Quote from: quietgirl79 on October 28, 2012, 02:35 amThanks for your valuable input Pine, I've read many of your helpful posts and I'd try to give you a +karma when I can. But, I'm trying to maintain a "small digital footprint". I do have a concern though. How wary should we be with third party services, such as Bitinstant, or Instawallet? I know you mentioned Tormail for example, as being a security concern. A guide had said not to leave any sensitive information on you, and it is better left in an "anonymous" Tormail or other account (since you have to collect data somewhere, and my memory is not good enough to memorize it all). Also, my ignorance of TOR making me wonder. I have seen the message that because my connection is "torified", I am safe, and all other non torified connections have their payloads exposed at the exit. I do not know what that actually means, but I have taken it to imply that as long as I'm using TOR, my payload is still encrypted? Then how is that different from what you have mentioned about the exit nodes..does this mean that there is some way of decrypting that information, and thus danger and less security?Sorry about the somewhat complicated question, but inputs that lead to greater enlightenment is always appreciated =)-quietgirlYou should not give 3rd parties any information that can be connected to your RL identity.Keeping a small digital footprint is easier said than done, it can be messy even for techs sometimes.You can collect the data you require (Tor browser, GPG4USB software, paperwork) in one place, encrypt the lot and upload it to some digital locker, then overwrite the original file. Then each time you use the data you can download, decrypt, utilize and repeat the previous steps to put it back in the cloud. Obviously you can't be doing that with more than a couple of Gigabytes though.A more sophisticated technique is to run everything on some remote server as well as storing the data there, but not everybody's Internet connection makes this viable.Another technique is to use a combination of encryption and obfuscation, by placing data and programs onto a microSD (a tiny piece of memory the size of a fingernail and only slightly thicker) and encrypting it. Then you can destroy/hide it before encryption becomes the last line of defense.Another technique I was talking about with Bungee (I must get back to you on this Bungee) is to take a small computer and hide it somewhere very hard to reach, but which would be very easy for you to inspect. e.g. use a magnet or otherwise physically attach a laptop to the side of a skyscraper or other tall piece of infrastructure. Then you could invest in a telescope and providing you had good line of sight you could visually inspect whether the item had been interfered with (you could attach a proximity detector to demagnetize or otherwise destroy the device). Then you can use a powerful piece of hardware to reach the laptop and do your business of storage/running programs from that. That way when LE bust you, they only have thin client, no digital footprint. I think overseas intelligence operatives must be doing something like this to stay under the radar, it makes perfect sense on a bunch of levels. It's cheap, it requires no training, the whole thing can be packaged easily for tech newbs etc.Anyway in practice less exotic techniques like the ones mentioned above work perfectly well.--Never store data/programs on Tormail or any other data storage locker unless they are encrypted to the hilt.The business with "torified connections" and "payloads exposed at the exit", is geeks and regular folk thinking differently about the system, it is this:In computers we have a thing called 'the OSI stack'. It is an abstraction where there are different 'layers' to the network. At the top is the Application layer, things like Firefox, Apache. Regular programs people and servers run. At the bottom there is the Physical layer, which literally is the 1s and 0s zooming over the copper wires or fiber optic cable. Tor provides network security, which is sandwiched in the middle of those two layers. It prevents your IP address being known. It does not anonymize the Physical layer (probably impossible) or the Application layer (the programs being used). Well, actually it does try to standardize the Application layer so everybody's 'browser fingerprint' is similar, which is a case for not adjusting the settings on your Tor Browser Bundle very much or at all. But the core thing is that it prevents somebody else obtaining your real IP address, that is the main thing Tor does.Where people get confused, is that their Internet traffic going into and traversing the Tor network is encrypted, but not at the Application layer because that's impossible. The programs you are running on Tor and the communications they are making are not encrypted in of themselves. I mean if you request a webpage such as this one on Tor, then the program handling the webpage at your end can't be encrypted. You computer would have no idea how to interpret the webpage. First the webpage must be decrypted, then it is sent to your browser to display.A related issue of confusion over encryption is that if your application like the browser sends your real IP address as part of the data it is sending out at the Application layer. e.g. "e.g. Hello webserver, I am web browser and this is my IP address", then Tor doesn't do anything to stop that because it can't. Notably BitTorrent software does something like this which is why it's not advisable to use BitTorrent with Tor.Again, Tor only prevents your IP address getting out at the Network Level. Not at the level of Software deciding to give your IP address away. Most of the time this is not malicious on the part of the software, the big problem is DNS leaks, where the software thinks it needs to obtain an IP address of another computer and resolve it to a domain name.Finally another related issue is that people think Tor encrypts all their stuff. I think this is an extreme example of 'technomagic', a fallacy in the comprehension of how encryption or frankly even logic works. Tor does not encrypt your emails from end to end. Tor does not encrypt your PMs from end to end on a forum such as this. Take this message I am writing for example. As it passes through the Tor network, it will be encrypted multiple times to achieve anonymity. But it when if 'surfaces', or is decrypted, it is plaintext. The fact you are reading it means it's plaintext! Again: application layer is not encrypted, that goes on at the network layer.Similarly on SR when you send your address to a vendor, it is in plaintext. There is not technomagic wizardry that somehow encrypts it such that only the vendor can read it in plaintext. It has to be stored as plaintext in order for the vendor to read it at all! Anybody, and I do mean anybody, with access can read that message. Hence PGP Club.The solutions to all those misunderstandings are simple.A: Always use PGP when doing incriminating things like sending your address to a vendor of illicit contraband!B: Ensure you don't do exotic (e.g. "To speed up Tor") things to the Tor Browser Bundle or however you're using Tor. You'll stand out if you do. Anonymity is all about being a member of a crowd. Run with the shoals! Swim with the zebras! You get the idea.C: Assume everything you're writing is being logged and examined by LE agents wasting the public's tax dollars, and behave accordingly.C means;No "Wow! What a great TV show last night!".No "It's a nice morning".No. "LOL, I was on reddit and..."No. "Take a look at this youtube video!"No "I just bought this book/movie/music/software"No. No. No. No. No. But yes, perhaps you should drop breadcrumbs for your own canary, but don't get too clever either or you'll wind up being more stupid than clever. Millions of people think of nothing but releasing fabulously detailed TMI about the minutiae of their daily lives, it's not difficult to create a believable alt.A, B are essential, C is for the lulz and wearing down the adversary. I assure you you have enemies and they are very real indeed. This fact cannot ever be forgotten. You are arrayed against the forces of our respective police states. DPR is correct. Merely being on this hidden service is a revolutionary act, whether you all believe it or not. One day they will come with us and we shall wield all the power of the world to create a new social and political order but until then remember we are allied against a powerful adversary. We shall play to our strengths and use the market against them. For the most experienced members of this forum this was never about the money. This is about revenge. Of peers locked in cages and death for some, of being helpless against the absurdity of the Drug War for others.They have never met an enemy like us. In all my life I have never once seen such a powerful force for social and political change as the Darknet.