[liberationtech] advice on securing a new computer

Mon Jan 28 07:54:23 PST 2013

Julian,

Thanks for your response. After I sent that e-mail I was telling myself
somebody is probably going to say that. Yes, I also believe OpenVPN would
be better, but is more complicated to setup and use for an average user.

It can be scripted, but then what if it doesn't connect because it's being
blocked and the user assumes they're protected when they're not?

The reason for suggesting PPTP is simplicity, the user stated, "I am not a
geek". I'd rather my average users use PPTP for the sake of simplicity then
no VPN at all, or a trojaned OpenVPN client.

Due to commercial VPN endpoint spying, anything that could get you thrown
into prison in a 3rd world country (such as trying to subvert the
current regime) should be done over TOR, not solely a VPN provider. However
you can use the two together if TOR is being blocked in the country you've
selected such as China by using the VPN to connect out of the country then
into TOR.

I've never have, and never will trust any commercial VPN provider with my
freedom or life and nobody should either thus why I stated always have TOR
handy. I should have explained my reasoning better but didn't want to send
a "wall of text".

Brad Beckett

On Mon, Jan 28, 2013 at 3:16 AM, Julian Oliver <julian at julianoliver.com>wrote:

> ..on Sun, Jan 27, 2013 at 07:05:11PM -0800, Brad Beckett wrote:
> > Here is a Free VPN service: http://www.vpnbook.com/
> >
> > I've tested their PPTP connections out and they work well, don't know if
> > you can trust them or not though so make sure you use https on all sites
> > you login to.
> >
> > Here's a video guide how to setup PPTP VPN connections in OS X:
> > https://vimeo.com/15752843
>
> PPTP is OK for situations whereby you need to set up and quickly tunnel
> out on
> whatever platform you have at hand, assuming it isn't vital to keep what
> you're
> doing away from prying eyes. In every other case you are better not to use
> PPTP
> VPN connections as they can be 'cloud cracked' for a couple of hundred
> bucks,
> maybe less (assuming a local attacker can capture network packets on your
> network).
>
> If you want to be absolutely sure no one on the wire can listen in, then
> PPTP is
> /not/ what you want. What you want is an L2TP VPN service or, better,
> OpenVPN.
>
> Similarly, be careful which VPN provider you use. It's perfectly possible
> that
> some VPN providers operating in countries may work for those countries,
> under
> the juristiction they pay tax within. They may have reasons to be
> interested in
> what you are doing (activism, diplomatic relations, corporate and
> governmental
> communications, etc) and so provide access to that government if asked.
>
> See the section 'VPN' in the CryptoParty handbook. This is all discussed,
> complete with installation instructions for OS X:
>
>     https://cryptoparty.org/wiki/CryptoPartyHandbook#Version_1.1
>
> Cheers,
>
> Julian
>
> >
> > On Sun, Jan 27, 2013 at 5:09 PM, Joseph Mornin <joseph at mornin.org>
> wrote:
> >
> > > Apple publishes a security configuration guide for OS X:
> > > https://ssl.apple.com/support/**security/guides/<
> https://ssl.apple.com/support/security/guides/>
> > >
> > > The NSA also publishes hardening tips: http://www.nsa.gov/ia/_files/**
> > > factsheets/macosx_10_6_**hardeningtips.pdf<
> http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf>
> > >
> > > Cheers,
> > > Joe
> > >
> > > --
> > > Joseph Mornin
> > > http://www.mornin.org/
> > >
> > >
> > > On 1/27/13 4:52 PM, sam de silva wrote:
> > >
> > >> Hi there,
> > >>
> > >> Are there any guides that tell me how to make a new computer secure,
> for
> > >> both use and connecting and communicating via the net?
> > >>
> > >> My set up is as follows:
> > >>
> > >> - Macbook Pro, running Mac OS 10.6.8
> > >>
> > >> My requirements are as follows:
> > >>
> > >> - I am almost always connected to the net, and need fast access, and
> full
> > >> web-browsing experience
> > >> - I'd like to block apps from sending out / receiving data from the
> net
> > >> - I'd like a secure cloud storage space for my own stuff and
> occasionally
> > >> share with others
> > >> - My workplace is Microsoft-based we have email via IMAP. I'd like to
> > >> have the option to send encrypted (PGP) emails to others.
> > >> - I'd like to secure the email that's stored on my laptop. I'd like to
> > >> use Apple Mail as my client.
> > >> - I travel often, and I'd prefer not to have my data fall in to the
> wrong
> > >> hands.
> > >>
> > >> - I am not a geek, but can install my own applications and if guided
> > >> properly can do terminal stuff
> > >>
> > >> ---
> > >>
> > >> Any feedback or direction appreciated.
> > >>
> > >> Best, Sam :-)
> > >>
> > >>
> > >> ------------------------------**--
> > >> Sam de Silva
> > >> skype: samonthenet
> > >> sam at media.com.au
> > >> +61 412 238 041
> > >>
> > >> --
> > >> Unsubscribe, change to digest, or change password at:
> > >> https://mailman.stanford.edu/**mailman/listinfo/**liberationtech<
> https://mailman.stanford.edu/mailman/listinfo/liberationtech>
> > >>
> > >>  --
> > > Unsubscribe, change to digest, or change password at:
> > > https://mailman.stanford.edu/**mailman/listinfo/**liberationtech<
> https://mailman.stanford.edu/mailman/listinfo/liberationtech>
> > >
>
> > --
> > Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>
> --
> Julian Oliver
> http://julianoliver.com
> http://criticalengineering.org
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130128/25bedd56/attachment.html>