![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#21 2016-02-06 21:30:39
- dot|not
- Member
- From: /dev/urandom
- Registered: 2016-02-04
- Posts: 93
- Website
Re: Crunchbang Paranoid Security Guide
Same on my end. This thing is freaking huge.
I think the best way (for now, a structured approach might be needed later) is to just hack away at it. We probably should also create a new thread for it and link this one, for the sake of cleanliness.
A question that just popped up in my head: Do we want it as BB-code formatted post in this board or do we want it as actual guide, as .pdf, written in Markdown or whatever floats our boat? Both has is pros and cons.
How do we handle communication? Just forum posts or do you want to take it somewhere else (IRC, XMPP, ..)?
Regarding the threat model and OPSEC stuff, I don't think what I had in mind is really all that different from where you are going. Threat model first, meaning "just give me the basics" vs "I work with whistle blowers". In the first scenario OPSEC is not that vital and can be treated as such. Just give them the basic tools and very basic pointers if needed. In the second scenario OPSEC does become more important and needs to be dealt with.
We need to differentiate between things. The first, hands-on-style thing I have in mind is more focused on security, with some basic privacy stuff (mainly focused on ads and data brokers) included. The latter is where I'd imagine going full-on. Then again, my guts tell me to just start and see where the journey leads, because endlessly discussing specifics will probably only hinder us.
You mentioned in another post that this stuff is not so vital for you but more of a hobby type interest. That's how it started for me too, but lately I have begun strongly advocating the use of whistle blower quality surveillance circumvention tools to political activists. I've seen too many news stories about the surveillance state abusing so-called anti terrorist tools and targeting activists who are exercising their right to voice their disagreement with govt policies. Some of the stronger tools and techniques under discussion may also be appropriate for law firms, accountants or even just the technically curious etc.
I also did some 'counceling' work for journalists, activists and the like. It's not that I am particularly against it, it's just that it's definitely not the main target audience in this community. I'm sure there are people who'd like to learn about dead drops, onion services for communication and pinpointing your personal details through analyzing your writing style, but that treads on the realm of tradecraft and classic intelligence/counterintelligence work and really shouldn't be the focus of our groundwork.
It shouldn't be difficult to produce a guide that would be useful to such people without getting into the politics of it and ticking off the "no politics" crowd.
Aye, it probably shouldn't. Nevertheless, it's a shit-ton of work. 
For the rest of the people reading this thread: Please don't be discourage by the nerd-talk, everybody is welcome to join in on this!
Offline
#22 2016-02-07 22:30:20
- MAC the Bloody
- crypto-anarchist
- From: Quesnel BC Canada
- Registered: 2015-09-29
- Posts: 256
Re: Crunchbang Paranoid Security Guide
just hack away at it
I have come to the same conclusion. It's just too big to try to do it all at once and then post. I'd say get some portion of it ready and then post. Let it grow organically from there.
create a new thread for it ... for the sake of cleanliness.
Yeah, that one seemed obvious. 
A pdf or some such guide? Interesting idea, but I think just a forum post would probably be better. It would probably get more use and feedback if people don't have to click a link and download something.
How do we handle communication? Just forum posts or do you want to take it somewhere else
If we keep bashing this out over the forum it'll probably be too much clutter for some folks. Maybe bordering on that now for some. I think just using the PM function provided by the forum will be fine. If we identify something specific that needs a bit of feedback we can still throw it out here in the open for comment.
I spent a couple of hours last night working with some "supposed to be simple" tools for encrypted email. You know, for the KISS part of things. Strangely I found I had more trouble with this than just using the CLI. Go figure. Anyway I'll spend some more time with that tonight. No need to go into detail here. I'll just sort it out.
I think I'm going to do up a list of the things I'm comfortable contributing to and send it to you in a PM along with any other relevant thoughts. This may take me a day or two as I have other projects on the go.
“The university is well structured, well tooled, to turn out people with all the sharp edges worn off...." Mario Savio
"Protections for anonymous speech are vital to democratic discourse". Help enforce our right to free and anonymous speech by running a Tor relay.
Offline