Differences

This shows you the differences between two versions of the page.

--- diy:identity-management [2024/07/02 07:50] – [Docker Containers] Humphrey Boa-Gart
+++ diy:identity-management [2024/09/24 03:17] (current) – [Containerized and/or Portable Web Browsers] Humphrey Boa-Gart
@@ Line 3: / Line 3: @@
 For those of you who are deep into **platform manipulation** and **sockpuppetry**, you will eventually become overwhelmed by the amount of separate **identities** or **personas** (//and the accounts they each use to interact with the world through the internet//) that you are using for your shenanigans.
-Here are some quick tips to streamline your operation on almost any operating system by using simple **//best practices//**, without having to install a whole lot of fancy or proprietary software to get it done.
+Here are some strategies you can employ to streamline your operation on almost any operating system, by using simple **//best practices//**, without having to install a whole lot of fancy or proprietary software to get it done.
+Most of these strategies are built around [[tactics:compartmentalize|compartmentalization]]. How far you decide to compartmentalize is up to you, but the options are there, and employing some of them are recommended to reduce the possibility of devastating [[tactics:lateral-move|lateral movements]] in case of a data breach. Some compartmentalization will ultimately help you keep everything rigidly organized too, so it serves a dual-purpose here.
 ===== Use A Password Manager =====
@@ Line 9: / Line 11: @@
 While you should be using this anyways, a [[security:password-managers|Password Manager]] will drastically simplify the task of keeping track of usernames and passwords, and store them as portable & encrypted database files. Most decent password managers will let you create categories for your passwords. This means you can have a single category for each persona that you larp as, with all of that persona's accounts neatly stashed together inside.
-Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support biometric devices, and hardware [[security:2fa|2FA]] such as [[gear:yubi|YubiKeys]]. You can even store each identity file on its own separate VM or physical machine (//more on that **[[diy:identity-management#Further Compartmentalization|further down]]**//). How far you decide to [[tactics:compartmentalize]] is up to you, but the options are there, and employing some of them are recommended to reduce [[tactics:lateral-move|lateral movements]] in case of a data breach.
+Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support [[security:2fa|2FA]], biometric devices, and [[gear:security key|security keys]] such as [[gear:yubi|YubiKeys]]. You can even store each identity file on its own separate VM or physical machine (//more on that **[[diy:identity-management#Further Compartmentalization|further down]]**//).
 ===== Containerized and/or Portable Web Browsers =====
-The weakest part of most computers these days is **the web browser**. Since the browser is what is actually interacting with 95% of what most users do with their computer in the modern age, this is where most unwanted things are going to find their way into your machine. You can roadblock many of these things by running your browser in a jailed container, with all its own unique local dependencies included inside the container as well. There are many ways to run a browser out of a container. Some container software, like [[tools:flatpak|Flatpak]], doubles as a [[tools:package manager]] and update service. Flatpak is great for daily driver software on main or a virtual machine, but it is not so good for a million personas on shared environment.
+The weakest part of most computers these days is **the web browser**. Since the browser is what is actually interacting with 95% of what most users do with their computer in the modern age, this is where most unwanted things are going to find their way into your machine. You can roadblock many of these things by running your browser in a jailed container, with all its own unique local dependencies included inside the container as well. There are many ways to run a browser out of a container. Some container software, like [[tools:flatpak|Flatpak]], doubles as a [[tools:package manager]] and update service. Flatpak is great for daily driver software on main or a virtual machine, but it is not great for a million personas on a shared environment.
-The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a **portable browser**, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros.
+The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a **portable browser**, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros. They also give you a straightforward means to set aside unique bookmarks, cookie storage and browser extensions on a per-persona basis, catered to whatever that persona does online.
-On Linux, this is best accomplished with containerized [[https://www.appimagehub.com/browse?cat=248&ord=latest|AppImages]].
+On Linux, this is best accomplished with [[tools:appimage|AppImages]].
 For Windows users, you are looking for [[https://portableapps.com/apps/internet|Portable Apps]].
