Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
June 25, 2019 at 1:26 pm (This post was last modified: June 25, 2019 at 1:33 pm by FlatAssembler.)
Damn, I just can't find a community that agrees with me on a few issues. On TextKit forum, I expressed my religious views in Latin, and asked people there to express their own. When I hadn't gotten a response after a few days, I made another thread, this time in English, asking them what they thought about religion. Most of the responses basically said "I don't like talking about religion.". Then somebody there responded in English to some of the points I've made in my Latin post, if you ask me, intentionally straw-manning me. Then I responded to him/her, also in English... and then the moderator decided to delete that thread. At least they didn't ban me.
(June 25, 2019 at 2:59 am)viocjit Wrote: Do you know it is possible to have an ISP from another country than our because it does exist ISPs with communication over satellite if you live in a country with only one ISP ?
Yes, I did, which is why I made the qualification about the country that you are in. That you feel the need to point this out after I explicitly pointed it out in my qualification has me wondering exactly what your point is?
I spoken about it because I didn't knew if you know we can have a foreign ISP with connection over satellite.
I thought you was speaking about using an ISP from the same country if there are others ISPs available.
I forget to say as alternative to providers with a communication over satellite with a parabolic antenna.
You can have a 2G (Slow for nowadays use) , 3G , 4G or 5G connection from a terminal (Cell phone , Tablet , Computer) bought anonymously in another country with a foreigner SIM card but authorities of the country in which you are will be able to catch you if they saw a terminal using a foreign SIM card with a foreign IMEI in their network.
Therefore a dissident must use it far of his / her home and others places related to him / her (Not forget to take security measures against secret police who can potentially following you and don't take another terminal with you tied to your real identity. Take only the terminal for you dissent activity with you and use it only for dissent activity) and remove the battery when he / she is not using it to avoid to be localized (Unhappily for dissidents , it does seem sometime terminal can have an internal battery that is below the main battery but I don't know if this is true or an urban legend. Also , if a terminal is disconnected for long time and connected for few time it can trigger an alert if the mass surveillance system of the country if there are one was configured to find terminals in this situation).
As alternative to a 2G , 3G , 4G or 5G connection you can have an Internet access from a satellite network like Inmarsat , Irridium , Intelstat and others similar networks.
You must use the security measures that apply to 2G , 3G , 4G and 5G connection to use a network like Inmarsat , Irridium , Intelstat and others similar networks.
Well, using Tails as your primary OS doesn't sound like a good idea to me. Your primary OS should have useful apps such as, for example, LibreOffice or GIMP. Office Online is basically useless with TOR because of the high latency. And even assuming LibreOffice works with Tails (Linux distributions are compatible enough that Hello World program can be made to work on all Linux distributions with the same processor architecture, but not much more than that), you still need to download it, and downloading large files over Tor is not secure (and it's very slow). Attempting to route all your traffic through Tor will likely make it possible for your ISP to see you are using Tor, because it's unlikely that all the legitimate traffic from your computer would be random noise or routed through Azure.
Tails is a distribution; it never claimed to be everything to everyone. Most ISPs are not doing deep-packet inspection; if that is a concern, then use bridges. More difficult to tell where you traffic is headed, and also, anonymous public WiFi hot-spots are also a good idea if you are in the "really paranoid" category.
(June 24, 2019 at 3:54 am)FlatAssembler Wrote: Well, using Tails as your primary OS doesn't sound like a good idea to me. Your primary OS should have useful apps such as, for example, LibreOffice or GIMP. Office Online is basically useless with TOR because of the high latency. And even assuming LibreOffice works with Tails (Linux distributions are compatible enough that Hello World program can be made to work on all Linux distributions with the same processor architecture, but not much more than that), you still need to download it, and downloading large files over Tor is not secure (and it's very slow). Attempting to route all your traffic through Tor will likely make it possible for your ISP to see you are using Tor, because it's unlikely that all the legitimate traffic from your computer would be random noise or routed through Azure.
