/tech/ - Technology

Brought to you by archive.org

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images


(115.40 KB 1600x900 douglas_rushkoff.jpg)
List of Security and Privacy Best Practices Anonymous 08/16/2017 (Wed) 08:52:20 [Preview] No. 10740
Following the other thread, here's the first version of the list:
- Tor hidden service: http://hjvx7xg3n4ejezmh.onion/
- 'Clearnet' Mirror (no styles): https://hjvx7xg3n4ejezmh.onion.cab/

If you want to contribute, post here on this thread.
Thanks to "Endwall" to host it.


Anonymous 08/16/2017 (Wed) 10:57:36 [Preview] No. 10741 del
The ASUS C201 Chromebook is worth mentioning. It's ARM-based, but afaik it's the only librebootable laptop with a free embedded controller firmware.


Anonymous 08/16/2017 (Wed) 11:08:23 [Preview] No. 10742 del
tmux:
https://man.openbsd.org/tmux.1

ffplay video player (very minimal, but mpv.io seems ok too):
http://ports.su/graphics/ffmpeg

signify:
https://www.openbsd.org/papers/bsdcan-signify.html

acme-client(1):
https://man.openbsd.org/acme-client.1

Pay in cash of a locked PO box:
https://en.wikipedia.org/wiki/Post-office_box

Evva MCS lock:
http://www.evva.at/products/mechanical-locking-systems/mcs-locking-system/technology/en/

On firmware:
- Magic lantern (can save photos in DNG):
https://magiclantern.fm
- Rockbox (supports FLAC decoding):
https://www.rockbox.org/


Anonymous 08/16/2017 (Wed) 11:15:29 [Preview] No. 10743 del
Beagle Bone Black is not based on i.MX processor...

We have to create a section for pf(4) configuration (maybe adapt some hosts file, so we can block a good amount of useless traffic).

- Randomize Mac Address (in case you're using public wifi):
https://calomel.org/mac_random.html


Anonymous 08/16/2017 (Wed) 13:23:19 [Preview] No. 10746 del
The hidden service is down?


Anonymous 08/16/2017 (Wed) 13:32:43 [Preview] No. 10747 del
>>10740
No amount of hardware and software strengthening is going to save you if you are an idiot and post potentially personally identifying information on the internet or personal computer. Never use your real name or location ANYWHERE on your computer, even in text files on your desktop because your computer might have malicious code running on it...


Anonymous 08/16/2017 (Wed) 13:37:54 [Preview] No. 10748 del
>>10746
What part of "hidden" don't you understand?


Anonymous 08/16/2017 (Wed) 15:02:32 [Preview] No. 10749 del
>>10747
The list is meant to people that already know something, not for newfags.

>>10748
It was down some hours ago... now it's back. Thanks for your joke, anyway.


Anonymous 08/16/2017 (Wed) 16:07:08 [Preview] No. 10753 del
>>780975
>trusting onion.cab
The processors are still backdoored, even before AMT.
ARM processors are backdoored.
You forgot to mention chink mediakek boards.
Keyboards have no known "backdoors"
SSD is fucking trash for storage, you have arm processors all over than can do whatever you want and they're a giant meme anyway

Don't recommend any VPS providers, a VPS provider is good because they're cheap, any expectation of privacy is out anyway

Using VPS for VPN is bad when there are VPN providers with diskless dedicated servers

For email, recommend guarrilamail and random throwaways from GNU recommended email list

http server: busybox httpd and the different asm servers are worth noting (eg rwasa)
also you're not following your own advice here:
>Server:"nginx/1.12.1"

>404 Not Found
>nginx/1.12.1

BCHS looks promising, but for a blog jekyll is better

stagit link is dead

add I2P Freenet GNUnet to Anonymous Networks

add Monero to Cryptocoins, recommend coinjoin for BTC

For IM the given choice is Tox or IRC

for filesharing IPFS, freenet, gnunet, perfect dark is relevant

web browsers: tor browser, pale meme

search engines: yacy, ixquick

undeadly link is dead

basic tips: there are more comprehensive hosts files than facebook and google

A lot ofthe stuff on this lsit is unrelated to privacy at all


Anonymous 08/16/2017 (Wed) 16:13:05 [Preview] No. 10754 del
>>10744
Upload it to a pomf clone then use archive.is or web.archive.org for more permanent hosting.


