The Art of Anonymity

[Kanade]

Nice tutorial.
Just a few remarks,

You don't talk about tor, but this serious.

  "TOR IS REALLY SECURE"

we can not qualify  anything really "secured" because as says it the sentence:
   "  安全性は錯覚です。"
Simply because the information which are transmitted on between knots, is not coded.
Secondly, because firefox isn't perfect, 0day are here.

  "TOR isn't secure"

This sentence is partly true for some time.
Before, we could change the configurations of TOR for something a little secure, but some options were deactivated because of a friend. thus there are the least interesting
(https://www.torproject.org/docs/tor-manual.html.en)

Other thing, you do not have  speak about the WIFI security...

Hide SSID! This not secure because your homespot  emit still, but it will protect you from begginner.

Use WPA2! If you have a WEP encryption and you can not change security mod, buy a new homespot, your homespot it's too older.

If you have WPA2, this is not yet secured.
Your WPA key (in HEX)  is normally situated on 64 bits (8 chars), with wordlist attack/bruteforce, you crack it in last 4 hours.

WPA2 propose it:

- WPA2 - 160-bit - 20 Characters
- WPA2 - 504-bit - 63 Characters

Don't use buffer overflow of 0x41 in example, because in wordlist it's maybe probable to have this word.

Use special chars (#,@,$) etc...

Use this for calculate the nomber of possibility for crack ur WPA2:
2^n > n=(log(x)/log(2)*k)

N corresponds to the entropy of your password. The more he is raised, the more it will be necessary to make out a will of combinations. We divide generally the 2^n by 2, because we rarely test all the possibilities. Convert then this result in minutes, hours, days, years following the trial speed (x password/sec).

Change password of your homespot configuration, Because there are often passwords of the kind:

•     admin:admin
•     admin:1234

               [....]

Oh I forgot: Disable WPS (PIN Vulnerable, PBC adn NFC: Bullshit)

Sorry for my english and Enjoy,
Regards, Kanade.

[lucid]

You seem like your are decently knowledgeable, if only I could understand your post better. Although I fail to see why this needs to be included in my tutorial about anonymity. If you would like to create a wifi security tutorial be my guest. Certainly it's good to secure your home network, but from an anonymity standpoint, it's better to just not do anything serious from home.

You don't talk about tor, but this serious.

It amazes me how people adamantly refuse to give up on Tor and move on. Tor is absolutely not necessary for privacy and anonymity, as there are many better options out there. It is flawed in that it's easy to track anyone who exits Tor, and it's heavily watched for obvious reasons. Certainly it has it's uses still, but you are a fool if you think you are even remotely safe on Tor. So please, can we stop insisting that we need to talk about Tor every time the topic of being anonymous is brought up? I've grown tired of hearing about it.

On another note, thanks for the feedback at least.

[Kanade]

 

Although I fail to see why this needs to be included in my tutorial about anonymity. If you would like to create a wifi security tutorial be my guest. Certainly it's good to secure your home network, but from an anonymity standpoint, it's better to just not do anything serious from home.

What?
We imagine that your neighbor crack your WiFi, he can now make a MITM is thus, steal your private data (and know your activities) and... you are not anonymized.

Your neighbor does not have to know who you are.

It amazes me how people adamantly refuse to give up on Tor and move on

I did not say the opposite.

Tor used a secure principle before (except encryption) and with a good tor configuration, we were "anonymous". But due to this mail: http://i.imgur.com/qDTwIxc.png

I contact you further to a configuration of your service(department), here we are, I shall wish i can choose my countries of connections, the problem it is that the function " AvoidCountries " does not work, her as others.


Blabla:

*
*
*

<Configuration>

Only the function "ExcludesNodes" is functional, impossible to relaunch the  TOR service

You will have understood him, I look for the anonymity and offshore countries

The tor configuration it's impossible.  (ADM have disabled all functions)
use I2P.

I also want to speak about "TrueCrypt"

• Truecrypt domain registed with a false address
• Truecrypt developers identity hidden
• Compiling Truecrypt source code increasingly difficult      
• Truecrypt license contains distribution restrictions (https://tails.boum.org/doc/encryption_and_privacy/truecrypt/)

      see more at: http://www.privacylover.com/encryption/analysis-is-there-a-backdoor-in-truecrypt-is-truecrypt-a-cia-honeypot/

We do not really know to whom belongs this honeypot, ... big brother?
use    DiskCryptor

[Snayler]

What?
We imagine that your neighbor crack your WiFi, he can now make a MITM is thus, steal your private data (and know your activities) and... you are not anonymized.

