“Clean” phone and laptop- project suggestions

View Latest Activity

Home Forums Radio & Communication “Clean” phone and laptop- project suggestions

  • This topic has 20 replies, 8 voices, and was last updated 1 week, 3 days ago by evig1. This post has been viewed 521 times
Viewing 18 reply threads
  • Author
    Posts
    • #149107
      Robert Henry
      Participant

        Let’s lay out a little project here and wargame it.

        Objective- to have a backup system of phone and computer comm as sterile as possible for spicy times. This would not be to buy AKs on the darkweb or anything illegal. Just seeking a setup that could be as anonymous as possible.

        Assumptions- assume the user knows pretty much nothing about computers, computer programs, etc.

        Components- off the shelf new laptop bought in a completely different venue for cash from a big box store in the $300. range. Similar on the phones- prepaid type phones. Assume everything is brand new and unopened (someone once mentioned that you don’t want your Iphone near something like this for security).

        Again, assume the reader knows nothing about computers, operating a prepaid phone, etc.

        What would you do with this and how would you do it? Be as specific as possible- I.e, “find a major Starbucks away from your AO and download blah blah blah via their wifi” etc.

        www.jrhenterprises.com

        Lost my MVT class list- been here a time or two :)
        Team Coyote. Rifleman Challenge- Vanguard

      • #149112
        xsquidgator
        Participant

          There are several layers of the onion with this, but for now I suggest do the following.
          This will give you tools to work with and learn as you do.

          1) Put Ubuntu operating system on laptop and use the option where as you install it, you totally overwrite the hard drive and OS that’s already there.
          Get Ubuntu ISO file from
          https://ubuntu.com/download/desktop
          Burn the ISO to a DVD, then boot up the computer from that DVD and follow the instructions.
          Use the default username on it USER or whatever this is. Write the username password on a piece of painter’s tape and stick it to the computer, remove when you need to.

          2) Install various apps/programs
          a) Veracrypt (do this for all of your machines not just this one) for encrypting any data you want to keep there.
          https://www.veracrypt.fr/code/VeraCrypt/

          b) Some kind of PGP email encryption.
          I like Firefox browser (should be standard with Ubuntu) and install the Mailvelope add-on for Firefox so that you can “do” PGP.
          Alternatively, you can use something else.
          Another popular one is Thunderbird email program with the Enigmail add-on.

          c) Tor browser bundle *Tor could be another whole thing on it’s own. But at least get it so that you can use it or not, instead of trying to catch up after it’s hard to get for some reason.
          https://www.torproject.org/projects/torbrowser.html.en

          d) put FLDIGI on there, this lets you encode/decode things like Morse code, Radioteletype and many more.
          Do this even if you’re not a radio guy (yet).
          http://www.w1hkj.com/

          This is the short version. Ubuntu is easy to use but some computer skills will go a long way to easing the path.

          3) Separate from this laptop thing, get a TAILS ISO image and install it on a memory stick.
          Short version is that you can use TAILS to boot up on a different computer (like at a library maybe, or somewhere else) and have your anonymous internet session, then power down when you’re done. THere’s no trace of you ever having been there on the computer you were using.

          4) Information Discipline and Security
          All of the above are just tools, but just like with guns knives etc, only you and what you do will make you safe/private. These tools just give you the potential to keep your digital stuff private, but they require information discipline to work.
          For instance don’t go to all this trouble, only to use this secret laptop to login to your Amazon account and buy stuff to ship to your house.
          There are many other examples and things to know. Think of it as “Jack” owns this secret computer of yours and only “Jack” uses it. Make sure “Jack” doesn’t use it around your house and make sure “Jack” keeps himself away from anything associated with you. Probably a good idea to not let “Jack” do his thing when your cellphone is nearby, too.

          • This reply was modified 2 weeks, 6 days ago by xsquidgator.
        • #149115
          Tony S
          Participant

            Robert,
            I’m going to ignore the phone bit because that’s not my area. But regarding the computer, what do you want to the ‘clueless user’ to be able to do with it?

