/d/OpSec

N/A subscribers

N/A


Q for the Technical People - For Vendors: Mifi/ Dongle or home WiFi/ Public WiFi

by /u/curiositysavedthecat127 · 0 votes · 9th March, 2021 05:44

I see this question posed constant but never read much defining tech insight from knowledgeable people & I feel its a real missing vaguely answered critical piece of opsec.

So lets assume buyers are fine with Tails & whatever means they choose to get online.

For vendors that are serious about there OpSec its a different ball game altogether.

IMO Tails isnt enough for a vendor so that leaves Whonix & Qubes/ Whonix for a vendor who is serious about there security & anonymity.

Lets go with the middle option of pure Whonix (non Qubes) & use this in this example.

So, you're a vendor who cares about your security & your anonymity & your using Whonix (in the correct way) to shield yourself.

You got 3 options to get online:

1) Public WiFI
2) Home WiFi
3) Mifi/ USB dongle

1) IMO connecting to the net via public WiFi is a big no no. Far to many things can go wrong & your to exposed to people & outside your own control zone.

2) Seems to risky cos even though Whonix by design with its separated systems (Gateway/ Workstation) masks your IP completely even if one part is compromised (unlike Tails). It still seems to high a risk if say a zero day/ vulnerability exploit or simply user error, & you accidentally fuck up & your IP gets found. Your fucked trying to deny a direct link to your home ISP registered in your name. And yes we know Tor masks your identity etc but if someone is on your tail, time correlation of you logging on Tor via your home ISP is easy to tie together (but of course not enough proof by itself).

3) MiFi/ USB Dongle - yes there is potential risk of phone tower triangulation but the Whonix system should protect against your IP being exposed so this shouldn't be an issue & even if someones on your tail at least its not registered in your name.

So option 3 for a vendor using Whonix to me seems the best option to get online (obviously sim & top up paid in cash etc).

But I see this topic debated time & time again with no real definite answer on the safest option (in this particular scenario: vendor using Whonix (non Qubes).

I would LOVE to hear from some of the top tech minds here what your thoughts are. I keep seeing posts similar as this where people recommend using a smartphone as a hotspot???!!! GPS anyone.....

/u/Paris
/u/HugBunter
/u/mr_white
/u/Shakybeats
/u/MonopolyOfficial

Would LOVE your views guys & will happily donate some XMR to Dread for some real answers on this & not just the generic stuff you read from people who dont really know. I feel its really missing this topic

Thanks in advance & also any other tech minded guys who know what there talking about pls do chime in! Also any vendors who use Whonix & understand the pros & cons of these options pls share your views!

ETA: is there anything additional that can be added to improve OpSec with getting online (again this is vendor focused not buyer focused)?

Comments (4)
/u/Paris · N/A votes · 9th March, 2021 - 08:08 · Link

What you should do is simply use bridges if you are worried about your Tor usage being monitored. To overview your concerns about IP leakage. The best way to prevent that is simply by using Qubes and Whonix. You have over viewed quite a lot and you already explained your whole question itself. There is a trade off between going to new locations and having usage there and being a home where you are not reasonably monitored. Most people are not fucked by IP leakage but by having their habits monitored with some extra OPSEC mistake on their end. Qubes prevent OPSEC mistakes. It makes it really hard to fuck up. That is why I use it and it provides me the peace of mind I think you are searching for. Setting it up is a pain in the ass but when you do you will be better for it.

/u/hVELTEju · N/A votes · 9th March, 2021 - 08:28 · Link

Basically this. For the vast majority of vendor busts we see, the thing that got them nailed was not their IP address, it was physical opsec and the ability to *link* online behavior with real life behavior. The only thing I disagree with is saying that "Qubes prevent[s] OPSEC mistakes." Qubes *does* make it harder to fuck up... but it's certainly still possible. Qubes is no panacea... and it's also leagues behind tails in terms of physical security concerns. For a vendor this probably doesn't matter as much though, as if they are gonna raid your place you're probably gonna get busted on your physical stock of wares no matter what your computer does though. In any case, my point is: even if you're using Whonix or Qubes, you still need to be vigilant. They both make it very hard for you to leak your IP.... but IP leakage is only one small attack vector, and it's almost never the one that actually gets people busted. You still need to have good communication and browsing habits and much more so that you can't be correlatively linked to your activities through other means. I recommend the talk on YouTube "DEFCON 22 - Zoz - Don't fuck it up!" which is a little old but everything in it is still super relevant.

/u/drstevebrule · N/A votes · 9th March, 2021 - 21:58 · Link

I am familiar with the general principles behind each of these setups, but can you list an example where Qubes use would provide that kind of mistake prevention? Thanks!

/u/Paris · N/A votes · 9th March, 2021 - 22:38 · Link

QubeOS is an OS to make compartmentalizing different trust areas much easier. It does this by allowing users to create multiple VMs only used for certain things. For example I have a VM which is just for private PGP keys. This VM has no network connection and all I do is copy text in and out from it. In the case of an exploit in the Tor Browser it's contained away from any of my private keys. Also being that all VMs have their own separate network it's not like I can mess up and leak a IP address. Whonix built in is easy and very powerful when used as a networking layer to separate VMs. It's one of the ways you can prevent any kind of IP leakage. It works transparently and other than the network connection being slowed and sometimes you need to front with a VPN there is little reason to worry. In the event of an exploit you are protected. In the event of a bad copy you are protected. In the event of needing to run a program you don't trust, you are protected.

/u/drstevebrule · N/A votes · 11th March, 2021 - 21:44 · Link

ah cool, yeah I understood the VMs and compartments but was wondering how it helps in practice. Thanks!

/u/Grubba222 · N/A votes · 9th March, 2021 - 07:47 · Link

You basicly explained everything in your question. Lol. Another advantage MiFi has is that if you are in a crowded city even with tower triagulation you are still hard to find, compared to your home IP leaking.

/u/redrarri · N/A votes · 9th March, 2021 - 14:47 · Link

Vendors don't get caught thru IP leakage. it's always the IRL Opsec that gets people caught, at that point the only OS you need is the one you can destroy the quickest

/u/unitedpharma · N/A votes · 10th March, 2021 - 02:13 · Link

that's the boldest answer to the whole problem, make it all easy and fast, rather than too complex and hard to destroy and relocate

/u/former_vendorthrow · N/A votes · 11th March, 2021 - 04:19 · Link

you can use bridges yes. better to have control over location. simple method is don't use internet connected to your name. won't prevent bust if they get your ip, but will prevent ISP from tracking tor usage. correlation attack less possible.