Click Here To Hide Tor

PGP, TAILS, VIRTUAL BOX

PGP, TAILS, VIRTUAL BOX

So keep in mind that if you are a user of Silk Road, or any other form of activism, you never want to enter any identifying details about yourself online. Make it so that even if the NSA intercepted and decrypted, or compromised Silk Road that the only information they have against you is your username and password. How safe is that username and password? Does your password contain any identifying information? Is it the same password that you use for your personal email? Does it contain a name of somebody you know personally? Always keep all of these factors in mind.

Another step you must take, especially when communicating with other users on sites such as Silk Road is using PGP encryption. This is not always possible, such as in cases when you are logging into a website, filling out a form, logging into an email, etc.. Consider any type of information you enter into a website using plain text possibly compromised. Never put anything sensitive is any type of plain text format online. PGP comes into play because it uses a very strong method of encryption called cryptography. PGP stands for Pretty Good Privacy, and it is used for encrypting, decrypting and signing texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

For the more technical users, it uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography. For the less technical users, the process of encrypting messages using PGP is as follows. You create a private key and a public key. The public key is the key you give out to people you want to send you encrypted messages. Your private key, is kept privately by you. This private key is the only key that can unlock messages that were previously locked with your public key.

If you are still confused, think about it like this. Think about a public key that can go around locking boxes that are intended for you. Anyone can lock a box that is intended for you, but you are the only one with the key to unlock the box. Either if the person who sent you a message locked a box (message) with your public key, they themselves can not unlock it. Only the person possessing the private key can unlock it. If you wish to respond to this person, you must use their public key to encrypt the message you intend to send to them. And they themselves, use their own private key to decrypt the message you sent them.

If you are still with me, I am glad I haven’t lost you yet. This is called cryptography and was designed so that anybody intercepting your message could not decrypt the message without your private key. Even if you yourself, lose your private key, there is no method of key recovery. You can consider that message locked forever. So how do you use PGP?

Well before we get to that, I want to introduce you to a Live Operating System, which makes using PGP encryption and decryption very easy. A live operating system is an operating system that you can run on top of your current operating system. So for example, if you are a Windows user, you have 2 choices. You can download the live operating system, burn it to a CD or DVD and then boot your computer from that DVD or CD. This will make sure your computer run as if you have this operating system installed on your computer. However, if you remove the CD or DVD and reboot, then your computer will boot as normal. You can also use a USB drive to perform this same feature.

Secondly, you can run this live operating system in what’s called a Virtual Box. The benefits of this are that you can run Windows simultaneously as you run this other operating system and you can easily switch back and forth between them without rebooting the computer. Both methods have their pros and cons. The pros of running a live CD boot, are that reduce the risk of having your computer compromised by viruses, malware and keyloggers that rely on Windows vulnerabilities to run.

If you are going to run this OS from a Virtual Box, I suggest downloading Virtual Box from Oracle. Note the https:// :)

https://www.virtualbox.org/

Next, the live operating system I would encourage you to use is Tails. Tails can be found at the following website.

https://tails.boum.org/

The reason I choose Tails, is because it has many of the security features that you require to stay anonymous already installed. Some users are not happy with Tails, but it really is a great operating system loaded with security features. Many I will talk about in this series on security including PGP encryption and decryption. Make sure you download the Tails ISO file from the official Tails website and you can either load it into Virtual Box or burn it to a DVD or load it onto a USB and booting your computer from that drive.

There are plenty of tutorials on how to load Tails into Virtual Box, so I won’t go into much detail other than, make sure you run Virtual Box and Tails from a USB drive or SD card. I would suggest a USB drive however for reasons I will explain later. But basically when when Virtual Box runs directly on your hard drive, it creates a virtual hard drive that is uses as a temporary hard drive while Tails is running. Once Tails is closed, this virtual drive is deleted, but it’s not permanently deleted. As we know from the power of recovery tools, deleted files are easily recoverable with the right tools. I will talk about how to protect your files from data recovery tools in future posts but for now, just keep Virtual Box and Tails OFF of your hard drive, and load it either on a USB drive or SD card.

