Silk Road forums

Discussion => Newbie discussion => Topic started by: mezzomixtor on April 07, 2013, 05:11 pm

Title: So whats the really best way to be anonymous?
Post by: mezzomixtor on April 07, 2013, 05:11 pm
At the moment I am on Windows, I created a new user which I only use for SR, my tor browser bundle is stored on an USB-Flash drive which is encrypted with Truecrypt and before/after I run TorBrowser I run CCleaner. My addons for TOR Browser are: "https everywhere" and "better privacy" and NoScript is configured to deny scripts globally.

Now I was thinking to format my usb-stick and use liberte linux instead. but then i've read in another threat that there is the rumor that liberte isnt that anonymous because there are "DNS-leaks". furthermore, what if there comes a new version of TOR-Bundle, is it possible to update the tor browser on liberte? And is liberte as safe as Truecrypt to get access to your data? (Or is it even possible to youse both truecrypt and liberte?)

At first i wanted to use liberte instead of TrueCrypt because it seems a bit more anonymously because you cant get trojans / a virus / malware which may give information about your identity. But know I am not sure because I read about some leaks....

And whats the best way to prevent that your ISP can see that you are using TOR? And what is TAILS? Is it an alternative to TrueCrypt?

I've spent a lot of time on this forum to get information (as I'm totally new to this hole stuff) but it seems like everybody says something different. It would really help if someone could answer my questions, so where are the techpros out there? :-)

(Info about me: i just want to buy small amounts, no vendor, but i really dont want to get into troubles, would be enough for me if cops where at my door, so i just want to make sure that they at least cant find anything!)
Title: Re: So whats the really best way to be anonymously?
Post by: mezzomixtor on April 07, 2013, 05:13 pm
Oh and when I need to surf the clearnet while using TOR, should i make this through normal firefox / TOR / or shouldnt i do this at all? (Of course just to read some guides about encrypting, no personal sites/anything like that)
Title: Re: So whats the really best way to be anonymously?
Post by: westb0xes on April 07, 2013, 05:27 pm
try to fake ur own death xD
Title: Re: So whats the really best way to be anonymous?
Post by: mezzomixtor on April 07, 2013, 05:42 pm
lol very funny... i bet youre the first who crys and admits everything when cops are at your door.... whats wrong at all about trying to be anonymous??? anyone other here with some good advice?
Title: Re: So whats the really best way to be anonymously?
Post by: CannabisCrew on April 07, 2013, 10:14 pm
Hi mezzomixtor,

I know how overwhelming it can all be once you get started. I was once where you are now so trust me I know the feeling. I've gone down the path of using virtual machines, liberte, and other methods to secure and obfuscate my identity. I've spent considerable time researching and reading and now do something that is very simple. I use a hardened Linux Debian distribution called TAILS.

TAILS stands for "The Amnesic Incognito Live System" and is a standalone distribution which will allow you to securely safeguard yourself for anonymous browsing.

I have it installed on a USB drive and the drive contains two basic partitions.
1. The primary partition for the TAILS operating system
2. A "persistent" storage partition that acts as an extended partition which is encrypted with your passphrase.

It's easy to use and will allow you to accomplish what you're seeking to do. Truecrypt has some major security flaws and I would NOT recommend it. But with every advice you receive, take it upon yourself to conduct your own research and see if TAILS is right for you.

I hope this gives you a good place to start and best wishes brotha!

-CC
Title: Re: So whats the really best way to be anonymously?
Post by: BreakingBad123 on April 07, 2013, 10:42 pm
You can't be anonymously. The English language doesn't allow it.
Title: Re: So whats the really best way to be anonymously?
Post by: CannabisCrew on April 07, 2013, 11:22 pm
You can't be anonymously. The English language doesn't allow it.

HAHAHAHAHAHA! I LOL'd for real on that one! :)
Title: Re: So whats the really best way to be anonymous?
Post by: coxix on April 08, 2013, 12:20 am
mezzomixtor, I think CannabisCrew's advice is solid.

Tails, (as I understand it) boots it's own operating system via USB or DVD, works in RAM, and leaves no trace of it's use on the machine, (unless instructed)--it also forces any internet connection through Tor.

As far as the Tor Browser Bundle goes, I wouldn't mess with it unless you know what you're doing, "better privacy" is not one of the add-ons showing on my up to date TBB. Given that we are placing our trust in them it seems apt to take their advice, that said, there's shitloads of outstanding and helpful advice right here, Pine and astor come to mind, although there are many more.

Tails also has some cool features that come with it, great encryption…ahh, you can read it for yourself :)

Also, a common one that crops up with updating Tor, is to bin the version you're using before installing the update, folks have been having trouble with that.

