Silk Road forums

Discussion => Newbie discussion => Topic started by: skeezoo8586 on March 24, 2013, 02:48 am

Title: to liberte or not to liberte?
Post by: skeezoo8586 on March 24, 2013, 02:48 am
i found a tutorial on the security subforum that recommends ToR'ing to SR from a liberte liveUSB but liberte's own website states that LE may actually come down harder for using it (IF found)

what do YOU think?
Title: Re: to liberte or not to liberte?
Post by: SRSuperfly on March 24, 2013, 11:10 pm
this depends on if your in a fairly free country or a repressive one. having libertie isnt a crime in and of itself but it can be construed as suspicious. this or tails is the best solution though if you are concerned about the security of your normal operating system.
Title: Re: to liberte or not to liberte?
Post by: hojasanta on March 24, 2013, 11:24 pm
skeezoo can you send a link to where it says that on the liberte site?
now you've spiked my paranoia ;P
Title: Re: to liberte or not to liberte?
Post by: skeezoo8586 on March 25, 2013, 02:46 am
im trying to do as much reading on anonymity/pseudonymity and security as i can before i start using bitcoins or making any purchases.

quote from : http://dee.su/liberte-faq
"The purpose of Liberté is not to popularize Tor or I2P with computer-illiterate users — this distribution assumes willingness and capability to study operation of non-mainstream operating systems and software. It is entirely possible that you do not belong to the target userbase, and that using Liberté (if found) will result in stronger negative bias from the authorities."

like it says i am trying to be willing to study
Title: Re: to liberte or not to liberte?
Post by: newbottles on March 27, 2013, 12:05 am
Instead of going this full route, instead I keep anything incriminating, including the Tor bundle, on an external USB drive that is encrypted with TrueCrypt.

No reason to not use Liberte in my opinion, I just haven't seen it as necessary to go beyond my current system.
Title: Re: to liberte or not to liberte?
Post by: fugitive189 on March 27, 2013, 01:01 am
i found a tutorial on the security subforum that recommends ToR'ing to SR from a liberte liveUSB but liberte's own website states that LE may actually come down harder for using it (IF found)

what do YOU think?

It's true you won't have plausible denial when it comes to an encrypted USB stick with Liberte on it, simply because there's a partition on the USB stick which has to be set aside to boot the encrypted Operating System, whereas if you use a program like Truecrypt to encrypt an entire USB stick it's much more difficult for law enforcement to prove that's what you've done. Of course the same is true for any computer with an encrypted Operating System.

In the UK, the Regulation of Investigatory Powers Act (RIPA) states that if the Police have reasonable suspicion that you have encrypted data they can require you to hand over the key, and failure to do so is a crime which can be punished with imprisonment of up to two years. This will even apply if you have forgotten the password or lost the keyfile to access the data unless you can convince the court that is the case. (So much for innocent until proven guilty!)

The situation in the US is not as clear. Suspects in the past have argued successfully and unsuccessfully that to reveal a password to law enforcement would constitute self incrimination and be a violation of their rights under the Fifth Amendment. They can certainly be required to hand over the key to a locked safe for instance as in the UK but the jury still seems to be out on encryption.

There are really two things you can do about this. Firstly you can use Truecrypt to have a hidden operating system :

http://www.truecrypt.org/docs/?s=hidden-operating-system

Inputting one password will lead to your hidden Operating System and one can lead to a "safe" version of Windows with some dummy data in it. If you're compelled to hand over the key you can give out the one to the "safe" system and no one will be any the wiser.

You can also use a program like Truecrypt to encrypt an entire USB stick or other external drive. Without going into too much detail, when encrypted data is stored on a drive any blank space is filled with random "chaff" data which is indistinguishable from the encrypted stuff without the right password. However, many common file erasure programs also fill the blank space on a drive with random data after deletion to make sure the information has been thoroughly removed, so you can simply say that you have done this, and that the USB stick they're holding in their hand isn't encrypted. They may well be suspicious but it won't be possible for them to prove you wrong.

Hope this helps,

V.