Tails is a distribution; it never claimed to be everything to everyone. Most ISPs are not doing deep-packet inspection; if that is a concern, then use bridges. More difficult to tell where you traffic is headed, and also, anonymous public WiFi hot-spots are also a good idea if you are in the "really paranoid" category.
PART 1/5
If you connect to Internet while doing nothing to hide your IP address and using a pseudonym you're anonymous for those you meet on Internet but not for law enforcement agencies.
Anonymity toward who. That's the question.
You won't use the same means to hide yourself from your family than those used to hide from a police from a dictatorial regime.
To hide ourself from his family an email address under a fake name for which they don't know the existence , a nickname and say few things about ourself online is sufficient except if they have a human snitch working for your ISP , someone with an access to the mass surveillance system of the country in which you live if there are one or justice corruption to get data.
But there are still the risk they install a spyware (Hardware or software. If we fear our family it's unlikely they put a hardware spyware because it's not easy to find for civilians but the risk is real. An example of hardware spyware is a transmitter hidden inside a keyboard. An example of software spyware is a trojan horse with keylogger function , see what's your screen is displaying , Observe you with the webcam , Listen you with the microphone , Intercept your web browsing history etc...) on your computer or / and others devices used by you.
They would be able to read telecommunications even if these are ciphered if a spyware is installed.
They can also install a hidden video surveillance system or / and bugs in your home and your computing skills wouldn't help if you're physically monitored with wires or / and closed-circuit television and that you don't know how to find hidden cameras and bugs.
An entry of Wikihow explain us the basis to find hidden camera and bugs (Certainly sufficient to find the majority of camera and bugs made with civilian technologies available for average citizens) : https://www.wikihow.com/Detect-Hidden-Ca...icrophones
If someone is only using one relay in a foreign country between the home connection and Internet (VPN , Proxy server , VNC server etc...) to dissimulate his / her IP address he / she can be catch if authorities ask to all ISPs of their country jurisdiction who was using which relay at that time nor use logs kept by intelligence services charged of mass surveillance.
They would have a relevant list of suspects from ISPs if he / she using a connection of an ISP from the country jurisdiction.
If the person is using an ISPs from another country than country jurisdiction infos given by ISPs would be not useful and in this situation it could be necessary to ask infos to secret services of the country.
If the person is using the same relay at another time. Logs will reduce the list of suspects then we wait another time etc... until find the good one.
They have another possibility. Intercept in live the telecommunication of the suspects without install something on computer target. If ciphered it would be necessary to break it but they are reputed to have problems to read ciphered telecommunications in the majority of situations.
But if a spyware (Hardware or software) is installed on computer target they would be able to read telecommunications even if these are ciphered.
Law enforcements can also install a video surveillance system or / and bugs in your home and your computing skills wouldn't help you to avoid a conviction (If you do something illegal) if you're physically monitored with wires or / and closed-circuit television.
Side-channel attack does exist https://en.wikipedia.org/wiki/Side-channel_attack (This is an allegation from me and I don't know any real life case of an authority asking to all ISPs who was using which relay at which time. The same about intelligence services. I don't know any case of a suspect monitored with a side-channel attack).
If an Authority haven't the means to ask to all ISPs of its jurisdiction or to its intelligence services who was behind which relay at which time.
They can ask it to authorities of the place in which relay is located but they can answer like not answer (That depend of countries involved and matters. Identify a political dissent isn't at the same level as identify a drug trafficker or pedophile sharing child porn. The level of matters depend of countries).
Onion routing (Used by Tor , Tox , Tribler) , Garlic routing (Used by I2P) , IP Spoofing (It is using the IP of another terminal that our. It is like identity theft in real world) are way to hide our identity online but none of these method have an efficiency of 100%.
If the perpetrator of a suspect thing use one of these methods and do the same things he / she is doing while he / she is connect without anonymity method (Use Facebook under his / her real name , Send a picture of himself / herself , Use a nickname the individual did already used or similar , Use a password he / she did already used or similar , Tell a bit about its own life then another until it became possible to find the real identity etc...) these methods won't help the perpetrator if he / she is the hole in the anonymity system.
Activities the person do on Internet under his / her real IP address and method of anonymization must not be the same.
