Difference between revisions of "Leaving no trace in a digital world"
Jump to navigation
Jump to search
GregTraylor (talk | contribs) |
GregTraylor (talk | contribs) |
||
| Line 5: | Line 5: | ||
Because of it's use within the TOR project, we will focus soley on using Firefox. | Because of it's use within the TOR project, we will focus soley on using Firefox. | ||
| − | This assumes the use of Ubuntu. Most of these plugins and programs can be accessed through the Ubuntu Software Center, Synaptic Package Manager or terminal, but I will provide links when possible. | + | This assumes the use of Ubuntu. Most of these plugins and programs can be accessed through the Ubuntu Software Center, Synaptic Package Manager or terminal, but I will provide links when possible. While we may be able to answer questions regarding Windows specific issues, this will not be included here. |
| Line 12: | Line 12: | ||
Physical | Physical | ||
| − | * Privacy | + | * Writing passwords down |
| − | * Not typing passwords or using sensitive sites that may reveal an identity in front of others | + | * Using computers in view of others |
| + | ** Privacy filters are polarized pieces of plastic that make it where it is only possible to see your screen if you are directly in front of it | ||
| + | ** Not typing passwords or using sensitive sites that may reveal an identity in front of others | ||
* Physical keyloggers | * Physical keyloggers | ||
** Checking the back of the machine if possible | ** Checking the back of the machine if possible | ||
| Line 20: | Line 22: | ||
DNS/OpenDNS | DNS/OpenDNS | ||
| − | * Explanation of Domain Name System | + | * Explanation of Domain Name System |
| + | ** DNS translates sites typed in as words (ie: freegeek.org) into their actual IP addresses (ie: 67.23.3.45) | ||
| + | ** Think of it as a phone book for the internet | ||
* How it can be tracked through things like OpenDNS | * How it can be tracked through things like OpenDNS | ||
| − | * Tor vs. Tor Browser Bundle – DNS leaks | + | * Tor vs. Tor Browser Bundle (TBB) – DNS leaks |
| + | ** While it is possible for your traffic to be encrypted, without proper set-up, your DNS can go in "the clear" and reveal what sites your encrypted traffic is going to | ||
| + | ** This is why the TBB is preferred over manually configuring TOR | ||
Computer Software | Computer Software | ||
Revision as of 08:43, 25 July 2012
Leaving No Trace In A Digital World
Purpose: To learn how to communicate safely, to protect your data and to obfuscate your identity and browsing history online and on your computer.
Because of it's use within the TOR project, we will focus soley on using Firefox.
This assumes the use of Ubuntu. Most of these plugins and programs can be accessed through the Ubuntu Software Center, Synaptic Package Manager or terminal, but I will provide links when possible. While we may be able to answer questions regarding Windows specific issues, this will not be included here.
Forms of snooping
Physical
- Writing passwords down
- Using computers in view of others
- Privacy filters are polarized pieces of plastic that make it where it is only possible to see your screen if you are directly in front of it
- Not typing passwords or using sensitive sites that may reveal an identity in front of others
- Physical keyloggers
- Checking the back of the machine if possible
- Using another keyboard (Roll-up)
- On-screen keyboard
DNS/OpenDNS
- Explanation of Domain Name System
- DNS translates sites typed in as words (ie: freegeek.org) into their actual IP addresses (ie: 67.23.3.45)
- Think of it as a phone book for the internet
- How it can be tracked through things like OpenDNS
- Tor vs. Tor Browser Bundle (TBB) – DNS leaks
- While it is possible for your traffic to be encrypted, without proper set-up, your DNS can go in "the clear" and reveal what sites your encrypted traffic is going to
- This is why the TBB is preferred over manually configuring TOR
Computer Software
- Malware or legitimate tracking software
- Anti-spyware/root-kit/virus
- Temporary files / Cookies / Browser History
- Clearing in Windows
- Universal privacy setting in Ubuntu
Route of Communications
- Router Logs
- VPNs – Privoxy/Hamachi/Proxy Switchy
- Traceroute Example
- ISP
- Backbones
- Government
- End Site
Neutral Online Identity
- Emails
- User names
- Firewalling real vs. nom-de-guerre
- Never use “real” connection for alternate identity
- What you write/release online
Portable TOR
Portable TOR is a program that runs without installation from USB or drive. It comes configured for pretty good anonymity out of the box – https://www.torproject.org/projects/torbrowser.html.en
- Plugin caveat
- TBB Firefox vs. regular Firefox
TAILS
TAILS is an amnesiac LiveCD/USB that writes nothing to the hard drive. It contains TOR, Pidgin, encryption tools and more - https://tails.boum.org/index.en.html
Suggested Firefox Plugins
- Adblock plus - https://addons.mozilla.org/en-US/firefox/addon/adblock-plus – Blocking ads blocks some tracking
- Download EasyList and Fanboy's list.
- Better Privacy - https://addons.mozilla.org/en-US/firefox/addon/betterprivacy –
- Deletes LSOs (Flash Cookies).
- Set to delete upon exit.
- Cookie Monster - https://addons.mozilla.org/en-US/firefox/.../cookie-monster -
- Check all options but “Block All Cookies” and the ones about the dialog and icon.
- Flash Block - https://addons.mozilla.org/en-US/firefox/addon/flashblock – Block ads/flash tracking
- Enable and choose to block Silverlight as well
- RefControl - https://addons.mozilla.org/en-US/firefox/addon/refcontrol – Changes referrer on website headers
- Choose “Forge” for sites not listed
- HTTPS Everywhere - https://www.eff.org/https-everywhere/ - Included in TBB and TAILS.
- Make sure it is enabled and never turn this off
- Noscript - https://addons.mozilla.org/en-US/firefox/addon/noscript – Included in TBB
- Choose to Forbid Scripts Globally
- TORButton - https://www.torproject.org/torbutton – Included in TBB and TAILS.
- Too many features to list ( https://www.torproject.org/torbutton/torbutton-options.html.en )
- Refer to TBB settings and choose more if wanted (suggested) but do not uncheck anything they've selected there.
- CAVEAT: Any extraneous applications may be able to track you
Email Encryption
Thunderbird
GPG
Enigmail plugin
Miscellaneous
Pidgin – IM/IRC/Skype – On TAILS with OTR
- OTR plugin - http://www.cypherpunks.ca/otr/
- End to end encryption for chats
- Pidgin TOR set-up
- Accounts → Choose account → Proxy Tab → Use “Tor/Privacy (SOCKS5)” → Set host to 127.0.0.1 and port to 9050
Disk Encryption
- Ubuntu encryption on install - $HOME
- LUKS - https://wiki.archlinux.org/index.php/Dm-crypt_with_LUKS
- gdecrypt as GUI
- Truecrypt
- Going through customs – outer encryption vs. inner hidden encryption - plausible deniability
Erasing Files
- Why they are not erased
- secure-delete - http://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux/19377#19377
Environment Checks
Steganography
Ixquick.com – non-logging search engine