I'm sure I'm not first to question this, but if you download Tails or Tor browser or whatever, wouldn't that be sort of obvious? I mean it leaves traces. Then if you only use it to do something specific be it chat with friends, browse for porn, take part is activism or to buy illegal products for example wouldn't it be easy to see that: your computer went offline, then something new (Tails) went up, took anonymous connection to somewhere and then X happened, then Tails went away and your main OS/machine went back up.
My main "inspiration" here is the fake bomb threat by the college kid to get out of mid terms, just before the email about the bomb was sent his IP downloaded Tor bundle. The service he was using also had the schools IP or something so administration could see it was sent from inside the school, but I think that is still valid concern. This kind of meta data about your actions can leak just as much information as actually seeing what you are doing.
My question therefor would be: should more people use Tails as their "daily driver"? Would that make it more anonymous/private for the people like whistle blowers? My only idea at the moment would be to pay for two separate trusted VPN provider (don't know how you would vet that trustworthiness) with bitcoin, to keep your anonymity/privacy with them as well. Then pipe all your traffic through one of the VPNs all the time. Then when you need to use Tor, you would simply pipe it through that same VPN when you would emerge with rest of the clients from same point and then pipe your Tor traffic through the secondary VPN. This way you would still get the benefits of encrypted tunnels all the way through with benefit of Tors anonymizing and it might not be so obvious you are browsing Tor to your ISP or whatever.
Maybe I'm thinking this is harder than it actually is
First, Harvard bomb kid was caught because of some decent sysadmins ran good network analysis and after receiving a bomb threat that was received from Tor saw that there was only a single student on the entire network that was running Tor.
ISP's or network providers know if you're running Tor, when you're online and when you're active (it has been used in criminal cases to link real people to online aliases)
Someone else in this thread pointed out that the download points for Tails are all HTTP - so you can't find it and download it anonymously.
The way to do it would be to find an HTTPS mirror (avoiding search engines) or a public terminal.
IMO you shouldn't use Tails as your personal machine. This isn't a technical decision more a question of OPSEC policy. The key to anonymity is compartmentalization - the concept of creating, maintaining and then isolating your different identities.
Your real identity will continue to use your computer, your phone number, your internet connection, etc. It might tighten up some privacy leaks. Your anonymous identity (which may have a name) will use Tor in a virtual machine as a gateway and Linux in another virtual machine as a client, or it will boot into Tails. The anonymous identity using Tor has nothing in common with the real identity that can be linked together by a passive or active attacker.
For ex. your anon identity is doing anonymous stuff on anonymous online markets, but then you use the same Tails session to login to your personal Gmail. You've just been de-anonymized. Don't share anything between the two identities (having the same interests, typing style, etc. to name a few) as that would tie an anonymous identity to a real one.
With this in mind, Tails is perfect for the use case of 'I need to do some anonymous stuff with my anonymous identity and then get back' which is exactly how a lot of journalists, black hats, etc. use it. The more 'comfortable' Tails is with features and programs the more likely you are to hang around and do something that will de-anonymize you :)
Seems you can download via bittorrent as well? [1]
BTW, if you download a file of 1.1 GB from boum.org then the size of the download already pretty much gives away that you are downloading tails.. So https does not give you anonymous downloads, it gives you an increased certainty of origin. But as you should verify the signature instead (which is served over https)[2] I think it is fine to download via http.
I mean... you could do this, but it would completely depend on your threat level. The problem with this idea is that using your computer in any way that's remotely convenient or normal is impossible. Eventually everyone screws up/gets frustrated/let's their parent or SO use the machine. Right then all of this is mute.
If you're this level of paranoid any email account used more than a handful of times has to be burned and never touched. You definitely should not ever access a cell network with a smartphone, which has to be burned as well every week or so. Social media use is also dead. If you don't use social media because of security concerns, that's fine, but 2.5 billion people do, so you're probably in the minority.
If you're going to whistle blow there are a bunch of other steps you should implement, running TOR being one of them, Tails if you're that high up of a risk (hint: you're probably not). If you're at that level 1.) you should be doing everything from various public wifi networks in cities nowhere near you and 2.) the fact that you downloaded TOR is not what anyone's interested in anyways, it's what you're saying and doing behind it.
>1.) you should be doing everything from various public wifi networks in cities nowhere near you and 2.) the fact that you downloaded TOR is not what anyone's interested in anyways, it's what you're saying and doing behind it.
Everyone keeps saying that you should "take a greyhound out to the boon to use their wifi to be anonymous", it's pretty suspect if suddenly you take a trip to somewhere you've never been to with no obvious motive and suddenly bunch of data related to you/your employer gets leaked.
About no one caring you download Tor, if it still gets hovered up in some NSA-database-type-thing you can be exposed years after the fact. Just like no one cares (right now) what kind of porn you watch, but maybe in future some suppressive regime gets to power and they don't like how you spend your past time.
Pay cash for your ticket, leave your smartphone at home switched on (even script some stuff if you want to make it look like there's activity there). Boot into a live CD, make sure you use a spoofed MAC address (does TAILS do this automatically?) and keep your face away from cameras.
Should be pretty bulletproof against all but the most capable adversaries.
My main "inspiration" here is the fake bomb threat by the college kid to get out of mid terms, just before the email about the bomb was sent his IP downloaded Tor bundle. The service he was using also had the schools IP or something so administration could see it was sent from inside the school, but I think that is still valid concern. This kind of meta data about your actions can leak just as much information as actually seeing what you are doing.
My question therefor would be: should more people use Tails as their "daily driver"? Would that make it more anonymous/private for the people like whistle blowers? My only idea at the moment would be to pay for two separate trusted VPN provider (don't know how you would vet that trustworthiness) with bitcoin, to keep your anonymity/privacy with them as well. Then pipe all your traffic through one of the VPNs all the time. Then when you need to use Tor, you would simply pipe it through that same VPN when you would emerge with rest of the clients from same point and then pipe your Tor traffic through the secondary VPN. This way you would still get the benefits of encrypted tunnels all the way through with benefit of Tors anonymizing and it might not be so obvious you are browsing Tor to your ISP or whatever.
Maybe I'm thinking this is harder than it actually is