View comment

PSA: If you're going to store customer data, at least use LibreOffice + Cryptomator

by /u/SteadySupplies · 0 votes · 20th July, 2018 22:33

LibreOffice is available in the repositories for both Tails and Whonix. Very easy to install and use. It has the ability to encrypt your files. If you INSIST on storing customer data, and REFUSE to be any more secure, at least do this much. It's a simple check box. In order to open your sensitive files, you'll at least need to enter a password. Make it a strong one.


If you'd like to increase your OPSEC, also install KeePassXC (keepassxc.org). There is an AppImage that can be easily run in Whonix and Tails. Use KeePassXC to generate a very strong 999 character password, and use that for your LibreOffice documents. You can even store the documents themselves in your KeePassXC database as backup, where they will be encrypted with an additional layer.


If you would like to add yet an additional layer of security/encryption, please install CRYPTOMATOR (https://github.com/cryptomator/cryptomator). With this application, it will create a mounted drive that will seamlessly encrypt anything saved to it. Save your documents, and generate a secure random password for your vault, and store that in KeePassXC as well. Do not store your KeePassXC database in your cryptomator vault, with the password in your KeePassXC database and not memorized. You will not be able to retrieve the cryptomator password once the vault locks.

If you would like to securely store your Cryptomator Vault in the cloud, you can sign up for a free 4GB account at Disroot.org, which also comes with logless email and XMPP. Have your vault saved within your Nextcloud folder, and everything you save to your vault will be seamlessly encrypted, and uploaded to the cloud. No need to trust any third parties, and this can all be easily routed over Tor.

Signing up for Disroot requires Javascript (as does ProtonMail), so it should be done securely from Whonix, rather than Tails or simply TorBrowser. Once you are signed up, you can easily access it via WebDav over Tor, XMPP over Tor, POP3over Tor, etc etc. (Unlike Protonmail)


With this setup you may securely use LibreOffice to handle customer addresses and orders, while maintain several sophisticated layers of security, and having everything backed up to the cloud.

Should you ever bork your Whonix or Tails installation, all you need to do is re-install OS with NextCloud and Cryptomator and KeePassXC, and as long as you remember your KeePassXC password you will be able to regain access to all your files and accounts.


You can store your KeePassXC password database in your NextCloud folder, to be saved on your Disroot account, in the cloud, but do NOT put it in the Cryptomator Vault.


If you install cryptomator using the debian packages, you can start the program by running

$/opt/Cryptomator/Cryptomator &

If you would like LibreOffice to be able to seamlessly edit/save files saved in your vault, after the vault is unlocked, run:

$sudo mount -t davfs -o gid=user,uid=user http://localhost:42427/Path-To/Vault /home/user/Path-To-Vault

(replacing with your actual path, which will prob be something like /home/user/Vault in the case of the latter, and some random chracter string in the case of the former)



Now you can store all your labels, and financial data, and customer order data securely. Should you ever get caught, LE will not be able to gain access to your files unless you leave them open or choose to cooperate (and thus rot in hell).



Thanks


Be Safe

User: /u/PelicanVendor

> Unlike you, I've actually done time. In a real prison. So keep projecting with your idiotic "kiddo" comments. I used to fuck guys like you in prison. Congrats now LE knows one more thing about you when they decide to bother looking at you. Now they know you have been in the prison system. You a fucking idiot. When did I recommend wickr over tail>jabber>otr please go read it kiddo. Also I preached whonix for fucking 2 years. Hell I got banned over on the garden for dissecting the beacon file in whonix to tell the community how it works. Sadly you don't know these things since you just a reshipper and going to exit scam soon. Also I love you say I am not a vendor... Nigga google Pelican mdma pelican lsd pelican dnm... Now sit your ass down and learn from an OG. YOU SHOULD NEVER UPLOAD YOUR CUSTOMER INFO TO THE CLOUD AS VECTOR SAID >SteadySupplies admits to the biggest OPSEC risk of all, saving customer order data to trade for a plea bargain, there being zero other excuse for doing something that defeats the entire security culture of the crypto currency based anonymous dark web. Your IDIOT and IGNORANT advice is only serving to get people arrested. Quit spreading FUD if you don't have the FIRST CLUE about OPSEC. If I was a market admin I would ban you for uploading customer info to the cloud where you could the retrieve it when busted you idiot.... Also I don't know why your calling tails unsecure. You realize the way it handles traffic makes it close to impossible to leak your ip you can than the the dev team for the very crafty way of handling traffic and how it's network ports are actually done behind the scenes. Take a look at the git if your curious... Also obviously you have to save tracking numbers and zip codes that's it... Not their fucking address... Also if your drive dies and you lose tracking since you didn't have it backed up SO BE IT. TAKE THE LOSS. It is not worth the risk of jeopardizing everyone to upload the data to the cloud so when you get busted and talk because you have a record and don't want to get ass raped anymore that you will go and recover the info for the feds... How many times do i have to say it DO NOT UPLOAD CUSTOMER INFO TO THE INTERNET DO NOT UPLOAD CUSTOMER INFO TO THE INTERNET DO NOT UPLOAD CUSTOMER INFO TO THE INTERNET DO NOT UPLOAD CUSTOMER INFO TO THE INTERNET DO NOT UPLOAD CUSTOMER INFO TO THE INTERNET DO NOT UPLOAD CUSTOMER INFO TO THE INTERNET Everyone please remember that these trolls are only trying to weaken our community and make us have flaws that could come back to haunt us. Any of my kg buyers free shipping if you message me SteadSupplies causes autism in your order when our restock is done.