Whonix

[Jomba]

If I plan on using Whonix on the laptop I have Mint installed on, should I also change out my wireless card? My thought is to never use the laptop from home and always on public wifi. I suppose it would be safe to say that the gov. has a database with macs from modems and computers and can cross reference the list to track down the owner. Thoughts?

[Mr-Protocol]

You can just disable it. But don't let your paranoia get the best of you ;). Makes me wonder why you are trying to hide by using only public WiFi and trying to elude any tracking.

[digip]

Not that I have anything against Whonix or even Tails and I like and have used Tails on the road, but TOR exit nodes can not only be sniffed, many of them are run by different govt's and if you are trying to hide and stay anonymous, its not impossible, but damn near so these days. Many onion sites can be reached via the web these days from 3rd party services as well without need TOR, so even darknets and hidden sites have loopholes to some degree. There is also the issue of speed over TOR and whether or not sites and services you want to use, actively block TOR exit nodes, which I do on some of my own domains since many abuse TOR thinking its a free ride to attack anything and be safe from persecution.

Depending on your surfing habits, sites used, communication devices you use, whom you speak to online, how long you stay in one place, if you carry mobile/wireless/cell devices even, someone looking to come find you, while difficult, probably could depending on how you go about things. Unless you're doing something of a nature that gives someone a reason to come looking for you though, in general, Whonix, Tails, or just TOR alone with a macchanger for the OS, no HDD and running off a live disk while using wifi from someone else's network other than your own, you're probably going to be fairly low on the radar. That said, logging into your fav sites, email, messaging apps, and so on, pinpoints you when someone wants to come find you in most cases, even when on a VPN or Proxy which most law enforcement agencies can gain access to and sniff on with gag orders that the providers, if they comply, are not allowed to tell the customer in question using the service. There were two email companies that actually closed doors recently if you go back in the news a few weeks, because of the NSA spying and other laws being put on the books to require service providers to keep certain amounts of data for lengths of time and make them available upon request. Instead of complying with orders of such laws, they instead closed shop completely and destroyed all data and accounts on their systems. It's a pretty touchy subject in general...

There are plenty of forum threads on the same topic already with varying opinions on the topic at hand as well as what other people think you could try to use to stay anonymous on the net. There are plenty of other apps as well for helping communicate securely as well like the messaging app off the record and some other tor based apps, but again, tor can not only be monitored and in many cased be run by governments, its not full proof. Not much you can do unless you've created your own encrypted mesh, adhoc network between only you and your friends which in theory can be done and has been done in the past. At most, anyone looking at the traffic would just see encrypted data being sent over the air to and from the location endpoints the nodes reside at which unless someone has reason to go to and invade one of those endpoints, its good for short term communications.

[Jomba]

You can just disable it. But don't let your paranoia get the best of you ;). Makes me wonder why you are trying to hide by using only public WiFi and trying to elude any tracking.

I seriously lack the know how and have no interest in learning how to hack. Most of the challenges like the ones on Hellbound, I have passed only the basic, quickly having lost any desire to learn the technical know how. At this point in time, I have more interest in commenting, opinions, blogs or forum posts.

I'm really just of the notion that the the gov really truly believes it's citizens are all bad. No matter how many times someone watches the Defcon 20 Bigger Monster Weaker Chains video, it awakens you to realize how much information is being retained, regardless of the committing of a crime. There are plenty of people who's only crime is having an opinion and I'm not looking to join their ranks.

Thanks,

Jomba

[digip]

One has to assume that every government to some extent spies on its people and other nation states. Everyone always thinks its China and Russia, but their are plenty of world super powers with as much, if not equal to more than the capacity to exactly what we do, and in the information age, whether we like it or not, all data flows through someone elses point of contact, DNS servers, routers and gateways of the internet, in order to go from destination a to b, this is internet 101. Packets flow and in many cases multicast, archived by data centers, ISP's, governments and so forth. Things people often forget about, IPv6 and the implications of leaving it enabled, which for the most part, makes you trackable everywhere since it doesn't use NAT and aside from disabling on the OS, your Modem and Router if capable, don't in many cases have the option to disable or change its address and is on by default. Some newer routers now have the ability to turn off IPv6, but modems don't really offer a way to disable this without hacked firmware or control from the CMTS side. Someone finds your IPv6 address, you can reset your external IP as much as you want, they can still most likely locate you by your devices IPv6 address if not spoofed so the cat and mouse game is only getting started and I think within the next few years we're going to see a shift in the way users access the internet, and also the laws and penalties, which will get worse for the end users if they took the time to read their own ISP's EULA and their Hardware usage agreements, which give them the right to flash any device/modem/cable card, customer owned or not, without your need for consent. Simply by having and using their service, you agree to let them flash and update the device, which I've had a few of my own modems bricked, and my latest, they installed numerous things such as SSH from the ISP side and Busybox, as well as Dropbear and a few other tools which allow them to intercept and monitor everything I do, which is also one of the reasons I use a VPN 99% of the time for everything I do. I then have to put my trust in the VPN provider though, which starts that process all over again, who do you trust with your traffic and data, so unless you have complete control of all endpoints, device configurations, setup, and routes your data flows through, all your packets are belong to them any way you look at it.