-//**Employ variation in your browsers!** When you visit a web site, your user-agent (and the rest of your browser's outward "fingerprint") can be read and analyzed, and correlated with logs from elsewhere! While you shouldn't employ variation in the browser's security policy, you can throw these [[hazards:spooks]] off with some simple extension variation, and/or using multiple types of web browsers. You want each persona to appear as though they are accessing the site from different machines with different configurations, so to blend in to the background noise.//
+//**Employ variation in your browsers!** When you visit a web site, your user-agent (and the rest of your browser's outward "fingerprint") can be read and analyzed, and correlated with logs from elsewhere! While you shouldn't employ needless variation in the browser's security policy, you can throw these [[hazards:spooks]] off by using different extensions with each browser install, and/or using multiple types of web browsers. You want each persona to appear as though they are accessing the site from different machines with different configurations, so to blend in to the background noise.//
 ===== Unique VPN Profiles =====
@@ Line 27: / Line 29: @@
 To maintain the outward consistency of your identities across the internet, you should set up different [[security:vpn|Virtual Private Networks]] (or **VPN's**) for each of your personas. [[tools:wireguard|WireGuard]] is going to be your tool of choice for this one, as pretty much everyone supports it, and it is a million times faster & easier to work with than the only popular alternative: [[tools:openvpn|OpenVPN]].
-You can get as complex as you want with this one. You can download different premade configuration files from different accounts at different VPN providers, name them after your personas, and load up whichever one you need at the time. You can also have a pool of different configuration files that you select at random, for each persona as well. The main idea, is you don't want to be signing on with two different personas on the same IP address (or even the same geographic region), and you want to be able to jump between profiles with simple commands. For example, in [[tools:bash|terminal]] this would look like:
+You can get as complex as you want with this one. You can download different premade configuration files from different accounts at different VPN providers, name them after your personas, and load up whichever one you need at the time. You can also have a pool of different configuration files that you select at random, for each persona as well. You can even have a configuration (or pool of configurations) for each individual website your persona goes to. The main thing you are trying to avoid, bare minimum, is using two different personas on the same IP address (or even the same geographic region).
-  $ wg-quick down profile_name_1
+WireGuard lets you jump between VPN profiles with simple commands. For example, in [[tools:bash|terminal]] this would look like:
-  $ wg-quick up profile_name_2
-Refer to the [[tools:wireguard|WireGuard]] article for a quick primer and best practices. You can use sites like [[https://whatismyipaddress.com|What Is My IP Address]] and [[https://ip.me|IP.me]] to make sure your VPN configuration is working.
+  $ wg-quick up profile_1
+  $ wg-quick down profile_1
+  $ wg-quick up profile_2
+  $ wg-quick down profile_2
+  $ wg-quick up profile_2_alt
-===== Further Compartmentalization =====
+Refer to the [[tools:wireguard|WireGuard]] article for a quick primer and best practices. You can use sites like [[https://whatismyipaddress.com|What Is My IP Address]], [[https://www.dnsleaktest.com|DNS Leak Test]] and [[https://ip.me|IP.me]] to make sure your VPN configuration is working. Employ a [[https://www.cnet.com/tech/services-and-software/vpn-kill-switch-what-is-it-and-should-you-enable-it/|VPN Kill Switch]](([[https://web.archive.org/web/20240629133959/https://www.cnet.com/tech/services-and-software/vpn-kill-switch-what-is-it-and-should-you-enable-it/|Archived version of VPN Kill Switch summary at CNET]])) to prevent IP leaks.
+===== Advanced Persona Compartmentalization =====
 With those basic identity-management skills out of the way, you can infinitely build on your setup by employing advanced [[tactics:compartmentalize|compartmentalization]] practices. The combination you choose will be dependent on the infrastructure and hardware you have available, how much free time you have to experiment, and your own personal preferences. Here are a few directions you can go:
@@ Line 40: / Line 47: @@
 ==== Virtual Machines  ====
-If you have the storage space and processing power, you can set up **separate tailorized VM environments** for each persona (//enabling you to put your password database, unique browser install and VPN profiles, all in one place//). This way, nothing leaves the VM, and it automatically boots into that persona's VPN profile of choice on startup.
+If you have the storage space and processing power, you can set up **separate tailorized VM environments** for each persona (//enabling you to put your password database, unique browser install and VPN profiles, all in one place//). This way, nothing leaves the VM, and it automatically boots into that persona's default VPN profile of choice on startup.
-Another benefit of virtual machines, is you don't have to restrict yourself to portable browsers, since the boundaries of the VM itself are now what keep things separated from your other personas. However, it still helps to keep them in jailed environments in the VM.
+Another benefit of virtual machines, is that you don't have to restrict yourself to portable browsers, since the boundaries of the VM itself are now what keep things separated. However, it still helps to keep your browsers in jailed environments in the VM. You can bundle any chat applications associated with your persona into your VM as well. You can use any operating system or virtualization software you wish for this.