For example if you connect to Instagram with a method of anonymization you must not view the content of accounts that you did already viewed under your real IP.
Not forget to update and upgrade the computer. A software not updated can be dangerous if a hole in one of these can reveal your identity.
Deactivate Flash and others scripts like JavaScript , WebGL etc... as they can allow to find your real IP. Don't install extensions for browsers.
Don't forget to change the language of your system then software used if you pretend to be from another country than real one.
A suspect can be found because of a mistake like this.
A suspect must think to hide its MAC address (I hear tails do it automatically but I don't know if this is true) and serial numbers of its hardware when this is possible because a malware can infect its computer.
If it is infected and reveal any serial numbers a link can possibly be made with his / her real identity. (I don't know any alleged case of someone identified with an action like this).
Someone perpetrating a suspect thing must think to cover his / her webcam because a malware can infect the computer.
He / she must don't speak to avoid being identified by voice analysis if the computer have a mic inside because if the user fall on a malware while using an anonymization method he / she can be maybe identified. (I don't know any alleged case of someone catched by one of these methods).
Use an OS based on Linux reduce the risk of infections by malwares.
Use your OS on live DVD. Tails is reputed to be a good one (I did never used it).
What's tails ? https://en.wikipedia.org/wiki/Tails_(operating_system)
The most paranoid person would use a computer he did never used before.
He would bought it in a shop or another place without CCTV and pay for it in cash in a place where nobody known him / her. He wouldn't use Internet for this task.
He wouldn't take his / her phone to go to the shop. This person would avoid public transportation then observe if someone or a group is following him / her.
The most paranoid man / woman who want to stay anonymous online can crack the Wi-Fi connection (It's a misdemanors nor felony in majority of world jurisdictions) or use a public Wi-Fi and do what I say previously.
I wouldn't like to be the neighbour who will maybe have law enforcement coming to his / her home if you had the stupid idea to crack the Wi-Fi of your neighbor.
Instead of doing this the suspect can use a false identity to access to Internet in a Internet café but someone using a live CD / live DVD or live USB in a cyber café would be suspect and there are often CCTV in these places but if there are not CCTV you would let your fingerprint and DNA there anyway.
He / she can do worse like enter without authorization in a place with Internet connection.
Of course , if the user is stupid he / she would use two time the same Wi-Fi connection and be potentially traced with radio direction finding if authorities did localized which connection was used and wait the target to use RDF.
What's radio direction finding or RDF ? https://en.wikipedia.org/wiki/Direction_finding
When doing financial transactions for his / her suspicious activities the person can use Bitcoin or another cryptocurrency and use one wallet by transaction. If he / she have two wallets it's better to have one platform for each but if the person have more than one hundred wallets it's not easy to apply the sentence "One wallet , one platform" and in this case the user can use only three , four , five , six , seven or more.
What's Bitcoin ? https://en.wikipedia.org/wiki/Bitcoin
What is a cryptocurrency ? https://en.wikipedia.org/wiki/Cryptocurrency
Everybody have its own writing style and its own speaking style and it can help law enforcements or secret service to identify the person.
You can try simulate being from another ethnic group , generation , country , education level than your and write some words with bad spelling.
It won't change what you are and there a day you will make a mistake that will prove you're not what you pretend to be like forget to put your browser in British English if you're an American who pretend being a British , write colour in place of color if you're a British who pretend to be an American etc...
Now you know anonymity online is something that can't be full.
The majority of convicted felons are busted because they forget to use basic things that I explained to you.
The majority of those who perpetrates illegal stuffs forget one or many basic things that I explained to you and that help law enforcements a lot.
PART 3/5
I know the case of a felon named Gal Vallerius AKA OxyMonster citizen of France and Israel who was catch in a stupid way.
French newspapers revealed partially how he was identified.
He was going to USA with a computer with Tor browser and Bitcoin wallet on the hardisk but US law enforcement where collecting evidences against him before he came there.
His computer was searched by USCBP [b](United States Customs and Border Protection).
If he did used a live CD or live DVD. Evidences of illegal activities weren't found.
I'm not certain he wouldn't be arrested if they weren't evidences on his computer.
If he did used countermeasures against writing style analysis. He wouldn't be so easily identified.
He was often writing "cheers" on the Facebook account under his real identity and on Tor.
If he was clever he would think to use a Bitcoin wallet for each transfer.
If he was clever he wouldn't kept drugs and money in cash inside his home in France.
He deserve 2*. One star for his stupidity and another because he thought he would never be arrest.
Do you know the case of the US citizen Ross William Ulbricht AKA "Dread Pirate Roberts , Frosty , Altoid" ?
He was the main administrator of the first version of Silk road.
He was identified for a stupid reason.
Quoting of an extract of the Wikipedia page about him in the section 2 "Silk Road, arrest and trial" :
" [SNIP PART] The connection was made by linking the username "altoid", used during Silk Road's early days to announce the website, and a forum post in which Ulbricht, posting under the nickname "altoid", asked for programming help and gave his email address, which contained his full name" [SNIP PART]
I conclude this man didn't understood you must not use any nickname tied to your real identity.
Another extract of the same Wikipedia page : "[SNIP PART] To prevent Ulbricht from encrypting or deleting files on the laptop he was using to run the site as he was arrested, two agents pretended to be quarreling lovers. When they had sufficiently distracted him,[29] according to Joshuah Bearman of Wired, a third agent grabbed the laptop while Ulbricht was distracted by the apparent lovers' fight and handed it to agent Thomas Kiernan.[30] Kiernan then inserted a flash drive in one of the laptop's USB ports, with software that copied key files.[SNIP PART] "
If he was smart. He would thought to remove USB devices to avoid this.
If he was using a live operating system such tails in another place than a public space (This story with fake lovers indicate it) it would increasing difficulty for law enforcements to collect data on him.
Eric Eoin Marques is a citizen of Republic of Ireland and USA.
He was a pedoporn hoster.
It's alleged he was identified because he was using Windows with a non-updated version of Firefox vulnerable to a 0-day if the user have Windows like operating system and JavaScript enabled.
If he wasn't using Windows but Linux and a up-to-date system with noScript. He wouldn't be identified like this.
He did forget to forge the MAC address on his local network and the exploit send MAC address of users to law enforcement.
The exploit used in the 0-day vulnerability catch also the globally unique identifier (GUID) of Windows.
GUID + MAC address = The most perfect way to identify a PC
I know a case in which customers of CP were busted because they forget to deactivate flash.
There are also webRTC that is responsible of DNS leaks that permit to authorities to find target and this is another reason to disable JavaScript.
The majority of convicted felons are busted because they forget to use basic things that I explained to you.
The majority of those who perpetrates illegal stuffs forget one or many basic things that I explained to you and that help law enforcement a lot.
This is sad to say but many criminals will never be arrested.
For example. Think to these owner of small business in Western world who lose theirs business because of a hacker localized outside of the Western world who was never busted.
Anonymization method + localization of the perpetrator in a non collaborative jurisdiction don't help law enforcement.
International treaties of nowadays aren't sufficient and there are so many differences between laws of different countries that it doesn't facilitate international collaboration.
For example in some places possess a drawing depicting sex involving minors can lead to prosecutions when in others this is not the case.
The second example of difference between law in different countries of the world for which I will speak is about freedom of speech.
In the majority of country of the Western world write racist comments on public parts on Internet is a misdemeanor when in USA write racist messages isn't prohibited.
The third and last example is about freedom of speech.
In some country of the world like France (My country) it is illegal to deny the existence of Jewish genocide during World War II but it is authorized to do so in USA.[/quote]
PART 4/5
Imagine you live in a dictatorship (There are no dictatorship in Western world but they can certainly use high technologies described in this fiction for high target value) that own high technology in cracking and social engineering planning to install spywares in computers used for tor and VPN to know what are doing users online because this regime want to put in jail all its dissents.
They can send email with an attachment seeming to come from a friend and the target download it.
Someone of smart will see physically the person to ask if he / she did really send the attachment but even if the friend is the author of the mail attachment can contain a malware if they think to infect the computer of the friend to infect the target.
