I would like to start a discussion on Security. Specifically communication security. Before I get into a detailed discussion I would like to hear from the community as to the appropriateness of this forum for this discussion.
I do believe an ‘off-topic’ section is in order, Just need a good name for it XD
It should be noted when it comes to cyber security, one must know all devices on the internet, including phones, TVs, cars are “legally” recorded (see XKeyscore and Mass surveillance in the United States) by one entity or the other, and it is only a matter of time before the cat-and-mouse nature of computer security catches up to your data - a computer like the one you are using now will be able crack your ‘state-of-the-art’ encryption given enough time. Often, ‘evidence’ gathered by surveillance fails to follow proper procedure, trickery is used to take down suspects.
Let’s say you find the perfect software that has perfect privacy, and you run only ultra secure open source operating systems and follow perfect SIGINT OPSEC - Your hardware is still backdoored and actively monitored - There are some BIOS / Hardware freeing projects like Libreboot that only runs on a small handful of decade old hardware, which we can confidently say has those nasty features removed. Still, for those paying attention, exploits like Meltdown and Spectre are very real threats.
The following suggestions are tailored to protect your data from the common street thug to the local sheriff. If you are avoiding Five Eyes - Best to stay off the line.
Always use Tor with https://tails.boum.org/ It is recommended to use decentralized networks as much as possible for everyday use, the more people on the network, the stronger it is. Even Facebook has an onion address and future4200 will not block tor traffic. I highly encourage a LIVE OS like tails linked above, which resets between restarts.
Always use a VPN when Tor isn’t an option. This is a huge step in protecting you across a large attack surface. There can even be made an argument to use Tor over VPN or vice versa to keep ISPs from tagging you as a Tor user, or Tor Exit nodes seeing your traffic. There are other security networks and technologies out there, but Tor and VPN will do the trick 99% of the time.
Use libreboot computers - True full disk encryption booting with a hardened GRUB config. Fully encrypt all at rest media using software like LUKS and for less complicated backups and sync Duplicati
Mobile phone security - Also called PTD (Personal Tracking Devices) Running custom roms and buying expensive phones with hardware cut off switches - mostly snake oil - Until there is a major redesign of mobile networks and hardware level security cellys will always be PTDs. Best advise is to use boot encryption, avoid custom ROMS and rooting, use a 6+ digit pin and NOT fingerprint or camera unlock. Consider mobile phone security a lost cause even with copperhead.co type projects. Keep a [battery removed] flip phone, backup battery and solar charger in your glovebox for emergencies.
Physical security of locations - Big loud dog and a home security sign will keep out 95% of the riff raff. For the other 10%, this is an amazing video - Most locks and doors are horribly insecure, use real ones (lock picking, fun and easy XD). Cameras are a toss up, definitely no wireless, preferably don’t hook it into a network of any kind other than its own, keep the D/NVR in a locked safe.
Financial and transactional security ( BitCoin?) - BITCOIN IS NOT ANONYMOUS - Most (not all) shitcoins are not made for anonymity. Extra precautions and services like TOR should be used.
Encrypted communications (ie. Signal) - See Messaging and Email Security.
Feel free to ask questions and voice concerns or criticism, it’s the only way to learn. Follow the links provided (Using Tor of course) and do some reading. Links and sources are highly encouraged.
the bases for all of those technologies is encryption and i think we need to start there. I believe avoiding the common algorithms is essential seeing as these are the ones that are either inherently compromised ( even tors standard encryption) or will be the target of most codebreaking programs written (which is a huge deal cause 99.9% of breach attempts wont be by a cryptographer or even a programer but basically a glorified scriptkiddy). any program that lets me change their encryption settings or seed primes I always do. I one my good friends is hardcore cryptography programmer and he’s moved almost completely to elliptic curve cryptography and thinks thats where encryption is heading for numerous reasons. Sometimes this is very easy to implement and just like how mac and linux hardly get viruses because they r almost all written for pc’s, almost all codebreaking attempts will focus on aes.
I’m curious on your thoughts on the subject as u have obviously been doing this for awhile lol @sidco
also with bitcoin, if you r trying to stay as anonymous as possible then launder ur bitcoins with a know coin mixer/tumbler. this is where thousands of user’s bitcoins get randomized and returned for a small fee and knowing whose bitcoin is whose (without owning ur exit node or something silly) becomes crazy hard
I think you nailed it. AES accounts for a very large portion of encrypted traffic as most websites utilize it for TLS. It would not be outside the realm of possibilities (and a HUGE tactical advantage) for a government to have a backdoor to the most popular encryption, see the NSA paying RSA. If you are avoiding someone with that kind of advantage, best to stay off completely.
Decentralized mesh networks will be a thing in less than 10 years and im fucking ecstatic about it.