Anyone got any info on how to encrypt my email, messaging searches, etc without forcing me to get off the internet? Any info on how i coulod reduce the likelihood of trace would be appreciated, thanks.

Tor Browser Bundle for browsing/searching google or whatever


but also


Within the tor network are 'location hidden services' which look like weird domain names - instead of revleft.com it's an incomprehensible alphanumeric string followed by .onion. You are hidden from them, they are hidden from you. There is one service called TorMail (http://jhiwjjlqpyawmpjx.onion/) (won't work unless you're on tor, just save the link or something). Use a pseudonym that cannot be linked with any persona you've taken on the normal internet (usually called 'clearnet' on tor). Seriously, no connections. "Positivist" is out. Communicate only via tormail and other hiddenservices.

Use public key encryption. This creates two keys - private and public. Private is just that, it doesn't leave you. Public is what you give to someone else. They encrypt a message using your public key, and only you can decrypt it (with your private key). You do the same when sending a message to them - use their public key to encrypt it, send the message, they decrypt with their private key. GnuPG is pretty much the de facto standard for this.


Transferring public keys to the other party - either in person or over tor. No connection to clearnet pseudonyms. If you don't KNOW the other person, then they can also not have any connection to clearnet pseudonyms, and if they do, and you've logged directly on to a site (revleft, etc) rather than via tor/proxy, then your identity is compromised.

All sensitive local data on a truecrypt volume (basically, a virtual encrypted drive).

I'm fairly drunk but I can expand on everything later if you have questions

don't use the internet for security sensitive communication

TAILS (https://tails.boum.org/) either in a VM or native. TAILS is mostly for convenience though and you can get better security by properly configuring your own system. Install and set up the TOR and vidalia bundle and a portable (read: in a folder) install of firefox. Install and set up FoxyProxy on that install, along with noscript, adblock plus, cookie monster, beefree and HTTPS Everywhere. Set up FF to reject all 3rd party (or even all, period) cookies.

https://www.eff.org/https-everywhere not on the plugins site AFAIK
http://honeybeenet.altervista.org/beefree/ the one on firefox plugins site is outdated

In foxyproxy, set all .onion sites to pipe through to TOR. Once you have done that and can browse with TOR, go here and follow the instructions to block known bad exit nodes.

http://xqz3u5drneuzhaeo.onion/users/badtornodes/


Keep in mind:

1. The encryption is great but it's only as strong as your password.
2. If you try to access an onion site without piping it through TOR, it will show up on your ISP's DNS logs. This can be partially remedied by using OpenDNS.
3. Never use the same username twice; this is even more important than never using the same (good long and random) password twice.
4. If you're good with Linux, consider installing Debian with full disk encryption and use that as your main OS. From there, you can secure your entire system even further.
5. They can see that you're using TOR even if they can't see what you're doing in TOR.
6. Proxies can make you unknown to your destination, but they make you AND your destination known to whoever runs the proxy server.
7. Why have a dedicated computer as a firewall? Why not? Security is a layering process.
7. GPG is your friend.
8. There are two 7's.

I guess that's it. Have fun abusing the internet!

TAILS (https://tails.boum.org/) either in a VM or native. TAILS is mostly for convenience though and you can get better security by properly configuring your own system. Install and set up the TOR and vidalia bundle and a portable (read: in a folder) install of firefox. Install and set up FoxyProxy on that install, along with noscript, adblock plus, cookie monster, beefree and HTTPS Everywhere. Set up FF to reject all 3rd party (or even all, period) cookies.

https://www.eff.org/https-everywhere not on the plugins site AFAIK
http://honeybeenet.altervista.org/beefree/ the one on firefox plugins site is outdated

In foxyproxy, set all .onion sites to pipe through to TOR. Once you have done that and can browse with TOR, go here and follow the instructions to block known bad exit nodes.

http://xqz3u5drneuzhaeo.onion/users/badtornodes/


Keep in mind:

1. The encryption is great but it's only as strong as your password.
2. If you try to access an onion site without piping it through TOR, it will show up on your ISP's DNS logs. This can be partially remedied by using OpenDNS.
3. Never use the same username twice; this is even more important than never using the same (good long and random) password twice.
4. If you're good with Linux, consider installing Debian with full disk encryption and use that as your main OS. From there, you can secure your entire system even further.
5. They can see that you're using TOR even if they can't see what you're doing in TOR.
6. Proxies can make you unknown to your destination, but they make you AND your destination known to whoever runs the proxy server.
7. Why have a dedicated computer as a firewall? Why not? Security is a layering process.
7. GPG is your friend.
8. There are two 7's.

I guess that's it. Have fun abusing the internet!


I wanted to expand on #1, password length is better than the number of different symbols. I've mentioned on here before that something like bananatigerpenisdragon is a more secure password than g7jQ#!1n&


You could also use a sentence. "Oh my god this pasta is so amazing!"



Or, to use XKCD (https://xkcd.com/936/)'s example, correcthorsebatterystaple


https://sslimgs.xkcd.com/comics/password_strength.png