Getting Started On Privacy, Anonymity, and Security

Intro

Privacy: What you write, save, listen to, visit is to be known only to you and those with whom you share. 3rd parties are excluded unless by invitation.

Anonymity: Someone may know A Person wrote, saved, listened to, or visited something, but do not know who it was.

Security: The stuff you save and the systems you use, are protected against compromise or intrusion.

There’s a 4th leg to this stool, but it’s usually not the main point, so often ignored. Policing, detection, and characterization of failures in maintaining Privacy, Anonymity and Security. Intrusion Detection tells you when you need to fix things, and what risks you now have on you. It will come after everything else.

Many folks confound Privacy with Anonymity. They are VERY different things, and the methods used to attain them are also very different. Just be aware of that for now. I’ll attempt to flag just which thing is achieved at each step, and which thing is compromised to some extent. I won’t always be complete or accurate, as things change.

Clearly, if your Security is breached, your Anonymity and Privacy are out the window. For that reason, the most emphasis goes into a Secure System and Secure Operations. The most secure system is worthless if folks do dumb things like leave the password written next to the terminal, or run an insecure application on top of it.

For example, many Web Pages are just full of things to suck information about you out of your computer or phone. So be very sure that you just don’t do Dodgy Things on them. Note that some of THE most common applications run are in the business of spying on you, violating your privacy, and preventing anonymity. Log in to read news? It is stealing your identity information to some extent. Use Google Maps? It is tracking where you are interested in going, and possibly even when. Use WiFi at a Starbucks 1/2 way down that trip, to get a google map update? You just confirmed you are on that trip. Your behaviour matters more than anything else.

Changing habits and behaviour is not easy. It will be the most trying thing about all of this.

There are some “Chicken & Egg” problems in gaining Anonymity, especially. To do just about anything, you need some form of payment, or a physical address, or an email address. ALL of these attempt to track you, often by law. In some countries it is illegal to do some of the things that are legal where I am, so be aware of your laws.

I ran through trials of some of these steps as I have, for a long time, been a White Hat doing various security functions with computers and networks. In order to know how to catch Black Hats, it is helpful to know what they do (and where they might fail). So yes, I’ve done some of this myself. I’ve also found that in several cases I did them in a less than optimal order, or flat out screwed it up in some way. Don’t be afraid to have a “Do Over”. Sometimes a 2nd pass not only fixes mistakes, it provides an opportunity to clean up the trail even more.

Realize, too, that as I was doing this to find those places where I could “Catch A Bad Guy”, my purpose had me doing things as much as possible in the way that a criminal might want to do them. I did find many opportunities to ‘catch folks’ in the errors I made. But then didn’t really care about the errors for my own personal use. For you, you might care a great deal so will benefit from my observations, or more likely, I’m doing “way overkill” and all you really need is 1/5 what I did.

Realize, too, that I was “on the road” living out of a hotel for 1.6 years, so some of this was needed just to function locally. Like a mail box and a local bank. Since I was doing it anyway, why not make it fun?

Choose your level of action to match your actual needs.

A Mail Box

Having an address at a mail service foils folks doing a “Google Street View” of your home. It provide some address anonymity for you. Also some physical security as folks can’t read your Facebook post from your vacation, look at the check you wrote to them, pick off the address, and have some friends go boost your place. They wind up looking at a mail box service store.

This also matters later for things like getting a DNS record for your own “Dot Com” address or other IP Address Registration. At least at one time the address you used was in the public record and anyone with Linux could find it. (I hope that has changed, but I’ve not looked in decades).

OK, one example screw up. I opened a Mail Box. You must give a form of payment, and a phone number, and a real residential address. It was not always this way, but a law some decades back changed that. I had a pre-paid debit card and cash for payment, but was not ready for the phone number. Handed over my real one (as it was a learning experience, NOT a real need). The physical residence address thing is hard to get around. Even if you do it in two steps, one box, then another one using the prior address, then drop the first box, there’s a paper trail with the USPS. I suppose you could rent a room in a flop house for cash for a month, but I wasn’t willing to go that far. Already having a “burner phone” at this point would help a little.

Pre-Paid Debit Card

Note the statement about pre-paid debit card. I got mine at Walmart for cash. It had an option to get one with my name on it, mailed to me, so I did. During that process it plays “20 Questions” with you to prove up your identity. (Where you lived before, prior work history or similar things that might be in public records). At that point, your form of payment has lost Anonymity. OK, I’m not THAT worried as I’m not dealing drugs nor a fugitive from the law. Just realize a Pre-Paid Debit Card will either have no information and be harder to use in some places (where they want to see a name on the card), or it will finger you. So, pre-paid card in hand, but NOT telling them who you are, you can buy some stuff with the payment trail incognito. Though if an online site asks for “name on the card” or your zip code, that kind of kills the buzz.

I use mine for small scale buys at places that might have the data stolen, and only load it up with maybe $200 at a time (and usually promptly spend at least half…) So for gas pumps and fast food joints, it’s great. IFF ever compromised, I might be out $20 to $100. My “main card” is only used at the Bank. There I use it only to take out cash. That cash is either spent directly, or put on the pre-paid card. In this way my bank history is separated from my purchase history AND any compromise of the buying card does not reach to the bank account. Annoying? A little, but not much.

After I got the Mail Box, I then also opened a bank account with that address. Now that Bank Account knows that address and it knows who I am (as you must show ID at the bank to get an account). However, now I can get that bank card with the box address. I also have a “Bank Statement” with that address which some folks accept as proof of address. FWIW, I also swapped the pre-paid card address to the box. At this point, more of my public record is showing me living in a box…

Burner Phone

As my regular phone was slowly dying, battery good for a few minutes, power plug loose… I wanted a newer phone, and decided to play with the idea of a “Burner Phone”. I chose a “Tracfone”, partly as it was very cheap and partly for the pun of a non-tracking phone named “Tracfone” ;-) It is owned by a Mexican megabucks guy (Carlos Slim, I think…) and popular with drug dealers… You can get them at many places, from Walmart to Best Buy and more. There are other carriers too.

A ‘refill’ card can be bought at most drug stores and lots of other places too. I tend to get the $19 / couple of months card as I don’t talk or text much.

I’d intended to get the dumb ‘flip phone’ for $20, but they were all sold out everywhere when I was looking. Instead, for something like $58, I got a Samsung lower end ‘smart phone’ running Android.

Issue here is showing up on cameras in the store when you buy it, and if you don’t pay cash, your payment method will finger you. I was not particularly careful, so I’m on camera at a Best Buy using cash. (This will be easier with the mask mandate ;-)

They repeatedly try to get you to set up an account with automatic payments. I repeatedly decline.

Errors on my part:

I use this when my other phone craps out, or when in Florida as I selected a Florida number. Since I call the same “Family & Friends” with it, that calling pattern will identify me as me. To be really secret with Burner Phones, BOTH parties must have burner phones and they must not be used to call “your usual” contacts.

I often have them both on, and with me, at the same time. This creates a pattern of connections to cell towers and GPS locations that shows they are on the same guy. To do this right, when one is on, the other is off (but don’t switch them at the same moment. Old one off, go somewhere else, new one on).

Android “Fingerprints” on things like WiFi SSIDs (names) you are around. I leave the WiFi on, even at home. I’m certain nearly nobody on the planet (with the possible exception of my spouse) have the SSIDs of my home WiFi AND my Florida Friend WiFi in their fingerprint. To properly use this, one ought to NEVER EVER activate the WiFi at home, work, or any other of your usual haunts. ONLY turn on WiFi when “on the road” somewhere far far away.

To do it all really really well, like for actual illegal stuff, you would use a Flip Phone, not the Smart Phone, and replace it with a new one every few weeks. But that wasn’t my goal. So I still have mine several years later.

The Next Steps

So, now that you have a Mail Box to hide your physical address, and a burner phone to hide your real phone number and location when using it, and a Pre-Paid Debit Card to isolate your banking information from your physical self and your real banking goods:

Now you are ready to do things like buy a computer, open accounts for VPNs, get a DNS registration and all the other Tech Stuff that will want a Payment Method, an Address, and often a phone number.

They will also want an email address. So your next step is to get what is essentially a “burner email” account. I use a free one from AOL. Why? Because AOL for a very long time (and probably still) had a reputation as being THE most non-tech address in the world. Used by Noobs and folks who were clueless. Where better to hide? So sign up for one of them.

DO NOT use it for anything at all that matters. Not family. Not friends. Not financial stuff. This is your SPAM Collector and JUNK Address. Have some other email address for real things.

Use this address for signing up for things like a VPN account or for places that demand you have an email to log in. (In theory, it would be better to have a few of these and isolate uses between them. So one used ONLY for ‘public comments’, another for “log in to account” where you don’t really want to log into an account, a third for VPNs and other accounts you care about, but want to isolate from your private self, and then a truly private email used ONLY with family and friends. I’ve not gone that far as I’m lazy. But I likely will in my next address recycle. (My ‘open address’ is now so clogged with SPAM, Alumni notices, Political Party Nags (from both parties as I donated to both at one time or the other… Bernie and Trump.. go figure…) etc. that it’s about time to diverge again.

