Anonymous as possible
105 views
Skip to first unread message
GT500Shlby
Aug 26, 2019, 12:26:19 PM8/26/19
to qubes-users
Recently I went looking for as high as humanly possible anonymity but quickly deployed.
For a purely hypothetical example, say I have evidence on a prominent person. Think got mistress prego, mistress no want abortion, mistress gets bookend to skull, murder cover-up gone awry. So obviously me having said info, puts me in severe risk of being killed myself. Like full on conspiracy theory novel/adventure story. The idea is to be as realistic to the cyber security preparations as possible.
So I pick out an older laptop from recycle, flash the bios and remove any serial numbers and assets tags, pop in a newer SSD from a different recycled system (0 purchae records), reflash its firmware to remove serial number. Source an external wireless adapter with changeable MAC address and again, make sure no digital serial number. Now I need an OS. TAILS is a good option, but I saw Qubes used a while back and thought of it.
The idea is to go to a public place with lots of stores/cafes that have free wifi, but sitting outside those establishments in a non-cctv area but jacking their wifi, probably using a sharklasers email to get registered then using a vpn with bitcoin and another sharklasers email and then using tor above that to then create a throwaway reddit account to browse on r/gonewild err I mean drop the docs on the bad dude.
However, my concern is, I'm having trouble finding the latest release date. the listed release schedule makes it look like the current stable release is over a year old. What is the TL;DR of the state of development of Qubes?
From other privacy focused people, are their any holes in my privacy scheme?
awokd
Aug 26, 2019, 3:20:12 PM8/26/19
to qubes...@googlegroups.com
GT500Shlby:
> then using a vpn with bitcoin
Be aware of the money trail.
> However, my concern is, I'm having trouble finding the latest release date.
> the listed release schedule makes it look like the current stable release
> is over a year old. What is the TL;DR of the state of development of Qubes?
TL;DR check file date on 4.0.1-x86_64 ISO in
https://mirrors.edge.kernel.org/qubes/iso/ . Longer info is 4.0.2 is in
active development. The point releases don't really matter though,
because if you patch 4.0 to current level you have 4.0.1. Same when
4.0.2 ships. Multiple people are constantly updating Qubes; check the
Qubes Github repos for another idea of activity level.
> then using a vpn with bitcoin
> However, my concern is, I'm having trouble finding the latest release date.
> the listed release schedule makes it look like the current stable release
> is over a year old. What is the TL;DR of the state of development of Qubes?
https://mirrors.edge.kernel.org/qubes/iso/ . Longer info is 4.0.2 is in
active development. The point releases don't really matter though,
because if you patch 4.0 to current level you have 4.0.1. Same when
4.0.2 ships. Multiple people are constantly updating Qubes; check the
Qubes Github repos for another idea of activity level.
rec wins
Aug 27, 2019, 12:34:33 AM8/27/19
to qubes...@googlegroups.com
thingy
https://www.whonix.org/wiki/DoNot
https://www.whonix.org/wiki/Documentation
https://forums.whonix.org/c/general-tor-and-anonymity-talk
don't trust "qubes" either verify your .iso , maybe evil-maid with a
TPM if it's that bad goodluck
scurge1tl
Aug 27, 2019, 3:17:17 PM8/27/19
to GT500Shlby, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
GT500Shlby:
Your model is actually a high risk environment, involving actions of
physical harm or death of you or your close ones.
In this case you would need to employ much measures and
countermeasures, not necessarily related to the digital behavior, more
than the OS like Tails or Qubes, to stay safe. Your behavior patterns
changes, your physical movement and monitoring of your life emissions,
the way you obtained the compro, from whom, how, when, where and so
on. Your contacts can be compromised already. Beware of your writing
stylistics, typos, and other similar leakages of your identity. In
case you have written something publicly under your real identity, you
should count that if you don't use deception, it can be one of the
identifiers narrowing options from adversary in pursuit of finding you.
Know your adversary and its level of determination, resources and time
available to find out key indicators leading to you. The higher it is,
the higher security measures and deception layers need to be employed
by you.
In this case you will for sure need certain level of well pre-prepared
deception layers to make sure that if your contingency plans fail, you
have a well working backup plan, spreading options on more ways
adversary needs to follow on each layer, to give you time and a
especially clear warning, that there is somehow successful adversarial
activity, without leaking this intelligence to the adversary.
You will basically need to do the job done and destroy all traces from
you, and remain exposed shortest time possible, and leak as little as
possible emissions about your activity and at the same time not break
too significantly your daily routine. All preparation activities are
deviations from your routine, and can rise suspicion even after the
job done.
Once done, there should be more less zero possibility to get any
intelligence about your sensitive activity by any means, even backwards.
Coming to the OS, in this case Tails will do the job. It is amnesic
and the only hot potato is the SD card, if your activity isn't leaked
already, which is still possible.
If you were for example searching for the Tails through an insecure
OS, downloaded TBB through a non-anonymous channel, or even through
your IP address, and so on, you can already be on a watch list.
Estimate how many people in your area use Tor or Tails and you will
see it is not much. It can be see you are using Tor or Tails, as it
has very unique behavior.
