1

There are a number of layers that need to be secured. There's the network layer, for which we have Tor and other anonymizing applications and the physical layer. I don't see how one can be concerned with network security, but completely ignore physical device security at the same time. If TBB is somehow compromised, we must have a second line of defence. The first question we must ask ourselves before worrying about network security is how do we separate IP from physical device location so that we become as untraceable and as anonymous as possible? In other words, how do we access Wifi hundreds of miles from the actual address, using an IP in a different jurisdiction and doing so under the cloak of near total anonymity?

I am currently considering two options: the ProxyGambit (https://samy.pl/proxygambit/) and anonymously purchased satellite internet. Which option would be more effective? The former hasn't been field tested extensively and the info on the latter appears to be outdated, with the possibility that many older vulnerabilities may have been patched.

Are there any other options I haven't considered?

piece0fshite
  • 31
  • 1
  • If Tor Browser is compromised, you would want something like Whonix (with physical separation, not with VMs) to isolate the breach. Anyway, I think you need to specify your threat model. What are the capabilities of your adversaries, for example? Anyway even with ProxyGambit, it may be possible to locate you. If someone tracks down the original IP (e.g. at a Starbucks), they can find the ProxyGambit transmitter and locate the other end. – forest Jan 06 '19 at 06:33
  • Also, ProxyGambit seems to use a unidirectional signal to provide high-speed download via a directional antenna but low-speed upload via GSM. Not to mention, you could likely be tracked via the GSM side if you're in range of more than one cell tower. But regardless, I think your question is too broad as it is. There are many techniques, but to know which is the best requires you formulate a threat model. Also, see [this answer](https://security.stackexchange.com/a/200155/165253). – forest Jan 06 '19 at 06:40
  • Also, have you considered using frequency hopping to hide transmissions (LPI/LPD)? – forest Jan 06 '19 at 07:43
  • 1
    Having a transmitter located at e.g. a Starbucks was a vulnerability of the earlier [ProxyHam (https://bgr.com/2015/07/01/proxyham-wifi-anonymous-secure-25-miles/)], but the ProxyGambit appears to be just the device itself, which can be used with your PC and internet connection in your own home. Your point about upload via GSM tunnel is well taken; because the device relies on a SIM card, signals received by a nearby cell tower can be used to triangulate location, even if purchased anonymously (I believe). The ProxyGambit is a bad idea, which is why it hasn't gained traction since 2015. – piece0fshite Jan 06 '19 at 23:27
  • 1
    Actually, it hasn't gained traction because it's a proof of concept. – forest Jan 06 '19 at 23:30
  • I haven't formulated a threat model as of yet, but can you recommend any techniques for someone requiring a high degree of OPSEC? So far, I'm leaning towards anonymously obtained satellite IP combined with Tails/Tor. I'm not familiar with frequency hopping, can you elaborate? What kind of setup would this involve? – piece0fshite Jan 06 '19 at 23:49
  • Honestly, if you need an extremely high level of anonymity, it will be very hard to do on your own. You may want to spend a few years studying and learning OPSEC and security before you go into an adversarial environment where extremely high anonymity is required. For example, while satellite internet may make it easier to hide your physical location, all US satellite providers at least go through L3, which logs traffic for the NSA (and thus all FVEY members). So there's a huge trade-off. – forest Jan 06 '19 at 23:58
  • The _first_ thing you need to do is formulate a threat model. Everything else comes after that, before you ever even begin to consider solutions. So you have to define your adversary, who they are, what they want, their positioning in relation to you, what their abilities and resources are, etc. – forest Jan 07 '19 at 00:00

0 Answers0