CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 684
- Points
- 83
The topic of security may already be messy, but, however, this is one of the most important points. If you have made a couple of self-registers in your life or do not work with large sums at all, then if I were you I would not bother, probably ... Honestly, I even said that, everybody give a fuck about you and those 500 bucks that you managed to do with the log that you bought with the money set aside from lunch, obviously. However, this material will help you just sleep better, have pure karma, do what you love and don't have nightmares. The best material for newbies in terms of safety, in my opinion, is a competitive article from Lunokhod tenebris.
By the way, I advise you to read a little more about USBkill if you are in a tank
The main points that we will be looking at are:
1. General points of safety;
2. Windows 10. Disable tracking services;
3. Selection and installation of VPN;
4. Download and install VirtualBox;
5. Download and install Whonix Gateway;
6. Downloading and installing Win on VirtualBox;
7. We make a bundle VPN> TOR> VPN with the wrapping of all traffic on Whonix;
8. Anonymous financial transactions (for example, Bitcoin).
1.General safety points
If you are doing something serious and are very worried about your anonymity, I advise you to switch to Linux and customize the system for yourself. If you have no experience with Linux OS, you can use, as an option, a ready-made assembly of the operating system. But you can stay on Windows OS by setting it up as well as possible.
We remember about the timely updating of the system. An important role is played by the fact that it is best to use the system from a user account with limited rights, if they try to infect you, the virus may not register in the system due to lack of rights. If you work under the Administrator account, then you should be extremely careful what sites you visit and what you download from the Internet. If you doubt the purity of any downloaded file, it is best to open it in a virtual machine. Be sure to install Firewall (Comodo Internet Security). Firewall will be able to protect you from most types of PC infections, and if you are already infected, find malware and remove it.
P.S. Fresh malicious software (keyloggers, botnets) that are sold has the ability to bypass such protection, but most malware can be caught using a Firewall. Optionally, you can additionally install an antivirus.
A little tip: I advise you to scan your PC using Dr.Web Cureit once a month! If malware is detected, the utility will remove the malicious object and cure your PC.
We use the True Crypt utility to encrypt data. When downloading this program, be careful and pay attention to the source from where you download the utility. Recently, malware has been distributed on the network instead of a utility. It is best and safest to download from the manufacturer's official website. To permanently delete data, we use the Eraser (Gutman method) and CCleaner utilities. With CCleaner, you can optimize and clean your system from temporary files and unnecessary information.
We use complex passwords, from 16 characters. To compose a password, you can use a password generator, or you can also use online encryption. Here you need to remember the word (anyone who is closer to you) and the encryption algorithm.
It is best not to store passwords in notepad, as it is insecure. Passwords are best stored in KeePassX or Last Pass. You can find usage information on the web, and it's simple.
A little advice: If you can spend ~ $ 100 on a good SSD drive, then buy it, install the system and all the necessary software on the SSD. Everything will work much faster. It is also much easier to destroy information from an SSD disk and the medium itself than from a conventional hard disk drive (HDD).
2. Windows 10
If you haven't upgraded to Windows 10, then you can skip this chapter. If you have updated or are planning to update, read on.
Since about mid-2015, Microsoft has been sending out Windows 10 for upgrades from current operating systems or for a clean install, but since it's late 2018 we won't go into details on the cost and how to upgrade. Almost immediately after the release, information was published that Microsoft collects data from PCs and monitors users in every possible way. Everyone became indignant. We released a lot of instructions on how to turn off surveillance, but almost every one is written differently. The following provides up-to-date instructions on how to safely install and disable tracking services. Personally, I used it when upgrading to Windows 10.
For convenience, I will attach a link to a very detailed and understandable article with all the screenshots. It is enough to take all the steps in the article to get rid of the surveillance. But remember that it is impossible to completely disable tracking, but this will disable most of the built-in services responsible for collecting information.
Open the article https://sysadmintips.ru/slezhka-i-telemetriya-v-windows-10-chto-eto-i-kak-otklyuchit.html
After you have completed all the steps indicated in the article, you need to open the hosts file, which can be found along this path: C: \ Windows \ System32 \ drivers \ etc \ and add to
its the following lines:
By doing this, we remove bugs from the company.
If you made an update and you already had all the necessary software installed, then it is enough to check that everything is in place and continue using the system further.
