|
So, it turns out my government is bringing in some draconian measures to curb anti-government speech on the Internet, and being a person with anti-government views and who may or may not get increasingly politically active in the future, I think it's high time for me to be more cautious about my internet activity. Most of the content I find about computer security is oriented toward preventing petty criminals and not toward law enforcement and intelligence agencies. I know how to use proxies, VPNs and TOR but I know very little about how someone would obtain sensitive information and what I should do to prevent it. Is there a thorough guide or something that would teach me about information security? What kind of habits people should ideally have in this regard?
|
#
?
Feb 6, 2014 22:32
|
|
|
|
| # ? Apr 23, 2024 23:54 |
|
|
If this is serious, and you aren't being overly  , then the correct answer is to stop posting about your political views on the internet, start watching everything you say and only speak in confidence to people you can trust, in the flesh. Speaking your mind isn't worth becoming a political prisoner over.More probably, if you are just being paranoid, then waste a bunch of money on VPNs, TOR, Proxies and hidden operating systems and become the shut-in, government-fearing basement dweller you were meant to be.
|
|
#
?
Feb 7, 2014 03:33
|
|
|
What country?
|
|
#
?
Feb 7, 2014 04:24
|
|
|
In the sense of your digital security, there's no preventing it. You are using an operating system/software that you have no control over and have many vectors for exploitation. The best you can hope for is to minimize it. Snowden revelations even point that RSA could be a weaker encryption due to a flawed random number generator. Encrypt your hard drive and files Keep your os updated Employ strict firewalls Always obfuscate your traffic Only communicate over https Do NOT use email without pgp, preferably not at all. Julian Assange only uses a laptop for a few days before disposing of it and keeps several on him. It's all a slider between they have everything on you and being a paranoid crazy person. They have brilliant people working full time to exploit machines with (probably) a lot of resources. You don't ever win that game and keep data from them, you only delay their acquisition. If you are going to get involved in it, my best advice is to take a hard look at if you are willing to pay the price for your resistance. Have a significant other? Ever want a significant other? Are you okay being imprisoned/tortured/killed for your cause? Try to think about how you'll feel in a few years. Once you start that game, you're in it for better or worse. mrbass21 fucked around with this message at 09:04 on Feb 7, 2014 |
|
#
?
Feb 7, 2014 08:55
|
|
|
Daysvala posted:If this is serious, and you aren't being overly I'm not being paranoid at all. I have friends who got into trouble for protesting and their internet records are used as "evidence" against them. The police have dossiers upon dossiers about anyone politically active and the new laws will just make that process easier. My goal is not to make myself invulnerable (I know that is impossible) but to make myself a reasonably hard target to notice so it has a lower chance to hurt my career or dealings with the law. And besides good computer security practices are never a bad thing. mrbass21 posted:In the sense of your digital security, there's no preventing it. You are using an operating system/software that you have no control over and have many vectors for exploitation. The best you can hope for is to minimize it. Snowden revelations even point that RSA could be a weaker encryption due to a flawed random number generator. How would I set up an email account with PGP? That's the kind of advice I'm looking for. I'm your average internet user; I'm not looking to become the next Julian Assange.
|
|
#
?
Feb 7, 2014 17:20
|
|
|
fspades posted:I'm not being paranoid at all. I have friends who got into trouble for protesting and their internet records are used as "evidence" against them. The police have dossiers upon dossiers about anyone politically active and the new laws will just make that process easier. My goal is not to make myself invulnerable (I know that is impossible) but to make myself a reasonably hard target to notice so it has a lower chance to hurt my career or dealings with the law. And besides good computer security practices are never a bad thing. Pgp just encrypts the data contained in the email, so it's compatible with any email, but if you are using a web client you might want to type your plaintext into notepad or something and then just put the encrypted data in the email. Facebook logs every keystroke you make, whether you publish or not. It's a long write up. I don't know if you can visit other sites, but with TOR and a VPN, in guessing you're okay looking some of this up. http://www.pitt.edu/~poole/PGP.htm Has a pretty good explanation. Before you set this up though, I feel I would be remiss if I didn't warn you about email. Email is inherently insecure and will be for a long time. The protocols don't even really allow for the email to be fully encrypted. Think about a letter. The post man sees who it came from, who it went to, what time of day it was sent, blah blah. Email is like this. That metadata is not hidden and cannot be hidden. There used to be some paid emails (lavabit and silent circle), but they shut down for fears the US would demand all their users data. Those guys are now creating a secure mail initiative called DarkMail that will encrypt the metadata when it can, and otherwise default to regular email. I suggest reading up on them/donating. It's for a good cause if you can. Also, another problem with pgp is you need to share your public key with whomever you want to communicate. So, if I wanted to email you, you'd have to send me your public key and vice versa. There are some services that try to act as lookup directories, but it's still not super easy. This is a problem DarkMail is going to address. Thunderbird from Mozilla is a good email client and I believe has a pgp plugin. That's the route I would go, but read that setup I liked so you understand it. http://schoolofprivacy.eu/ is aimed at individuals such as yourself. They operate off of QA type responses, but they are a good resource. Also, do NOT use a free VPN or proxy. Due to them being free they log traffic, which defeats the point. Make sure your VPN doesn't log. SOP gives some recommendations. mrbass21 fucked around with this message at 20:54 on Feb 7, 2014 |
|
#
?