The same goes when booting your computer directly into Tails from a DVD or USB stick. Your hard drive will be used to store files used by Tails, so make sure any files that are saved or accessed using Tails are done from a USB stick or SD card, otherwise they will be recoverable. This is why I prefer using a Virtual Box and running both the Virtual Box and Tails inside of it, off of a USB stick. Keep as much as possible off of your actual hard drive. It is possible to shred files beyond recovery, but it’s much easier to do this on a 16gb flash drive, then it is a 1 TB hard drive.

Next post we will get back on topic and start learning how to use PGP. The reason I have to take a detour to using Tails is because we will be using Tails for many of the features from here on out, including PGP.

15 comments

  1. Do you know of a portable virtual box source? The only source I can find (vbox.me) is not a true portable version. It will install virtual box to the usb, but when opening virtual box from a new computer, it installs files it needs onto the hard drive of the computer the usb is connected with.

  2. TAILS is designed to not use the HDD at all, I thought?

    Using the Virtual Box is much more likely to leave data on the HDD.

  3. So of you run the LOS in a virtual box, off of a sd card for example, then you could run it on a personal computer? or would it still be susceptible to data taken from on the Windows system of such computer?

    • Its not a good idea to use TAILS on a virtual machine, from what I’ve read it still needs to connect threw the host PC. Just stick to a USB or disc like they recommend, better to be safe than sorry.
      But the GnuPG client on TAILS(seahorse) is much better than GPG4Win and KGPG on linux. That said KGPG is very good as a key manager and very easy to use just don’t generate keys on it

  4. Hi !
    First, very nice article. I just have a doubt on something.
    Is it really more secure to run tails into virtualBox (with tails AND virtualbox in a usb stick) than running tails directly from a usb stick ?
    In this video -> /watch?v=_4dQ4UY7kB4 the author says many times that it is more secure to run Tails directly from the external usb.
    The author of the video and this website look serious to me so i don’t understand why different opinion ?? Would appreciate if someone can answer. Thank you :)

  5. Virtual Box 5.0.10 won’t install to a usb stick. Anyone know of the last stable version that would?

  6. Hi, am I more safe or less safe if I use my normal pc to use tails, but connect to a router of one of my neighbors who has a free wifi running? It’s a kind of community wifi which connects tens or hundreds of routers in my city to one wifi network.

  7. If I go to https://tails.boum.org and download Tails, how can I be sure that I’m truly on the correct website. In other words , can’t someone set up a mirror of this site and trick ppl into downloading a corrupted version of tails? Sure its httpSecure, but don’t let that fool you, it can be cloned. And even if I were to get to the legitimate tails site, isn’t there a chance that anyone who downloads Tails without some kind of obfuscation of their IP, will have it(their IP address) logged by their ISP, and possibly even passed on to some LEA or Intelligence agency. I’ve heard that its risky to download Tails from your home PC and also that you would want to create the bootable USB from a different machine than you used to download Tails. Wouldn’t you be better off not downloading Tails from your home network? Maybe you address these issues later on in the article? I know I sound like a noob, because I am one. But if someone rushed on to the Tails site and downloaded Tails from their home PC without any protection they could be under the microscope already. They say that if your in one of the Five Eyes countries that they don’t keep track of IP’s to which Tails or Tor is downloaded to, from their official websites, but do you really believe that? Then there is your ISP, if you download anything from Tails or Tor’s website without precaution, look out, they are going to know it and log it. Maybe obtain a copy of Tails already on bootable media from a trusted source.??? Am I just overly cautious?

    • Yes, you can get put on a watch list of simply searching for tor or deepweb related items, doesn’t necessarily mean you’ll have any legal action taken towards you, assuming you do nothing Illegal. Second, if you ensure the URL is the official https tails site, then after you download it you should be given a hash to validate the authenticity of the download, there’s more info on the tails download page. And of course don’t use it on your own PC or you’re own network. Get a burner pc and find a network, THAT ISN’T A COFFEE SHOP OR LIBRARY AS THEY ARE NOTORIOUS FOR BEING MONITORED, and you should be fine for your anonymous browsing. Disclaimer: I do not endorse any illegal activity that may occur following this advice.

  8. Why not install and boot Ubuntu from a USB drive separately, then use Tails on VirtualBox from there?

  9. Beacuse maybe somethings are best left off his/her PC?

  10. thanks this were very valuble info for me
    many thanks for the time and help to ddw and jolly rogers the original poster

  11. If one is saying not to download tails from my pc, the library pc, or the coffee shop pc, then where do I download it from? That doesn’t leave me any options.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Captcha: *