 

 

Title: Re: to liberte or not to liberte?
Post by: inthefade on March 27, 2013, 01:33 am
Good info on the dual hidden OS, fugitive189, thanks!
Title: Re: to liberte or not to liberte?
Post by: weed4me6969 on March 27, 2013, 01:53 am
so should i use this truecrypt.org site along with Tor?  or is Tor OK on its own?
Title: Re: to liberte or not to liberte?
Post by: onetwothree on March 27, 2013, 01:54 am
im trying to do as much reading on anonymity/pseudonymity and security as i can before i start using bitcoins or making any purchases.

quote from : http://dee.su/liberte-faq
"The purpose of Liberté is not to popularize Tor or I2P with computer-illiterate users — this distribution assumes willingness and capability to study operation of non-mainstream operating systems and software. It is entirely possible that you do not belong to the target userbase, and that using Liberté (if found) will result in stronger negative bias from the authorities."

like it says i am trying to be willing to study

I think all they are trying to say is that 1) their goal isn't to make their distribution easy for the masses; that there's a certain nerd element to learn it and get it to work and 2) giving a fair warning that using it "will result in stronger negative bias from the authorities" (i.e., it is suspicious). Which, in my mind, is totally reasonable.

As a different example, in the middle of summer, it's totally legal to walk inside a convenience store in a black sweatshirt and a black skimask and black gloves with your finger poking the inside of your sweatshirt making it look like a gun. But you'd better goddamn believe doing so "will result in stronger negative bias from the authorities" if a cop watches you walk inside the store.

Anyway, if you're at the point where LE is "more suspicious" of you because you have an encrypted USB drive, believe me, they've already made their mind up about you and you're probably already wearing steel bracelets :)
Title: Re: to liberte or not to liberte?
Post by: fugitive189 on March 27, 2013, 02:19 am
so should i use this truecrypt.org site along with Tor?  or is Tor OK on its own?

As onetwothree says if it gets to a stage where the Police are suspicious about encrypted data you may have, it' not looking good but I have actually been in this situation and was very lucky to have taken the time to encrypt my drives.

Truecrypt is an extremely easy to use software program which can do this, although there are others such as FreeOTFE which will do the same thing. I would suggest you encrypt a USB stick or similar with one of these programs and install the Tor Browser, your PGP software (such as GPG4USB) and if necessary your Bitcoin wallet there. (The Electrum wallet lends itself well to this).

Alternatively you can use the TAILS or Liberte OS on a USB Stick as these are encrypted OS by default and all connections are automatically "Torified" but your ability to add and remove programs will be very limited. Great for beginners but with time you'll probably want more flexibility (lack of wallet software and clunky PGP software put me off Liberte after a couple of weeks).

V.

Title: Re: to liberte or not to liberte?
Post by: newbottles on March 27, 2013, 04:53 pm

You can also use a program like Truecrypt to encrypt an entire USB stick or other external drive. Without going into too much detail, when encrypted data is stored on a drive any blank space is filled with random "chaff" data which is indistinguishable from the encrypted stuff without the right password. However, many common file erasure programs also fill the blank space on a drive with random data after deletion to make sure the information has been thoroughly removed, so you can simply say that you have done this, and that the USB stick they're holding in their hand isn't encrypted. They may well be suspicious but it won't be possible for them to prove you wrong.


Very good point.  I feel even better about my simple method now.  Just keep Tor, any incriminating notes or PGP keys (including temporary Instawallet URLs for example, or BTC addresses that you burn), etc, on a USB drive, and use TrueCrypt to encrypt the entire drive.  When you plug the drive in Windows will say it needs to be formatted unless you mount it with TrueCrypt.  Seems like decent plausible deniability.

The catch is that I haven't been able to get my local Bitcoin client to run on the USB drive rather than Windows, but as we should always remember, using BTC is perfectly legal.  And if you use new addresses for every transaction and delete your wallet.dat file, you should be fine.
Title: Re: to liberte or not to liberte?
Post by: fugitive189 on March 28, 2013, 02:05 pm

You can also use a program like Truecrypt to encrypt an entire USB stick or other external drive. Without going into too much detail, when encrypted data is stored on a drive any blank space is filled with random "chaff" data which is indistinguishable from the encrypted stuff without the right password. However, many common file erasure programs also fill the blank space on a drive with random data after deletion to make sure the information has been thoroughly removed, so you can simply say that you have done this, and that the USB stick they're holding in their hand isn't encrypted. They may well be suspicious but it won't be possible for them to prove you wrong.


Very good point.  I feel even better about my simple method now.  Just keep Tor, any incriminating notes or PGP keys (including temporary Instawallet URLs for example, or BTC addresses that you burn), etc, on a USB drive, and use TrueCrypt to encrypt the entire drive.  When you plug the drive in Windows will say it needs to be formatted unless you mount it with TrueCrypt.  Seems like decent plausible deniability.

