Anonymity and Identity Protection

  • Thread starter Thread starter Chrissy Cruiser
  • Start date Start date
C

Chrissy Cruiser

What suite of products do you use?

Look at the categories.

1) Hiding all online activity from your ISP
2) Hiding your IP address in email, online, Usenet, etc
3) Sending encrypted email
4) No cookies allowed; must keep all hackers out of your PC
5) Password protection on your PC
7) Anything I missed?

To make this more challenging, let's assume that your monthly budget is
small and that the more freeware and free services, the better, the
reliability of whatever you choose has to be high. That your PC holds
information that everyone would want, good guys, bad guys and that everyone
will try to get at it. They want to find out who you are. Badly. They want
to steal your data/secrets, thieve your identity, corrupt your machine.

But you live and post in a fully secured area so your personal safety, and
that of getting their smarmy hands on your PC, is impossible.
 
Chrissy Cruiser <[email protected]> wrote:
Click to expand...
What suite of products do you use?
Click to expand...
Look at the categories.
Click to expand...
1) Hiding all online activity from your ISP
2) Hiding your IP address in email, online, Usenet, etc
3) Sending encrypted email
4) No cookies allowed; must keep all hackers out of your PC
5) Password protection on your PC
7) Anything I missed?
Click to expand...
To make this more challenging, let's assume that your monthly budget is
small and that the more freeware and free services, the better, the
reliability of whatever you choose has to be high. That your PC holds
information that everyone would want, good guys, bad guys and that everyone
will try to get at it. They want to find out who you are. Badly. They want
to steal your data/secrets, thieve your identity, corrupt your machine.
Click to expand...
But you live and post in a fully secured area so your personal safety, and
that of getting their smarmy hands on your PC, is impossible.
Click to expand...

For data protection you can't beat creating encrypted volumns to hold
the data. Further protection is enhanced by disabling the swapfile
before opening an encrypted volumn and until it is closed.

These products generally allow for encrypted mail, or encrypted
documents to attach.

There are a variety of encryption products out there. I'm a bit leery
of using programs from some developer I've never heard of. I'd have to
recommend an open source project, such as TrueCrypt, as it "most
likely" has been reviewed by experts for simple errors that might
compromise the program.

I personally trust only Phil Zimmermann and his (not Network
Associates) versions of PGP. He is an expert in the field who
withstood heated persecution from the US government; pure dude!

http://www.philzimmermann.com/EN/background/index.html


Not all of these are freeware unfortunately. He has to have an income
and has taken back over in PGP operations.

The newest product is PGP Whole Disk Encryption! This will protect
everything on the encrypted disks! There was mention of an open source
whole disk encryption.

The open source program might be solid. If I really want to know there
are no bugs or backdoors I'd pay for PGP though. I'd rather know that
I have no security than to think I do in error.

Password protection: XP - use 10+ digit passwords on all login
accounts. Use a user account when on the internet or:

<http://msdn.microsoft.com/security/.../library/en-us/dncode/html/secure11152004.asp>

such that internet programs do not have administrator privileges when
you are logged on as admin.
 
What suite of products do you use?

1) Hiding all online activity from your ISP
2) Hiding your IP address in email, online, Usenet, etc
3) Sending encrypted email
4) No cookies allowed; must keep all hackers out of your PC
5) Password protection on your PC
Click to expand...

Hmmmm none of the above.

Gandalf Parker
 
What suite of products do you use?

Look at the categories.

1) Hiding all online activity from your ISP
2) Hiding your IP address in email, online, Usenet, etc
3) Sending encrypted email
4) No cookies allowed; must keep all hackers out of your PC
5) Password protection on your PC
7) Anything I missed?

To make this more challenging, let's assume that your monthly budget is
small and that the more freeware and free services, the better, the
reliability of whatever you choose has to be high. That your PC holds
information that everyone would want, good guys, bad guys and that everyone
will try to get at it. They want to find out who you are. Badly. They want
to steal your data/secrets, thieve your identity, corrupt your machine.

But you live and post in a fully secured area so your personal safety, and
that of getting their smarmy hands on your PC, is impossible.
Click to expand...

