Silk Road forums
Discussion => Security => Topic started by: Camarasin on June 24, 2013, 04:02 am
-
Hello SR, I'm looking to improve my security to the point where I become really, really hard to get hold of; I know I can never be 100% secure, but I want to be as close to that as possible.
Unfortunately, I want to do this without impacting too much on my activities. In order to do what I want to do, I still need to be able to access clearnet, I still need a persistent file store, I need to be able to use and execute programs that would work in a windows environment and I need to be able to access a remote server to publish reports.
My security needs warrant me being able to boot from and use a volume that is totally separate from my home pc, one which can be destroyed if needed, where my activities whilst using the secure volume are as untraceable as possible. However, I will be doing work whilst using the secure volume therefore I need to be able to store some files and install certain programs.
I've looked at Tails with a Persistent Volume, and this looks like the type of thing I'm after, however I'm worried that I won't be able to code and install certain programs with it, does Tails have much the same abilities as Linux? Could I do most things I can do on Ubuntu through tails and then run the windows compatible programs through wine? Or does Tails not offer this functionality?
If not, is it possible for me to boot linux from a removable, encrypted volume, where the only trace of my activities is left on the removable volume and my internet usage is routed, much like I understand Tails does, completely through Tor?
If anyone could offer up any resources or advice, as well as offer up anything I might not have considered, I'd be very, very grateful. English is not my native language, so sorry If the above does not make a great deal of sense.
Essentially consider my scenario as this; I need to be able to create and program tools to enable certain specific freedoms in my home country from which I am persecuted. I'm attempting to operate without any trace where I cannot trust anyone, nor can I afford to have my identity anything but private. I intend for my computer usage and my real life to be completely separate and unable to be linked to one another.
I come to you guys not because I am buying drugs, but because we have similar security interests; both of us are performing activities that we wish to conceal from our governments. And whilst mine does not effect the american government in any way, were the law enforcement in your country to know what I was doing, there is a certainty that my own government would quickly know about it too.
I do not know much about the deepnet, so if there are any other resources that may help me, please don't hesitate to mention them :)
Thank you.
-
Hello SR, I'm looking to improve my security to the point where I become really, really hard to get hold of; I know I can never be 100% secure, but I want to be as close to that as possible.
Unfortunately, I want to do this without impacting too much on my activities. In order to do what I want to do, I still need to be able to access clearnet, I still need a persistent file store, I need to be able to use and execute programs that would work in a windows environment and I need to be able to access a remote server to publish reports.
My security needs warrant me being able to boot from and use a volume that is totally separate from my home pc, one which can be destroyed if needed, where my activities whilst using the secure volume are as untraceable as possible. However, I will be doing work whilst using the secure volume therefore I need to be able to store some files and install certain programs.
I've looked at Tails with a Persistent Volume, and this looks like the type of thing I'm after, however I'm worried that I won't be able to code and install certain programs with it, does Tails have much the same abilities as Linux? Could I do most things I can do on Ubuntu through tails and then run the windows compatible programs through wine? Or does Tails not offer this functionality?
Tails is Linux, but no, you won't be able to do many things that you can do on Ubuntu, or they will be much harder. Tails is a very restricted environment. Programs that you install are not persistent, unless they are portable programs saved in the persistent volume. Programs installed system-wide are lost after each reboot. You could reinstall the tools you need after each boot, but it would be a pain to do so.
If not, is it possible for me to boot linux from a removable, encrypted volume, where the only trace of my activities is left on the removable volume and my internet usage is routed, much like I understand Tails does, completely through Tor?
Yeah, that's basically Tails.
If anyone could offer up any resources or advice, as well as offer up anything I might not have considered, I'd be very, very grateful. English is not my native language, so sorry If the above does not make a great deal of sense.
There are other options, like Whonix, but they leave traces on the computer. Tails (or Liberte) are the only solutions that leave no trace on the main hard drive and can be easily destroyed.
Essentially consider my scenario as this; I need to be able to create and program tools to enable certain specific freedoms in my home country from which I am persecuted. I'm attempting to operate without any trace where I cannot trust anyone, nor can I afford to have my identity anything but private. I intend for my computer usage and my real life to be completely separate and unable to be linked to one another.
What are your programming needs? Will any text editor due or do you need special tools? Some specific IDE, VM, programming language packages, etc? It's possible to reinstall these things with each reboot, but as I said, it would be annoying. If you are skilled enough, you could create a custom spin of Tails with the tools you need.
I come to you guys not because I am buying drugs, but because we have similar security interests; both of us are performing activities that we wish to conceal from our governments. And whilst mine does not effect the american government in any way, were the law enforcement in your country to know what I was doing, there is a certainty that my own government would quickly know about it too.