With email accounts in hand, and a pre-paid Debit Card, you can now move on to the next steps.

Get A VPN Account

To some extent, all the prior stuff was just building up to this point. Getting a VPN account. It is likely to want an email address, a form of payment, and perhaps even some kind of other contact information (address or phone number to validate payment method…). But now you have all those in hand. They just are not where you actually live, bank, or get email. 8-)

So sign up for that VPN account and move on.

Why a VPN? Because all the other on-line things you do will try to finger your location, harvest your IP Address, and more. The VPN will hide much of that, and your Pseudo-Me banking, mail address, and payment method will hide a lot of the rest.

Just WHICH VPN will be a subject for a future study / investigation. I was “in a park” in a coach so was, effectively, already ‘hidden’ and didn’t actually get a VPN at this step. Between my Hot Spot (bought cash at Walmart) and the RV Park net, I already had a couple of obfuscations. Then I also used Starbucks WiFi and the local library WiFi. Yeah, you could peg me to about a 50 mile radius, but just where?… So I need to do some digging. Reviews I’ve read so far put Express VPN up at good marks, and Bongino has them as an advertizer, so they are my #1 probable at this time.

The Computer

What good is a VPN without a computer?

Well, you CAN use it with your phone, but I don’t treat my phone like a computer. One of my key behaviour things is to isolate usages. Do Not put a bunch of functions on one device. Too easy to then have a Bad Guy (perhaps even a TLA Officer who is acting as a Bad Guy) get all of it in one go.

So my phone does texts, phone calls, and weather reports and not much else. Oh, and Solitaire… I have other Apps on it, but really don’t do much else. Flashlight of a sort sometimes. A weather radar app.

For the Computer, a lot of folks are stuck on PCs. Intel & Windows. THE big problem with them is that the cost is so damn high. We’re talking $100s to $1000s of bucks. SO you only get ONE and you put EVERYTHING on it. Then hook it up to ONE network with ONE ISP and then wonder why it is so easy to finger you and what you do.

In the coach in Florida about 15? years ago was when I first got a Raspberry Pi. The original B+ model. Single processor, 700 MHz. Not a lot of memory. I hooked it up to the TV in the coach at the RV park with an HDMI cable, and used the park WiFi with it (via a dongle). I did, also, have an HP Laptop that was used at Starbucks, and at work, and on the road with the Hot Spot (an old G2 that was slow but worked – also bought with cash at Walmart and with a ‘data load card’ not an account).

That was when I started my slow path to Divergent Uses on different systems.

Over the years, the laptop died and I bought an HP ChromeBox (again, mostly just to learn about them and because I was in need of something QUICKLY as the laptop died and for cheap helped). The Chromebox has now hit EOL on support and moved to the “Someday put linux on it” pile. But what really took off was SBCs (Single Board Computers). I’ve got an unknown number of them now. Really. I’m just not sure. They are so damn cheap, I’ll buy one just to play with it. Some end up Daily Drivers for a while and used a lot. Others Hanger Queens, played with for a while, then set aside. What I THINK I may have:

2 x Raspberry Pi B+ (one of which died due to an unfortunate static experience. The ONLY death so far).
2 x Raspberry Pi Model 2 (prior to the processor upgrade). Still in use as proxy server and more.
2 x Raspberry Pi Model 3 used as desktops. This was the first one to actually be fast enough for use as a desktop for things other than most videos.

Odroid C1
Odroid C2
Odroid XU4 8 cores of 32 bits and in some ways my favorite.
Odroid N2 6 cores and faster ones, of 64 bits. A real hot board.

Rock64
RockPro64
Pine64

2 x Orange Pi One (a minimalist approach at $15 or so each, and not really that useful)

Somehow I think I’ve forgotten one or two… maybe…

The key point here is simple. For about $35 for the SBC, or about $50 all up, you can get a very usable desktop. Only if you want video is the Pi M3 not enough. At the $60 price point, you get more than enough performance. (I’m using the Odroid N2 right now and loving it. A72 cores are fast!)

Then, you can change “personas” (and system fingerprints) with a swap of an $8 uSD card. Even cheaper, you can use the same card and just save one image to a USB disk, restore a different one. One of my ToDo things is to just sort out all the system images I’ve used and saved. I’ve got 3 or 4 for each of my boards. Call it 15 x 3 and you get 45 of them. Then 3 on the PC and the tablet and the phone and… So somewhere on the order of “Fifty Me’s” exist as “fingerprints”.

If I can’t keep track of all of them, think Google or Amazon can?

Then I every so often do a complete re-install of the operating system and all that prior “Me” is lost. (Not to mention I have at least 2 logins on each of those systems…)

So “Good Luck” to anyone trying to find The Real Me.

Way overkill.

My advice would be to not go that crazy. Get ONE SBC to start, likely a Raspberry Pi M4 as it is good enough for video and is a nice starter at about $35. Get comfortable with Linux. Buy a couple of 16 GB uSD cards so you can swap images easily and move on.

Now you have a simple and cheap computer that’s more than enough for email, web stuff, and even videos. You can have one “chip” (uSD card) for things like banking, another for buying stuff, a third for watching those videos the spouse doesn’t know about, another for blog visits, etc. 9-) of course.

But really, it’s easy. It’s cheap. It’s effective. AND, if you hide the “other” uSD cards well, during a TLA raid, they are not usually looking for uSD cards in the camera bag or under the begonia flower pot (or in a hole in the back yard, or on the dog’s collar, depending on what you do…)

Is this a bit of a workload and a PITA for some folks? Likely yes. For me, it was mostly playing and diversion but with some “work related learning” as I was doing Penetration Testing and similar cyber security work at that time. So was wondering “IF I find someone, how do I know who that someone is? How effectively can they hide?”, so went looking.

I’d relatively strongly suggest avoiding Microsoft anything, and Intel chip based computers. I’m pretty sure that they were compromised during the PRISM program years (when the USA Feds were trying to get backdoors into everything tech) and likely never stopped cooperating even after PRISM was outed and supposedly ended.

In Conclusion

The Open Software Community has fought hard to maintain some degree of Privacy, Security (even against Government Agents and TLAs), and Anonymity. I’m still fighting that battle for myself, though at a low level as I’m mostly “out of the business” now. It is VERY hard to fight BOTH the Government TLAs and their laws (while complying with them), while also keeping the Black Hats out. Yet that is what we must do to have Anonymity, privacy, and security.

This is the first of many postings to come on this theme. I’m going to move, step by step, through a re-implementation of all of it (with the possible exception of the Mail Box and Pre-Paid card steps) with the intent of giving enough detail that a Noob can be relatively secure in things like buying a VPN, ordering a pizza, and maybe even leaving a conservative comment on a blog… without fear of a horrible reprisal.

Also realize that systems like TOR (The Onion Router) are not needed for The Basics. They may be needed after next week, but “We’ll see” what the future holds when it gets here. My general approach is NOT to defeat Law Enforcement. (Heck, I’m a Law Enforcement Eagle Scout…) But rather to provide insight into how a normal person, not violating laws or subject to investigation by TLAs, can have some modest protection against the Bat Shit Crazy nutbars like Antifa and others looking to “Dox” you and cause you grief for simply wanting to embrace the values that were the norm in 1960.

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Emergency Preparation and Risks, Political Current Events, Security & Privacy, Tech Bits. Bookmark the permalink.

41 Responses to Getting Started On Privacy, Anonymity, and Security

  1. “Privacy: What you write, save, listen to, visit is to be known only to you and those with whom you share. 3rd parties are excluded unless by invitation.”

    I think Privacy is mostly dead especially amongst the young. I watched it die as mobile phones became common over the last 20 years. At first in a public space like a cafe, people went outside to make or take the call. Then that changed to their turning away in the cafe to shield their call. Then talking openly, then bellowing so everyone knew the most intimate part of their lives.

    Whilst that was restricted to the young at first, within a few years it came about that we knew the most intimate details of a pensioners life as they proclaimed to the world via a call to a friend, their latest visit to the hospital.

    I think that lack of concern about other people knowing your business then spread to computer related mattersm, with such as facebook and forums where the most intimate details of your life were made known and the handing over of personal details to a variety of sites where you wanted to buy stuff became routine.

    So whilst I might be concerned over privacy, others might say if you’ve got nothing to hide what’s the problem?.

    I don’t bank online as I am concerned about hackers-they are much smarter and nimbler than banks.

    Personally I think that determined hackers, either evil private groups or hostile govts, are increasingly able to dismantle our civilisation as even toasters go on line and you can check the contents of your fridge if in another country. (why??)

    If they were determined to do so (despite your efforts) hackers are increasingly able to pull down the banks, disable the power infrastructure or if you really want to spook millennials take down the mobile phone network and civilisation could unravel.

    I am not a prepper but wish the govt would have parallel analogue systems not so susceptible to those who mean us harm, or even to counter the consequences of just a simple power cut on a digital connected system .

