Jump to content
Not connected, Your IP: 3.80.224.52
lokiynk

Anonymity questions using only 1 PC

Recommended Posts

Hi there,

 

I have some questions regarding security/anonymity issues for only one pc.

 

Not all people have 2 PCs in their home where they could split up like one for all non-VPN tasks and the other one strictly for VPN tasks.

Some of them have their VPN always on, also for real-life identity tasks (let's call these non-VPN tasks) like banking, shopping, ... Just because they don't want their traffic to be sniffed by ISP or others, so this is just to protect their data usage, not their identities because they give it to the bank, amazon etc, when logging in to their website and doing bank transfers, buy books...

 

So what about the security then if they need the VPN for "real VPN tasks" (let's call these VPN tasks), whatever that might be depends of course.

Remember we have only one PC.

So would it be a solution to work with a dedicated country or just some dedicated (VPN-)servers of a country for all non-VPN tasks and to take servers from other countries for VPN tasks. On top of that the VPN servers for VPN-tasks will be used with another browser-profile to avoid exact fingerprinting.

Also there is always a complete setup comodo-firewall running which only let's traffic through the VPN to the outside. The DNS of the network interface will always be static and pointing to the VPN-DNS. So in fact there is no traffic possible without being connected to the VPN.

 

Which security issues can come up like that?

I think most people with one PC will do it that way that they use no VPN for non-VPN tasks and VPN only for VPN tasks. This is of course quite different but the same questions come up. Of course care is taken to not mix identities, eg to not login to your bank account if you are not in the non-VPN servers using the non-VPN browser profile.

 

 

Share this post


Link to post

Well, don't use the same VPN connection/session for a mix of identities. With regard to anonymity, I don't think you gain much (if anything) by exclusively using a set of VPN servers for certain tasks. It might be a better idea to use random servers each session, no matter what the sessions are about.

Also, Tor Browser will offer (much) better protection against fingerprinting and correlation than hopping to a different VPN IP of the same VPN provider.

 

The real issue is security-related; you can't fully trust a shared operating system. For critical tasks, consider booting off your own USB stick instead.


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Of course the same connection won't be used for different identities. And for VPN tasks also the servers will be in random use. In my eyes it just doesn't make sense to server hop for non-VPN tasks, because the receivers (bank, online shop) know who I am anyway when logging in. This is as I said just to protect from ISP or wi-fi hotspots.

 

On the operating system : So you mean that certain parameters can be read from the OS while browsing and so a deanonymisation can be done, right?

Share this post


Link to post

lokiynk,

 

I want to key a long post but will refrain and be brief.  Many of your concerns can be addressed "outside" of AIR vpn considerations.  I don't know how computer literate you are but the fact that you own ONE physical computer doesn't mean you have to use one operating system.  You can partition your hard drive and encrypt each partition independently where they in affect will become unique system disks (like a C drive on windows).

 

For simplicity you keep the C drive you are using now and create a separate system disk partition that only you have access to.  e.g. you can use a  linux lvm/LUKS encryption on that partition and only you will be able to use it.  While you are using that linux operating system the other drive sectors will be totally untouched, and likewise when you are using the "normal" operating system your linux system will be untouched.  Getting creative you could have unlimited systems with the use of external media.

 

Believe it or not this is brief for where I wanted to take this post.

Share this post


Link to post

lokiynk,

 

I want to key a long post but will refrain and be brief.  Many of your concerns can be addressed "outside" of AIR vpn considerations.

 

Agreed, this subject is difficult to sum up into one post and often varies greatly depending on the individual's computing needs.

 

Imo use partitions as mentioned by iwih2gk, or virtual machines.

The thing about using virtual machines is the guest machine is only as secure as the host.

 

Ie running a windows host machine with a linux guest would be moot if the windows box was loaded with malware. -and said malware could be ms based...

 

If you're on windows the first step I would take is switching to some flavor of linux or bsd. Even talking about anonymity while running windows is kind of pointless considering that OS over the years has had more backdoors than sasha grey.

 

-gl

Share this post


Link to post

Ok thanks for your input. Installing a second OS on a different partition will be no problem in terms of my computer knowledge. It's just that you have to administer two "machines" then and keep both up to date for preventing leaks etc.

 

That's why I asked specifically for the flaws of the solution in the first post. But that didn't take the flaws of windows itself into account, you're right on that.

 

So to be on the safe side it really looks that only a separated system in some way for VPN and non-VPN tasks is the way to go...

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...