/g/ - Technology

install openbsd

[Make a Post]
[X]





Nanonymous No.3245 [D][U][F][S][L][A][C] >>3250 >>3556
File: 4015e11468fd3f700ffaad635f051af0cc6e4d40bbf057237e243d77f3ad9d8c.jpg (dl) (170.82 KiB)

What is the most optimal way for a complete tech noob to get as anonymous as possible? I ask this because recently I've gotten really paranoid redpilled about everything tech-related stuff, but I'm quite literally as unknowledgeable about it as someone posting on site can be. But this also interests me on a purely hypothetical level.

So let's first assume Linux is not an option for OS: even if I was capable of learning how to use it with intense enough autism, your average normie wouldn't. So what would one go for? Get some old Windows OS like XP onto a laptop you obviously never use for non-anonymous posting/messaging? Or is there another option? Surely the older OS's aren't as riddled with backdoors etc. as the newer ones right? What about e-mail, is something like ProtonMail the most optimal, even despite it not being actually that anomymous in specific situations? Duckduckgoy for browser, or is there something better a tech noob could use with some effort?

Of course it can be debated what is the most effort one should have to put into it with it still being "tech noob -friendly". That would probably depend on the goals: if it's anonymity for anonymity's sake, not too much effort would make sense.

Nanonymous No.3249 [D]

Step 1: Get smart.
Stop making excuses for being dumb. If you don't have time because of a demanding job or something, then you should be asking for time management tips and a learning guide of sorts. But you're asking to be spoonfed like a baby because you're too lazy to learn or put in effort.

Nanonymous No.3250 [D][U][F] >>3251 >>3259 >>3319
File: f2f98a48694a3542fba28a1a47d5e72a9d818603ea99fda35a0eb930a9fc5310.pdf (dl) (362.17 KiB)

>>3245
>What is the most optimal way for a complete tech noob to get as anonymous as possible?
Don't use credit cards or store reward cards. Pay cash. Don't order from places like Amazon. Buy secondhand when you can.
Don't use a cell phone.
Don't use IoT devices, especially Echo/Google Home, etc.
Don't use Facebook and other social media.
Don't use automated passes for toll roads. Better to avoid toll roads altogether, because they still use cameras.
It's illegal to wear masks in many places, and that would draw a lot of attention anyway. Settle for hats and sunglasses. A bushy beard, if you can grow one, can obscure the shape of the lower face.
Install Linux. Use Tor Browser with the security slider set to high. Never use Tor to sign in to a service you've signed into without Tor, and never sign up for a service through Tor with personally identifying information. Better not to sign in to anything at all.
Be careful about metadata. Wipe exif data from photos you post online. Better yet, don't post photos online.
Use Anonymouth to analyze your writing to minimize stylistic analysis. (I don't bother with this anymore, but I've had some success with it, at least with fooling Anonymouth).

>So let's first assume Linux is not an option for OS
Let's not. Tens of millions of dollars worth of work has gone into making Linux user friendly. Anyone with an IQ above room temperature can install and learn to use Mint or Ubuntu these days. Anyone with a room temperature IQ or below can find a tech-savvy relative or a LUG to install it for them.
>Get some old Windows OS like XP
Ridiculous.
>Surely the older OS's aren't as riddled with backdoors etc.
They're riddled with ancient cryptographic code and devastating security flaws that will NEVER be fixed because they're beyond EOL.
>What about e-mail, is something like ProtonMail the most optimal, even despite it not being actually that anomymous in specific situations?
Anonymity and privacy are not the same thing. ProtonMail was not designed for anonymity, it was designed for privacy, and it fails at that. PDF related.
>Duckduckgoy for browser
It's fine if you're using it via Tor Browser for non personally identifiable searches. They even have a hidden service.
>Of course it can be debated what is the most effort one should have to put into it with it still being "tech noob -friendly"
Everything I have listed is within the capacity of almost every "tech noob," especially since a lot of anonymity means not engaging with technology in the first place.

The problem isn't that these things are hard. It's that people want their gadgets, and their creature comforts, and their rewards points, and their "convenience," and they suffer from FOMO if they're not on 5 social networks and getting constant notifications. They're feeding the beast that will eat them, of course. Every time someone takes an Uber, they're helping a company that, in a few years, will fire every single one of their drivers to rely on self-driving cars. Every time someone uses Facebook, they're giving the platform data that will be used to categorize, score, commodify, and manipulate them and the society in which they live.

It turns out that the issue isn't that people aren't tech-savvy enough to avoid slavery. It's that they like to be slaves.

