I've been kicking around an idea to build a machine that prioritizes anonymity. The plan would be to use open source hardware, tails, and a maybe some sort of wfi booster. What are your thoughts on this? Do you have ideas of a better way to go about doing this?
Building a very anonymous machine
kys retard
I'm not pretending to be a leet hacker I just wanted some discussion
How would open source hardware make your machine any more anonymous?
something set up as Whoonix may be better
Wouldn't cable prevent any kind of mitm?
Go with Qubes w/Whonix rather than Tails if possible
well, a cable can always be physically mitm-ed just outside your house
The way you put this forward isn't going to get very many serious responses. Next time before making an entire thread you should do enough research to have a specific enough question that people will find it interesting enough to answer.
What is it that you want to do? Avoid getting profiled? Protect yourself from hackers? Buy stuff under the table?
What seems to be the problem, officer?
You can't ensue security without anonymity. You can be deanonymized if you're not secure enough. You just need to find an appropriate balance for your case.
I haven't got a clue, but iirc system76, lemote yeelong and thinkpad x200 are considered fairly ok.
Coreboot support is something to look for, probably.
Looks like you're aiming at disposability, fine if you can tolerate it. Otherwise Qubes has Whonix integration but you can't burn cds. Configuring vms can be a bit of a timesink. Openbsd is considered secure by default but apparently doesn't support luks. You can still have fde, but only aes256xts. Which is ok I guess, but not very compatibility friendly if you have multiple drives I'd imagine.
Invest in transportation and Faraday cages.
I actually tried Qubes. It may be "reasonably secure", but in no way it prioritizes anonymity. Every software on it has the default configuration like in Fedora. Even if you start Firefox it will open up the Fedora welcome site, Google's search suggestions in the address bar etc.
Whonix or not, you really have to spend time to configure it even just for general privacy.
Actually Tails with persistence works very well. The only reason that stops me using it as my main OS is the really ugly Gnome 3.
All you need is Linux, IP tables and dnsmasq to route all traffic through tor on system no proxies involved, if you have i2p or other networks you can use dnsmasq so .i2p domains go through i2p.
Listen to what Stallman recommends.
use qubes for one, second if you want open hardware youre going to have to cross out a few ideas to get things working since you have to use ARM these days for floss hardware, check out the pinebook for example.
third, an anonymous machine is ideally set up in an internet cafe. you could also become your own isp in order to mess with cia niggers trying to find where you are and not knowing where you're based out of.
also, you'll want to browse the web by fetching web pages and viewing the html by itself. this makes the website unable to take browser information and track you by anything other than ip and request time.
on request times, the easiest way anyone on tor is found is when the cia niggers control both the entry and exit node, which in a lot of the cases they do, and they have close enough packet sizes and timestamps, the cia niggers can be relatively sure of the origin of the signal. for example a connection at 05:35 of 20.2mb was made from node A owned by nsa and a request of 20.2mb was made at 05:35 at node B owned by nsa. the nsa now knows your ip downloaded 20.2mb of data. so this is why you need to anonymize yourself by connecting through internet cafes and connecting through vpns that arent bought in your name and also using a fuckton of proxies.
keep your browser up to date or very obscure. i like to use lynx browser because all it is able to do is request html documents. no js, no video no pictures just html. put behind tor, a few proxies, a vpn and an internet cafe and some open hardware running a disposable vm using opsec methodology and you'll always be anonymous. at least as far as i know.
Did that pic work?
KILL YOURSELF
just buy a cheap ass laptop, remove the hdd, use a liveUSB with tails/heads and never connect to your personal network with it ever
Different scrub.
Currently using tails at home and have a few questions.
If I decide to go out to some other place for wifi would I be re-anonymized despite using tails at home? I'd be going without things that could track me.
If I am re-anonymized would using the unsafe browser to login compromise my anonymity?
I have no open source hardware. is that a big deal?
If there's no public wifi how would i get in with tails?(not a priority question)
How much of a fucking idiot are you?
google is collecting data off a Tor IP, and you can use temp profiles that delete any stored data when you shut them down.
And even if that's not your cup of tea:
This is why you configure it and save as a template, which you can upload to git and have others fine tune if they're interested in what you're doing.
If configuring stuff is an issue for you, what the fuck are you actually asking?
unless there's a critical update and you get MiTM'd before you even realize
are...are you for real?
I'm a fucking scrub and even I know the difference in a wifi MitM and having to fucking splice cables together is orders of magnitude in terms of difficulty.
This is also my concern with Whonix. You are able to modify the system (indeed, pretty much told to by the docs).
