On Saturday 24 April 2021 19:14:54 Michael via tde-users wrote: > On Saturday 24 April 2021 07:33:12 pm William Morder via tde-users wrote: > > When I tried out Whonix before (about 2 or 3 years ago?), I used Qubes. > > It seemed too much trouble for what I want; > > Aye! Qubes is a way of life, and (while not having used it myself) does > seem like it’d need a good 20 hours of up front time to get it to work. > > > and besides, it seemed like I > > couldn't use it for ordinary stuff like email, banking, buying stuff > > online ... where you generally need a direct connection. > > I don't know if > > you get round that by changing your apparent location, etc., but that is > > an issue for me. I do sometimes have to connect to the outside world for > > business. > > For doing stuff as ‘you’ (banking/email/whatnot) you’d install a VM (AppVM > 1 w/ Devuan etc. in that pic) that has direct network access. > > https://www.whonix.org/wiki/Qubes > > > And now, my biggest objection is that Whonix is Debian, thus systemd, and > > that violates a core tenet of my religion. A non-systemd version of > > Whonix, and I would definitely give it a try. > > Yeah, I don't see that. It'd basically whack fingerprint anonymity. > > > I seem to recall yourself recommending a Raspberry Pi (or some such?) as > > a device to route all my traffic > > Probably (if I did I’ve dropped the idea since). I’ve been noodling on how > to separate my business self from my personal self on the internet for ~20 > years(clients are completely arbitrary over what will trigger their > bigotries). A Pi or dedicated router to tor your whole network would work, > but it’d be basically the same as using Whonix for everything (and a lot > more work). > > > ; I believe the question in that earlier > > thread was how to send email over a proxy connection? something like > > that? > > Not sure? I send my email through a SSH tunnel direct into my mail server > using raw IP addresses. Makes it pretty hard for anyone to man in the > middle me, plus you’re petty sure your mail isn’t read by your ISP. > > > I suspect that my ISP may somehow be blocking the use of privoxy - by > > blocking port 8118, perhaps? > > I’d guess that’s not accurate? Yeah, I didn't think that was right, either, but I couldn't imagine how else it could happen. > I skimmed Privoxy’s FAQ, and it just looks > like it’s a local service on your own machine filtering/intercepting your > own box’s traffic and then forwarding the traffic on to your regular ISP > modem/router. Port 8118 is used on your box only, so this sounds more like > a Privoxy config issue (maybe you’ve got a wrong value somewhere? > hostname? toggle?). > > https://www.privoxy.org/user-manual/config.html > I already went through my config; I have the old config files, which worked fine up until a few days ago, and the new config files that were generated by a fresh installation of Tor, Tork, Privoxy, etc., and I cannot see any appreciable difference. > > The reason I don't quite trust my ISP is that they have recently created > > a Tor exit node for themselves. Even if I trusted that they were kindly > > trying to protect their users, it seems inherently insecure to use a Tor > > exit node that is run by my ISP, so I have blocked their Tor server. And > > now I cannot get privoxy to start up, no matter how I've gone about it. > > Okay, your ISP setting up a tor exit node (should!) have zero to do with > any of their customer’s connections (to tor or otherwise). The tor > software on your computer picks a random entry node (first hop). I do > agree though with blocking the first hop connecting to your own ISP’s tor > node, and blocking its use as an exit node probably makes good sense too, > so yeah, just block its use completely... It’s been a long time since I > dug through tor’s config options, but there was a way to block the first > hop from using a country (e.g. if you’re in the USA, block all ECHELON > countries from being the first hop). > By the way, I use my smartphone for Internet for one thing only, which is to listen to online radio on headphones while I'm walking round or doing other stuff, and don't want to be confined to one room. And when I do this, for example most of today, I run it over Tor using Orbot. I've had no problems using Tor on my smartphone; although, after setting it up, I have not dug into the config to investigate. I look at the messages in Orbot's shell, and everything looks good, so I trust that I am okay, but I know far less about smartphones; at least with a desktop or laptop computer, I know enough to solve most of my own problems, though sometimes (like now) I need to get some help. > At the point you’re at, I’d try getting Privoxy to work without adding any > of the tor layers and turning off all of its [actions?] (I’m guessing at > that, whatever ‘stuff’ it’s filtering so to speak). > I do keep trying to restart privoxy. I've also tried polipo, and it doesn't start up, either. > > No paranoia here! Just good wholesome fun. Clean living and clean > > thoughts: there's the key! > > It’s all fun and games until those guys in black suits and mirrored > sunglasses knock on your door. ;) Seriously though, like you I’ve got zip > all to hide, it’s just the level of ‘big brother’ watching everything is > revolting, so doing ‘my part’ to mitigate some of it seems reasonable. > > Case in point. > > A month or so back, me and the misses saw a chain store we hadn’t been in, > in 20 odd years, so for nostalgia we wandered in, browsed around and left > without buying anything. Approximately six days later she started getting > ads for that store on her Facebook page. My best guess (since she uses > gmail, uhg!) is the big G tracked her phone going into the store, > shared/sold the data to FB, and ‘targeted’ ads for her... So f-ing > creepy... > > laters, > Michael Thanks for all the commentary. It will give me some things to think about. Myself, I believe that if anybody is seriously watching me, they must be very disappointed, because I am worse than watching paint dry. Unless one is deeply interested in my own subjects - I pretty much live between my books and my music, with occasional stops for food and drink and sleep, bathing and hygiene - then I can't imagine why anybody would care what I do. If I had a cat or dog, that would make me more interesting. I can only guess that I must be marked on somebody's list as a potential thought criminal; but like the story goes, one can be guilty of thought crimes and not even know it. I avoided Twitter, FB, Google, social networks, etc., etc., right from the start, and only engage with technology when it suits me. As it happens, the MIBs really *did* show up at my door one evening; weirdest effin thing in recent memory, although I've actually had more than a few of these over the past 20 years, and it would take a lot longer to tell. But this was only maybe a month or two ago. It had been a long day, so I went to bed early, sometime about 8:30 p.m., I believe. About 9:15 or 9:30, suddenly there's a loud pounding on my door, and somebody's shouting "SFPD, open the door NOW!" So (only semi-clothed) I open up, and there are (really!) about half a dozen guys, all dressed in black, with black woollen skullcaps, no badges or anything, and they show me a key and demand to know if it's mine. (It has the same door number as mine; they say it was some guy who is wanted for something.) But I show them my own key, hanging right there beside the door; and the one they have doesn't fit. Then they disappear as fast as they came. So I went downstairs and asked the desk clerk what that was all about, and he and another guy who was there both said that they showed up in an unmarked black van, came inside, refused to sign in or identify themselves, and just forced their way upstairs and went to my door. Well, so maybe it was all just an honest mistake, and they were looking for somebody else, and not really trying to spook me; but the unmarked black van and themselves all dressed like MIBs? Too much strangeness for my simple mind to grasp. As I write this, I am downloading the Whonix ova file, and will give that a try. It runs in a VM, right? And if I want to connect to the Internet directly, that would also use another VM? I think for now that is probably my best option. Also, I see that Qubes requires 64-bit, and I am running a Frankenstein self-built computer with a 32-bit motherboard. (I know, I know ... but it was what was available when I was scrounging. I hear that it could actually be made to work for 64-bit, but I would have to do some work on that.) Anyway, if I can get Whonix to run in a VM on my present Devuan box without systemd, then that will be okay. I may need some help getting Whonix to run, and figuring out VMs. If I run into problems (which seems likely, as I am a VM virgin, and have only minimal experience with Whonix), then I will start a new thread. Thanks much, and keep thinking those good clean thoughts. "To the pure, all things are pure." Bill ____________________________________________________ tde-users mailing list -- users@xxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxx Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/users@xxxxxxxxxxxxxxxxxx
