I highly recommend Qubes OS for its compartmentalization and its ability to be stateless. It has the ability to route all traffic over TOR as well as a VPN. It is meant for laptops primarily, but can work with some desktop boards. It is hit or miss still.
https://www.qubes-os.org/
I really like the idea behind the stateless computing from the Qubes creator.
https://blog.invisiblethings.org/papers/2015/state_harmful.pdf
At a minimum I would recommend full disk encryption with Veracrypt - https://veracrypt.codeplex.com/ - or something similar. If someone were to try to plant evidence on your computer, you at least have the encryption to protect you at rest.
To protect you while browsing, I recommend to at least use a VPN - https://www.privateinternetaccess.com/ (you can buy a gift card with cash and use it to pay for the service) - if not use the TOR browser, for all research. -https://www.torproject.org/projects/torbrowser.html.en
Not sure which browsers are still affected, but don't forget about the STUN server request that can reveal your IP even if using VPN. The following is a link to test for the ip leak.
https://diafygi.github.io/webrtc-ips/
view the rest of the comments →
Dataanti ago
he is not wrong, its rule 41 being passed by the DOJ, anyone using tor or a VPN is automatically put on a watch list sort of thing and they can have their devices confiscated from them without warning, and its a global thing, meaning its not limited to united states.
i will say, researching this stuff doesnt really matter, its posting things that you would have to worry about. if you where to post something use tails on a public wifi, if you are just reading and researching, dont worry about it.
PizzaThrowaway123 ago
What about when you are researching and stumble upon something serious?
In any case, if what you say is true then that has solved the mystery of why these folks are using their codes and franchises out in the open. Using business fronts and code words/images is more safe than using TOR?
Dataanti ago
well for a long time ive heard tore exit nodes where compromised, for years i have heard this but it was hit an miss if your packets where able to be re assembled by the authorities simply due to how packets would travel from node to node, not all of them would use an exit node that was controlled by authorities. this is one of the reason why I2P was created.
https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government
PizzaThrowaway123 ago
Anyone can set up a TOR Exit node and monitor traffic. I set one up to see how easy it is. Bad exit nodes are reported all the time. There is a lot more required to be able to compromise your real IP.
If you can find me a case where a TOR browser user was compromised by the TOR network, (ie NOT A CASE OF USER ERROR), I will be impressed.
Dataanti ago
this may be so however your ISP can still tell if you are using tor or a VPN, if american authorities request it via rule 41, than they find you anyways, so it wouldnt be the tor network compromising you. i suggest going with a decent 3rd party ISP if you can, thats what i did, my ISP has a history of protecting user data and raising money to go to court to do it so if you have an ISP that is willing to do that for you and the rest of its customers, i would switch to that.
PizzaThrowaway123 ago
I am not sure if you are a troll or not yet because you claim to work for military doing some type of IT but you seem to keep making excuses why to not try and protect yourself that don't really make much sense.
Who cares if the ISP knows you are using VPN or TOR? It is the encrypted content of the traffic I care about not being exposed.
For VPN, use a VPN provider that has been proven to not retain any logs.
https://news.slashdot.org/story/16/03/12/2043254/vpn-providers-no-logging-claims-tested-in-fbi-case
IntelligentObserver ago
So they cant read the content of traffic history but can geographically locate u?