[OPSEC/Computer] Setup. Paying for info.


3.How secure would be this connection setup Socks5 ->VPN -> Socks5 -> obsf tor bridges -> Tor. Extra: a)What would you change? b)What extra security you could offer? MAIN GOAL: ISP (NO INFO ABOUT VPN) -> VPN (NO INFO ABOUT ISP)

That's extremely silly. Your ISP will have no problem seeing the VPN traffic over SOCKS5, as SOCKS5 provides absolutely zero obfuscation. Sure, your ISP won't be able to see which VPN you're connecting to, but they'll easily see a regular VPN handshake occurring, and to a global or semi-global passive adversary (like a government cyberspy agency), the link between you and the VPN would be clear as day.

You really, really need to spell out an actual threat model, here. You sound like you have no idea what you need, what you want, or why you would be adding all of this stuff that doesn't actually add any functional security (except against extremely specific, and extremely rare adversaries).

Making some (very reasonable and likely) assumptions about your threat model and goals, I would drop the SOCKS5 layers, and possibly even drop the VPN (but then, I have pretty strong feelings about VPNs that are not widely shared on this sub - they really don't add very much functional security in matters like this, except - again - in extremely specific models which you are not likely to be a part of). A VPN is trivial to perform traffic correlation and timing attacks on, is susceptible to legal subpoenas (including secret "lawful" orders to BEGIN keeping logs in secret), and draws additional scrutiny, as well as providing yet another potential intercept point for larger timing and correlation attacks against your Tor traffic in general. In other words, they're almost always useless for what people here might seek them out for.

Use Tails, use public wifi that's a decent distance from your home/work/hangouts if you must, and enjoy your high security. If you really want to go above and beyond, you might anonymously rent a VPS (or for maximum paranoia, a dedicated server) and run a high-participating-traffic I2P node on it as well as a simple Tor instance, and then set up an I2P tunnel that you can connect to from home/work/wherever and use that like you would use your VPN. This will be slow - we're now talking literally 20 or 26 hops round trip for any traffic you send and receive over this connection (3 hops outbound I2P, 3 hops inbound I2P, I2P destination, 3 hops Tor, Tor destination (clearnet)/3 more hops Tor (.onion), and then back through the whole way again on return).

4.Is there any software to find out leaks/holes in setup?

Yes and no. You can use Wireshark to detect unencrypted leaked data, but that's about the best you can do, and finding the actual leaks is a lot of grueling analytical work.

No because your biggest leaks are going to come from YOU, and that's almost always the case. Maybe you log in to your regular email address while using a separate pseudonym, maybe you mention the weather where you are someday, maybe you send a request to a .onion to your clearnet DNS... the possibilities are endless. The best defense against leaks you can have is a very clear understanding of the technologies and techniques that you are using, period.

Suggestions for improvement: use a physical transparent torification gateway machine, like with Whonix. This is really 9/10ths of the fight if you're seeking extreme security. Use two new-to-you computers (the gateway can be something very weak, like an Odroid or a Lime2 - fuck Raspberry Pis), hard drives optional, and set one up with two network cards to act as a gateway to the other. This gateway maintains a connection to Tor, and the other machine connects only to the gateway, which forwards ALL traffic from the other machine to Tor, no exceptions. This protects against most de-anonymization malware and exploits, which are actually a credible threat. You will still want both machines to be very secure, and using separate VMs on the workstation machine is still advisable. Keep your software (including that of your VMs) up to date. You can also use a high-power directional wifi antenna on your gateway machine to find a wifi signal to use that may be a mile or more away, but it'll take some scanning. You might also want to read up on how to crack "secured" wifi networks, since truly open ones are pretty rare these days.

Any questions, hit me up. Although I could help you get all this set up for money, and in some respects would love to, I just don't have the time right now. But if you want to toss me a tip to answer some more detailed questions, I'm into it.

Love, sapiophile (GPG pubkey on the SKS KeyServer network, at https://keybase.io/sapiophile & https://ssl.reddit.com/r/publickeyexchange/comments/2cmfob/sapiophiles_public_key/ )

/r/DarkNetMarkets Thread Parent