• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

General Security .....>

tungfa

tungfa

Well-known member
Foundation Member
Masternode Owner/Operator
I recently had a conversation with somebody from btct who contacted me via message,
he talked about his problems buying DRK as he was using TOR to log into Exchanges, drkt, btct and such .....>

I told him (as a personal opinion) that that is a bit paranoid (Tor) as he is not doing anything illegal (buying DRK or communicating with us).
But then, i do not want to tell him he is wrong and paranoid, anonymity on the internet is a real issue these days (thats why we are here supporting DRK).

So what are the opinions out in the Community regarding this
- do i need TOR to communicate with DRK community (or others)
- should i use TOR or VPN to log into exchanges
- should i be on FB supporting coins with my real name
- .....>>

Any thoughts ?

Edit:
good watch
 
If you want the NSA to know that you buy DRK, than you should use TOR, yes :)
Never use your real name anywhere, not even facebook (lol).
Using VPN is always a good idea.
 
(1) You don't need Tor per se, but it is better than nothing. The NSA and your ISP know who uses Tor, but not precisely what they are doing. The NSA famously said 'Tor Stinks' because it makes life difficult for them, but if they are your adversary they will find an exploit to track you (so turn off Javascript/flash when using it). Do read the 'how to use Tor' FAQ on their site. Most people don't quite realise what they need to do to use it probably. The Tor Browser bundle is fine for 90% of people. Which brings me to...

(2) You should first fire up a good VPN. Use one that does not keep logs, that accepts Bitcoin (either mix your coins or use one that allows anonymous payment), and consider a VPN just the basics for being online. Use this for logging on to exchanges because Tor does not play well with them. Make sure to change which server you use routinely. A Good VPN will allow you to set this process up automatically. The plain fact is that Tor kill functionality but you gain anonymity. Now to read anything senstive or just for browsing fire Tor up over your VPN. This helps 'double up.'

(3) You should not be on Facebook if you value privacy. It is an entire database of your life that you do not own. They own it. They have agreements via the PRISM program, albeit with the FISA law sort of stemming abuse, that means the NSA and Facebook are friendly enough.

Never use your real name online as already mentioned above.
 
I've put my full name out there already for the foundation, so I'm obviously not too worried about being associated with Darkcoin. My wife always jokes about how passionate I am about privacy and how I don't give a shit about my own name out there. I do give a shit, it is only that I think that sometimes it is useful to be open. For other things I'm as private as it gets and it's other people who have put themselves at the front. I hope you all can send me food to my cell if I'm wrong :)

Aside from that, I agree about VPNs. They are important not only to keep your identity in the dark, also for security reasons. Most connections we use are not properly secured, so VPNs are the best defence to avoid being hacked.

One last thought. Security and privacy require discipline. Most problems happen because users make mistakes, not because of the tools.
 
Very true, human error is the biggest issue. There's a tendency is us to take shortcuts sometimes. Is there anymore info on the Foundation? Would love to look at that.
 
pbleak said:
Very true, human error is the biggest issue. There's a tendency is us to take shortcuts sometimes. Is there anymore info on the Foundation? Would love to look at that.
Click to expand...
Not much to show yet aside from the public notice we had to publish in a newspaper (https://bitcointalk.org/index.php?topic=421615.msg8585194#msg8585194). We have just created it and we are still putting together the paperwork and setting up the internals. The idea is to have something similar to the bitcoin foundation, to help develop and promote darkcoin. We'll offer memberships and use the funds for that mission. Also, we believe that having a legal entity will help with the mission because some people will need it to interact with us.
 
Any recommendations for a secure email service ?
- encrypted
- fake name set up easy
- rise up.com is a pain as you need 2 recommendations
....>
- http://securenym.net/index.html ??
 
Last edited by a moderator:
tungfa said:
Any recommendations for a secure email service ?
- encrypted
- fake name set up easy
- rise up.com is a pain as you need 2 recommendations
....>
- http://securenym.net/index.html ??
Click to expand...
I've used Hushmail several times. The problem is that you need to log in every 15 days or you lose the account. I've lost a few not really important accounts because of that, so now I only use them as a semi disposable email service. You can also pay, but they only accept paypal or credit card.
 
Hushmail is considered compromised: http://www.wired.com/2007/11/encrypted-e-mai/ They also don't let you control the encryption. They can decrypt anything on their end and as we can see they do. If you need a throw away account though best to pick a free service accessed over Tor such as safe-mail or else any email over a vpn using random details that you encrypt using pgp.
 
pbleak said:
Hushmail is considered compromised: http://www.wired.com/2007/11/encrypted-e-mai/ They also don't let you control the encryption. They can decrypt anything on their end and as we can see they do. If you need a throw away account though best to pick a free service accessed over Tor such as safe-mail or else any email over a vpn using random details that you encrypt using pgp.
Click to expand...
I had never used their encryption because I had heard that it was as weak as it gets. I use them because it is one of the few that let you open an account over Tor without giving a phone number, but truth is I could be using any other. I sometimes use PGP with my email, but the problem I find with it is that the other party can store the content and you lose control over it, so it has its own set of problems... communications can always go wrong :)
 
Their encryption is useless because you don't have any control over it (no private key). When you encrypt using PGP the email sent to anyone is completely unreadable. The NSA is forced to store it because they can't decrypt it (they hope to in decades). They use it themselves (we know because Snowden uses it). This is what makes it brilliant. Not sure I get the other person storing it issue not being a problem in hushmail. There you not only have the email with someone else but you don't even control the encryption.

I like the use of the free services over Tor. Safe-mail is good for this as well and you can set up an account super-fast.
 
It's a shame bitmessage has stopped doing sign ups. I really wish I could test it out as an email service :(
 
pbleak said:
Not sure I get the other person storing it issue not being a problem in hushmail. There you not only have the email with someone else but you don't even control the encryption.
Click to expand...
I didn't mean that wasn't an issue with hushmail, sorry if I didn't express myself clearly. I've only used hushmail for non encrypted messages with people I didn't want to know my real identity.

I was just saying that PGP is not the ultimate solution because you can't control the security of the person receiving the email. Still, I agree it is a good practice and I use it with several of my email accounts.
 
Ah OK, more likely me misreading. I do get that about PGP. It's something I also use in this way. I tend to use PGP for people I know well and with whom I discuss tech issues. For 80% of my communication I am content to just send it in cleartext (on the assumption that my emails about what bar is good nearly is not sensitive :p).
 
You must log in or register to reply here.
Back
Top