            Being a computer geek by both temperament and trade, I tend to utilize tools that aren’t used by the common ‘clueless user’ but that can address the topic in question. For example I use Linux operating systems for everything except gaming and some multimedia work. I’ve been using a live-boot USB key containing Kali Linux that I can use to boot any of our laptops, use it, and then shut it down and the only record that *might* exist would be on the memory chips (RAM) and you’d have to good tech skills to access that, so if it was critical then removing the RAM would be next step so it would decharge and if I was paranoid (and rich) I’d nuke the RAM chips in a microwave and replace them with new ones, but honestly that’s going overboard. But I use the Kali Linux live-boot USB option when I have to do foreign travel, or attending certain conferences — in some travel circumstances I will actually remove the hard drive from the laptop (with my ‘normal’, non-secure OS) before the trip so that it can’t be removed and imaged.

            Sorry for the digression, but anyway the live-boot from USB key I think is the best option if you want something portable, and something that you can setup to leave (almost) no traces on the host system. But the big BUT here is that both creating the live-boot key and then knowing how to use the Linux OS to do things like join Wi-Fi networks is not something that I would normally ascribe to the ‘clueless user’ community, and would require effort to learn. So, I know that this strays from your ‘assume the reader knows nothing about computers’ requirement, but the amount of official ‘spyware’ built into modern commercial operating systems makes the idea of just using an out-of-the-box, vanilla windows/mac product and achieving any kind of anonymity is a bit of a pipe dream these days.

            I won’t bog down the thread any more unless you want more details on this type of approach.

          • #149110
            xsquidgator
            Participant

              There are several layers of the onion with this, but for now I suggest do the following.
              This will give you tools to work with and learn as you do.

              1) Put Ubuntu operating system on laptop and use the option where as you install it, you totally overwrite the hard drive and OS that’s already there.
              Get Ubuntu ISO file from
              https://ubuntu.com/download/desktop
              Burn the ISO to a DVD, then boot up the computer from that DVD and follow the instructions.
              Use the default username on it USER or whatever this is. Write the username password on a piece of painter’s tape and stick it to the computer, remove when you need to.

              2) Install various apps/programs
              a) Veracrypt (do this for all of your machines not just this one) for encrypting any data you want to keep there.
              https://www.veracrypt.fr/code/VeraCrypt/

              b) Some kind of PGP email encryption.
              I like Firefox browser (should be standard with Ubuntu) and install the Mailvelope add-on for Firefox so that you can “do” PGP.
              Alternatively, you can use something else.
              Another popular one is Thunderbird email program with the Enigmail add-on.

              c) Tor browser bundle *Tor could be another whole thing on it’s own. But at least get it so that you can use it or not, instead of trying to catch up after it’s hard to get for some reason.
              https://www.torproject.org/projects/torbrowser.html.en

              d) put FLDIGI on there, this lets you encode/decode things like Morse code, Radioteletype and many more.
              Do this even if you’re not a radio guy (yet).
              http://www.w1hkj.com/

              This is the short version. Ubuntu is easy to use but some computer skills will go a long way to easing the path.

              3) Separate from this laptop thing, get a TAILS ISO image and install it on a memory stick.
              Short version is that you can use TAILS to boot up on a different computer (like at a library maybe, or somewhere else) and have your anonymous internet session, then power down when you’re done. THere’s no trace of you ever having been there on the computer you were using.

              4) Information Discipline and Security
              All of the above are just tools, but just like with guns knives etc, only you and what you do will make you safe/private. These tools just give you the potential to keep your digital stuff private, but they require information discipline to work.
              For instance don’t go to all this trouble, only to use this secret laptop to login to your Amazon account and buy stuff to ship to your house.
              There are many other examples and things to know. Think of it as “Jack” owns this secret computer of yours and only “Jack” uses it. Make sure “Jack” doesn’t use it around your house and make sure “Jack” keeps himself away from anything associated with you. Probably a good idea to not let “Jack” do his thing when your cellphone is nearby, too.

            • #149118
              Joe (G.W.N.S.)
              Moderator

                Here’s some thoughts.