Nanonymous No.3251 [D]

>>3250
This.
The only extra suggestion I would say is, if you can handle it, increase the security setting on the Tor browser (blocks most JS by default, that will stop lots of google and other trackers but may partially break some sites until you manually whitelist some JS with the NoScript extension) and learn what the browser can and can't do for your privacy and anonymity.

Before you ask, smartphone are fucked through and through, but if you REALLY REALLY must, you can mitigate damage by removing every app you can, using an official Tor browser and installing LineageOS.

Nanonymous No.3259 [D][U][F] >>3296 >>3308
File: 4ab58de0797d9863f2d057fd193c97e583ef498d07f8ad27995bead4f87bfd81.png (dl) (477.00 KiB)

>>3250
Another thing I forgot. Don't ever get one of those 23andme, Ancestry, or other DNA tests done, and discourage members of your family from getting them. Law enforcement is routinely checking DNA samples from crime scenes against these databases, and in some cases have been able to track people down who never even had one of those tests by getting partial matches with their relatives who had.
>But I don't have anything to worry about, I'm not a criminal!
You might not be a criminal now, but governments and laws change. Posting here might be illegal in 5 years. DNA databases are vulnerable to abuse by unscrupulous authorities for all kinds of nefarious purposes.

This is another thing that's easy for "tech noobs." All you have to do is save $100 by not sending your DNA to one of these companies.

Nanonymous No.3287 [D]

Hes looging for a blage do sdard.

If i were him and I used do be him, I would go do my logal library and buy a boog on linug for dummies. Dhis will sed your mind in a diregdion dhad inebidably brings you do web seguridy.

Learn linug ob. Debian will do. Or Debuan. Or genndoo.

Ids a sdeeb sdeeb begginning bud hold on and sdard slow.

Nanonymous No.3296 [D][U][F]
File: b0d7e40c1f023118bb900f74babede02e82ad2b7d37206a0374c05133e3ff8f4.jpg (dl) (190.76 KiB)

>>3259
This is common knowledge. It's as if you uploaded who you are to cloud. Shamefully /pol/iggers are all mutts from lumpenproletariat/'murican families with undocumented ancestry desperate to "connect" with their roots, uncertain with who they should side and if they have right to live they don't.

Nanonymous No.3300 [D]

If she doesnt have blonde hair blue eyes. Im not interested.this is the way to passing on good genes.

Nanonymous No.3308 [D]

>>3259
> This is another thing that's easy for "tech noobs." All you have to do is save $100 by not sending your DNA to one of these companies.
It's actually not easy.
Allegedly, and I don't see any reason not to believe it, anonymous DNA can be identified as long as a relative as far as 3rd cousin in the database. I.e if any of your third cousins did a DNA test, you might as well just change your country, like, completely, emigrate and get a new citizenship, abandoning the old one etc. I mean, what else can you do?

Nanonymous No.3309 [D] >>3315 >>3319

Tell you what I run, and my mistakes.
First off, phones are no good for anything private at all.
I still browse imageboards through them when I'm in bed, but in reality, nothing you do in there really is safe.
Yeah, I run lineage os without gapps and whatever, but I still can't bring myself to trusting it 100%.
For your computer, a must is not running Windows.
>So let's first assume Linux is not an option for OS: even if I was capable of learning how to use it with intense enough autism, your average normie wouldn't. So what would one go for? Get some old Windows OS like XP onto a laptop you obviously never use for non-anonymous posting/messaging?
What a fucking faggot you are, lots of distros out there are really easy, mine included. Wanna run a closed source system with steam games and such and think you are anywhere near not being raped by cia? Retard. Let's go on.
I run Linux Mint, which is where my mistake starts since you shouldn't be running systemd if you are really paranoid.
Next, as my browser, I use GNU IceCat.
This is my go-to browser to do anything.
Browse the web in general, look stuff up, stuff that I don't attach to my personal identity.
My settings: I leave JS on. I do this as a tradeoff for convenience, and I can't deny, it might be hurting my privacy. Not that I believe that many clearnet websites are using malicious JS to get my real IP and stuff. From their privacy settings, all I do is disable WebGL, block third-party requests(this one is really important and doesn't break anything if you just allow the right requests in) and "tracking protection".
I also use a canvas spoofer.
Other than that, I'm using a VPN.
Recently I've been seeing a fair bit of shilling against the use of VPNs how all vpns keeps logs because etc etc, don't forget the ExpressVPN raid that turned out useless for the Turkish government. There are safe VPNs out there. Don't let your ISP log everything you access.
http://archive.is/KkBrB
As a "private" e-mail, I don't trust any.
I tried out mail2tor.com for some stuff that I do over tor(not a pedo), and I can't really recommend it because I'm really not sure how safe it is. Thing is, e-mail having the need to be tied to a clearnet adress will never be a really privacy focused thing, or something that you can really trust you are safe using.
For "normal" stuff, like linkedin, personal e-mail account and such, I just use plain firefox, which is by no means private, but if I don't want to risk linking gnu icecat to my real identity.
>ProtonMail
Have it as a personal e-mail at most for professional stuff, that piece of shit is by no means private.
>Duckduckgoy
Absolute piece of shit, with shitty search results and has already been found guilty of selling user data. No better than google really as a search engine when you want to protect yourself.
Use searx.me.
Again, this post I'm just listing what I do, and I recognize some of my methods are flawed, and even called my self out on those that I'm aware off. If I'm off about anything else, please warm me, I wouldn't miss a chance of enhancing my privacy.

