Anon Archived Serious thread: infosec, opsec, guerrilla war, advice (8chan)
submitted ago by 2980539?
Posted by: 2980539?
Posting time: 1.9 years ago on
Last edit time: never edited.
Archived on: 4/19/2019 10:00:00 AM
Views: 308
SCP: 1
1 upvotes, 0 downvotes (100% upvoted it)
Anon Archived Serious thread: infosec, opsec, guerrilla war, advice (8chan)
submitted ago by 2980539?
view the rest of the comments →
[–] 16203737? ago
Your Computer
To date, the NSA's and FBI's primary attacks on Tor users have been MITM attacks (NSA) and hidden service web server compromises (FBI) which either sent tracking data to the Tor user's computer, compromised it, or both. Thus you need a reasonably secure system from which you can use Tor and reduce your risk of being tracked or compromised.
Don't use Windows. Just don't. This also means don't use the Tor Browser Bundle on Windows. Vulnerabilities in the software in Tor browser button figure prominently in both the NSA slides and FBI's recent takedown of Freedom Hosting.
If you can't construct your own workstation capable of running Linux and carefully configured to run the latest available versions of Tor, a proxy such as Privoxy, and a web browser (with all outgoing clearnet access firewalled), consider using Tails or Whonix instead, where most of this work is done for you. It's absolutely critical that outgoing access be firewalled so that third party applications cannot accidentally leak data about your location.
If you are using persistent storage of any kind, ensure that it is encrypted. Current versions of LUKS are reasonably safe, and major Linux distributions will offer to set it up for you during their installation. TrueCrypt might be safe, though it's not nearly as well integrated into the OS. BitLocker might be safe as well, though you still shouldn't be running Windows. Even if you are in a country where rubber hosing is legal, such as the UK, encrypting your data protects you from a variety of other threats.
Remember that your computer must be kept up to date. Whether you use Tails or build your own workstation from scratch or with Whonix, update frequently to ensure you are protected from the latest security vulnerabilities. Ideally you should update each time you begin a session, or at least daily. Tails will notify you at startup if an update is available.
Be very reluctant to compromise on JavaScript, Flash and Java. Disable them all by default. If a site requires any of these, visit somewhere else. Enable scripting only as a last resort, only temporarily, and only to the minimum extent necessary to gain functionality of a web site that you have no alternative for.
Viciously drop cookies and local data that sites send you. Neither the Tor browser button nor Tails do this well enough for my tastes; consider using an addon such as Self-Destructing Cookies to keep your cookies to a minimum. Of zero.
Your workstation must be a laptop; it must be portable enough to be carried with you and quickly disposed of or destroyed.
Don't use Google to search the Internet. A good alternative is Startpage; this is the default search engine for Tor browser button, Tails, and Whonix. Another is DuckDuckGo which also has a hidden service. Plus it won't call you malicious or ask you to fill out CAPTCHAs.
[–] 16204309? ago
Don't use addons for tor browser. Tor browser is supposed to be the same for everyone to prevent fingerprinting. Websites can see the addons you're using, so if you're the only person using a specific addon, you can be tracked.
[–] 16204207? ago
If you want to go ultra-paranoia which is understandable in this day and age, there is now a fully open source computer(including CPU) for around 2k usd. Some distros of linux support it and there is currently an effort to port tails over. Literally no way to exploit vunerabilities if it's a powerpc comp running tails.
https://raptorcs.com/content/TLSDS3/intro.html
Link if interested
[–] 16204213? ago
Very interesting anon.
We really need more market saturation of this kind of stuff. Praise the king of digits for this worthy get.