so that it would be safe in the event of being seized by LE is it to backup all files I need and reset the factory settings (utilizing the 7-pass overwrite option). Does this jibe with the general consensus?
If your laptop has hardware secure erase, that's pretty much the best option. However, if you're ordering personal amounts, LE isn't going to spend weeks doing a forensic analysis of your computer. Something to think about, but if you can reinstall the OS for free, sure secure erase the hard drive.
Secondly, since persistence is not yet supported by TAILs on a DVD, is there anyway for me to save a pgp Key or do I have to create a new one every time I log on? If its not possible to save one then I should probably look into a liveUSB, but it sounds as though I will have issues booting it on my mac. I have read some threads on this mac/usb issue but haven't found a solid solution yet which is why I went with a DVD in the first place.
You could save your PGP keys to a thumb drive. You may not be able to boot from a thumb drive, but you can plug one in after booting and save data to it. Just copy the .gnupg folder that's in your home folder (it's a "hidden" folder, so you'll have to do View -> Show Hidden Files in the file manager).
After each boot, delete the existing .gnupg folder (if it exists; it may not until you use a PGP program) and replace it with the backup copy.
You'll have to update the backup each time you add other people's public keys.
It will be easier in the long run to use Tails USB. I've heard of hacks that allow you to boot thumb drives on restricted Macs, but I don't know the details about that.
Finally, once I have a clean computer and am accessing via TAILs, would it be safe to connect from my home internet, or is the possibility of my ISP recognizing and flagging Tor use at my house (with my stash) too great? I'm sure this depends on the individual but the more opinions the safer we all are.
Depends on where you live. In China or Iran, you can't access public relays at all. Under some despotic regimes, you may get a knock on the door. I don't know of any western country that does that, though. It's not illegal to use Tor, and nobody is going around kicking people's doors in for using it. I've been using Tor for over 5 years without a problem.
However, you can hide your Tor use with a VPN or bridge, if you want to.
-
astor, I've read many of your posts around these forums and they've been a great help. Thanks for taking the time to reply to me and for all your work in this community. Its a pleasure to meet you ;D
As a short term solution, I've set up a thumb drive and it seems to be working properly. Great!
In regards to the VPN, I'm rather interested in the theory of being totally anonymous online. I've used a VPN (virtual private network, I believe?) for work before, but that was for accessing secure databases. How does this help to mask tor use? I'm off to do some research on the subject but any suggestions would be much appreciated.
Thanks again!
zetterberg99
-
astor, I've read many of your posts around these forums and they've been a great help. Thanks for taking the time to reply to me and for all your work in this community. Its a pleasure to meet you ;D
As a short term solution, I've set up a thumb drive and it seems to be working properly. Great!
In regards to the VPN, I'm rather interested in the theory of being totally anonymous online. I've used a VPN (virtual private network, I believe?) for work before, but that was for accessing secure databases. How does this help to mask tor use? I'm off to do some research on the subject but any suggestions would be much appreciated.
Thanks again!
zetterberg99
I'm no astor, but here's my view of VPN's.
Right now, let's assume you connect to Tor. Now, your ISP tracks all of your connections to the internet and although you are encrypted through Tor, they at least know you are using Tor which in some places can be bad in itself. Anyway.
When you use a VPN however, you instead are connected through the VPN to tor. So it goes from your computer, to the VPN, to the Tor network and of course is networked back in reverse. The advantage this offers is that the VPN forms a secure tunnel between your computer and their server so the ISP can only see the connection to the VPN and no matter what you browse, they still only see a VPN connection as opposed to seeing you connect to Google, Youtube, Tor etc. Now, providing the VPN does not keep logs, this also means they themselves cannot tell LEA exactly which content you accessed using the VPN so therefore is another layer of protection which privacy invading organisations would have to unwrap.
I like to tell myself that the VPN simply creates a tunnel so your ISP can't tell what your connected to and the connection comes out in a different jurisdiction to your homeland. It's all about making life extraordinarily difficult for would-be investigators.
-
astor, I've read many of your posts around these forums and they've been a great help. Thanks for taking the time to reply to me and for all your work in this community. Its a pleasure to meet you ;D
Thanks. Nice to meet you too. :)
As a short term solution, I've set up a thumb drive and it seems to be working properly. Great!
Have you tried to reboot and copy the .gnupg folder from the thumb drive back into your home folder, then start Kgpg and confirm that your key is there? You should do that before distributing it to other people, otherwise there will be much head aches and sadness when they send you messages you can't decrypt.
In regards to the VPN, I'm rather interested in the theory of being totally anonymous online. I've used a VPN (virtual private network, I believe?) for work before, but that was for accessing secure databases. How does this help to mask tor use?
It's an encrypted tunnel from your home to the VPN server. The ISP can't see that you're running Tor circuits through it.
LE could ask the VPN to log your activity. The VPN can certainly see that your outbound connections are going to Tor relays. You can make that more difficult by getting a VPN offshore, especially in some shady country.
You could make it even more difficult by getting a VPS in a different (shady) country and setting up a private bridge. Then your connection goes from home -> VPN -> private bridge -> Tor network. You could add as many proxies and hops as you want, but ultimately a determined adversary who can get each country / ISP to help, can follow the trail to the Tor relay. There's really no absolute way to hide your Tor use from a very determined and powerful adversary. You can only make it increasingly difficult for the adversary, and much less usable for yourself, with every hop.
The bottom line is, you don't have to worry about that.
500,000 people connect directly to Tor relays every day, and they do so for dozens of reasons, many of them perfectly legal. Using Tor is not evidence of any particular crime, and it is extremely unlikely that LE could get a search warrant based on "this guy uses Tor", with no other evidence. They wouldn't even know what crime they would (potentially) arrest you for. Are you using Tor for CP, drugs, money laundering, hacking, stalking? Without evidence of a specific crime, or evidence to be suspicious of a specific crime, no judge is going to issue a search warrant.
At least not in any non-despotic country.
-
Hey,
Just an fyi. Don't know if you're using persistence or not since Mac has issues with them. One way to do it would be, run two tails liveusbs and one would have persistence and one wouldn't. That's what i've been doing and it's worked just fine. Now I have to update and that might be a pain but whatever.