    So whilst I worry about privacy I am not sure it is a burning issue for many people and wonder if anonymity is just the other side of the same coin, with few worried about that either?

    Tonyb

  2. H.R. says:

    @Tonyb – It never ceases to amaze me the depth of personal information far too many people will give up just for a free game or some other tchotchke for their phone.

    You have a point about people talking in public like they were in the privacy of their home. The way I see it is that it’s too much information (TMI). Not only are they shouting out personal details, but I don’t want to know!

    I now see people with wireless ear bud walking around talking to the air. Their phone is in their purse or pocket. So I respond to them because… well… how am I supposed to know they weren’t making common small talk with me? [Insert evil grin here. I can be a bad boy.]

    So far, I’ve just received a few confused looks and they have continued on. (“What?!? Can’t you see I’m on the phone?” Ummm… no. I can’t see that at all.) We used to lock people up that walked around waving their hands and talking to the air.

  3. Yes, this talking into the apparent open air is becoming common. Are they talking to you, someone else, or are they mad?

    As for personal information, I have heard many people describe their operation in gruesome detail and others order stuff on their phone, giving out their card number.

    Whilst I link loss of privacy to mobile phone use in public, another ancillary reason-at least over here-is that for 30 years rooms in a house have been considered old fashioned. Consequently very many homes have been altered so their ground floor has had their kitchen, living room and dining room knocked together. As well as being colder, everyone is exposed to the doings of the others.

    This fad may be passing, as people have been thrown together into this single room to carry out their office, domestic and school homework. This could be why private offices for gardens are much sought after over the last year.

    tonyb

  4. jim2 says:

    Time to boycott Kohls …
    Kohl’s and Bed, Bath and Beyond will Stop Selling ‘My Pillow’ Products After CEO Mike Lindell Challenged Election Results

    https://www.thegatewaypundit.com/2021/01/kohls-bed-bath-beyond-will-stop-selling-pillow-products-ceo-mike-lindell-challenged-election-results/

  5. E.M.Smith says:

    @Jim2:

    The local BB&Beyond has gone out of business.. I wonder why….

    (Way over priced stuff and inconvenient too… couldn’t happen to a better bunch…)

  6. E.M.Smith says:

    FWIW, there’s more closed in California than on this list:

    https://www.cnn.com/2020/09/21/business/bed-bath-beyond-63-stores-closing-2020/index.html

    Then there’s this:

    https://newnationnews.org/closing/list-of-kohls-stores-closing-4862482

    Maybe banning Trump Supporting companies is just a death throes Hail Mary?

    Or else a sympton of what was putting them under anyway…

  7. E.M.Smith says:

    The discussion of people discussing private stuff in public got me thinking…

    Make a “TMI” web site that accepts and publishes videos filmed in public (so no expectation of privacy) discussing things that ought not be discussed in pubic…

    Kind of a Candid Camera of real life…

  8. jim2 says:

    Here’s a way to see if your ISP is hijacking your DNS queries.

    If your ISP is hi-hacking/redirecting your DNS traffic, then another router alone (instead or in addition) will not help. The command for testing ISP DNS hi-jacking is:

    nslookup -type=txt which.opendns.com. 208.67.220.220

    If this returns “I am not an OpenDNS resolver”, then your DNS traffic is hi-jacked, else not.

    https://support.opendns.com/hc/en-us/community/posts/221166408-Can-t-change-DNS-on-router-ISP-won-t-allow-3rd-party-DNS-providers

  9. H.R. says:

    @E.M. re a TMI website:

    That would be too funny!

    Up first… “Yeah, so I shaved my balls with an old rusty razor… I SAID, I SHAVED BY BALLS WITH AN OLD RUSY RAZOR AND GOT ATTACKED BY FLESH EATING BACTERIA. THA”S WHY MY VOICE IS SO HIGH.”

    *Ahem* TMI, especially if overheard in a restaurant.

  10. Pinroot says:

    Re: phone etiquette – I really hate seeing people with ear buds talking on the phone. There have been several times I’ve thought someone was talking to me (no phone in their hands, only one earbud, either facing away from me, or covered with hair) and I replied, only to get a weird look. These people don’t think it looks weird to be walking around, basically looking like they’re talking to themselves. I personally hate talking on the phone to begin with. Whether in an office, or out in public, I try to keep my end quiet. Not that there’s anything to hide, but mostly because whatever I’m talking about is nobody else’s business :)

    Re: privacy – I ran across this site recently comparing the privacy aspects of various browsers. Some of it may be a little dated, some of the articles are from 2018, but overall it’s worth a look.

    https://spyware.neocities.org/articles/browsers.html

  11. Qssqss says:

    Hummm, privacy?

    Make sure you look at what you agree to when subscribing to anything. Most don’t even look at their Google account option depth they made years ago. Do you have an old google account?

    Apple, you don’t have opt out options in most instances. How do you think they made their money in the past. You were their product folks.

    If you do have a google account, you, by default agree to new account relationship agreements in many instances unless you don’t and say no. . Just sayin>> Nobody is gonna hide from their root IP connections. You can only minimize things. Burner phone or not.

  12. Henry says:

    for both VPN and Email you might look to ProtonMail.com, Swiss company and those folks do take their privacy much more seriously than we do. I like their web client, by default they encrypt (using OpenPGP/GnuPG) all email sent from one of their users to another of their users, and make it easy for the non-technical to use that sort of encryption with others.

    They also offer a VPN service, although I am currently using the Panamanian NordVPN product which has audited security.

  13. E.M.Smith says:

    @OssQss:

    Yup. That gets into the ‘behaviour’ aspect that I intend to cover more in other postings.

    It doesn’t do any good if you pay cash for an SBC, set it up with Linux, have no WiFi dongle, use a VPN and then log into your usual accounts all on one system with the same email address and such that “fingers you”.

    That’s why I have ‘many me-s’ on different systems. Some used only away from home, some only in the lab, etc. So one SBC is for ‘random browsing’. It has NO email identity and NO logins to anything. I refuse to use a site that demands I create an account and “log in” to read their pages. This browsing is spread over 2 different browsers in two different login identities too, so even the cookies and beacons and trackers and such can’t see all of it. ( I ought to have it ‘dump cookies and browsing history’ at each exit, but don’t. Yeah, lazy. OTOH, it gets a ‘whole new system’ about every 6 months, so the whole thing resets anyway, plus, I swap between 2 or 3 of them at a time…)

    Then there is ONE system used for the one thing where I do have an important identity token. It doesn’t get the ‘random browsing’…

    Essentially, you need to isolate the “private uses” from the “public uses” and have different identity markers for each of them. Use TOR for things that are “private and with risk” of some sort. IF indulging in high risk stuff, TOR plus a LOT of clue about how to rotate shields and more…

  14. philjourdan says:

    @Pinroot – Re: Talking on phone with ear buds

    I used to work downtown and when out and about (going to Lunch, etc.), I would see some homeless talking to themselves. You just avoided them as they were in their own world. With the advent of Bluetooth Ear Buds, all of a sudden the number of folks talking to themselves exploded!!! And half the time you could not tell the homeless (harmless) crazies and the regulars! ;-)

  15. E.M.Smith says:

    @Phil:

    Is there a difference between the “homeless crazies” and the other folks walking around oblivious to their appearance and environment / other people? Really?

    Seems like the same affect from the same “out of present” mindset… Just sayin’….

    (I’m really big on ‘situational awareness’ and have seen the EarBud Pod People walking blindly in the traffic lane of parking lots, stepping boldly into the street at the corner and NOT turning their heads to look as that would possibly shake the earbuds loose, ignoring physical people along their route, oblivious to potential threat actors, etc.)

  16. E.M.Smith says:

    Just as an interesting diversion from the Coup “news”:

    I’ve got Devuan working on the Pine RockPro64!

    minime@RPro64:~$ cat /etc/devuan_version 
    beowulf
    minime@RPro64:~$ 
    

    It’s the 3.0 release too!

    More on this in some future posting, but for now it is just a bit rough around the edges. Took me a full day elapsed just to get a window system going. Then a while fighting Chromium to get the Google search engine gone ( I was configuring the ‘search string’ token wrong for DDGo…)

    But it is working now at a basic level. Also you may note a ‘new me’ taking the stage in the text above. “Mini Me” ;-)

    After I get “all the usual” stuff installed, and any “odd bits” ironed out, this will become my new office Daily Driver (provided I DO get everything working right, including sound and video…)

    One Less Armbian / SystemD system… and one more Devuan in play.

    Then I can go back to working on that Devuan on XU4. I’m pretty sure it is just that they build for the emmc and I was trying to make it go on the uSD without that bit of clue.

    This install was ‘long hand’ as the guy who made it was doing it for embedded systems and via tar, but I’ve learned a few tricks on that front too.

