User Tools

Site Tools

diy:identity-management

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
diy:identity-management [2024/07/02 09:37] – [Identity Management] Humphrey Boa-Gartdiy:identity-management [2024/09/24 03:17] (current) – [Containerized and/or Portable Web Browsers] Humphrey Boa-Gart
Line 4: Line 4:
  
 Here are some strategies you can employ to streamline your operation on almost any operating system, by using simple **//best practices//**, without having to install a whole lot of fancy or proprietary software to get it done. Here are some strategies you can employ to streamline your operation on almost any operating system, by using simple **//best practices//**, without having to install a whole lot of fancy or proprietary software to get it done.
 +
 +Most of these strategies are built around [[tactics:compartmentalize|compartmentalization]]. How far you decide to compartmentalize is up to you, but the options are there, and employing some of them are recommended to reduce the possibility of devastating [[tactics:lateral-move|lateral movements]] in case of a data breach. Some compartmentalization will ultimately help you keep everything rigidly organized too, so it serves a dual-purpose here.
  
 ===== Use A Password Manager ===== ===== Use A Password Manager =====
Line 9: Line 11:
 While you should be using this anyways, a [[security:password-managers|Password Manager]] will drastically simplify the task of keeping track of usernames and passwords, and store them as portable & encrypted database files. Most decent password managers will let you create categories for your passwords. This means you can have a single category for each persona that you larp as, with all of that persona's accounts neatly stashed together inside. While you should be using this anyways, a [[security:password-managers|Password Manager]] will drastically simplify the task of keeping track of usernames and passwords, and store them as portable & encrypted database files. Most decent password managers will let you create categories for your passwords. This means you can have a single category for each persona that you larp as, with all of that persona's accounts neatly stashed together inside.
  
-Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support biometric devices, and hardware [[security:2fa|2FA]] such as [[gear:yubi|YubiKeys]]. You can even store each identity file on its own separate VM or physical machine (//more on that **[[diy:identity-management#Further Compartmentalization|further down]]**//). How far you decide to [[tactics:compartmentalize]] is up to you, but the options are there, and employing some of them are recommended to reduce the possibility of devastating [[tactics:lateral-move|lateral movements]] in case of a data breach.+Or, you can take things even further, and have a different password-protected database file for each persona. This way you are only loading the persona you need into your password manager at any given moment, and someone has to enter a password if they manage to make a copy of the database file. Some password managers support [[security:2fa|2FA]], biometric devices, and [[gear:security key|security keys]] such as [[gear:yubi|YubiKeys]]. You can even store each identity file on its own separate VM or physical machine (//more on that **[[diy:identity-management#Further Compartmentalization|further down]]**//).
  
 ===== Containerized and/or Portable Web Browsers ===== ===== Containerized and/or Portable Web Browsers =====
Line 17: Line 19:
 The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a **portable browser**, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros. They also give you a straightforward means to set aside unique bookmarks, cookie storage and browser extensions on a per-persona basis, catered to whatever that persona does online. The ideal type of pre-packaged browser for sockpuppetry in a shared environment is a **portable browser**, as they are easily duplicated, quick to deploy, simple to isolate, and they lend themselves well to scripting & macros. They also give you a straightforward means to set aside unique bookmarks, cookie storage and browser extensions on a per-persona basis, catered to whatever that persona does online.
  
-On Linux, this is best accomplished with containerized [[https://www.appimagehub.com/browse?cat=248&ord=latest|AppImages]].+On Linux, this is best accomplished with [[tools:appimage|AppImages]].
  
 For Windows users, you are looking for [[https://portableapps.com/apps/internet|Portable Apps]]. For Windows users, you are looking for [[https://portableapps.com/apps/internet|Portable Apps]].
Line 61: Line 63:
 ==== Docker Containers ==== ==== Docker Containers ====
  
-[[tools:docker|Docker]] containers are another way to further compartmentalize things with a form of pseudo-virtualization. This is especially useful in a shared environment where you cannot run full virtual machines, or a cloud environment where you cannot deploy your own custom virtual machines. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable containerized browsers for each of your personas with common off-the-shelf components. +[[tools:docker|Docker]] containers are another way to further compartmentalize things with a form of pseudo-virtualization. This is especially useful in environments with limited resources, a shared environment where you cannot run full virtual machines, and the cloud. With customized Docker containers as part of your identity management toolchain, you are essentially building your own portable containerized browsers for each of your personas with common off-the-shelf components, with the added security of OS-level virtualization.
  
-For example, you could use [[github>qdm12/gluetun]] and [[github>linuxserver/docker-firefox]] to deploy an instance of **Mozilla Firefox**, with all its dependencies and your chosen VPN profile built into the container as well.+For example, you could use [[github>HumphreyBoaGart/vmask]] to deploy an instance of **Mozilla Firefox**, with all its dependencies and your chosen VPN profile built into the container as well.
  
 ==== Separate & Airgapped Devices ==== ==== Separate & Airgapped Devices ====
Line 97: Line 99:
  
   * If you are using Linux or MacOS, [[tools:bash:customization|aliases & shell scripting]] (//or **[[tools:powershell|PowerShell scripting]]** on Windows//) can further automate & simplify the execution of many of the tips on this page. Since the methods described here use common implementations of free software, they are quite conductive to being used as part of custom scripts, if you know some {{tagpage>Programming|programming basics}}.   * If you are using Linux or MacOS, [[tools:bash:customization|aliases & shell scripting]] (//or **[[tools:powershell|PowerShell scripting]]** on Windows//) can further automate & simplify the execution of many of the tips on this page. Since the methods described here use common implementations of free software, they are quite conductive to being used as part of custom scripts, if you know some {{tagpage>Programming|programming basics}}.
 +
  
  
 {{tag>Tutorials Security}} {{tag>Tutorials Security}}
diy/identity-management.1719913040.txt.gz · Last modified: 2024/08/06 05:53 (external edit)

Find this page online at: https://bestpoint.institute/diy/identity-management