Worth listening to Jake Appelbaum's 'digital anti repression workshop' [1]. In this he explains why he takes the hard-drive out of his laptop and just uses a TailsOS thumb-drive for his computing. It would be actually hilarious when staff ask to peruse the contents of your computer for contraband, only to discover the laptop doesn't have a hard-drive.
And for those who think Protonmail are the only service with a custom address, think again, because Facebook has one too: https://facebookcorewwwi.onion/
For those wondering how to generate vanity Tor onion addresses in a more efficient manner (taking advantage of your GPU): https://github.com/lachesis/scallion
Maybe doing that in the cloud would compromise the security of your vanity address. You would not own the private key. Your cloud provider could control your domain.
Vanity addresses are popular in bitcoin, but difficulty rises exponentially with each character. Most people don't want crunch random numbers for 6 months. The solution to 3rd party key generation is split keys.
Essentially the addition of keys to get the desired final key.
Generate key X, give X public address to cloud provider, they search for key Y so that X + Y == YourVanityAddress, when found they send you private Y. Private X + Y is your vanity private key.
Vanity address generated by 3rd party in a trustless environment.
I guess I don't see the point of using Tor with Facebook. So much of your identity is already tracked. It's like trying to sneak up on somebody while wearing those squeaky clown shoes.
When you have a very small subset of users who will go through the trouble of trying out Facebook's onion address, it is much easier to be successful with surveillance tools on that small sample.
Because not everyone uses their real name on Facebook, especially in a Middle Eastern country, I would imagine. And Facebook isn't just for your family and real friends anymore (and hasn't been for years).
> Vanity Onion addresses are a bad idea. They teach users to ignore part of the address instead of treating the whole address like an IP address.
This assumes that users aren't ignoring the address anyway. There is a near 100% success rate in tricking users into visiting fake URLs in laboratory conditions. While trying to explain my research to a tenured professor, she literally typed each domain I was spelling out into Firefox's search box instead of punching it in manually.
I do yoga for my back and ensure there's good lumbar support on any chair I sit on. They say sitting is the 'new cancer' and prevention is often the way to go. Here's an interesting article on some yoga exercises you can try for back pain: http://www.buzzle.com/articles/yoga-exercises-for-back-pain....
Yeah there's a few VPNs that look shady because of their pricing. One that springs to mind is LeafVPN[1]. For $5.00 you get to send all your traffic to Mallory. And it even has `LEA` as the first three letters, so you're safe! This is not an endorsement of this service BTW.
any of this services are safe to use http://vpntrends.com/best-vpn-services/ ? Not that i do anything illegal but don't want to send my information directly to the government.
Brilliant list. I always wondered how many commercial VPN providers use code from these. I suspect setting up the VPN is easy enough, but coding the billing backend might be trickier.
Unless it affects them directly, just like how tobacco smokers don't see any immediate bad effects from smoking. But they know somewhere down the line something awful will happen.
https://github.com/sbilly/awesome-security