  17. E.M.Smith says:

    OH, and one other minor twist:

    Every so often, I change the SSID names of my WiFi networks. It slightly messes up the WiFi Fingerprinting history. Not as often as I ought to, as it then requires changing all the system configs that USE the WiFi, but every 6 months or year…

  18. jim2 says:

    This is worth a read. Read also the comments. People are leaving the US due to the oppressive environment.

    The New Domestic War on Terror is Coming

    https://greenwald.substack.com/p/the-new-domestic-war-on-terror-is

  19. E.M.Smith says:

    @Jim2:

    The spouse has a 2nd citizenship, and I can get UK if I want it. We’re going to talk about where we move to when we leave Kalifornia.

    Mostly I just need to find out if there is any sane place left that has liberty and still speaks English, while not being cold and dreary… Spouse doesn’t Do snow, and I’m more fond of Mediterranean Climate or Sub-Tropical myself too…

    So yeah, it’s a possible. All depends on how nutso the Dims go and how fast.

  20. philjourdan says:

    @E.M.Smith says:
    20 January 2021 at 4:51 pm

    Is there a difference between the “homeless crazies” and the other folks walking around oblivious to their appearance and environment / other people? Really?

    Point taken. Or stopping at green lights while driving?. Actually I am familiar with that one as I was an early adopter of a cell phone and found myself doing that. So I stopped talking and driving.

  21. pinroot says:

    @EM – re: changing SSID names – There are some people that like to use names like “FBI Van” or something similar. Speaking only for myself, if I was doing a network scan looking something to connect to, and saw that, I would just keep on moving on. A sort of “security by intimidation”.

  22. E.M.Smith says:

    @Pinroot:

    Yeah, it does sort of depend on how much of a sense of humor the person has, or if it is a BOT doing the mapping…

    I personally like my dual set (most recent) of Drug_Den and FBI_Van for the WiFi and DMZ WiFi on one of my routers ;-)

    There’s also a fun little box that sets up a local WiFi (Prirate Box or something like that) where folks have basically an internet isolated sharing hub. Bunch of folks gather “somewhere” and turn it on, then they have a kind of “personal napster” for sharing devoid of policing. It comes up with a pirate symbol and very intimidating name…

    Yeah, Pirate box:

    https://laughingsquid.com/piratebox-a-diy-device-that-creates-offline-wireless-networks-featuring-message-boards-and-media-sharing/

    PirateBox, A DIY Device That Creates Offline Wireless Networks Featuring Message Boards and Media Sharing
    by Rollin Bishop on June 3, 2014
    PirateBox

    PirateBox is a DIY device made by artist and designer David Darts that creates offline wireless networks featuring message boards and media sharing. The device consists of a USB flash drive, a small battery, and a TP-Link router with some custom software installed. PirateBox 1.0 recently launched with updated features like a browser-based file sharing system. A version of the PirateBox software is also available for Android devices.

    PirateBox solves a technical/social problem by providing people in the same physical space with an easy way to anonymously communicate and exchange files.
    This obviously has larger cultural and political implications and thus the PirateBox also serves as an artistic provocation.

    Hmmm…. Maybe I need to make one called “Conservative Island” and start a movement to have them pop up in coffee shops and libraries nation wide… ;-)

  23. Pinroot says:

    @EM – Wow, thanks for that PirateBox link! That is something definitely worth looking into. It looks (from a brief overview, but I could be wrong, as usual :) ) like something that would be good for a mobile mesh network. People could move around, place to place, sharing data with other like-minded individuals, without ever having to go on-line to share their data. It would be hard to monitor/track something like that, you’d have to worry more about ‘infiltration’ than you would monitoring.

  24. Steve C says:

    Maybe worth a mention here that Pointman has also been thinking about security lately, including “Redux”-es of some of his earlier posts. Worth a look (and if he’s missed anything, I’m sure he’d be pleased to hear about it).
    https://thepointman.wordpress.com/

  25. E.M.Smith says:

    Yeah, I’ve pondered doing a “wash” and just keep the backup archive. As I’m on the “free” plan, I get to do that at the disk limit anyway, but I’m still a few years away from that at the present rate.

    But decided against it, as everything will be on The Wayback Machine anyway…

    Besides, going out as Martyr has a certain charm to it. I might even be able to make the news and be important for 15 minutes! ;-)

    But really, I’m in the “under 10,000” and not near the top of that; cohort of visits / day. As close to ‘irrelevant’ on the internet stage as you can get. IF they start coming for very small (and generally polite) fish like me, there’s no hope for anyone anyway.

    Sidebar On Pirate Box:

    I’m thinking, and that’s dangerous (not always to me, but sometimes…) that a dedicated version of that might have interesting uses.

    The existing Pirate Box mostly lets folks who want to swap “illegal” music or video files do so without passing through an internet connection. A group agrees to meet, perhaps regularly, “Somewhere”. Can be a library, home, RV Park, coffee shop, whatever. One (or more) brings a Pirate Box. It has email and file sharing plus a WiFi router. Everyone can get on that WiFi and share files or swap email inside that pod of not-the-internet.

    That’s the basics of it. But what if…

    Make a very similar “Conservative Box” and equip it with the ability to do “Mesh Networks” along with opening an encrypted VPN to a public VPN to the internet.

    Add the ability to make an ‘overlay network’ over that mesh and VPN set, with “Conservative Box” users able to connect.

    Add blogging and micro-blog software (‘tweets’).

    Now what you have is basically the ability for any conservative who wants to do it, to make one instance of The Box. That, then, lets their ‘circle of friends’ share files, news, email, ‘tweets’, etc. at the meeting up spots of their choice. It ALSO lets them get anonymous connections to the Internet via the shared ‘spigot’ up to the VPN in God Only Knows Where and it lets them have connections to other Pods too (provided folks set up the connections.)

    Everything is distributed and under local control. There is no place to prevent it from working. It would be very hard to “police” it by the Thought Police.

    I’m sure it needs a lot of polish, but that’s the basic idea.

    A Conservative restaurant, auto repair shop, coffee shop, bar, feed store, whatever… could have one that they run most of the time, and if asked, could say they had no idea that lunch box in the corner was doing anything…

    So my question is simple:

    Anyone think it is worth my time to lay out the specs of one of these and make a demo model? (I’d just start with Pirate Box and add some features – but that might be too trivial to be worth calling it a ‘project’…)

  26. Kneel says:

    EM:“The key point here is simple. For about $35 for the SBC, or about $50 all up, you can get a very usable desktop.”
    As before, I like the android TV boxes – yes, you are stuck with system-d, but for armbian it’s pretty unobtrusive. I haven’t gotten time to try switching it to Devuan, but it should be no harder than any other SBC with a “blob” boot.
    From TLA/Police PoV, it is a set top box. If you make sure you can boot from external USB(3) (this may require re-flash the boot loader) then it remains “an appliance” and even works as one, but plug in either the uSD and/or the USB stick/HDD and you have a quite nice little mini-PC, AND you get it in a nice case, with a power supply, and an IR remote control for about the same price as a bare SBC. As with PC’s these are continually getting more powerful over time. Mine is months (years?) old, but is 4 x 64bit ARM cores, 3G RAM, 16G flash, 1 x USB 2 (for keyboard/mouse) and 1 x USB3 (for HDD), and was less than $50 when I got it, less than $40 now.

  27. H.R. says:

    Not gonna cut a paste a bunch from this, but E.M.Smith says: 22 January 2021 at 7:13 pm

    I like what you’ve described (Conservative Net). It’s a step up from the Sneaker Net.

    I’m thinking of the 6 degrees of Kevin Bacon. So… what if several million people set up Pirate Boxes? You’d have a WiFi network that spanned the country. But… the TLAs could tap in anywhere. So that means you have to have the meet-ups and you’d need safeguards against infiltrators and informers.

    The tech side is easy-peasy. You’ve given enough that any bright, non-geek can follow-up with modest effort and come up with a Pirate Box. And you seem half-tempted and inclined to give a step-by-step how-to so anybody with decent reading comprehension could make a box.

    I think the key details to hammer out are the people side of the WiFi network. I’d encourage you to go as far as you are inclined on laying out how to make a box. What I think needs further discussion is what the participant side of the network would be like, how it would be formed, and how to harden it against nefarious people intrusion, particularly TLAs.

    I gotta run. It’s doggie care time and then I’m going fishing for the morning feed, but I’ll be thinking about the people side of such a net. I’m hoping some readers who are enjoying a lazy Sunday morning on their PCs have a thought or two pop into their heads and will comment.

  28. Qssqss says:

    Hummmm, I think HR just started the 5G Tor!

    I am in!

  29. E.M.Smith says:

    @Kneel:

    Yeah, on my “Someday ToDo” list is to give one a whirl. Any new suggestion as to what to try?

    @H.R.:

    Well, there’s various places you have security stops. First, each box has a unique owner / admin who decides who can log into the box. Linux does have pretty good password features and you can even go to harder core credential systems.

    Then, meshing up can also be selective. You can require full on Public Key Authentication for a party to join.

    So I’d see it happening in concentric rings.

