Differences

This shows you the differences between two versions of the page.

--- diy:identity-management [2024/07/02 08:52] – [Unique VPN Profiles] Humphrey Boa-Gart
+++ diy:identity-management [2024/09/24 03:17] (current) – [Containerized and/or Portable Web Browsers] Humphrey Boa-Gart
@@ Line 3: / Line 3: @@
 For those of you who are deep into **platform manipulation** and **sockpuppetry**, you will eventually become overwhelmed by the amount of separate **identities** or **personas** (//and the accounts they each use to interact with the world through the internet//) that you are using for your shenanigans.
-Here are some quick tips to streamline your operation on almost any operating system by using simple **//best practices//**, without having to install a whole lot of fancy or proprietary software to get it done.
+Here are some strategies you can employ to streamline your operation on almost any operating system, by using simple **//best practices//**, without having to install a whole lot of fancy or proprietary software to get it done.
+Most of these strategies are built around [[tactics:compartmentalize|compartmentalization]]. How far you decide to compartmentalize is up to you, but the options are there, and employing some of them are recommended to reduce the possibility of devastating [[tactics:lateral-move|lateral movements]] in case of a data breach. Some compartmentalization will ultimately help you keep everything rigidly organized too, so it serves a dual-purpose here.
 ===== Use A Password Manager =====
@@ Line 9: / Line 11: @@
 While you should be using this anyways, a [[security:password-managers|Password Manager]] will drastically simplify the task of keeping track of usernames and passwords, and store them as portable & encrypted database files. Most decent password managers will let you create categories for your passwords. This means you can have a single category for each persona that you larp as, with all of that persona's accounts neatly stashed together inside.
-Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support biometric devices, and hardware [[security:2fa|2FA]] such as [[gear:yubi|YubiKeys]]. You can even store each identity file on its own separate VM or physical machine (//more on that **[[diy:identity-management#Further Compartmentalization|further down]]**//). How far you decide to [[tactics:compartmentalize]] is up to you, but the options are there, and employing some of them are recommended to reduce [[tactics:lateral-move|lateral movements]] in case of a data breach.
+Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support [[security:2fa|2FA]], biometric devices, and [[gear:security key|security keys]] such as [[gear:yubi|YubiKeys]]. You can even store each identity file on its own separate VM or physical machine (//more on that **[[diy:identity-management#Further Compartmentalization|further down]]**//).
 ===== Containerized and/or Portable Web Browsers =====
@@ Line 15: / Line 17: @@
 The weakest part of most computers these days is **the web browser**. Since the browser is what is actually interacting with 95% of what most users do with their computer in the modern age, this is where most unwanted things are going to find their way into your machine. You can roadblock many of these things by running your browser in a jailed container, with all its own unique local dependencies included inside the container as well. There are many ways to run a browser out of a container. Some container software, like [[tools:flatpak|Flatpak]], doubles as a [[tools:package manager]] and update service. Flatpak is great for daily driver software on main or a virtual machine, but it is not great for a million personas on a shared environment.
-The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a **portable browser**, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros.
+The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a **portable browser**, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros. They also give you a straightforward means to set aside unique bookmarks, cookie storage and browser extensions on a per-persona basis, catered to whatever that persona does online.
-On Linux, this is best accomplished with containerized [[https://www.appimagehub.com/browse?cat=248&ord=latest|AppImages]].
+On Linux, this is best accomplished with [[tools:appimage|AppImages]].
 For Windows users, you are looking for [[https://portableapps.com/apps/internet|Portable Apps]].
-//**Employ variation in your browsers!** When you visit a web site, your user-agent (and the rest of your browser's outward "fingerprint") can be read and analyzed, and correlated with logs from elsewhere! While you shouldn't employ variation in the browser's security policy, you can throw these [[hazards:spooks]] off with some simple extension variation, and/or using multiple types of web browsers. You want each persona to appear as though they are accessing the site from different machines with different configurations, so to blend in to the background noise.//