-You can use any operating system or VM software you wish for this. If you so desire, each persona can have multiple virtual machines assigned to it (//for example, by having a **[[arms:kali|Kali]]** VM for general use and web browsing, alongside an **Android** VM with some social media apps and an alternate browser or two//). Just as using different web browsers can throw off people looking for the same repeat fingerprints, so can using different operating systems (//which is easy since there's a million updated versions of **Linux** and **BSD**//). You can even store each VM on its own separate keydrive. Whatever fits your workflow best. There is a near infinite amount of ways to set up this kind of software stack.
+If you want to break things down further, each persona can have multiple virtual machines assigned to it. For example, you can assign to a single persona:
+  * A **[[arms:kali|Kali]]** VM for general chat and web browsing.
+  * An **Android** VM with social media apps and an alternative browser.
+  * A third VM running whatever with more alternative apps.
+Just as using different web browsers can throw off people looking for the same repeat fingerprints, so can using different operating systems (//which is easy since there are a million variations of **Linux** and **BSD** to choose from//). You can even store each VM on its own separate keydrive. Whatever fits your workflow best. There is a near infinite amount of ways to set up this kind of software stack.
 You don't have to jump to a virtual machine setup immediately, either. If you know nothing about virtual machines yet, maybe just move a couple of your more disposable personas to virtual machines first, then move the rest later when you are more comfortable with it. If you use different compartmentalization methods, you may not need virtual machines at all.
@@ Line 50: / Line 63: @@
 ==== Docker Containers ====
-[[tools:docker|Docker]] containers are another way to further compartmentalize things, especially in a shared environment where you cannot run full virtual machines, or a cloud environment where you cannot deploy your own custom virtual machines. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable browsers for each of your personas with common off-the-shelf components.
+[[tools:docker|Docker]] containers are another way to further compartmentalize things with a form of pseudo-virtualization. This is especially useful in environments with limited resources, a shared environment where you cannot run full virtual machines, and the cloud. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable containerized browsers for each of your personas with common off-the-shelf components, with the added security of OS-level virtualization.
-For example, you could use [[github>qdm12/gluetun]] and [[github>linuxserver/docker-firefox]] to deploy an instance of **Mozilla Firefox**, with all its dependencies and your chosen VPN profile built into the container as well.
+For example, you could use [[github>HumphreyBoaGart/vmask]] to deploy an instance of **Mozilla Firefox**, with all its dependencies and your chosen VPN profile built into the container as well.
-==== Separated & Airgapped Devices ====
+==== Separate & Airgapped Devices ====
-If virtual machines are not compartmentalized enough, you can use entirely different pieces of hardware for each persona. There are many ways you can do this. For example:
+You can use entirely different pieces of hardware for each persona to further compartmentalize them. There are many ways you can do this. For example:
   * You can have a keydrive with its own operating system, for each persona.
@@ Line 62: / Line 75: @@
   * You can put each persona on its own laptop or phone, which no other persona of yours will have access to.
   * You may run each persona from separate virtual servers, out of different datacenters in the cloud, each paid for by different names with different anonymous payment methods.
+  * A persona whose character background involves video games might want to make use of browsers and apps on a **gaming console** (running through a VPN on your local network) to sell the fingerprint. That persona might communicate with people from that console's chat applications, as opposed to another persona, who might just use [[tools:signal|Signal]] or **Proton Mail** on a VM elsewhere.
   * You may use [[tactics:airgap|airgapped]] offline devices for things like drafting posts, reading ebooks, listening to music, tracking to-do lists, or managing your personal life, preventing unintentional bleedover onto machines where you do work online, where every nuance of your habits can be studied by AI. If you are using hardware 2FA, make sure you have a spare airgapped key or two stashed away somewhere, so you can get back into your personas if your devices are stolen or lost. PIN-protect the airgapped key in case it is stolen.
-Again, it all depends how far you are willing to go. In some cases, it may be a lot of extra work. If you have the right hardware on hand, or the right conductive habits, it may actually create less work for you in the long run. Experiment with throwaway personas and see what works best for you.
+Again, it all depends how far you are willing to go, and what physical resources are available to you. In some cases, it may be a lot of unnecessary extra work or money. If you have the right hardware on hand, or the right conductive habits, it may actually create less work for you in the long run. Experiment with throwaway personas and see what works best for you.
 ==== Method Acting & Dissociation ====
@@ Line 74: / Line 88: @@
 It should be noted that mental compartmentalization has long been exploited by various cults and governments, dating back to the Ancient World. Because of this, it is no surprise that modern governments have figured out how to exploit people prone to [[wp>Splitting (psychology)|splitting]], [[wp>Dissociation (psychology)|dissociation]] or other [[wp>Dissociative disorders|DID/MPD behaviors]], for the purposes of information security & mind control. (//The **Ministry of Occult Sciences** notes that people with **temporal lobe dysfunctions** are sometimes exploited in this manner as well.//) Anonymous has verifiably encountered cases where two personas online didn't even know they were part of the same host body. Conversely, some Anons with DID deliberately make full conscious use of [[wp>Multiplicity_(subculture)#Characteristics|their system's quirks]] to compartmentalize their multiple digital presences, as a safeguard from external threats or saboteurs.