The target must contact his / her friend physically because it does exist technologies to simulate voice of a real person and appearance on webcam. That's deepfake.
They can hack a website used by the target to infect the computer targeted with a drive-by download.
A file downloaded in any place can potentially contain a malware.
For the most sophisticated operations they can install a software or hardware on computer with physical access with the help of someone the target trust.
Another way is to install it during a search and seizure , minimally intrusive warrantless search (I don't know any alleged case of a computer bugged during a search and seizure nor a minimally intrusive warrantless search anywhere in the world) then say to the target they didn't found anything to charge him / her and give him back the computer.
Of course , guys can go in your home where you're not there.
They can trap the USB key , SD card , CD-RW and the like of someone for which they know share data with the target by this way.
They can even substitute the disk of one of your video games with a disk that contain video game and malicious program that would appear like original one even if this is not. (I don't know any real case but I suppose this method can be used in some cases).
You have less chances to be infected by a malware if you're using a live CD or live DVD based on Linux like tails but risk isn't non existent.
The advantage with a live CD or live DVD is the fact the malware won't stay on your computer after is extinction (If it doesn't infecting something persistent in your computer like the firmware of a device or the hardisk you are using).
Imagine a malware used to put something on your hardrive that will permit to prove you're the good one during a search.
To prevent it (Paranoid mode) it would be necessary to remove your HD and others storage media before use your computer but in the worse case a malware can infect your BIOS or UEFI.
If you need a storage device. Hide it after you used it.
What's a BIOS ? https://fr.wikipedia.org/wiki/BIOS_(informatique)
What's an UEFI ? https://fr.wikipedia.org/wiki/UEFI
My fiction about spywares seem unlikely today but who know what will be the technologies of tomorrow.
In my previous message I said law enforcements can install a video surveillance system or / and bugs in your home.
Side-channel attack does exist https://en.wikipedia.org/wiki/Side-channel_attack (This is an allegation from me and I don't know any real life case of someone catched while using an anonymisation method because of a side-channel attack or CCTV placed without his knowledge).[/quote]
PART 5/5
What I said is possible in theory (I did never heard anything about technologies like this but maybe it does already exist).
But in practice this is not an easy things to do.
Crack a system with an OS based on Linux is not easy but not impossible.
Create a malware to infect a terminal using an OS based on Linux is far to be easy but not impossible.
Malwares targeting these OS for which the existence is publicly known are known to be only able to infect what's under control of the user account infected and not able to infect others accounts (For the majority of these) unlike Windows for which many malwares are able to do so.
It does exist maybe secret or Top Secret technologies owned by some states able to do so for Linux and maybe some of these are able to infect BIOS or / and UEFI.
This is expensive to do so therefore it's unlikely a dictatorship will place CCTV and bugs in the house of all those using tor or / and VPNs but we never known.
Of course , hidden cameras and wires can be place in the home of a person of interest but if that happens.
It would be possible to see what appears on the computer screen and listen the sound outing from speakers.
Soviets spies were ordered to use headphone for radio communications because of potential covert listening device.
In a dictatorial regime who identified tor and VPNs users.
It would maybe think to put cameras and bugs in the home of users or use another side-channel attack.
In a democratic regime who identified tor and VPNs users suspected to do wrong things (Like a police officer suspected to release infos from his home connection , suspected terrorist who organise meeting at home , an international drug trafficker etc...).
It would maybe think to put cameras and bugs in the home of users or use another side-channel attack.
Activities intercepted with these devices can be correlated with what you do on Internet because it would be possible to see what appears on the computer screen and listen the sound outing from speakers.
I'm not saying internet anonymity is a myth because you have an IP address.
You can conceal it but if you don't use tor (Forget to deactivate JavaScript , Use windows , Use a password already used elsewhere , Use a nickname already used elsewhere like this drug trafficker known under the pseudonym OxyMonster , Forget to use countermeasures against writing style analysis like OxyMonster etc...) carefully or another technology like this.
These technologies won't help you if you do mistakes like these.
Anonymity on Internet is something of relative.
If someone commit an offence on Internet.
