Git-Mirrors/anarsec.guide
1
0
Fork 0
mirror of https://0xacab.org/anarsec/anarsec.guide.git synced 2025-07-29 17:38:46 -04:00
Code Issues Projects Releases Packages Wiki Activity

whonix updates

Browse source
This commit is contained in:
anarsec 2023-07-13 23:20:32 +00:00
parent 849dc2dfb5
commit 6f33bc5e8d
No known key found for this signature in database
5 changed files with 19 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
content/posts/tails-best/index.md
View file

@ -74,7 +74,7 @@ This second issue is mitigated by **not using an Internet connection that could
* Do not make a routine by using the same cafes repeatedly, if it can be avoided.
* If you need to buy a coffee to get the Wi-Fi password, pay in cash!
* Position yourself with your back against a wall so that nobody can 'shoulder surf' you to see your screen, and ideally install a privacy screen on the laptop.
* Maintain situational awareness, and be ready to pull out the Tails USB and power down the computer at a moment's notice. An individual responsible for a darknet marketplace had his Tails computer seized while distracted by a fake fight beside him. Similar tactics have been employed [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt by a short length of fishing line, the feds would have very likely lost all evidence when the Tails USB was yanked out - a more technical equivalent is [BusKill](https://docs.buskill.in/buskill-app/en/stable/introduction/what.html) (we don't recommend buying it through mail, which can be intercepted to make hardware [malicious](https://en.wikipedia.org/wiki/BadUSB)). You can also remove the laptop battery so that if the power cable is removed, the laptop immediately powers off. The Tails USB being removed will cause the screen to freeze on whatever was up last, and powering down the laptop will cause any LUKS USBs to be encrypted once [the RAM dissipates](https://www.kicksecure.com/wiki/Cold_Boot_Attack_Defense). If maintaining situational awareness feels unrealistic, consider asking a trusted friend to hang out who can dedicate themselves to this.
* Maintain situational awareness, and be ready to pull out the Tails USB and power down the computer at a moment's notice. An individual responsible for a darknet marketplace had his Tails computer seized while distracted by a fake fight beside him. Similar tactics have been employed [in other police operations](https://dys2p.com/en/2023-05-luks-security.html#attacks). If his Tails USB had been attached to a belt by a short length of fishing line, the feds would have very likely lost all evidence when the Tails USB was yanked out - note that [Tails warns](https://tails.boum.org/doc/first_steps/shutdown/index.en.html) "Only physically remove the USB stick in case of emergency as doing so can sometimes break the file system of the Persistent Storage." A more technical equivalent is [BusKill](https://docs.buskill.in/buskill-app/en/stable/introduction/what.html) - we don't recommend buying it through mail, which can be [intercepted](https://docs.buskill.in/buskill-app/en/stable/faq.html#q-what-about-interdiction) to make hardware [malicious](https://en.wikipedia.org/wiki/BadUSB)). The Tails USB being removed will shut down Tails and [overwrite the RAM with random data](https://tails.boum.org/doc/advanced_topics/cold_boot_attacks/index.en.html). Any LUKS USBs that were being used will now again be encrypted. If maintaining situational awareness feels unrealistic, consider asking a trusted friend to hang out who can dedicate themselves to this.
* If cafes without CCTV cameras are few and far between, you can try to access the Wi-Fi of a cafe from outdoors, outside of the view of their cameras. Some external Wi-Fi adapters will be able to catch signals that are further away, as discussed [below](#appendix-2-location-location-location).
* If a determined adversary breaks Tor through a [correlation attack](https://anonymousplanet.org/guide.html#your-anonymized-torvpn-traffic), the Internet address you had used in a cafe without CCTV cameras will only lead to your general area (for example, your city) because it is not associated with you, provided that you don't use it routinely. A correlation attack being used to deanonymize a Tor user is unprecedented in current evidence that has been used in court, though [it has been used](https://medium.com/beyond-install-tor-signal/case-file-jeremy-hammond-514facc780b8) as supporting evidence once a suspect was already identified to correlate with. Correlation attacks are even less feasible against connections to an .onion address, because you never exit the Tor network, so there is no 'end' to correlate with.
* However, a more likely low-tech 'correlation attack' is possible by local law enforcement, starting from your identity rather than starting from your anonymous Internet activity, if you are already in their sights and a target of [physical surveillance](https://www.csrc.link/threat-library/techniques/physical-surveillance/covert.html). For example, if a surveillance operation notices that you go to a cafe regularly, and an anarchist website is always updated in those time windows, this pattern can indicate that you are moderating that website. Perhaps an undercover can even get a glance at your screen.