Even with your "WiFi" ("access point" would be the correct designation here)  secured and locked away, if you're using your home connection (the one your ISP assigned to you, the one with YOUR true name associated) you'll never be anonymous.
Securing your home connection has not much to do with anonymity, more with security.

[Resistor]

You seem like your are decently knowledgeable, if only I could understand your post better. Although I fail to see why this needs to be included in my tutorial about anonymity. If you would like to create a wifi security tutorial be my guest. Certainly it's good to secure your home network, but from an anonymity standpoint, it's better to just not do anything serious from home.It amazes me how people adamantly refuse to give up on Tor and move on. Tor is absolutely not necessary for privacy and anonymity, as there are many better options out there. It is flawed in that it's easy to track anyone who exits Tor, and it's heavily watched for obvious reasons. Certainly it has it's uses still, but you are a fool if you think you are even remotely safe on Tor. So please, can we stop insisting that we need to talk about Tor every time the topic of being anonymous is brought up? I've grown tired of hearing about it.

On another note, thanks for the feedback at least.

It's nice to see people here are realistic and objective in regards to Tor. On other forums, people say it's completely safe and mock anyone that says otherwise, even in spite of presented evidence.

Is there a consensus on I2P's ability to keep users safe, secure, and anonymous?

[lucid]

Is there a consensus on I2P's ability to keep users safe, secure, and anonymous?

Not yet. Not on this forum at least. I've honestly never used I2P either.

[proxx]

Not yet. Not on this forum at least. I've honestly never used I2P either.

I2P is a very cool project, use it sometimes.
Major difference is that its an anonymous network and as apposed to TOR not meant as a proxy.
There is a 'deepweb' like TOR, but its idea is to use the network within, sometimes called a darknet.
The encryption and identity protection is higher rated.
Its pretty specialized and will probably not make it so main-stream which is perhaps a good thing.
Only poor side is it coding language :S

[lucid]

It's coding language?

[proxx]

Mainly java.

https://trac.i2p2.de/wiki/java

Would be far more resource efficient based on something else.

[lucid]

Ah. Indeed.

[OT]

I don't like Tor because it's slow for one thing. Not to mention it's very easy to expose who a person is and what they are doing, it's easy to slip and leak some information about yourself. Plus the .onion net isn't as interesting as people make it out to be. Endnodes can sniff and hijack your session. It's no where near a perfect anonymity service. Don't ever use it for any serious hacks or anything like that.

Care to provide a source or elaborate on the part where you said that it is very easy to expose a person and what they are doing, or that its easy to slip and leak some information? As far as I know this is untrue for normal use cases, the only leaks I know of are associated with people using bittorrent.

Endnodes can be sniffed if you're not using encryption, but if you're sending sensitive data unencrypted you have enough problems as it is.

It seems to me it would be alot closer to anonymity than say a VPN or proxy provider who could be logging you on their own or under order of the law.

The feds fund 60% of its budget, it originated as DARPA technology, the exit nodes are best assumed as compromised, most Tor users use 1024-bit RSA/DH keys that the NSA can feasibly crack, the FBI recently made headlines for using a JavaScript exploit to infiltrate onion services, some protocols and poor browser configurations inadvertently leak information and so on.

Tor being mostly funded by the feds doesn't make it compromised, neither does it originating as DARPA technology.  If you use an outdated version of the Tor browser bundle you are taking the chance of being exploited, just like if you're running any other outdated software. The outdated encryption was fixed a while ago, as people update that will correct itself.


I'm not saying Tor is a perfect solution to anonymity because I don't think there is one, I just think its the best solution for the majority of use cases. VPN's and proxies are vulnerable to the same problems and introduce new ones.

[lucid]

I'm not saying Tor is a perfect solution to anonymity because I don't think there is one, I just think its the best solution for the majority of use cases. VPN's and proxies are vulnerable to the same problems and introduce new ones.

No there certainly is not one you're right. Although anonymity is a lot more then just using either a VPN, a proxy, or Tor. The most effective ways are ways that are rarely talked about in public, or on the public internet. Every search you make on Google about being anonymous will tell you to use either a proxy, Tor, or a VPN. It would be silly to think that all the ways of being anonymous that exist could be found on Ask.com

[OT]

Have you seen The grugq's speech "OPSEC for hackers" at Hack in the Box 2013? It mat be of interest to you and others, there are slides to go along with it. He's an internet security researcher and lately has been focusing on OPSEC (from hackers to spies) and he runs a blog that focuses on OPSEC. I found it interesting, maybe someone else will too.

[lucid]

Thanks for that. Have a cookie.

[Waspnuts]

This article is a pretty good read. While I am still learning, this is all very interesting.
Thank you for the time you have put into this.