Silk Road forums

Discussion => Newbie discussion => Topic started by: helpmywife on July 18, 2013, 07:15 pm

Title: TAILS or Incognito Gentoo? Why?
Post by: helpmywife on July 18, 2013, 07:15 pm
also:
1)which one is better?(opinions) Y?
2)why do i want one not the other?
3)whats the major differences?
4)does TAILS automatically do all the deleting and forgetting that people usually don't do on windows or Incognito Gentoo?

thanks everybody!
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: Rocknessie on July 18, 2013, 07:35 pm
Windows is better.

Largest range of VST & VSTi modules, be they free or payware.


If you're not making music another OS might be better though. ;-)
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: helpmywife on July 18, 2013, 07:38 pm
maybe i shoulda been more specific, but this has NOTHING to do with making music.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: Rocknessie on July 18, 2013, 07:47 pm
But it's a big part of my OS choice!!
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: helpmywife on July 18, 2013, 07:54 pm
yea your PLEASURE OS, what about the OS you use for illegal pleasures? i hope your not using the same one you make music on sir!
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: ingloriouslibertine on July 18, 2013, 08:01 pm
TAILS by a mile.  "Incognito" browsing leaves plenty of traces behind on whatever machine is being used, and TOR itself can still have transmissions intercepted at exit nodes.  You are also vulnerable to other various methods of attack such as  keyloggers, rootkits and the like.

Tails leaves no record whatsoever on your machine,  and only stores data in an optional "persistent" portion of the drive designed to keep programs or documents you might need accessible while using it.  This is useful for (encrypted) text files containing passwords and links, BTC wallet information, etc.

Even with tails, it makes good sense to make use of additional security layers such as vpns and proxies.  The entire USB drive you run TAILS from should also be encrypted with a program like Truecrypt in case of physical seizure or scrutiny.    Although it should go without saying, you also have to be sure to keep seperate your personal web-browsing from your torrified quasi-anonymous sensitive browsing.  No checking e-mail or social networks, no looking at anything that could give geographical clues as to your location (news, weather, googling businesses or addresses, USPS tracking, etc).  In fact, any kind of clearnet browsing through TOR carries the risk of undermining or negating your anonymity.  Running day-to-day plugins like flash and javascript or downloading files is also very unsafe, in case you weren't aware.

I really don't mean to come off as a dick by saying so, but if you had to ask this question you should probably do a bit more research on the subject.  Even with TOR and using a secure live OS with no data retention, TOR has vulnerabilities and weaknesses that can easily be overcome if you take the time to understand what they are, why they exist, and how they can be liabilities to your dealings on the darknets.  The (largely un-finished) guide in my signature might contain a few pointers for you, especially since it looks like you're already ok with using linux.   I also have a veritable library of bookmarked articles and tutorials from various sites and forums on just about every aspect of security, anonymity, and cryptography, so if there's anything in particular you want to learn the innerworkings of, I'd be happy to help wherever I can.  It may seem a bit overwhelming at first but it's actually not too much to digest if you have good resources (like these forums).  Just remember you're at the beginning of a journey, and the end result of your dealings on this site and others like it can either be very positive or very, very negative.  It's worth the time to learn how to walk safely.

Welcome to the Road!


Some reading (all clearnet!)

http://anoninsiders.net/simple-vpn-guide-623/index.html

http://geekyschmidt.com/2011/02/22/tor-vpn-a-simple-explanation

http://stackoverflow.com/questions/9223410/how-do-i-use-tor-as-system-vpn-and-cut-out-some-nodes

http://www.zoklet.net/bbs/archive/index.php/t-18744.html

https://whyweprotest.net/community/threads/using-tor-in-order-to-surf-anonymously.69264/

Title: Re: TAILS or Incognito Gentoo? Why?
Post by: ingloriouslibertine on July 18, 2013, 08:03 pm
Windows is better.

Largest range of VST & VSTi modules, be they free or payware.


If you're not making music another OS might be better though. ;-)

Stop speaking.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: helpmywife on July 18, 2013, 08:19 pm
Re: TAILS or Incognito Gentoo? Why?
« Reply #1 on: Today at 07:35 pm »

    Quote

Windows is better.

