Silk Road forums
Discussion => Security => Topic started by: ws on February 12, 2013, 03:05 pm
-
Hi guys,
I have finally reached 50 posts and able to post here to get better response! :)
Anyway all the security is doing my head in, really struggling so if you can help me out would be great as I don't want to do any buying/selling on SR until security is best possible, I am very paranoid, which isn't a bad thing I guess as hopefully it will keep me secure!
Right, I have recently bought a MacBook, I burned tails onto a disk and also I installed GPGtools nightly build (as thats what I was advised in newbie section) onto my computer and moved onto a USB stick hoping I could boot computer up with tails then open GPG from my USB stick but it didn't work and after googling it found out GPG wont work on tails as tails is linux?
What I have now is Tor browser stored on a USB which I open up from my desktop and also has GPGtools on it.
So with what I have now not using tails is safe providing you never get a visit from LE and laptop taken away right?
If everything was booted through tails or liberte nothing would be found on my computer, browsing history, emails etc?
I'm an expert on computers and security so if anyone can advise me on how to be most secure would be great as I'm really struggling and stressing me out!
Thanks for any replies in advance!
WS
-
I have finally reached 50 posts and able to post here to get better response!
Full members can post in the newbie section and answer you there just fine.
Right, I have recently bought a MacBook, I burned tails onto a disk and also I installed GPGtools nightly build (as thats what I was advised in newbie section) onto my computer and moved onto a USB stick hoping I could boot computer up with tails then open GPG from my USB stick but it didn't work and after googling it found out GPG wont work on tails as tails is linux?
Just use GPG4USB. Google it. Or forum search it. Or look at Astor's signature.
What I have now is Tor browser stored on a USB which I open up from my desktop and also has GPGtools on it.
So with what I have now not using tails is safe providing you never get a visit from LE and laptop taken away right?
Yes, basically.
If everything was booted through tails or liberte nothing would be found on my computer, browsing history, emails etc?
"If everything was booted through tails or liberte" is too ambiguous. I think the answer to what you're asking is yes, you're correct.
I'm an expert on computers and security so if anyone can advise me on how to be most secure would be great as I'm really struggling and stressing me out!
Cool. Kind of silly for an expert on computers and security to be out of his depth though -- maybe you should just say you're an enthusiast so that you don't belittle people who spent half their life studying what you're asking about...? :)
-
I have recently bought a MacBook, I burned tails onto a disk and also I installed GPGtools nightly build (as thats what I was advised in newbie section) onto my computer and moved onto a USB stick hoping I could boot computer up with tails then open GPG from my USB stick but it didn't work and after googling it found out GPG wont work on tails as tails is linux?
GPG was first written for Linux and later ported to Windows and OS X. Of course it exists for Linux. However, "GPGTools" is a port specific to OS X.
Tails comes with its own GPG programs.
https://tails.boum.org/doc/encryption_and_privacy/gpgapplet/index.en.html
What I have now is Tor browser stored on a USB which I open up from my desktop and also has GPGtools on it.
So with what I have now not using tails is safe providing you never get a visit from LE and laptop taken away right?
Well, if you never get a visit from LE, then it doesn't matter what you do.
The whole point of security measures is to prepare for the worst case scenario. If that thumb drive isn't encrypted, your identity and activity in this community could be revealed to LE.
If everything was booted through tails or liberte nothing would be found on my computer, browsing history, emails etc?
Correct. Tails is designed to be booted from read-only media and save nothing on disk. There is an optional encrypted persistent volume.
The Tor browser bundle doesn't store cache or browsing history on disk either, but if you save bookmarks or passwords, those will be stored on disk.
I'm an expert on computers and security so if anyone can advise me on how to be most secure would be great as I'm really struggling and stressing me out!
There's no simple answer to that question, because people operate with different threat models and computing requirements. Some people share computers with roommates or go to libraries and they can't implement certain security features. Also, from talking to hundreds of people on the forum, I've learned that when people ask to be "most" secure, they really mean some optimal trade off between security and convenience.
Are you using a 64 character password on your SR account? Well, why not? That's MORE secure than a 16 character password. The most secure would be whatever the hardcoded limit is for the password field, probably 256 characters. This feature is easy to implement, so if you're not using a max size password, you don't really want to be MOST secure, you want some convenience.
-
SelfSovereignty has a point. Don't call yourself a computer expert and at the same time demonstrating that you are struggling with basic principles.
Start by learning about GPG and various security distros and then graduate to more complex stuff.
Decide if you want to use a LiveCD (you can't write on that), LiveUSB, or a regular OS. If you computer is seized the third option will create problems if you won't use FDE - full disk encryption.
