SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #41  
Old 25 September 2018, 20:07
nofear's Avatar
nofear nofear is offline
Proud wearer of a Beard.
 
Join Date: Aug 2005
Location: Australia-based
Posts: 2,826
I've "had" to use a VPN a few times due to trying to NOT get diverted from a US site to an Australian site.

Classic example - I wanted to buy some Ariat boots, (don't hate me). But the Australian site did not stock, or order, the ones I wanted.

So I tried to get to the US site...diverted to Australian site.

Deleted all cookies etc, and tried US site again...diverted to Australian site.

Installed VPN, deleted all cookies again, and tried US site again. It worked and was able to buy a decent pair of boots for a decent price.

A VPN is not necessarily about being a secret squirrel or hiding your porn fetishes.
__________________
"Amateurs train until they get it right. Professionals train until they can't get it wrong." - Unknown
Reply With Quote
  #42  
Old 25 September 2018, 21:32
256's Avatar
256 256 is offline
Navigating
 
Join Date: Dec 2017
Location: Ohio
Posts: 452
Quote:
Originally Posted by Polypro View Post
Let us know how the speeds are, and on what servers. I'm pretty impressed with the stability and speed of Proton's US servers. Only rarely does the connection hang, where I have to just dis - and then re- connect (1 second), and the speed is good. Using testmy.net, I get 150Mbs on my naked connection, and 80Mbs through the closest VPN server to me - pretty sweet.
So being pretty new to the cyber security ďAOĒ Iíve noticed two things. My phone battery didnít seem to last as long. Now that could be totally unrelated, just what Iíve noticed. Also, when itís enabled and I walk into the station and my phone transfers to their WiFi, the internet will not work.

As to the other info you mentioned, might as well be talking arabic..sorry

This is the info from a screen shot. Maybe thatíll help?
Attached Images
File Type: jpeg 6D8DFC0D-56E2-438A-9960-76D388A4EDDB.jpeg (18.6 KB, 173 views)
__________________
Kiowas are small, carrying just two people; they fly so low the two flying soldiers are practically infantrymen.

- Excerpt from Gates of Fire, Michael Yon
Reply With Quote
  #43  
Old 25 September 2018, 21:34
256's Avatar
256 256 is offline
Navigating
 
Join Date: Dec 2017
Location: Ohio
Posts: 452
Quote:
Originally Posted by nofear View Post
hiding your porn fetishes.
So the 24 bucks for the year was all for not!?! Damn it!
__________________
Kiowas are small, carrying just two people; they fly so low the two flying soldiers are practically infantrymen.

- Excerpt from Gates of Fire, Michael Yon
Reply With Quote
  #44  
Old 26 September 2018, 08:27
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Quote:
Originally Posted by 256 View Post
So being pretty new to the cyber security ďAOĒ Iíve noticed two things. My phone battery didnít seem to last as long. Now that could be totally unrelated, just what Iíve noticed. Also, when itís enabled and I walk into the station and my phone transfers to their WiFi, the internet will not work.

As to the other info you mentioned, might as well be talking arabic..sorry

This is the info from a screen shot. Maybe thatíll help?

You on iOS or Android? I haven't noticed any 'noticeable' battery impact on Android Oreo 8.1 with Proton. LTE to WiFi switching works as well. So many variables, gonna be hard to pin it down though.

If you want to test the speeds - disconnect from the VPN and open a browser and go to www.testmy.net and run a download speed test. Then connect to the VPN server nearest you and run it again - compare the numbers.
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #45  
Old 26 September 2018, 08:30
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Quote:
Originally Posted by nofear View Post
I've "had" to use a VPN a few times due to trying to NOT get diverted from a US site to an Australian site.

Classic example - I wanted to buy some Ariat boots, (don't hate me). But the Australian site did not stock, or order, the ones I wanted.

So I tried to get to the US site...diverted to Australian site.

Deleted all cookies etc, and tried US site again...diverted to Australian site.

Installed VPN, deleted all cookies again, and tried US site again. It worked and was able to buy a decent pair of boots for a decent price.

A VPN is not necessarily about being a secret squirrel or hiding your porn fetishes.
I'd say half use it to secure communications when using public WiFi (using WPA2 or not) or to watch entertainment that is region blocked or shopping, like you. The other half use it for privacy - which is 100% just as legitimate.
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #46  
Old 26 September 2018, 08:38
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Quote:
Originally Posted by CAVmedic View Post
...other than the obvious buying things online through sites that already have password and credit card data saved?
Revisiting this: Browsers aren't secure password managers. While they may not be overtly leaking your sensitive data, there have been 'Autofill' exploits using hidden forms. I would recommend switching to a secure password manager. *I* would recommend a KeePass installation (and a portable one on a USB you carry around, with the program and database on it if you really want to be secure) - or at least something like 'LastPass'.

As far as not being a criminal so not worrying... well, that's a version of "if you don't have anything to hide, what do you have to worry about". Not a philosophy I subscribe to, but to each their own.
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #47  
Old 26 September 2018, 20:11
CAVmedic CAVmedic is offline
Confirmed User
 
Join Date: Feb 2011
Location: Mid West
Posts: 1,287
^Not from a "don't have anything to hide" standpoint, just knowing if the federal gov't wanted to hack or somehow still get into my email and search history, I'm sure they'd still find a way.