    Some boxes open to guests, but not connected to everyone else with free flow of access. Some boxes ‘one ring in’ with password / login and personal vetting of new members. Some boxes doing backbone interconnects with only public key authenticated connections and data transport, all encrypted.

    Yes, there will likely still be spaces where a TLA infiltrator can join the discussion, or a person could be “turned” in various ways. All the usual skulduggery still applies. But if folks are using ‘handles’, how does Joe TLA in booth 6 now that “Trudy” is the 6’9″ linebacker in boot 3?

    That’s part of the design goal of Pirate Box. You MIGHT be able to figure out who brought the lunch pail with a WiFi signal, but it is harder to figure out which person is using it over encrypted WiFi…

    @Qssass (Or is that supposed to be Ossqss?):

    I think I started it, and HR just dumped the nitro down the intake stack! ;-)

  30. Ossqss says:

    Q has come after me again. WT*?

    I gotta clear my cashe>>

  31. H.R. says:

    Well, E.M., you’ve come up with some hardware/software security. All I could think of on the people side is classic ‘cell’ operations, where no one actually knows who is in another cell and maybe not all of the members of their own cell.

    We had neighbors when I was growing up who came to the U.S. from Holland. He was in the Dutch underground resistance during WWII. His cell came out at night to sabotage the Nazi occupiers’ operations and gather information to send to the Allies. His cell lived literally underground. They were in a dugout under a pig sty. The pigs took care of any footprints leading too and from the trap door when they left and came back at night. He had a photo he took of the hideout after Holland was liberated. It was to all appearances, a pig sty, and his cell was never discovered. No one informed on them or infiltrated their cell.

    Things don’t have to go that far… I think. But I suppose there are write-ups of how those old resistance groups were formed, vetted their members, and communicated.

    Growing up, we lived in the second floor of a farmhouse that had been halved into apartments – upstairs and downstairs – and rented out. There was a communist cell meeting in the downstairs unit and mom and dad cottoned onto that and informed the FBI of their doings. I don’t know the end of that story. My sister was born while we were there. That made four of us kids and mom and dad moved to a slightly larger place that they bought; a 1 -1/2 story Cape Cod crackerbox that was thrown up by the thousands for returning GIs to buy relatively cheaply. The 1/2 story was left for the men to finish themselves.

    Anyhow, I don’t know how secure the communist cell thought they were. Mom and dad could only report on who came and went; car license plates and such and descriptions of the people. But that was good info for the FBI. No cell is ever 100% secure, I suppose.

  32. E.M.Smith says:

    The point behind Pirate Box is ‘free exchange without logs or internet fingerprints’ among any willing participants. It depends on the fact that a Digital Copyright Strike is almost always brought via your ISP and packet inspection. You don’t get an FBI Agent enforcing DMCA at your local Starbucks or City Park.

    For Conservative Box, you are not at risk (yet…) of being fined or jailed for “Wrong Think”, just muzzled / deplatformed. So adding inter ‘cell’ communications is a feature not a big risk. Essentially you are making every ‘cell’ an informal ISP without a legal form that can be coerced via law, making potentially millions of them, and then having an ‘overlay network’ between them that hides the data flow from packet inspection by the formal legal / ISP / corporate cabal.
    “https://en.wikipedia.org/wiki/Overlay_network”
    More than you want to know: https://www.sciencedirect.com/topics/computer-science/overlay-network

    Essentially: They can still hear you speak and potentially ‘dirty up’ the conversation by joining in, but they can’t STOP the speech… which was the goal.

    I don’t really care (yet…) if they find and arrest someone for plotting to do something illegal. (Maybe once normal conservative thoughts are made illegal I will) I only care that you be allowed to speak and say what you think to others who wish to hear it.

    Basically there’s a difference between Secret Cell Insurgency Support and “Dad want’s to call Mom ‘His Gal’ and not get deplatformed and the TV service shut down” or “Sis wants to complain about the big harry guy in the girls locker room and showers without having her phone turned off.”

    EVENTUALLY you might end up where Dad is at risk of losing his JOB for saying that, and Sis might be at risk of expulsion from school (and they are identified enough in their comments to know who they are in real life AND someone on the Box was a snitch) and at that time you would need / want a full on spy proof cell structure. The whole Dark Net structure with enhanced anonymity. Tor and Onion.

    FWIW: I’ve set up many (Dozens?) of Overlay Networks. VPN is an overlay network between your computer and a VPN service provider’s computer (who then unwraps your traffic and puts it on the internet). MANY companies use a private site to site VPN tunnel to connect remote buildings / locations to their private corporate network over the internet. So an initial in some ways trivial Conservative Net could be set up just via creating that kind of VPN connection between cooperating computers (ANY decent router can set up a private point to point VPN connection with another – it’s a built in for gear like CISCO routers for example, even a Raspberry Pi can do it.) Only the level of sophistication of the authentication scheme really changes. (Passwords – preshared key vs. RSA Public Key / Certs vs Kerberos vs…)

  33. E.M.Smith says:

    Setting up a Raspberry Pi as a VPN server:
    This one looks better: https://opensource.com/article/19/6/raspberry-pi-vpn-server

    I’d had this one here first, but it’s a bit lower info / higher fluff ratio:
    https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

    FWIW, while I’ve not used Wireguard, it is a ‘do over’ of VPN software that is endorsed by Linus and he’s put it into the Linux kernel. Supposedly easier to configure too:
    https://engineerworkshop.com/blog/how-to-set-up-wireguard-on-a-raspberry-pi/
    so I’d probably try to use it first, then fall back to OpenVPN if I had problems making it “go”.

    So as a very first step, even before a Conservative Box, folks could just put a Raspberry Pi VPN server in their home or office, on a dedicated sub-network, and then have it make links to Other Like Minded Folks RPi VPN servers. Creating a large Overlay Network between those Pi boxes, all encrypted before it hit the internet / ISP.

    Then, on those Pi boxes, they can share files (NFS, whatever), have email (several kinds available including just plain old built in *Nix Mail), web servers (Apache) etc.

    Conservative Box just takes that same structure and puts it in a Lunch Box with a WiFi dongle (or using built in WiFi on the Pi M3 / M4) to make an internet connection at places with public WiFi available.

    THE Big Impediment to this is only that it requires Systems Admin Skill to set it up, secure it from attack, and keep it maintained. Very Few People are willing to bother.

    Heck, I’ve not even set up a home VPN server for me when I’m “on the road”… I have all the gear and knowledge. Would only take me a part of a day. Just didn’t feel the need.

    But maybe now I do…

  34. E.M.Smith says:

    Oh, and just a reminder that Tor Hidden Services already exists and has already worked out all the needed infrastructure.

    This is a set of sites you can ONLY reach through the Tor Browser.

    Now most of these are for rather, um, less-than-savory (or sometimes less than legal…) purposes. Many are just outright scams. This is Wild Wild West time.

    But, nothing prevents bringing up a Conservative Refugees Web Site in the .onion domain and using the Tor Browser to get to it.

    https://www.howtogeek.com/272049/how-to-access-.onion-sites-also-known-as-tor-hidden-services/

    https://www.makeuseof.com/tag/create-hidden-service-tor-site-set-anonymous-website-server/

    One could also duplicate the structure of the .onion domain in some new .conserver domain and then keep out the riff-raff / scams, but that’s a whole ‘nother layer of work. Easier to just make a .onion site and let folks know to go to it, but not others in .onion domain name space.

    Though realistically, now, all that’s happening in ‘easy to use’ service providers are banning conservatives. You can still just “roll your own” and bring up your own web site on the internet directly. It just takes some of that same Admin Work to make it go.

  35. E.M.Smith says:

    Reminder of the “High Concept”:

    “Conservative Box” is a box with battery and micro computer in it that also serves up a WiFi hot spot along with some media / data sharing features. People can connect to it via WiFi for uploading / saving content, or for downloading / reading / watching content. In a Coffeeshop, or library, or a group of friends at a park. You connect with your browser, or login account, and it’s like a ‘mini-internet’ on a private network.

    I propose adding to that the ability for Conservative Boxes near each other, or connected to the internet, to set up a private “overlay network” and share between them. Extending that “private network” as widely as folks care to spread it.

    The current Ponder:

    I was thinking of using Wireguard as a way to make a VPN / safe “mesh overlay network” over which a Conservative Box network could run… then found folks have already done WIreguard mesh networks…

    Wesher uses a large pre-shared-key system to make the build / operate easier, but with some loss of security:
    https://github.com/costela/wesher

    Alternatively, it can be built “long hand” with more security, but more labor for maintenance:

    https://www.scaleway.com/en/docs/wireguard-mesh-network/

    So, OK, that’s already worked out a couple of ways and just needs some think time to “pick one” (perhaps with some minor mods)…

    With a nice “Mesh Overlay Network” between agreeing folks, they can then have a variety of “peer to peer social media software” running for the equivalents of Twitter, Facebook, Eewtube, email providers, etc. At that point, you have most / all the services that are presently being denied (minus financial, but there’s always crypto currency methods if needed ‘someday’)

    One would need to settle on a default or two for each category. Like Mastodon or Peertube:

    https://itsfoss.com/mainstream-social-media-alternaives/

    9 Decentralized, P2P and Open Source Alternatives to Mainstream Social Media Platforms Like Twitter, Facebook, YouTube and Reddit
    Last updated January 13, 2021 By Abhishek Prakash 75 Comments

    You probably are aware that Facebook is going to share the user data from its ‘end to end encrypted’ chat service WhatsApp. This is not optional. You have to accept that or stop using WhatsApp altogether.

