3

UPDATE: There is a similar question, but my question is different because it is very narrow and about a very specific security concern. In short, I used a laptop to make posts on a Russian social network (vk.com) from Japan and am now travelling to Russia with the same laptop. My specific concern is how I can exclude the possibility of being identified, in Russia, as the author of those posts. I am afraid that if I connect my laptop to the Internet in Russia, my laptop might leave some "fingerprints" in Russia coinciding with "fingerprints" I left when I made those posts from Japan. The answer given to the question referred to above does not address my concern at all.

More details are below, in the original text of my question.

I am a Japanese student learning the Russian language and will soon travel to Russia to have a kind of internship or training.

I have a security concern and a background to it. The background is that I actively participated in Internet discussions on the Russian social network vk.com under a fake name and made many provocative posts there, so a number of people explicitly wrote there that they would do their best and utmost to find my real identity and make it public. My posts are definitely of no concern to police and were not even deleted by the admins, but quite a large number of people got really agitated as my posts were about politics, religions, cultures, and similar sensitive stuff and written in a provocative manner. I cannot afford getting my real name publicly associated with those posts, but I did not see how people could find my real name, so I even made some posts saying they would not be able to find my name.

Some time ago one Russian sent me a message telling me he had discovered my real Japanese IP addresses, and he told me some of them. Although I had not used any proxy servers to make my posts, I got shocked, because vk.com is not supposed to share my IP addresses with anyone. The guy then wrote he had been able to find my IP addresses because he works in a Russian company that has access to a lot of data related to the use of the Internet in Russia. He added that he had somehow tried to find my real name based on my Japanese IP addresses, but had not succeeded. Indeed, my Japanese IP addresses do not give any leads, and no Japanese provider will tell my name to Russians.

Now I am travelling to Russia and intend to use there the same laptop I used to make my posts; I will be given an Internet connection in Russia and, in view of what the guy told me, will obviously need to avoid any possibility of leaving any traces in Russia that could link my Russian IP address with my past posts. The reason is that knowing my Russian IP, people might find my real name by contacting my Russian hosts. Ideally, I would like to continue using the same account in the social network to make posts while staying in Russia.

My question is this: What should I do to meet these needs?

I am asking because I know little about such security matters and, in particular, what kind of information is collected from my laptop by Internet providers and servers such as vk.com, so I am afraid to even connect my laptop to the Internet in Russia. I humbly hope that security experts of this SE could kindly instruct me how I can safely use my laptop in Russia without any risk of getting exposed in relation to my past posts made from Japan from the same laptop, given that at least one Russian who wants to find my real identity may have access to any data related to the use of the Internet in Russia.

Mitsuko
  • 165
  • 1
  • 5
  • What do you mean he told you some of your ip address? – yeah_well Aug 31 '19 at 20:35
  • @VipulNair : I used different Internet connections/providers in Japan, and he told me some IP addresses that correspond to those providers. – Mitsuko Aug 31 '19 at 22:26
  • he told you your exact ip address or just the provider name? – yeah_well Aug 31 '19 at 22:38
  • Possible duplicate of [What is risky about international travel?](https://security.stackexchange.com/questions/205917/what-is-risky-about-international-travel) – Xander Sep 01 '19 at 01:10
  • So, err, what exactly is the problem if those posts were associated with you? Tons of other discussion services like forums or LiveJournal do give away IP and I, generally, don't give a single thought about it no matter whatever I write and how provocative is that. I also don't hide my real name and use pretty much the same login everywhere for past three decades or so. So far none of this had any impact on my life in Russia. – Oleg V. Volkov Sep 01 '19 at 02:50
  • 1
    @VipulNair : Yes, he told me exact IP addresses. – Mitsuko Sep 01 '19 at 18:42
  • @OlegV.Volkov : If anyone in my university in Japan learns about me making such provocative posts, I may face serious problems. It is Japan, you know. They are likely to react in order to distance the university from the views expressed in my posts. – Mitsuko Sep 01 '19 at 18:45
  • @OlegV.Volkov : Speaking more specifically, I am afraid of the following scenario: First, someone in Russia finds my identity and makes it public; then the information about me making such posts gets disseminated on the Internet; then someone from my university in Japan learns it; then I get expelled from the university. – Mitsuko Sep 01 '19 at 18:49
  • @Mitsuko General OpSec advice. If you post anything of this nature, do it from a live distribution such as [TAILS](https://tails.boum.org/). Use dedicated accounts, without any link to your primary account, or your real identity. –  Sep 02 '19 at 09:43

4 Answers4

2

Now I am traveling to Russia and intend to use there the same laptop I used to make my posts

I am going to write the answer assuming your laptop hasn't already been compromised with a rootkit/malware.If it has either nuke it or format HDD and preferably use linux live.