3. VPN / Work with VPN
VPN is a virtual private network. VPN is anonymity and security while working on the network. VPN can be used on any computers, phones. By letting all your traffic go through the VPN, your ISP is no longer able to track you. Here are the varieties of VPN:
Single - Your IP is replaced with the IP of the country of the selected server. The information that passes through the server is fully encrypted and cannot be decrypted. The connection goes through only one server. Scheme of work:
Double - your IP is also hidden and all information passing through the server is encrypted. This kind of VPN is more reliable than a standard VPN. Double VPN allows you to use two servers (create a chain). For example, England - France. First, the encrypted data goes through a server in England, then through a server in France, and only then goes to the network. The plus is that the connection is double-encrypted and when connecting to one country, at the output you have the IP of another country. Countries can be specified when ordering. Scheme of work:
Triple - the same principle of work as with Double, information is also encrypted, but only passes through three servers. This type is considered the most reliable and is suitable for those who want to maintain maximum anonymity. All data is triple encrypted and cannot be traced. Countries are also specified when ordering. In fact, most of the services only provide regular and Double VPN.
Triple is provided by few, and there is not much sense in them. In general, nothing will help. If they start looking seriously, they will find it.
Back to the ISP, what he can see. The logs will only show that a connection has been made to a certain server. The most important thing is to be careful when choosing a VPN server. Today there are several hundred sites that provide VPN rental. All differ in prices, conditions, countries and so on, in other words: Everything for the client!
Unfortunately, not all services are secure. Some people write that they do not keep logs, but in fact, logging is enabled. Some people write that logs are not written and in fact no logs are written. I will say one thing, that if the server is installed on the territory of the Russian Federation, the logs are written 100%. This is monitored and everyone is obliged to collect information about users and customers. There are tables in which sites for the provision of VPN services are listed, it is indicated which of them are logged and which are not. But whether this information corresponds to reality is not known. Therefore, I will not give these tables here. In any case, if the service itself does not write logs, this is done by the Data Center, where the server is rented. The best VPN is its own VPN. It is not entirely difficult to raise your VPN, but you will have to pay a certain amount per month to rent a server, in this case, you can have full access to the server and enable / disable logs. But this does not mean that, at the request of the higher authorities, the hoster himself will not hand over you, namely your payment details and IP from which you entered the billing panel. Therefore, if you decide to create your own server - with the company where you rent a server, you should work already under Proxy / Socks / Dedicated. Servers under VPN need to be rented away from Russia. It is desirable in countries with which you do not have very good relations) Although .. I think that no matter how many politicians squabble, policemen and special services still keep in touch and work together, helping each other. in this case, you can have full access to the server and enable / disable logs. But this does not mean that, at the request of the higher authorities, the hoster himself will not hand over you, namely your payment details and IP from which you entered the billing panel. Therefore, if you decide to create your own server - with the company where you rent a server, you should work already under Proxy / Socks / Dedicated. Servers under VPN need to be rented away from Russia. It is desirable in countries with which you do not have very good relations) Although .. I think that no matter how many politicians squabble, policemen and special services still keep in touch and work together, helping each other. in this case, you can have full access to the server and enable / disable logs. But this does not mean that, at the request of the higher authorities, the hoster himself will not hand over you, namely your payment details and IP from which you entered the billing panel. Therefore, if you decide to create your own server - with the company where you rent a server, you should work already under Proxy / Socks / Dedicated. Servers under VPN need to be rented away from Russia. It is desirable in countries with which you do not have very good relations) Although.
As for me, a regular VPN is quite enough, because our task is to hide the connection from the provider. No more.
We go further. VPN, on the host machine, we have. The provider does not see our surfing. But the IP is seen by the sites. IP leak occurs when using WebRTC, Javascript and other technologies. To get rid of such a visual palette, we will take the following steps.
We need to install VirtualBox. To do this, go to the official website, https://www.virtualbox.org
Download the latest version of the program.
5. Download Whonix Gateway from the official website https://www.whonix.org/wiki/Download
Install.
Open the virtualbox, click File -> Import Appliance. Select the downloaded Whonix Gateway image, click "Next". A window with settings will appear, we leave everything by default, except for the RAM column, this column can be changed if desired (as practice shows, 756Mb is quite enough). Click "Import" and wait.
6. Download the image of the Windows operating system (here you can choose, who is 7, who is closer to 10).
Install.