Running a LiveCD (not through a VM !) would mean no traces. Running liveUSB would mean traces on the USB itself.
My advice is to get Liberte and Tails and play with both for a week.
-
SelfSovereignty has a point. Don't call yourself a computer expert and at the same time demonstrating that you are struggling with basic principles.
Oops sorry guys, I was meant to say I AM NOT a computer expert, should of read through before I posted, I am posting here for advice and opinions from experts as I am far from it! :-[
Thanks for your replies I will have a good look through your posts and hopefully get this sorted out asap
-
SelfSovereignty has a point. Don't call yourself a computer expert and at the same time demonstrating that you are struggling with basic principles.
Oops sorry guys, I was meant to say I AM NOT a computer expert, should of read through before I posted, I am posting here for advice and opinions from experts as I am far from it! :-[
Thanks for your replies I will have a good look through your posts and hopefully get this sorted out asap
... And also I am probably exaggerating with the thread title, perfect scenario would be putting in a disk, spending some time on SR then ejecting disk and leaving no traces on my MacBook also using PGP for sensitive information at the same time.
-
If you ask a specific question, like "I'm willing to do X, will that make me more secure?", then you can get a specific answer.
When you ask an open ended question like, "What can I do to be most secure?", you will most likely get answers (from me, at least :) ), that you are unwilling to implement.
For example, to be most secure, you should configure an anonymizing middle box. This would be a PC in a nettop or HTPC form factor with 2 network interface cards, running OpenBSD, which transparently proxies all connections from your main computer over Tor. Tails already transproxies all connections over Tor, but it can theoretically be rooted and the attacker can simply remove the iptables rules, shut down Tor, etc. With the transproxy on a separate physical box, you are much more secure, but are you willing to invest a couple hundred dollars in the hardware, as well as the time required to learn how to properly configure it? Probably not.
-
SelfSovereignty has a point. Don't call yourself a computer expert and at the same time demonstrating that you are struggling with basic principles.
Start by learning about GPG and various security distros and then graduate to more complex stuff.
Decide if you want to use a LiveCD (you can't write on that), LiveUSB, or a regular OS. If you computer is seized the third option will create problems if you won't use FDE - full disk encryption.
Running a LiveCD (not through a VM !) would mean no traces. Running liveUSB would mean traces on the USB itself.
My advice is to get Liberte and Tails and play with both for a week.
What I am doing now with Tor on USB with GPG isn't great for me then, I want to prepare for the worst so tails or liberte on a USB or disk is a must so if my laptop did get taken away would have nothing incriminating on there.
Once I finally get up and running properly is there a way to write over deleted stuff on my hard drive so I start a fresh using either liberte or tails knowing that nothing bad is on hard drive?
-
Once I finally get up and running properly is there a way to write over deleted stuff on my hard drive so I start a fresh using either liberte or tails knowing that nothing bad is on hard drive?
DBAN it and reinstall the OS.
http://dban.org
http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299
-
Once I finally get up and running properly is there a way to write over deleted stuff on my hard drive so I start a fresh using either liberte or tails knowing that nothing bad is on hard drive?
DBAN it and reinstall the OS.
http://dban.org
http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299
OK brilliant, will do that, thanks.
-
If you ask a specific question, like "I'm willing to do X, will that make me more secure?", then you can get a specific answer.
When you ask an open ended question like, "What can I do to be most secure?", you will most likely get answers (from me, at least :) ), that you are unwilling to implement.
For example, to be most secure, you should configure an anonymizing middle box. This would be a PC in a nettop or HTPC form factor with 2 network interface cards, running OpenBSD, which transparently proxies all connections from your main computer over Tor. Tails already transproxies all connections over Tor, but it can theoretically be rooted and the attacker can simply remove the iptables rules, shut down Tor, etc. With the transproxy on a separate physical box, you are much more secure, but are you willing to invest a couple hundred dollars in the hardware, as well as the time required to learn how to properly configure it? Probably not.
I would.
could you please send me any info you have on this matter
-
Here's how to do it on an OpenWRT router:
https://forum.openwrt.org/viewtopic.php?id=27354
Which is cheaper than a second computer. I just don't like the idea of having the middle box face the public internet. I would rather it go
public internet -> router -> anon middle box -> main computer
For that you need to custom build a computer with 2 network interface cards, then install Linux or a BSD, then configure the transparent proxy. There are lots of tutorials on installing Linux and Free/OpenBSD. To configure the transproxy, see here:
Linux
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox
BSD
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#AnonymizingMiddlebox1