ymir

5

ymir wrote

Yeah, unless there is a person of color in office. Also it depends on what you view as the state. They don't oppose Trump, but they certainly don't want to keep the American Republic intact any more that do leftists, its just that they want to put an even more despotic government in it's place. Which hearkens me back to the old saying: "There is no government like no government."

2

ymir wrote

You think where he works doesn't know that he is the famous David Duke? I am sure they know already and don't care. Or he probably is on disability or some shit, just soaking up all the good gov't dollars so the rest of us can't. All joking aside, this doxx needs to be amplified a lot before anything good will ever come of it. Even just spray painting an anarchy sign on his house the way the KKK does with swastikas on the houses of people they don't like. Let them know that they cannot hide anymore. That is an important message.

1

ymir wrote

I understand, but what is more important is being able to correlate the username/contact names to other websites where they may be active under those names and then we can do a better job figuring out who is attending and what they are doing. Even if you don't find them useful, there might be other people that can use that info. I hope you dump everything you get off there so we can scrape through it. Ever new piece of info is potentially useful info even if it is intentionally inaccurate.

1

ymir wrote (edited )

Here is from the wp-config.php:

define('SECURE_AUTH_KEY',  '5v[9(}B-UfT^szR5}ri?Bhj([2Apa#5kRal`iEh^Hv~u2mH5 0zjLe({Dd>RE_A8');
define('LOGGED_IN_KEY',    ';&BBDP8]9f,cJd?L+&/xAQ#lY;?B8S]Luju|&&~=e,-o7@tK_CU^~^.B2ssnVL*n');
define('NONCE_KEY',        '`|9Ofp9&N|aa9cE]D`6CId6Iqo+e+m%L Uxm#-VDV#*+pW<6!KU<Nx&n5Jq$%=FO');
define('AUTH_SALT',        'f0Uu0[cKX9]19g?#s<%)}>T?+(K:E/^}W$mHYWjaew>lSL_rnN@r=ALX::;U-t+C');
define('SECURE_AUTH_SALT', '7}P>3E6k%I&crsNb/8bpQI3y8=p:;G>.T24j4&EQaeMN!>,m+DoZ4xy75GFPs~ F');
define('LOGGED_IN_SALT',   'TJG`#D<!kj+(pU*%F}pp-wYO:2kli*Q9o9n5qBL6gI@~+MIMnuHBK7/6W$=f#gzq');
define('NONCE_SALT',       '2|Mp[AT{H$m_^WXD/AR$_WHf;%T@4PsT~>P)*QWX3bXu<gWbp,fxb+^WcD@Sg.a]'); ```
3

ymir wrote

You should go through the contacts and see if any of their facebook pages are any of the people in the pictures. I would say just do a dump of the contacts and we can do this as a community, but that is kind of unethical as they could have contacts that are not white supremacists that maybe don't even know that this guy is a white supremacist, so I think it should be handled with care.

1

ymir wrote (edited )

So, while I am sure you are right, but that profile goes out the window as soon as you switch user agents again. There are enough people on Tor that do switch user agents that I don't really think profiling you based solely on the fact that you are switching user agents and going through tor is particularly useful. I think if even more people did so, it would be even less useful, but that is just my perspective. I have worked on systems that use IP and User Agent together to build profiles, but should a user switch either of those things, the profiling has to start together. Connecting those profiles together would require a lot of data and a lot of guesswork, the accuracy of which is largely debatable. I believe I've already said this and I would stick with this, you shouldn't change tor browser unless you know what you are doing and the potential consequences. I know the potential consequences and I would prefer to make lots and lots of useless profiles on my usage that cannot be connected together easily, also making it harder to profile Tor users in general, than fit totally into the box of other tor users. Like I said previously if the NSA wants your history, they will just do a man in the browser attack or stain your traffic to at least correlate it to your original IP. For most adversaries that is impossible. If the NSA was my adversary I would rather run an ssh hidden service on a compromised machine somewhere and tunnel through that as well as changing my user agent to a very common one. I understand the risks of changing a user agent, but honestly I think doing so frequently as well as changing your tor identity frequently will ultimately make it harder to build any lasting profile on you.