Largest range of VST & VSTi modules, be they free or payware.


If you're not making music another OS might be better though. ;-)

get the fuck out of here troll somewhere else. or take part IN THE CONVO.

now  yea i agree i get tails tomorow, ima little new at this, i had to make a new name and therefore start over on posts figured good for noobs and vets on sr who are noobs with tails! thanks for the info btw what do you reccomend i put on their (tails i assume is its own OS) so TOR Suite, is there a way to do anonymous file transfer? i2p?? idk...
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: PrincessButtercup on July 18, 2013, 08:50 pm
...

Even with tails, it makes good sense to make use of additional security layers such as vpns and proxies. 

...

You present some excellent points, but I don't agree with this point regarding TAILS and vpn's. I can see the value to an anonymous vpn for clearnet, non-Tor, browsing, but when using Tor the vpn becomes a liability. I know vpn services promise anonymity, and one can pay anonymously with btc, but the vpn is vunerable to gov't warrants (often secret) which can expose a user - privacy by policy. Using TAILS with Tor bridges seems a better solution to me ... privacy by design (hat tip to astor)
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: ingloriouslibertine on July 18, 2013, 10:07 pm
...

Even with tails, it makes good sense to make use of additional security layers such as vpns and proxies. 

...

You present some excellent points, but I don't agree with this point regarding TAILS and vpn's. I can see the value to an anonymous vpn for clearnet, non-Tor, browsing, but when using Tor the vpn becomes a liability. I know vpn services promise anonymity, and one can pay anonymously with btc, but the vpn is vunerable to gov't warrants (often secret) which can expose a user - privacy by policy. Using TAILS with Tor bridges seems a better solution to me ... privacy by design (hat tip to astor)

What you're talking about is a complicated and often misunderstood "trade-off" that has been an ongolng debate for years now.....the safety trade-off isn't in combining the services themselves, but in the order you combine them in.

What you have to remember is that Tor is for anonymity, not privacy.  Everything you send can be intercepted at the exit node level, but there will be no identifying information accompanying it if you are taking proper precautions.  This is why we encrypt our addresses with PGP before sending them to a vendor, for example.   Tor alone will make you anonymous in that the information you're sending and receiving isn't tied to you...as long as you're not sending identifying information at the same time.  It becomes a lot harder for anyone interested enough to "put the pieces together" and figure out what is coming from where if you're in a geographical area where a lot of other people are also using Tor...but if you're in a small town in central Nebraska, it may warrant more careful consideration.

The main (but not only) reason you'd want to throw a VPN into the mix is to hide the fact that you're using Tor from your ISP.  I can see this becoming more and more of an issue as time goes on, especially considering what my country is up to these days as far as surveillance and data-harvesting goes.  I don't think the day is too far off when being found to "hide" behind anonymous services to browse the internet will be enough to lead to increased scrutiny by LE.  Even as it stands now, though the ability for LE to show evidence of Tor being used by a defendant caught up in a CD or something similar isn't evidence per se, it definitely doesn't help our hypothetical SR user's plight any.

Using a VPN-->Tor setup, your ISP wouldn't have a clue what you're doing, and all your VPN would know is that you're using Tor.  You are still at risk of being intercepted at malicious exit nodes, but again, if using safe browsing habits and not revealing enough about your identity through your web traffic you are little if any risk.

The other option would be to run Tor-->VPN, which then would provide end-to-end encryption and eliminate the risk of being compromised at the exit node level, but instead leave your connection vulnerable to your VPN provider.  In this scenario, your VPN provider would only have the potential to see what is sent, and not where its coming from, as your IP address is safely hidden behind Tor.  Yet again, as long as you don't send anything to identify yourself  and pay for the service anonymously, you cannot be identified.

For my money, I'd much rather run the risk of a VPN provider located in a country that doesn't pander to my government's requests for assistance in intruding my privacy having my info than having any ISP located in the country I live in even knowing that I use Tor in the first place.  The added security of safety at the exit node level is well worth the potential trade-off of a VPN having the ability to put the pieces together; first they would have to want to in the first place, and second you would have to give them enough information to do so.

