|
nooneman


Registered: 04/24/09
Posts: 14,568
Loc: Utah
|
A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :)
#23476539 - 07/25/16 06:57 PM (7 years, 6 months ago) |
|
|
I understand completely if this thread might get a little too close to something and ends up removed. I just thought I might write a short, short introduction to these technologies since many people ask about them.
WARNING: I am no expert. I know how to use these technologies, but not to any high level of understanding.
TAILS: https://tails.boum.org/ This is a linux based OS built around security. It is widely regarded as one of the best and most secure operating systems. Here's it's main advantage: it can be burned onto a CD or DVD, and used without any kind of hard drive (zero records). You cannot infect a CD or a DVD with a virus, or otherwise corrupt it because the moment you reboot everything is back to normal. Also, it includes tor browser and GNUPG.
Tor: https://www.torproject.org/ Tor is a way to access the internet semi-anonymously (more anonymously than normal anyway). It comes a variety of different ways, but the most common is the Tor Browser, which is a browser bundled with tor in an easy to use format. "Tor Browser" is available for most operating systems.
GNUPG: https://www.gnupg.org/ This is the most complicated technology here. This allows you to encrypt and decrypt messages. Roughly, it works like this: you create for yourself a private key and a public key (these are generated together). You keep your private key secret. Your public key can be used by someone else to encrypt a message. This message can then only be decrypted by you using your private key. Likewise, using someone else's public key you can encrypt a message that only they can decrypt.
The various GUI versions of GPG allow you to quickly and easily generate yourself a private/public key pair. You should generate one of these, and give your public key to anyone who you want to communicate with. Generally there is an option to "encrypt" or "decrypt" a message, as well as options to "import credentials" and so on.
Try encrypting and decrypting a few messages using your own public and private keys to get a feel for it. Try generating a few different private/public key pairs, and encrypting and decrypting using this variety of different keys to get an even better feel for it.
Bitcoin: https://localbitcoins.com/buy_bitcoins https://blockchain.info/ https://www.coinbase.com/ There are a large number of ways to buy bitcoin. The first thing you need is a bitcoin wallet. You can get these from sites like blockchain.info or coinbase. There are even more sites and ways to have wallets, but these are the two most common.
Once you have a wallet, you need to buy bitcoin. You can either do this in person using "localbitcoins.com" or you can use your bank account or ATM card on coinbase and other sites. There are also bitcoin ATMs that allow you to buy bitcoin at an ATM like machine without interacting with anyone. These are also listed in localbitcoins.com and other websites.
When you buy bitcoin, you may need to "receive" the bitcoin into your wallet. This normally involves going into your wallet on your phone or computer and clicking "receive." You will then be given a code and one of those QR code things that you will have to give to the person/machine/etc sending you bitcoin.
To transfer bitcoin to another person, you go into your bitcoin wallet and click send. You will have to either scan the QR code that they give you, or enter in the code manually.
Buying, selling, and transferring bitcoin takes time. Generally, for transfers it happens in 30 minutes or less, but sometimes much more. Buying bitcoin can require much longer waits depending on who you're buying from. A bitcoin ATM is almost instant, while a website might require a waiting period of days.
VPN: http://www.pcmag.com/article2/0,2817,2403388,00.asp VPN stands for virtual private network. It is a secure network that you log into through which you access the internet.
The advantage is that your ISP cannot tell what you're doing on the internet because all your data is encrypted for the VPN. This means if your ISP is delivered a warrant, they will only be able to hand over encrypted data. Further, your ISP will have no idea what you're doing online, so if anyone from your ISP snoops on you they will find nothing.
The disadvantage is that from a security perspective you provide your opponent with what is called "a larger attack surface." Instead of only your ISP having access to your data, now both your ISP and your VPN have access to your data. This means that there are two opportunities to steal/break into/etc. your data instead of one. Further, using a VPN is relatively suspicious. Having said that, it's unlikely that someone would bother unless you caught the serious interest of a nation-state.
VPNs which are out of the country are not necessarily under an obligation to provide data to US law enforcement even if they have a valid warrant. Not all VPNs operate in such a way that this is possible, but some do.