+//**Employ variation in your browsers!** When you visit a web site, your user-agent (and the rest of your browser's outward "fingerprint") can be read and analyzed, and correlated with logs from elsewhere! While you shouldn't employ needless variation in the browser's security policy, you can throw these [[hazards:spooks]] off by using different extensions with each browser install, and/or using multiple types of web browsers. You want each persona to appear as though they are accessing the site from different machines with different configurations, so to blend in to the background noise.//
 ===== Unique VPN Profiles =====
@@ Line 31: / Line 33: @@
 WireGuard lets you jump between VPN profiles with simple commands. For example, in [[tools:bash|terminal]] this would look like:
-  $ wg-quick down profile_name_1
+  $ wg-quick up profile_1
-  $ wg-quick up profile_name_2
+  $ wg-quick down profile_1
+  $ wg-quick up profile_2
+  $ wg-quick down profile_2
+  $ wg-quick up profile_2_alt
-Refer to the [[tools:wireguard|WireGuard]] article for a quick primer and best practices. You can use sites like [[https://whatismyipaddress.com|What Is My IP Address]] and [[https://ip.me|IP.me]] to make sure your VPN configuration is working.
+Refer to the [[tools:wireguard|WireGuard]] article for a quick primer and best practices. You can use sites like [[https://whatismyipaddress.com|What Is My IP Address]], [[https://www.dnsleaktest.com|DNS Leak Test]] and [[https://ip.me|IP.me]] to make sure your VPN configuration is working. Employ a [[https://www.cnet.com/tech/services-and-software/vpn-kill-switch-what-is-it-and-should-you-enable-it/|VPN Kill Switch]](([[https://web.archive.org/web/20240629133959/https://www.cnet.com/tech/services-and-software/vpn-kill-switch-what-is-it-and-should-you-enable-it/|Archived version of VPN Kill Switch summary at CNET]])) to prevent IP leaks.
 ===== Advanced Persona Compartmentalization =====
@@ Line 42: / Line 47: @@
 ==== Virtual Machines  ====
-If you have the storage space and processing power, you can set up **separate tailorized VM environments** for each persona (//enabling you to put your password database, unique browser install and VPN profiles, all in one place//). This way, nothing leaves the VM, and it automatically boots into that persona's VPN profile of choice on startup.
+If you have the storage space and processing power, you can set up **separate tailorized VM environments** for each persona (//enabling you to put your password database, unique browser install and VPN profiles, all in one place//). This way, nothing leaves the VM, and it automatically boots into that persona's default VPN profile of choice on startup.
-Another benefit of virtual machines, is you don't have to restrict yourself to portable browsers, since the boundaries of the VM itself are now what keep things separated from your other personas. However, it still helps to keep them in jailed environments in the VM. You can bundle any chat applications associated with your persona in your VM as well.
+Another benefit of virtual machines, is that you don't have to restrict yourself to portable browsers, since the boundaries of the VM itself are now what keep things separated. However, it still helps to keep your browsers in jailed environments in the VM. You can bundle any chat applications associated with your persona into your VM as well. You can use any operating system or virtualization software you wish for this.
-You can use any operating system or VM software you wish for this. If you so desire, each persona can have multiple virtual machines assigned to it (//for example, by having a **[[arms:kali|Kali]]** VM for general chat and web browsing, alongside an **Android** VM with social media apps and an alternative browser, and a third VM running whatever with more alternative apps//). Just as using different web browsers can throw off people looking for the same repeat fingerprints, so can using different operating systems (//which is easy since there are a million variations of **Linux** and **BSD** to choose from//). You can even store each VM on its own separate keydrive. Whatever fits your workflow best. There is a near infinite amount of ways to set up this kind of software stack.
+If you want to break things down further, each persona can have multiple virtual machines assigned to it. For example, you can assign to a single persona:
+  * A **[[arms:kali|Kali]]** VM for general chat and web browsing.
+  * An **Android** VM with social media apps and an alternative browser.
+  * A third VM running whatever with more alternative apps.
+Just as using different web browsers can throw off people looking for the same repeat fingerprints, so can using different operating systems (//which is easy since there are a million variations of **Linux** and **BSD** to choose from//). You can even store each VM on its own separate keydrive. Whatever fits your workflow best. There is a near infinite amount of ways to set up this kind of software stack.
