/os/ - Online Security

News, techniques and methods for computer network security.

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Board Rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Magrathea | Catalog | Bottom


Welcome to Online Security the place for internet and computer security, privacy and anonymity.
If you have some helpful tips please feel free to share your ideas. Start a new thread, or contribute to an existing thread.

Expand All Images


Definitions and Threat Models Endwall 07/05/2020 (Sun) 20:46:22 [Preview] No. 1548
Definitions and Threat Models

In this thread we discuss the definitions of Privacy, Security, Anonymity. We also create and describe common threat models that chan users might face.

Who is the enemy? What tools do they potentially have? What could they do to you? How do you mitigate these threats and potential harms?
Edited last time by Endwall on 07/05/2020 (Sun) 21:15:21.


Endwall 07/05/2020 (Sun) 21:07:06 [Preview] No.1549 del
I'm going to provide my definitions without referencing any material. This is in a personal computing context:

Privacy: What I do on my local computer only I know, the files I read from my local hard disk, the computational operations that I perform, the text files I create, the commands that I input are known only to me (the user). These operations, inputs by keyboard and outputs to my screen / monitor are known only to the user, only I know what files I observed, how I interacted with them, edited them or saved them, and what commands I inputted to the keyboard to perform these actions. Local files and operations on the personal computer are known only to the current user, and are ephemeral and gone once the computer is power cycled, unless I specifically made a log of the actions and stored it to disk intentionally.

Security: Unauthorized users, programs, or processes are not able to access read, write or modify, or know the contents of files or operations performed on the personal computer. Remote computer users can not access, retrieve, files or memory from my personal computer unless I have set up a server to do so and only within the context of the files being served. Other persons with physical access to my computing device can not operate, or retrieve files or information from the device without authorization.

Anonymity: Actions performed in public whether observed or unobserved, are either unnoticed, noticed but unreported, or noticed and reported but it is not possible to attribute the public actions to the source actor either due to lack of observable evidence, or the computational complexity. Public here means remote computers that my personal computer connects to via internet routing technologies. Public access from my computer to another computer system hosting files or serving files and content via the internet. Actions could include retrieving files, modifying files, or reading and posting text to a remote server by way of programs running on my personal computer.

People accusing each other of not grasping the separation or overlap of these concepts is perennial (comes up often). So I figured this should be sorted out in it's own thread. Post any additional definitions or links to proper definitions below.


Endwall 07/05/2020 (Sun) 21:59:54 [Preview] No.1550 del
Related concepts

Privacy: clean computing, no malware, no keylogging, no system logging. No shoulder surfing. No cameras in your room. No microphones in your room. No screen captures. No position tracking. Public Key Cryptography for messaging (RSA).

Security: Strong passwords, username/password access authentication, file permissions, Strong Encryption, Encrypted file systems, Encrypted files and folders. Firewalls, Access Control. Physical locks on your room, front door, windows, bars on the windows, physical key lock on the computer.

Anonymity: Face masks, hoodies, wigs and sunglasses, motor cycle helmets, black track suits, camouflage. Tor, I2P, Proxies. Typewriters, cork bulletin boards with tacks and push tacks, No cameras, no voice recognition, no facial recognition. Dead drops of floppy disks and USB sticks, SD cards. Sneaker nets. Voice modulation/ modification dsp technologies, talking like Batman etc. Text to speech...etc.

I feel that personal computing privacy is the root of the other two concepts. If there is a key logger or other related malware on your system (screen shot grabbers etc), your passwords are not secure (system and encryption), your actions and intentions are known, and your "Anonymous" discussions online through IM and message board posting, and potentially offline (dead dropping your manifesto that you typed on your computer) are also observable.

Post more below


Endwall 07/06/2020 (Mon) 00:37:34 [Preview] No.1551 del
Analogies

Privacy: When I'm in my house I draw the blinds on my windows, and I can go into my shower, strip my clothes and shower naked, nobody can see what I'm doing except for me. My walls form a visual privacy barrier, the running water masks the sound of my humming and whistling. (Thermal imaging cameras can defeat this form of privacy).

Security: While I'm showering upstairs a delivery man comes to the door with a parcel, he rings the doorbell, and nobody answers, from this he infers that there isn't anyone inside, and he tries the door handle to open the door. It's locked with 2 deadbolts, so it doesn't open. There are no open windows, and the windows are all barred up with security bars. (Brute force or lock picking can defeat this form of security).

Anonymity: After finishing my shower, I open the front door and take the parcel in, and open the exterior, inside is a note with an address and some instructions, and another parcel. I put on a wig with a fake mustache and beard, sunglasses and a hoodie. I put on a black track suit and a motorcycle helmet, and go outside to my motorcycle and then I change the license plate to another stolen license plate belonging to another motorcycle owner that I stole earlier that day (borrowed). My motorcycle is the most common manufactured brand, model, and color averaged over the last 10 years. I proceed to drive at the speed limit to arrive at a house address mentioned in the note, to deliver the parcel that was placed at my front door by the delivery man. I place it at his front door in a special lock box, and then I drive home. Unless I was followed, hopefully the entire transaction was anonymous. (defeated by being tailed, traced, tracked, or by camera surveillance network).

Regular anonymity for most people, means walking out your front door with no face masking apparatus, jumping in your car (with your license plate), going to the store, buying milk, being on camera, paying with a credit card, and driving home. But nobody cares, since everyone needs food right? You are just one of many food eaters, not very unusual, so it goes unnoticed / unreported. (What most people think the internet is like...until you find out your were very wrong and uninformed about the danger...).



Top | Catalog | Post a reply | Magrathea | Return