Law enforcements can want him / her but they wouldn't use the same means to catch someone who committed a copyright infringement because he / she did downloaded protected contents than someone who published child porn produced by him(her)self.
Law enforcements would stop search for someone who did downloaded protected contents (Too expensive in time and money) with tor but wouldn't do for someone who published porn with children he / she did produced.
Even if tor is a powerful tool.
Those producing and sharing pedoporn can be busted because of traffic analysis (I don't know any alleged case in which someone was identified by law enforcements because of traffic analysis. Tor is vulnerable to it) and the human holes as I explained (Forget to put off JavaScript and others scripts , Use Windows , Forget to use countermeasures against writing style analysis like OxyMonster , Someone of dumb filming himself / herself raping his / her child wearing a school uniform with the name of that school who permitted to police to identify the child with the help of school photo group , a rapist who call another rapist on pedovideo by his real first name etc...).
If someone use tor or similar stuff to hide his anonymity online to do something legal in all jurisdictions of the world.
It's unlikely that someone will try to disanonymise this person.
June 30, 2019 at 11:57 am (This post was last modified: June 30, 2019 at 11:58 am by Jehanne.)
Tails, LUKS and TrueCrypt are secure; here's an example of where the FBI was not able to decrypt a suspect's hard drive:
Quote:Operation Satyagraha
In July 2008, several TrueCrypt-secured hard drives were seized from Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to his files on the TrueCrypt-protected disks. They enlisted the help of the FBI, who used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them.[90][91]
And, the Tor Browser, when used properly, is secure:
Quote:Tor has been praised for providing privacy and anonymity to vulnerable Internet users such as political activists fearing surveillance and arrest, ordinary web users seeking to circumvent censorship, and people who have been threatened with violence or abuse by stalkers.[176][177] The U.S. National Security Agency (NSA) has called Tor "the king of high-secure, low-latency Internet anonymity",[15] and BusinessWeek magazine has described it as "perhaps the most effective means of defeating the online surveillance efforts of intelligence agencies around the world".[178] Other media have described Tor as "a sophisticated privacy tool",[179] "easy to use"[180] and "so secure that even the world's most sophisticated electronic spies haven't figured out how to crack it".[73]
(June 30, 2019 at 12:00 pm)Fierce Wrote: The fact that a Tor Browser would be needed is simply an unnecessary and unlawful infringement on the presumption of innocence.
Some people own guns simply because they like guns.
(June 30, 2019 at 12:00 pm)Fierce Wrote: The fact that a Tor Browser would be needed is simply an unnecessary and unlawful infringement on the presumption of innocence.
Some people own guns simply because they like guns.
Well, darling, that's a subject for an entirely different thread.
June 30, 2019 at 3:35 pm (This post was last modified: June 30, 2019 at 3:35 pm by Jehanne.)
(June 30, 2019 at 12:06 pm)Fierce Wrote:
(June 30, 2019 at 12:04 pm)Jehanne Wrote: Some people own guns simply because they like guns.
Well, darling, that's a subject for an entirely different thread.
Perhaps. Some have suggested that encryption and software, such as The Tor Browser, Tails, VeraCrypt, etc., should be outlawed, but, to me, that's like saying that one could outlaw gravity.
(June 30, 2019 at 12:06 pm)Fierce Wrote: Well, darling, that's a subject for an entirely different thread.
Perhaps. Some have suggested that encryption and software, such as The Tor Browser, Tails, VeraCrypt, etc., should be outlawed, but, to me, that's like saying that one could outlaw gravity.
If you outlaw Tor , Tails , Veracrypt etc... You must outlaw playing cards because it can be used by ciphers like Solitaire.
What's Solitaire ? https://en.wikipedia.org/wiki/Solitaire_(cipher)
If you began to outlaw playing cards because cryptography is outlawed you must outlaw all things because all things can be used to crypt messages.
For example you can use your brain , one of your hand , pen and paper to write a message using an One-time pad.
Can we seriously consider to outlaw pen and paper ?
What's one-time pad (OTP) also known as Vernam cipher ? https://en.wikipedia.org/wiki/One-time_pad
