Discussion of OpSec, Threat Models, Protection, Assessment & Countermeasures.
Vendors: /d/vendor_handbook.
While the focus of this community's OpSec discussions may center around DarkNet (DN) activity, all members of this sub are encouraged to think about, discuss, and share ideas relating to OpSec.
by /u/cha_kng_993 · 1 votes · 1 week ago
my current OPSEC includes:
1) Laptop with physically removed HDD/SSD
2) External SSD with Tails
3) 4G router with SIM card (data plan)
I want to avoid being tracked by adversaries while conducting my operations.
The laptop, 4G router and SIM cards were bought with cash,in person. The external SSD (memory stick size) was bought online using my real name and data.
Can this be a problem ? How to fix it ? should i buy that also with cash ? Thank you
/u/psychonut · 1 votes · 1 week ago · Link
How are you going to be "tracked by adversaries" because of a external SSD you are using?
The only thing we can think of is they could have bugged your device in transit, but this would require you are already on a list of targets and are indeed dealing with a powerful adversary. There is nothing evidence based that we can think of here that anyone could do to you based on your use of that SSD.
/u/whiteboard P · 1 votes · 1 week ago · Link
This. I'd be more concerned about the 4g router with the SIM. Even though OP bought it with cash it could still be the weakest link in the chain.
For example, it's connecting to cell towers for connectivity so now location of that device could be triangulated. This likely won't be a big deal if /u/cha_kng_993 is only ever using the Tor network (which sounds like the case since the internal drive was removed and Tails is being used). The only traffic a provider would ever see is going in to the Tor network so not much to correlate except that that particular router is accessing Tor.
However, if they were also connecting to that 4g router with other personal devices and doing personal things there could now be a thread connecting things that you don't want to exist.
/u/cha_kng_993
· 1 votes
· 1 week ago
· Link
thank you for your reply. I am using the 4g router to connect just to my "work" laptop where my external SSD is connected only with Tails. . Everythng i do i do inside Tails. I keep the router away and not connect to it from any personal devices. I never do any personal stuff using it. Its "HOT" and i know it. Maybe i am a bit too paranoid but i was asking more if the serial number or something can connect to the external SSD i am using and they can track if after and corelate with the online purcahse from a certain online store? Its a NOOB question but does the external SSD have any identification data that can be tracked ? Simlar to a MAC address from network adapters
/u/psychonut · 1 votes · 1 week ago · Link
What? The SSD has a serial number but nobody can see that or track you through it, it is kept offline. In addition, your MAC address is only seen by the router you are using. We do not see how a SSD serial number could ever be useful to your adversary given what you have described here.
If we are being honest, the 4g router setup is probably unnecessary for you and it's not clear what benefit it's providing.
/u/Varixmar · 1 votes · 1 week ago · Link
responded in a separate post and just because the serial number is offline doesn't mean it can't be obtained by an adversary if they manage to gain control of your system then its as easily obtainable as opening something like the disks application in the utilities section on tails.
/u/cha_kng_993
· 1 votes
· 1 week ago
· Link
thank you. i am using the 4G mobile router with a SIM card so i will not need to use a public WIFI (because of cameras) or my home network. I am trying to protect myself from LE as better as i can
/u/cha_kng_993
· 1 votes
· 1 week ago
· Link
[removed]
/u/Varixmar · 1 votes · 1 week ago · Link
The only way i can see a SSD being your single point of failure is if they managed an actual attack on your system and was able to scrape the serial number then have some sort of database on where/when it was purchased. The main point behind keeping everything anonymous and purchased with cash is not about if but when AI or quantum computing can break modern day encryption and the huge ledger of information that was once protected by the onion protocol would be useless and available for data collection.