Tags
As the ongoing American Redoubt Darknet (AmRD) project to help improve the Liberty blogosphere and in particular the American Redoubt movement we will introduce the next level of security upgrade. Firefox and SSL Everywhere. To recap for new visitors I have decided to volunteer my energy and experience to to help create a more anonymous and secure network for Liberty / Patriot communities. My ultimate goal is to help us all create a American Redoubt (or Liberty movement) focused darknet, or private, secure as possible and highly anonymous computer network. My first recommendation, after significant research I have recommended all Liberty / American Redoubt related websites / blogs to implement SSL. I believe this will significantly increase the overall communities security poster and providing building blocks for the next parts of the AR darknet. My next suggestion is something that you can implement.
The suggestion is actually two fold. My first suggestion to you is to stop using Microsoft Internet Explorer (IE) if you happen to use it. Under no circumstance should your “normal” Internet browsing be done with IE. You may have corporate websites that require IE, and that is ok, but your normal Internet browsing should not use IE. IE is the most insecure, least trusted of any Internet browser. Why is IE inherently insecure? For one reason it is is directly connected to your Operating System (OS), the basic functions of your computer. For Microsoft to “sell” or actually give away IE and control “market share” it directly bundles it with the OS. Thus if a malicious entity “hacks” your IE, they have more of a direct path to hack your OS. All other browsers are “separate” from your operating system. They are from separate companies. Another reason to avoid using IE is that the code, or how IE is “built” is completely hidden by Microsoft. Thus if Microsoft has allowed any entities to have “back doors” into its browser it, there is no way to find out.
Think on this. If IE gets pressure from “…entities with global reach..” they could easily “allow” or build back doors that that have direct access to your operating system and there is very, very little way the “general community” would know. What we can tell about how IE is built into Microsoft OS, is nothing but bad. If you are new to this, I highly recommend you install a more secure browser. A decent browser I use is Firefox. Thus to help you participate in the darknet, please install and use Firefox or a more secure browser if you can find it.
The next significant recommendation in the AmRD project is to use the Electronic Frontier Foundation Firefox plugin called “HTTPS Everywhere.” What HTTPS Everywhere does is turn on SSL on all sites, even sites you would not think of like Google or Wikipedia. It then tries to rewrite insecure parts of various blogs / website to force them to use more secure SSL. Here is from the EFF site. “HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using a clever technology to rewrite requests to these sites to HTTPS.” Notice that EFF / TOR have plugins for Firefox, Chrome and Opera. This is because IE is completely close and suspect by design.
The new feature of HTTPS Everywhere, the “Decentralized SSL Observatory” is optional, but I use it. It’s designed to detect encryption weaknesses and notifies users when they are visiting a website with a security vulnerability. In other words it keeps a copy of the CCS blog’s security certification. If an entity modifies the certificate (such as forging a certificate and using it on a man-in-the-middle fake website” the SSL Observatory managed by the EFF will try and notify you. Here is the description from their site: This is meant to let you know that the “secure” site you’re visiting may be leaving you open to eavesdropping or “man in the middle” attacks. In addition, thanks to the EFF’s partnership with the Tor Project, an Internet anonymity program and network, HTTPS can help steer you clear of sites with fake or forged Secure Sockets Layer (SSL) certificates. Thus to fully implement this upgrade to your security is to not use IE, I suggest considering Firefox. Then install SSL Everywhere for Firefox.
Installing Firefox is simple just visit their site at Mozilla.org site and download Firefox. Then go to the eff.org site and download the SSL Everywhere plugin. It will ask you to use the Observatory, I recommend yes. Then you can use “SSL Everywhere.” I have confirmed that CCS works with it, but you can disable it in Firefox in the upper left corner if it appears it “break” any site.
The EFF and TOR have released this plugin to try to address rampant insecurity. It is not the ultimate solution, but is a great incremental increase in helping the Liberty and the American Redoubt movement to secure your Internet browsing and helping you to ensure that you are actually visiting the sites you are attempting to visit, not a man-in-the middle fake site. If we implement SSL on all our blogs / websites, and then use Firefox with the EFF’s SSL Everywhere, generally and in logical steps your digital fingerprints will begin to disappear from the Internet.
