Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Privacy and anonymity from the US government
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
grell
n00b
n00b


Joined: 02 Feb 2006
Posts: 12

PostPosted: Sun Dec 13, 2015 11:07 pm    Post subject: Privacy and anonymity from the US government Reply with quote

Hello, I was wondering what the best way is to stay safe from government (i.e. the NSA and such) eavesdropping on my computer/Internet activities. I think I can safely assume that since Gentoo is 100% open-source and based on source code (as opposed to binary packages) and that there are no backdoors in it to speak of. Is this indeed the case? Also, is this the case with the Chromium web browser as well? I know Chromium is said to be 100% open source. I want an OS and browser that I can use without having to worry about the government eavesdropping on me. Please tell me the best solution, things are getting pretty scary here in the States and I want to evade the government as much as humanly possible. Thanks in advance guys.
Back to top
View user's profile Send private message
Keruskerfuerst
Advocate
Advocate


Joined: 01 Feb 2006
Posts: 2288
Location: near Augsburg, Germany

PostPosted: Wed Dec 16, 2015 3:31 pm    Post subject: Reply with quote

It is better to use a binary distro instead of Gentoo (much work with sysadmin tasks).
If you want to check the source code, control these parts, which connect to the network. E.g.: kernel, glibc, X-Server and so on.
From your country, where you live.
USA: e.g.: Red Hat or Fedora.

Before you install/use Linux, you should read a manual of your distro.

And some books about bash use and so on.

You can also use TOR. This slows down the internet speed much.

But: some goverment institutes use quantum computers to decrypt the crypted internet traffic.
These computers are very expensive (~1.000.000,00€).

If you want to be safe, use the following:
1. highly encrypted electronic mail
2. "normal" mail, registered mail, mail by courier or "high speed" mail.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42803
Location: 56N 3W

PostPosted: Wed Dec 16, 2015 4:43 pm    Post subject: Reply with quote

grell,

If the US government wants your sekrits, they will send you to the experts at Guantánamo Bay, Cuba to extract them from you.
Its much faster that eavesdropping. You can make it harder for the government though

Use encrypted email. These means that all your correspondents need to generate and use key pairs.
Use a paranoid firewall, that stops things going out as well as stops things coming in. This means that some nasties that do get in cannot phone home.
Use a hardened system. It makes all sorts of exploits harder to accomplish.
Check your logs.

Rent a VPS outside of the reach of the USA government and use a VPN tunnel to route all your traffic through it. This is like TOR but faster and with less/no anonamyity.

In the end, security is like the layers of an onion. You need to assess your perceived threat(s) and put in place measures you are prepared to tolerate to combat the threat.
All security measures compromise usability. You choose where you draw the line.

Consider not using the internet for anything ever. That makes electronic eavesdropping really hard but not impossible.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Keruskerfuerst
Advocate
Advocate


Joined: 01 Feb 2006
Posts: 2288
Location: near Augsburg, Germany

PostPosted: Wed Dec 16, 2015 5:10 pm    Post subject: Reply with quote

If you have problems with the goverment, just call federal police.

They arrive within 5 seconds...
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Thu Dec 17, 2015 12:54 am    Post subject: Reply with quote

Keruskerfuerst wrote:
It is better to use a binary distro instead of Gentoo (much work with sysadmin tasks).

This is simply untrue; a bindist is far more likely to contain a root-kit, and also much easier to break since everyone's using the same binaries.

Placing ease of system-administration, a completely orthogonal concern, above security, in a thread asking about security, seems very strange to me.
Besides which, Gentoo is much easier to administer in the longer-term, because it's as close to vanilla-upstream configs as possible, and you're always on a recent version, both of which mean it's much easier, and more pleasant, to get support direct from the upstream support channels, like IRC.
They're not frustrated by the fact that you're running a heavily-patched distro-monstrosity based on something they obsoleted 5 years ago (or over a decade ago in the case of mawk on debian; the default OoTB awk on that distro.)

WRT to the OPs question, be advised that there are blobs in the tree, so review ACCEPT_LICENSE in man make.conf and license_groups in man portage.
Consider also the deblob USE flag for gentoo-sources; I've never had an issue with it. You can still use proprietary graphics drivers if you must; though I don't think you want to, if you're concerned about the NSA. It still reduces the vectors.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3380

PostPosted: Thu Dec 17, 2015 1:32 am    Post subject: Reply with quote

Look up the term "rubber-hose cryptanalysis."

Besides, the government is not your biggest fear, in practical terms. There are commercial entities far more likely to abuse your rights and privacy.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
gentooP4
Apprentice
Apprentice


Joined: 20 Sep 2010
Posts: 182
Location: NZ

PostPosted: Thu Dec 17, 2015 8:49 am    Post subject: Reply with quote

Sorry to jump in, but is surfing the net inside a virtual machine using TOR any more secure than just using Gentoo outright? Just curious
Back to top
View user's profile Send private message
Keruskerfuerst
Advocate
Advocate


Joined: 01 Feb 2006
Posts: 2288
Location: near Augsburg, Germany

PostPosted: Thu Dec 17, 2015 9:58 am    Post subject: Reply with quote

Quote:
Besides, the government is not your biggest fear, in practical terms. There are commercial entities far more likely to abuse your rights and privacy.


The answer ist M.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3380

PostPosted: Thu Dec 17, 2015 12:40 pm    Post subject: Reply with quote

gentooP4 wrote:
Sorry to jump in, but is surfing the net inside a virtual machine using TOR any more secure than just using Gentoo outright? Just curious


If you're really being paranoid, the moment you start using TOR, you stick out like a sort thumb. Again, if you're truly paranoid, assume that a non-trivial number of TOR exit nodes are compromised and monitored, and even though content, and in-TOR metatdata are both encrypted, entry/exit metadata cannot be. The minute you touch a compromised TOR entry point, you become "interesting" to whoever compromised that node.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum