blog-contributions/opsec/internetsegmentation/index.html

207 lines
9.6 KiB
HTML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
<title>Internet Usage Segmentation Setup</title>
<!-- Bootstrap core CSS -->
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
<link href="../../assets/css/xt256.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../assets/css/main.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-inverse-anon navbar-static-top">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="/about.html">About</a></li>
<li><a href="/blog.html">Categories</a></li>
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
<li><a href="/contact.html">Contact</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-04-26</ba></p>
<h1>Internet Usage Segmentation Setup </h1>
<p>In this tutorial we're going to cover how to properly segment your internet usage. This is the most common opsec practice that you should always use. We're going to base ourselves off from the pyramid of internet use that we have seen <a href="../opsec4levels/index.html">previously</a>, to be able to replicate each of the 4 OPSEC levels into our current setup:</p>
<img src="../opsec4levels/0.3.png" class="imgRz">
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Different Internet Usage </b></h2>
<p>The most common OPSEC mistake out there is the lack of internet usage segmentation. Most people don't have this reflex when they first discover Anonymity and Privacy online. Thing is, <b>it is not possible to be fully anonymous for everything that you do online</b>, there will always be some service that is vital to you, which you will need to access with your real world identity (for example, to access your bank account, or some insurance website, etc). However it is definitely possible to implement proper internet usage segmentation:</p>
<p>In this case we're going to differentiate 4 types of Internet usage:</p>
<img src="2.png" class="imgRz">
<p><u>Internet Uses:</u></p>
<ol>
<li><p><u>Public use</u>: What you do is public knowledge</p></li>
<li><p><u>Private use</u>: What you do is not meant to be known (private)</p></li>
<li><p><u>Anonymous use</u>: What you do is meant to be done without revealing your identity</p></li>
<li><p><u>Sensitive use</u>: What you do is meant to remain secret at all cost, only to be known by you</p></li>
</ol>
<p>With each different Internet usage, we have different requirements:</p>
<img src="3.png" class="imgRz">
<p><u>Requirements:</u></p>
<ol>
<li><p><u>Public use</u>: No requirement ; you can use closed source software (meaning it's all public)</p></li>
<li><p><u>Private use</u>: only open source software, + you use a pseudonym, to practice privacy</p></li>
<li><p><u>Anonymous use</u>: open source, using a false identity to practice anonymity, not sensitive</p></li>
<li><p><u>Sensitive use</u>: open source, using an other false identity and must be plausibly deniable</p></li>
</ol>
<p>Now with this we identified the 4 most typical internet use cases, and their requirements.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Identity Management</b></h2> </br> </br>
<p>As we said previously, segmentation is required for each internet use. This extends to the Identity you use online. For example you cannot use your real name when trying to use the internet anonymously. So you need a different identity for each use case: </p>
<img src="4.png" class="imgRz">
<p><u>Different Identities:</u></p>
<ol>
<li><p><u>Public Identity</u>: <b>Linus Torvalds</b> (used on websites that ask for your identity) </p></li>
<li><p><u>Private Identity</u>: <b>Nihilist</b> (used on websites that may KYC, but pseudonym is preferred)</p></li>
<li><p><u>Anonymous Identity</u>: <b>ZacharyJr</b> (used on anonymous websites, non-sensitive use)</p></li>
<li><p><u>Sensitive Identity</u>: <b>Dread Pirate Roberts</b> (used on anonymous websites, sensitive use)</p></li>
</ol>
<p>The important thing here is that you must make sure that each identity have nothing in common, <b>it must always remain impossible for and adversary to be able to link those identities together. </b></p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Multiple Virtual Machines (VMs)</b></h2> </br> </br>
<p>To help you implement your internet usage segmentation, you can use VMs to make sure the segmentation is present inside the system:</p>
<img src="5.png" class="imgRz">
<p><u>Virtual Machines:</u></p>
<ol>
<li><p><u>Public use</u>: No requirement ; you can use a windows VM for all closed source software and KYC use</p></li>
<li><p><u>Private use</u>: you can use a Debian VM, with only open source software (ex:matrix and element)</p></li>
<li><p><u>Anonymous use</u>: you can use Whonix VMs, (can also have a with a Tor -> VPN setup) </p></li>
<li><p><u>Sensitive use</u>: You can use Whonix VMs, but they need to be inside a <a href="../anonymity/index.html">veracrypt hidden volume</a></p></li>
</ol>
<p><u>Sidenote:</u> <a href="https://www.qubes-os.org/">QubesOS</a> is based off the same segmentation principle, that every use must remain isolated (or compartmentalized) into VMs, for specific uses. It also uses Linux and Whonix VMs, while using the Xen hypervisor instead of libvirtd QEMU/KVM, but the concept remains the same. </p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<!-- +++++ Second Post +++++ -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Internet Usage Segmentation Recap</b></h2> </br> </br>
<p>Now with this setup, one can segment their Internet use with a system implementation (VMs) along with the associated Identities for each usecase.</p>
<img src="6.png" class="imgRz">
<p>For further details on how to dissect your OPSEC, check out this tutorial <a href="../opsec/index.html">here</a>, because using the right technologies is only the first half of the work, you also need to have the correct behavior while using them.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">
<div class="container">
<div class="row">
<div class="col-lg-4">
<h4>Nihilism</h4>
<p>
Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>My Links</h4>
<p>
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
</p>
</div><!-- /col-lg-4 -->
<div class="col-lg-4">
<h4>About nihilist</h4>
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
</div><!-- /col-lg-4 -->
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
</body>
</html>