Points 4 and 6 are quite simple, but if anyone has any questions, this article describes everything in great detail: http://ipmnet.ru/~sadilina/Work programs/63.html. It is better to allocate at least 4GB of RAM.
7. Make a bundle VPN> TOR> VPN with all traffic wrapped up on Whonix
Next, we need to make sure that the traffic of our Win guest OS does not penetrate further than Whonix.
Turn off both virtual machines and select Win.
Click: Configure> Network
In "Connection type" select "Internal network", "Whonix". If adapters 2,3,4 are enabled, turn them off (uncheck).
Launch Whonix Gateway. On the desktop, select "Konsole". Open with two clicks.
In the terminal we write: sudo ifconfig And press Enter.
Enter your password (or changeme, by default).
A window like this opens:
Where we see the subnet mask and default gateway. They will be useful to us for configuring IPv4 parameters, our Win on a virtual machine.
We launch the Win virtual machine.
Through the control panel, go to the network control center, click to change the adapter parameters, right-click on the connection, configure the parameters in IPv4 and write the following settings:
IP address 10.152.152.55 - ip of your adapter
Subnet mask: 255.255.255.0
Default gateway: 10.152.152.10 - ip of Whonix-gateway network card
DNS server: 10.152.152.10 - ip of Whonix-gateway network card
We save the settings.
Now all traffic from Win, which is on the virtual machine, is wrapped on the Whonix Gateway.
Next, put Linken Sphere (to whom what at all)
8. Anonymous financial transactions (for example, Bitcoin).
If we find a loophole for making money, the question arises: how to pay for consumables and how to withdraw the money earned?
The first thing that comes to mind is Bitcoin. What could be more anonymous? But here we need to play it safe.
From a technical point of view, a blockchain database. You can say a chain of blocks of information, where bitcoins participate (as a unit of information) and transactions with their participation. This chain is open and whoever wants to will see what and where went. This, of course, is Anonymous. There is no personal data of the senders. But, it is easy to trace how many bits from a certain address went to a particular wallet. If necessary, you can roughly calculate the amount of funds on a particular wallet. At least the minimum will be known.
It seems, well, what is it that someone will know about the operations of my bitcoin address, because he does not give any personal data! In fact, this is imaginary security. Information about you cannot be found until you give yourself away: you replenished your wallet from your card, transferred money to the card, paid for the goods with delivery - and that's it, de-anonymized your person. Proof of this is the large number of high-profile cases that have been initiated recently against various criminals who accepted payment in bitcoins.
And now, in fear for our anonymity, we begin to remember whether we have exposed our data somewhere. This could very well have happened - previously little was said about the pseudo-anonymity of bitcoin, and even today few know about this nuance. Nevertheless, the user consciousness is starting to wake up, and Bitcoin mixers are entering the arena on the wave of interest in confidential transactions.
First, let's define what a bitcoin mixer is. Basically, it is a resource that takes on an intermediary role, accepting and sending transactions. That is, in order to "confuse" your translation, you just need to go to the site and send through it.
It is worth remembering that any such resource charges a fee for its services. As a rule, its value is very loyal, especially considering what opportunities it opens up for users. The average commission size ranges from 1 to 5%.
Thus, the trail of the chain of transactions in the blockchain is cut off, and you get "pure bitcoins". And everything would be fine, but there are some nuances that you should be prepared for:
There is a risk of fraud on the part of the service. Roughly speaking, you are sending your money to someone who is not clear, and it is not a fact that this someone will return it to you. We all know what fraud is and how easily one netizen's money can cease to belong to him. Again, do not forget that we are dealing with a decentralized bitcoin, in which you cannot cancel the transaction or write an angry letter to the support service and get your money back.
There is a risk of transferring data to third parties. Purely hypothetically, bitcoin mixers can leak logs to intelligence agencies if pressure is exerted on them. Of course, if you have half a half of bitcoin, then you are unlikely to be interested in special services, but if you have large turnovers of amounts, then this may well raise suspicion.
Alternative methods of anonymous payments.
Everyone probably knows about the undeniable superiority of Zcash and Monero coins. Monero "obfuscates" the chain of transactions, and deanonymization is possible only in special cases. And Zcash is the first completely anonymous coin. In the transaction database of this system, absolutely nothing about the operation is displayed - it simply states that it was. What is not a safe alternative to bitcoin for you?
How do I keep my anonymity?
