Thread replies: 23
Thread images: 3
Thread images: 3
Anonymous
Further improvements to my personal security/OPSEC 2017-03-11 08:12:38 Post No. 59345369
[Report] Image search: [Google]
Further improvements to my personal security/OPSEC 2017-03-11 08:12:38 Post No. 59345369
[Report] Image search: [Google]
File: youvebeenvisitedbyanonmangoodthingswillhappenifyoureplyontopicwithoutreferencing.jpg (44KB, 478x720px) Image search:
[Google]
44KB, 478x720px
Further improvements to my personal security/OPSEC
Anonymous
2017-03-11 08:12:38
Post No. 59345369
[Report]
I've been security-aware for quite some time now. Problem is, I think I've reached my limits, despite being told that enough is never enough. (and for me, it isn't)
So, here's my personal arsenal as of right now:
OpenBSD. Use it to access E-Mail, IRC, XMPP, etc. All through TMUX, Xenocara isn't installed. Installed on a P4 (no intel ME). E-Mail is encrypted using GnuPG. XMPP is encrypted using OTR. IRC comms for things like #chat are done over plaintext+SSL. pf is considered reasonably. I use DNSCrypt.
My router. runs fully foss/non-blobbed firmware. I use it as a hardware firewall. Uses WPA2/PSK. Very strong password, obviously.
My "alt-machine"
Runs Debian Sid, uses GrSecurity, hardened sysctl values, generally lots of auditing and security software installed, rkhunter, debsums... etc. Does have XOrg, only purpose is the use of the Tor Browser to view websites Anonymously. I usually use this machine to read the news, check the forecast, and shitpost.
My "main machine"
Debian GNU/Linux. Due to it running stretch, I cannot use GrSec without compiling the kernel. I've made a compromise here and decided to use apparmor instead.
It uses the Pale Moon web browser, with uBlock Origin, HTTPs Everywhere, Self Destructing Cookies, along with Greasemonkey installed. I also use "user.js hardening stuff", not sure of the exact name of the repo. This machine also shares sysctl values with the "alt-machine". It's also filled with auditing software like debsums.
Like the other machines, all DNS queries go through a log-free OpenNIC+DNSCrypt server. All my traffic is forced HTTPs, all HTTP traffic is dropped at the hardware level. I constantly monitor and audit all of these systems for anything suspicious, and maintain them all.
How do you think I could expand upon my personal security hobby, /g/?
>>
I think you should end yourself
>>
>>59345395
Is the CIA mad?
>>
>>59345369
What do you use for encryption on your HDDs? Do you encrypt /boot?.
Consider VPS and your own private network with ssh.
What about cryptocurrencies?
Debian has systemd, have you considered Devuan with security patches or Hardened Gentoo?
What phone if any and what measures are you using to protect yourself?
Have you checked the wigle map to see if your wifi network has been added?
What exit nodes do you use when using Tor? I'm skeptical to consider this private and secure, I'd rather ssh to a VPS in a 'safe' and 'privacy valuing' country.
Do you have fake identities to fool NSA/CIA?
>>
>>59345512
>What do you use for encryption on your HDDs?
Not sure what OpenBSD uses, but I know that as far as GNU/Linux goes, I'm usingaes-xts-plain64
>Consider VPS and your own private network with ssh
Sounds interesting.
>Cryptocurrencies?
Bitcoin, Bitcoin, Bitcoin.
>Debian has systemd.
I use sysvinit. systemd has been fully removed.
>What phone do you have?
None.
>Have you checked the wigle map?
No, I should.
>What exit nodes do you use?
I connect over a bridge located in switzerland, and I limit my nodes to those in iceland.
>do you use fake identities?
Only online.
>>
>>59345567
Pretty happy anon. No phone is a big one. Now you just need to maintain physical security measures and verification to ensure no physical tampering has come to your systems while you're away.
>>
>>59345671
My PC cases/keyboards are glued shut with a tamper evident.
>>
>>59345692
Booby trap PC so if they try plug in USBs or physically get to HDDs they can get fried.
>>
>>59345369
The problem with going that far is you most likely redflag yourself for being an outlet, which leads to more target inspection.
There is always a way in.
Me, I prefer the grayman. Use the most common...well everything, but monitor output.
Imo, blending in is better than standing out, even if you are in a tank.
>>
>>59345750
For being an outlier* (not outlet)
>>
>>59345750
What if you're already being watched ;)
>>
>>59345750
>On 28 December 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Tails on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace, RedPhone, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."
>>
>>59345369
>>Further improvements to my personal security/OPSEC
>How about you don't post about it on 4chan
>>
>>59345820
Schneier doesn't even use Linux as his main OS
>>
>>59345818
>near total
Not complete though, furthermore, a power point slide, even internal, won't contain eyes only info.
>>59345811
No more so than a billion other people.
>>
>>59345848
>a power point slide, even internal, won't contain eyes only info
yes it will, thats the entire point of having things at different security clearances.
>>
>>59345848
Yes they would. You still brief big dicks with powerpoint and shit.
>>
>>59345369
I'm a diagnosed paranoid schizophrenic and even I'm not this bad, if you seriously feel the need or feel unsafe without this level of security consider a mental assessment
>>
Anyone have any up to date guides a newbie could use in regards to internet anonymity, encryption and set up. I've been out of the loop since truecrypt became unreliable and haven't used tor for years.
>>
>>59345369
Dare I ask why, though? Do you have an actual reason for this level of security/paranoia or is it just because you don't have anything better to do with your time?
>>
File: 1483251864237.jpg (252KB, 466x732px) Image search:
[Google]
252KB, 466x732px
>>59345369
Wouldn't it be more secure to use something like tails on your laptop (disconnect all computers from internet at home) and use it only in free wifi places, each day switching place?
Ofcourse, use addon like behavioral-keyboard-privacy, or write your own script/program.
>>
>>59345369
You can use both TLS and OTR for IRC.
>>
>>59345369
>discussing your opsec in public
Thread posts: 23
Thread images: 3
Thread images: 3