All that, provided you know what you are doing, you are able to get
Tails securely, can reliably obtain their signing pgp keys, confirm
the downloaded file with it, its hash, can run it securely, in this
case remotely (see external wifi card, with cantenna for example, to
get wifi connection from few kilometers away) and having clear OpSec,
and be sure you are not compromised already, from the very beginning,
you could be quite safe.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1lgZlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzsEw//Q7enT4Rw/8x8yYiXzmWy2GMJ4AAez4x38UMI91j+VLgZ9ER9O5MnBEHO
7oZiXyAjPTGswYZP8beceaR3a7zVELWwsCMHtapSAhWzstpW6OHz/Q0lrOMmYgLw
7h8k7Oz55NvEZ9kAGllquvn48zsqWenC4ie9vZiWyWuiRyhYoQpd44yl/fJ786Q5
iZ/66WlOxhq+X6cAFNzb8Hsq0YoelTLD8KPVpQxDeE/SzOujXr0/iV8B6YItAX6n
+gVnqAa/Zas32TW/V9cC180ore5+u8CrU1P/NYMmUiUd89KL3UnfQcldTrBLmnGB
hoUWjxasZakzDEZ3Tmtr435oC5hSLAjAj9GvEgLtjTjIYgisOfSn8nCAaqndp4b7
Vg7PtPyBMjpXKzkVlugrks5U83jP/y/A6G8PDkjhF8UGAVsU0UH7BduOCu89Ntnx
9okXoHZ5RC8ej4IilGxF2WILAoLD/sPLLZVnAJ9XIsUo2EwFPrfA4aU2IGTgk49u
fAOh9Fj696N2Pb9byJUyopyPclYO0+bXZfaq4HoTdRku+fVB3VV4fLl7zS3beEjY
MLNHHsuZFCEb+UK8511fetFIXMJ/Rv/iQCovIORFpjXRbcr9C3caaxVSeN+/Y2MI
4B8HRlrla14q8RwtEB1O0xtppj9aw2G2Di6C5I35He6hVxmMYRU=
=Ob3v
-----END PGP SIGNATURE-----
Hash: SHA512
GT500Shlby:
physical harm or death of you or your close ones.
In this case you would need to employ much measures and
countermeasures, not necessarily related to the digital behavior, more
than the OS like Tails or Qubes, to stay safe. Your behavior patterns
changes, your physical movement and monitoring of your life emissions,
the way you obtained the compro, from whom, how, when, where and so
on. Your contacts can be compromised already. Beware of your writing
stylistics, typos, and other similar leakages of your identity. In
case you have written something publicly under your real identity, you
should count that if you don't use deception, it can be one of the
identifiers narrowing options from adversary in pursuit of finding you.
Know your adversary and its level of determination, resources and time
available to find out key indicators leading to you. The higher it is,
the higher security measures and deception layers need to be employed
by you.
In this case you will for sure need certain level of well pre-prepared
deception layers to make sure that if your contingency plans fail, you
have a well working backup plan, spreading options on more ways
adversary needs to follow on each layer, to give you time and a
especially clear warning, that there is somehow successful adversarial
activity, without leaking this intelligence to the adversary.
You will basically need to do the job done and destroy all traces from
you, and remain exposed shortest time possible, and leak as little as
possible emissions about your activity and at the same time not break
too significantly your daily routine. All preparation activities are
deviations from your routine, and can rise suspicion even after the
job done.
Once done, there should be more less zero possibility to get any
intelligence about your sensitive activity by any means, even backwards.
Coming to the OS, in this case Tails will do the job. It is amnesic
and the only hot potato is the SD card, if your activity isn't leaked
already, which is still possible.
If you were for example searching for the Tails through an insecure
OS, downloaded TBB through a non-anonymous channel, or even through
your IP address, and so on, you can already be on a watch list.
Estimate how many people in your area use Tor or Tails and you will
see it is not much. It can be see you are using Tor or Tails, as it
has very unique behavior.
All that, provided you know what you are doing, you are able to get
Tails securely, can reliably obtain their signing pgp keys, confirm
the downloaded file with it, its hash, can run it securely, in this
case remotely (see external wifi card, with cantenna for example, to
get wifi connection from few kilometers away) and having clear OpSec,
and be sure you are not compromised already, from the very beginning,
you could be quite safe.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1lgZlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzsEw//Q7enT4Rw/8x8yYiXzmWy2GMJ4AAez4x38UMI91j+VLgZ9ER9O5MnBEHO
7oZiXyAjPTGswYZP8beceaR3a7zVELWwsCMHtapSAhWzstpW6OHz/Q0lrOMmYgLw
7h8k7Oz55NvEZ9kAGllquvn48zsqWenC4ie9vZiWyWuiRyhYoQpd44yl/fJ786Q5
iZ/66WlOxhq+X6cAFNzb8Hsq0YoelTLD8KPVpQxDeE/SzOujXr0/iV8B6YItAX6n
+gVnqAa/Zas32TW/V9cC180ore5+u8CrU1P/NYMmUiUd89KL3UnfQcldTrBLmnGB
hoUWjxasZakzDEZ3Tmtr435oC5hSLAjAj9GvEgLtjTjIYgisOfSn8nCAaqndp4b7
Vg7PtPyBMjpXKzkVlugrks5U83jP/y/A6G8PDkjhF8UGAVsU0UH7BduOCu89Ntnx
9okXoHZ5RC8ej4IilGxF2WILAoLD/sPLLZVnAJ9XIsUo2EwFPrfA4aU2IGTgk49u
fAOh9Fj696N2Pb9byJUyopyPclYO0+bXZfaq4HoTdRku+fVB3VV4fLl7zS3beEjY
MLNHHsuZFCEb+UK8511fetFIXMJ/Rv/iQCovIORFpjXRbcr9C3caaxVSeN+/Y2MI
4B8HRlrla14q8RwtEB1O0xtppj9aw2G2Di6C5I35He6hVxmMYRU=
=Ob3v
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages