Security in living and communicating

[vajrakana]

There doesn't seem to be a topic about this, so I thought I would try to open up one about "How To Secure Your Communications And Activities" Plus, any tips people have about LEO clandestine operations. This is of concern to growers/chemists/distributors/etc.

All of this may sound paranoid, but it is based on significant knowledge and research.

Problem: Internet communications is ALL monitored, but not actively except in the case of "subversive" sites, like this one. So:

- Remember Echelon is up and running. This is a total data collection service kept secret by various governments. It runs word pattern matches on content and looks for words and phrases to follow up on with human examination. Yes it is real. Yes it is easy for them to do.
- Your IP address can be tracked back to you easily if you are in a western nation. Internet providers routinely cooperate with LEO and secretly provide customer data about any IP. This cannot be used in a court (since its illegal in most countries), however it does tell them where to look.

Solution: Not simple, but get a service that provides end to end encryption services, and that is trustworthy. This is a legal and personal judgment you'll have to make yourself. Look around for VPN services and so on. This way, your traffic inside the internet provider cannot be sniffed for content (to provide those incriminating words, like MDMA or anhydrous ammonia) and also it is a lot more difficult to track you. It is also possible that any evidence obtained by compromising your encryption service provider, or hacking your computer, would be inadmissible. etc. It does not stop a determined agency from seeing your traffic, but it does raise the bar pretty high.

Solution: In addition, Do NOTHING online, that gives any information about who you are, where you live, or specifics other than knowledge. Don't type anything that can be used to track your real location, like use street names or small business names near you, or even say what is "available" to you where you are.

Security: SAY NOTHING about your activities in any email or IM. EVER. Don't even be obtuse about it or use code words. Just ask people out for dinner, or to go to a movie. Don't use PGP for things that are too sensitive, as the NSA is able to crack PGP given a few days (less, if you believe the rumors). If you must use email for sensitive things, use GPG, and educate yourself on safe usage.

Security: CELL PHONES are passively monitored by various government agencies, sometimes even while turned off. Get an RF shield to completely disconnect your phone whenever you talk out loud about anything you wouldn't want LEO to hear, and make sure anyone else's phone is in the same shield. Make SURE IT WORKS.. let it sit in the shield for 5 minutes then try to call it. Also, you can remove your battery, which should also deal with this, although I have heard that some phones have little batteries inside them good for a number of minutes at reduced power (unverified) so.. use a shield AND remove the battery. (point: there was a flurry of concern from american senators in the intelligence committee involving "something" that they saw as a gross invasion of american privacy and rights. It is rumored to have been cell phone intercepts, including the "off mode" ones, being conducted without warrants, and as part of a massive data gathering exercise called TIA.. Total Information Awareness, run by First Data Corp)

Security: Keeping the cell phone problem in mind, don't talk about anything detailing your activities to anyone you wouldn't trust with your life. If you're a grower, don't tell many people that.. just say you are reselling. Same with chemists.

Security: PrePaid cell phones. Don't use them. If you are calling someone up that you call up with your regular line, it will be an instant flag to watch REAL close (its easy.. the numbers assigned to pre paid cell providers are all known). Only use them if you are calling numbers you have NEVER called before on your regular phone, and are not owned by anyone you have ever called before. Then they are acceptable (do I need to mention to pay in cash?), however remember also that your location might be exposed by using it, as cell providers know pretty much where you are, if not your actual GPS location, just by providing you service. And limiting the time of use will not help.. they have to know where you are in order to activate your phone. Forget the Hollywood crap... it doesn't work. So, only use a prepaid phone in a place which is far away from your residence or regular hangouts. And don't use it often.. destroy it as soon as you can, and don't handle it with your bare hands.. keep it inside a poly sandwich bag.

Security: Don't EVER buy anything from anyone online, or any online resource, unless you are ok with LEO knowing about it. Assume your credit records are public knowledge. Don't try shipping suspect chemicals or supplies to a friend or your parents. Buy things cash on the table, over the counter, and have a darn good reason ready to chat up the sales rep if they ask. Make sure that reason is supported by at least a little activity in your house/life. Also, use a friend as a buyer from time to time, assuming that friend will never snitch on you... however keep in mind your phone records will show that person is well known to you, and then they will look at his records as well.

Security: if you keep notes on a computer, make sure you purge the computer regularly of those notes, while burning them to a CD/DVD. Use a commercial "wipe" product to not only erase files but also completely clean up free space on your hard drive. Alternatively, get a small laptop you only use for this activity and make sure you have a great hiding place for it, still burning backups to CD/DVD from time to time. FYI cheap laptops suitable for this are really cheap.. look online. If you are worried you might be being setup, destroy the hard drive by removing the platters, smashing them up, and going to a scrap metal yard to "buy some parts", while scattering the bits here and there inside various things.

Security: If you use wireless internet access, make ABSOLUTELY sure you have a good VPN service, or you have a geek friend secure it for you. WiFi encryption (WEP and etc) is laughable at best, and can be cracked in a matter of minutes.

Security: Keep a small, spiral bound notepad for writing notes in open venues about things you don't want overheard. Isolate the paper by itself so impressions can't be taken from the pad if it is confiscated. Make sure it is a very common, cheap type.

Security: Handle NONE of your for sale product with your bare hands, nor any container they go into. EVER. If you really want to be crazy, make sure you are not leaving any hairs, skin bits and so on, on the container.

Cash: If it is legal in your country, convert some of your cash to precious metals or other valuable commodities which are easily carried and can be gotten OTC. Do it in small amounts over time, and use many dealers. Dogs are trained to sniff for cash, not for gold/silver/platinum coins or bullion. Let alone diamonds, if you can even get them wholesale (don't do that unless you REALLY know what you are doing) Plus it is easier to hide them... you could hide $100,000 US in 80 oz or so of platinum, essentially 80 silver dollars, which is a very small package and could be easily put away in a single statuary, or seat cushions, etc. You do lose an automatic percentage just from transaction fees, converting it back to cash is a pain, and the price could drop, but its safer from a security perspective.

There are a few to start with! I'd like to see what everyone else can come up with, or criticisms on these pointers. Perhaps we can make a "Security" FAQ.

Also, if people are interested, we can develop a "spy vs spy" sort of text that goes into real espionage techniques that are being used by various agencies, such as listening devices (distance listening such as parabolic microphones, laser resonance, etc), physical bugs and taps, true secure communications, nano listeners (tiny, rice grain sized caucusing listening devices that are sprinkled by the multitude, comm with each other and report back to a sattelite via burst transmission.. yes they are real) and so on.

 

[Bastiaan]

Seems like a darn good idea to me!
Any way they can shut us down or any reason they'd try?

 

[druglessdouglas]

ive stopped caring. i would never incriminate someone else but i do what i do and they cant stop me (hear that you facist scum!) dont get me wrong, ive got drugs convictions and know what it means to have my door fly in at 4am. i just dont care. ignore the machine

 

[GOD]

I dont know if its fatalism or flatulism but what about the Daleks ????

 

[druglessdouglas]

they are a problem. i live on the ground floor.the police are undefunded, understaffed and undertrained for the most part. if you are researching exp lo .sives then ,under the current mars attacks conditions you may be noticed. not if your discussing what house plant makes you feel funnier.chances are your local police have an idea of what your up to and unless its rocks or brown powder they dont care. if you start spending big money they may take notice but then youve brought it on yourself. my local police know EXACTLY what im up to, but cos i dont rob, stab or shoot anyone, and obviously dont spend much they wave and smile as i float past them in the street.paranoia will get you busted because if you look guilty you probably are

 

[buffachino]

Man, this is overkill.
This degree of meticulous conspiracy is only for those who are involved in some kind of organised drug trafficking or production syndicate with a substantial profit motive, so I doubt the average stoner, despite the apparent risk of unjust prosecution, would go to this level of secrecy in order to exist relatively comfortably with their chosen interests.
Although, for those chemists and growers who are concerned with privacy, this will be of definite help.

It’s always good to have this kind of information around, if only to be aware of the surveillance abilities of those who have a dominative agenda to enforce.

 

[Subtle_Nod]

I'm sorry but "Don't use PGP... Use GPG"?

You realize GPG provides an implementation of the same algorithms as PGP uses - in short, they are compatible to the extend that if you could break one, you could break the other.

Second: I am not American, the NSA holds no weight over here.

Third: I am not sure what you do in your life outside of what I have seen here, but what you say has some GLARINGLY HUGE technical issues which I would be happy to discuss but I cannot find anything that I could say was true or good advice at this point in time.

For instance: Don't bother with a VPN if you believe PGP is already compromised.

I would like you to share your research because what you say as, just now, quite baseless.

EG: ISPs recently revolted here when told that they would need to record a small amount of user traffic, only a few that were suspected of illegal downloading. They revolted because they could not afford the hardware required to STORE all the information these users downloaded and uploaded.

The amount of hardware required, although theoretically affordable by some governments and indeed, a VERY few private individuals, make this virtually impossible.

Also, the amount of overhead required in transporting this data - as you have effectively doubled the amount of data you have by transporting it once legitimately and once to store it is extremely high.

Not to mention that not all information passes through countries that are friendly with each other.

EG: The NSA is getting NO information what so ever about an Iranian who, using an Iranian ISP accesses a website hosted in Iran. Period.

Lastly - text matching is not as easy as you think.

Assuming a system where a computer (or a bunch, hey make it elves if it pleases you) reads through all the text and flags some using ^some rules^ to be looked at by a human.

Now, if your ^some rules^ are too strict, you are either going to find no one, or very few people, but it is going to use a lot of processing power to do so.

If your ^some rules^ are too lax, you are going to need legions of men to manually read through the info.

Lastly... again - Even if they did do ALL of this, again, only American citizens would be effected.

Really though, back to the sheer amount of information. You cannot tell whether I mention Bin Laden or Drugs or Goats because I am talking about them here, posting them to Digg or even because I am reading the news, the human context of these things is completely lost on a machine.

Really though, the original post is mostly Fear, Uncertainty and Doubt and my reply can be summed up by the wikipedian:

[CITATION NEEDED]

EDIT:

Your advice for cell phones are almost okay. I'm not sure about avoiding prepaid ones - you didn't quite give a good reason, I would assume that is better than one linked to a credit card.

Also, we cannot even manage to detect simple swearwords reliably, Yahoo had several problems with their filter at one point, here is a story illustrating the point:

http://thedailywtf.com/Articles/The-Clb ... take-.aspx

 

[GOD]

The original post was very good . I and all the people i used to have to do with went further . There was a standard and if someone broke it they got dropped , permanently .

"Perhaps we can make a "Security" FAQ. "

Good idea . Lets just use this thread and add things as they come up .

"the NSA holds no weight over here."

What planet do you live on ? In which galaxy ? In another universe ?

" ISPs recently revolted here when told that they would need to record a small amount of user traffic, only a few that were suspected of illegal downloading. They revolted because they could not afford the hardware required to STORE all the information these users downloaded and uploaded. "

ISPs in Europe and America must keep records of all net traffic . Its the same with handy/mobile calls and emails . The information is available to 54 countrys ....... including all the American pupet states in the south seas . They did make ridiculas arguments about the costs and the implementation , but they didnt get taken seriously and now they do it .

"The NSA is getting NO information what so ever about an Iranian who, using an Iranian ISP accesses a website hosted in Iran. Period."

Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! Ha ! The internet stops at borders !!!!! If i could do it then the NSA + microsoft + google + ??? can .

"Lastly - text matching is not as easy as you think."

Its a part of profiling and profiling works very effectivly , very quickly and very easily .

"Even if they did do ALL of this, again, only American citizens would be effected."

Sounds like rendition , secret flights , secret prisons were only for Americans .

 

[TheFerret]

Has anyone ever heard of https://proxify.com ? It's a proxy service that supposedly masks your IP and prevents monitoring of your traffic network.

I use it to surf the net at work or other places that restrict what sites you can access - Not sure if it provides true online anonymity or not.

 

[Subtle_Nod]

The internet does not stop at borders, but there are countries that will not deal with other countries in other legal matters, will not export people - why would they export information about internet usage?


My goal here is not to get argumentative on a personal level.

I think a security FAQ would be a good idea.

I think it would be a better idea to make sure it held water.

Like I said [Citation Needed].

Can you point me to something proving that ISPs are required to keep data? A law perhaps.

I do not want to descend into a personal argument. I can entirely see where you are coming from God - you've been here a while, I hardly say anything but this is not a personal attack.