1

ymir wrote

Are you talking about anonymizing within the network or performing traffic analysis from two endpoints? I think within the tor network, unless the crypto is broken, nobody should be able to see your user agent at all. I am sure most of the traffic leaving the network would definitely be Tor browser bundle, but since you are encrypted from the first hop to the entry node even, determining who you are from your user agent being unique seems hard unless you are doing other non-tor activities with the same browser. Traffic staining seems like a much bigger deal to me than analysis of user agent. I think it would be better to look like something other than tor at the endpoint you are trying to reach, so they would have to look up your IP to even determine that you were using TOR. If your user agent says it right off the bat, they don't even have to do a modicum of research to figure out that you are attempting to anonymize your traffic. I guess again it depends on your threat model. To me, maintaining my anonymity from the website I am visiting seems paramount, I assume an adversary capable of traffic analysis is going to be able to do traffic staining or other attacks quite easily and de-anonymize me quickly anyway. If that was my assumed adversary I might try to blend in a little more.

5

ymir wrote

Absolutely the case. Trump even remove a bunch of these groups from the Terrorism watch list, which means a lot of federal money that used to go into investigating these groups has dried up. We are struggling as a community to keep tabs on them ourselves and that is getting really hard with companies like cloudflare and bitmitigate protecting their websites and making it very difficult to extract meaningful data. They are constantly moving from service to service as they do slowly get banned and I am starting to think the strategy of banning them is starting to feel like whack-a-mole. It is a lot of work and then they just pop up again somewhere else. I think we need to be looking at a framework for holding hosting companies accountable and Germany might be a great place to start since cloudflare operates servers there that host Nazi content, despite the laws in Germany saying that that is illegal. I think prosecuting cloudflare or at least successfully suing them could send a clear message to other hosting companies, that their hate will not be tolerated.

5

ymir wrote

So if you check out panopticlick on the eff website, I think the strategy as far as fingerprinting goes, is that you try to blend in, with inaccurate information. I think switching your user agent is a much different thing than randomizing your user agent. I don't think you should randomize it, you switch between other very common user agents. I actually have a script that I use to get the most common user agents from a site that records them and I update my user agent based on the most common user agents. So to really get granular here, it is best for people to throw their browser through something like burp proxy every now and again and see what your browser is leaking. If you are blocking javascript, then there is no known way to determine what other plugins you are using unless they are leaking information themselves, which ghostery may very well be doing. If that is true, then it probably is better to use another solution, but from what I have read, ghostery respects your opting out of data collection. Again, if it were open source we could really vet that.

I don't think people should worry about plugins/add-ons creating a profile too much unless they are using javascript consistently, in which case everything else you do for privacy is kind of moot. I really appreciate that this site is 100% usable without enabling javascript. I think we need to start coding that way more frequently. If a site needs javascript, you better really trust them. But even something like jquery which is maintained by google and is pretty ubiquitous across the web, is really a bad idea.

I think decentraleyes is just as useful when using tor as it is otherwise. I personally block facebook and google in my hosts file and when not using tor, I never have a problem with content loading at this point because I am retrieving it locally instead of from a cdn. It works the same way via tor, but my hosts file never enters into the equation with tor since all of my dns requests are going through tor exclusively. However, if you run a session through burp with decentraleyes enabled and disabled, you will see an incredible amount of third party traffic without it. I prefer to control that and it is my belief that in so doing I have become more difficult to profile. I don't think that making fewer cdn requests is something that can really be used to profile you. It might be helpful with traffic analysis, but if that is happening to you, you are already in trouble and whether you make fewer cdn requests or not will not really make any difference. I don't think it is going to single you out though.

I think killing cookies when you close a tab automatically is really great for somebody that has their browser always open. It isn't much different than clicking new identity, except that it is not creating a new tunnel. The fact that it is automated is really important because most people get lazy, myself included. We need to make these good security practices as automatic as possible instead of leaving it in the users hand. It is just good practice to delete cookies and doing it without having to close your browser is a really handy feature. It might be one you find extraneous and others can make that call for themselves, but there really is no way to fingerprint somebody based on that occurring or not if they are already going through tor since your connection is already anonymized and it would be difficult to tell what other websites your were visiting at the same time. If anything, this practice prevents traffic analysis by collection of third party cookies or cookie staining, which was an attack that was recently demonstrated at defcon. To me that is an absolutely crucial plugin.