The catch is that I haven't been able to get my local Bitcoin client to run on the USB drive rather than Windows, but as we should always remember, using BTC is perfectly legal.  And if you use new addresses for every transaction and delete your wallet.dat file, you should be fine.

You can install the Electrum wallet directly to a USB. There's also a way to install the regular Bitcoin client directly to a USB stick if you're running Linux, I even wrote a tutorial on it back in the day but not sure if it's possible for Windows, perhaps our more knowledgeable posters could confirm? Of course you can always keep your Bitcoins in your SR wallet as a PIN is required to withdraw any BTC.

V.
Title: Re: to liberte or not to liberte?
Post by: skeezoo8586 on March 31, 2013, 03:28 am
thanks, all! so i did get truecrypt and i'm trying to learn how to use it. fail so far. it seems simple but i'm confused about something.
do i install the Tor browser bundle, the bitcoin wallet, and pgp on the usb drive, then encrypt it? or can i just make a container and move that stuff into it? i will read up on the tutorials more on my own, as well, and let you know if i find out how to do this.
Title: Re: to liberte or not to liberte?
Post by: AllDayLong on March 31, 2013, 03:49 am
thanks, all! so i did get truecrypt and i'm trying to learn how to use it. fail so far. it seems simple but i'm confused about something.
do i install the Tor browser bundle, the bitcoin wallet, and pgp on the usb drive, then encrypt it? or can i just make a container and move that stuff into it? i will read up on the tutorials more on my own, as well, and let you know if i find out how to do this.

Yeah, encrypt before or after it doesn't matter!
Title: Re: to liberte or not to liberte?
Post by: fugitive189 on March 31, 2013, 02:29 pm
thanks, all! so i did get truecrypt and i'm trying to learn how to use it. fail so far. it seems simple but i'm confused about something.
do i install the Tor browser bundle, the bitcoin wallet, and pgp on the usb drive, then encrypt it? or can i just make a container and move that stuff into it? i will read up on the tutorials more on my own, as well, and let you know if i find out how to do this.

Hi chief, if you encrypt an entire drive like a USB stick any existing data will be removed, so I suggest you do this first - when given the option I suggest you use a "cascade" algorithim e.g Serpent-Twofish-AES - in plain English this will mean the stick will be encrypted in more than one way making it harder to break into (you still can open it with just the one password). While we're on the subject, suggest you look up the tutorials on using keyfiles on the Truecrypt website - these increase your security significantly.

For those who don't know you can use keyfiles in addition to passwords to increase the security of an encrypted Truecrypt container or drive. When you want to access an encrypted partition, you tell the program where to find these keyfiles as well as inputting the password. They're particularly useful for USB keys as you can store keyfiles on your home computer meaning the USB stick in itself is useless.

Truecrypt can generate Keyfiles using random data for you or you can use any kind of file you like - although compressed data like MP3 files works best. This is ideal as you could have thousands of music files on your computer for instance and you could choose three of them as keyfiles for instance. The process doesn't change the file in any way so there'd be no way to know which three.

V.
Title: Re: to liberte or not to liberte?
Post by: hojasanta on April 02, 2013, 11:47 pm
I guess the only major point that we all seem to be missing here is that Windows itself is riddled with security holes and anonymity is next to impossible while using it.  i think that is the major benefit of Liberte or Tails, not just the auto-torrified connections and built in pgp software.  one might assume that while on Windows, the system could be potentially compromised at any moment without the user even knowing... defeating the purpose of all the anonymity measures that one takes.  your encrypted files would still be encrypted, of course, but who knows if you've been keylogged??? just an example.... something to think about
Title: Re: to liberte or not to liberte?
Post by: 4am on April 04, 2013, 04:43 am
Subbed for some good info.

I'll be TrueCrypting my Tails USB asap.
Title: Re: to liberte or not to liberte?
Post by: leavesbrown on April 04, 2013, 04:56 am
If you get busted you'll be glad you used truecrypt. Unlikely to happen but if it does, you'll be that bit more prepared.
Title: Re: to liberte or not to liberte?
Post by: django on April 10, 2013, 10:42 am
can you install true crypt onto a usb already using linux, or would you need to wipe it first?

Title: Re: to liberte or not to liberte?
Post by: /I_Surf_Worm_Holes on June 05, 2013, 03:58 am
@ django... with all due respect, perhaps take the time to experiment for yourself?
Title: Re: to liberte or not to liberte?
Post by: newbottles on June 29, 2013, 07:36 pm
thanks, all! so i did get truecrypt and i'm trying to learn how to use it. fail so far. it seems simple but i'm confused about something.
do i install the Tor browser bundle, the bitcoin wallet, and pgp on the usb drive, then encrypt it? or can i just make a container and move that stuff into it? i will read up on the tutorials more on my own, as well, and let you know if i find out how to do this.