Turn on your WebCam, and undo a button or two. Then while they are
distracted hack them before they hack you.
 
Mel said:
Turn on your WebCam, and undo a button or two. Then while
they are
distracted hack them before they hack you.
Click to expand...

Do unto others before they get a chance to do unto you!

Isn't that the Golden Rule?
 
You cannot. Your ISP has to be able to get info to you, and thus must know
what your address is. \

You cannot. The information has to get back to you In order to do that it
needs to know your address. Note that you can use an anonymizing service,
but of course you now have some stranger who a) knowns your return IP and
b) knows you want to hide it. How well do you know the anonymizer? Why do
you trust them.
gpg.
Click to expand...

Well, turn off cookies in your browser.

You cannot keep all hackers out if they are really determined. You can make
it hard by mking sure you do not run any form or windows and that you keep
up with upgrades to your system. Also make sure you run the minimum numbr
of services.

Go ahead.

Number 6.


Then why do you have your system on the net? With that level of protection
there is no reason whatsoever that you should have your system on the net.
If you want to browse you a different machine.


Impossible.
 
What suite of products do you use?

Look at the categories.

1) Hiding all online activity from your ISP
2) Hiding your IP address in email, online, Usenet, etc
3) Sending encrypted email
4) No cookies allowed; must keep all hackers out of your PC
5) Password protection on your PC
7) Anything I missed?

To make this more challenging, let's assume that your monthly budget
is small and that the more freeware and free services, the better, the
reliability of whatever you choose has to be high. That your PC holds
information that everyone would want, good guys, bad guys and that
everyone will try to get at it. They want to find out who you are.
Badly. They want to steal your data/secrets, thieve your identity,
corrupt your machine.

But you live and post in a fully secured area so your personal safety,
and that of getting their smarmy hands on your PC, is impossible.
Click to expand...



A reasonable set of protections is as follows:

1. For your base machine that holds sensitive material (whatever
"sensitive" means to you) it should be disconnected from any network
(most especially the internet) by an "air gap."

2. For your internet machine it is best if its core OS and programs are
run from a CD (e.g., Knoppix or Windows verions built on XPe, BartPE,
etc.) with no live OS on that machine. It is essential that your
internet machine is behind a properly configured HARDWARE touter. Data is
stored to an HD which is scanned both during and after each session
before any "keepers" are transferred to the other machine (then the data
is erased). No sensitive information (some would advocate NO information
whatsoever) should persist on this machine between sessions. Any
information worth keeping is transferred using say (CD, USB stick, etc.)
to the first machine (virus scanning, etc is a mandatory part of this
process)

3. Since most people will NOT do what's recommended above, there are a
large number of (distinctly inferior) alternatives using one machine
(e.g., "virtualize" your network machine with Vmware, etc.).

4. I strongly recommend encrypting the ENTIRE HD (on both machines if
you use tweo) including the boot/OS partition (using Compusec, Winmagic,
Safeboot Solo, etc., etc.) and, in addition (or, for the lax, instead :-)
encrypt all data/storage partitions using Truecrypt (there are
alternatives that perform very well indeed, such as Bestcrypt, but the
open-source of Truecrypt and it's price - free! - are clinchers.)

5. Any data that is not expendable MUST be backed up - and that means
encrypted backup (Ghost is satisfactory - others may be as well.)

That in a nutshell is data storage. I will (mercifully) pass over the
gazillion anti-spyware, firewall, virus-checkers, etc.

For communications, surfing, etc. the core is the mixmaster network for
email (fronted by, say, quicksilver) and the Tor network for most other
protocols (complete with necessary refinements/addons such as privoxy,
sockscap, etc.). Use a relatively secure program such as Firefox for
surfing (and be sure to *configure* it properly to futher harden it
(e.g., no Java/javascript, etc.).

Regards,
 
Gordon Darling said:
http://tor.eff.org/

Regards
Gordon
Click to expand...

Hello,

It looks very interesting. I like the idea of how it all works apart from
one thing. What if I was the end computer that was connecting on the
instruction of another person to sites that might have illegal content?
It would be my IP number that would be logged and traced and it would be a
hell of a job trying to get out of that one. The only way would be for
everyone to go via a proxy with high anonymity.
The person down the chain wouldn't be caught, but others would.
How is that sort of thing prevented ?
 