-//**Be careful that you do not fall down the [[hazards:rabbit holes|rabbit hole]], and DO NOT forget your [[security:totem]].** Inexperience and poor emotional regulation can be a serious [[hazards:achilles heel|Achilles' Heel]] when dissociating, and send you down an endless dark path from which you may never return. Furthermore, while multiple personalities (for those without DID) can be manifested purely meditatively in the temporal realm, some Anons claim to channel volatile daemonia to get the job done. Pharmakeia & recreational drugs offer another unstable portal into this mindset. If you are not careful when you immerse yourself in this kind of manner, you could end up dead, just like **Heath Ledger** after he used this method to portray the Joker in the 2008 film, **The Dark Knight**.//
+//**Be careful that you do not fall into any [[hazards:rabbit holes]], and DO NOT forget your [[security:totem]].** Inexperience and poor emotional regulation can be a serious [[hazards:achilles heel|Achilles' Heel]] when dissociating, and send you down an endless dark path from which you may never return. Furthermore, while multiple personalities (for those without DID) can be manifested purely meditatively without external assistance, some Anons claim to channel volatile daemonia to get the job done instead. Pharmakeia & recreational drugs offer another unstable portal into this mindset. If you are not careful when you immerse yourself in this kind of manner, you could end up dead, just like **Heath Ledger** after he used this method to portray the Joker in the 2008 film, **The Dark Knight**.//
-//Oh, and **DO NOT UNDER ANY CIRCUMSTANCES** let anybody induce this state in you with hypnosis, group DMT ritual, occult ceremony, or any type of guided meditation! This basically gives someone a rootkit into your brain. If you cannot remain in control on your own while doing this, then it should go without saying that you **SHOULD NOT** be doing it at all!//
+//Oh, and **DO NOT** under **ANY CIRCUMSTANCES** let **ANYBODY** induce this state in you with hypnosis, group ayahuasca ritual, occult ceremony, or any type of guided meditation! This basically gives someone a rootkit into your brain. If you cannot remain in control on your own while doing this, then it should go without saying that you **SHOULD NOT** be doing it at all!//
-===== More Tips =====
+===== Additional Tips =====
   * If you are not compartmentalizing your personas on their own unique VM's or devices, and instead run them all from the same machine, you might want to consider using **multiple user accounts** for each persona if possible. This is easier on Linux than Windows, as you can simply open a new shell in your environment and run ''su'' to jump to that persona's user account, where its VPN profile, passwords and browser are stored. Make sure the data for all the relevant files/folders is chmodded to **600/700**. This way, if the browser is compromised, [[tactics:lateral move|lateral movement]] to your other personas and their accounts is (somewhat) impeded. This method also lets you set up automated VPN connections upon logging in with ''su'' (using the ''.bash_profile'' or ''.bashrc'' file) so you can just open the shell, start the browser, and get to work.
@@ Line 84: / Line 98: @@
   * The usernames, public handles and email addresses of your personas, and the filenames of things used by those personas, **do not have to match each other, at all**. This is a useful obfuscation technique, if you can mentally keep track of it for it to be practical on the fly. Some people employ ciphers, rhymes or memories to keep track of which file or account goes to which persona. Some people throw it in maps or spreadsheets. Other people can remember without any of these things. Either way you do it, this will absolutely confuse intruders & spies that are trying to make sense of what goes where.
-  * If you are using Linux or MacOS, [[tools:bash:customization|aliases & shell scripting]] (or [[tools:powershell|PowerShell scripting]] on Windows) can further automate & simplify the execution of many of the tips on this page. Since the methods described here use common implementations of free software, they are quite conductive to being used as part of custom scripts, if you know some {{tagpage>Programming|programming basics}}.
+  * If you are using Linux or MacOS, [[tools:bash:customization|aliases & shell scripting]] (//or **[[tools:powershell|PowerShell scripting]]** on Windows//) can further automate & simplify the execution of many of the tips on this page. Since the methods described here use common implementations of free software, they are quite conductive to being used as part of custom scripts, if you know some {{tagpage>Programming|programming basics}}.
 {{tag>Tutorials Security}}

User Tools

Site Tools

Differences