You want a VPN that takes bitcoin as payment so that you are not tied to your VPN.
If anyone has anything they'd like to add, or if I got something wrong please feel free to post! As I said, I'm no expert in this stuff, I just know the basics of how to use it.
Edited by nooneman (07/25/16 06:59 PM)
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: nooneman]
#23477669 - 07/26/16 04:53 AM (7 years, 6 months ago) |
|
|
Tails running Tor through a VPN is a good idea although Tor has already shown to have several vulnerabilities. The VPN you use will only be as good as they say/their reputation in that they truly delete their logs an do what they say ie...(are respectable). Bitcoin as a crypto currency has proven to be increasingly vulnerable to attacks/ hacks although it has recently shown to be on the rebound an could potentially revalue to what it once was. PGP encrypted messages is another good suggestion for encrypted communication as is using a public wifi connection rather than the house while doing all of the above. Regardless depending what you do an the types of crimes you commit you can still be found using all the encryption available to us the public as governments are already way past it and onto future encryption technology such as quantum encryption/computing. All backbone traffic is intercepted by the NSA in the United States I would imagine so in other countries and can eventually be de crypted if you pose any significant threat to the nation or commit a significant crime. Also the more time you do large buys or whatever you do of course the chances of getting busted are higher as well, small drug buys at random intervals will probably not warrant enough attention but it is still possible. The early days of masking behind Tor are over an there are now several task forces from multiple agency's that are dedicated to combating cyber crime on Tor.
Edited by tdubz (07/26/16 05:06 AM)
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23663726 - 09/20/16 11:46 PM (7 years, 4 months ago) |
|
|
Sorry to bump old thread but wanted to add that I've been advised to not use Tor because it is the FBI's system. That would explain Tor's "vulnerabilities". When I asked this person what system he uses for his company that operates in multiple countries, he said he couldn't tell me or he'd have to kill me.
So I'm looking at VPN's recommended in these two articles:
https://www.bestvpnprovider.com/best-logless-vpn-services/
http://www.howtogeek.com/221929/how-to-choose-the-best-vpn-service-for-your-needs/
Considering Ecuador provides asylum for Julian Assange, I'd love to find a VPN based in Ecuador since they are clearly not interested in bending over for bullies.
Thanks OP for posting and opening discussion. I just saw the new Snowden movie; saw documentary last year. US Govt is not messing around - it's collecting any and everything not protected.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
#23663761 - 09/21/16 12:01 AM (7 years, 4 months ago) |
|
|
Tor has various vulnerabilities it's a false sense of security, just depends what you do on it if the feds decide to go after you. It has lost it's credibility of being secure. Several articles point this out no matter how much they the tor staff attempt to fix holes.
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23663859 - 09/21/16 12:36 AM (7 years, 4 months ago) |
|
|
I believe this statement in the OP is incorrect: "The disadvantage is that from a security perspective you provide your opponent with what is called "a larger attack surface." Instead of only your ISP having access to your data, now both your ISP and your VPN have access to your data. This means that there are two opportunities to steal/break into/etc. your data instead of one."
A good VPN will keep your ISP from seeing your activity (and prevent the ISP from keeping logs), otherwise what would be the point of a VPN if the ISP has everything logged and accessible with a simple subpoena.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
#23663892 - 09/21/16 12:51 AM (7 years, 4 months ago) |
|
|
The NSA can surely crack VPN encryption can the FBI, I don't know again just depends on the severity of crime you are committing. Small drug buys might not warrant the need for the FBI to ask for the NSA's help but other stuff most certainly can. The NSA can hack and see everyone pretty much they are the master hackers after all. Even the masters get fucked once in awhile as was seen by the Snowden leaks and the Shadow brokers leak.
|
sh4d0ws
LSx


Registered: 02/26/08
Posts: 12,086
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23666333 - 09/21/16 08:48 PM (7 years, 4 months ago) |
|
|
I am not well versed in the topic, but curious, how do certain very large dark net marketplaces that operate on Tor get away with it if Tor is compromised?
|
nooneman


Registered: 04/24/09
Posts: 14,568
Loc: Utah
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: sh4d0ws]
#23666486 - 09/21/16 09:36 PM (7 years, 4 months ago) |
|
|
If the US started busting markets, it would reveal the flaws in TOR that they're exploiting which would subsequently be patched. Then the US wouldn't be able to take down even more important targets like people selling childporn, murder for hire, nuclear materials, etc.