Hello,

It looks very interesting. I like the idea of how it all works apart
from one thing. What if I was the end computer that was connecting on
the instruction of another person to sites that might have illegal
content? It would be my IP number that would be logged and traced and it
would be a hell of a job trying to get out of that one. The only way
would be for everyone to go via a proxy with high anonymity. The person
down the chain wouldn't be caught, but others would. How is that sort of
thing prevented ?
Click to expand...

Bear in mind that all transactions are encrypted through the network
(including DNS lookup).

If you are running a client (as most do) the problem doesn't arise.
However, if running as a server, you are in effect both a entry and exit
point.

From the FAQ
"You may get stronger anonymity, since your destination can't know whether
connections relayed through your computer originated at your computer or
not.

You can also get stronger anonymity by configuring your Tor clients
to use your Tor server for entry or for exit.

So, in the case "What if I was the end computer that was connecting on
the instruction of another person to sites that might have illegal
content?" there is absolutely no way it can be determined where the
origination request came from.

Have a look at
http://tor.eff.org/documentation.html
and
http://tor.eff.org/eff/tor-legal-faq.html
"In most instances, properly configured Tor servers will have no useful
data for inquiring parties"

Regards
Gordon
 
For data protection you can't beat creating encrypted volumns to hold
the data. Further protection is enhanced by disabling the swapfile
before opening an encrypted volumn and until it is closed.

These products generally allow for encrypted mail, or encrypted
documents to attach.

There are a variety of encryption products out there. I'm a bit leery
of using programs from some developer I've never heard of. I'd have to
recommend an open source project, such as TrueCrypt, as it "most
likely" has been reviewed by experts for simple errors that might
compromise the program.
Click to expand...

TrueCrypt is a dream of a program, REM, agree fully, easy to use, no
hassles.
I personally trust only Phil Zimmermann and his (not Network
Associates) versions of PGP.

http://www.philzimmermann.com/EN/background/index.html

The newest product is PGP Whole Disk Encryption! This will protect
everything on the encrypted disks! There was mention of an open source
whole disk encryption.

The open source program might be solid. If I really want to know there
are no bugs or backdoors I'd pay for PGP though. I'd rather know that
I have no security than to think I do in error.
Click to expand...

The word I see on PGP v9 is that it appears buggy. Have you looked at
GnuPGP?

http://www.gnupg.org/
 
You cannot. Your ISP has to be able to get info to you, and thus must know
what your address is. \
Click to expand...

My ISP knows I am online, They will know if I make a GET request to a
website but if I make that request to a proxy, then that should be the end
of the info they receive.
You cannot. The information has to get back to you In order to do that it
needs to know your address. Note that you can use an anonymizing service,
but of course you now have some stranger who a) knowns your return IP and
b) knows you want to hide it. How well do you know the anonymizer? Why do
you trust them.
Click to expand...

Point well made. However, if I use a service that strips and replaces my
IP, like Cotse, then the Recipient does not get my IP. Hiding my IP online
is a simple matter as well. Again, the websites visited get the proxy IP,
not mine. Usenet, there are many resources to hide IP including Cotse and
others that do not display your IP as part of your post. You also can use
remailers to post to Usenet.

Back to trusting your anonymous service provider. Get TOR, add Privoxy,
sign up for an account, pay by snailmail remailer with certified funds, now
your anonymous provider does not know who you are. When you sign on to
their service, again use TOR to onion route and hide your IP.
gpg.
Click to expand...

PGP? OK, here are some free ones.

Google for Axcrypt, FineCrypt, ICEEncrypt.
Well, turn off cookies in your browser.
Click to expand...

Firefox allows for the option to allow cookies where they are needed such
as Hotmail or secured sites you trust. These can be set to be deleted, end
of session.
You cannot keep all hackers out if they are really determined. You can make
it hard by mking sure you do not run any form of windows and that you keep
up with upgrades to your system. Also make sure you run the minimum numbr
of services.
Click to expand...