Don't be afraid. Here is a short list of recommendations on what to do to prevent outsiders from interfering with your personal financial space.
1.Use several mixers at once (min. 2), if any of them merges you, then the transaction chain is still not subject to deanonymization;
2.For any trances, use VPN (on the host machine) + TOR (Whonix with the Win virtual OS traffic wrapped on it (as we discussed above) + RDP). Do not make security exceptions when working with mixers.
3. If the mixer requires registration, then either look for another one, or register a new account each time.
4. Do not spend a lot of transit from one wallet.
If everything is roughly clear with anonymity, then we have not yet considered on which wallets to store our bitcoins. And this is not at all unimportant, both from the side of anonymity and from the side of the security of our funds. Let's consider what kind of crypto wallets are on the example of only a bitcoin wallet. the rest of the coins are all the same, but not so developed yet.
There are 4 types of wallets on the official bitcoin website https://bitcoin.org.
Let's take a closer look.
1. If you decide to use a computer to place a wallet on it, you need to choose a cold or hot wallet, also called thick and thin.
When choosing a thick one, you need to download the program for the corresponding OS. Then synchronize and constantly update. Synchronization is downloading all the chains of blocks that exist at the moment. This is not a small amount of information, to put it mildly, which is 229 as of 12/25/2018, 82Gb (and ether has 667.1 Gb, although this currency is 3.5 years old, and the cue ball is 9 years old) ... But even this is not the biggest disadvantage in synchronization. The difficulty is that downloading all blockchain chains takes about 3 days. If a failure occurs while the program is running (the Internet is gone, the electricity is turned off, the computer is glitching, etc.) - everything must be started from the beginning ... The undoubted advantage is that the safety of the kosh is in your hands.
Hot (thin) wallets are easier. They store the latest blockchain chains, and use information from third-party resources to work. This is less secure, although for top currencies, the security is at the proper level.
2. In the "Devices" section, hardware wallets are presented
They are a device that looks like a keychain or a flash drive. A big plus is that they are multicurrency.
To start working with the crypt, it must be connected to the computer. Since the keys are located separately from the computer hardware, which can be attacked, they remain safe even if the computer is hacked. In case of theft of a wallet, use the funds that are on it, it will not work, because you have to enter a password, and the user can restore access by entering a special code.
These wallets are perhaps one of the safest, so they are convenient to use for storing large amounts, and sometimes use them (unlike paper wallets, which we will talk about below).
3. Mobile wallets are applications for smartphones that work using remote services. Payments are made using QR codes and NFC technology. For small amounts and frequent use, it is quite a convenient thing, even taking into account all the risks.
4. Online wallets are, in fact, sites that provide cryptocurrency storage services for a small commission. You can access your wallet from anywhere in the world by entering a password (12 words) and, usually, a PIN code (4 digits). It is convenient. In addition, there is an opportunity to start as many wallets as necessary. This adds anonymity in calculations, in the same services. Of course, it is not reasonable to store large amounts there, but it is quite suitable as a "transshipment".
You can also store crypto on exchanges, but there are more risks and inconveniences than positive aspects. The exchange may close, it may be hacked, etc.
Alternatively, you can buy a paper wallet.
This is such a "piece of paper" on which two addresses are generated, one for receiving, the other for sending crypt. You can order on specialized sites. These wallets are perhaps the safest. Ease of use is rather dubious. Suitable for those who want to make a stash, or invest for a long time, with the hope of increasing the rate.
As we can see, there is such a variety of wallets that each person can choose according to their requirements. Also, you can combine several wallets. For example: they throw off the crypt on the online kosh, there you can (in the kosh itself) transfer it to the air, and drop it on the air. kosh. Then display. You can collect on trifles online, and transfer to a cold one (if white money). And so on there are a lot of options.
Let's summarize.
Safe car:
1. Win with trackers turned off to the maximum;
2. VPN to the host;
3. VirtualBox;
4. Whonix on VirtualBox;
5. Win on VirtualBox;
6. Wrapped virtual OS traffic on Whonix;
7. Using Linken Sphere to simplify and speed up your work.
8. Safe financial transactions on the network using crypto wallets.
Thanks again to the author.
