For what I hope are obvious reasons, I don't want, and probably will never post my threat model publicly online. However, regardless of that, what I'm sure you will extrapolate from this post is that I live my life, digitally in particular, with a fairly high level threat model. This is not because I'm some super sophisticated criminal mastermind, but rather, I am at this level because I genuinely love playing around with this stuff. And I just happen to understand the importance of privacy and just how vital it is to a truly healthy society. I would like to extend a thanks to ProgressiveArchitect
for the sharing of the knowledge they have done on this subreddit, /privacytoolsio
, and the like. We may have never interacted, but nevertheless, your input into this community is truly interesting and extremely informative and educating. I'm sure those of you familiar with PA's setup will be able to draw some parallels with mine and their's.
I hope you all enjoy reading this write up.
I run Qubes OS on a Lenovo ThinkPad X230 laptop. Specs for it are as following: - i7-3520M - 16GB RAM - 1TB Samsung 860 Evo SSD - Qualcomm Atheros AR9285 wireless card
Additionally, I used a Raspberry Pi Model 3B+ and a Pomono SPI clip to replace the stock BIOS firmware with coreboot+me_cleaner. This wasn't done out of any "real" concern for the Intel ME (though of course proprietary black-boxes like it should be avoided at all costs and not trusted), but rather for open source enthusiasm and for increased security and faster boot times than what the stock BIOS firmware allows for. On that note about the ME, I don't believe the conspiracy theories that claim that it is a state-sponsored attack method for surveillance. I believe that Intel had good intentions for improving the lives of IT professionals who need to manage hundreds, if not thousands of remote machines. However, it has proven time and time again to be insecure, and I don't need the remote management and the "features" that it provides on my machines.
In Qubes, I use a combination of AppVMs and StandaloneVMs for a variety of different purposes. All VMs use PVH over HVM, except for the Mirage Unikernel Firewall, which uses PV, and the sys-net and sys-usb StandaloneVMs which have to use HVM because of PCI device passthrough. Right now most of my VMs are AppVMs, but for maintenance and compartmentalization reasons, I am considering moving more towards StandaloneVMs, despite the increase in disk space and bandwidth usage for updates.
General route of from Qubes to the Internet for anonymous browsing, general private browsing, accessing Uni services, and Uni-related anonymous browsing respectively: 1. Qubes->sys-mirage-firewall->sys-vpn-wg->sys-corridor->sys-whonix->whonix-ws-15-dvm to the internet. 2. Qubes->sys-mirage-firewall->sys-vpn-wg to the Internet. 3. Qubes->sys-mirage-firewall->uni-vpn-wg to the Internet. 4. Qubes->sys-mirage-firewall->uni-vpn-wg->uni-corridor->uni-whonix->uni-anon-research to the Internet.
(Note: the VPN name is substituted in the "vpn" above. I had to remove it to comply with this subreddit's rules. It is easy to identify what VPN it is as it randomly generates a long numaric string and has fantastic support for WireGuard.)
Search Engine: SearX, Startpage, and DuckDuckGo.
Password Manager: KeePassXC.
Notes: Standard Notes.
Messaging: Signal Desktop.
Media Playback: mpv.
Emails: I access my personal email within my personal Qubes domain and my Uni email using my Uni Qubes domains. My emails are downloaded to a local repository using isync, send using msmtp, and read using neomutt with html emails converted to plain text using w3m. Emails are sent in plain text too. All of the attachments in the emails (PDFs mostly) are automatically opened in DisposableVMs.
My personal Posteo email account has incoming encryption setup. This means that I emailed my public GPG key to an address correlated to my actual Posteo email address so that all email that I receive is encrypted with my public key and can only be decrypted using my private key. So even if my emails were intercepted and/or my account broken into, the contents of them are safe since they are encrypted as soon as they hit Posteo's servers.
I have setup a number of Posteo aliases that are completely segregated from the email I used to register my account. One of those is considered my "professional" email for my current job. I have another couple aliases, one dedicated for 33mail and another dedicated for Abine Blur. I make use of 33mail alias addresses for catch-all email addresses for registering for accounts that need to be under a username associated with my name anyways. This is for purposes like putting different compartmentalized, but still related emails to put onto my Resume. I use a different alias for each Resume I put out online. That way, when that information gets sold, traded, etc., I can easily trace it back to who
sold the information. For example, if I applied for a job online that required me to go through the process of registering an account through a third-party, say 'xyz Inc', the address I would register that account with would be [email protected]
, or something along those lines. Abine Blur is used much in the same manner but for accounts that don't need to be associated with my real name in any way, say online shopping on Amazon that I do under an many aliases, then ship to various address that I don't live at, but that I can visit with no problems. I use a different Blur address with each service like with 33mail for the same reasoning shown above.