Anonymous 08/16/2017 (Wed) 16:28:39 [Preview] No. 10755 del
>>10753
VPS is a stupid alternative to paid vpn provider when you are the only fucking person using your own personal VPN. at least use a VPS to generate a few dozen proxies for you to use. Rotate your own private proxies made from the VPS to change your ip every request like the random agent spoofer addon set to per-request.


Anonymous 08/16/2017 (Wed) 16:32:00 [Preview] No. 10756 del
anyone have that photo from 8/tech/ a year or 2 ago that had all the addons worth using. Also had plenty of greyed out ones that are no longer trustable. It had a huge red text caption about how shills hate this photo yadda yadda?


Anonymous 08/16/2017 (Wed) 17:06:46 [Preview] No. 10758 del
>>10753
>The processors are still backdoored, even before AMT.
>ARM processors are backdoored.
We can't do nothing about hardware trojans. If you have alternatives not cited on the list, you're welcome to present it.
>Keyboards have no known "backdoors"
So you're claiming that every processor is backdoored, but trust random keyboard manufacturers? They have microcontrollers, you know.
>SSD is fucking trash for storage
Yes, they are. But OpenSSD is open and fast. If you know any HDD that is open, let me know.
>Don't recommend any VPS providers, a VPS provider is good because they're cheap, any expectation of privacy is out anyway
That's why we have said "You SHOULD NOT trust these companies".
Some people need VPS or dedicated server to work.
>Using VPS for VPN is bad when there are VPN providers with diskless dedicated servers
Same as above: you say every processor is "backdoored", but trust VPN providers is normal? Also, do you know that VPN providers are just VPS providers, but with VPN software installed? ohh
>For email, recommend guarrilamail and random throwaways from GNU recommended email list
No. Any third party email provider is not private. They own the server, they own your information. Host your own.
>http server: busybox httpd and the different asm servers are worth noting (eg rwasa)
I'll look into that, but asm servers don't seem a good idea, because asm is not a safe language (unless they audited the software, or use formal methods on it's code).
>also you're not following your own advice here:
The server is not mine. It's from another anon called "Endwall". I can't host it myself because I don't have the hardware.
>BCHS looks promising, but for a blog jekyll is better
Good point.
>stagit link is dead
Thanks for pointing out.
>add I2P Freenet GNUnet to Anonymous Networks
No java on security list. Maybe GNUnet, but no one uses it.
>add Monero to Cryptocoins, recommend coinjoin for BTC
Thanks. I'll add.
>For IM the given choice is Tox or IRC
No >>10607
>for filesharing IPFS, freenet, gnunet, perfect dark is relevant
Again, no java.
IPFS can be added, although it's not anonymous.
>web browsers: tor browser, pale meme
No Gecko engine. Too much bloat.
>search engines: yacy, ixquick
Trusting russians? No, host your own searx instance.
>undeadly link is dead
Thanks. Their TLS has problems, that's why they are switching to a new version...
>basic tips: there are more comprehensive hosts files than facebook and google
Yes, already mentioned here >>10743
>A lot ofthe stuff on this lsit is unrelated to privacy at all
Such as?

Thanks for your contribution.


Anonymous 08/16/2017 (Wed) 17:12:55 [Preview] No. 10759 del
>>10756
Using addons is a meme. Firefox has 17,719,683 lines of code. Adding more addons just makes the attack surface bigger.
Choose text-based browsers if you want security.

ps. 8ch is a meme by itself.


Anonymous 08/16/2017 (Wed) 19:48:40 [Preview] No. 10760 del
>>10759
>Using addons is a meme
I can almost certainly tell you that they are not a meme, and do a good job at making an insecure browser just a little bit less insecure. Noscript is highly useful...


Anonymous 08/16/2017 (Wed) 20:17:39 [Preview] No. 10764 del
>>10758
>We can't do nothing about hardware trojans.
It seemed like you were trying to avoid it based on your recommendation of the thinkpads. It might be a good addition to note the level of hardware backdoors.
**** = chinese ring -4 rootkit sends all data including screen recording unencrypted to facebook
*** = hardware backdoors that can be exploited not only by the NSA but also by intelligence agencies/police
** = hardware backdoors but only for nsa
* = no known hardware backdoors
= trivial hardware, physically impossible to insert backdoors
>So you're claiming that every processor is backdoored
I think it was every x86 after 1995, ARM is a different animal, there are likely some FPGAs without backdoors.
>trust random keyboard manufacturers? They have microcontrollers, you know.
Right, but these are usually very trivial. If they have full control over your processor (some of the intel ME stuff is in the motherboard, but this is unimportant here) they can send data over the network. Even if they backdoor the microcontroller in your keyboard, they have to physically exfiltrate the data. The sender antenna would be easy to detect, either physically or from its signals.
>If you know any HDD that is open, let me know.
Aren't the microcontrollers running trivial code?
>That's why we have said "You SHOULD NOT trust these companies".
Right, and this is true, but what's the point in recommending a certain company over any other then? The only thing you should care about is how tolerant they are to abuse. In this aspect, OVH is infamous for their commitment to freedom which tends to make some people very butthurt. Look at a list of the ASNs hosting the most botnets if you want a complete list.

For domains, ro1.ru (russia) tonic.to (national .to registry, have openly stated they don't care about copyright) nic.io (literally ignores all abuse reports) domaindiscount24.com (aka key-systems gmbh, used for the child porn spam on 8chan) cnobin/bizcn (lol china) are the best.
Also see https://www.lowendtalk.com/discussion/79367/bulletproof-domain-registrars-2016 and https://www.lowendtalk.com/discussion/60301/list-of-offshore-hosting-and-server-providers
>Same as above: you say every processor is "backdoored", but trust VPN providers is normal?
Some of them physically remove their hard drives. You have to differ among various things here according to your threat model. For example, Tor is not secure against a global adversary and is not intended to be, and if you're worried about that there are other alternatives which make other tradeoffs between speed/latency/security than Tor does (gnunet trades latency for better speed and security, vpn trades security for better speed and latency, tor/i2p trades speed for better latency and security)
>No. Any third party email provider is not private. They own the server, they own your information. Host your own.
I am aware of this, but the increase in unlinkability is in my opinion worth the decrease in safety. Guerrillamail doesn't store their mails since it would be infeasible. You lose privacy from hosting your own. There are providers that encrypt information upon receiving with your GPG key (countermail), this can be worth looking into but it still requires trust.
>The server is not mine. It's from another anon called "Endwall". I can't host it myself because I don't have the hardware.
Oh, okay. See my previous post about hosting >>10754 for static content.
>No java on security list. Maybe GNUnet, but no one uses it.
I2P has a C++ implementation.
>Java 7 is required to run Anonymouth.
Why is Anonymouth on the list then? Such a program in {not java} would be very useful though.
>>For IM the given choice is Tox or IRC
>>No >>10607
>I have no formed opinion on it.
>Have no specification as Signal protocol and leaks metadata.
This isn't a reason for not using it. How does it leak metadata? You should also mention OTR, you can run OTR over other (synchronous) protocols like IRC or Facebook messenger.
>IPFS can be added, although it's not anonymous.
N


Anonymous 08/16/2017 (Wed) 20:19:30 [Preview] No. 10765 del
>IPFS can be added, although it's not anonymous.
Neither are Retroshare or Tahoe-LAFS. BitTorrent is also fine, it's secure and decentralized. Integrating anonymity goes against the unix philosophy, you can route any protocol through Tor/I2P/VPN if you want, as long as it does what it's designed to do you're fine.
>No Gecko engine. Too much bloat.
Pale moon runs a fork of the Gecko engine and they're working on trimming down the codebase.
Tor browser has fingerprinting protection which is very important.
>Trusting russians? No, host your own searx instance.
Ixquick is american, YaCy is decentralized (developed by germans)
Are you thinking of yandex?
>>A lot ofthe stuff on this lsit is unrelated to privacy at all
>Such as?
Display seems unrelated to privacy. Trezor, nitrokey, hardware rng are all unneccesary. HTTP servers have nothing to do with security/privacy. BCHS is probably not appreciably better from a security POV than LAMP or even some garbage like Linux+Nginx+NoSQL+HHVM.

Some of this stuff does not go under best practices at all, like a faraday cage or white noise machine, that's just excessive paranoia for most use cases.
>>10742
>ffplay
It's literally a test application, mpv is much better or bomi if you need GUI.
>Pay in cash of a locked PO box
Postal mail is anonymous and much safer.


Anonymous 08/16/2017 (Wed) 20:24:05 [Preview] No. 10766 del
https://2ton.com.au/rwasa/
Honorable mention if you're listing webservers, probably very small attack surface.