One thing I do is check the signature of what you're going to be running, you have to mess about a bit with command lines and such, but it's clearly explained in the Tails manual--you verify the software, you know it's safe, and you feel a bit less overwhelmed by the difficulty when you pull it off :)

It's a pretty fucking cool hobby too, eh?
Title: Re: So whats the really best way to be anonymous?
Post by: coxix on April 08, 2013, 12:28 am
Wadozo is another member to look out for too, knows their shit.
Title: Re: So whats the really best way to be anonymously?
Post by: mezzomixtor on April 08, 2013, 01:24 am
You can't be anonymously. The English language doesn't allow it.

haha thx for the english lesson ^^ i changed the topic name, i hope its correct now, and as you may have already found out, english is NOT my native language :-)

Thx CC and coxix for your help, i tried to find out more about tails, and i think i'll give it a try! I'm already reading all the information on the TAILS Homepage, and there is a loooooooot of information, I guess I'll need 2 more days till i am able to install it haha, maybe you can help me out once more with something i could not find on the documentation:

Why is it recommended to use TAILS by burning it onto a DVD? And I assume that the encryption of the "persistent" storage partition is (of course only with a long enough passphrase) at least as hard to "hack" as the TrueCrypt encryption? So I should not worry about this point?

And what did you mean with that?
"Also, a common one that crops up with updating Tor, is to bin the version you're using before installing the update, folks have been having trouble with that."

I guess you meant "to back up" the old version?

Anyway big thx for your help so far! :-)
Title: Re: So whats the really best way to be anonymous?
Post by: coxix on April 08, 2013, 12:31 pm
Hi mezzomixtor, you're welcome!

With regard to burning to DVD, it's my understanding that burning to a READ ONLY medium would prevent anyone messing around with the content of the disk--so assuming you had a clean version of Tails on a read only medium, it would stay safe, whereas saving it to USB could potentially leave you exposed to some form of computery malice simply given that it is accessible i.e. re-writable.

For the record, I am not yet using tails, but I do verify the sig ( found around the big orange Tor download box) of the version of Tor I'm about to download. This involves running a few lines of code to verify the integrity of the source--there are very clear instructions in the Tor manual on how to do this, and is mostly just a little cutting and pasting into your command line editor. Just make sure you are entering the correct version of the TorBB, or you will be in for a little confusion!! One of the files will end with a .zip extention, and the other .asc -- these have to be run in the correct order in one line with a space between the two files you will have downloaded. It may be slightly different on your operating system, but it's relatively simple even for my dumb old butt. Here's the link on how to verify the Tor sig.

https://www.torproject.org/docs/verifying-signatures.html.en

I'm afraid I can't help you with Trucrypt, I'm pretty sure it's not going to be backwards compatible with Tails or some other such headache, and having so much to learn, I don't see the point in dedicating time to it.

Regarding updating Tor, I just uninstall it from my machine entirely, download the new version (without opening it) check the sig (see the link) and when I get the "Good signature" message, open Tor and get back to having fun:-)

The reason behind doing this, is that I read a fair bit about people having problems re-installing, and this was the solution that was suggested most, and it worked for me.

I'm a newbie myself, so please do your own checking, especially on the security threads--there really are some very clever people willing to help if you're willing to read widely and not ask the same questions over and over.

I'll be investigating Tails more deeply very soon, and will share what I find out.

Have a great day


Title: Re: So whats the really best way to be anonymous?
Post by: Facebook. on April 08, 2013, 02:02 pm
very solid handling.

Nice tips.
Title: Re: So whats the really best way to be anonymous?
Post by: georgesdad on April 08, 2013, 02:12 pm
cash no cc
bitinstant.com from a computer/ip address that cant be traced to you
use a usb w tails
PGP ENCYRPTION (look it up)
use real name and address on orders
know your vendors
Title: Re: So whats the really best way to be anonymous?
Post by: georgesdad on April 08, 2013, 02:46 pm
http://dkn255hz262ypmii.onion/index.php?topic=15383.0
Title: Re: So whats the really best way to be anonymous?
Post by: coxix on April 08, 2013, 03:44 pm
^^^^

Hey again Mezzomixtor, please tell me you're using PGP/GPG!

I'm sure you are, but if not, it's #1 priority!!
Title: Re: So whats the really best way to be anonymous?
Post by: mezzomixtor on April 08, 2013, 07:58 pm
http://dkn255hz262ypmii.onion/index.php?topic=15383.0

I've already read the complete thread 2 days ago, really every page ^^ and thats why I wanted to use liberte first, but then I've read that there might be some security-issues, thats why I wanted to find out more about tails! but thx for posting anyway!