The passwords for the accounts are encrypted and stored locally in each of the domains, however, my private key is stored in my vault domain, so even if an adversary were to compromise the domains, they wouldn't be able to steal my private key without exploiting the hypervisor. They would only be able to wait for me to authorize the usage of my private key in that domain, and even then, it could only be used to decrypt files. That is a concern that they can use my private key to decrypt messages, but they wouldn't be able to steal the key. With my personal email, the emails would also be encrypted locally anyway so they wouldn't be able to read them. My Uni email, in contrast, uses Outlook unfortunately, so there isn't any option to enable incoming encryption, and even if it was, I'm not sure how private it would be anyways.
For those looking for an in depth list of all my VMs, with explanations for the more obscure ones, I have listed them below. I have got a lot of templates, hence why I am considering moving over to StandaloneVMs, but as of right now:
- fedora-29-minimal: Base for the minimal VMs.
- fedora-29-uni-persist: Template for uni-campus and uni-home AppVMs.
- crypto: A work in progress VM for handling crypto transaction using cleansed Bitcoin and Monero.
- printing: Exactly as it sounds like. It is firewalled to only be able to connect to the network printer on my home network.
- sys-corridor: corridor is a Tor traffic whitelisting gateway that provides network to sys-whonix. It helps to provide an additional failsafe to defend against clearnet attacks.
- sys-mirage-firewall: A version of the Mirage Unikernel to act as an extremely minimal and resource light firewall. It is configured to only allow connections to the individual IP addresses my VPN's WireGuard servers as well as a select few internal IP addresses on my home network (router, home server, and Pi-Hole).
- uni-corridor: See sys-corridor for description. Provides network to uni-whonix.
- sys-vpn-wg: A system ProxyVM for my VPN.
- sys-net: Network stack isolation VM. Uses fedora minimal now.
- sys-usb: USB stack isolation VM. Uses fedora minimal now.
- uni-vpn-wg: A Uni ProxyVM for my VPN.
- uni-net: A ProxyVM for all Uni-related domains. Based off fedora minimal.
- uni-shared: Acts as an SMB network share for uni-campus and uni-home so that the documents and emails can be accessed easily between them.
- fedora-29-dvm: Default disposable Fedora VM.
- whonix-ws-15-dvm: Default disposable Whonix VM. This is where I do 95% of my online browsing.
- calendar: Exactly as it's named. Has a firewall rule to only allow connections to posteo.de.
- nas-access: Used to access my NAS and to watch content on it.
- pihole-access: Used to access my Pi-Hole through Firefox. Has a firewall rule to only allow connections to its IP address.
- router-access: Used to access my router through Firefox. Has a firewall so its only able to connect to 192.168.0.1.
- personal: Personal domain. Used to check personal emails, read rss feeds, stream YouTube videos, and internet banking.
- repos: Local copy of my repos. Has a firewall rule to only allow connections to the site hosting my git repo.
- uni-anon-resarch: Research for Uni.
- uni-campus: Domain for doing Uni work on campus.
- uni-home: Domain for doing Uni work at home.
- uni-whonix: Seperate Whonix gateway for Uni research.
- offline-archive-manager: For managing the offline archives that I burn to DVDs.
- personal-archive: Exactly as it's named.
- sys-whonix: Default Whonix gateway ProxyVM.
- vault: For storing GPG keys and other files.
- vault-dvm: DVM with no internet access. The Vault VMs use this as their DisposableVM.
- work-archive: Storing work archive documents (payslips, employment information, etc).
Phone: Motorola Moto G5s running Lineage OS 16.0 Pie no G-Apps or micro-G with the following Apps: - AdAway: Open Source hosts file-based ad blocker. (Requires root.) - AFWall+: Linux iptables front end. (Requires root.) - Amaze: File manager. - andOPT: 2FA app. I like it since it can export the entries to an AES encrypted file. - AntennaPod: Podcast manager. - AnySoftKeyboard - Simple Calendar - Simple Contacts Pro - DAVx5: CalDav syncronization with my calendar on my Posteo email account. - F-Droid - Fennec F-Droid: Web Browser. Has the same Firefox addons like on Qubes minus Vim Vixen. I used the app Privacy Settings to configure the about:config. - KeePassDX: Password manager. - KISS launcher - Magisk Manager - NewPipe: YouTube app replacement. - S.Notes: Standard Notes. - OsmAnd~: Maps and navigation. - Red Moon: Blue light filter. - SELinuxModeChanger: Exactly as it sounds. (Requires root.) - Shelter: Work profile manager. - Signal: Messaging. - Vinyl Music Player: Music player. - WireGuard: VPN protocol frontend. Is configured to use my VPN account. Is setup as an always-on and connected VPN.
As mentioned, I use Shelter to manage my work profile. In it I isolate the following apps: - Clover: *chan browser. - Orbot: For routing apps through Tor. Is setup as an always-on and connected VPN. - RedReader: Reddit client. - Tor Browser
Over the last several years, I have started using my phone less and less and taking advantage of less of what it has got to offer. I don't check email on my device. I have no real need to browse the Internet on it outside of watching videos using NewPipe, browsing Reddit, and various *chan boards.
