What with that Oregon thing, I think it's time for a primer on digital safety. You don't want to be caught with something that shouldn't be illegal but is.
First steps:
• If you use a web browser for anything associated outside of incognito mode, use a portable browser and store it in an encrypted disk or container. Opera and Firefox both have good portable versions; Chrome's doesn't work too well due to the way it's built. Opera's build on the same Chromium base as Chrome, so I recommend that if you like Chrome.
• Don't post any personally identifiable information. Country is probably fine in most cases, but state is iffy, and definitely avoid identifying your city unless you're in a tightly controlled and private community.
• If you're the sort of person to go looking for things, don't do it on Craigslist. If you just want people to talk to about it, it's probably fine, but there are way better resources for that.
• If you're the sort of person to make recordings of yourself, keep them in an encrypted disk or container.
• If you're the sort of person to post photos of yourself online, censor the hell out of them. Use black bars, not blurs or other reversible things. Remove EXIF data from your photos; you can do this easily on Windows by selecting your picture, choosing "properties", going to the "details" tab, clicking "Remove Properties and Personal Information", choosing "remove the following properties from this file", clicking "select all", then OK. Watch out for identifying details in the background.
• If you're the sort of person to post videos of yourself online, censor the everloving fuck out of them. Pirate Adobe Premiere and learn how to use it if you have to. If you say someone's name, bleep it out. Put a moving black box over your face if you're not wearing a mask. Put moving black boxes over the vicinity of any tattoos. Put moving black boxes places where there aren't tattoos. Don't post videos of yourself online. Keep them in an encrypted disk or container if you have to keep them.
And finally, encrypt your shit properly. Use full-drive encryption for extra safety; Bitlocker works well for this on Windows. Use (preferably) Signal, or (if you prefer something with furry/zoo group chat) Telegram for messaging involving anything troublesome. Don't use Truecrypt or Veracrypt. Neither are fully trustworthy. Using Bitlocker on Windows, you can encrypt a drive, or make a Truecrypt-style encrypted disk container that mounts (heh) as a virtual drive when you open it. Do this even if you use full-drive encryption already; someone might need to log into your computer at some point, and you don't want them finding your things. Here's how to do it on Windows 10, which you ought to be running:
- Open Disk Management from the start menu.
- Action > Create VHD.
- Choose a location for it, and a maximum size of 1 gigabyte or larger.
- Choose "VHDX" and "dynamically expanding"; this way if you don't fill it up, it'll only take up as much space on your hard drive as is used inside it. Click OK.
- Find the disk entry that'll just have shown up, it'll say "Unknown", the disk size, and "Not initialized." Right click and choose "Initialize Disk". Make sure GPT is selected.
- Right click on the unallocated partion next to the disk and choose "New Simple Volume..."
- Click "Next" twice, and choose either a drive letter or a folder to place your files in when the drive is mounted. Click next.
- Choose a label for the drive, if you like; I recommend also enabling file and folder compression. Click next, then finish.
- Your drive is now mounted, but is not yet encrypted. Right-click on it and choose "Turn on Bitlocker".
- Chose "use a password to unlock the drive" unless you have a smart card and reader for some reason and are ready to eat the smart card should Sherriff Joe come a-knockin'.
- Use a secure password. I recommend something from a secure random password generator. If you can help it, don't use mnemonics; choose something that'll be extraordinarily difficult to brute-force. Don't write it down. Don't store it in a password manager. Don't put it in a text file and hide it in your Windows folder. Forensics tools can find that.
- If you absolutely must save a recovery key, save it to a flash drive or (preferably) write it down on a piece of paper and fucking wall it up in your house like you're Montressor and it's Fortunado. Bury it in the woods. Engrave it on the underside of your car's oil pan. I don't know. Otherwise, just save a file (it won't let you proceed without doing so), open that file, overwrite the keys with garbage, save it, and delete it. (For extra security, use a free-space overwriting program to destroy any remnant data.) Click "next."
- Choose "new encryption mode" unless you want the file to be readable on Windows 7 for some reason. Click next.
- Choose "start encrypting." Wait a bit.
- Your container is now ready to use! Mount it again later by double-clicking the file, then opening the mounted drive and entering your password. Right-click on the drive and choose "eject" to unmount it.
I hope this helps some folks. If you have any questions, feel free to ask, and I'll do my best to answer them.
edit: apparently the subreddit CSS doesn't support ordered lists or numbered lists so I half-assed my bullet points and gave up. sorry it's a bit hard to read.
