Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
I have a 64GB USB 3 so space really shouldn't be too much of an issue. I like lubuntu idea. Now the hidden volume can that even be picked up w/o a password?
How many folks out there don't use this extra layer of encryption?
Surprisingly few people PGP encrypt their addresses. I've seen vendors quote numbers ranging from 50% to 95% of their customers don't encrypt their addresses, with a median probably around 80%. We have a biased view, since most SR users are not on the forum. The people who register and post on this forum are going to be more engaged and proactive about their security, and that's even more true of people who post in the Security section. Some SR users are incredibly lax with their security, using regular browsers to access SR over clearnet, through Tor in-proxies like onion.to. They probably have no security in their bitcoin practices either, sending BTC straight from exchanges (linked to their identities) to their SR addresses.QuoteSeems conflicting information about the need to use it abounds. Who are we attempting to evade by using PGP? NSA, FBI, or just plain cops?
Anyone who compromises the server. It would most likely be a big three letter agency, but it could be hackers who then use that information to blackmail people.QuoteIf I had the computer skill to figure it out in under two days I would not ask this question but so far even two days has not been enough for me to crack this nut. I suppose if somehow LEO could capture everything going to SR they could put the data stream through some sort of decryption program. But then what does SR mean above about 'fully encrypted and unreadable'? My thinking here is encrypted and I seem to have lost the key to make sense out of it all.
It means either that the SR server uses full disk encryption, or the data is encrypted in the database. The problem is that an adversary who gains physical control of the server may be able to steal the encryption key from RAM and get access to all the data.
The way I view encrypting my address, it's like wearing a seat belt. I may not get in a car accident in the next month or the next year, but in the unlikely event that I do, having a seat belt on could be incredibly important. And it costs me nothing to wear a seat belt, so I wear one every time I'm in a car.
The SR server may not be compromised any time soon, but if it ever is, the people with plaintext addresses will be the low hanging fruit that LE will go after first, especially if they have large outstanding orders. Encrypting your address costs you almost nothing -- maybe 30 seconds of your time -- so you should encrypt your address every time.
Sometimes, I wonder if PGP may be as counter-productive as airbags in such accidents, however.
Isn't it possible that PGP just shifts liability?
Instead of the information being possibly retrieved on SR's server, it is now possibly retrieved from the vendor's computer as he has to save or c/p the text on his drive to decrypt. Since the vendor is at much higher risk of seizure than SR at any point, we're just placing our bets on the vendors. If the PGP using-customers have a file on a computer drive in which they load keys, and do not delete them, then the risk compounds.
Seems plausible.
Wifi signals can be traced pretty quickly? I don't think anybody has a way to get into somebodies router and then figure out the direction and distance a wifi signal is coming from, at least not to my knowledge. I have extensive experience in the internet-networking field with setting up routers for companies(in the past) and I've never heard of anything like that. I think an important key is to not linger on any one network for too long, this includes for hours at a time.
One thing I just remembered is that a person can build a super-wifi antenna by modifying a $50 Satellite dish, and mount it inside their house perhaps. WIFI signals can be picked up for 4-5 blocks through trees and houses, and if there is a clear line of sight, signals up to 30 miles can be high-jacked. I use this combined with a linux-program called air-crack and I can easily hack into any WEP protected wifi signal in about 1-5hours(tops). There are tutorials online how to do this and it's very simple.. maybe takes 5 minutes to set up and get going. It's something I suggest anyone who is serious about being anonymous online invest in. I am always switching my Wifi signal and I personally alternate between about 30 different ones. In my neighborhood such a Dish set up gives me access to nearly 70-90 wifi signals, some password protected, some not, but eitherway, I can get into them all easily.
i use bridges in my tails setup. very easy to do and from what i'm told its better than using a vpn.
i change mine quite regularly as well, dont know why just do.lol.
That is bad for your anonymity you should keep your bridges for as long as possible.
even for public bridges?
Slow down, guys. Please, slow down. First, my rant... then my deeper considerations.
1. Has Edward Snowden provided any proof of what he claims?
I'm not convinced. If he is legit, then I want to be convinced. I want evidence that what he describes is not only possible but being abused.
If there are communications that could be captured and deciphered, and those illegal wiretaps sniff out terrorists, then it should NOT be secret. We need to be shown that it isn't being abused.... (I believe that every system will always be abused... we're all too human.)... This is fucked at best, but Snowden is a media hound and a political tool until proven otherwise.