Further, if the market is in China or Russia, how is the US planning on prosecuting? Especially if the police are taking a cut, prosecuting someone in a corrupt third world country is virtually impossible.
Additionally, taking down markets appears to only end up creating more markets, so it's probably a bad idea for them because they'll only be diversifying the number of markets.
Quote:
Sarah Tonin said: I believe this statement in the OP is incorrect: "The disadvantage is that from a security perspective you provide your opponent with what is called "a larger attack surface." Instead of only your ISP having access to your data, now both your ISP and your VPN have access to your data. This means that there are two opportunities to steal/break into/etc. your data instead of one."
A good VPN will keep your ISP from seeing your activity (and prevent the ISP from keeping logs), otherwise what would be the point of a VPN if the ISP has everything logged and accessible with a simple subpoena.
Also, this is not an incorrect statement. A larger attack surface is a larger attack surface no matter how you cut it.
You have two things you can potentially target with a VPN and an ISP rather than just one which is always bad because if you have two things you can target then if you fail at targeting one you can just target the other. You're combining all the worst aspects of security of any two things whenever you combine two things instead of having just one. Essentially you inherit all the least secure parts of both as well as providing backup plans and more opportunities for attack.
If you have access to either the VPN or the ISP then you don't need to crack anything because you can perform a man in the middle attack.
Edited by nooneman (09/21/16 09:41 PM)
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: nooneman]
#23666555 - 09/21/16 09:59 PM (7 years, 4 months ago) |
|
|

If you have a window into crime, you don't destroy your window. You just use the info you gain without destroying the window (allowing the criminal to know how the info was obtained that allowed him/her to get busted).
For those of you able to run Linux, Kali Linux has been recommended as an offensive operating system that can be kept on a thumb drive. Another great feature is that a second "nuclear" password can be set up so that if ever under duress and being forced to log onto one's computer, the nuclear password can be entered which destroys the content upon entering. And then it's retrievable, repairable later. And if anyone takes the thumb drive, it's not a huge loss. This may be one of the few NSA-proof programs out there. Still researching all this.
But a good start seems to be VPN - at least that locks your ISP from gathering your data. ISP's are required by law to log your activity at least in the US, Australia, and some other countries, maybe Canada and UK? And all ISP's will turn over their logs to any law enforcement in a heartbeat.
VPN's that do no logging whatsoever and that will take payment in form of bitcoin &/or gift cards (yes, that's right, gift cards for stores) will be the most secure if one is wanting to be totally invisible. If they do no logging whatsoever, then they have nothing to reveal should a warrant be issued. It's my understanding that it is obvious if one is using VPN but that using VPN is actually very smart and justifiable for anyone frequenting public wi-fi and in no way denotes a criminal. VPN also allows a person to access their own network while traveling, another reason lots of non-criminals have VPN's.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: nooneman]
#23666586 - 09/21/16 10:15 PM (7 years, 4 months ago) |
|
|
The FBI can warn other police agencies in other countries to arrest people that's no problem and one way of America policing the world. This has been seen with the 2015 playpen hack which compromised thousands of computers all over the world. What the United States is doing policing other countries is a great question, but apparently all internet traffic get's routed through surveillance states so there is no way around it.
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23666615 - 09/21/16 10:25 PM (7 years, 4 months ago) |
|
|
I hadn't heard about the Shadow Brokers until your mention of it. That's cool. Will have to check out the 2015 playpen hack.
Anyone have any idea how difficult it is to run Linux? And can I run Linux (or better Kali Linux) on a Mac part-time? One of the medical sites I need to access regularly for work cannot be accessed from a Linux OS. Is it possible to run another OS and just plug in Kali Linux with a thumb drive all the other times that I'm not on the medical site?