Nanonymous No.3315 [D]

>>3309
Interesting.
>ddg
>has already been found guilty of selling user data
Proofs?
>searx.me
How is it better?

Nanonymous No.3317 [D]

reminder there are searx instances with v3 onion addresses
http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/
http://z5vawdol25vrmorm4yydmohsd4u6rdoj2sylvoi3e3nqvxkvpqul7bqd.onion/
http://searx.l4qlywnpwqsluw65ts7md3khrivpirse744un3x7mlskqauz5pyuzgqd.onion/

Nanonymous No.3319 [D] >>3322

>>3250
Fine post, although the first part is basically "I'm doing something very illegal and don't wanna get caught" -tier, for which I see no reason if your not actually a criminal. That'd be way too inconvenient for a normal guy who just likes anonymity. You didn't give a good option for an e-mail either.

>>3309
>First off, phones are no good for anything private at all.
False, in the sense that phones are ideal for doing something once with a prepaid and a public wi-fi, then throwing it away. Obviously so that you can't be identified by the combination of ISPs location information and cameras. But yea for continuous use they're probably shit

Also is it really the case that there's no good e-mail for private use? I see cock.li talked about a lot here, but apparently many places block it? Also sauce for duckduckgo selling info?

Btw I recently saw a post regarding Intel ME and AMD PSP being backdoors for NSA, what's /g/s take on this? Is it really necessary to even pick your hardware based on a list, or is that too much?

Nanonymous No.3322 [D] >>3327 >>3328

>>3319
>False, in the sense that phones are ideal for doing something once with a prepaid and a public wi-fi, then throwing it away
Oh, sorry, I didn't think of it as throwaway phones. I meant that your phone(not a throwaway one) is just no good for anything private.
>cock.li
Requires JS to register.
Everything is stored in plain text, anyone who enters the host's apartment will get all the data. Cock.li is basically for throwaway accounts and shit that you don't really care about losing.


Nanonymous No.3327 [D]

>>3322
>Requires JS to register
whut

Nanonymous No.3328 [D] >>3379

>>3322
>Everything is stored in plain text
Bullshit. He uses FDE and german authorities were not able to retrieve any data when they raided him.
>host's apartment
Nothing is hosted in his apartment.

Nanonymous No.3379 [D] >>3382 >>3385

>>3328
FDE means nothing when the system is running, as it most probably would be during a raid.
No idea on the specifics of the case/cock.li. Just saying.

Nanonymous No.3382 [D] >>3451

>>3379
>as it most probably would be during a raid
But that requires the police to have the competency required not to shut down the system, and to be able to recover the password from it. If they just grab the hard drive and run they get nothing.

Nanonymous No.3385 [D] >>3386 >>3450

>>3379
during the cockli raid the germcuck zogbots didn't even know that the disks were encrypted, they just turned everything off the moment they got in.

Nanonymous No.3386 [D] >>3450

>>3385
They learned their lesson for sure now. Neuland is hard land.

Nanonymous No.3450 [D]

>>3386
>>3385
>learned their lesson
Connect illegal entry sensor with reset/power line


Nanonymous No.3451 [D] >>3454 >>3456 >>3458 >>3461

>>3382
>competency to recover the password
The recent Silk Road 2.0 judgment revealed that the admin of the site had his encrypted laptop decrypted by police.
Explanation was they had found the password in a password manager data base.
Where was the password manager running? Smart phone?
Usually password manger apps are password protected too.

If the police suspected him some time before, they could have spied on him.
One "secret" that is not talked much is that keyboards emanate the scan code used over earth (PS/2 worst but USB too) and as EM radiation, dozens, hundreds of meters away.

Counter measures?
Screen keyboards
Tokens
Yammer that permanently emanate random scan codes (software defined radio?)

Thoughts?