I would be quite happy to talk one on one with anyone who doubts what I say or to anyone that can contribute more to what I know already. I do not resist anything you can tell me that is correct. All I ask is that you demonstrate this correctness.

My comments about PGP vs GPG where quite valid - if PGP isn't safe, GPG isn't either, although you could argue that no one sees the source for PGP and it could be holier than Jesus, when was the last time you compiled your own copy of GPG after reading it Line for Line as well as everything it requires?

What about your operating system? Using it on windows? It is closed source too. How do you know it isn't keeping your passphrase as you type it? Use Linux? That's neat but again, did you read every Line of the kernel and all the modules it uses?

Again - you do not need to believe me - I bet a fair few won't - I could say anything about me and the people who are already inclined not to believe me will believe I am lying there too so I might as well not talk about me, what I know and how I know it.

The burden of proof is on those making the claims.

Prove that a VPN that goes across the same connections is more secure. The web servers and mail servers have to be able to understand what you request of them - how do you know those are secure?

God, anyone, PM me, I'll give you information so you can contact me in real time - I don't mind. I would love to see something that was rock solid. I do not believe this is it, but I am willing to consider anything brought to me with evidence.

I ask the same of you but I do not take it for granted.

 

[Subtle_Nod]

Has anyone ever heard of https://proxify.com ? It's a proxy service that supposedly masks your IP and prevents monitoring of your traffic network.

I use it to surf the net at work or other places that restrict what sites you can access - Not sure if it provides true online anonymity or not.

From a cursory glance, they are a New York based company. If you live in America and you do not trust your ISP you have no reason to trust the proxy service either. Similar laws will apply to both.

I also submit that it is known that legal authorities have in the past ran "Honey Pot" proxy services as these services attract a disproportionate number of people with things to hide than normal users.

It is also possible that it is run by a kid who is also recording all your passwords as well, though unlikely.

It could also provide an easy target for people looking to scoop up a large amount of details as well, for instance, people who use a credit card while using the service (I have to recommend that you do not do this, even with a reputable proxy service).

You could try TOR but not for personal details - although it is possible to detect your true IP address, as it is with any proxy server - a compromised node could sniff data. If you are submitting passwords, your name, etc, the node may record such data and link it back to yourself.

It could, for example with this site, keep your login cookie. This would not normally work for sites that require requests to come from the same IP address but if an exit node was to steal your cookie they would be able to masquerade as you quite easily.

 

[GOD]

"Can you point me to something proving that ISPs are required to keep data? A law perhaps. "

It is european law , its also part of the American anti freedomfighter laws . I`m extremely surprised you dont know anything about it , its been all over the European and American press for at least the last 2 years . If you find the "Big brother is watching you" thread you might find parts of it informative . No one is talking about ALL net trafic being recorded and saved . But all the details are saved . From who , to who , when , for how long , from where . Fones have a thing like a mac number in them wich identifys the fon itself . The cards also have a nr. in them so changing cards doesnt nesecerily help .

"you've been here a while"

Dont even think about that as it doesnt matter . The longer cheese hangs around the more it stinks . I have nothing more to say than anyone else..... i just have a big mouth !!!! If you want to talk lets do it here . That doesnt mean you cant PM me whenever you want . Just do it , but maybe i answer here and not with a PM .

About PGP and other programs ..... I dont trust them either . For every lock there is a key and once you have seen a few you start to get an idea of whats going on . Its much the same with all the wifi codes or TV satelite codes . they can and are cracked .

At the moment i use a doctored version of XPPSP3 . I DONT USE A FIREWALL OR ANTI VIRUS...... at least not when i`m surfing , only to check up if i caught anything with Cackperksky ( = a realy BORING and power grabbing , jelous shit thing ) . I use a NAT router + a little program from the chaos computer club that adjusts some services and net bits AND DO NOT HAVE ANY PROBLEMS . I have used a Linux version called "Auditor" and its sucsessor for doing the dirtys but apart from that i wouldnt touch Linux with a barg pole . I have tried Linux versions loads of times but they are all to "tuntig" ( = a German word ) for me !!!!