Anonymous 08/16/2017 (Wed) 20:43:44 [Preview] No. 10767 del
Recommended reading for servers:
https://pastebin.com/GrV3uYh5


Anonymous 08/16/2017 (Wed) 21:06:57 [Preview] No. 10769 del
(41.90 KB 447x599 PaulWalker.jpg)
>>10742

>Pay in cash of a locked PO box:

In the United States, PO boxes cannot be acquired without presenting two forms of ID, at least one of them being valid photo ID. Using a fake ID to get one is a crime in itself, even if you do not use the box itself for anything illegal.

I'm sure some other countries do not have this requirement, though.

>>10753

>The processors are still backdoored, even before AMT.
>ARM processors are backdoored.

Post evidence of remotely accessible processor backdoors. If a processor backdoor isn't directly and remotely accessible, it's irrelevant. A non-backdoored chip isn't going to help you if an adversary has physical access to the machine.

>>10755

It depends on your threat model, but this is generally true.

>>10766

>Honorable mention if you're listing webservers, probably very small attack surface.

rwasa was written with speed in mind, not security. It is written in x86-64 asm, which is even harder to write safely than C.

Also, I tried it, and it crashes like Paul Walker.


Anonymous 08/16/2017 (Wed) 21:49:11 [Preview] No. 10770 del
Best encryption software?


Anonymous 08/16/2017 (Wed) 21:50:58 [Preview] No. 10771 del
(83.14 KB 741x299 artware.png)
>>10759
Upload a file from a text based browser. Not luakit or webkit but links2 or w3m. Try to browse any website that needs to generate a link or something. Try reloading or redirecting properly. Countdown indefinably on a textbrowser and never even make it to the recaptcha. Try copying the fucking text from the links2 -g window and pasting it in nano homie.Try to make a tab in a text browser trick. Try to see a gif playback in a text browser trick. Try to sign up for tutanota on a text browser trick. Try opening embedded input forms in a text based browser. This can be used in 70% of the cases of whatever you need in a browser. Links2 is why I am psyched for netrunner . Links is if properly configured is better than torbrobundle with one minor flaw. if you can change the gzip deflate browser fingerprinting to match torbrowser which I think you can but I dont know much about that I know its the only difference in fingerprints between tor configured links2 and tor-browser. But when you must read a website and not even archiving the links can not display the content or maybe you want to casually browse a site or use a dang icecat to make the requests fallback with requestpolicy preferebly continued.
Whitenoisegenerator addon to open up windows with tabs to randomly parooze deucheland buisness shopping links and generate random history.
Or use a fucking addon useragentspoofer ya goofah to spoof user agent per request.
refcontrol forges them referrers.
Betterprivacycontinued to wipe up when you been jewed.
Matter fact about:memory clear that shit blam.
about:config set the catch to ram,
addon getiton meme nigga we be skraight xpi
You bogus for sleeping on dolus. .
Or use a fucking addon like tamperdata to spoof GET requests fuck beta.
Or use a fucking addon proxytool or foxyproxy to even fucking be able to use i2p(d).
Or use a fucking addon called trackmenot to generate fake searches over an about:configgerigged torbrowserbundlebro_sandbox_alpha.tar.gz
http://xmh57jrzrnw6insl.onion/ torch fo yo ass put that shit in the option menu of dis addon
http://cs.nyu.edu/trackmenot/ (add search engines in the settings)
put some candle innit now dem bois in bidniss
http://gjobqjj7wyczbqie.onion/
or use searx instances to search more.randomly search the engines and see what they want you to see randomly generate 10 searches from a tab now fleece they browsing habit statisticators
ipfuck to employ another fingerprint manipulator, httpnowhere better than httpseverywhere
canvasblocker set to block everything
selfdestructingcookies set to delete every second
flashblock as yo lean wit it like a joc
textise if they spam the cut wit dat cheese
developer-tools to play by your own rules.
meme.xpi is here time for changes to be applied


Anonymous 08/16/2017 (Wed) 21:56:41 [Preview] No. 10772 del
>>10770
tomb and veracrypt(if you are thinking of something like trucrypt) are the best except for cli ones like gcrypt or whatever mucrypt whatever its called.