Legal disclaimer. As I explain means and methods to increase your anonymity, I want to be clear I do not condone the use of any information I provide for anything illegal. Also if it doesn’t work, don’t come yelling at me. I am freely sharing with you my opinion, not advice.
Please let me know what you think of the ARD / AmRD project. What can we do better, ideas on security, and ways we can leverage existing tools to help increase security and anonymity. Next part only for guys who know. If you are a computer or networking professional supportive of the American Redoubt objectives and would like to assist in the AmRD project contact me. If you have significant skills you may want to contact me anonymously with a disposable email account. They know who I am. I do not need to know who you are, just that you are willing to help. My email is alex (at) alexanderbarron dot com not blueeyes@abcisp.com.
This site has been attacked by tyrannical foreign governments, Obama-era federal agencies, candidates for governor, and multiple progressive outlets. Progressives seem to hate any black conservative who walks off the liberal “woke” plantation. Social Media Internet ghettos have greatly diminished distribution of our content. This is called “Shadow-banning.” Please take a moment and consider sharing this article with your friends and family. Also please support our ability to continue to bring you a different perspective. Donate here. Another way to support us and show your spirit is to purchase CCS Partisan merchandise. Thank you.
On line browsing habits are a great area to focus on , but certainly not the only area. There are additional risks in using other computer software, for example: MS Office. MS uses a structured storage format that internally looks like a filesystem. That is why Office documents seem to grow so quickly. Data “deleted” from file is not necessary removed, just unlinked in the index chain. It is still in the actual file. There was an example of this several year ago where a government agency sent out supposedly redacted documents, IIRC they had taken the original document and deleted the redacted sections but did not compact the document (actually remove the deleted data) so it was recoverable. In other instances the redaction was done by simply making the font color and the background color the same, obscuring the text for normal viewing but again actually leaving it in the document. What does this have to do with Internet browsing ? The structured storage format uses UUIDs as identifiers for data in the file, and that UUIDs may be generated using the MAC address of your computer (RFC4122). Which could tie back to traffic logs at an ISP. So the document you sent using an anonymous connection over TOR or I2P may still lead back to you. If you have to send it, use ASCII or some other text based format that can be sanitized, not as pretty but it does not leak information.
Another thing to consider, when connecting from some anonymous wi-fi hotspot, disable your laptops internal wi-fi and use a USB wi-fi adapter. They can be had for under $10 and will present a different MAC address to the network. If compromised, it hurts less to throw away a $10 USB wi-fiadapter than a whole laptop.
Ouch! Skippy. Have you fired up TAILS? It supposedly has a secure Open Office setup and it uses MAC address spoofing. Can you tell us what you think? I wondered why TAILS was like “create documents on our Open Office setup” not on your computer. That is very important. This is terrible.
I am familiar with Open Office on Tails. I don’t know specifically if it has been patched to make it more anonymous but the very act of using it on Tails ( Amnesic & Incognito ) deprives the standard Open Office install any usable data . I use Open Office extensively for technical documentation, and If I create a text document, type a bit in and save it there are some interesting things going on.
First, the odt document format is actually an archive. You an open it up with Archive Manager ( using linux ) and extract the contents, which is a bunch of xml files, to a directory then start poking around. in the meta.xml file you will find your name, the version the software used to create the document, the creation date of the document, the number of times the document has been edted, word counts, etc… And that was creating a new document, typing in 1 line and saving and exit. MS Office is likely far worse. I have not examined the files lately but i would not be surprised to see computer name, user name, etc… I would also not be surprised to see product key information, encrypted or not, in there as well. Which would give away your MAC and ip address ( you did buy a legit copy of office and activated it right ? ) The version on Tails has the same information ( i checked ), but it only says Debian User. It is not anymore secure than the version you install on you desktop, it is just denied the data because you are using Tails. I did not see anything that looked like a MAC or UUID in the archive, but I only checked a simple document. I’ll have to run some packet captures on a test net and check out the actual Ethernet packets from a running instance of Tails.
Long live ASCII
Pingback: AmRD: Firefox and SSL Everywhere |