                First, what most people think they know about this is outdated or wrong!

                Second, if setup properly it isn’t the gear that will lead to a compromise, it’s the user. Depending on who your adversary is and what you expect to achieve. One deviation from procedures by user or who you are communicating with (if they know your real identity) and your compromised.

                Components- off the shelf new laptop bought in a completely different venue for cash from a big box store in the $300. range. Similar on the phones- prepaid type phones. Assume everything is brand new and unopened (someone once mentioned that you don’t want your Iphone near something like this for security).

                More and more I prefer used equipment.

                Your equipment and your private equipment can never be operated within same electronic window or even be in the same physical vicinity (regardless if powered) without barrier protection.

                While burner phones can have a place there are options to make and receive mobile phone calls without cellphones which adds another layer of privacy and protection.

                Just some initial thoughts. ;-)

                Put Ubuntu operating system on laptop…

                This is a good system for non-technical user.

                TAILS

                :good:

                Kali Linux live-boot USB option

                :good:

              • #149128
                Joe (G.W.N.S.)
                Moderator

                  Another aspect to this, is what you consider privacy?

                  Preventing others from monitoring what you do online is one part of privacy.

                  Preventing others from knowing where you are located requires different methods.

                  Some of what xsquidgator and Tony S mentioned with TAILS and other “OS on Stick” prevents forensic recovery of your online activity on specific devices.

                  Other related to forensic defense are “deadman switches” (require periodic logins to prevent automatic wipe of memory) or too many incorrect attempts at logins engages disk wipe.

                  Ultimately you need a minimum of three groups of devices.

                  One for your normal online and communication use.

                  Another for your basic privacy concerns.

                  Lastly a dedicated anonymity system, with possible backup systems in the event of compromise.

                  These will require a layered approach, with proper selection of hardware, software, old school deception techniques, and user knowledge.

                  While it is possible to build a setup for less tech savvy people there will be a learning curve with minimum required knowledge. As well as a method of modifying and upgrading as things change.

                  Ultimately without a true expert to keep less savvy updated, this will not last very long and could lead to a false sense of security.

                • #149129
                  Tony S
                  Participant

                    Ultimately without a true expert to keep less savvy updated, this will not last very long and could lead to a false sense of security.

                    :good:

                    This +1,000

                  • #149144
                    veritas556
                    Participant

                      In terms of the phone part, is there any consensus on Signal vs Telegram, etc and using apps such as Coverme for 2nd phone lines to set them up rather than a second phone itself?

                    • #149146
                      Joe (G.W.N.S.)
                      Moderator

                        In terms of the phone part, is there any consensus on Signal vs Telegram, etc and using apps such as Coverme for 2nd phone lines to set them up rather than a second phone itself?

                        My choice is Signal and this is backed by experts I trust.

                        There are many apps to get a phone number, which the sole purpose is getting the number for Signal to use, not to actually use the other selected app. Basically the other app is to reserve the number.

                        This applies to use with a phone or other device playing the role as a phone.

                      • #149159
                        veritas556
                        Participant

                          Any tips for operating on Mac OS other than the obvious one of encrypting the HD, not using iCloud or iTunes? Would a VPN and TOR browser provide sufficient privacy?

                        • #149161
                          Joe (G.W.N.S.)
                          Moderator

                            Been awhile since I’ve used macOS.

                            TOR used to work well for basic privacy and probably still does with macOS.

                            TAILS is an option.

                            Dual boot macOS/Linux is another option.

                            Maybe there is a more current macOS person here.

                          • #149203
                            SeanT
                            Keymaster

                              Any tips for operating on Mac OS other than the obvious one of encrypting the HD, not using iCloud or iTunes? Would a VPN and TOR browser provide sufficient privacy?

                              TOR exit nodes are well known. Any VPN peers with ‘someone’ who can see your caller IP and probably have your DNS queries sent to the VPN provider for resolution. MAC O/S now is effectively linux/unix under the hood.
                              When there are BGP ‘events’ that wind up shunting giant chunks of the Internet traffic thru Russia or China, those aren’t all ‘mistakes’. They hoover up tons of data. Who are you wanting to be private from?
                              The capabilities in network monitoring are pretty good. There are some appliances that can detect certain things in encrypted traffic without decrypting. Patterns in packet size, etc can be illuminating to the curious if you watch long enough.

                              • This reply was modified 2 weeks, 5 days ago by SeanT.
                            • #149238
                              veritas556
                              Participant

                                Who are you wanting to be private from?

                                That’s a great question. Is it naive to think you can communicate and surf the web in a way that is untraceable by say, a gov’t agency?

                              • #149247
                                Joe (G.W.N.S.)
                                Moderator

                                  Is it naive to think you can communicate and surf the web in a way that is untraceable by say, a gov’t agency?

                                  Like many things we deal with, it depends.

                                  As demonstrated numerous times when dealing with Trolls, I can track down the actual identity, location, and background of most people using free OSINT.

                                  Regarding Government, what resources have been deployed against you?

                                  If the combined unrestricted resources available have been brought against you then yes it is naive.

                                  Of course such effort is not used very often.

                                  Not all agencies have the same capabilities.

                                  Most users don’t have the knowledge or discipline to make it even difficult to be tracked.

                                • #149259
                                  SeanT
                                  Keymaster

                                    Who are you wanting to be private from?

                                    That’s a great question. Is it naive to think you can communicate and surf the web in a way that is untraceable by say, a gov’t agency?

                                    Yes

                                    Think about it like using a magnifying glass to light a fire
                                    if the light is focused on you, you will get burned.

                                    • This reply was modified 2 weeks, 4 days ago by SeanT.
                                  • #149271
                                    veritas556
                                    Participant

                                      This is all very interesting stuff, thank you. Is there a testing service or people who can evaluate your setup (laptop or phone) to see how protected you are or aren’t? I feel like this a classic “don’t know what you don’t know” exercise.

                                    • #149623
                                      Robert Henry
                                      Participant

                                        So another layman’s question- Just hooked up a new computer (not related to the original question) and basically we could do NOTHING with the computer until we “signed in” using a bill gates approved (microsoft) “account” and got reamed for info.

                                        How the hell you get around this on a new computer???

                                        www.jrhenterprises.com

                                        Lost my MVT class list- been here a time or two :)
                                        Team Coyote. Rifleman Challenge- Vanguard

                                      • #149638
                                        Joe (G.W.N.S.)
                                        Moderator

                                          How the hell you get around this on a new computer???

                                          Do you need Windows for a specific use?

                                          If not I would switch to something like Ubuntu (Linux).

                                        • #149708
                                          evig1
                                          Participant

                                            “So another layman’s question- Just hooked up a new computer (not related to the original question) and basically we could do NOTHING with the computer until we “signed in” using a bill gates approved (microsoft) “account” and got reamed for info.

                                            How the hell you get around this on a new computer???”

                                            There is no good way around this within windows. That is how it is coded.
                                            Your best bet is to either wipe windows out completely (Warning – this is permanent) and install your preferred more secure operating system or boot off of a usb key that has your desired version of Linux (and then no longer use windows as your os). Which option you choose depends on your level of computer knowledge and what exactly you are trying to accomplish.

                                            Mac OS and Windows are both compromised OS’s. There is no privacy with either of these. Even on linux, unless you are using a version specifically tailored for privacy and combine this with tor or a vpn, your private info can be compromised easily.

                                            If you install linux to your hard drive (instead of running live), I would recommend installing virtual machine sw (virtualbox is a good option) and running whonix or tails.

                                            Consider protonmail for email and vpn access. Both can be had as a basic version for free. I would recommend using one account as your “normal, every day” account.
                                            and a separate account that is created only once you are using tor / vpn. This second account should not be tied to the “normal, online you” in any way.

                                            None of this is crazy complicated, but it is does take time and experimentation.
                                            There is no easy button for this stuff.

                                        Viewing 18 reply threads
                                        • You must be logged in to reply to this topic.