Difference between revisions of "Leaving no trace in a digital world"

From FreekiWiki
Jump to navigation Jump to search
 
Line 1: Line 1:
{{migrate}}
+
{{migrated}}
 +
[https://docs.google.com/document/d/1OtB29oDyaXT1Dp3iKLU6RPe059Ftcy3BzxT9GiMpnJU/edit?usp=sharing Link]
  
 
==Leaving No Trace In  A Digital World==
 
==Leaving No Trace In  A Digital World==

Latest revision as of 15:32, 8 August 2014

deletion

This page has been migrated to a document on Free Geek's Google Drive.

Information remaining behind may no longer be relevant.

MIGRATOR:

When you have tagged this page as migrated,
please add a link to the new document on Google Drive.

(Link to new page immediately below.)


Link

Leaving No Trace In A Digital World

Purpose: Learn how to communicate safely, to protect your data and to 'cover your tracks' by obfuscating your identity and browsing history, online and on your computer.

Because of its use within the TOR project [1], we will focus solely on using Firefox. http://www.mozilla.org/en-US/firefox/new/

This assumes the use of an Ubuntu [2] operating system. Most of these plugins and programs can be accessed through the Ubuntu Software Center, Synaptic Package Manager or terminal, but links will be provided when practical. While we may be able to answer questions regarding Windows-specific issues, this will not be included here.


Forms of snooping and how to counter each

Physical

  • Writing passwords down
    • Either don't do it or apply a basic, personal cryptography if you do
      • A simplistic cryptography would be to make every letter and number the one above it and reverse capitalization so that the password HallB56 would become iBMMc67
      • This is cryptography at its simplest
  • Using computers in view of others
    • Privacy filters are polarized pieces of plastic that make it where it is only possible to see your screen if you are directly in front of it
    • Don't type passwords or using sensitive sites that may reveal an identity in front of others
  • Physical keyloggers [3]
    • Checking the back of the machine if possible
    • Using another keyboard (Roll-up)
    • On-screen keyboard

DNS/OpenDNS

  • Explain the Domain Name System [4] and its exposure of your web use:
    • DNS translates sites typed in as words (ie: freegeek.org) into their actual IP addresses (ie: 67.23.3.45)
    • Think of it as a phone book for the internet
  • How it can be tracked through things like OpenDNS [5]
  • Tor vs. Tor Browser Bundle (TBB) – DNS leaks [6]
    • While it is possible for your traffic to be encrypted, without proper set-up, your DNS can go in "the clear" and reveal what sites your encrypted traffic is going to
    • This is why the TBB is preferred over manually configuring TOR

Computer Software

  • Malware or legitimate tracking software such as those used by companies or parents
    • Spyware, viruses and root kits
  • Temporary files / Cookies / Browser History
    • Instructions for clearing Firefox
      • Tools -> Clear Recent History -> Time Range To Clear : Everything -> Check all for most privacy
      • Add Firefox extensions ('plugins') for greater privacy
    • Not useful against keyloggers and malware
  • Private Browsing mode
    • Instructions for Private Browsing mode in Firefox
      • Tools -> Start Private Browsing
    • Not useful against keyloggers and malware
  • Universal privacy setting in Ubuntu (Ubuntu 12.04)
    • Deleting histories globally
    • Setting applications and types of applications to not log
    • Turning logging off globally
  • Bleachbit
    • Description: BleachBit frees disk space and guards privacy by freeing your cache, deleting cookies, clearing Internet history, shredding temporary files, deleting logs, and discarding junk. It wipes clean 90 applications. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Free and open source
    • http://bleachbit.sourceforge.net/ OR in the terminal type:
sudo apt-get install -y bleachbit

Route of Communications

traceroute to google.com (173.194.33.14), 30 hops max, 60 byte packets
1  192.168.0.1 (192.168.0.1)  3.016 ms  3.133 ms  6.081 ms
2  ptld-dsl-gw05-197.ptld.qwest.net (207.225.8x.1xx)  48.721 ms  52.120 ms  52.231 ms
3  ptld-agw1.inet.qwest.net (207.225.85.33)  54.018 ms  55.723 ms  56.663 ms
4  sea-edge-12.inet.qwest.net (67.14.41.26)  63.015 ms  67.598 ms  67.408 ms
5  65.122.121.66 (65.122.121.66)  121.780 ms  122.806 ms  124.521 ms
6  66.249.94.212 (66.249.94.212)  71.735 ms  46.955 ms  49.166 ms
7  209.85.253.24 (209.85.253.24)  49.250 ms  51.107 ms  51.987 ms
8  sea09s01-in-f14.1e100.net (173.194.33.14)  53.532 ms  55.166 ms  56.442 ms
  • ISP - your internet provider (#2-4 in traceroute example)
  • Backbones - infrastructure provided by large telecoms that most traffic goes through (#5-7 in traceroute example)
  • End Site - the web page,etc that you are visiting (#8 in traceroute example)
  • Government - M$/NSA makes it easier to hack you [8] “Purposeful backdoors in security products - another revelation from leaked security agency documents - benefit all hackers. If firms have allowed for weaknesses in their product sets, they don’t just open up holes for agents to exploit, but criminals too. Organised crime groups are pumping money into hunting for such vulnerabilities, placing the everyday user at ever greater risk.”
  • Your traffic could be logged, recorded or inspected at any point

Firewalling Online Identities

You should keep a public identity and at least one private identity. For the public identity, it should be things you want traced back to you. It could be linked to your real name so friends can find you. If you have a business you definitely want people to be able to find you. You want to keep everything you wish to keep private contained within private accounts that can never be linked to your public accounts or real identity in any way.