Nanonymous No.3454 [D] >>3458

>>3451
Just RF shield your server room. Wouldn't want an EMP taking them out, wouldn't want random suspicious people spying on your wireless network/scan codes, either.
Literally just line the whole room with aluminium foil and you're done. cost less than $100.

Nanonymous No.3456 [D] >>3461

>>3451
I meant recover the password from in memory, but there are a ton of $5 wrench attacks that don't even need the server to be live. Password managers are useful because they prevent password reuse. This is needed for websites, which don't support a public key system like they ideally would. For local stuff like disk encryption they're placebo. They shouldn't make things worse though, so this guy clearly had terrible opsec.

Nanonymous No.3458 [D][U][F]
File: c379a9f2c190add0bbac25d10f8b0c7f667a7a688772cc5e8c0851dc6726c63d.pdf (dl) (1.35 MiB)

>>3454
>>3451
>Just RF shield your server room.
It isn't that easy and who lives in server room?

COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED AND WIRELESS KEYBOARDS
Martin Vuagnoux and Sylvain Pasini

Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.). A vulnerability on these devices will definitely kill the security of any computer or ATM.

Wired and wireless keyboards emit electromagnetic waves, because they contain electronic components. These electromagnetic radiation could reveal sensitive information such as keystrokes. Although Kuhn already tagged keyboards as risky, we did not find any experiment or evidence proving or refuting the practical feasibility to remotely eavesdrop keystrokes, especially on modern keyboards.

To determine if wired and wireless keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed.
http://lasec.epfl.ch/keyboard/

http://archivecaslytosk.onion/9Sa1d


Nanonymous No.3461 [D] >>3557

>>3456
>>3451
>I meant recover the password from in memory, but there are a ton of $5 wrench attacks that don't even need the server to be live.

This is all good and fine, but I'm suspicious not everything has been revealed.

>Password managers ...
>For local stuff like disk encryption they're placebo.
To get the password of of a password manager one need first a running computer, decrypted if it has protection by an encrypted filesystem. Android and IPhone do promise to protect their content, but many vulnerabilities have been found. Beside of this it seems foolish to me to trust into device that are known to spy after their users.
There are people that use security tokens, with password manager and for file systems. To me they are opaque system that promise something that I can not check. Anyway, not mentioned here at all.

So this explanation sounds 'odd' to me.

>this guy clearly had terrible opsec.
Sure, he once met a journalist to brag about his exploits:

Come the day of the face-to-face, I stood in a busy city street, and waited for the man I had exchanged dozens of encrypted messages with. He was late, but as promised, appeared out of nowhere.
http://archivecaslytosk.onion/brV8E
https://motherboard.vice.com/en_us/article/3dad83/the-secret-life-of-a-silk-road-20-mastermind

Paul Chowles, an investigator from the National Crime Agency (NCA) who worked on the case, told Motherboard in a phone call one piece of evidence included the private encryption key belonging to DPR2 on one of White’s computers. If someone possesses the private part of a PGP key, which is used to decrypt and sign messages, it can be a good indicator that they are behind a particular online identity.

Chat logs US authorities recovered from the computer of Blake Benthall, Silk Road 2’s co-administrator, reflected much the same thing, Chowles added.

Chowles said the NCA had challenges with White’s use of encryption. The agency was eventually successful, in part because of gaining access to a password manager which contained the unlock phrase for one of White’s encrypted laptops.
http://archivecaslytosk.onion/8zoS8
https://motherboard.vice.com/en_us/article/9kx59a/silk-road-2-founder-dread-pirate-roberts-2-caught-jailed-for-5-years

One of these IP addresses led investigators to a house where Farrell was living. After physical surveillance was carried out, his house mate questioned, and FBI interviews, Farrell was eventually arrested.
http://archivecaslytosk.onion/rdjwX
https://motherboard.vice.com/en_us/article/gv5x4q/court-docs-show-a-university-helped-fbi-bust-silk-road-2-child-porn-suspects


Nanonymous No.3556 [D]

>>3245
If you're already using Tor, then I'd say the next step is setting up system encryption with Veracrypt. Then if someone raids your house, they can't do shit iff your computer is turned off.

But if you're going to do it, for the love of God backup your keys onto a USB stick.

I think that's about it for the easy stuff. More advanced stuff is using a secure OS, using a hotspot that can't be traced back to you, and living in a place that can't be traced back to you (surprisingly easy, just find a place that takes cash, and route all mail to a PO box or dead drop). These things alone will make you very difficult to trace.

Nanonymous No.3557 [D]

>>3461
I haven't read about a single Tor raid which wasn't caused by bad opsec. Laziness defeats all security.

Nanonymous No.3569 [D]

install gentoo