Terrorists... China... Big Brother... Fuck... I guess I really don't give a fuck in the end because I use 4096+ RSA, etc, etc. I'm not trying to overthrow the current world order...
2. Most of the human population will (probably) always be disadvantaged... What I want to do is equip those who want security with the tools to do so. I guess Snowden is the crusader that makes the need to take responsibility and action, so I'll give him that. He is a great scare monger. We need that. Not everyone on the Road is stepping up their own game in the face of adversity that we face. Most of us here already know the story that Snowden is telling, albeit with no proof (yet).
OK. But... NSA doesn't share their secrets with FBI, DHS, LEOs... It would reveal their power... their secrets. It would also create public nightmares like Snowden is claiming. NSA doesn't go after harmless marijuana users that find the Road to be a godsend from the old way of narcotic acquisition. They target geopolitical threats to US stability....... Jesus, this is getting to be a bigger post than I thought. Let me chew on that, and I'll wait for replies before continuing...
I think he is legit, but i must agree on the NSA stuff.....they pretty much own the internet, and they definitely own TOR, because with a few million dollars i could own TOR, there simply is not enough exit nodes, mathematically, if only 10% of the 3000 odd exit nodes are compromised, you will exit from one of those corrupted nodes at least once a week if you log on every day. VPN may help, but i doubt it. In all probability i think the NSA already knows everyone on the road, down to your address and phone number, it's just not important enough to the NSA for them to do anything which might give away control to the people they are really after.
When you use a hidden service you don't go through an exit node.
I don't want to split hairs, but TOR traffic can be captured like any other network traffic. The creators of TOR most likely monitor traffic, and we shouldn't get too confortable with the idea that we are entirely secure via hidden services.
Be vigilant.
i use bridges in my tails setup. very easy to do and from what i'm told its better than using a vpn.
i change mine quite regularly as well, dont know why just do.lol.
The problem with whonix & Qubes is that it will leave a trace when you'll be using it. So if you also want to use this machine for other stuff and if you are just a buyer, I'd recommend debian/ubuntu/whatever as main OS, and tails as an onion system.
Whonix or Qubes could be better - isolation is great, and really important. But they'd leave traces...
An option would be to have your whonix/qubes install in a truecrypt container...
Timezone shouldn't matter since all Tor clients operate on GMT, but yeah the clock could be wrong because it's set to GMT and he entered the local time.
My brain is also wired differently than most peoples. On the professional test I took (and even this one to some extent) my subscores varied by a good deal. On the verbal parts of the test I did exceptionally well with very superior scores (142+), but on the visuospatial parts I scored below average (80-90). When all of my subscores are averaged out my GIQ is in the above average range (111-121), but looking at any individual subscore would paint me as either a genius or an idiot.
Ezra Pound said that the hallmark of a genius is the fact that he can make connections where others cannot make them.
However the connections are not necessarily "diffused"; actually many very high IQ individuals are very intelligent for some particular things and very commonly almost the total opposite in some others. I guess this has to do with a sort of "selective filtering" intelligent people do, sort of unconsciously. Meaning that the things they think will never serve them (or at a profound level doesn't minimally interest them) they refuse practically to acknowledge, and this works out in practice in a seemingly ineptitude at understanding certain things while being very intelligent for the others.
This is the thing Conan Doyle talk about in the famous Sherlock Holmes stories, btw: Sherlock Holmes refuted to learn things that didn't interest him and was a genius in those that did. He also explained this thing fully in a story (but now I don't remember the name).
some may argue that it is simply a behavioral characteristic with better alternative treatment for children then addictive stimulants, but I maybe cant't relate as I was clearly among the misdiagnosed.
Although ADD and ADHD are likely greatly over diagnosed, they are indeed diseases.
The last IQ test I did was about 10 years ago, and caused me more drama than good, as the results suggested I was capable of almost anything
This is not true, My brain seems to be 'wired' differently to some, and I'm 'partially' dyslexic, not literally with words but I sometimes get things back to front
At school we were tested every 4 years from year 4! The first test I was never told about but the second got me Mensa membership and a LOT of jealousy and jibes
I think I turned to drugs coz most people either chastised me for not "performing well enough" and I had NO idea what I wanted to do, as was "expected" and was always getting into trouble for being "the kid who's smart enough to get away with it" whatever "it" might have been. I spent a LOT of time in detention!
I'm going to try this test and see just how dumb I have become
nice one kmfkewm ... should be interesting!