On the Smart Phone side of things, I am considering purchasing an older used iPhone SE or 6S for use with MySudo when outside of my home as well as an iPod Touch for use on WiFi only for use inside my home. The iPhone would be kept inside of a faraday bag when I am at home and not using it. It would also be kept in the faraday bag whenever at home to avoid associating that device with my home address. The iPod Touch would be used for MySudo calls instead.
Future outlook and plan for my privacy and security:
To avoid as much deanonymisation of my privacy as possible, I'm only going to specify enough so that anyone reading this can get the jist of my situation in life. I am quite young (age 16 to 25) and I started along this privacy journey when I was even younger. I was never a very heavy social media user, however I did have an online presence if you looked hard enough. My name fortunately is a very common and short name, so that does help to bury information that I was not able to remove further in the vast trenches that is the Internet.
On the digital side of things, I mentioned that I have a dedicated Crypto AppVM for handling crypto currency transactions using Bisq. I have setup a dedicated bank account that I have periodically been transferring money into so that I can trade crypto. Unfortunately, I do not live in the US, so being able to effectively start trades with others is more difficult. I also do not have access to a credit card masking account like privacy.com (that I absolutely would use given the ability). I plan on getting an anonymous VPS to host my own Tor exit node for better speeds and to mitigate the possibility of malicious exit nodes. The country I live in has been a proponent of absolute dragnet surveillance on all activities occurring online and in real life, though the former is far more visible on this subreddit. I will be using crypto with cleaned Bitcoin (as seen with ProgressiveArchitect
's setup) for purchasing my VPN service, etc.
With future hardware, to replace my aging laptop, I am very hopeful for Xen, then eventually Qubes OS getting ported to Power9. When that happens I'll be getting a Raptor Computing Blackbird as a desktop. Maybe in the future I'll get a Purism Librem laptop, but for now my corebooted X230 works perfectly for my use cases. On that note, I have successfully build the Heads firmware for the X230 and I was able to get the minimal 4MB image flashed on my laptop. I did revert it back to my coreboot setup after playing around a little with it, and unfortunately I haven't had time since to do a full, complete flash of it.
On the physical/real life side of things, I plan on making use of various Trusts in order to hold assets, say to keep my name from being immediately visible on the title of my car. As of right now I am fortunate enough to have the title of my car under the name of someone who I trust. Unless I am legally required, and where there are immediate and absolute consequences, I use fake names in real life. With Uni, I am enrolled under my real name and address. This is a requirement and it is verified, so there is nothing that I can realistically do about it. As for other services, I plan on setting up a personal mailbox (PMB), etc if possible to use as a real, physical address that is associated with my real name and that is used for things like Government issued ID. In the future when I move again, I plan on renting a place in cash to try and keep my name dissociated with my real address. For those looking for reasoning on why one would want to do that, please read How to be Invisible by J.J. Luna. It's truly the Bible of physical privacy.
At this stage I am just going off on a ramble, so I should cut it short here.
I have just started and I live for this shit.
How to Import, Export, Store and Manage Private Keys in Cryptocurrency Wallets May 31 2020 · 10:14 UTC Updated Jun 20 2020 · 11:15 UTC by Jeff Fawkes · 11 min read In this article, we explain the basics of GnuPG (GPG), including what it's used for, the difference between a public and a private key, how to generate a key pair, how to import/export a public key, and how to encrypt/decrypt messages Are the exported private keys gotten by executing gpg --export-secret-keys still encrypted and protected by their passphrase? This seems to be the case but I can't find anywhere that explicitly confirms this. If the exported keys are still encrypted then is there anyway to get the pure, unencrypted private key (like you can for the public segment)? I'm trying to share a GnuPG key pair by importing it into each machine. This is how I'm doing it: gpg --allow-secret-key-import --import secret.gpg.key gpg --import public.gpg.key The keys have been exported with -a. After doing this, the public key is shown correctly when I do a gpg --list-keys, but the private key isn't (gpg --list-secret-keys). I am trying to wrap my head around gpg. My current understanding is that one generates a master key, and then a number of sub-keys that are cross-signed against the master key. This establishes tha...
This video shows you how to export and import a key using PGP. தமிழ் செய்திகள், உலகச்செய்திகள், சினிமா விமர்சனம், சினிமா ... Learn how to Import and Export the private key in the Bitcoin-Core Wallet and bitcoind.exe and bitcoin-cli.exe There are a number of reason one would want to Export a private key, here's how. 👓 Command Lines (Core Wallets): - Walletpassphrase [yourpassphrase] 60 - Imp... securely backing up gpg private keys.. to the cloud‽ - Duration: 30:35. linux conf au 2017 - Hobart, Australia 893 views. 30:35. Are 12-word Seeds for Bitcoin Private Keys Secure? Programmer ...