FYI for anyone interested, Andy Yen from Proton mail was on reddit today answering questions.
Reply With Quote
  #48  
Old 26 September 2018, 21:36
Akheloce Akheloce is offline
Six Minutes!
 
Join Date: Sep 2012
Location: Alaska
Posts: 455
If I want to do something nefarious online, I just borrow someone else's IP.
__________________
RIP Sitka 43 and ICY 33

Seven Ö six Ö eleven Ö five Ö nine-aní-twenty mile today
Four Ö eleven Ö seventeen Ö thirty-two the day before ó

"Just remember son, 80% of the people in this world are fucking idiots"- My Dad
Reply With Quote
  #49  
Old 27 September 2018, 08:50
Sharky's Avatar
Sharky Sharky is offline
Administrator
 
Join Date: Dec 1999
Location: SOCNET
Posts: 19,524
Quote:
Originally Posted by Akheloce View Post
If I want to do something nefarious online, I just borrow someone else's IP.
And MAC address.
__________________
I was born my papa's son
When I hit the ground I was on the run
I had one glad hand and the other behind
You can have yours, just give me mine
When the hound dog barkin' in the black of the night
Stick my hand in my pocket, everything's all right

-ZZ Top
Reply With Quote
  #50  
Old 28 September 2018, 04:10
256's Avatar
256 256 is offline
Navigating
 
Join Date: Dec 2017
Location: Ohio
Posts: 452
Quote:
Originally Posted by Purple36 View Post
Iím using it right now. From Japan.
I get the fastest download/upload speed while using servers in Tokyo.

Quote:
Originally Posted by Polypro View Post
Let us know how the speeds are, and on what servers. I'm pretty impressed with the stability and speed of Proton's US servers. Only rarely does the connection hang, where I have to just dis - and then re- connect (1 second), and the speed is good. Using testmy.net, I get 150Mbs on my naked connection, and 80Mbs through the closest VPN server to me - pretty sweet.
I'm not getting anywhere near those speeds. I didn't collect and average speed from my home interweb, but the fastest/closest server to me is Toronto; 13.8Mbps DL/.37Mbps UL. I wondered if the time of day in the region the server I am using mattered. Meaning, does it depend on how many people in that area are using that server?
__________________
Kiowas are small, carrying just two people; they fly so low the two flying soldiers are practically infantrymen.

- Excerpt from Gates of Fire, Michael Yon
Reply With Quote
  #51  
Old 28 September 2018, 07:31
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Quote:
Originally Posted by Sharky View Post
And MAC address.
I'd still go through Tor or a bought with cash/bitcoin foreign VPN (or even Tor+VPN or VPN+Tor) - them damn cameras are everywhere...

MAC randomization is getting better - iOS does it now, Android will soon (stock, you could always do it with root). I think Win10 does it too. TAILS always has, and Win7 has a couple good free ones, like Technitium MAC Address Changer or 'MadMACs: MAC Address Spoofing and Host Name Randomizing App for Windows 7'
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #52  
Old 28 September 2018, 11:29
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,677
Quote:
Originally Posted by CAVmedic View Post
^Not from a "don't have anything to hide" standpoint, just knowing if the federal gov't wanted to hack or somehow still get into my email and search history, I'm sure they'd still find a way.
I can teach why you'd be wrong
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #53  
Old 28 September 2018, 11:38
256's Avatar
256 256 is offline
Navigating
 
Join Date: Dec 2017
Location: Ohio
Posts: 452
Quote:
Originally Posted by CV View Post
I can teach why you'd be wrong
Iím all ears for that lesson
__________________
Kiowas are small, carrying just two people; they fly so low the two flying soldiers are practically infantrymen.

- Excerpt from Gates of Fire, Michael Yon
Reply With Quote
  #54  
Old 28 September 2018, 15:45
CAVmedic CAVmedic is offline
Confirmed User
 
Join Date: Feb 2011
Location: Mid West
Posts: 1,287
Quote:
Originally Posted by Polypro View Post
I'd still go through Tor or a bought with cash/bitcoin foreign VPN (or even Tor+VPN or VPN+Tor) - them damn cameras are everywhere...

Quote:
Originally Posted by Polypro View Post
I'd still go through Tor or a bought with cash/bitcoin foreign VPN (or even Tor+VPN or VPN+Tor) - them damn cameras are everywhere...
Ok, I know there's a bitcoin thread like 20 pages long. I looked through and didnn't find what I was looking for.

Can you buy bitcoin anonomously or what happens after the bitcoin you buy is linked to your bank? I was all set to get some off coinbase, they ask for name and address etc, plus of course you have to use your bank card. I'm trying to kind of "off the grid" myself with a VPN, mail and ability to make small online purchases.


Quote:
Originally Posted by CV View Post
I can teach why you'd be wrong
Maybe I don't want to know!