As I said in the post, these are plugins you may want to consider and I can make a good case for all of them. Ultimately Tor browser is setup pretty well for the average user, but these are things you can do to enhance the security. I think there are some other things I would like to see Tor Browser be a little more strict about, like blocking ssl versions that have known vulnerabilities. There is still a lot left up to the user that can mess you up. What ever the case, I think you should always take the time to record some sessions in burp proxy before you use your browser for something that you need a high level of anonymity for. If you are the average activist, you are probably good with just the tor browser bundle and you can consider the plugins that I mentioned or not.

It is also a good idea to run your browser through panopticlick with javascript enabled so you can see what is being leaked. I use a lot of those plugins specifically because they do better on the panopticlick test.

5

ymir wrote

While, I think you might have a point with ghostery, I think it works better than Privacy Badger in a lot of cases. How would Self Destructing Cookies, Decentraleyes and User Agent help to profile you? Carrying cookies, especially third party cookies from site to site is one way trackers can build a profile on you. In fact I would say that is how most trackers work. So I absolutely advocate Self Destructing Cookies, you should delete any cookie you don't currently need. Decentraleyes is great for a lot of use cases also. I think not requesting recourses from Facebook or Google's CDN's as much as is possible is a great way to avoid being profiled. If the resource exists locally on the server you are hitting, that is where you should procure it, not from a CDN that is building a profile on your media consumption, which the NSA likely has access to. Also User Agen Switcher is yet another way to obscure your identity, if you change it frequently, your browser cannot easily be finger printed based on a consistent and relatively unique user agent. I absolutely stand by all three of those as a way to help mitigate your risk of being identified online.

I think as far as things like flash and java, you should absolutely turn those plugins off. The goal I would say is to make content on the internet as static as possible. Any content that is dynamically served, requires conditional logic provided often times by javascript or java or flash and should be avoided as much as possible.

It may also be a good idea for people to have one browser they use for activism, which is locked down and jailed to a certain directory that doesn't leak personal information and another browser for any other activity, which you may want to consider also jailing so it cannot see anything your other browser is doing. That is a much more advanced configuration though.

Whonix's documentation is really one such guide, of which there are many great ones. Whonix also offers a great product, but it can be difficult to use for people just getting acquainted with opsec.

What I wrote is really a straight forward guide that will tackle most of the basics and establish a baseline. I think making things too complicated is one way we convince people to not do anything at all. A lot of firefox plugins are a matter of preference, but there are a lot of good ones that help to protect privacy and should be used by people seeking to protect their privacy.

3

ymir wrote (edited )

Chomsky has a lot to say about the doom and gloom and little to say about how to fix it. When he offers up a solution that is better than antifa, I will hear him out. I am kind of tired of people freaking out about antifa. We are dealing with an adversary in Neo-Nazis that wants to literally kill people. All the nonsense about freedom of speech is to hide behind the fact that the speech they want to be "free," would be considered threats elsewhere. These Nazis maintain hit websites, which for some reason cloudflare thinks is "speech... not a bomb." If somebody posts a credible bomb threat on a website, is that "free speech," or is that a threat? I think those that support antifa are starting to understand that it is a viable threat and we need to put an end to it. Nazis are using the Internet to mobilize their foot soldiers and at the end of the day, people are getting killed after these guys have called for violence at rallies. Enough is enough and if Chompsky can't see that, to hell with him too. Just because he is right about a lot of the doom and gloom, doesn't mean he is right about an area of intellectual thought, which he has failed to penetrate. We need solutions, not just politics.

4

ymir wrote

He was supposedly under investigation, but the campus officials have decided to protect him and allow him to continue using campus resources to send his message of hate and violence. He has been convicted of a violent hate crime already and he assaulted a woman at a protest in Berkeley and though it is on video from multiple angles, no charges have been filed and he was allowed to organize in Charlottesville. How much violence do you have to be tied to, before people start standing up and saying this is not okay. I sent my email, but that doesn't go far enough. Here is all of his personal info that I've been digging up for the last few months:

Nathan Damigo founder of Identity Evropa:

Home Address: 14773 Orange Blossom Rd, Oakdale, CA

PO Box: PO BOX 1681, 170 CALIFORNIA AVE OAKDALE, CA

Phone: 1-408-386-3508

Email: NEWORGFOROURPEOPLE@GMAIL.COM