[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4983



File: 1490967336010.png (66.79 KB, 300x225, horse.jpg)

No.4983

I remember there was a thread here about opsec sometime ago where lainons discussed the opsec they did and general tips.

Can we have one of those again?

  No.4985

>Encryption
use Veracrypt https://veracrypt.codeplex.com/

>Password Manager

use KeepassX (i reccomend you encrypt the masterfile using keepassX and also keep it in a hidden if u please container created with veracrypt https://www.keepassx.org/downloads

>VPN

setup your own VPN on a VPS you own with AlgoVPN https://github.com/trailofbits/algo
or Bitmask https://bitmask.net/
or get PIA if your lazy https://www.privateinternetaccess.com/ (yes its in the USA, USA doesnt have retention laws and PIA keeps no logs, they could theoretically have a NSA room like at&t but I doubt it and if your this worried then you host your own VPN with algoVPN or possibly Bitmask)

use vpn then tor if you dont want your network to know your using tor https://www.torproject.org/
(a convenient way to get this working well would be appreciated)

>Operating Systems

Use Subgraph OS for daily use https://subgraph.com/ (real soon will allow specific apps to only use a vpn if you dont want everything going through Tor and clearnet chromium browser is already available iirc)

use Qubes OS for daily use if you have a computer that can handle it and you dont mind a bit more setup https://www.qubes-os.org/

use Tails OS on a laptop bought with cash on public wifi if your doing something illegal or really risky (military police will get you type soykaf) https://tails.boum.org

>Messaging

Use Ricochet if you need serious security https://ricochet.im/

Use Wire if you need convenient security (server source is coming soon) https://wire.com

Use IRC over I2pd if you want to meet other security folks #salt is nice starting channel https://github.com/PurpleI2P/i2pd

>backups


use syncthing if you want to keep backups in sync constantly and conveniently (I believe you can force syncthing to use tor if not using a vpn can be enough) https://syncthing.net/

rsync is always good but not GUI friendly so noobs beware https://rsync.samba.org/

I've heard tahoe lafs reccomended but never used it myself https://tahoe-lafs.org/trac/tahoe-lafs

  No.4989

>>4985
>use Tails OS on a laptop bought with cash on public wifi if your doing something illegal or really risky (military police will get you type soykaf) https://tails.boum.org

Note that even in this situation whonix(https://whonix.org) is probably a good choice, since lots of military-grade malware just self-destructs if it figures out it's in a VM, and if your adversary(s) crack TAILS they can figure out your true IP, whereas that's not an issue in whonix.

  No.4993

Don't use GPG for risky communication. It's lack of forward secrecy makes it a SPOF if your private keys get stolen.

  No.4994

>>4985
any reason for algovpn instead of openvpn?

  No.4995

>>4994
simpler setup, defaults to best settings

  No.4997

File: 1491104487171.png (363.6 KB, 200x144, damage.png)

>>4993
store your keys on a Yubikey HSM.

  No.5010

>>4993
not if you generate revocation certificates and rotate your subkey regularly.