By the way, I advise you to read a little more about USBkill if you are in a tank
The main points that we will be looking at are:
1. General points of safety;
2. Windows 10. Disable tracking services;
3. Selection and installation of VPN;
4. Download and install VirtualBox;
5. Download and install Whonix Gateway;
6. Downloading and installing Win on VirtualBox;
7. We make a bundle VPN> TOR> VPN with the wrapping of all traffic on Whonix;
8. Anonymous financial transactions (for example, Bitcoin).
1.General safety points
If you are doing something serious and are very worried about your anonymity, I advise you to switch to Linux and customize the system for yourself. If you have no experience with Linux OS, you can use, as an option, a ready-made assembly of the operating system. But you can stay on Windows OS by setting it up as well as possible.
We remember about the timely updating of the system. An important role is played by the fact that it is best to use the system from a user account with limited rights, if they try to infect you, the virus may not register in the system due to lack of rights. If you work under the Administrator account, then you should be extremely careful what sites you visit and what you download from the Internet. If you doubt the purity of any downloaded file, it is best to open it in a virtual machine. Be sure to install Firewall (Comodo Internet Security). Firewall will be able to protect you from most types of PC infections, and if you are already infected, find malware and remove it.
P.S. Fresh malicious software (keyloggers, botnets) that are sold has the ability to bypass such protection, but most malware can be caught using a Firewall. Optionally, you can additionally install an antivirus.
A little tip: I advise you to scan your PC using Dr.Web Cureit once a month! If malware is detected, the utility will remove the malicious object and cure your PC.
We use the True Crypt utility to encrypt data. When downloading this program, be careful and pay attention to the source from where you download the utility. Recently, malware has been distributed on the network instead of a utility. It is best and safest to download from the manufacturer's official website. To permanently delete data, we use the Eraser (Gutman method) and CCleaner utilities. With CCleaner, you can optimize and clean your system from temporary files and unnecessary information.
We use complex passwords, from 16 characters. To compose a password, you can use a password generator, or you can also use online encryption. Here you need to remember the word (anyone who is closer to you) and the encryption algorithm.
It is best not to store passwords in notepad, as it is insecure. Passwords are best stored in KeePassX or Last Pass. You can find usage information on the web, and it's simple.
A little advice: If you can spend ~ $ 100 on a good SSD drive, then buy it, install the system and all the necessary software on the SSD. Everything will work much faster. It is also much easier to destroy information from an SSD disk and the medium itself than from a conventional hard disk drive (HDD).
2. Windows 10
If you haven't upgraded to Windows 10, then you can skip this chapter. If you have updated or are planning to update, read on.
Since about mid-2015, Microsoft has been sending out Windows 10 for upgrades from current operating systems or for a clean install, but since it's late 2018 we won't go into details on the cost and how to upgrade. Almost immediately after the release, information was published that Microsoft collects data from PCs and monitors users in every possible way. Everyone became indignant. We released a lot of instructions on how to turn off surveillance, but almost every one is written differently. The following provides up-to-date instructions on how to safely install and disable tracking services. Personally, I used it when upgrading to Windows 10.
For convenience, I will attach a link to a very detailed and understandable article with all the screenshots. It is enough to take all the steps in the article to get rid of the surveillance. But remember that it is impossible to completely disable tracking, but this will disable most of the built-in services responsible for collecting information.
Open the article https://sysadmintips.ru/slezhka-i-telemetriya-v-windows-10-chto-eto-i-kak-otklyuchit.html
After you have completed all the steps indicated in the article, you need to open the hosts file, which can be found along this path: C: \ Windows \ System32 \ drivers \ etc \ and add to
its the following lines:
Code:
127.0.0.1 validation.sls.microsoft.com
127.0.0.1 rad.msn.com
127.0.0.1 apps.skype.com
127.0.0.1 api.skype.com
127.0.0.1 static.skypeassets.com
127.0.0.1 adriver.ru
127.0.0.1 devads.skypeassets.net
127.0.0.1 devapps.skype.net
127.0.0.1 qawww.skypeassets.net
127.0.0.1 qaapi.skype.net
127.0.0.1 preads.skypeassets.net
127.0.0.1 preapps.skype.net
127.0.0.1 serving.plexop.net
127.0.0.1 preg.bforex.com
127.0.0.1 ads1.msads.net
127.0.0.1 flex.msn.com
127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
:: 1 localhost
127.0.0.1 local
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 65.55.108.23
0.0.0.0 65.39.117.230
0.0.0.0 23.218.212.69
0.0.0.0 134.170.30.202
0.0.0.0 137.116.81.24
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 204.79.197.200
0.0.0.0 23.218.212.69
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.comBy doing this, we remove bugs from the company.
