mirror of
https://0xacab.org/optout/into-the-crypt.git
synced 2024-12-12 09:24:33 -05:00
Additions+Formatting
This commit is contained in:
parent
45d5e9d198
commit
ab653bf2fa
@ -543,10 +543,11 @@ The OS selection should be oriented towards amnesia. TAILS could be leveraged wi
|
||||
|
||||
Fortunately, amnesiac solutions are growing. One can run TAILS with the HiddenVM project.[^50] HiddenVM is precompiled VirtualBox binaries to allow running virtual machines without an installation directly on TAILS. HiddenVM leverages the TAILS amnesiac system with Veracrypt's hidden partitions for plausible deniability. In this way, Whonix can be ran from TAILs and there will not be an overlapping use of TOR.
|
||||
|
||||
If a live USB with minimal processing power is not your niche, consider running a hardened base Linux, preferably using a Windows Manager (WM) over a full Desktop Environment (DE), to act as a hyper-visor that runs amnesiac virtual machines such as Whonix. If the option is taken to avoid live boot, the hardware selection becomes more important. First off, it would be in your best interest to use at least 16 GB of RAM. Secondly, consider using one SSD and one HDD. The HDD will be used to hold files, while the SSD is used for facilitating performance for the host OS. As previously stated, HDDs can be wiped by degaussing or overwriting physical sectors while this should be assumed an impossibility for an SSD. Each VM on the host should have a primary function; separate cases and even processes should have separate VMs. For the more technical, sandboxing applications can be used to add nested layers of security. Consider using a sandboxed profile for your virtualization software, whether it be KVM[^51] or VirtualBox[^52]. Inside the VM, use sandboxing to isolate your processes.
|
||||
Note: Amnesiac computing is highly advised for journalist with state targets on their back. Most malware will not be able to persist through different sessions, and often they will have to interact with hostile platforms and networks.
|
||||
If a live USB with minimal processing power is not your niche, consider running a hardened base Linux, preferably using a Windows Manager (WM) over a full Desktop Environment (DE), to act as a hyper-visor that runs amnesiac virtual machines such as Whonix. If the option is taken to avoid live boot, the hardware selection becomes more important. First off, it would be in your best interest to use at least 16 GB of RAM. Secondly, consider using one SSD and one HDD. The HDD will be used to hold files, while the SSD is used for facilitating performance for the host OS. As previously stated, HDDs can be wiped by degaussing or overwriting physical sectors while this should be assumed an impossibility for an SSD. Each VM on the host should have a primary function; separate cases and even processes should have separate VMs. For the more technical, sandboxing applications can be used to add nested layers of security. Consider using a sandboxed profile[^48] for your virtualization software, whether it be KVM[^51] or VirtualBox[^52]. Inside the VM, use sandboxing to isolate your processes.
|
||||
|
||||
Note: Amnesiac computing is highly advised for journalists with state targets on their back. Most malware will not be able to persist through different sessions, and often they will have to interact with hostile platforms and networks.
|
||||
|
||||
If a mobile device is deemed a necessity, leverage GrapheneOS on a Google Pixel. Encrypt all communications through trusted services or peer-to-peer (P2P) applications like Briar. Route all device traffic through TOR with the use of Orbot. Keep the cameras blacked out with electrical or gorilla tape. The concept of treating all signals as hostile should be emphasized here as the hardware wireless chipset cannot be desoldered. Sensors and microphones can successfully be disabled, but the trend with smaller devices is that they run as a System on a Chip (SoC). In short, multiple functions necessary for the system to work are tied together in a single chip. Even if you managed not to fry the device from the desoldering process, you would have gutted the core mechanisms of the system, resulting in the newfound possession of a paperweight.
|
||||
If a mobile device is deemed a necessity, leverage GrapheneOS on a Google Pixel. Encrypt all communications through trusted services or peer-to-peer (P2P) applications like Briar.[^53] Route all device traffic through TOR with the use of Orbot. Keep the cameras blacked out with electrical or gorilla tape. The concept of treating all signals as hostile should be emphasized here as the hardware wireless chipset cannot be desoldered. Sensors and microphones can successfully be disabled, but the trend with smaller devices is that they run as a System on a Chip (SoC). In short, multiple functions necessary for the system to work are tied together in a single chip. Even if you managed not to fry the device from the desoldering process, you would have gutted the core mechanisms of the system, resulting in the newfound possession of a paperweight.
|
||||
|
||||
### Market Vendor
|
||||
Let's assume the vendor is selling some sort of vice found on the DEA's list of schedule 1 narcotics. Fortunately in this use-case, unlike that of the anonymous activist (or the journalist in some cases), OPSEC is welcomed with open arms. In fact, vendors are even rated with their stealth (both from shipping and processing) as one of the highest criteria in consideration, along with the markets being TOR friendly, leveraging PGP, and ensuring full functionality without Javascript. Given the ongoing nature of these operations, and that they are tailored towards privacy and security, a more persistent system will likely be the best fit.
|
||||
@ -725,3 +726,4 @@ Donations to support projects under https://git.envs.net/WhichDoc are welcome wi
|
||||
[^50]: HiddenVM - https://github.com/aforensics/HiddenVM
|
||||
[^51]: KVM - https://www.linux-kvm.org/
|
||||
[^52]: Oracle VirtualBox - https://virtualbox.org
|
||||
[^53]: Briar P2P Messenger - https://briarproject.org
|
||||
|
Loading…
Reference in New Issue
Block a user