Silk Road forums
Discussion => Security => Topic started by: kwantum on August 14, 2013, 02:36 am
-
Hey,
I'm looking to upgrade my current laptop, and had a few questions about staying anonymous:
1. What is the most secure OS for browsing SR? I've heard good thing about TAILS and Whonix, but what about Linux Mint or Ubuntu? I may just install Linux Mint as host OS and then a live USB for SR activity.
2. If I purchase a laptop from Amazon, meaning it can easily be traced to me, is there any way to change that? I was thinking of reformatting its SSD, and then installing Linux Mint.
3. I was attempting to create a TAILS 0.20 bootable USB by using a DVD, and then cloning to a USB. I managed to do both these steps, but when I tried to boot the live USB on a Windows 8 laptop (that's now currently Win7), it didn't detect the USB in the BIOS, and it said "Operation system not found" when I pressed "ESC" on the TrueCrypt screen. I then tried it on another laptop (3-4 year old one) and it worked perfectly. Does TAILS not work on Windows 8? I searched high and low for answers, but there's not much helpful information on this.
4. Can someone briefly explain what the "persistence" on TAILS is? Does it create an encrypted storage space on the USB? How do you put your desired files in this persistence space? What programs do you recommend putting the persistence folder (there were ~10 options when I got to this part such as Claws Mail, etc)?
5. Will the "autonuke" command on DBAN be sufficient to COMPLETELY overwrite all sectors on my SSD? I'll be selling this laptop, and I want to make sure there's no way for the data to be resurrected.
I'm looking forward to becoming an active member in the community, but I want to make I'm 99% secure before I plant my feet here. Thanks all!
-
Hey,
I'm looking to upgrade my current laptop, and had a few questions about staying anonymous:
1. What is the most secure OS for browsing SR? I've heard good thing about TAILS and Whonix, but what about Linux Mint or Ubuntu? I may just install Linux Mint as host OS and then a live USB for SR activity.
Probably Whonix. But if the amnesiac (leaving no traces) features of Tails are more important than the "probably harder to deanonymize you" features of Whonix, that's a good pick, too.
2. If I purchase a laptop from Amazon, meaning it can easily be traced to me, is there any way to change that? I was thinking of reformatting its SSD, and then installing Linux Mint.
This is a hard one, and post FH-exploit, I think more folks are going to start thinking about the problem a little differently. There are plenty of unique things in your laptop that make it identifiable. The MAC address that's burned into the ethernet adapter. The MAC address on the Wifi chip/card. The BIOS usually has a serial number or other identifier. Browsing Tor sites via Whonix or something similar sticks the VM in between your hardware and the OS. Configured correctly, that's a plus. In theory, you hack a Whonix Workstation, and you shouldn't get identifiable information. Hack a Tails USB booted on a laptop, and you should be able to get all the information I mentioned.
3. I was attempting to create a TAILS 0.20 bootable USB by using a DVD, and then cloning to a USB. I managed to do both these steps, but when I tried to boot the live USB on a Windows 8 laptop (that's now currently Win7), it didn't detect the USB in the BIOS, and it said "Operation system not found" when I pressed "ESC" on the TrueCrypt screen. I then tried it on another laptop (3-4 year old one) and it worked perfectly. Does TAILS not work on Windows 8? I searched high and low for answers, but there's not much helpful information on this.
Tails doesn't support hardware that requires EFI boot. It's hit or miss sometimes, and with Win8 hardware, it's often miss. Ditto with Apple, but I believe there's a method for building Tails sticks for Apple machines.
-
Hey,
I'm looking to upgrade my current laptop, and had a few questions about staying anonymous:
1. What is the most secure OS for browsing SR? I've heard good thing about TAILS and Whonix, but what about Linux Mint or Ubuntu? I may just install Linux Mint as host OS and then a live USB for SR activity.
Probably Whonix. But if the amnesiac (leaving no traces) features of Tails are more important than the "probably harder to deanonymize you" features of Whonix, that's a good pick, too.
Awesome, thanks for the reply. My final choice is Linux Mint + TAILS Live USB.
2. If I purchase a laptop from Amazon, meaning it can easily be traced to me, is there any way to change that? I was thinking of reformatting its SSD, and then installing Linux Mint.
This is a hard one, and post FH-exploit, I think more folks are going to start thinking about the problem a little differently. There are plenty of unique things in your laptop that make it identifiable. The MAC address that's burned into the ethernet adapter. The MAC address on the Wifi chip/card. The BIOS usually has a serial number or other identifier. Browsing Tor sites via Whonix or something similar sticks the VM in between your hardware and the OS. Configured correctly, that's a plus. In theory, you hack a Whonix Workstation, and you shouldn't get identifiable information. Hack a Tails USB booted on a laptop, and you should be able to get all the information I mentioned.