If you made an update and you already had all the necessary software installed, then it is enough to check that everything is in place and continue using the system further.
3. VPN / Work with VPN
VPN is a virtual private network. VPN is anonymity and security while working on the network. VPN can be used on any computers, phones. By letting all your traffic go through the VPN, your ISP is no longer able to track you. Here are the varieties of VPN:
Single - Your IP is replaced with the IP of the country of the selected server. The information that passes through the server is fully encrypted and cannot be decrypted. The connection goes through only one server. Scheme of work:
Double - your IP is also hidden and all information passing through the server is encrypted. This kind of VPN is more reliable than a standard VPN. Double VPN allows you to use two servers (create a chain). For example, England - France. First, the encrypted data goes through a server in England, then through a server in France, and only then goes to the network. The plus is that the connection is double-encrypted and when connecting to one country, at the output you have the IP of another country. Countries can be specified when ordering. Scheme of work:
Triple - the same principle of work as with Double, information is also encrypted, but only passes through three servers. This type is considered the most reliable and is suitable for those who want to maintain maximum anonymity. All data is triple encrypted and cannot be traced. Countries are also specified when ordering. In fact, most of the services only provide regular and Double VPN.
Triple is provided by few, and there is not much sense in them. In general, nothing will help. If they start looking seriously, they will find it.
Back to the ISP, what he can see. The logs will only show that a connection has been made to a certain server. The most important thing is to be careful when choosing a VPN server. Today there are several hundred sites that provide VPN rental. All differ in prices, conditions, countries and so on, in other words: Everything for the client!
Unfortunately, not all services are secure. Some people write that they do not keep logs, but in fact, logging is enabled. Some people write that logs are not written and in fact no logs are written. I will say one thing, that if the server is installed on the territory of the Russian Federation, the logs are written 100%. This is monitored and everyone is obliged to collect information about users and customers. There are tables in which sites for the provision of VPN services are listed, it is indicated which of them are logged and which are not. But whether this information corresponds to reality is not known. Therefore, I will not give these tables here. In any case, if the service itself does not write logs, this is done by the Data Center, where the server is rented. The best VPN is its own VPN. It is not entirely difficult to raise your VPN, but you will have to pay a certain amount per month to rent a server, in this case, you can have full access to the server and enable / disable logs. But this does not mean that, at the request of the higher authorities, the hoster himself will not hand over you, namely your payment details and IP from which you entered the billing panel. Therefore, if you decide to create your own server - with the company where you rent a server, you should work already under Proxy / Socks / Dedicated. Servers under VPN need to be rented away from Russia. It is desirable in countries with which you do not have very good relations) Although .. I think that no matter how many politicians squabble, policemen and special services still keep in touch and work together, helping each other. in this case, you can have full access to the server and enable / disable logs. But this does not mean that, at the request of the higher authorities, the hoster himself will not hand over you, namely your payment details and IP from which you entered the billing panel. Therefore, if you decide to create your own server - with the company where you rent a server, you should work already under Proxy / Socks / Dedicated. Servers under VPN need to be rented away from Russia. It is desirable in countries with which you do not have very good relations) Although .. I think that no matter how many politicians squabble, policemen and special services still keep in touch and work together, helping each other. in this case, you can have full access to the server and enable / disable logs. But this does not mean that, at the request of the higher authorities, the hoster himself will not hand over you, namely your payment details and IP from which you entered the billing panel. Therefore, if you decide to create your own server - with the company where you rent a server, you should work already under Proxy / Socks / Dedicated. Servers under VPN need to be rented away from Russia. It is desirable in countries with which you do not have very good relations) Although.
As for me, a regular VPN is quite enough, because our task is to hide the connection from the provider. No more.
We go further. VPN, on the host machine, we have. The provider does not see our surfing. But the IP is seen by the sites. IP leak occurs when using WebRTC, Javascript and other technologies. To get rid of such a visual palette, we will take the following steps.
We need to install VirtualBox. To do this, go to the official website, https://www.virtualbox.org
Download the latest version of the program.
5. Download Whonix Gateway from the official website https://www.whonix.org/wiki/Download
Install.
Open the virtualbox, click File -> Import Appliance. Select the downloaded Whonix Gateway image, click "Next". A window with settings will appear, we leave everything by default, except for the RAM column, this column can be changed if desired (as practice shows, 756Mb is quite enough). Click "Import" and wait.