It worries me that a Whonix install is basically a work in progress, ready for an adventurous/naive user to screw up.
Tails gets this right - install and don't fuck around with it.
...
why wouldn't you ever connect to your personal network ever, what about system updates or changes?
can a computer be traced this way?
lets say that you log in to network X using mac adress AA:AA and hostname "Jhon" and then you log in network Z using Mac adress BB:BB and hostname "Elvis", unless you can be doxxed by accesing let's say ubuntu servers to install Clementine i guess you are safe...
I remember when Tor started to ship with javascript enabled by default without any prior notice.
Bumperino
Heres what you need.
- Thinkpad x200 with libreboot
- Qubes OS
- Hardware killswitches for wifi and microphone and maybe sound
Why do you even need anonymity? nobody cares about you either way.
This. Besides, the best way to go unnoticed is to stay in plain sight.
Almost agreed, but instead of linux shit, use Microsoft Windows with firewall and allow only Tor. Also use Full Disk Encryption. TorBrowser for browsing.
That will kill any linux setup. And will have 100 times more productivity that old broken stupid linux shit apps.
lol just an user rolling by, I had people say exactly this to me over the years, and I got vanned. Yeah - who cares about anonymity right? Idiot.
gno
Yeah, just put your real name everywhere on the chans and link your facebook account. Works for me!
stop downloading CP retard
Login to what?
No.
What does get in with tails mean?
What did you get vanned for? What happened?
I don't think this will work, and if it did it would be extremely slow.
Anyone recommending Windows for privacy is either an idiot or a shill.
kys retard
x230 comes with a 2.9ghz i7 and hardware switches. It can now be corebooted. By the end of the year you can expect it to be Librebooted as well. It supports 16gb of RAM, and with nitrocaster's or a similar mod, can support a 1080p screen. I get 9 hours on Void linux with a 44++ 80% health battery. I will be set until the technology Babylon that is Silicon Valley crashes and burns and engineers start working on real problems again. Have an inconspicuously normal machine for your kosher business, and the meme machine for everything else
I'm planning to buy an old Thinkpad to use as a mememachine, nothing illegal like hacking stuff or watching CP, probably nothing that would get me v&, but I'm gonna be spreading some non-kosher opinions. But I don't want to make my identity obvious to my ISP or on whatever websites I'm distrubing memes.
Realistically, without getting to obsessive, are basic opsec techniques like VPN and/or TOR, uMatrix and mac address spoofing good for those purposes?
IDK, I have cursory knowledge of linux, command line, and programing. I'm basically looking to try and run a few meme and propaganda accounts without getting fired.
Any advice for that type of activity?
Yes, those techniques should be fine. MAC address spoofing could be unnecessary if you're just opinion posting but it's your call. Tor is less vulnerable to commercial persuasion than a VPN provider.
Is Mymachine -> VPN -> TOR -> "site I'm posting on" a good idea then?
In this senario I'm paying for the VPN in Bitcoin that has been purchased with cash (I never gave out my real name, face, or personal info when purchasing it) and mixed.
The VPN provider has my throway email and that's about it. Plus I'd be getting a VPN not headquared in any of the 14-eyes countries.
My ISP sees I use a VPN traffic and the VPN sees TOR traffic.
From what I can guess with my somewhat better than cursory knowledge of computers and opsec: My ISP and VPN would have to share data to figure out my identity. And since I'm not selling drugs or breaking into goverment/corperate networks, I think that the likelyhood of that is slim.
After all, I've never heard of the US govt. serving a court order to a VPN in Romania or Panama with a court order to reveal user data because of trolling or mean comments. The NSA is probably watching it all, but even if they are breaking encryption and de-anonymizing TOR with corrupt nodes, I'm pretty sure what I would be doing wouldn't be even close on their radar.
That's about as good a setup as you can reasonably get. Don't forget inbound/outbound traffic rules on the VPN connection itself. Since they usually present as a new interface.
which is why you use openbsd
When you use Tor and a VPN, all your ISP can see is that you're using a VPN. All the VPN provider can see is that you're using Tor. The Tor exit node operator can see your traffic if you're not using ssl/tls (httpS) or some other form of end-to-end encryption with the destination site, but he has no idea of the source. You could be profiled by writing style, typing style, internet habits, browser 'fingerprinting', and so on, but that's probably nothing to worry about in your case. The main things to remember are to use ssl/tls and never put anything in your traffic that could personally identify you. E.g. don't log into your Facebook account or use a nickname linked to yourself.
tl;dr Just put Tails on a USBstick and use McDonalds wifi.
Qubes 4.0 will require newer hardware anyway