Hi chief, if you encrypt an entire drive like a USB stick any existing data will be removed, so I suggest you do this first - when given the option I suggest you use a "cascade" algorithim e.g Serpent-Twofish-AES - in plain English this will mean the stick will be encrypted in more than one way making it harder to break into (you still can open it with just the one password). While we're on the subject, suggest you look up the tutorials on using keyfiles on the Truecrypt website - these increase your security significantly.

For those who don't know you can use keyfiles in addition to passwords to increase the security of an encrypted Truecrypt container or drive. When you want to access an encrypted partition, you tell the program where to find these keyfiles as well as inputting the password. They're particularly useful for USB keys as you can store keyfiles on your home computer meaning the USB stick in itself is useless.

Truecrypt can generate Keyfiles using random data for you or you can use any kind of file you like - although compressed data like MP3 files works best. This is ideal as you could have thousands of music files on your computer for instance and you could choose three of them as keyfiles for instance. The process doesn't change the file in any way so there'd be no way to know which three.

V.


Wow you offer so little of value and are such an asshole - I can totally understand your negative karma rating (/sarcasm)

A lot of good discussion in this thread.  I would summarize that having TOR browser on an external (USB) drive is mandatory.  Having any incriminating temporary or permanent txt files or PGP keys on that same drive should be mandatory.  TrueCrypt for that USB drive is mandatory.  Then you move on to options for increasing security.  I will look into Tails and Liberte as a next step. 

Also, always keep in mind plausible deniability is the fundamental concept here.  For example, perhaps you should have your BTC client running on your primary (encrypted) drive that you use for everything else?  And also your PGP client?  ITSHTF, isn't it preferable to have to say "sure, I am a big nerd and use BTC and PGP for some stuff but nothing illegal", rather than trying to explain why you kind of hid using BTC and PGP and not have a very good explanation?

In short:  be mindful of what you keep transparent, what you kind of hide, and what you try to fully hide.

Many here would be able to add a lot more value along these lines.

Title: Re: to liberte or not to liberte?
Post by: /I_Surf_Worm_Holes on July 01, 2013, 06:51 pm
to liberte or not to liberte:

http://forum.dee.su/#Topic/65650000000327007
Title: Re: to liberte or not to liberte?
Post by: newbottles on July 01, 2013, 09:00 pm
I thought more about the above and contradicted myself in another security thread.

Someone pointed out that your ISP can tell that you are using TOR (but of course cannot tell what you are using it for).  This seems realistic to me.

This raises a question for me: is it better to have TOR on your normal, legal (encrypted) drive/OS that you normally use?  Or better to have it on an encrypted USB drive with all your illegal stuff that you can destroy if TSHTF?

I am beginning with the assumption that: 
Plausible deniability is the fundamental goal. 
Using TOR is not illegal.
Title: Re: to liberte or not to liberte?
Post by: frank-butcher24 on July 01, 2013, 09:33 pm
I have always had the Tor Browser Bundle on my desktop, mostly so I can do the odd bit of quasi-legal browsing (The Pirate Bay is blocked by ISPs in the UK) or leave it running as a relay when I'm not using my PC.

If you're using Tor on your own home connection I think it's plain silly to hide your software away on a USB stick. If they're investigating you, they already know you use Tor from your ISP, so you may as well just have it in plain view and if you're forced to explain why, waffle on about Prism, net privacy and how you like to help dissidents in Iran and China by running a relay.

Best privacy in my opinion: Liberte on a USB stick, on your laptop on a public wi-fi connection (sit in the corner so no-one can see your screen!)

And yes, Bitcoin can easily be made portable on Windows. Use the -datadir command. Look it up, or post here to ask me to explain more if you want to know. You'll need a 16GB minimum USB stick or SD card, because it gets really slow downloading the last blocks if it gets near running out of space on the drive.
Title: Re: to liberte or not to liberte?
Post by: newbottles on July 01, 2013, 09:50 pm
And yes, Bitcoin can easily be made portable on Windows. Use the -datadir command. Look it up, or post here to ask me to explain more if you want to know. You'll need a 16GB minimum USB stick or SD card, because it gets really slow downloading the last blocks if it gets near running out of space on the drive.

I could never get the -datadir approach to work on Windows 8. 

