-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
GT500Shlby: > Recently I went looking for as high as humanly possible anonymity > but quickly deployed. > > For a purely hypothetical example, say I have evidence on a > prominent person. Think got mistress prego, mistress no want > abortion, mistress gets bookend to skull, murder cover-up gone > awry. So obviously me having said info, puts me in severe risk of > being killed myself. Like full on conspiracy theory novel/adventure > story. The idea is to be as realistic to the cyber security > preparations as possible. > > So I pick out an older laptop from recycle, flash the bios and > remove any serial numbers and assets tags, pop in a newer SSD from > a different recycled system (0 purchae records), reflash its > firmware to remove serial number. Source an external wireless > adapter with changeable MAC address and again, make sure no digital > serial number. Now I need an OS. TAILS is a good option, but I saw > Qubes used a while back and thought of it. > > The idea is to go to a public place with lots of stores/cafes that > have free wifi, but sitting outside those establishments in a > non-cctv area but jacking their wifi, probably using a sharklasers > email to get registered then using a vpn with bitcoin and another > sharklasers email and then using tor above that to then create a > throwaway reddit account to browse on r/gonewild err I mean drop > the docs on the bad dude. However, my concern is, I'm having > trouble finding the latest release date. the listed release > schedule makes it look like the current stable release is over a > year old. What is the TL;DR of the state of development of Qubes? > >> From other privacy focused people, are their any holes in my >> privacy scheme? > Your model is actually a high risk environment, involving actions of physical harm or death of you or your close ones. In this case you would need to employ much measures and countermeasures, not necessarily related to the digital behavior, more than the OS like Tails or Qubes, to stay safe. Your behavior patterns changes, your physical movement and monitoring of your life emissions, the way you obtained the compro, from whom, how, when, where and so on. Your contacts can be compromised already. Beware of your writing stylistics, typos, and other similar leakages of your identity. In case you have written something publicly under your real identity, you should count that if you don't use deception, it can be one of the identifiers narrowing options from adversary in pursuit of finding you. Know your adversary and its level of determination, resources and time available to find out key indicators leading to you. The higher it is, the higher security measures and deception layers need to be employed by you. In this case you will for sure need certain level of well pre-prepared deception layers to make sure that if your contingency plans fail, you have a well working backup plan, spreading options on more ways adversary needs to follow on each layer, to give you time and a especially clear warning, that there is somehow successful adversarial activity, without leaking this intelligence to the adversary. You will basically need to do the job done and destroy all traces from you, and remain exposed shortest time possible, and leak as little as possible emissions about your activity and at the same time not break too significantly your daily routine. All preparation activities are deviations from your routine, and can rise suspicion even after the job done. Once done, there should be more less zero possibility to get any intelligence about your sensitive activity by any means, even backwards. Coming to the OS, in this case Tails will do the job. It is amnesic and the only hot potato is the SD card, if your activity isn't leaked already, which is still possible. If you were for example searching for the Tails through an insecure OS, downloaded TBB through a non-anonymous channel, or even through your IP address, and so on, you can already be on a watch list. Estimate how many people in your area use Tor or Tails and you will see it is not much. It can be see you are using Tor or Tails, as it has very unique behavior. All that, provided you know what you are doing, you are able to get Tails securely, can reliably obtain their signing pgp keys, confirm the downloaded file with it, its hash, can run it securely, in this case remotely (see external wifi card, with cantenna for example, to get wifi connection from few kilometers away) and having clear OpSec, and be sure you are not compromised already, from the very beginning, you could be quite safe. -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1lgZlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzsEw//Q7enT4Rw/8x8yYiXzmWy2GMJ4AAez4x38UMI91j+VLgZ9ER9O5MnBEHO 7oZiXyAjPTGswYZP8beceaR3a7zVELWwsCMHtapSAhWzstpW6OHz/Q0lrOMmYgLw 7h8k7Oz55NvEZ9kAGllquvn48zsqWenC4ie9vZiWyWuiRyhYoQpd44yl/fJ786Q5 iZ/66WlOxhq+X6cAFNzb8Hsq0YoelTLD8KPVpQxDeE/SzOujXr0/iV8B6YItAX6n +gVnqAa/Zas32TW/V9cC180ore5+u8CrU1P/NYMmUiUd89KL3UnfQcldTrBLmnGB hoUWjxasZakzDEZ3Tmtr435oC5hSLAjAj9GvEgLtjTjIYgisOfSn8nCAaqndp4b7 Vg7PtPyBMjpXKzkVlugrks5U83jP/y/A6G8PDkjhF8UGAVsU0UH7BduOCu89Ntnx 9okXoHZ5RC8ej4IilGxF2WILAoLD/sPLLZVnAJ9XIsUo2EwFPrfA4aU2IGTgk49u fAOh9Fj696N2Pb9byJUyopyPclYO0+bXZfaq4HoTdRku+fVB3VV4fLl7zS3beEjY MLNHHsuZFCEb+UK8511fetFIXMJ/Rv/iQCovIORFpjXRbcr9C3caaxVSeN+/Y2MI 4B8HRlrla14q8RwtEB1O0xtppj9aw2G2Di6C5I35He6hVxmMYRU= =Ob3v -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b0bcdd6e-a40f-8ca1-b158-598ef436c5ba%40cock.li.
0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys
