View previous topic :: View next topic |
Author |
Message |
grell n00b
Joined: 02 Feb 2006 Posts: 12
|
Posted: Sun Dec 13, 2015 11:07 pm Post subject: Privacy and anonymity from the US government |
|
|
Hello, I was wondering what the best way is to stay safe from government (i.e. the NSA and such) eavesdropping on my computer/Internet activities. I think I can safely assume that since Gentoo is 100% open-source and based on source code (as opposed to binary packages) and that there are no backdoors in it to speak of. Is this indeed the case? Also, is this the case with the Chromium web browser as well? I know Chromium is said to be 100% open source. I want an OS and browser that I can use without having to worry about the government eavesdropping on me. Please tell me the best solution, things are getting pretty scary here in the States and I want to evade the government as much as humanly possible. Thanks in advance guys. |
|
Back to top |
|
|
Keruskerfuerst Advocate
Joined: 01 Feb 2006 Posts: 2289 Location: near Augsburg, Germany
|
Posted: Wed Dec 16, 2015 3:31 pm Post subject: |
|
|
It is better to use a binary distro instead of Gentoo (much work with sysadmin tasks).
If you want to check the source code, control these parts, which connect to the network. E.g.: kernel, glibc, X-Server and so on.
From your country, where you live.
USA: e.g.: Red Hat or Fedora.
Before you install/use Linux, you should read a manual of your distro.
And some books about bash use and so on.
You can also use TOR. This slows down the internet speed much.
But: some goverment institutes use quantum computers to decrypt the crypted internet traffic.
These computers are very expensive (~1.000.000,00€).
If you want to be safe, use the following:
1. highly encrypted electronic mail
2. "normal" mail, registered mail, mail by courier or "high speed" mail. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54232 Location: 56N 3W
|
Posted: Wed Dec 16, 2015 4:43 pm Post subject: |
|
|
grell,
If the US government wants your sekrits, they will send you to the experts at Guantánamo Bay, Cuba to extract them from you.
Its much faster that eavesdropping. You can make it harder for the government though
Use encrypted email. These means that all your correspondents need to generate and use key pairs.
Use a paranoid firewall, that stops things going out as well as stops things coming in. This means that some nasties that do get in cannot phone home.
Use a hardened system. It makes all sorts of exploits harder to accomplish.
Check your logs.
Rent a VPS outside of the reach of the USA government and use a VPN tunnel to route all your traffic through it. This is like TOR but faster and with less/no anonamyity.
In the end, security is like the layers of an onion. You need to assess your perceived threat(s) and put in place measures you are prepared to tolerate to combat the threat.
All security measures compromise usability. You choose where you draw the line.
Consider not using the internet for anything ever. That makes electronic eavesdropping really hard but not impossible. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Keruskerfuerst Advocate
Joined: 01 Feb 2006 Posts: 2289 Location: near Augsburg, Germany
|
Posted: Wed Dec 16, 2015 5:10 pm Post subject: |
|
|
If you have problems with the goverment, just call federal police.
They arrive within 5 seconds... |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Thu Dec 17, 2015 12:54 am Post subject: |
|
|
Keruskerfuerst wrote: | It is better to use a binary distro instead of Gentoo (much work with sysadmin tasks). |
This is simply untrue; a bindist is far more likely to contain a root-kit, and also much easier to break since everyone's using the same binaries.
Placing ease of system-administration, a completely orthogonal concern, above security, in a thread asking about security, seems very strange to me.
Besides which, Gentoo is much easier to administer in the longer-term, because it's as close to vanilla-upstream configs as possible, and you're always on a recent version, both of which mean it's much easier, and more pleasant, to get support direct from the upstream support channels, like IRC.
They're not frustrated by the fact that you're running a heavily-patched distro-monstrosity based on something they obsoleted 5 years ago (or over a decade ago in the case of mawk on debian; the default OoTB awk on that distro.)
WRT to the OPs question, be advised that there are blobs in the tree, so review ACCEPT_LICENSE in man make.conf and license_groups in man portage.
Consider also the deblob USE flag for gentoo-sources; I've never had an issue with it. You can still use proprietary graphics drivers if you must; though I don't think you want to, if you're concerned about the NSA. It still reduces the vectors. |
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Thu Dec 17, 2015 1:32 am Post subject: |
|
|
Look up the term "rubber-hose cryptanalysis."
Besides, the government is not your biggest fear, in practical terms. There are commercial entities far more likely to abuse your rights and privacy. _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
gentooP4 Apprentice
Joined: 20 Sep 2010 Posts: 182 Location: NZ
|
Posted: Thu Dec 17, 2015 8:49 am Post subject: |
|
|
Sorry to jump in, but is surfing the net inside a virtual machine using TOR any more secure than just using Gentoo outright? Just curious _________________ The United States has announced that it will deploy thoughts and prayers in the battle against online extremism.
If you voted for Trump or Brexit, you were likely influenced by the Cambridge Analytica propaganda machine. |
|
Back to top |
|
|
Keruskerfuerst Advocate
Joined: 01 Feb 2006 Posts: 2289 Location: near Augsburg, Germany
|
Posted: Thu Dec 17, 2015 9:58 am Post subject: |
|
|
Quote: | Besides, the government is not your biggest fear, in practical terms. There are commercial entities far more likely to abuse your rights and privacy. |
The answer ist M. |
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Thu Dec 17, 2015 12:40 pm Post subject: |
|
|
gentooP4 wrote: | Sorry to jump in, but is surfing the net inside a virtual machine using TOR any more secure than just using Gentoo outright? Just curious |
If you're really being paranoid, the moment you start using TOR, you stick out like a sort thumb. Again, if you're truly paranoid, assume that a non-trivial number of TOR exit nodes are compromised and monitored, and even though content, and in-TOR metatdata are both encrypted, entry/exit metadata cannot be. The minute you touch a compromised TOR entry point, you become "interesting" to whoever compromised that node. _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|