Anonymous 08/16/2017 (Wed) 22:00:03 [Preview] No. 10773 del
>>10758
>No java on security list
I don't think something written in Java makes it inherently insecure. From what I've read it's mainly the sandbox for browsers that's insecure, not a regular program written in it.
https://security.stackexchange.com/questions/57646/why-do-i-hear-about-so-many-java-insecurities-are-other-languages-more-secure


Anonymous 08/16/2017 (Wed) 22:27:44 [Preview] No. 10774 del
(10.54 KB 659x74 fug yes.png)
(70.29 KB 684x386 a.png)
Anonymouth is a stylometry tool you might need to use.

You make a corpus of 6000 words of your writing in 500 word separate text files. Then you can do the same with authors and they analyze how your writing can be identified to you by highlighting indicating or repeating words. I cant get the suggestions to appear but I can see the clusters of sentence length and whatnot to aim for a more anonymous post. This is becoming more and more a necessity for everybody and especially regular posters of any anonymous outlet. you download eclipse and the egit plugin.
Then open eclipse and import>from git repository> egit the https://github.com/psal/anonymouth
when imported open the directory and open thepresident.gooie to launch the fucking thing. Took me a year to finally take the hour it took to learn how to do that. Anonymouth is a wonderful asset that is not a standalone program so it may be ignored. Well worth the effort. Also JGAAP is another useful jar.https://github.com/evllabs/JGAAP

also pic related was a script I found online to launch anonymouth without eclipse but the dipshit uploaded it to dropbox who kiked it offline.

I have seen the splash image by exporting anonymouth as a jar in eclipse and running the jar. But it never initializes.


Anonymous 08/16/2017 (Wed) 22:32:27 [Preview] No. 10775 del
(386.11 KB 426x426 cokeoverdose.webm)
>>10770

This is a meaningless question. What kind of encryption? Asymmetric, symmetric, post-quantum, what are your security requirements/processing abilties, what's your threat model? In order to encrypt what? Strings of text, images, files, voice communications, video communications, web traffic, email, pot brownie recipes, a database of your passwords? Or do you need encryption that doesn't even involve a computer? That exists, too:

https://en.wikipedia.org/wiki/Solitaire_(cipher)

The encryption protocols and algorithms you would need for ensuring the privacy of a video chat with a friend when your little brother is on the same network slurping up all of your traffic with Wireshark are very different from the protocols and algorithms you would need if you have a document that you want to keep secret from an intelligence agency for the next 30 years. Partially since your little brother probably isn't going to beat you with a rubber hose until you give him the information he wants.

https://en.wikipedia.org/wiki/Deniable_encryption

Figure out what it is you want to ask first. Then, ask it somewhere else, because you'll get a lot of questionable advice on this board from confident-sounding amateurs who consistently make very basic mistakes. In addition, I've seen no evidence that anyone who posts here is capable of making a meaningful evaluation of the quality of any available software implementations.

>>10771

Holy fucking formatting, Batman.

>>10773

Oh, shit, you've done it now. There's a turbo-autist here who clenches his balloon knot hard enough to create a singularity every time someone suggests Java might not be Satan in software form.


Anonymous 08/16/2017 (Wed) 22:37:36 [Preview] No. 10776 del
>>10774

Thank you for the instructions. I've known about Anonymouth for years, but was never able to get it to work. I'll give this a try.


Anonymous 08/16/2017 (Wed) 22:38:31 [Preview] No. 10777 del
>>10775
Certainly the best practices may not be known so that is why I try to look at all the opitions and see what works from hands on experience. Trial and error.


Anonymous 08/16/2017 (Wed) 23:19:12 [Preview] No. 10778 del
>>10776
here are the beats in the pic related

Refer to the github instructions if you get lost. I remember one time they had in the github page a disclaimer that "we are not going to explain how to get it working do some googling to figure it out for yourself" and that is a shitty way to set up a readme.


Anonymous 08/17/2017 (Thu) 09:14:26 [Preview] No. 10785 del
>>10764
>note the level of hardware backdoors.
We don't have enough information to put a "level" of safety for hardware. We know, for sure, that post 2005 hardware from intel is backdoored. AMD has also nasty microcode on newest platforms. The other ones are just speculation or has little proof.
>there are likely some FPGAs without backdoors.
FPGA needs another processor (generally ARM) to boot. Unless you're talking about CPLD (complex programmable logic devices). But all of this is too complex and even easier to put a backdoor. Also, there's no open hardware (that I'm aware of) for it (Xilinx has closed blobs). If there's a open hardware CPLD, let me know, because run this with RISC-V emulation would be very good for privacy (although linux port of RISC-V is really new, and lack security features).
>they have to physically exfiltrate the data
Good point. Let's keep it for now, I have to read more about it.
>Aren't the microcontrollers running trivial code?
https://www.bunniestudios.com/blog/?p=3554
>but what's the point in recommending a certain company over any other then?
Three criteria: the firmware running, country and operating system support. The Vikings VPS runs with Libreboot. The others support openbsd and are from good countries.
VPS will not protect your privacy from the VPS provider itself but, if you need to use it, at least let it secure so people don't crack down your stuff.