Feb 7, 2014 20:48
|
|
|
You want to continue your behavior, but you're worried about privacy. Privacy no longer exists. There is your easy answer. My suggestion is not to talk about anything that would get you jailed if you must talk about the government. You'll have a file, but everyone has a file. Yours will just be thicker is all. Just don't threaten violence and no one will particularly care. Your government has limited manpower and can only put out so many fires at once. If yours is tiny enough absolutely no one will care. Just don't say anything stupid. The days of internet anonymity are over. This is the world now. You live in it. Accept it, advocate for something else, or leave. edit: This conversation has already been cached somewhere and it strikes me as funny that you would ask how to mask your habits without actually masking your habits when you ask. Ice Phisherman fucked around with this message at 22:18 on Feb 7, 2014 |
|
#
?
Feb 7, 2014 22:16
|
|
|
fspades posted:I'm not being paranoid at all. I have friends who got into trouble for protesting and their internet records are used as "evidence" against them. The police have dossiers upon dossiers about anyone politically active and the new laws will just make that process easier. My goal is not to make myself invulnerable (I know that is impossible) but to make myself a reasonably hard target to notice so it has a lower chance to hurt my career or dealings with the law. And besides good computer security practices are never a bad thing. If this is true and given the above comment, I can't, in good faith, recommend you continue to use a computer, internet or other consumer communication networks to conduct political activities in that environment. Trust no one. Don't let emotions or passivity cloud your judgment. You're human, so good luck. Your goal right now should be eliminating all online associations you have, you should consider whatever medium or network you made them through compromised; and, since you haven't verified their identities via key exchange and checking their key's fingerprints via another verifiable medium, you should consider them potential agents/confidential informants. Following this logic out, you'll see that the internet is a terrible medium for this kind of poo poo. By design, every thing is logged, tracked, and easily inspected on the backend. The internet is compromised. Almost all digital communication mediums are compromised. If you can't conduct your political activities without the internet, I suggest focusing your efforts on changing that situation if you don't want your group's efforts thwarted in the future. The convenience the internet might provide is not worth being disappeared over.
|
|
#
?
Feb 8, 2014 01:49
|
|
|
You aren't actually accomplishing anything by being an internet activist so if you're actually concerned just stop.
|
|
#
?
Feb 8, 2014 02:32
|
|
|
I don't think anybody would be able to safely guarantee their anonymity online. Only way I could see how to do it would be to buy a lovely laptop second hand for cash and post online with assumed names from public wifi areas. I don't know how much good being an online activist would be though. If you're just talking I don't see it doing much good. If you had the skills to do anything else you wouldn't be asking this. Unless you're trying to throw the FBI/KGB off your tracks If you don't want to get caught, I wouldn't bother with doing any of it.
|
|
#
?
Feb 8, 2014 07:30
|
|
|
In case you were looking for actual help with this, I recommend you start reading https://arstechnica.com/security. They do articles and have resources on internet security and hacktivism, and should help you figure out what risks exist/ are known and how to encrypt your own data.
|
|
#
?
Feb 9, 2014 16:55
|
|
|
Hi OP, I'm a computer security and privacy professional! Here is the thing. Merely using security and privacy tools can be used as evidence that you're being subversive and land your rear end in prison. Even asking us about it could be a death sentence if you're in, like, North Korea. Are you part of the underground? Definitely use PGP and as much steganography as you can; don't use the Internet as a transport unless you have to; above all don't get caught. Talk to your underground cohorts about best practices and do what they suggest. Follow their instructions as closely as you can, things that seem trivial to you could in fact be avenues for attack by your adversaries. Are you just an ordinary guy who doesn't like the idea of government goons snooping on you? Use what everybody else uses and become active in a major political party that wants to change this. Back in 1991, Phil Zimmerman released PGP at what wound up being great personal cost, in the hopes that it would be widely adopted and everybody would be encrypting their stuff now. But hardly anyone used it because people are lazy, so encrypting your stuff looks suspicious now. That's probably going to change with HTTP/2.0 and a renewed push to encrypt everything, but for now, unless you're willing to bring heightened scrutiny on yourself, I recommend you avoid a sudden switch to encryption if your government is really getting bad. On the other hand, if you can convince 400 friends to do it too, then go for it. In short, do what everybody else is doing to avoid standing out. cruft fucked around with this message at 00:32 on May 30, 2014 |
|
#
?
May 30, 2014 00:29
|
|
|
|
| # ? Apr 23, 2024 23:54 |
|
|
Hi New to all of this and slightly paranoid. I only wish to have less of a footprint or at least make it harder for someone to look at my stuff. Not that in the long run it matters but the way I look at it if I have a car and you have the same car and mine is more secure well ...there goes your car. In the long run - criminal needs 2 cars well if mine is the only one there I am sure they will figure out a plan to get it. Anyhoo that out of the way. Is there another VOIP that is encrypted or more secure than SKYPE with similar features and is there a secure free messenger like WhatsApp that encrypts or does not store its data. I am new to this so if I got it wrong or look like a total noob , do not flame please  But if this thread is about helping me be more secure through best practice and there are easy steps to do to achieve this then please advise
|
|
#
?
May 30, 2014 14:42
|
|