You're right; it might be best to purchase a laptop with Bitcoins and have it shipped to a drop. Sounds ridiculous, but that will ensure my anonymity.
3. I was attempting to create a TAILS 0.20 bootable USB by using a DVD, and then cloning to a USB. I managed to do both these steps, but when I tried to boot the live USB on a Windows 8 laptop (that's now currently Win7), it didn't detect the USB in the BIOS, and it said "Operation system not found" when I pressed "ESC" on the TrueCrypt screen. I then tried it on another laptop (3-4 year old one) and it worked perfectly. Does TAILS not work on Windows 8? I searched high and low for answers, but there's not much helpful information on this.
Tails doesn't support hardware that requires EFI boot. It's hit or miss sometimes, and with Win8 hardware, it's often miss. Ditto with Apple, but I believe there's a method for building Tails sticks for Apple machines.
Oh well. So does that mean I need a pre-UEFI laptop, or is there any BIOS modifications I can perform on the Win8 laptop to make this work?
-
Hey,
I'm looking to upgrade my current laptop, and had a few questions about staying anonymous:
1. What is the most secure OS for browsing SR? I've heard good thing about TAILS and Whonix, but what about Linux Mint or Ubuntu? I may just install Linux Mint as host OS and then a live USB for SR activity.
You might want to read the Let's talk about security post I just made.
2. If I purchase a laptop from Amazon, meaning it can easily be traced to me, is there any way to change that?
Doubt it. The hardware will have addresses and serial numbers that will be available to anyone with physical access to your computer.
4. Can someone briefly explain what the "persistence" on TAILS is? Does it create an encrypted storage space on the USB? How do you put your desired files in this persistence space? What programs do you recommend putting the persistence folder (there were ~10 options when I got to this part such as Claws Mail, etc)?
1. Yep.
2. Put the files in the Persistence folder, or something like that.
3. Put all of them in there. Won't hurt.
5. Will the "autonuke" command on DBAN be sufficient to COMPLETELY overwrite all sectors on my SSD? I'll be selling this laptop, and I want to make sure there's no way for the data to be resurrected.
I don't know if it works on an SSD. SSDs require special kinds of overwrite techniques. You should google specific tools for that.
-
For the overly paranoid: One interesting feature of SSDs is that they rely on NAND storage, which is basically a huge collection of gates. And those gates fail eventually. So the SSD marks the blocks as bad blocks. No biggie, because we never see that happening behind the scenes. We just use other parts of the disk and never notice the difference.
But once those blocks are marked as bad, they're almost impossible to access. If you wipe the SSD, you're probably not wiping the blocks of storage marked as bad. So you've cleaned the disk, but the data that was on those storage blocks when they were marked "bad" is now there forever.
The only good news is that, currently, most forensic tools won't read them properly either.
-
Thanks for the responses. I just have a few last questions:
1. Where is the persistence folder located on TAILS after you configure it?
2. What's a secure way to erase/overwrite data on a SSD?
-
Thanks for the responses. I just have a few last questions:
1. Where is the persistence folder located on TAILS after you configure it?
In the remaining space that the Tails OS isn't taking up on the USB stick. Tails is usually around 1.4 gigs on USB, if I remember right. So everything leftover can be persistent storage.
2. What's a secure way to erase/overwrite data on a SSD?
Realistically, DBAN/etc is probably the best you're going to get. The NAND bad-block recovery isn't much of an issue yet.. recovering the data is relatively difficult. But it's definitely doable.
SSD is just weird shit under the hood. There's wear leveling going on in the background, because too many writes wears out the gates, and you get lots of bad blocks. I don't know what running DBAN/etc on an SSD does to its longterm life, and at both an OS and microcode-on-disk level, there's more going on than with platter-based hard drives.
But personally, if I was really paranoid, I'd physically destroy anything using NAND storage once I was done with it. Otherwise, DBAN it and move on.
-
Harddrives are cheap as hell, why don't you buy one specifically for SR? You are worried about selling it right? Do you sanitation and then physically destroy the drive. Call it an investment in your security.
-
One other thought: If you use full disk encryption on SSD devices from Day One, wiping it becomes a non-issue because it's never seen unencrypted data. Who cares what gets left on it? Just give it a pass or two and call it good.
The problem comes in when you've used it unencrypted and you're afraid it still has unencrypted data on it.