Oil and Fish

Articles

1. Practical Anonymity for Political and Religious Dissidents
2. Simple Censorship Circumvention
3. Storing a Sensitive Document
4. Telegram Privacy Settings
5. Introduction to Tor Browser
6. How to Connect to a Proxy Before Tor in Whonix
7. Pre-Proxy + Tor + Post-Proxy
8. Who Uses Tor in Not-Free Countries
9. Tor + OpenVPN
10. Tor + Cloak
11. How to Install, Configure, and Run Shadowsocks-Libev
12. Shadowsocks-Rust on Linux Server and Windows Client
13. Shadowsocks-Rust on AlmaLinux Using Teddysun Repo
14. Shadowsocks + Cloak
15. Shadowsocks + Cloak by Script
16. Shadowsocks with kcptun Acceleration
17. How to Install, Configure, and Run V2Ray + WS + TLS + CDN
18. V2Ray Server with Domestic Relay
19. VLESS with Wulabing XRay Script
20. Xray with VLESS and XTLS using ProxySU and Qv2ray
21. HyNetwork Hysteria
22. How to Install, Configure, and Run Trojan-GFW
23. Quickly Set Up Trojan-GFW
24. Quickly Set Up Trojan-Go
25. NaiveProxy + Caddy 2
26. IPsec with Libreswan
27. L2TP/IPsec with PSK with Libreswan
28. IKEv2 with Libreswan
29. IKEv2 with strongSwan
30. OpenVPN on NAT IPv4 OpenVZ VPS
31. OpenVPN + Tunnelblick XOR Patch
32. OpenVPN + Obfsproxy
33. OpenVPN + Shadowsocks
34. OpenVPN + V2Ray
35. OpenVPN + Stunnel
36. OpenVPN + Cloak
37. Double VPN with pfSense
38. Double VPN for Windows Users
39. VPN Chains
40. OpenConnect
41. WireGuard
42. WireGuard + Shadowsocks
43. WireGuard + V2Ray
44. WireGuard + Cloak
45. WireGuard + udptunnel
46. Obfuscated SSH
47. Iodine DNS Tunnel on Port 53
48. Pingtunnel ICMP Tunnel

Anonymity for Political and Religious Dissidents

From Thomas Paine’s Common Sense in the eighteenth century to Russian samizdat in the twentieth, dissidents have had good reasons to publish their ideas anonymously. These reasons continue into the twenty-first century, where governments from Venezuela to Iran to China seek to censor and intimidate.

In many regimes, the Internet user faces two threats: censorship and deanonymization. This double burden makes his task more complex than if he had to face only one or the other.

Before devising a solution, it is important that the user define his threat model. Who are his adversaries, and how might they operate?

At the outset, we will rule out mobile technology, which is notoriously insecure. Use only wired connections to the Internet and never wireless.

Tor may be a part of any solution that aims at anonymity. But do not depend on Tor alone. America’s NSA, Britain’s GCHQ, Germany’s BND, and Russia’s FSB have all worked to deanonymize Tor users. In repressive regimes, it often makes sense to combine Tor with a pre-proxy such as Shadowsocks or V2Ray. This also mitigates the risk of any single technology containing unknown flaws (“zero days”).

If the risk is physical seizure of devices, Tails makes sense. Tails is designed to be booted from a USB storage device and to leave no trace of the user’s activity on either the hard disk or the USB device. It thus defends against scrutiny of the device itself. However, Tails is of limited usefulness in countries where meek-azure bridges are required to bypass censorship. A better choice in this case might be a live CD of a Linux operating system.

If the device is in a physically secure environment, consider virtualization as protection against many deanonymization exploits. Whonix is a prebuilt arrangement of virtual machines designed with anonymity in mind. Qubes provides even stronger protections.

Even with virtualization, the host operating system needs your attention. Set a BIOS password. Install an open-source operating system. Encrypt your hard drive. Linux distributions often make this easy by offering to encrypt your hard drive during installation.

In both host and guest, avoid installing unnecessary software. Use only well-known, well-established, open-source software. Verify the developer signature on software before you install it. Enable and configure your computer’s firewall.

Finally, pay attention to operational security. Do not sign in to any account linked back to you, especially one that stores your phone number or uses a phone number for authentication. Compartmentalize your real identity and your virtual identity. Avoid leaving a money trail that can be traced back to you. Be cautious about people who approach your virtual identity or who email you attachments.

All this is subject to change, so keep learning. You should read much, much more than this article. Stay up to date with emerging technical and social engineering techniques used by governments. Sites such as Citizen Lab report on recent developments. Overcoming censorship, in particular, is often compared with an arms race or a cat-and-mouse game. It is necessary continually to develop new solutions.

Resources

• Electronic Frontier Foundation Guides
• Infosec Bytes Videos
• Whonix Wiki

Updated 2022-11-02

This site is provided for information only. It cannot replace the advice of a trained security professional. If lives or safety depend on your security, please seek the advice of an expert.