[deleted]
Trust me, no one is tracking you. Nobody gives a fuck.
Trust me, you're wrong. Plenty of people give a fuck.
While I agree that most people are safe because they're not worth the time or effort, I have to side with Rannoch here.
It's not that hard to get some basic information if you're sufficiently tech-savy, it's just hard for individuals to correlate that information with other data(1). That said, there's a lot one can do with a little information and an investment of time.
A quick comment on the OP.... The best defense against incriminating evidence is not to collect or create it in the first place. Encryption will typically make it hard for all but the most dedicated of attackers.
1) It's less hard for businesses, especially large ones. Think of when Google took over Youtube and linked all those youtube accounts to Google accounts. All that metadata that can be collected and mined may not be accessed today, but with each year the ability to collect and process it grows.
I use a sed (self-encrypting drive). It keeps people from randomly logging into my home system and I turn it off when I'm not using it. If you don't know my preboot password, you aren't getting on my machine or drive. Don't matter who you are.
Veracrypt is good, short of that. I can't advise bitlocker honestly, because better solutions exist for free. But it's probably fine as no one is going to reveal a backdoor over zoo stuff.
I am curious why you claim Veracrypt is not fully trustworthy. It's far more audited than bitlocker, and the results have been positive.
Also:
Horrible advice as undeleting your recovery key is a cinch.
Moreover, even if they don't give one now, there is no guarantee they NEVER will, and as we all know, data is being logged and scraped and correlated and analyzed like never before.
I agree most people don't face a whole lot of risk, but somewhere between "no security" and "not wanting to leave the house" there lies a comfortable medium for each person to choose.
tell that to the people who've fallen into various stings on craigslist or been arrested because someone recognized them in a video
There's also a VA detective who used a "reverse-photo lookup" to ensnare people (facial recognition tech); the photo of their face was the same as it was on their Facebook profile.
Somebody should bait and switch the detectives, then sue the shit out of them!
;)
I have made my own program to encrypt single files. I won't give you source code or exe because it is on github, too risky. But I can explain how used algorithm works if someone is interested. It's very simple and hard to decrypt especially after adding some salt.
please explain your algorithm
edit: and why rolling your own crypto is somehow better than using AES
I'm not saying it's better. I just like to know exactly what is going on. Encryption is based on XOR. You need two seeds as password or generate them from password. Use first seed to start generating random numbers, get mod(256) from next random and XOR it by first byte of file. Repeat to the end of file. Then do the same thing but from end to front using second seed. That's all, or you can add some random bytes at known positions to make cryptogram harder to analize.
So you're using two 32-bit keys (usual size of a pseudo-random number generator seed)? That shouldn't take more than a day to crack.
note that I'm doing it from both sides, so to decrypt one character you have to generate at least one string with size of file and this one character. To decrypt 1kB png using my computer and decrypting only meta data I need a few milion years... Theoretically you can be right, but you have to find a way to very quickly get nth number from specific key.
This is a great example for this conversation. Instead of saying "I wrote this but I won't share it because it's on github," next time just say "have you seen this encryption program on github?"
emm... Bad idea. Github stores information about viewers and there aren't many of them. Next time I'll try to upload it from completely different user through tor, so then I should be able to safely show repository.
Tightening the tin foil hat a little...
Signal (at least on Android) relies on Google messaging infrastructure, and the security of the Telegram backend and key robustness is not exactly above reproach.
Telegram has its quirk about wanting a phone number. Even if you're smart enough to avoid giving your personal number, most VOIP providers require some evidence of your identity.
One last point: If you do anything in the presence of others (even chatting), your privacy depends on what they do, too. While it's nice to hope that everyone you meet is friendly, competent, infallible, and will remain so until both of you die, you never know.
The fact that Signal relies on GCM whould not be a big issue since all the traffic is encrypted. However, applications that require phone verification should be avoided.
There are no mobile messaging applications or protocols I trust myself. XMPP with OTR support comes close but fails because of many reasons.
All the traffic is "encrypted," anyway. :)
OpSec isn't paranoid. It's safe. In a world where being caught can mean anything from incarceration to a situation where your loved one is forcibly taken from you or even euthanized, you owe it to yourself and to your partners to be as absolutely safe as possible online and elsewhere.
Oh yeah, you left off what should be at the top of the list.....
Don't use email or other accounts that are tied to your real identity for zoo related accounts. It seems like such a simple, silly thing, but it happens so frequently.
How about not recording yourself in the first place....
or about yes, record yourself, but hide your face and make sure to store the videos in a veracrypt volume/drive.
That's a decidedly more complicated option, but yes, if you must it is an option.
Lack of evidence is always easier than hiding evidence.
Heres my guide. Dont talk about it, dont record it. Boom problem solved in two easy to follow steps.
Much like how abstinence solves the problem of most STDs and unwanted pregnancy. We see how effective that is.
What about Tor Browser, and specialized operating systems (such as Tails and Whonix)?
And is VeraCrypt really not to be trusted? Because I thought VeraCrypt was one of the best (encryption software).
I assume what you said about EXIF has to do with metadata. Some metadata (of photos) contains GPS coordinates. A computer program can remove that data.
I think veracrypt is okay, as long as you use the right settings. Tor is pretty much no longer secure.
Tor is plenty secure, unless you are VERY VERY wanted, like on a federal level. Zoos need not qualify, at least not yet.
Veracrypt is way more trustworthy than this horrible bitlocker advice (which may even leave the recovery key in free file space), trust me.
Personally, i think Veracrypt is more trustworthy than any other encryption program. It's even been security-audited. No other freeware encryption program can claim that.
You could argue that using operating systems that make heavy use of telemetry or have integrated tracking systems (eg Windows 10 or Android) is completely off limits if you are any serious.
Using a Tails operating system installed on a flash drive with encrypted persistence is most of what you need to be covered as far as digital security is concerned. Every data that goes out of the operating system is anonymous and every data stored (if any) is kept encrypted. That said, people always screw it up because they give personal information away on websites, or do stupid things that completely break operational security even if their digital systems are mostly bullet-proof.
If you are really serious, you need to build up a separate identity using an anonymizer. Create accounts that are independent from your real identity and cannot linked to anything you do as yourself. I encourage everybody to do this for practice even if it is found not to be needed... when you find yourself in a situation in which you need it, you'll be glad you know some basic security kung-fu. Sure I can count with the fingers of one hand the number of times some friend or employee got his ass saved because he followed tin foil hat opsec procedures, but fact is that just one is enough if your ass is the one being saved.
Any linux distro is fine in my opinion (minus ubuntu).
That line is enough for starting a good distribution war, you know.
I agree that getting some practice with any Linux distribution, or BSD operating system, is a good thing. Even if you end up disliking them, at least you will be a step closer to not being a computer illiterate.
Fortunately, I don't plan on pissing off the NSA anytime soon.
Is Tails (operating system) better than Whonix? (Whonix is based on Linux, but runs within a person's Windows/Mac).
I have no experience with Whonix. Tails could run from a Virtual Machine using a Windows or Mac host if need be.
Tails is a very well crafted system. Its developers have put a lot of thought about the way its components are put together. There are lot of design decisions made in order to prevent identity leaks and limit the damage in case of system compromise. Its biggest issue is that it is hard to customize, since all the security cruft is preventing many activities from happening. I personally doubt that there is anything that comes close to its quality when it comes to anonymizing software bundles.
I shall have a look at Whonix and give you an informed opinion later.
After some testing, I can certainly see some merits to Whonix hosted in a Qubes system. The approach is very bulky, since a lot of things are going on in the system at once, but processes get good isolation. I don't think that Whonix running under a Windows host is as solid, because the host itself is more vulnerable to compromise, and if the host is taken, so are the virtual containers.
Tails has a simple design, so breaking operational security by mistake is hard, but if anything within the system is compromised by malware, it could suffer a bit more than Whonix under certain scenarios.
A comprehensive comparison cart has been elaborated and can be found here: https://www.whonix.org/wiki/Comparison_with_Others
If you're on Mac, you can make an encrypted disk image using Disk Utility. Select "sparse image" and 256 bit AES. You need to give the size in advance, but using a sparse image means that the file won't actually be the full size when empty (its just the max it can be). Once the image is made, just double click on it to mount it (you will have to enter your password). Then right click on the drive icon and select "eject" once you're done.
This is a good way of hiding files on your computer even if you're using it, since the files can't be accessed unless you explicitly open the image and decrypt it.
Always pick a strong password. Good crypto doesn't matter if the password is weak.
You can even hide the disk image further by using the
chflags hidden <file>to hide it from the Finder. But you'll have to use theopen <file>command to open it now.that just makes it WAY easier to narrow you down, and just increases the consequences for you. They could easily talk to the head of that community and either get an investigation going or get you kicked out