If you are doing something that would make the NSA interested in you (and I would highly highly discourage that), you'd need to focus more on tradecraft. Get the laptop from a source that can't be traced to you, like a thrift store in a city where you don't live or normally frequent. Disguise yourself, pay in cash, and either make sure there are no security cameras or wait a good year before you do whatever you are going to do (nobody keeps camera data longer than that). When you do whatever you are doing, use a Live CD like tails. Disguise yourself. Wear gloves. Go to a city you don't live in or frequent regularly, and only use cash during the trip. Park a long distance from your wifi source where there are no cameras and walk to where you will access the wifi. Use a cantenna to hit an open wifi some distance away, preferably a public connection like a busy coffee shop. Do whatever you are going to do. Walk back to your car, drive to a nearby town, smash the laptop and dispose of in a dumpster. Drive home.
The NSA might be able to query their databases for anyone who recently visited the city where the wifi involved is located, and you might match that if there were license plate scanners on the way, even if you paid for gas in cash. If that information isn't collected by the NSA today, it probably will be tomorrow.
The NSA might be able to query their databases for anyone who "went off the grid" for a day or two around the event they're interested in. That's not good enough to id a suspect, but it narrows the pool. If you stopped making google searches from your normal internet connection within a day of the event in the other city, and you normally use your computer every day, or if your phone was off within a day of the event, that's suspicious. Enough of those kinds of data points and you become a suspect.
Even simpler, and a staple of crime fiction, stuff happens that you have no control over that can place you in the vicinity at the time of the event. If you have bad luck and get a ticket or get in a car accident in the city in question, for instance...
Far from suggesting that you simply need to be more careful, my view is that you can't take sufficient precautions to get risk down to a tolerable level if whatever you're doing brings you to the attention of the NSA.
What if you ran scripts on your phone and computer so that it would appear as if you were browsing the internet and using your computer during your regular usage times?
Also using public transportation (and paying for it in cash) will help mitigate the first issue your brought up.
Personally I had the idea a while back for a sort of time-release dead drop. Stuff a Raspberry Pi into a fake power strip, put your seekrit information onto the SD card, and go plug it in somewhere in a city you 'happen' to be passing through, near to a public wifi spot.
Then a year later it wakes up and uploads the data publicly via Tor and self-wipes. Even if it's traced back to the Pi, they'll have to trace the Pi back to you (you bought it untraceably, right?).
I think that what you are saying is true, but there is always a level of risk. It's more about mitigating it than eliminating it - you can't really do that.
Again, this is all hypothetical, don't go and do anything naughty.
Yes, that has always stopped me from doing some things, I would like to do covertly and aren't exactly ok. But there is no safe way to do it. How do you make sure that you won't get into traffic accident when going on mission or returning from it. It would be really nice to hear how you make roads 100% safe.
I'm also too security oriented and been monitoring this field for over 15 years. So I know how hard it is to be absolutely anonymous. I also know that my Finnish & English aren't exactly textbook examples, so I can be profiled easily out even if I would be technically 100% anonymous.
I always surf the web from virtual container which is fully reset after each session. I also don't ever process, email, im, web, archives or what ever on host system. I also have completely separate (hardware), similarly safe configuration for handling PGP/GPG encrypted messages, which is connected only via serial-link so I can view the ASCII armored payload before sending it for processing. Anything else than ascii armored payload isn't being sent over that 7 bit link ever.
It's also obvious that I have prepaid dumb phone(s), one for each identity, which are circulated on random schedule. I only use those phones at single location (without other tracking devices), because moving with those would allow linking my (moving) position with my other phone(s). Making it easy to correlate those. Yes, I know this is non-optimum solution, if you're expecting someone to hunt you down. But it's good for generic privacy as long as you don't expect anyone to be there waiting for you.
Getting rid of habits is also very hard and requires huge effort. That single thing (service, program, password, etc), word or phrase you just used, will single you out from larger group.
This is such random advice. What threats are you defending against here?
"Wear gloves": Why? Are you thinking someone will pierce the veil of all these other precautions but then be stymied when they find a smashed laptop with no fingerprints on it?
"Sir, we followed him for a year, watched him buy a laptop and use it in a park, but when we recovered the laptop from the dumpster, there were no fingerprints on it!"
They find your smashed lappy in the dumpster. "Oh, look, his fingerprints are all over it". There is no national DNA database outside of the penal system (yet) so your dandruff won't do you in. But a print will, if you've ever done something that got you into NCIC.
The idea is not to foil people who suspect you, it's to to keep them from suspecting you in the first place. If you are a NSA targeted suspect and you did something naughty, you've already lost the game.
Yes, you do have a reason: the practice and preparation to be anonymous takes months/years. I don't care if you're Bruce Schneier and Richard Stallman rolled into one, you will slip up the first time you try. 100% guaranteed.
The standard for needing this kind of anonymity is anticipation of a use case. By the time the use case is at your door, it is too late and if you are unprepared your best bet is to bend over / run away (as the situation permits).
Hah, of course not. I don't do naughty things, I just like thought experiments. And anyone who does do such things would be pretty stupid to draw attention to themselves on Hacker News by posting a proposed method for avoiding surveillance.
Ideally you'd want to be running Tor with transparent proxying of all traffic on a physically separate (and locked down) host. I believe there are guides on how to do all that on a raspberry pi out there.
On your primary browsing/whatever machine, I believe (but have not exhaustively researched) that it would still make sense to run inside a VM/container, because that would provide a much more 'generic' set of system characteristics (MAC address, clock jitter stats, CPUinfo, etc) than your actual hardware. It does provide a greater attack surface, so you'd have to weigh up the value of potentially masking physical identity vs likelihood of gaining root due to VM exploits.
There's also the risk of overconfidence because of these measures, which might lead you to overlook important details in the host OS, or in your communication habits.
It's probably the best you can do, but it still doesn't prevent your anonymity from being compromised. As soon as the malware is installed, it can phone home, even if you end up wiping it after you are done.
Ok. So what you're talking about is a VM that is only able to route to the internet via Tor, so it would be impossible for it to make a non-Tor connection (thereby compromising anonymity).
- If the host <=> guest tools are installed on the guest host, then it would be possible for the malware to install them itself.
- If the host <=> guest tools can't be enabled/disabled on a per-VM basis, then that could be an issue, as you would probably have VMs that you wish to use in a less convert capacity.
- The malware would have access to your browser for the duration of that session. Presumably any information that you accessed during that session is compromised. If they are consistently able to compromise you during every session, then any slip-up with PII during any session could compromise you.
Here's an openbsd VM with tor and a bunch of web browsers preinstalled. There's packet filter rules so even if the vagrant user gets owned, it cannot transmit traffic on the outboard network interface. https://github.com/WIZARDISHUNGRY/openbsd-hiddenfortress
I meant specifically that the VM should have low privs when it comes to the host, it shouldn't be able to port scan, map drives, the host MAC can be found via ARP. Just thinking about what happens when the NSA p0wns the OS running the Tor browser.
(vm-tor-net
(vm-tor-browser))
Even if the gui VM that is used for running Tor has been compromised it should still be impossible to determine where the Tor client node is running. That is goal right?
- always have an update to date version of tor bundle!
- compile the bundle yourself from source
- run it virtually, and always roll back to a clean snapshot (before installing it tor) when done
- if possible use from a network that is not your own (open wifi, public wifi, etc.)
- spoof your mac address
- do not run JS, Java applets, etc.!
I know this seems extreme, but from what I read, it's the best you can do to protect yourself.