    Privacy cautious people had seen it coming a long time ago. After all, Facebook paid $19 billion to buy a mobile app like WhatsApp that hardly made any money at that time. Now it’s time for Facebook to get the return on its $19 billion investment. They will share your data with advertisers so that you get more personalized (read invasive) ads.

    If you are fed up with the “my way or highway” attitude of the big tech like Facebook, Google, Twitter, perhaps you may try some alternative social media platforms.

    These alternative social platforms are open source, use a decentralized approach with P2P or Blockchain technologies, and you may be able to self-host some of them.

    It looks like others had a similar idea and are going for funding:

    https://techcrunch.com/2021/01/18/cryptocat-author-gets-insanely-fast-backing-to-build-p2p-tech-for-social-media/

    The idea for Capsule started with a tweet about reinventing social media.

    A day later cryptography researcher, Nadim Kobeissi — best known for authoring the open-source E2E-encrypted desktop chat app Cryptocat (now discontinued) — had pulled in a pre-seed investment of $100,000 for his lightweight mesh-networked microservices concept, with support coming from angel investor and former Coinbase CTO Balaji Srinivasan, William J. Pulte and Wamda Capital.

    The nascent startup has a post-money valuation on paper of $10 million, according to Kobeissi, who is working on the prototype — hoping to launch an MVP of Capsule in March (as a web app), after which he intends to raise a seed round (targeting $1 million-$1.5 million) to build out a team and start developing mobile apps.

    For now there’s nothing to see beyond Capsule’s landing page and a pitch deck (which he shared with TechCrunch for review). But Kobeissi says he was startled by the level of interest in the concept.

    “I posted that tweet and the expectation that I had was that basically 60 people max would retweet it and then maybe I’ll set up a Kickstarter,” he tells us. Instead the tweet “just completely exploded” and he found himself raising $100,000 “in a single day” — with $50,000 paid in there and then.

    So it looks like there’s interest and not that much difficulty…

    Given that the Tech Giants have gone nutty insane hard left CCP boot licking privacy be damned and conservatives banned… (sadly, no /sarc; here):

    I think I’m going to start knocking together a prototype. Either on a “cloud” instance where the public IP would make it easy to ‘mesh’, or as a portable-Pi instance where it could “mesh” while being used like a Pirate Box in group meet-ups.

    Interesting that it got to be such a hot topic so fast…

  36. E.M.Smith says:

    I love it when I find out someone stole my idea before I had it and did the work already… less that I feel I ought to be doing ;-)

    Want to make a “Mesh Network” overlay network on top of the Internet, for distributed Peer 2 Peer file sharing and social networking, inside a cryptographic infrastructure?:

    “https://en.wikipedia.org/wiki/GNUnet#GNU_Name_System”

    GNUnet is a software framework for decentralized, peer-to-peer networking and an official GNU package. The framework offers link encryption, peer discovery, resource allocation, communication over many transports (such as TCP, UDP, HTTP, HTTPS, WLAN and Bluetooth) and various basic peer-to-peer algorithms for routing, multicast and network size estimation.[5][6]

    GNUnet’s basic network topology is that of a mesh network. GNUnet includes a distributed hash table (DHT) which is a randomized variant of Kademlia that can still efficiently route in small-world networks. GNUnet offers a “F2F topology” option for restricting connections to only the users’ trusted friends. The users’ friends’ own friends (and so on) can then indirectly exchange files with the users’ computer, never using its IP address directly.

    GNUnet uses Uniform resource identifiers (not approved by IANA, although an application has been made).[when?] GNUnet URIs consist of two major parts: the module and the module specific identifier. A GNUnet URI is of form
    gnunet://module/identifier where module is the module name and identifier is a module specific string.
    […]
    GNUnet consists of several subsystems, of which essential ones are Transport and Core subsystems. Transport subsystem provides insecure link-layer communications, while Core provides peer discovery and encryption. On top of the core subsystem various applications are built.

    GNUnet includes various P2P applications in the main distribution of the framework, including filesharing, chat and VPN; additionally, a few external projects (such as secushare) are also extending the GNUnet infrastructure.
    […]
    File sharing
    The primary application at this point is anonymous, censorship-resistant file-sharing, allowing users to anonymously publish or retrieve information of all kinds. The GNUnet protocol which provides anonymity is called GAP (GNUnet anonymity protocol). GNUnet FS can additionally make use of GNU libextractor to automatically annotate shared files with metadata.

    I’d started today looking at the problem of DNS in an overlay network. It’s a bit of a sticky problem in that you must have DNS for things to work, but it has an Authority at the top of the heap that can be disrupted, though your local resolver can ignore it… Well, GNU had a better idea:

    GNU Name System
    GNUnet includes an implementation of the GNU Name System (GNS), a decentralized and censorship-resistant replacement for DNS. In GNS, each user manages their own zones and can delegate subdomains to zones managed by other users. Lookups of records defined by other users are performed using GNUnet’s DHT.

    Protocol translation
    GNUnet can tunnel IP traffic over the peer-to-peer network. If necessary, GNUnet can perform IPv4-IPv6 protocol translation in the process. GNUnet provides a DNS Application-level gateway to proxy DNS requests and map addresses to the desired address family as necessary. This way, GNUnet offers a possible technology to facilitate IPv6 transition. Furthermore, in combination with GNS, GNUnet’s protocol translation system can be used to access hidden services — IP-based services that run locally at some peer in the network and which can only be accessed by resolving a GNS name.

    So, OK, you need to implement some new strange stuff. Got it. But you don’t need to INVENT it…

    My present leaning (subject to change on new or different information discoveries) is to use this GNU framework for the networking and DNS-GNS functions. Then layer on top of that the file sharing and “social media” P2P stuff.

    Their equivalent of “tweeting” is highly limited (looks like spec level only) but they already have general file sharing and chat functions:

    Chat
    A chat has been implemented in the CADET module, for which third-party GTK interface for GNOME exists, specifically designed for the emerging GNU/Linux phones (such as the Librem 5 or the PinePhone).

    I’d planned on getting a PinePhone until they relocated their HQ to China from Silicon Valley. Prior to their relocation they said “Designed in Silicon Valley, assembled in Silicon Delta, China” and I was quasi-OK with that. The idea being that the Silicon Valley folks would do the investigations needed to assure no silicon buggery was done. Now with China going full scale 5th Gen Warfare on the USA government and culture, with China Joe POSTU-SINO on their payroll, I’m unwilling to trust a China Company (as all China Companies are just to some degree CCP fronts by CCP law). So looks like Librum is the one to explore…

    But moving on…

    So I guess next it that I need to do an exploratory investigation of GNUnet. What hardware and OS it runs on. Is it available on Debian / Devuan. Limits and weirdness. The “issue” here is that GNU has a long history of “bright ideas in development for decades”… So is this still in the “Bright Idea” stage? Or does it work broadly?

    It does look like something by that name is in the Armbian / Debian code base:

    root@rockpro64:/home/ems# apt-get install gnunet
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    The following additional packages will be installed:
      libamd2 libextractor3 libglpk40 libgnutls-dane0 libgsf-1-114 libgsf-1-common
      libpq5 librpm8 librpmio8 libsmf0 libtidy5deb1 libunbound8
    Suggested packages:
      miniupnpc texlive python-zbar libextractor-java python-extractor
      libiodbc2-dev default-libmysqlclient-dev dns-root-data
    Recommended packages:
      libnss3-tools rpm-common
    The following NEW packages will be installed:
      gnunet libamd2 libextractor3 libglpk40 libgnutls-dane0 libgsf-1-114
      libgsf-1-common libpq5 librpm8 librpmio8 libsmf0 libtidy5deb1 libunbound8
    0 upgraded, 13 newly installed, 0 to remove and 1 not upgraded.
    Need to get 6,367 kB of archives.
    After this operation, 15.7 MB of additional disk space will be used.
    Do you want to continue? [Y/n] 
    

    So that’s a good indication…

    Basically, if it is ready for production use, it solves the networking side of the problem space. Then you just layer on “Pirate Box” applications of various kinds and maybe add a P2P “Social Networking” application or two, and you’ve got Conservative Box Mk 1.

    An individual Conservative Box is a stand alone isolated Access Point & Server for a set of local WiFi apps. File sharing, web server / blog server, chat, ‘tweets/toots’. It can optionally also connect to an internet access network and launch GNUnet to “mesh up” with other agreed Conservative Box peers, and then things can be shared more widely across the nation and world, tunneling an encrypted overlay network through the public IP based network.

