Re: Anonymity and Identity Protection

On 05 Jun 2005 00:42:54 GMT, nemo_outis wrote:

> A reasonable set of protections is as follows:
>
> 1. For your base machine that holds sensitive material (whatever
> "sensitive" means to you) it should be disconnected from any network
> (most especially the internet) by an "air gap."

I don't understand unless you neam there is nothing connecting to anything
except PC devices like a printer.
 
> 2. For your internet machine it is best if its core OS and programs are
> run from a CD (e.g., Knoppix or Windows verions built on XPe, BartPE,
> etc.) with no live OS on that machine.

Slow?

> It is essential that your
> internet machine is behind a properly configured HARDWARE router.

Why hardware, suggestions for one and a proper config?

> Data is
> stored to an HD which is scanned both during and after each session
> before any "keepers" are transferred to the other machine (then the data
> is erased).

Wait a minute, I thought that the "other" machine is not connected to
anything. Are you talking about a manual connect to transfer?

> No sensitive information (some would advocate NO information
> whatsoever) should persist on this machine between sessions. Any
> information worth keeping is transferred using say (CD, USB stick, etc.)
> to the first machine (virus scanning, etc is a mandatory part of this
> process)
>
> 3. Since most people will NOT do what's recommended above, there are a
> large number of (distinctly inferior) alternatives using one machine
> (e.g., "virtualize" your network machine with Vmware, etc.).
>
> 4. I strongly recommend encrypting the ENTIRE HD (on both machines if
> you use two) including the boot/OS partition (using Compusec, Winmagic,
> Safeboot Solo, etc., etc.) and, in addition (or, for the lax, instead :-)
> encrypt all data/storage partitions using Truecrypt (there are
> alternatives that perform very well indeed, such as Bestcrypt, but the
> open-source of Truecrypt and it's price - free! - are clinchers.)

I don't think TrueCrypt touches the OS/boot, does it?
 
> 5. Any data that is not expendable MUST be backed up - and that means
> encrypted backup (Ghost is satisfactory - others may be as well.)

Backing up, good, backing up to what is the better question.
 
> For communications, surfing, etc. the core is the mixmaster network for
> email (fronted by, say, quicksilver) and the Tor network for most other
> protocols (complete with necessary refinements/addons such as privoxy,
> sockscap, etc.). Use a relatively secure program such as Firefox for
> surfing (and be sure to *configure* it properly to futher harden it
> (e.g., no Java/javascript, etc.).

The no Java route is impractical, too many websites require it. How about a
utility, when you reach a website that does require Java, like your bank or
email, that popups up and allows you to click on, and perhaps allows that
to be set as the default condition?

Thank you Mr. nemo.
Received on Thu Sep 29 21:40:19 2005