Anonymity/Privacy

If you're DPR or a really big vendor, what would you be doing to prevent Big Brother from tracing/getting to you? Aside from a VPN/TAILS/PGP, what else could you be doing to protect yourself?


Comments


[3 Points] None:

Vendors should have tor on dedicated hardware + firewall that drops all non-Tor traffic (PORTALofPi by /u/thegrugq), VPN + Firewall (pfSense) that drops all non-VPN traffic, and the uplink should be an anonymous 4G Dongle, with a prepaid SIM.

Everything bought with BTC/Pre-Paid Debit, with bogus names/info.

You should have a single dedicated client (cheap laptop hard-wired to PORTAL of Pi), that is not used for anything personal. Ever. Nothing that is typed into any other computer, should be typed into this computer. (No re-using old emails, no resusing screen names. Everything completely new and unique).

All personal things should be done on separate hardware, that has separate connection.

No sharing VPN accounts, no sharing ISP/Mobile accounts. No sharing PGP keys. No re-using passwords. No re-using password managers (LastPass).

Clients should be hardware encrypted, and full-disk encrypted, with encrypted containers to hold sensitive data, like email databses and password databases.

Everything should require a YubiKey to unlock/decrypt/login. You can create a 64 character static password that is stored in the Yubikey. Then, when you create unique random passwords, you concatenate the 64 character string onto the end.

So your passwords should have a format similar to this [PassPhrase You Can Remember, using UPPER, lower, D1g1ts, and Speci@! characters] + [64 character Yubikey string].

Now any attacker needs something you know (passphrase) plus something you have (yubikey).

All of this is only scratching the surface of what you should be doing if you are a serious SR Vendor.

Every USPS package is photographed. All they need to do is spot one package going to a buyer, then wait for the next one to come. Now they have two packages. Then know when and where each package was shipped.

They cross reference the video footage from the Post Office.

Bingo. There is one person that went to both, on exactly the days that the two packages were shipped.

Now they have your face on camera and a pretty good idea of your general location.

To combat this, serious vendors should have a stable of couriers and rotate them around, while also rotating your P.O. usage.

Those couriers themselves should be dressed as unremarkable as possible, and should alter their appearance as much as possible from one visit to another. Using hats, wigs, leg braces, colored contacts, altered facial hair, etc etc

It also helps to wear a single thing that draws people's attention. Something like a bright scarf, or bandana, or a shirt that says something funny. This way people's focus is directed someplace other than your face. They may remember your shirt or your weird bandana. But they will not recall any other details about you.


[1 Points] reaperx2:

Hide in a bunker in a country with no extradition treaty with the USA.


[1 Points] WG47:

Don't use any nicks/email addresses you use for dodgy stuff anywhere else.

Pay for your VPN anonymously.

Use multiple VPNs.