So, it goes without saying that your working computer is a working computer. You have NEVER connected him to your home network and he has not released ANY package to the internet from your white internet where you watch pornhub and play tanks. This was previously described in detail in the documentation of the torus, in particular, there is a link to a study of the early-mid-200s about tcp.timestamp (tsval). Well, I think you know.
Also, of course, this computer was bought for a cache, and for a long time, preferably in a store without cameras, or even p2p from the left phone and not even in your city. paranoid mode.
I don't discuss any Windows and poppies, I don't work and I don't advise you - you get worn out there all the services and tricks to debug and research in search of sudden trackers, but they are. I am Linux. cryptsetup only. A bootloader on a USB flash drive that you carry with you when you do not carry a laptop, and pull it out when you get lost.
Your access to the network must be located on a separate device, which you cannot access from a work computer. For example an encrypted raspberry pi.
In which the modem is plugged 3-4g. Remove the sssh there and check that no port other than the forwarded soks from vpn or torus to vpn listens. Access to the pi itself is possible only from the keyboard via usb and the monitor, you need to log in from there. Make the restart possible either from a simple poke or something simple self-made for example nc listens to the port as soon as it connects to it - it makes the restart procedure for your modem. No shells.
That is, on the working computer, well, your SP from the provider or even from the VPN should not be visible in any way. In case your computer gets hacked, Always take into account that your computer is potentially compromised. Do not deceive yourself even in this case.
How? And now the hard hacks. Move the camera away. Move the microphone and speakers away. Necessarily physically. In laptops, most often up to 4 cables go to the monitor - video, up to 2 wifi antennas and 1 wire that we need - most often it will be a camera + micro. For old laptops, there are design schemes for fixing for a long time, make sure that you are pulling exactly this. Check that neither the camera nor the micro is working anymore and they are not in the system (lsusb, etc.).
The fact that you pull out the video camera and audio driver from the self-made kernel will not give you anything - those who wish will definitely collect modules for your kernel or a lomanet kernel and load the code. What do you think you are one such shellcoder? Do you remember how the Iranian nuclear program was screwed up? Perhaps you are no less a dangerous bandit, which means they will definitely try for you.
Next, remove the speakers. Yes, you don't need sound at work, why? Through the sound, you can merge a lot of information into a rutted phone lying next to it, or even leak out of the window where the guys are listening. Moreover, it can be done with ultrasound so that people with poor hearing may not yet hear, but who needs to hear with a microphone.
The sound card itself is most often not cut out, only sometimes it turns off in the BIOS, but the speakers most often can either be pulled out or cut off. This stowed pair of wires will save your life.
Next, pull out the wifi. Yes, only lan. This is no talk. Why? Have you read the news that Google has long abandoned Google cars for collecting wifi and uses your phones for this? That's it, that's it. When working, take the phones to another room. If they call you, put the sound louder so as not to miss, do not put them next to them, they will also be able to analyze what you are doing there and dial on the keyboard by vibrations and by the wifi signal (habr) ... The fact that at first glance this is not in the public domain does not mean that the special services do not.
If you have wifi as anonymous access, I'm afraid you burned out and you can be calculated from the logs. The phone collects all the spots nearby, as I said. Potentially, your client mac is associated with a neighbor's point. Smart is a great evil, avoid them using mobile internet or lan-only system. And even if you do not have anything like a smart (well, you are a tanker my friend!) - your neighbor has it across the street. And even through the wall. And we also return to the point about the root of your computer. You are also rooted with iwlist wlan0 scan. And that's it, 100% will install you with an accuracy of a centimeter, thanks to the neighbors' phones politely sending the same result from themselves to Google and Apple.
With iron, for the most part, everything.
VPN. Cook mentioned earlier to use only vpn and immediately run to your servers - a bad idea, scorching your tcp timestamp. Better so - vpn and torus in the same locale. Throw yourself 9050 and walk from there to the proxy and then to your server. The proxy is also its own personally made (well, some kind of sssh root). This and the number of intermediaries increases the difficulty of finding and anonymizes the primary tcp connection.
To hide it for sure - fork out for the weakest Dedicated server somewhere not for bitcoins (well, it also helps to buy forgiveness - paying with cue ball sazu throws your order into frauds in whmcs). Hash the entire Dedicated Server, when rebooting, check all the hashes of the entire FS by filling in the static busybox in the frames that you have collected from yourself and which you trust.
Before the Dedicated Server, it is true that you still need to have a backup vpn in case of a reboot, because the keys must be stored in the cryptofs, which means that nothing will come up during the restart. Of course, when the Dedicated Server is rebooted, you check the hashes of the entire fs before entering cryptsetup luksOpen.
And yes, no dns on your computer in resolv.conf, you don't need them. Use your root and vps for all resolves and the torus itself (in the form of socks5 / socks4a). In general, do so that your own computer does not know anything at all about what and who surrounds it.
When you need to sit directly very anonymously, for example, important work, you take an old wheelbarrow-dolt (yes, buy yourself, in new cars there is a lot of tracking junk, then a smart security system, then a reset start of air conditioners, then a recorder with gps, then an emergency call button, well he will not cut everything out and simply list it), and go somewhere into the forest. No phones.
Tat the same raspberry, connected by LAN and a new whistle (not only sim). And of course another primary vpn. This is already the closest to 100% anonymity, but anyway, some wobbly old man or a passing car, the owner of which always puts his stream into the periscope, can drain you by flashing your number. Be vigilant, hide the car so that its number cannot be seen by passers-by. Find such a ride in the neighborhood in advance.
These are the developments. This is not all, and for sure you have already heard a lot of this somewhere.
Just a couple of tips.
Do not be lazy to work for anonymity and do not be shy to spend money on anonymity, when they take you for the ass it will be too late to regret your pettiness and inaction in the past.
In general, remember that the logs would always be suspicious. Just like that, no one will fumble you, and there are no complete logs in many countries. And yet working from home is a bad idea, sooner or later it can take off.
From copying bitcoins to yourself somewhere, hand them over to a friend whom you only know personally and do not contact by regular phone, and feel free to erase your disk and everything that is when you see that the pative has arrived. In general, it is also advisable to drain the computer because its various IDs and serials remain, if you are rutted, then they are there and will not be unscrewed here.
The topic of browsers, all there meltdown and other things I do not touch on, I think about it is written enough without me. always be on the lookout. And watch your speech and how you write and what you write, do not compile yourself from a real computer, do not transfer your personality. No one will forgive you for your mistakes.
Roots and a lot of crypts for you.