Well that's interesting. Welcome to our community. :)
-
Hey there astor, first, thanks a lot for replying; I know I wrote an awful lot and those long posts can be hard to read.
Essentially all I need from the OS is the ability to use tools to compile C++, and to run a few specific programs that are typically run on windows. If wine would work with Tails in any capacity, whether I have to spend an hour at the beginning of each day installing tools or not (obviously I'd prefer not to have to, but security is number one on the list of priorities), it would probably be the best thing for the job.
Once I've set tails up, is there anything I can do to further increase by security level? Is running everything behind Tor with Tails about as far as I could go or are there further layers I could implement to make sure I can't be identified?
-
Hey there astor, first, thanks a lot for replying; I know I wrote an awful lot and those long posts can be hard to read.
Essentially all I need from the OS is the ability to use tools to compile C++, and to run a few specific programs that are typically run on windows. If wine would work with Tails in any capacity, whether I have to spend an hour at the beginning of each day installing tools or not (obviously I'd prefer not to have to, but security is number one on the list of priorities), it would probably be the best thing for the job.
You would have to install a package called build-essential to get the tools to compile. I doubt it comes with Tails, since Tails isn't designed to be a development environment, but I could be wrong.
As for Wine, at least one person has installed it and it worked:
https://tails.boum.org/forum/Wine_and_installing_exe__39__s/
You would have to reinstall it each time though.
Once I've set tails up, is there anything I can do to further increase by security level? Is running everything behind Tor with Tails about as far as I could go or are there further layers I could implement to make sure I can't be identified?
There are safer set ups than Tails. Whonix is safer. However, you don't get the "leave no trace behind" properties of Tails.
One thing you will want to test is whether Wine apps obey Tails proxy settings.
-
Once I've set tails up, is there anything I can do to further increase by security level? Is running everything behind Tor with Tails about as far as I could go or are there further layers I could implement to make sure I can't be identified?
Well, it depends whether you trust TOR or not. If you feel like it is/can be 'broken' by a serious attacker and/or by 'design' (who created it and still pays for it development? :)) - you might not want to connect directly to TOR...
It then all depends where you live and who you want to protect your communications from.
One thing you will want to test is whether Wine apps obey Tails proxy settings.
I think it does, as the firewall rules used in Tails redirect all traffic not coming from the user running tor to go through tor (if it's not launched by the user created for use with the 'unsafe browser'. It would be interesting to test it a bit more though.
If you are into coding, why wouldn't you create your own custom live CD? You then could even share it with the community, it might be helpful to others... :)
-
Considering Whonix, and whilst I can and have searched for information about it, it's far better to have an actual user talk about it in the context of the discussion; what sort of traces does it leave behind? I'm more looking for a first-line anonymity solution rather than deniability if my hardware was seized seeing as I don't intend to operate in any physical capacity; whilst I say that, it's all part of security; the more I have the better. But would Whonix allow me to retain more anonymity or allow me more freedom in terms of what I could do?
I don't necessarily need to use wine, running a VM could also work, but I have no idea if this is compatible with the OSes.
And single layer security through TOR is nice, but I read vaguely about having multiple layers and optimizing TOR in certain ways in order to increase anonymity.
Thank you very much for your help so far.
Oh, and crystal, I intend to go about my operations both for the end result and the learning experience, due to restrictions imposed on me when I cannot operate anonymously It's hard to have projects already going without first being in a secure environment. Whilst I wish I could help the community out, I'm not yet at that level nor could I attempt a project like that without first having the level of anonymity I seek to attain. :( Sorry! But do know I am grateful for your advice.
-
It would be in your interest to try different possibilities by yourself before you decide.
I don't really know whether trusting precompiled images like tails or whonix is a good idea or not. It might be better to compile your own system if you need a really secure environment for your dev...
And single layer security through TOR is nice, but I read vaguely about having multiple layers and optimizing TOR in certain ways in order to increase anonymity.
It depends if you trust TOR or not. If you believe that TOR is broken or might be broken, it could be interesting to connect to it only from an open/public wifi network.. and to do as much of you dev. work offline!
-
Indeed, sorry, just waiting on getting hardware in order to run possible set-ups so I thought I'd try to learn a bit more about my possible options :)
It depends if you trust TOR or not. If you believe that TOR is broken or might be broken, it could be interesting to connect to it only from an open/public wifi network.. and to do as much of you dev. work offline!
Its not necessarily that I don't trust TOR, more that If TOR was broken, a second layer such as a VPN might provide me with an added layer? Not only that but I hear people talking about "bridges" to prevent ISPs from knowing about TOR use; having no idea where to get technical information and tutorials on the darknet about these things makes it hard for me to learn the terminology.
Thanks again.