    That’s the idea du jour.

    We’ll see what tomorrow brings. ;-)

    UPDATE: These folks have unkind things to say about it, mostly centered on it being 18 years in development and still very rough and limited: https://linuxreviews.org/GNUnet

  37. H.R. says:

    Here’s some info on the Norton VPN that I’ve discovered since I started using it.

    1) One option is to select “Random U.S.” server when you turn on VPN.

    I’m not sure what that is doing with our WiFi hotspot device. Since it is essentially a ‘dumb’ smartphone, the cellular service has to know the location of the device. Just guessing here, but I think that any back-and-forth web surfing is now routed through some intermediary, so my trackers think I’m in Pretty Prairie, Kansas, which is where the VPN has me this morning.

    I think, but don’t know for sure, that I am showing up as being all over the place to those keeping track of my whereabouts.

    2) It seems that Norton favors University servers. I have no idea what’s going on with that.

    3) The random selection does not consider the quality of the connection. If I get hooked up to a busy server or crappy server, my connection is slower than snot.

    When that happens, I learned that all I have to do is disconnect and then reconnect and so far, I’ve been connected to some other server where the speed are just fine. That’s just the luck of the draw, but if the reconnect is also slow, I suppose all I have to do is keep up the disconnect/reconnect action until I get a good one.

    So… so far, I think T-Mobile knows where we are, but all of the trackers have us all over the U.S. I have an Ad-blocker, but I guess that’s mostly for pop-ups. The ads that do show on some pages are local to where the VPN connected.

    And… It’s kind of fun to connect and see where we are for the day; San Diego, San Jose, Miami, Orlando, Tennessee, Kansas, Virginia, North Carolina, and I have forgotten a lot of the other places where the VPN has placed us.

    Oops! 4) If the TLAs come knocking, I think Norton would give me up in a heartbeat. It’s just a feeling I have. “Do we want one PO’d customer or a PO’d NSA/FCC/SEC?”

  38. E.M.Smith says:

    @H.R.:

    The way to think of it is that you have two connections. Outer and inner. The Outer connection is just a big fat pipe with the inner connection inside of it.

    Now that Outer pipe is known to the Telco. In your case, T-Mobile knows you have connected to them, and that their router has sent you into the internet (perhaps over other intermediary players like an interconnect to AT&T backbone) and eventually “you” popped out in Grand Fanny Nevada at a Co-location Facility where Norton rents a computer / network stuff. That’s ALL they know.

    (Well, really, they know a bit more because not all your “stuff” will be run through the VPN tunnel. So other stuff will be going to them, like maybe DNS Lookups from other devices on your network that don’t use the VPN).

    Now, inside that big fat pipe going to Grand Fanny Nevada, is another pipe. This is the encrypted tunnel. YOUR computer takes some information, like, oh, you doing a web search on “Best RV Spots for fishing undetected in No-Fishing Park” and encrypts it, then stuffs it into that VPN tunnel and shoves it at the T-Mobile Hot Spot. All the T-Mobile hot spot sees is a bunch of encrypted “stuff” headed to Grand Fanny Nevada and a specific server there run by Norton. (Really all they know is the IP, but they could look up the rest based on that IP number, so sort of the same.)

    At the Norton Grand Fanny server, your VPN tunnel spits out the bits, and they get decrypted and shoved out to the internet writ large. Now that Norton Server knows you made a tunnel, from what IP, and what you shoved through it. That’s all very juicy stuff to the Fish Police in No Fishing Park looking for illegal fishing activity. BUT, they don’t know anyone was using that server to ask about their forbidden fish.

    So first off, someone needs to know to go look there. For that, they need to either have the search engine you used rat you out (like Google does. Or if you then contacted the RV spot and asked about best fishing in No Fishing allowed places, maybe that RV Park Web Server) OR they need to capture your laptop if the Fish Police conduct a surprise Fish Poacher Raid on your RV and send the laptop off to forensics. (In reality, they can also put a sniffer on the target RV Park Web Server and read the traffic to it after it leaves the VPN tunnel, but it’s already encrypted at your end so they can’t do that to you as you directly encrypt and talk to the VPN server). Using https (instead of http) to connect to the No-Fishing RV Park web site prevents their sniffer from seeing inside your packets so can’t see what you did, but does leave the contact trace visible back to the VPN server.

    So let’s say they sniffed the traffic at the No Fishing Park RV Center and saw your inquiry about best fishing spots, AND that you were careful enough to NOT say who you were, when you were arriving and / or reserve a spot… (doing that a day later on an open connection from where you really are while saying how you hate people who catch and kill fish and really are looking forward to watching them jump and run free…) At that point, all the Fish Police really know is that “someone” who was “somewhere” used the Norton VPN Server at Grand Fanny Nevada to contact the RV Park and ask some naughty questions. At that point, they have to get a judge to issue a warrant that inquiring about spaces was enough evidence of Intent To Criminally Fish so that they can then demand of Norton to hand over the logs in Grand Fanny Nevada.

    It is at this very moment that the “We keep NO logs” becomes a very big deal.

    ANY VPN provider is going to roll over and hand them everything they’ve got. The alternative is going to jail and being out of business. HOWEVER, if you have no logs, you have nothing to give. You can comply 100% with the warrant and still be fine.

    And at that moment, the Fish Police are very disappointed and must resort to Other Means for catching The Great Fish Robbery Bandit.

    Risks

    1) Most of the risks will come from things you did. Always using the same laptop and browser for your illicit Fish Exploits. Letting it build up things like enough WiFi Hotspot data points to be fingerprinted as you and indicating your real area of operation. Browsing lots of places that DO that fingerprinting and not flushing trackers, beacons, cookies nor dumping your WiFi hotpot history / remembered sites. Connecting to and reading your regular Email Account with your Exploits Computer. That kind of stuff.

    This is why I emphasize rotating your shields often and swapping uSD cards. Let’s say you were at Burt’s Fish Emporium and Coffee Shop in Big Bass Utah and used BigbAss WiFi hot spot in their coffee shop. That left a record of the login (to make it easy to log in again as you had it remember passwords) in your system. Then you went to Colossal Carp RV Park 20 miles outside of town as it was cheaper. Used their WiFi just after check-in, leaving ANOTHER WiFi mark in the history. THEN you made your reservation at the Absolutely Best Fishing RV Park in No Fishing Park… and their web site finger printed your WiFi history to try to “geolocate” you and give you ads for Big Bass Utah. Now all the Fish Police need to do is get that information from the Absolutely Best Fishing web site, and they know you are most likely staying in the Colossal Carp RV Park in Utah. They may also know you used a Lenovo Laptop running Windows 10 and used a Bing Search engine and have trackers for several specific other web sites (like googleadds et. al.) following you around. OK, one warrant later their sniffer on the network out of Colossal Carp RV park shows 2 folks with that configuration and one of them is a lady who HATES fishing… You just got elected. They use the warrant to take your laptop, show your reservation and the T-Mobile log history that you used the VPN at just the time the inquiry about best fishing in No Fishing Park happened and you are in the bag.

    So instead, you make a fresh new Raspberry Pi System from a pristine install and use it Just Once for “whatever”. Then you flash the uSD card again with the pristine configured OS image you save for that purpose. Now there is NO history of where it has been, what WiFi was near, no browser trackers, cookies, or beacons. All they can ‘fingerprint’ is “Noobs Raspberry Pi Install running Firefox empty of any history and connected to a WiFi Hot Spot named StarBucks”… (No, YOU are not at Starbucks, you just named your WiFi SSID to LOOK LIKE a generic StarBucks… Misdirection, it’s a thing.)

    2) IF you are nefarious enough, and do enough traffic, the Fish Cops will slowly narrow down where you are by putting traffic analyzers and sniffers all over the place. This is only done for MAJOR dealers and Very Bad Actors up in the millions of $$ kind of range as it costs a bundle. But it is part of how Silk Road was taken down despite using Tor. With enough places watching traffic, and enough traffic, and injecting some of their own, they can “wack it here” and watch something “pop up there”. I have no doubt that every MAJOR VPN provider has gear from a few major TLAs watching their Gozinta and Gozouta spigots looking to catch Big Fish. A few packets for some nobody off in Big Fanny or near Colossal Carp RV park are not what they are looking for, so get ignored. BUT if you WERE that big dealer, they would see a lot of traffic from Colossal Carp RV park headed to the Norton VPN server, so would then place a sniffer at the park to try to narrow things down…

    This, BTW, is why I like the idea of a VPN “Two Step” in two different countries and where you control one of them. You can assure that at least one of them really really has zero logs kept, and you can assure that your traffic to the second one is not affiliated with your actual location. It also requires warrants in multiple countries and other legal impediments. Does a Slovak Judge really care enough about someone fishing in No Fishing Park to compromise his brothers VPN Service with a warrant? Do the Fish Police in Big Bass Utah know anyone who is familiar with Slovak law and can write a warrant request in Slovakian? Little fish get ignored quickly then…

    There IS a risk that if they find your VPN, you get tracked down from it (but that’s no greater than the risk of them finding your Hot Spot anyway). So it’s especially nice if the Hot Spot official contact information leads to a corporation somewhere like the Cayman Islands… but that’s for Very Serious Operators ;-) For you, you just want to have it be an OPEN VPN Server and have a few friends who also use it sometimes. They you just say “It’s an open VPN. I have no idea who has done what with it. I just set it up as a test bed.” and Shut UP. Your laptop will show no connections to it (those were from the Raspberry Pi after all…) and there will be no logs pointing to you either.