Now to your question

My question is this: What should I do to meet these needs?

any possibility of leaving any traces in Russia that could link my Russian IP address with my past posts

Simply mask your IP address with a VPN and use tor browser on top it to avoid any browser finger printing.Also change your DNS server to either 1.1.1.1 or any other google DNS servers.This should be sufficient if you don't make any other mistakes.

**What are those mistakes?**

You say that you will be using the same account when you are in russia as well.Your mistakes could range from something super stupid like sharing your location(Like i said use tor browser) or sharing a photo of your nearby place.DONT MAKE OBVIOUS MISTAKES.You could also be social engineered via social networking VK.COM via messaging,ads or any other social engineering attack vector to compromise you.HERE CLICK THIS LINK.You could also make configuration mistakes which could lead to IP leaks.If you are that much paranoid you could use an operating system such as Tails which is made for privacy.This might be an overkill in my opinion,obvious mistakes are what you should be looking out for.

WHY DO I THINK VPN PLUS TOR BROWSER SHOULD SOLVE 99% OF YOUR PROBLEMS? Well for starters an attacker would have to be very very dedicated in trying to compromise you and how would the attacker even know that you are in russia if you simply configured your VPN well.Lastly I would also advice you to not share on your social media that you are in russia and not agitate them into trying something.

Community
  • 1
yeah_well
  • 3,699
  • 1
  • 13
  • 30
  • 2
    You are aware that VPNs [except those sanctioned by the government] are illegal in Russia, right? – Ángel Sep 10 '19 at 00:17
  • @Ángel nope didnt know that.How do they implement that? – yeah_well Sep 10 '19 at 02:01
  • 1
    https://en.wikipedia.org/wiki/Internet_censorship_in_Russia – user10216038 Sep 10 '19 at 15:31
  • 1
    @VipulNair they 'implemented' it by passing a law requiring VPN to register with them, and by adding sites not complying to their blacklist: https://www.themoscowtimes.com/2017/11/01/russian-law-banning-anonymous-online-surfing-comes-into-effect-a59434 and VPN users could be fined up to [300,000 RUB ($5,100)](https://www.vpnunlimitedapp.com/blog/penalties-for-using-vpn/). I am told that many people use VPNs in Russia anyway, but it's something to be aware of. – Ángel Sep 10 '19 at 23:30
1

In short, I used a laptop to make posts on a Russian social network (vk.com) from Japan and am now travelling to Russia with the same laptop. My specific concern is how I can exclude the possibility of being identified, in Russia, as the author of those posts.

Not the answer you want to hear, but simply "Don't do that!"

Russia has begun implementing serious VPN restrictions.

More importantly, customs may separate you from you laptop long enough to "image" (copy) the drive. They may also implant your laptop.

Travel with a clean laptop, and expect to discard or at least wipe that laptop after leaving.

user10216038
  • 7,552
  • 2
  • 16
  • 19
1

If you have to use the same laptop you used to make such posts (the same hardware), you should completely reinstall it.

This means:

  1. You optionally take an image of your laptop and securely store it on Japan before traveling to Russia
  2. You securely wipe the laptop and reinstall everything you may need. YMMV, operating system, common programs. Preferably you would not configure your main mail account. You do not copy your mail history or forum accounts. Make new ones if needed. Copy only the files you will need there.
  3. At this point, you travel with your new laptop to Russia, where it may be seized, compromised, etc.
  4. At your return (after copying aside anything worth keeping), wipe again the laptop, in order to go back to a trusted state. This way, if it was compromised by Russian hackers/government/angry ISP employees during your stay, you should be safe again. You could restore the image from point #1 or -probably safest- reinstall everything again from scratch.

This doesn't make you 100% immune. Since this is a purely software approach, this would not prevent a physical attack, or an infection that compromised the BIOS firmware. However, it seems adequate enough for your threat model. It does protect you far beyond what a random forum guy could do.

PS: He likely figured out your IP address by making you visit a page or load a certain image, and the story he gave was probably a bluff.

Ángel
  • 17,578
  • 3
  • 25
  • 60
1

You'll be fine. IP Address doesn't reveal your precise location anyway. If that's the level your worried about then you don't have to take any drastic measures like wiping your laptop or buying a new laptop.

If you want to prevent being linked, just clear your browser history/cache/cookies of the site (vk.com) and don't log into the site while in Russia. No one has a reason to suspect you.

If you're using Google Chrome, you might also want to switch to another browser like Firefox while in Russia. And make a new Google account for that. This is because Google has tracking cookies that may get shared with the site which may give away your identity.

isopach
  • 491
  • 1
  • 3
  • 14