The German , and other , governments boast that they can get on your system without you knowing or findin out that they are / were there and take complete controle of it inspite of everything that you can do to secure your composter . Do you know what a "kernel mode self perpetuatin rootkit" is ? , or what a "Bios root kit" is ??? I do ..... i had one ....... I got caught nosing around in a fashist defence ministry and they took over my composter so the only thing i could do was to pull the plug....... and leave town for a few weeks / clean my house up / retire for ever and get rid of the laptop = give it the customer back who had given it to me to service it !!! Well they are OLD , at least 2 -3 years old . I dont know how the hacker world has moved since then but they must be outdated by now .

"you do not need to believe me"

Its not a question of believing , i know that some of the things you said were right , and others were VERY not right .

I have never said anything about VPN . I do say.... "The net is an open window, about as private as a public market place and you are more alone on a motorway in the rush hour" . NOTHING IS PRIVATE IN THE INTERNET . Proxys and codes are invites for the forces of evil to look further into . Big brother cant(???) watch all of the web live at the same time . But who would want to do that ? , and why ?

There is an organisation in America called DARPA wich controls all scientific developments in America . Nothing is on the market that hasnt been fully tested by them .... before it gets released . And microsoft boast that they work with the NSA and that part of Vista was designed by them . ( if you dont believe that read the ifno that comes with Vista ) .

"The burden of proof is on those making the claims. "

I didnt notice any proof in your post ........

"I'll give you information so you can contact me in real time "

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Thank you , very nice of you , no thank you . Just talk here its easyer and safer .......for me .

"TOR"

The message has to get in at one end and out at others = its a waste of time .

THE INTERNET IS A HONEY POT .

Love GOD

 

[Subtle_Nod]

The message has to get in at one end and out at others = its a waste of time .

THE INTERNET IS A HONEY POT .

Love GOD

That pretty much summed up my reply to most proxy services - you cannot trust their services any more than anyone elses.

I would like to say I do use PGP/GPG for business use rather than private use - for emails that I would rather Average Usage could not decode quick enough for the information to matter - and for digital signing, sometimes, it is enough for me to sign something that has a low chance of being faked so that people know it is from me.

I do believe if I was doing something worth billions to most first world goverments that they would be able to: A find me using more efficient means and B be able to decode and fake these messages much quicker than normal individuals with a Desktop PC.

I have not stepped outside the law yet, therefor it does not matter - I am not a likely target.

We could run our own, separate TOR service, but that would be limited in the amount of nodes, and can you trust everyone on this site? After meeting them in real life?

The best advice for someone that actually has a high chance of government interference, which is not your average, back alley crook:

Do not use your real name.
Do not use an ISP. Use a MacDonalds with free Wifi.
Encrypt everything. Everything can eventually be decrypted, you just need to make it last long enough so that you are not there anymore.
Do not contact family members directly.
Use different usernames.
Do not browse idly, chat or date.
Do not buy anything. Not even a prepaid card - it is more likely the catch you on camera in a shop and follow the card number than most other things that could go wrong.

I would also say - do not use one VPN, at least not more than one - the first time you would trace back to the VPN server, it is not likely that a lot of people are using that server, all an ISP would need to do would be to look for where incoming traffic was coming from. If it is a server set up especially, that makes you one of one. If it is a public server with more people using it, you will take longer to find.

Whereas I cannot vouch either way whether or not ISPs keep the data you send - I can tell you that they 100% DO keep the IP addresses, the time data was sent and the type of data sent if it can be determined (http, ssh, ftp, pop3, imap, bittorent, msn).

When I was working for an ISP, we used this information to determine the customer's internet usage in regards to whether they have downloaded too much and whether they were constantly downloading.

 

[Subtle_Nod]

It is european law , its also part of the American anti freedomfighter laws . I`m extremely surprised you dont know anything about it

Me too. Can you find the name of it. It sounds like something I should read.

Fones have a thing like a mac number in them wich identifys the fon itself . The cards also have a nr. in them so changing cards doesnt nesecerily help .

No need to explain MAC addresses to me - out and out techie here. All connection devices have them - they can also be used to find a laptop that you are carrying around or one where the IP address is not static. Modems have one as well.

MAC addresses can be faked in PCs and Laptops.

 

[GOD]

"MAC addresses can be faked in PCs and Laptops."

There are some good ones out there and some that dont work . Some will tell you that your mac adress has been changed but if you look at the log in your router it still says the old mac adress so one should be carefull .

The big brother thread i talked about that might shed more light on what i said is here :-

http://www.psychonaut.com/index.php?opt ... 71&lang=en

The info i wrote about comes from the German press .

 

[Subtle_Nod]

If you were "boring" wifi, you could fake your own mac address.

If it is your own router, you can replace the firmware.

 

[TheFerret]

You could try TOR but not for personal details - although it is possible to detect your true IP address, as it is with any proxy server - a compromised node could sniff data. If you are submitting passwords, your name, etc, the node may record such data and link it back to yourself.

It could, for example with this site, keep your login cookie. This would not normally work for sites that require requests to come from the same IP address but if an exit node was to steal your cookie they would be able to masquerade as you quite easily.

So - would you say that using TOR could provide decent anonymity for activities such as, say, browsing and posting on this site? Would determined law enforcement be able to ascertain who I am or my physical location, if they really wanted to? If so, how, and how easily?

 

[n0p]

My two cents:

For secure VoIP you can use Gizmo along with Zfone. Skype has encryption but it is closed source encryption so we have no idea how strong it is or if there are any backdoors. Dont use Skype for anything you don´t want BB knowing.

http://gizmo5.com/pc
http://www.zfoneproject.com/index.html

Other ways of communicating securely online:

Hushmail.ai paired with PGP/GPGP and steganography.

Use hushmail to send and receive messages that are GPGP encrypted prior to sending with encrypted file being placed into a graphic with stego.

Use only 8210, etc.. series Nokia phones - you can wipe the change the imei number as it is in software - you should then change your imei everytime you use a new sim card (never ever put another sim inside and switch back). For ultra security you can use anonymous rechargable roaming sim cards in said phone. (using the nokia saves you having to buy a new phone all the time - you just need to get the right cables and software to change the imei yourself).

 

[Bastiaan]

After having searched for a way to surf completely anonymous (I figured as good as it gets will probably be making it hard for serious instances with personel and advanced technology and knowlegde to track down your information), I stumbled upon services that work through proxy servers to hide your IP.
http://ipinfo.info/html/anonymous-surfing_2.php
However, what you are basically doing is giving out your info to some1 you don't know.
If people want to trace you all they have to do is bribe this some1 or something.
Asked a wiz dude I know about the issue and he told me that, to really be stealth you'll need a 'bouncer' and some kind of special router, costing up to 400 euros a year..
I'm still looking into other possibilities, if anyone can tell me more about this bouncer thing and how to go about making it work or if there's any alternatives I'd be very, very happy..
I really want to be as undetectable as possible, I don't care if it costs sth or if I have to go through some trouble/ do some work for it..

 

[n0p]

After having searched for a way to surf completely anonymous (I figured as good as it gets will probably be making it hard for serious instances with personel and advanced technology and knowlegde to track down your information), I stumbled upon services that work through proxy servers to hide your IP.
http://ipinfo.info/html/anonymous-surfing_2.php
However, what you are basically doing is giving out your info to some1 you don't know.
If people want to trace you all they have to do is bribe this some1 or something.
Asked a wiz dude I know about the issue and he told me that, to really be stealth you'll need a 'bouncer' and some kind of special router, costing up to 400 euros a year..
I'm still looking into other possibilities, if anyone can tell me more about this bouncer thing and how to go about making it work or if there's any alternatives I'd be very, very happy..
I really want to be as undetectable as possible, I don't care if it costs sth or if I have to go through some trouble/ do some work for it..

If you use a standard proxy server your privacy really is fairly good BUT you must make sure never to use a USA , EU or developed nation proxy server. If you used a Russian, Ukraine or similar developing nation with a high degree of corruption the odds are they would ignore any judicial requests - bribes are another thing.

Janusvm is the best system out there in my opinion - it should do all you want it to do:
http://www.janusvm.com/

For more secure google searches:
http://en.wikipedia.org/wiki/Scroogle

In the past, I thought about setting up anonymous email and other paid anonymous services on my server but at the time I had the ideas I only had two years of unix experience (not enough). Now I have 11 years exp. but the market has many other offerings already.