However, the whole trade-off can be completely ignored if someone wants to take the extra bit of effort to connect through a proxy as their last stage before data exits their network.  VPN-->Tor-->Proxy is the magical trinity of anonymity...with this setup, our router isn't making a connection to our VPN, and therefore the information being transferred is hidden from both ISP and VPN, and our exit node traffic is encrypted end to end.  A proper proxy in conjunction with a VPN will encrypt all session data to a temporary encrypted area of the clients disk, effectively hiding it from both ISP and VPN and securely destroying it at the end of each session.  Oh, and since the proxy effectively handles all DNS queries, in this setup those are securely logged and purged at the end of each session.  This can all be done on one machine running both the VPN and proxy sevices on VM's and spoofing the MAC address of both your router and your host machine.

I'm glad you mentioned the perceived risk with combining Tor with a VPN....outlining the above setup (VPN-->Tor-->Proxy) is the ultimate goal of the guide that I have in my sig, and having to write this all out here has given me a good starting point to finishing a project I've been neglecting.   

Title: Re: TAILS or Incognito Gentoo? Why?
Post by: Rocknessie on July 19, 2013, 12:21 am
get the fuck out of here troll somewhere else. or take part IN THE CONVO.

Trolling is looking for trouble which I just don't do. I only answered a question. In the newbie forum no less, not on the site proper.

If the heart of the question is what secure OS do I use? The fact remains it's Windows because I only got the one PC and I do like making music. And the thought of split-booting an OS with established boots/programs on it makes me want to pee blood.

Putting up layers of security is, surely, only really necessary if you're doing dealing and dealing large.

We already know PGP has been broken by the NSA. My thought is they have automated systems looking for encryption they have yet to successfully hack and that alone would pique their interest. Why become NSA-bait with encryption that alerts and entices them?

The non-NSA end of LE don't have a clue. Just a TOR browser and they're stuffed. They're much more likely to profile a package than hack you to your home.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: CannabisConsumer on July 19, 2013, 12:36 am
get the fuck out of here troll somewhere else. or take part IN THE CONVO.
We already know PGP has been broken by the NSA.
This would take a HUGE amount of processing power for anything over a 1024 bit key.

Most users have 2048bit-4096bit keys.

I'm not going to say that the NSA has never bruteforced a PGP key but the amount of resources it would take would not be used on a civilian. I can say for certain that the NSA does not just sit around bruteforcing keys all day.

Maybe in 20 years when proper quantum computation starts to emerge but thus far onyl 512qubit ones exist which is basically nothing.

If you have contradictory information i'd love to see it.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: helpmywife on July 19, 2013, 01:40 am
CannabisConsumer, once i set up tails ill be able to set up a key and choose the bit encryption correct?
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: ingloriouslibertine on July 19, 2013, 01:51 am
get the fuck out of here troll somewhere else. or take part IN THE CONVO.

 In the newbie forum no less, not on the site proper.

If the heart of the question is what secure OS do I use? The fact remains it's Windows because I only got the one PC and I do like making music.

Putting up layers of security is, surely, only really necessary if you're doing dealing and dealing large.

We already know PGP has been broken by the NSA.

The non-NSA end of LE don't have a clue. Just a TOR browser and they're stuffed. They're much more likely to profile a package than hack you to your home.

Newbie forum is more important than the site proper, as it's read primarily by people who don't yet know what they're doing.

The post was concerning security, not about your lack of caring whether or not you cover your tracks for the sake of yourself, your vendors and those around you in life.  If you've ever used an internet forum before you should know that it is considered BM to derail or reply needlessly if you have nothing to contribute to the conversation the original poster is trying to start.

LE generally gets to dealers who are smart enough to put up those layers of security by getting less intelligent members of our ranks such as yourself to roll over when they get caught as a result of their own ineptitude.  This may not be as true of the Road as it is IRL but the idea is the same.  Bust enough kids like you, and the "web of trust" that keeps services like this possible disintegrates.  If they take down the road and all other similar services in our lifetimes, it'll be because they were made too risky and unreliable to do business on by people who think like you.

Not only do you apparently not know a damn thing about PGP, you couldn't even be bothered to verify the accuracy of the (mis)information you've come back to waste a little more of everybody's time with.