And of course I am going to use real name/adress and I'm going to use PGP, believe me, i've done my homework :) I've read a lot of threads the last days but there where still some things I could not find out, and thats why I created this topic!

Thx again for the tip to verify the signature when downloading files, I wasnt sure if this is really necessary as i thought that the chance that I would download a hacked file is very small. But you are right, I'll definitely use this method now to be 100% sure!

Oh and one last question which i could not find out either: How should I use the clearnet during a tor-session? In the tor browser (i would do it like this) ; in the normal browser (tor browser would still be opened) ; or shouldn't i do this at all? And what about downloading files (for example TAILS .iso)

I've read that this should not be a problem, but the fact that most people write "CLEARNET WARNING" above every clearnet-link unsettles me a bit! ;)
Title: Re: So whats the really best way to be anonymous?
Post by: coxix on April 09, 2013, 12:37 am
My understanding, mezzomixtor, is that it is safe to use TBB on clearnet, although linking IDs is not smart--nothing associated with your IRL ID.

Also, I wouldn't run anything that accesses the clearnet while running Tor, mail clients, other browsers--I don't know about BTC/LTC miners, it's a question I have of my own!

My fledgling understanding is that .onion is a pretty solidly encrypted closed shop, so I'd love to hear any advice on this matter from the hi rollers.

Don't have other browsers open while using Tor.

There is no hubris here I can detect from either of us--let's pay our dues, and when it seems like the smart option, spread it--let the big guns help us out, let's use search.

coxix
Title: Re: So whats the really best way to be anonymous?
Post by: CannabisCrew on April 10, 2013, 01:58 am
My understanding, mezzomixtor, is that it is safe to use TBB on clearnet, although linking IDs is not smart--nothing associated with your IRL ID.

Also, I wouldn't run anything that accesses the clearnet while running Tor, mail clients, other browsers--I don't know about BTC/LTC miners, it's a question I have of my own!

My fledgling understanding is that .onion is a pretty solidly encrypted closed shop, so I'd love to hear any advice on this matter from the hi rollers.

Don't have other browsers open while using Tor.

There is no hubris here I can detect from either of us--let's pay our dues, and when it seems like the smart option, spread it--let the big guns help us out, let's use search.

coxix

Coxix is right,

If you use the "unsafe browser" in TOR you may potentially be compromising your security footprint. This could be due to cookies that may relay information about your session. From everything I've read, it sounds like quite a leap but possible. If you're paranoid and want to be extra safe, just wait for whatever you need to do on the clearnet AFTER your TOR session is completed, never during. You just never know who might be watching the entrance and exit nodes. Probably not much of a concern really, but you would never get a chance to know that information anyway so its really just impossible to tell. Or, what if ISP's decide to (from government or political pressures) to share information on potential TOR users and begin to reverse engineer their "known TOR" nodes, refuse service to that IP, and clone the node as a monitoring service? If you did that across the network you could potentially clone yourself several exit nodes and begin monitoring. Is it probable? Nope. Is it possible? YES!  :D

.Onion sites are indeed secure and operate differently than most .coms and .nets, but the thing to remember is that as smart as you think you are, there are others out there who are smarter and probably want your Bitcoins. They will go to any length to scam and engineer themselves opportunities to take advantage of a yet unknown security flaw. Imagine if you figured out a security flaw that others are unaware of yet, and what you could do with that knowledge for personal gain? It's not as far fetched as you think and always something to keep in the back of your mind.

-CC

Title: Re: So whats the really best way to be anonymous?
Post by: coxix on April 10, 2013, 08:30 am
My understanding, mezzomixtor, is that it is safe to use TBB on clearnet, although linking IDs is not smart--nothing associated with your IRL ID.

Also, I wouldn't run anything that accesses the clearnet while running Tor, mail clients, other browsers--I don't know about BTC/LTC miners, it's a question I have of my own!

My fledgling understanding is that .onion is a pretty solidly encrypted closed shop, so I'd love to hear any advice on this matter from the hi rollers.

Don't have other browsers open while using Tor.