    3) Volume and History are your enemies. They allow statistical attacks. Being a “one off” of low volume makes that kind of attack useless. So you take your personally managed VPN server and periodically swap to a different provider, different country, different configuration (exit zone), etc. Really the “flash uSD card” is a subset of this one, in that it is ‘starting fresh’ for each use to lose history and be a ‘volume of one’ also. By constantly shifting your intermediate VPN and your end node computer, the trail becomes very statistically muddy. Note too, that for serious hacking, you would want several intermediate hops though various countries (preferably at least one that hates the USA Law Enforcement and will NOT cooperate – but knowing they will be monitoring your packets for their own purposes so must be an encrypted tunnel…).

    Similarly, I’d not use my Telco Hot Spot at the same physical place every time. I.e. NOT in my RV at the park. I’d drive to somewhere random and do the connection from there. Now you fingerprint to Cell Towers over a large area, not from one spot. Unlikely that will be used, but if it IS used, that cell history is a big area to search. Avoid places with cameras… Every few months (longer or shorter depending on your seriousness and needs and volume) dump the hot spot and get a new one, preferably from a different supplier and under a different name. Leave the hot spot turned OFF when not immediately in use. That way it only shows up as being at “Tower 10 off I-20 Rest Area” for 20 minutes and then NOWHERE ELSE for days. IFF really at risk put it in a metal cookie tin or metal lunch box between uses so no ‘remote activation’ can be done.

    4) Avoid doing normal things proximal in gear, time or space to the VPN Fish Exploits things. BUT do assure you do normal things in the normal places. So CELL PHONE OFF when driving out to activate the Hot Spot at Poor Fishing Springs Rest Area (Or, better yet, leave it on, but at home). Laptop WiFi OFF when using it to drive a Dongle Pi (so it doesn’t show up on the WiFi sniffer nor does it fingerprint on the local WiFI). Make sure the Pi is off and uSD out and the Wifi Hot Spot is off and in the tin before your drive home. Then, at the RV, check your email and talk about things completely different and unrelated in any way to Fish Exploits. You want to leave a benign history for your use later. IF possible, have one laptop that’s left on doing normal email downloading and watching a YouTube Movie while you take a 2nd one and drive out to the Rest Area… Use history logs to your advantage…

    In Conclusion

    In reality, for just about anyone but hard core criminal actors, this stuff is irrelevant. A simple VPN connection from your laptop to some web site is fine for keeping ad snoops and Telco DNS harvesters out.

    HOWEVER, since the Communists running China Joe are trying to criminalize being a traditional American Conservative, these things may increase in need over time. Better to learn them now and practice now.

    I’ve been a White Hat I.T. guy for decades and my skills in this have been entirely on the “how do I catch them” side, so it’s a bit awkward for me to ask how do I avoid being caught. I’m also likely to have missed a few tricks. It’s been a decade+ since I was employed doing penetration testing and similar work. Things change.

    Also, do note: I am NOT encouraging ANY “Black Hat” activities. My interests are:

    1) How to catch Black Hats as a White Hat operator.

    2) How to enable White Hat Conservatives to continue to be White Hats in the context of Beijing Biden and Commyala Harris working with the DNC and China and Soros to destroy patriotic law abiding Americans.

    Finally, do note that this is NOT “hard core hacking”. There’s a LOT of highly technical and even more exotic stuff you can do here. Use non-standard ports and non-standard protocols for example. Have your VPN connection be UDP on port RANDOM instead of TCP on port 8080 or 3128 for your proxy server (UDP is ‘send a packet and hope’ while TCP is ‘send a packet and retry if it fails’ – then regular ports have regular uses and by using one that’s not normal for that kind of traffic it adds a complexity). You can insert Onion Routing (i.e. TOR) in your use, or you can hack into and take over a router in some odd place, route your stuff through IT and erase any records it might make of your passing through. Use a remote operated Virtual Machine on some poor marks site to do your work for you, sending you the encrypted results “somewhere else” then erase the whole VM when done. That kind of stuff takes skilz the typical person does not have, and where I’m rusty enough I likely can’t do the systems cracking either.

    Some of it, yes. Using your VPN tunnel to get an exit node that THEN uses a public Proxy Server for the actual web server inquiry (adding another easy layer) is pretty easy. Swapping TCP to UDP for your VPN tunnel. Using TOR and the Tor Browser by default. But the using equipment without permission is both criminal and hard to do, and folks like me are defending against it… so ‘beyond the pale’…

    But every journey begins with one step. So first get a plain VPN service. Then run a small SBC over it and get good at re-flashing the OS onto it. (I build one to have a browser and a few other common programs. Also a basic maintenance account like ’ems’. Then IF I need to do something I’d like more private, it takes about 20 seconds to type “sudo adduser mybad” answer a few questions (name, a pseudonym, phone 777, work phone 877 etc.) and then you have a new user with no history of existence. When done, reflash the uSD with the base image and all record evaporates.

    That gets you a long ways along. Then you can slowly work on adding the other steps. Or not, depending on your needs. Eventually even to the point of having a Shadow You. A 2nd cell phone, 2nd or 3rd email account, P.O.Box address, etc. etc. It all depends on what you need to do. And the reality is that ALL of it already exists because the folks who do highly illegal things are already doing them so us pikers just need to learn a few of their tricks to be able to say things like “I think the election was fraudulent” without threat of the Gulag…

  39. Ossqss says:

    @EM, you can also clean cookies and varied histories out of browsers and use the system file clean up (not just the first disk cleanup option) utility in your HD properties in Windoze for a deeper cleanse locally. If you do, you will be surprised at the size of the Windoze update file sizes and will need some time to allow the process to finish if not done before. Typically there are many Gigs of update files.

    Note: you may not want to delete downloaded files if you have them check marked in the utility and want to keep them.

    To find the utility, right click on the C drive, click properties, click disk clean up, and when it finishes scanning, click “clean up system files”. Remember to review the check box list prior to clicking OK to start the process.

    Insert “I lost my downloads” disclaimer here :-)

  40. Ossqss says:

    Some additional tidbits to be aware of. There are more, but you should dig into every application you have and evaluate all of the preselected options that you approved by default by not checking it. Note, some sites don’t work well, if at all, if cookies, or even 3rd party cookies are blocked.

    https://www.cnet.com/how-to/browser-privacy-settings-change-chrome-firefox-safari-edge-and-brave/

  41. E.M.Smith says:

    @Ossqss:

    I don’t DO Windows.

    ;-)

    I’ve not even booted up my old ‘just in case for archives’ Windows XP box in a few years. I last used, IIRC, a Windows 10? box on my last contract at Disney, for about 5? months as it was new then… Fuzzy details of what is now about a decade ago…

    So first point:

    NOBODY ought to look to me for “how to do it on Windoze” ’cause I don’t know (and likely don’t want to know – I’m done pushing my brain through the Microsoft re-write sieve every few years…). Y’all will need to ‘talk among yourselves’ for that.

    2nd Point:

    Why I like the Pi solution is that it is absolutely definitive (the dd overwrites every single byte on the uSD card when you dd on a .img file that’s the size of the uSD card) and takes no special ‘tricks’ to get it done. Yes, I could go into the browser and click all the dump history, dump cookies, etc. etc…. but why bother? Just “dd if=MyPiSystem.img bs=10M of=/dev/sdTARGET” and go get lunch…

    However:

    For all the folks who only know and do Windows, yeah, it can help them. (Though not as much as just learning how to run a minimal Pi on Raspbian…)

    Per Browser Settings:

    Yeah, that’s a part of my basic “bring up a new ID” process. Also part of why I like the flash a uSD with the already cleaned base install. I only need to click off all that browser “expose me to the world” crap once when the image is created and then saved. After that, it’s already done.

    But I just figured most folks ought to already know to go into settings and turn off darned near everything… I’d make a list and post it but they keep adding junk. Like “expose my MIDI player to the world”… when I don’t have a Midi player…

    BTW, one of the other benefits of the Pi or similar SBC is the LACK of hardware for things like camera, microphone, GPS, etc. etc. I don’t need to care much about forgetting to ‘turn off access to camera and microphone’ when I don’t have them. Or worry that some hacker could turn them back on… or a system update… or…

    I still turn them all to off (and turn off any other ‘let me use’ or ‘show my foo to bar’ or any other thing I can turn off). You can always turn them back on selectively IFF you ever need them for something. (So far ‘javascript’ for video is the only one that bit me).

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.