[continue...]


Anonymous 08/17/2017 (Thu) 09:54:46 [Preview] No. 10786 del
>>10785 (me)
[continuing...]

>OVH is infamous for their commitment to freedom
I'll look into that.
>For domains, ro1.ru (russia) tonic.to
I don't think russia is a good place for privacy. Let's keep TLD registration out for now.
>increase in unlinkability is in my opinion worth the decrease in safety
The list is not user-friendly. For journalists, the Guerrillamail that you suggest maybe better (if encrypted with GPG on your own computer), but this is not meant to tech illiterate people...
>Why is Anonymouth on the list then?
Very good point. Thanks for pointing out my hypocrisy. So what do we do then? Remove anonymouth? There's any alternative to it?
>I2P has a C++ implementation.
It works, though? I2P leaks more metadata and has not much attention from the academic side. I would personally let it out from the list, but if everyone here agrees, we can put it.
>How does [Tox] leak metadata?
Not anonymous, saves chat history, leaks timestamp between messages.
>You should also mention OTR
Read the entire thread linked... we could add OTR on irssi, but I think we have better solutions now.
>Neither are Retroshare or Tahoe-LAFS
Oh, I thought IPFS had no Tor integration. It seems it needs this to work:
https://github.com/david415/ipfs-onion-transport
It's not audited yet though:
https://github.com/ipfs/notes/issues/37#issuecomment-321983515

Retroshare and Tahoe-LAFS can work with Tor without additional software, IIRC.

>you can route any protocol through Tor
No, Tor only supports TCP/IP. Bittorrent is UDP.
>Tor browser has fingerprinting protection which is very important.
Last Links2 build also offer the "Fake Firefox" option, for reduced fingerprinting.
>Are you thinking of yandex?
Maybe. I'll read more about YaCy, but I've tested it some time ago, and it was not usable. A lot of irrelevant links on search.
>Ixquick is american
No, please. Let's keep just the best here.
>Display seems unrelated to privacy. Trezor, nitrokey, hardware rng are all unneccesary.
Agreed with display, but the others are not unnecessary. You may be thinking just about your user case. People working in large servers would benefit greatly from Nitrokey, for example. Hardware RNG is also a good option (see Debian PRNG failure in 2009).
Trezor makes bitcoin management much more secure and private.
>HTTP servers have nothing to do with security/privacy.
Are you kidding, right?
>BCHS is probably not appreciably better from a security POV
It runs kcgi and pledge by default.
>that's just excessive paranoia for most use cases.
Again, your user case. If you're a people with a big information of corruption on a dictatorial country that you want to leak, the use of some of these may be decisive on you being murdered or letting the world know your information.
>mpv is much better
Too much bloat for me. Why filters at all? Most of use just need a VP9/H.264 decoder, Vorbis/OPUS/AAC decoder and a muxer for mp4 and webm. Also the basic key input. Just it, nothing more.
>Postal mail is anonymous and much safer.
I'll read more.


Anonymous 08/17/2017 (Thu) 10:00:26 [Preview] No. 10787 del
>>10766
Thanks, I'll check it.
>>10767
Thanks, I'll read it. But, as >>10769 pointed, it's written in asm, not good for security.
>>10769
>In the United States, PO boxes cannot be acquired without presenting two forms of ID
Yeah, that's a problem. Thanks. If you have an alternative, let me know.


Anonymous 08/17/2017 (Thu) 10:09:14 [Preview] No. 10788 del
>>10771
The list is not meant to be user-friendly.
>Try copying the fucking text from the links2 -g window and pasting it in nano homie
I can do it even without mouse, using keynav.
>Try to make a tab in a text browser trick
That's why people use window managers with tabs, like ion3 (or 'notion')
>Try to sign up for tutanota on a text browser trick.
You should host your own mail. That's the point of the list.