6. Download the image of the Windows operating system (here you can choose, who is 7, who is closer to 10).
Install.
Points 4 and 6 are quite simple, but if anyone has any questions, this article describes everything in great detail: http://ipmnet.ru/~sadilina/Work programs/63.html. It is better to allocate at least 4GB of RAM.
7. Make a bundle VPN> TOR> VPN with all traffic wrapped up on Whonix
Next, we need to make sure that the traffic of our Win guest OS does not penetrate further than Whonix.
Turn off both virtual machines and select Win.
Click: Configure> Network
In "Connection type" select "Internal network", "Whonix". If adapters 2,3,4 are enabled, turn them off (uncheck).
Launch Whonix Gateway. On the desktop, select "Konsole". Open with two clicks.
In the terminal we write: sudo ifconfig And press Enter.
Enter your password (or changeme, by default).
A window like this opens:
Where we see the subnet mask and default gateway. They will be useful to us for configuring IPv4 parameters, our Win on a virtual machine.
We launch the Win virtual machine.
Through the control panel, go to the network control center, click to change the adapter parameters, right-click on the connection, configure the parameters in IPv4 and write the following settings:
IP address 10.152.152.55 - ip of your adapter
Subnet mask: 255.255.255.0
Default gateway: 10.152.152.10 - ip of Whonix-gateway network card
DNS server: 10.152.152.10 - ip of Whonix-gateway network card
We save the settings.
Now all traffic from Win, which is on the virtual machine, is wrapped on the Whonix Gateway.
Next, put Linken Sphere (to whom what at all)
8. Anonymous financial transactions (for example, Bitcoin).
If we find a loophole for making money, the question arises: how to pay for consumables and how to withdraw the money earned?
The first thing that comes to mind is Bitcoin. What could be more anonymous? But here we need to play it safe.
From a technical point of view, a blockchain database. You can say a chain of blocks of information, where bitcoins participate (as a unit of information) and transactions with their participation. This chain is open and whoever wants to will see what and where went. This, of course, is Anonymous. There is no personal data of the senders. But, it is easy to trace how many bits from a certain address went to a particular wallet. If necessary, you can roughly calculate the amount of funds on a particular wallet. At least the minimum will be known.
It seems, well, what is it that someone will know about the operations of my bitcoin address, because he does not give any personal data! In fact, this is imaginary security. Information about you cannot be found until you give yourself away: you replenished your wallet from your card, transferred money to the card, paid for the goods with delivery - and that's it, de-anonymized your person. Proof of this is the large number of high-profile cases that have been initiated recently against various criminals who accepted payment in bitcoins.
And now, in fear for our anonymity, we begin to remember whether we have exposed our data somewhere. This could very well have happened - previously little was said about the pseudo-anonymity of bitcoin, and even today few know about this nuance. Nevertheless, the user consciousness is starting to wake up, and Bitcoin mixers are entering the arena on the wave of interest in confidential transactions.
First, let's define what a bitcoin mixer is. Basically, it is a resource that takes on an intermediary role, accepting and sending transactions. That is, in order to "confuse" your translation, you just need to go to the site and send through it.
It is worth remembering that any such resource charges a fee for its services. As a rule, its value is very loyal, especially considering what opportunities it opens up for users. The average commission size ranges from 1 to 5%.
Thus, the trail of the chain of transactions in the blockchain is cut off, and you get "pure bitcoins". And everything would be fine, but there are some nuances that you should be prepared for:
There is a risk of fraud on the part of the service. Roughly speaking, you are sending your money to someone who is not clear, and it is not a fact that this someone will return it to you. We all know what fraud is and how easily one netizen's money can cease to belong to him. Again, do not forget that we are dealing with a decentralized bitcoin, in which you cannot cancel the transaction or write an angry letter to the support service and get your money back.
There is a risk of transferring data to third parties. Purely hypothetically, bitcoin mixers can leak logs to intelligence agencies if pressure is exerted on them. Of course, if you have half a half of bitcoin, then you are unlikely to be interested in special services, but if you have large turnovers of amounts, then this may well raise suspicion.
Alternative methods of anonymous payments.