No response needed for the last sentence, I've covered all bases already. 

It must take some balls to spout your worthless drivel and then come back to give neg karma to someone who took the time to post a fucking essay in order to help the members of site who actually care about protecting their freedom and the freedom of those they associate with.  Not everyone shares your indifference at the prospect of being locked away in a cage for a long time, nor your desire to actively disrupt meaningful conversations that may ultimately help keep newer members from occupying a cell across the one you may very well be in 6 months from now by the sound of it.

Maybe Nietzsche was right about widespread literacy among the uneducated being disruptive to the greater good of a given society.  His point was something along the lines that people whose words were worthy of being heard by others would be drowned out and disrupted by the words of those who shouldn't be speaking in the first place.  I can think of no better metaphor for the Road when I see threads like this.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: ingloriouslibertine on July 19, 2013, 02:19 am
I got your PM, help.  Send me a time when you'll be free tomorrow or maybe 8-10 hours from now and let's jump on torchat.  That'll probably be the easiest way to get you started.  Anyone who comes across this thread and could use a primer on the things being discussed here can PM me and I'll let you know when we plan on going over everything.  Could be a nice little study group if anyone is interested. 
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: PrincessButtercup on July 19, 2013, 11:45 am

 ...

The main (but not only) reason you'd want to throw a VPN into the mix is to hide the fact that you're using Tor from your ISP.  I can see this becoming more and more of an issue as time goes on, especially considering what my country is up to these days as far as surveillance and data-harvesting goes.  I don't think the day is too far off when being found to "hide" behind anonymous services to browse the internet will be enough to lead to increased scrutiny by LE.  Even as it stands now, though the ability for LE to show evidence of Tor being used by a defendant caught up in a CD or something similar isn't evidence per se, it definitely doesn't help our hypothetical SR user's plight any.

...

Thanks for this. I completely agree with you on this point (I think we will see legislation that enshrines some form of guilt by 'darknet' association in the not too distant future -- all enacted to keep us safe of course  ???).

But assuming I stay within Tor, don't Tor bridges hide the Tor entry from a curious ISP?

pb.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: helpmywife on July 20, 2013, 02:09 am
usps fucked up my usb sticks get here mon or tuesday somehow its in the wrong state?!?!? lol atleast it never happen with sr package
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: ingloriouslibertine on July 31, 2013, 08:06 pm

 ...

The main (but not only) reason you'd want to throw a VPN into the mix is to hide the fact that you're using Tor from your ISP.  I can see this becoming more and more of an issue as time goes on, especially considering what my country is up to these days as far as surveillance and data-harvesting goes.  I don't think the day is too far off when being found to "hide" behind anonymous services to browse the internet will be enough to lead to increased scrutiny by LE.  Even as it stands now, though the ability for LE to show evidence of Tor being used by a defendant caught up in a CD or something similar isn't evidence per se, it definitely doesn't help our hypothetical SR user's plight any.

...

Thanks for this. I completely agree with you on this point (I think we will see legislation that enshrines some form of guilt by 'darknet' association in the not too distant future -- all enacted to keep us safe of course  ???).

But assuming I stay within Tor, don't Tor bridges hide the Tor entry from a curious ISP?

pb.

Hey, haven't been on the road in quite a while, just now saw this.  Honestly, I don't know as much about bridges or how exactly they work as I do about the old tried and true VPN/ProxyTor setup.  I remember reading about the pros and cons of bridged vs vpn back when I was first getting into all this, but I don't remember enough to even fake my way through an answer :-p You've got me curious though...I'll brush up and post back here with what I find out.


OP, how's TAILS working out for you?
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: Raguel on July 31, 2013, 08:18 pm
i use tails now, i used to use the tor browser bundle on windows.

when you get raided they have a little thing that plugs into all your comps and sees if tor has ever been installed on your computer, even if you uninstalled. then they take the ones that have tor on them for further inspection. i dunno about you but i dont want cops looking through everything.

tails you just use it when you need it and take it out so you dont have that problem.
Title: Re: TAILS or Incognito Gentoo? Why?
Post by: jjr5288 on July 31, 2013, 08:25 pm
Why can't we be friends?