The rest you wrote I can't understand, so I can't argument.
Also, feel free to fork it.


Anonymous 08/17/2017 (Thu) 13:47:11 [Preview] No. 10791 del
Do someone have a good source for google domains, so I can add them to my hosts file?
Thanks.

Btw, I still don't understand why people don't use their hosts file rather than any shitty ad blocker.
https://github.com/StevenBlack/hosts


Anonymous 08/17/2017 (Thu) 14:34:43 [Preview] No. 10792 del
(54.69 KB 250x125 unbound.png)
About the DNS, everyone should use Unbound.
It is a cache, recursive DNS server. You have direct access to the root server, without any need of authoritative server. No opendns server to trust.
Since you're certainly using a VPN, it's not a problem. (take care to the DNS leak though, you'll need to configure your VPN so it use your DNS server).
I've set the max ttl to a day, so I need only one dns request for one domain per day.
Last but not least, you can but a domain blacklist and a whitelist. So if you request for exemple google.com, no DNS request will be send on the wire.
Using hosts is better though, but maybe it's useful according to your setup.
https://github.com/jodrell/unbound-block-hosts


Anonymous 08/17/2017 (Thu) 14:44:34 [Preview] No. 10793 del
>>10792
Correct me if I'm wrong, I'm not too tech-savvy but I do listen to advice from time to time, but won't disabling webgl and DNS prefetching in your browser help prevent DNS leaks while using a VPN? I use an agent spoofer in my browser that allows you not only to spoof lots of metadata but also allows you to disable a lot of vulnerabilities as well such as DNS leakage.

Is that not enough security while using a VPN?


Anonymous 08/17/2017 (Thu) 16:30:31 [Preview] No. 10798 del
(54.69 KB 250x125 unbound.png)
>>10793

You simply verify it with wireshark, by checking if any package is unencrypted. But yeah, you have some things to desactivate in firefox. Or do the right thing, and stop using firefox, if the recent join of mozilla to the hunt of the alternative news isn't enough for you to move out.

For openvpn to work with unbound, you have to add "push "dhcp-option DNS 127.0.0.1"" in the config file on server side. (/etc/openvpn/server.conf)

Moreover, It's not gonna be good with time, but I only use ipv4. I had too much trouble setting up openvpn for ipv6. I heard that some VPN you buy are doing the same, but since you don't have specified your system to use only ipv4, you're leaking every ipv6 connexion you're doing...
So going the job yourself definitively is useful.


Anonymous 08/18/2017 (Fri) 23:40:42 [Preview] No. 10828 del
(287.33 KB 960x754 1497164373610.jpg)
>>10793

>won't disabling webgl and DNS prefetching in your browser help prevent DNS leaks while using a VPN?

I don't see why webgl would be a problem, and DNS prefetching would only be a concern if the browser uses its own DNS servers in order to provide that functionality. That wouldn't surprise me, though: I could see Google, for example, hardcoding 8.8.8.8 and 8.8.4.4 as the servers that would be used for prefetch in Chrom(e/ium).

The bigger concern is WebRTC. Make sure that's disabled. It's easy to deanonymize you if you have WebRTC enabled.


Anonymous 08/18/2017 (Fri) 23:47:59 [Preview] No. 10829 del
>tfw to brainlet to set up unbound


Anonymous 08/19/2017 (Sat) 00:46:12 [Preview] No. 10830 del
(299.97 KB 1020x1486 1497323555554.jpg)
>>10829

What are you having trouble with?


Anonymous 08/19/2017 (Sat) 02:26:48 [Preview] No. 10831 del
>>10830
I honestly can't remember. I tried setting it up along with dnscrypt last month, nothing went right, got drunk while trying to set it up and just gave up on it.
Probably had to to with my strict firejail config. I also wanted to make the process as portable as possible. I'll probably try again next week.


Anonymous 08/24/2017 (Thu) 01:07:22 [Preview] No. 10885 del
bumping


Anonymous 08/24/2017 (Thu) 04:49:22 [Preview] No. 10886 del
>>10771
I just thought of adding youtube to trackmenot

add this string
https://www.youtube.com/results?search_query=trackmenot

So now you can frazzel the recommended videos data-mining especially if you set it to tab mode and only youtube as the search engine set to searches a minute


Anonymous 08/24/2017 (Thu) 13:01:30 [Preview] No. 10889 del
>>10788
Sorry for rambling incoherently I did not want you to consider any of that for the list. I think I was outraged at the situations where using a webkit browser is unfeasible compared to a firefox fork.