Everyone probably knows about the undeniable superiority of Zcash and Monero coins. Monero "obfuscates" the chain of transactions, and deanonymization is possible only in special cases. And Zcash is the first completely anonymous coin. In the transaction database of this system, absolutely nothing about the operation is displayed - it simply states that it was. What is not a safe alternative to bitcoin for you?
How do I keep my anonymity?
Don't be afraid. Here is a short list of recommendations on what to do to prevent outsiders from interfering with your personal financial space.
1.Use several mixers at once (min. 2), if any of them merges you, then the transaction chain is still not subject to deanonymization;
2.For any trances, use VPN (on the host machine) + TOR (Whonix with the Win virtual OS traffic wrapped on it (as we discussed above) + RDP). Do not make security exceptions when working with mixers.
3. If the mixer requires registration, then either look for another one, or register a new account each time.
4. Do not spend a lot of transit from one wallet.
If everything is roughly clear with anonymity, then we have not yet considered on which wallets to store our bitcoins. And this is not at all unimportant, both from the side of anonymity and from the side of the security of our funds. Let's consider what kind of crypto wallets are on the example of only a bitcoin wallet. the rest of the coins are all the same, but not so developed yet.
There are 4 types of wallets on the official bitcoin website https://bitcoin.org.
Let's take a closer look.
1. If you decide to use a computer to place a wallet on it, you need to choose a cold or hot wallet, also called thick and thin.
When choosing a thick one, you need to download the program for the corresponding OS. Then synchronize and constantly update. Synchronization is downloading all the chains of blocks that exist at the moment. This is not a small amount of information, to put it mildly, which is 229 as of 12/25/2018, 82Gb (and ether has 667.1 Gb, although this currency is 3.5 years old, and the cue ball is 9 years old) ... But even this is not the biggest disadvantage in synchronization. The difficulty is that downloading all blockchain chains takes about 3 days. If a failure occurs while the program is running (the Internet is gone, the electricity is turned off, the computer is glitching, etc.) - everything must be started from the beginning ... The undoubted advantage is that the safety of the kosh is in your hands.
Hot (thin) wallets are easier. They store the latest blockchain chains, and use information from third-party resources to work. This is less secure, although for top currencies, the security is at the proper level.
2. In the "Devices" section, hardware wallets are presented
They are a device that looks like a keychain or a flash drive. A big plus is that they are multicurrency.
To start working with the crypt, it must be connected to the computer. Since the keys are located separately from the computer hardware, which can be attacked, they remain safe even if the computer is hacked. In case of theft of a wallet, use the funds that are on it, it will not work, because you have to enter a password, and the user can restore access by entering a special code.
These wallets are perhaps one of the safest, so they are convenient to use for storing large amounts, and sometimes use them (unlike paper wallets, which we will talk about below).
3. Mobile wallets are applications for smartphones that work using remote services. Payments are made using QR codes and NFC technology. For small amounts and frequent use, it is quite a convenient thing, even taking into account all the risks.
4. Online wallets are, in fact, sites that provide cryptocurrency storage services for a small commission. You can access your wallet from anywhere in the world by entering a password (12 words) and, usually, a PIN code (4 digits). It is convenient. In addition, there is an opportunity to start as many wallets as necessary. This adds anonymity in calculations, in the same services. Of course, it is not reasonable to store large amounts there, but it is quite suitable as a "transshipment".
You can also store crypto on exchanges, but there are more risks and inconveniences than positive aspects. The exchange may close, it may be hacked, etc.
Alternatively, you can buy a paper wallet.
This is such a "piece of paper" on which two addresses are generated, one for receiving, the other for sending crypt. You can order on specialized sites. These wallets are perhaps the safest. Ease of use is rather dubious. Suitable for those who want to make a stash, or invest for a long time, with the hope of increasing the rate.
As we can see, there is such a variety of wallets that each person can choose according to their requirements. Also, you can combine several wallets. For example: they throw off the crypt on the online kosh, there you can (in the kosh itself) transfer it to the air, and drop it on the air. kosh. Then display. You can collect on trifles online, and transfer to a cold one (if white money). And so on there are a lot of options.
Let's summarize.
Safe car:
1. Win with trackers turned off to the maximum;
2. VPN to the host;
3. VirtualBox;
4. Whonix on VirtualBox;
5. Win on VirtualBox;
6. Wrapped virtual OS traffic on Whonix;
7. Using Linken Sphere to simplify and speed up your work.
8. Safe financial transactions on the network using crypto wallets.
Thanks again to the author.
