Let’s Talk Comsec

Download Tor, intall Tor (What is Tor), then close this page, and reopen it in Tor. We’ll consider this the 0 step.

I’m not a tech person at all and learning how to safeguard myself techwise has been an adventure. Okay, scratch that, I’m a small-scale tech person. I know enough about hardware to build a decent rig and I can haphazardly navigate most OS’s. I don’t even know if I’m using proper terminology at times or if I’m bastardizing my way through, so let me be clear: In this, I’m going to give a short explanation of different ways to communicate securely. This is going to just be a limited, straight to the point explanation of stuff I’ve kinda snagged around google in my own adventure. Shall we?

1. Let’s say you want a secure OS to write and talk to folks on.

Look, most operating systems are secure as long as you keep them up to date and shit. Your average every day person isn’t going to break into your shit if you are sensible. This isn’t about that. This isn’t even necessarily about your rando malicious attack or anything. This is about you being concerned that the government might want to look at whatever it is you’re doing and you’re concerned about having a secure way to communicate digitally.

Before we continue, we’re going to transfer the line of philosophical thought presented in the Hagakure. Bushido is a way of dying and it was argued Samurai should live as tho one was dead, you should live like your entire life is compromised. Assume everything you’ve done up to now is known by someone, somewhere. Many of us average folk cannot comprehend the intelligence gathering capabilities of the system and what we think may protect us from the average, does, but doesn’t protect us against this cyber leviathan. This doesn’t mean you should be reckless, I’ve been reckless to extents of regret, but it means you need to take a greater step into being secure. Check yourself constantly, check how you troll, check everything you do. Modesty is a form of security. I don’t think my telling you this will reinforce that mindset, but here’s a video from Jacob Applebaum where he pretty thoroughly explains how we’re fucked and the ability of groups like the NSA to completely compromise us. It’s a long video if you decide to watch the whole thing (probably not necessary), but the means of which I’m explaining to you provide an opportunity for security, not full or absolute security, and these forms of security are not enough.

So what should we do? These answers will be scattered and piecemeal, but I’m doing my best to write this in an order that makes sense while being deprived of.. I dunno. I’m out of it.

Get a 2 USB disk (more than 4 gigs, get two if you’re using Mac or Windows) for like 11 bucks each that isn’t SanDisk, maybe like Samsung or something, and clear a day to start going to work. Right now, your best bet is downloading something like TAILS. The Amnesiac Incognito Live System. It’s an operating system that forces you behind Tor (nifty way to mask your Internet existence, you could just get a nice browser for your OS to do that, but we’re talking next level right). Not just that, it only exists in your RAM since its run off a USB, so it doesn’t leave traces like normal operating systems. It’s a clean OS every time you boot it and since its in a USB stick… you can use it on just about any laptop or desktop (save some stuff like Chromebooks, ugh fuck that struggle). Walk into a school library with a USB drive, restart it with the USB plugged in, boot it up so you can access the USB, and start TAILS for secured communications. Convenient as hell. Just keep the USB handy. Since it does wipe clean on every start though, it is a problem of wanting to store anything significant, and you can use it for a persistent drive to some extent, but that kinda dodges why this system is secure. It’s a constantly clean OS where your traffic is in the shadows. You could’ve read all that stuff on the website itself, but I’m writing it here because I’m trying to tell you this is a long process that can be more difficult than it seems. I was able to use a single USB and did it through Ubuntu, but many of ya’ll might be on Windows or Mac and that makes it a bit longer.

2. Emails are about the most secure method of communication when done properly.

Check out secure emails that use PGP encryption (what is it), which is perhaps the safest way to do it, and google around for how it works (here’s one example, but things like mailfence have their own built in way). It’s not entirely complicated. I’d recommend riseup, which unfortunately is invite only, but autistici.org could be good and mailfence is my preference for ease of use. Emails sent PGP behind Tor and any other safeguard you can imagine is about as secure as electronic communications can get. Unfortunately, email isn’t always a preferable format, and you still need to be wary about how you talk, what you send, etc.

3. Next level under email is instant messaging.

Here’s what I use. I use Pidgin Instant Messenger, I create an account that uses XMPP protocol, and I pull a server (check out this list, always better to have your own server though) that force Off-The-Record Messaging and doesn’t keep logs. When you setup the account, use a server with a .onion address, giving it an additional layer of protection. When your account starts up and its functioning, test it with a comrade, and make sure you’ve enabled verification between each other. What does this end up looking like? Well, buddy, if you’ve used AIM, imagine AIM except that your chats are only logged if the other person is online behind a layer of onion circuits with no personal information attached. Don’t even try to keep the login info or memorize it. The Calyx Institute has a great screenshot set of drections for setting this up.

To Conclude:

Nothing is entirely safe, nothing will ever fully protect you, but these tools are better than nothing. Next time, I’ll try to talk about mobile communications.

This entry was posted in General. Bookmark the permalink.