[Vendor OPSEC Question] Using a remote server for all your dealings.

I have been thinking about renting a server or virtual server online where I can host any files that I need and access TOR to do my DNM activities.

Has anyone had any experience with this?

I would access it using a VPN then Remote Desktop in. I beleive is way would leave no trace on both ends.

Is this a good idea or am I missing something?

Any advice on this would be great, please don't comment with "Use Fucking Tails!", it's not appropriate in my position.


Comments


[1 Points] Wirless:

i doubt its safe those servers should or might be saving all logs of the machine currently used.


[1 Points] deliciousbuttermmm:

could be /r/darknetmarketsnoobs

problem with this is that it places trust in the VPN and remote server

either one could be keeping logs and reporting to LEO, or could be compromised during an investigation. same for your ISP.

you're probably better off keeping whatever files you need to store locally. what do you gain by remote storage that is worth giving up all physical security of your file storage and trusting VPNs and hosting companies not to keep records?


[1 Points] None:

Check out Darkhost. They have ads on Sigaint and they offer VPS hosting for $10 a year, and that includes .onion site hosting, SSH login, and full root access. You can pay in BTC and you don't even need to make an account.


[1 Points] Vendor_BBMC:

Yes, I was supporting Citrix metaframe and winframe thin client systems since the late 90s, as well as VPCs, I think you're onto a good idea.

don't worry, I'm not one of thoise PGP/ tails bores who doesn't want to think about OPSEC, and just tells you to use PGP and TAILS with a self-important air of superiority.

Those guys are jerks. I was in a meeting with a guy from GCHQ at work in the late 90s, where he told us we can never use PGP again because "we get your private key at the same time that you do". And yet, the whole darknet seems to run on 20 years-old consumer-level encryption.

The PGP bores have a go at ME, their edward snowdon, because they don't want to think.

I used to love using PGP when I was a young man. it made me feel like james Bond. But I'm a manufacturer / vendor now, I have to choose REAL OPSEC over comforting OPSEC illusion.


[1 Points] STB_KING:

Been thinking the same exact thing man. Good post


[1 Points] zero-sum_game:

Whonix can be setup to host a hidden service but if that's not what you want to use their blog on hidden services and VPS hosting is still worth reading. They cover the pros and cons on physical access and 3rd party hosting in detail

You might be interested in "antiprism.ca" it can be run off something a light as a raspberry pi. They talk about adding a webcam so you can watch your server even if you set it up in a remote location which I would recommend. Everything of course goes over your choice of Tor, i2p, VPN or you can layer them.


[0 Points] stormfayn:

What you're describing is pretty much the opposite of good OPSEC.

I have been thinking about renting a server or virtual server online where I can host any files that I need and access TOR to do my DNM activities.

Are you trying to say you're looking for a shell? Then you're going to have to think twice about that since the server could be offline or be compromised. This would further complicate things for you if the files in question are mission critical. You don't want to have to trust a remote host with your critical files unless you're hosting it yourself, and even then it's a very bad idea.

I would access it using a VPN then Remote Desktop in. I beleive is way would leave no trace on both ends.

Nope, bad idea. Also, I'm not sure what you're trying to say and I'm assuming you're referring to RDP into a Windows box of some sort? If so, then NOPE NOPE NOPE, quadruple NOPE.

Bottom line, keep your critical files locally available. You should probably revise your OPSEC tactics if you're a vendor on a market doing your business over a Windows machine. It pretty much defeats the purpose of using TOR.


[0 Points] None:

You could build your own server you know. Something for minimal latency rates of course. Not like you are trying to play a game through it after all. It would kind of just over justify your drug operation though.