 You don't have to jump to a virtual machine setup immediately, either. If you know nothing about virtual machines yet, maybe just move a couple of your more disposable personas to virtual machines first, then move the rest later when you are more comfortable with it. If you use different compartmentalization methods, you may not need virtual machines at all.
@@ Line 52: / Line 63: @@
 ==== Docker Containers ====
-[[tools:docker|Docker]] containers are another way to further compartmentalize things, especially in a shared environment where you cannot run full virtual machines, or a cloud environment where you cannot deploy your own custom virtual machines. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable browsers for each of your personas with common off-the-shelf components.
+[[tools:docker|Docker]] containers are another way to further compartmentalize things with a form of pseudo-virtualization. This is especially useful in environments with limited resources, a shared environment where you cannot run full virtual machines, and the cloud. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable containerized browsers for each of your personas with common off-the-shelf components, with the added security of OS-level virtualization.
-For example, you could use [[github>qdm12/gluetun]] and [[github>linuxserver/docker-firefox]] to deploy an instance of **Mozilla Firefox**, with all its dependencies and your chosen VPN profile built into the container as well.
+For example, you could use [[github>HumphreyBoaGart/vmask]] to deploy an instance of **Mozilla Firefox**, with all its dependencies and your chosen VPN profile built into the container as well.
 ==== Separate & Airgapped Devices ====
@@ Line 77: / Line 88: @@
 It should be noted that mental compartmentalization has long been exploited by various cults and governments, dating back to the Ancient World. Because of this, it is no surprise that modern governments have figured out how to exploit people prone to [[wp>Splitting (psychology)|splitting]], [[wp>Dissociation (psychology)|dissociation]] or other [[wp>Dissociative disorders|DID/MPD behaviors]], for the purposes of information security & mind control. (//The **Ministry of Occult Sciences** notes that people with **temporal lobe dysfunctions** are sometimes exploited in this manner as well.//) Anonymous has verifiably encountered cases where two personas online didn't even know they were part of the same host body. Conversely, some Anons with DID deliberately make full conscious use of [[wp>Multiplicity_(subculture)#Characteristics|their system's quirks]] to compartmentalize their multiple digital presences, as a safeguard from external threats or saboteurs.
-//**Be careful that you do not fall into any [[hazards:rabbit holes]], and DO NOT forget your [[security:totem]].** Inexperience and poor emotional regulation can be a serious [[hazards:achilles heel|Achilles' Heel]] when dissociating, and send you down an endless dark path from which you may never return. Furthermore, while multiple personalities (for those without DID) can be manifested purely meditatively in the temporal realm, some Anons claim to channel volatile daemonia to get the job done. Pharmakeia & recreational drugs offer another unstable portal into this mindset. If you are not careful when you immerse yourself in this kind of manner, you could end up dead, just like **Heath Ledger** after he used this method to portray the Joker in the 2008 film, **The Dark Knight**.//
+//**Be careful that you do not fall into any [[hazards:rabbit holes]], and DO NOT forget your [[security:totem]].** Inexperience and poor emotional regulation can be a serious [[hazards:achilles heel|Achilles' Heel]] when dissociating, and send you down an endless dark path from which you may never return. Furthermore, while multiple personalities (for those without DID) can be manifested purely meditatively without external assistance, some Anons claim to channel volatile daemonia to get the job done instead. Pharmakeia & recreational drugs offer another unstable portal into this mindset. If you are not careful when you immerse yourself in this kind of manner, you could end up dead, just like **Heath Ledger** after he used this method to portray the Joker in the 2008 film, **The Dark Knight**.//
 //Oh, and **DO NOT** under **ANY CIRCUMSTANCES** let **ANYBODY** induce this state in you with hypnosis, group ayahuasca ritual, occult ceremony, or any type of guided meditation! This basically gives someone a rootkit into your brain. If you cannot remain in control on your own while doing this, then it should go without saying that you **SHOULD NOT** be doing it at all!//
@@ Line 88: / Line 99: @@
   * If you are using Linux or MacOS, [[tools:bash:customization|aliases & shell scripting]] (//or **[[tools:powershell|PowerShell scripting]]** on Windows//) can further automate & simplify the execution of many of the tips on this page. Since the methods described here use common implementations of free software, they are quite conductive to being used as part of custom scripts, if you know some {{tagpage>Programming|programming basics}}.
 {{tag>Tutorials Security}}

User Tools

Site Tools

Differences