Anonymous 08/26/2017 (Sat) 17:21:28 [Preview] No. 10895 del
>>10831
Why do you even need dnscrypt if you don't use vpns ?


Anonymous 08/26/2017 (Sat) 18:36:15 [Preview] No. 10896 del
>>10895
DNS poisoning, DNS spoofing. If your government censors the web you'll know what I mean.

btw, DNS does leak a substantial amount of metadata. ofc, encrypting DNS alone helps your nothing, but it's good to do so as defense-in-depth.

And a bonus, my local DNS server saved me twice, I accidentally queried ".onion" and ".i2p" domains I wanted to access while surfing the clearnet...blocked by my DNS.


Anonymous 08/27/2017 (Sun) 16:47:58 [Preview] No. 10909 del
What about local hoarding of zone transfers or distributed DNS systems like DNSchain?
Also, why would you trust single DNSCrypt resolver when anybody can make one and claim to keep no logs and serve legit queries? It would be better to fail-proof with multiple server queries at least.


Anonymous 08/27/2017 (Sun) 17:14:32 [Preview] No. 10910 del
>>10743
>- Randomize Mac Address (in case you're using public wifi):
>https://calomel.org/mac_random.html
>calomel.org ever
Or use:
ifconfig $interface lladdr random


Anonymous 08/27/2017 (Sun) 17:16:14 [Preview] No. 10911 del
>>10910
I forgot to mention that is for OpenBSD
https://man.openbsd.org/ifconfig.8


Anonymous 11/20/2017 (Mon) 23:54:16 [Preview] No.11782 del
Just found about this thread, damn, what goodies I've found.


Anonymous 11/21/2017 (Tue) 01:17:33 [Preview] No.11784 del
>>11782
I'll release a new update soon, with some correction and more good links... wait for it.


Anonymous 11/25/2017 (Sat) 00:56:49 [Preview] No.11799 del
Where can I find the lastest version of this ?


Anonymous 11/25/2017 (Sat) 01:11:11 [Preview] No.11800 del
>>11799
The last version is hosted on the OP link: http://hjvx7xg3n4ejezmh.onion/
Alternatively, see this one (this particular link will not be updated in future): https://a.pomf.cat/ezuqtc.html


Anonymous 11/27/2017 (Mon) 04:46:19 [Preview] No.11802 del
(433.53 KB 1280x960 1509912621359.jpg)
>>11799
Don't take it too seriously.


Anonymous 12/02/2017 (Sat) 20:20:36 [Preview] No.11840 del
>>11800
Cold Boot works on DDR3
https://nullcon.net/website/archives/ppt/goa-15/cold-boot-attack-on-ddr2-and-ddr3-ram.pdf
https://youtube.com/watch?v=ZHq2xG4XJXM [Embed]
Evil Made -> Evil Maid
>your system should encrypt your memory anyway
How to? I know only TRESOR and it stores keys in CPU cache.
https://www1.informatik.uni-erlangen.de/tresor
Interesting stuff, unknown freedom respectiveness:
MIPS
-> https://www.baikalelectronics.com/products/T1/
Power
-> https://www.powerpc-notebook.org/ (shady italian scamming people, would be fun if he delivers)
x86
-> https://www.viatech.com/en/
-> http://www.vortex86.com/?p=264
-> https://github.com/alfikpl/ao486
-> http://en.zhaoxin.com/
>>11802
Why apples in Russia are so smol?


Anonymous 12/02/2017 (Sat) 22:20:31 [Preview] No.11841 del
>>11840
>Why apples in Russia are so smol?
So that Ukranians can afford to import them.


Anonymous 12/03/2017 (Sun) 02:34:17 [Preview] No.11842 del
>>11841
I took a closer look on number plates in that scene. It actually takes place in Ukraine. Guess, those apples are already imported.


Anonymous 12/03/2017 (Sun) 14:17:28 [Preview] No.11845 del
>>11840
>How to? I know only TRESOR and it stores keys in CPU cache.
OpenBSD does it by default.
>(shady italian scamming people, would be fun if he delivers)
No open firmware.
>-> https://github.com/alfikpl/ao486
We'll have a development tools section soon..


I'll update when I have time. Thanks for your contribution :^)



Top | Return | Catalog | Post a reply