I thought about testing the Proton mail and VPN by talking about rediculous things, frequenting some very suspicious sites and waiting to see if I get a surveilance team on me. LOL Think I'll wait till after I get a clearance LOL.
Reply With Quote
  #55  
Old 28 September 2018, 15:47
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: US
Posts: 7,677
Quote:
Originally Posted by 256 View Post
I’m all ears for that lesson
There's two vectors to speak about when tracking someone down:

Passive, and Active. Passive is the chance you'll be scooped up in the random scope of things. Active means you have federal resources bearing in on your like the Eye of Sauron.

On the end-user's side of things, it works the same way. Are you passively looking for privacy as your go about your business, or are you actively working to conceal what you're doing, to include data that could uniquely identify you?

Breadcrumbs/fingerprints of your activity are determined by the source of the technology (mobile phone, laptop, etc...) and the sessions, cookies, and establish connections that you make through the use of a service (the internet).

First, positive establishment of your identity needs to be made, or to a degree of acceptability. This is done by mapping patterns-of-life to the aforementioned devices and ingress to services (your computer and browser).

Working backwards, you can probably see where this is going. For reference, the pinned post on data privacy covers most of this, as do posts by Poly and myself throughout the years.

Looking at the steps needed to positively track your ass down:
- For the government to hack you, specifically, they need a valid reason (warrant), or through abuse of power (because they actually do this shit all the time and people don't seem to care).
- They would have to uniquely identify that you are who they say you are.

For instance, when you log into SOCNET, you are issuing a secret (username and password) to the server. The server then establishes a connection and a cookie is set in your browser. All of these seeming simple actions have just generated a mound of metadata in the form of logs and more. Still, one could argue that someone stole your credentials and used them to authenticate. That's a valid repudiation, but it all goes back to what was mentioned prior (this could turn into a book of a post, by the way).

When you logged in, you did so while connected to the internet through an ISP. That ISP can trace where that connection originated from, at least up to the cable-box, with great accuracy and assurance. On mobile phones, it's the same, but with your local cell tower, and triangulation. Hell, both the ISP and the Mobile provider can tell things such as the type of computer, browser, and all forms of other glorious bits of metadata.

...and none of this includes what giants like Google are culling from you.

All of this goes away if you can establish a secure connection to a remote site (VPN), wash that connection among several nodes (Tor), and prevent the attributes of web technologies that uniquely identify you (cookies, sessions, and the like).

Now, the burden for the end-user is to use the proper processes and hygiene, but you can completely reside anonymous, even against targeted action.

Edit to add: Don't fuck anything up, though. Never log into any site that would uniquely identify you. Easier said than done. Read up about all-source intel collection methodologies and OSINT. There's enough publicly available to give you an idea of what the hunters will cull.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo

Last edited by CV; 28 September 2018 at 15:52.
Reply With Quote
  #56  
Old 29 September 2018, 05:24
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Quote:
Originally Posted by CAVmedic View Post
Can you buy bitcoin anonymously?

https://localbitcoins.com/
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #57  
Old 29 September 2018, 05:35
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Seems like a good place for this instead of a new thread:

If you are ever not on a VPN, your DNS requests are going to someone - usually your ISP, or if slightly technical, maybe you changed to Google - 2 places I wouldn't want having every web site I go to, even in the clear.

There are a ton of options for 'kind of' more private DNS (but if it isn't DNSSEC, there's only so much you can do) - Like Open NIC, Chaos Computer Club, or even Mullvad VPN's public server.

One fairly new one is Cloudflare. They purposely built it with consumer privacy in mind. You can read more hear:

https://www.cloudflare.com/learning/...at-is-1.1.1.1/

1.1.1.1
1.0.0.1

Just another tool in the tool box.
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #58  
Old 29 September 2018, 05:38
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 12,977
Quote:
Originally Posted by CV View Post
Edit to add: Don't fuck anything up, though.
TL;DR - Boot up TAILS two states away outside a retirement home, when putting laser beams on shark's heads
__________________
What, you want to be part of a choir in an echo chamber? Provocate!
Reply With Quote
  #59  
Old 2 October 2018, 09:18
256's Avatar
256 256 is offline
Navigating
 
Join Date: Dec 2017
Location: Ohio
Posts: 452
Thumbs up

Quote:
Originally Posted by CV View Post
There's two vectors to speak about when tracking someone down:Passive, and Active.
Iím guessing the gov uses their hacking without a warrant to enable them to focus on who they need to get a warrant for. Certainly hope if they bring evidence against someone/companies without a warrant they wouldnít be able to use it; baring some crazy exigent circumstances. Itís a double edged sword.


Quote:
Originally Posted by Polypro View Post
Seems like a good place for this instead of a new thread:
CV and Poly, thanks for the awesome info. Think Iím going to start looking into this realm of the security world. Seems to pay and be better for your health than physical security. Not to mention there are literally high paying job posting anywhere in the country for it.
__________________
Kiowas are small, carrying just two people; they fly so low the two flying soldiers are practically infantrymen.

- Excerpt from Gates of Fire, Michael Yon
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 20:03.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
© SOCNET 1996-2018