Re: Security package for an individual in a hostile country

Dav170627 wrote:
Kristian Gjøsteen wrote:
<utkhjfolmfs@xxxxxxxxxxxxxx> wrote:
I have a friend that has approached me for advice on online security.
His issue is that he has begun to be intimately involved with a very
hostile government.

Note that any advice you get here is given by armchair generals.
I don't think anyone here has actual experience with an adversary
of this sort. It is a difficult threat to deal with.

His priorities are to:
-surf the internet freely (while it is nationally monitored)

This is difficult.

-post a blog to get information out of the country

If you can do e-mail, this should be easy. (E-mail the blog entry to you,
and you post it.)

-securely email people within and outside the country

This is more difficult.

-store sensitive data

This is fairly easy.

He has a laptop and slow wireless access and I can mail him simple
hardware (probably). The problem is that he is not at all technical.

This is what I was going to tell them but as I'd hate to give him bad
advice, tell me what you think.

***************************
This package of stuff allows the user to access the internet
anonymously and store information securely while bypassing national/
local firewalls. It is fully portable, can run on a separate web
browser, can be loaded on a USB thumb-drive, and be invisible (and
encrypted) to unauthorized people searching for it.

Used to encrypt and/or hide your files (USB and/or hard drive).
http://www.truecrypt.org/

Ok.

Use TOR to completely anonymize online activity. It doesn't make it
secure, only anonymous. The easiest way is to use the Firefox web
browser and install both the "torbutton" and "nosrcript" addons.
NOTE: This software can be fully portable as "portable Firefox" and
"portable tor" can be loaded onto a USB and used with no residual
footprint.
http://tor.eff.org/
http://portableapps.com/apps/internet/firefox_portable

Unfortunately, using TOR will tell an eavesdropper that you have
something to hide. That may not be what your friend wants to do.

PGP is probably the easiest to use for emails. Apparently the best
free PGP online suite is HUSHMAIL.
https://www.hushmail.com/ (don't use the unsecured http://www.hushmail.com)
http://www.pcworld.com/downloads/userreviews/fid,3178/userreviews.html

If he is sending e-mail to recipients abroad, why not simply use the
SSL interface to Google Mail? I'm assuming that the hostile government
cannot monitor Google's net connection. He can also send e-mail to
other Google users, even if they are inside the same country.

I believe there are Firefox extensions that ensures the Google Mail
connection is encrypted.

This program hides messages in pictures and can be runoff a USB
drive. Apparently, if you are (an expert) looking for these files in
pictures, etc, they are relatively easy to find...so they should also be
encrypted (using the same program or truecrypt).
http://www.thegreatpuzzle.com/superstormpro.php

What's the point of hiding a file where people can find it, except
to incriminate yourself?

Since security is dependent on passwords, choose a different password
for each important account. Safer passwords should be two words with
numbers in the middle. This program saves your passwords and has a
function to auto-fill text on web pages.
http://www.pcworld.com/downloads/file/fid,65611-page,1-c,security/description.html


Safe passwords are random passwords. Find a program that generates
random passwords and start memorising.

And remember anything you print out on your printer can probably be
traced back to you.
http://www.eff.org/issues/printers


If you go to another country, then you obey the laws of that country - trying to find ways to break the laws (and get away with it) suggests you think you're smarter than all the police, secret police, customs officials etc put together. News flash - *you are not*.

You are either an idiot or the email is just a "put up", maybe fishing for a product endorsement or a forum to discuss a particular product. Either way you deserve no further response

I obviously meant the OP and his friend not "KG" - I apologize for my ill directed post
.