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
#23666632 - 09/21/16 10:33 PM (7 years, 4 months ago) |
|
|
Linux Mint is fairly user friendly.
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23666652 - 09/21/16 10:38 PM (7 years, 4 months ago) |
|
|
Can I switch off to Safari at times and run Linux Mint from a thumb drive?
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
#23666655 - 09/21/16 10:40 PM (7 years, 4 months ago) |
|
|
Not sure on that one, though I do believe you can run from a CD or USB stick without installing.
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23666696 - 09/21/16 10:49 PM (7 years, 4 months ago) |
|
|
Quick search looks like I can partition it and still keep OS X for updates. USP would be even better if that's possible. Really would like to try the Kali Linux although their site says it's not for beginners unfamiliar with Linux, so maybe I should start with Mint and work my way up.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
#23666717 - 09/21/16 10:56 PM (7 years, 4 months ago) |
|
|
And yes I do have a conspiracy theory that Tor was an has always been a government honeypot to snare all kinds of criminals. It's pretty much genius in terms of social control. Let the internet do all the hard work of bringing the criminals out to light right from their computers, I guess that's why they call it the dark net.
|
Sarah Tonin
Gardener Gone Astray


Registered: 04/01/14
Posts: 4,396
Loc: out rageous
Last seen: 29 days, 23 hours
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23666749 - 09/21/16 11:07 PM (7 years, 4 months ago) |
|
|
Hell yeah, makes perfect sense. My guess is that the only reason Wikileaks gets to keep a site up is that they promote the use of Tor, feeding the lambs up for slaughter.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: Sarah Tonin]
#23702352 - 10/03/16 03:09 AM (7 years, 3 months ago) |
|
|
The fifth estate is a pretty good documentary on wikileaks, I doubt they are doing anything but exposing the wires. Hell Assange is still in asylum which he probably will be for life.
|
h0ldthedoor
HODOR



Registered: 06/25/16
Posts: 510
Loc: North of The Wall
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: tdubz]
#23702993 - 10/03/16 10:01 AM (7 years, 3 months ago) |
|
|
Quote:
tdubz said: The NSA can surely crack VPN encryption can the FBI, I don't know again just depends on the severity of crime you are committing. Small drug buys might not warrant the need for the FBI to ask for the NSA's help but other stuff most certainly can. The NSA can hack and see everyone pretty much they are the master hackers after all. Even the masters get fucked once in awhile as was seen by the Snowden leaks and the Shadow brokers leak.
Do you have any proof to corroborate your claims? Assuming you're not referring to broken tech like PPTP with MS-CHAPv2, IPv6 traffic leakage or brain-dead "sysadmins" that lack the knowledge to properly configure a VPN (e.g. - using MD5 or SHA1, self-signed certificates, insecure key files, deprecated protocols.).
To recap; can someone, not just a nation-state actor, exploit a VPN? Yes, provided the target VPN was configured without following best practices.
Is there an fundamental issue with Virtual Private Networks that renders them useless, insecure or ineffective? No.
The fact is, your VPN is only as secure as the practices that were followed during implementation. That said, rather than depending on someone else (like a commercial VPN provider who is only worried about saving money and satisfying the lowest common denominator) to do things right, it is advantageous for a user to learn how to properly configure and implement a VPN and do so.
Best practices are aptly named. Failure to adhere to best practices will result in less-than-desirable results. Unfortunately, most (if not all) commercial VPN providers do not follow best practices for compatibility reasons.
--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you. – Petyr Baelish
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: A brief introduction to TAILS, Tor, GNUPG, Bitcoin, and VPN (The short, short version :) [Re: h0ldthedoor]
#23704165 - 10/03/16 04:09 PM (7 years, 3 months ago) |
|
|
I will have to dig through the NSA programs, but yes I can find the specific program they use in which they have claimed to be able to either decrypt or intercept most VPN data regardless of provider or set up.
|
|