0

I'm living in a very evil country and don't trust my ISP or the government. Moreover the country has control of several root and probably more intermediate certificate authorities. What options do I have as a normal end user with a DSL or cable connection to protect against BGP hijacking and to make sure I connect to the right remote end so I can be sure about the confidentiality and integrity of the data I send and receive?

Hard mode:

Nowadays many websites use the cloud and anycast. In many modern countries there are multiple datacenters of those providers. So in the end many of my connections will be terminated inside the country so potentially under control of the local attacker. In that case it would also be easier for e.g. the government to attack those end points and gain direct control of them or steal the private keys of the server (or alternatively use legal force and "ask" the provider for keys/clear text data)

biosflashers
  • 1
  • A very evil country may be monitoring certain traffic patterns, for example usage of Tor or a VPN. They can't tell what's inside the packets but can flag the activity as "suspicious". Regarding BGP hijacking, at your level you can't do anything. This is matter for the ISPs. – Kate Aug 11 '21 at 19:29

1 Answers1

2

First, you need to enforce the use of HTTPS in your web browser, because it is the only way you can trust your connections (authenticity, integrity and confidentiality). Today, some browsers allow you to configure them to do it, for others you can use the EFF HTTPS Everywhere extension. From your description of your threat model, you should never accept a connection with an invalid certificate.

If you do not trust some certificate authorities, you can remove them from your web browser. Beware that doing so, you risk breaking your access to many legitimate websites.

In addition, to mitigate BGP hijacking, you can tunnel your connections inside Tor or a VPN, to escape the borders of your country.

If your threat actor gained access to a legitimate server and is actively serving malicious content, you cannot do anything to prevent them doing so. What you can do is avoid known compromised servers, using IP blocklists (example), but if the threat actor is stealthy, that will not work well. Another thing you can do is to always use alternative identities when online to avoid being targeted in the first place. You should also not trust the computer you are using to browse: buy one for this task. Even better if you browse using temporary virtual machines, to avoid keeping persistent traces or malware (even though some malware can escape VMs).

A. Hersean
  • 10,046
  • 3
  • 28
  • 42
  • "even though some malware can escape VMs" ... and then tries to flash your Bios ಠ‿ಠ "If you do not trust some certificate authorities" What about intermediate ones? Can you trust/distrust some of them specifically ? Tor and VPN is also not an option. You need to bootstrap them securely somehow and attacker could change the path you are taking or correlate traffic. – biosflashers Aug 11 '21 at 11:46
  • @biosflashers That's why you need a dedicated computer. If you distrust an intermediate CA, you should inform the root CA or distrust the root CA. Have you tried Tor and VPNs before rejecting them? Tor comes with exit nodes preconfigured. Traffic correlation was not mentioned in your threat model: maybe you should ask another question on this specific issue. – A. Hersean Aug 11 '21 at 12:34
  • Dedicated computers don't prevent VM breakouts nor flashing firmware or messing with the host OS. "Have you tried Tor and VPNs before rejecting them?" Yes. "Tor comes with exit nodes preconfigured" Does it? And what about the entry nodes? – biosflashers Aug 11 '21 at 12:57
  • @biosflashers I notice you dismiss answers before looking into them. Why bother asking questions in the first place, then? Please read again my previous comment. You should also read about opsec (operational security), because that's what you are looking for. You should also read about the basics of the Tor protocol, or ask specific questions about it on the main page of this website. Comments are not suited to answers those questions. – A. Hersean Aug 11 '21 at 13:09