Before we go there:  why do you think it makes more sense to hide your BTC wallet on the smashable encrypted USB drive, instead of keeping it in the open on your normal legal encrypted drive, like you advocate for TOR?
Title: Re: to liberte or not to liberte?
Post by: frank-butcher24 on July 01, 2013, 10:28 pm
I could never get the -datadir approach to work on Windows 8. 

Before we go there:  why do you think it makes more sense to hide your BTC wallet on the smashable encrypted USB drive, instead of keeping it in the open on your normal legal encrypted drive, like you advocate for TOR?

Ah, OK. Windows 8 I can't comment on.

I'm just saying it can be made portable if you should so wish. I have had Bitcoin on a USB stick in the past, and I have it on my desktop at the moment (but will probably securely delete it at point some soon). I suppose a Bitcoin wallet could contain more incriminating history than the Tor Browser Bundle, in that it contains your history of incoming and outgoing transactions. So hide it away. Your ISP needn't know you have been using Bitcoin if you only connect it through TOR.

Whereas the TBB being on your desktop is explainable in terms of being just me just being a bit of a privacy nerd.

I used to have a USB stick which I'd partitioned into two. One partition bootable with Liberte, the other formatted for Windows with portable Truecrypt plus an encrypted file with Bitcoin in it. It was a bit of a hassle getting it set up, and I needed a third party tool to swap the primary and secondary partitions each time I wanted to use one or the other, but I was quite pleased when I had that working. Everything on a single, secure stick. But it was more of a challenge to myself to see if I could do it than anything else. Once I'd done it, I used it for a while, then went back to just Liberte.

All through this I always had the TBB on my desktop though.
Title: Re: to liberte or not to liberte?
Post by: newbottles on July 01, 2013, 11:10 pm
I suppose one could argue that having TOR (TBB) on their "clean" encrypted machine/OS makes everyone safer.  Let's all make it more normal and less suspicious.

Title: Re: to liberte or not to liberte?
Post by: chiflado on July 02, 2013, 03:56 am
I read the beginner's guide on how to get started with TOR:  http://dkn255hz262ypmii.onion/index.php?topic=15383.0

Allow me to share my experiences, with a few questions thrown here and there from a beginner who is learning on the go.

The method in the guide (using liberte on the USB stick) seemed to give me the highest amount of confidence as compared to other options. Evidently because the entire system is Torified, but also because it assigns a random MAC address every time you log on. If you connect from home I guess the MAC address is irrelevant as you go through a router, but I could see how a MAC address could 'potentially' be traced back to someone if you connect on a public network, and if you purchased the device directly from a store and they kept your name in the records andin connection with that MACaddress (maybe this is not true at all, I invite people who know more about the subject to correct me as needed. I am learning as I go, as many of you are too).

Also, I had the feeling that if somehow a Trojan got into my computer, or if someone hacked into my computer, they would be able to see what I did on TOR one way or the other. The only way for me to feel comfortable using TOR on my personal computer for SR is if I purchased a separate computer or created a separate partition with its own OS and nothing but Tor (in order to not use Tor where I do all my other personal computer. Is this a valid concern, or is it irrelevant?). I like liberte because it's standalone and fully closed, it doesn't depend on anything.

So, I am using my old laptop that has been in the closet for years for this purpose. I stick the USB on it, and log on through liberte. And I connect only via wi-fi through my anonymous wifi hotspot. That way, if they suspect anything, they will have nowhere  to go (technically, the hotspot has a GPS but the account on it is anon).

And now for the final question: Even if law enforcement got  a hold of your USB drive and you somehow cave in and give them the password. What can they do with the info in the drive?? Tor does not keep history of web pages visited, but there is no record of anything there either. They may even see a SR bookmark on your Tor, but so what? How is this any different from having Tor installed directly on your computer? In other words, why is encryption of the USB drive important? In what scenarious would  it save your ass? Is it the wallet history that concerns you?
Title: Re: to liberte or not to liberte?
Post by: newbottles on July 02, 2013, 02:56 pm
Wallet history.  PGP history.  Bookmarks or URLs noted.  Any other drug related notes or notes related to illegal activity.  Encrypted mailing address files.  Vendor contact traces.  Login/PIN info.

Basically, why not encrypt that USB drive?  In addition to the encryption security, a small plastic USB drive can be easily disposed of.  The added layer of plausible deniability seems well worth encryption to me.
Title: Re: to liberte or not to liberte?
Post by: chiflado on July 04, 2013, 02:11 am
Gotcha. Thanks