There is no hubris here I can detect from either of us--let's pay our dues, and when it seems like the smart option, spread it--let the big guns help us out, let's use search.

coxix

Coxix is right,

If you use the "unsafe browser" in TOR you may potentially be compromising your security footprint. This could be due to cookies that may relay information about your session. From everything I've read, it sounds like quite a leap but possible. If you're paranoid and want to be extra safe, just wait for whatever you need to do on the clearnet AFTER your TOR session is completed, never during. You just never know who might be watch the entrance and exit nodes. Probably not much of a concern but you would never really know that information anyway so its really just impossible to tell. Or what if ISP's decide to (from government or political pressures) to share information on potential TOR users and begin to reverse engineer their "known TOR" nodes, refuse service to that IP, and clone the node as a monitoring service? If you did that across the network you could potentially clone yourself several exit nodes and start monitoring. Is it probable? Nope. Is it possible? YES!  :D

.Onion sites are indeed secure and operate differently than most .coms and .nets but the thing to remember is that as smart as you think you are, there are others out there who are smarter and probably want your Bitcoins. They will go to any length to scam and engineer themselves opportunities to take advantage of a yet unknown flaw. Imagine if you figured out a flaw that others are unaware of yet, and what you could do with that knowledge for personal gain? It's as far fetched as you think and always something to keep in the back of your mind.

-CC

Hey CC and mezzomixtor, we should keep this up, maybe some one of SR's resident experts will weigh in and let us know if there's anywhere we're going wrong. (hint hint).

Tip of the day...

Using bridges in Tor can help disguise the fact that you're using it or Tails.

Be kind today folks :-)
Title: Re: So whats the really best way to be anonymous?
Post by: patcake on April 10, 2013, 09:34 am
this is a great forum. very helpful. keep it up.
one question.
if i burn tails to a dvd read only disk would i then be able to go to any random computer and start browsing through tor on it?
for example a public library computer or a friends laptop or a school computer
Title: Re: So whats the really best way to be anonymous?
Post by: californiadreams on April 10, 2013, 10:03 am
great advice!
Title: Re: So whats the really best way to be anonymous?
Post by: CannabisCrew on April 10, 2013, 11:37 am
this is a great forum. very helpful. keep it up.
one question.
if i burn tails to a dvd read only disk would i then be able to go to any random computer and start browsing through tor on it?
for example a public library computer or a friends laptop or a school computer


TAILS includes several generic drivers for most hardware setups, so yes. You should be able to have your DVD readable in virtually any computer (with the exception of certain Mac's for some reason -or so I've read). However, you will still need an Internet connection and if you're behind a domain security policy or Active Directory this might be harder than you think. You might not have the credentials to hop onto the network in say a library, but maybe not, so give it a try! :)

If you're on a friend's computer and able to connect via WIFI then you are golden.

----On a whole other note... TOR Bridges using Amazon Cloud. That's where its at ;)

-CC
Title: Re: So whats the really best way to be anonymous?
Post by: mezzomixtor on April 18, 2013, 04:34 pm
Hey guys

I was able to install TAILS onto an USB-storage device and created a persistent volume. AT THE MOMENT I'm having my encrypted file at the persistent volume, and after every start I encrypt it with Truecrypt. But according to TAILS documentary there may be some issues using Truecrypt, thats why i wanted to use LUKS instead (GNOME Disk Utility), the problem is that this program can only encrypt the complete storage media (for example a second USB-storage device) but not only a file in the persistent volume. (as far as i understand it)

I think I will keep on using truecrypt, but i'm not sure if even this is necessary. Isn't the sense of the passphrased persistent volume that your files are stored in this "encrypted" volume, the persistent volume? So why should I additionally encrypt it with another software? I'm using a strong passphrase for the persistent volume, so shouldnt this be enough security?
Title: Re: So whats the really best way to be anonymous?
Post by: Vulva on April 18, 2013, 04:36 pm
haha wow
Title: Re: So whats the really best way to be anonymous?
Post by: robbyman on April 18, 2013, 04:40 pm
ima clear net guy (same interesting stuff there, just more of it and much much much harder to find)

heres how to stay anonymous

virtual machine, windows xp, multi quad vpn, ssh tunneler, tor, store the vm on an encrypted drive, not encrypted with truecrypt as truecrypt can be beat with a $300 tool. use bitlocker. this makes you all good. not like you have to worry about getting in trouble for small drug orders (unless your shipping to your own address ofcoarse) then just get sent to a different name and make sure they cant prove you ordered the package. 
Title: Re: So whats the really best way to be anonymous?
Post by: mezzomixtor on April 18, 2013, 10:03 pm
thx for your reply robbyman, but i think ill be fine with tails!

And i am going to use real name (slightly changed first name) and my real address because using a different name might bring some unnecessary troubles and if i would order to another address (for example abandoned house or PO Box) LE could still catch me while picking up the parcel. So i think best way is to send everything to my home address and if LE comes i will just deny everything.

Anyone who can answer my question from above? Is it even necessary to use an encryption tool together with the persistent volume from tails?