Not running Windows is a non option for 95% of the known computer world.
Add a firewall, look at alt.comp.freeware, see post by elaich where a dual
firewall setup (Kerio/Sysgate) kept all comm in and out under control
(except for one).
Go ahead.


Number 6.
Click to expand...

LOL !
Then why do you have your system on the net? With that level of protection
there is no reason whatsoever that you should have your system on the net.
If you want to browse you a different machine.
Click to expand...

Again, nice thought, highly impractical.
Impossible.
Click to expand...

Not so. Langley, 5 floors down.
 
A reasonable set of protections is as follows:

1. For your base machine that holds sensitive material (whatever
"sensitive" means to you) it should be disconnected from any network
(most especially the internet) by an "air gap."
Click to expand...

I don't understand unless you neam there is nothing connecting to anything
except PC devices like a printer.
2. For your internet machine it is best if its core OS and programs are
run from a CD (e.g., Knoppix or Windows verions built on XPe, BartPE,
etc.) with no live OS on that machine.
Slow?

It is essential that your
internet machine is behind a properly configured HARDWARE router.
Click to expand...

Why hardware, suggestions for one and a proper config?
Data is
stored to an HD which is scanned both during and after each session
before any "keepers" are transferred to the other machine (then the data
is erased).
Click to expand...

Wait a minute, I thought that the "other" machine is not connected to
anything. Are you talking about a manual connect to transfer?
No sensitive information (some would advocate NO information
whatsoever) should persist on this machine between sessions. Any
information worth keeping is transferred using say (CD, USB stick, etc.)
to the first machine (virus scanning, etc is a mandatory part of this
process)

3. Since most people will NOT do what's recommended above, there are a
large number of (distinctly inferior) alternatives using one machine
(e.g., "virtualize" your network machine with Vmware, etc.).

4. I strongly recommend encrypting the ENTIRE HD (on both machines if
you use two) including the boot/OS partition (using Compusec, Winmagic,
Safeboot Solo, etc., etc.) and, in addition (or, for the lax, instead :-)
encrypt all data/storage partitions using Truecrypt (there are
alternatives that perform very well indeed, such as Bestcrypt, but the
open-source of Truecrypt and it's price - free! - are clinchers.)
Click to expand...

I don't think TrueCrypt touches the OS/boot, does it?
5. Any data that is not expendable MUST be backed up - and that means
encrypted backup (Ghost is satisfactory - others may be as well.)
Click to expand...

Backing up, good, backing up to what is the better question.
For communications, surfing, etc. the core is the mixmaster network for
email (fronted by, say, quicksilver) and the Tor network for most other
protocols (complete with necessary refinements/addons such as privoxy,
sockscap, etc.). Use a relatively secure program such as Firefox for
surfing (and be sure to *configure* it properly to futher harden it
(e.g., no Java/javascript, etc.).
Click to expand...

The no Java route is impractical, too many websites require it. How about a
utility, when you reach a website that does require Java, like your bank or
email, that popups up and allows you to click on, and perhaps allows that
to be set as the default condition?

Thank you Mr. nemo.
 
I haven't heard that on v9, but the ability to encrypt the entire disk
is exciting. GnuPG looks pretty exciting as well!
Click to expand...

I agree, dloaded and on my way to try the fukken thing.
 
I agree, dloaded and on my way to try the fukken thing.
Click to expand...

Do it on a test machine if you must. v9 *is* very buggy. Take a look
at http://forums.pgpsupport.com/.

Sure, every software has any number of bugs. But from the posts you
can see that people are really outraged with v9. Of course there is
always luck and those that are successful don´t publicize their
happiness on support forums.
 
Do it on a test machine if you must. v9 *is* very buggy. Take a look
at http://forums.pgpsupport.com/.

Sure, every software has any number of bugs. But from the posts you
can see that people are really outraged with v9. Of course there is
always luck and those that are successful don´t publicize their
happiness on support forums.
Click to expand...

Appreciate the fukken heads up.
 
Hello,

It looks very interesting.
Click to expand...

I have Tor/Privoxy and soon to add Stunnel. They work very well with
Firefox and IE. Flip the IP over about every minute or five.

However, as of late, they seem to be *very* intensive CPU wise, I am
looking to see if I have a config issue.
 
Back
Top