Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Off-topic
Re: [10 BTC bounty] http://findmeifyoucan.eu
by
joe23
on 28/10/2012, 11:39:46 UTC
Hey guys,

just got up (hint, hint). yawn.

You seem to have found some info on the VPS even I didn't know (couldn't care less where its located).

I think the basic concept is pretty sound: I'm using that VPS for everything: to host the page and as a proxy. I olny ever connected to it via tor (hopefully). So when the VPS is compromised, I should still be secure.

Things I've learned from you guys (and own thoughts) so far:

  • reevaluate use of lastpass, it's a risk, lastpass inc. could be subpoenad or whatever into slipping me custom code or there already is a backdoor of sorts that could leak info, who knows
  • isolate joe on the client system better (currently all I do is use a seperate user) and make sure the client can only connect through tor, maybe at the router or something. There's currently the chance that I might accidentally connect through the parent network and reveal my IP to the VPS. Maybe use a virtual machine. Protect it (or /home/joe at least) locally so your visitors or the people you live with don't accidentally find joe. Always unmount /home/joe, shutdown the Virtual Machine when leaving machine physically. Maybe put /home/joe or even a whole system on a usb stick or use an old laptop for joe so he's portable (some secure distro, suggestions?)
  • Watch your language, always be very conscious who you are, don't post drunk, avoid using phrases/language the real me notoriously uses,...
  • What MysteryMiner said: "The problem of staying hidden is not in the short term. In long run you get comfortable, relax on security, reuse the same address or e-mail or whatever [...]"

I'm upping the bounty to BTC 14 for now. I might lower it again at some point when I intentionally leak more info that'd make it easier.