-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
GT500Shlby:
> Recently I went looking for as high as humanly possible anonymity
> but quickly deployed.
>
> For a purely hypothetical example, say I have evidence on a
> prominent person. Think got mistress prego, mistress no want
> abortion, mistress gets bookend to skull, murder cover-up gone
> awry. So obviously me having said info, puts me in severe risk of
> being killed myself. Like full on conspiracy theory novel/adventure
> story. The idea is to be as realistic to the cyber security
> preparations as possible.
>
> So I pick out an older laptop from recycle, flash the bios and
> remove any serial numbers and assets tags, pop in a newer SSD from
> a different recycled system (0 purchae records), reflash its
> firmware to remove serial number. Source an external wireless
> adapter with changeable MAC address and again, make sure no digital
> serial number. Now I need an OS. TAILS is a good option, but I saw
> Qubes used a while back and thought of it.
>
> The idea is to go to a public place with lots of stores/cafes that
> have free wifi, but sitting outside those establishments in a
> non-cctv area but jacking their wifi, probably using a sharklasers
> email to get registered then using a vpn with bitcoin and another
> sharklasers email and then using tor above that to then create a
> throwaway reddit account to browse on r/gonewild err I mean drop
> the docs on the bad dude. However, my concern is, I'm having
> trouble finding the latest release date. the listed release
> schedule makes it look like the current stable release is over a
> year old. What is the TL;DR of the state of development of Qubes?
>
>> From other privacy focused people, are their any holes in my
>> privacy scheme?
>
Your model is actually a high risk environment, involving actions of
physical harm or death of you or your close ones.
In this case you would need to employ much measures and
countermeasures, not necessarily related to the digital behavior, more
than the OS like Tails or Qubes, to stay safe. Your behavior patterns
changes, your physical movement and monitoring of your life emissions,
the way you obtained the compro, from whom, how, when, where and so
on. Your contacts can be compromised already. Beware of your writing
stylistics, typos, and other similar leakages of your identity. In
case you have written something publicly under your real identity, you
should count that if you don't use deception, it can be one of the
identifiers narrowing options from adversary in pursuit of finding you.
Know your adversary and its level of determination, resources and time
available to find out key indicators leading to you. The higher it is,
the higher security measures and deception layers need to be employed
by you.
In this case you will for sure need certain level of well pre-prepared
deception layers to make sure that if your contingency plans fail, you
have a well working backup plan, spreading options on more ways
adversary needs to follow on each layer, to give you time and a
especially clear warning, that there is somehow successful adversarial
activity, without leaking this intelligence to the adversary.
You will basically need to do the job done and destroy all traces from
you, and remain exposed shortest time possible, and leak as little as
possible emissions about your activity and at the same time not break
too significantly your daily routine. All preparation activities are
deviations from your routine, and can rise suspicion even after the
job done.
Once done, there should be more less zero possibility to get any
intelligence about your sensitive activity by any means, even backwards.
Coming to the OS, in this case Tails will do the job. It is amnesic
and the only hot potato is the SD card, if your activity isn't leaked
already, which is still possible.
If you were for example searching for the Tails through an insecure
OS, downloaded TBB through a non-anonymous channel, or even through
your IP address, and so on, you can already be on a watch list.
Estimate how many people in your area use Tor or Tails and you will
see it is not much. It can be see you are using Tor or Tails, as it
has very unique behavior.
All that, provided you know what you are doing, you are able to get
Tails securely, can reliably obtain their signing pgp keys, confirm
the downloaded file with it, its hash, can run it securely, in this
case remotely (see external wifi card, with cantenna for example, to
get wifi connection from few kilometers away) and having clear OpSec,
and be sure you are not compromised already, from the very beginning,
you could be quite safe.
-BEGIN PGP SIGNATURE-
iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1lgZlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzsEw//Q7enT4Rw/8x8yYiXzmWy2GMJ4AAez4x38UMI91j+VLgZ9ER9O5MnBEHO