The basic and advanced principles of firewalling your identities are to prevent someone from linking information together about you from different sources on the web and tying your real and pseudo identities together or information you don't want out there. Here is a linking scenario.

  • You have a business called Example Business, Inc.
  • The attacker Googles Example Business, Inc. and finds your company web page
  • On your company web page you have a link to your business blog which is hosted on the Wordpress site at ebincaltaccount.wordpress.com
  • The attacker Googles ebincaltaccount
  • 5 years ago, you made an arrangement to sell something through a forum and publicly posted your phone number using ebincaltaccount as a username
  • Googling the phone number brings up a name and address
  • Searching for your name brings up personal blog posts about your family. Your facebook is not locked down so the attacker can see everything there. This is also linked to another email
  • Searching for that address brings up a listing on a site that logs your IP address
  • Running a whois on that IP address shows the attacker that it is static
    • A WHOIS [9] is a way of finding out information about an IP address or domain name
    • A dynamic IP addresses change from time to time and static addresses stay the same. A static address would be particularly interesting to an attacker as you would have had that same address for a while (which means it could be linked back to you) and that you have that address now (meaning they can attack that address and they know they are attacking your personal network)
  • Searching for that IP address returns other blog posts that link to another username
  • Searching for that username shows up some things you would like to never have linked back to your real identity (use your imagination)
  • The attacker now has your real name, address, phone number, web address, IP of your personal computer, family member's names, friend's names, multiple email addresses, multiple usernames and information you would like not to be known, etc. This all could be used against you in many forms.

Linking starts with what is known and branches out in all directions with each new piece of information that can be linked back to the original information and subsequent discoveries.

  • Basic
    • Maintaining a separate email account for privacy
    • Maintaining non-repeating usernames
    • Firewalling your real vs. private identities
      • Never refer to your private email or usernames from your public email or usernames and vice versa
      • Never refer to you other private accounts from another private account
      • Never release any real-world identifying information from private accounts such as phone number, address, name, etc.
  • Advanced - all the basic steps plus:
    • Create all emails and private user accounts through TOR, from open wireless connections, etc
    • Rotate connections or the appearance of different connections
      • This can be accomplished by clicking "New Identity" in Vidalia
    • Never have any of these emails or accounts tied to any non-public IP, non-proxied or non-TOR IP address (home, work or friend's internet connections)


Tor Browser Bundle

TOR is a second-generation form of the 'onion routing' concept which was originally developed by the US Navy. Your traffic is routed through multiple computers at different places on the globe. Each computers only know the last computer that sent it traffic, not the whole route, making backtracking impossible. https://www.torproject.org/about/overview.html.en

  • CAVEATS:
    • Your traffic is encrypted from your computer, through the route of computers until the very last computer in the chain. That computer decrypts your traffic to send it to it's destination. This would make it possible for someone running a rogue TOR node to see your traffic at this point. HTTPS, VPNs or other encryption should be used within TOR for the ultimate protection.
    • If a person is able to watch both the traffic coming out of your computer and the traffic arriving at the end site simultaneously, they can use statistical analysis to guess what traffic is yours. This is theoretical.

The Tor Browser Bundle (Portable TOR) is a version of TOR bundled with Vidalia and Firefox configured with the Tor Browser Button, HTTPS Everywhere and NoScript. It is used on an as-needed basis without installation. It comes configured for pretty good anonymity out of the box – https://www.torproject.org/projects/torbrowser.html.en

  • There is a possibility that adding more add-ons than listed here could compromise your anonymity
  • The changes to this installation are persistant
  • TBB Firefox vs. regular Firefox
    • Both can be running at the same time, one through your regular connection and one through the TOR network. Look for the Torbutton to avoid confusing the two.

TAILS

TAILS is an amnesiac LiveCD/USB that writes nothing to the hard drive. It is far safer than just TOR or the Tor Browser Bundle. It contains TOR, Pidgin, encryption tools and more - https://tails.boum.org/index.en.html

Suggested Firefox Plugins

Email Encryption

Thunderbird

GPG

Enigmail plugin


Miscellaneous

Pidgin – IM/IRC/Skype – On TAILS with OTR

  • OTR plugin - http://www.cypherpunks.ca/otr/
  • End to end encryption for chats
  • Pidgin TOR set-up
    • Accounts → Choose account → Proxy Tab → Use “Tor/Privacy (SOCKS5)” → Set host to 127.0.0.1 and port to 9050

Disk Encryption

Erasing Files

Environment Checks

Steganography: Concealing data within an object. http://www.strangehorizons.com/2001/20011008/steganography.shtml http://www.garykessler.net/library/steganography.html

https://ixquick.com/

  • This is a search engine that does not log searches, IP addresses or anything else. They also use no cookies.
  • They also offer an anonymous proxy connection on each search result [10]
  • More information here - https://ixquick.com/eng/protect-privacy.html