Monero (dont hoard the info , this keeps us all safe)

[meds7922]

@Clarissa, if someone for instance is running tor over vpn with an encrypted e mail provider on android and uses xmr when at all possible. Is there more one could do for safety ? Im guessing creating a personal pgp key but im not too savvy on that and don't know if it can be done on mobile platforms. Thoughts ? 

 

[LysergamideLandscapes1938]

@LysergamideLandscapes1938 Dude I have chrome os laptop for school and it sucks!! is there anyway for someone like me to be able to download tails on a usb or do you think I just need to get a windows or something? 

TAILS is SUPPOSED to be run on a USB! Of course you can! You should research it! Edward Snowden recommends TAILS. It's an amnesiac OS, meaning when it is shit down it doesn't keep any residual data unless you created an encrypted partition for storage.

 

[LysergamideLandscapes1938]

@Whoopiegoldburgg222 if you want, DM me and I'll help you with pursuing safer practices like using TAILS and PGP. I've literally written guides on this sort of thing.

 

[LysergamideLandscapes1938]

@Clarissa, if someone for instance is running tor over vpn with an encrypted e mail provider on android and uses xmr when at all possible. Is there more one could do for safety ? Im guessing creating a personal pgp key but im not too savvy on that and don't know if it can be done on mobile platforms. Thoughts ? 

If you want to use PGP on a mobile device, then use OpenKeychain for Android. Idk if they have an iOS counterpart created or if you'd need to use another app, but that is your start. It is very simple. But make sure your PGP keys are always 4096-bit, as anything lower is outdated and less secure. If using OpenKeychain, go to the Advanced tab when creating your PGP, and that is where you will find the means to set the bitrate and more. You should ensure your subkeys also are 4096-bit. You also should enter random gibberish when prompted to enter your email (it won't recognize that it isn't an email, and you don't want your PGP linked to you, and using a made up email with a legitimate domain like Gmail or Protonmail could link it to an innocent party who happens to possess the made up email unbeknownst to you), and do NOT publish your key to the key servers, again for anonymity and security sake. It is good to set an expiration for your keys so that you have to keep rolling your keys using new ones, and the common practice agreed upon is every 3 to 6 months. This way you can't have your keys used to decrypt everything, and thus one key being compromised means only risking a chunk of your encrypted communications and not all the old ones. Also, if you are willing to dedicate a separate key to each contact you have them used with, that means you won't risk communications with everyone you use PGP with if one is compromised.

 

[Clarissa]

@Clarissa, if someone for instance is running tor over vpn with an encrypted e mail provider on android and uses xmr when at all possible. Is there more one could do for safety ? Im guessing creating a personal pgp key but im not too savvy on that and don't know if it can be done on mobile platforms. Thoughts ? 

@meds7922 Safety from who/whom?  Outside hackers, LE, all the above?  A PGP key is only useful for sending and receiving encrypted messages.  Just creating a private key pair doesn't really make you safe or safer unless you have the public keys of all the recipients you want to communicate with.  PGP is likely redundant if you are already using an encrypted e-mail provider.  I don't know much about using PGP on mobile, but @LysergamideLandscapes1938 seems to have some good advice on how to get started.

If you want to completely insulate yourself then your best bet is to run TAILS from a bootable USB drive with no persistent storage.  It also depends on how you are using XMR.  If you are buying XMR anonymously on a peer-to-peer site like localmonero and paying transactions from your XMR wallet, then you are doing everything right for optimal safety.  The problems with monero safety usually happen early on in the process if you are purchasing BTC through an exchange and then converting to XMR.

I would definitely recommend first looking into TAILS OS because running TOR over VPN isn't really a safe or reliable option.

 

[Whoopiegoldburgg222]

@LysergamideLandscapes1938 Thank you so much! I will def take you up on that 

 

[meds7922]

@meds7922 Safety from who/whom?  Outside hackers, LE, all the above?  A PGP key is only useful for sending and receiving encrypted messages.  Just creating a private key pair doesn't really make you safe or safer unless you have the public keys of all the recipients you want to communicate with.  PGP is likely redundant if you are already using an encrypted e-mail provider.  I don't know much about using PGP on mobile, but @LysergamideLandscapes1938 seems to have some good advice on how to get started.

If you want to completely insulate yourself then your best bet is to run TAILS from a bootable USB drive with no persistent storage.  It also depends on how you are using XMR.  If you are buying XMR anonymously on a peer-to-peer site like localmonero and paying transactions from your XMR wallet, then you are doing everything right for optimal safety.  The problems with monero safety usually happen early on in the process if you are purchasing BTC through an exchange and then converting to XMR.

I would definitely recommend first looking into TAILS OS because running TOR over VPN isn't really a safe or reliable option.

Yes, safety from all. I am not really doing a lot of shopping, but it it only takes once to get caught up in some mess. I did figure buying btc from a large cryptocurrency market the converting to xmr really could be a bad idea. I will have to research tails and one part I do know is that would not be able to be done on mobile. Does tails keep all data off the computer and hd ? I believe I also read where there are different steps for keeping everything wiped after each session. It seems when people get lazy and overconfident, we read about their demise.

 

[meds7922]

If you want to use PGP on a mobile device, then use OpenKeychain for Android. Idk if they have an iOS counterpart created or if you'd need to use another app, but that is your start. It is very simple. But make sure your PGP keys are always 4096-bit, as anything lower is outdated and less secure. If using OpenKeychain, go to the Advanced tab when creating your PGP, and that is where you will find the means to set the bitrate and more. You should ensure your subkeys also are 4096-bit. You also should enter random gibberish when prompted to enter your email (it won't recognize that it isn't an email, and you don't want your PGP linked to you, and using a made up email with a legitimate domain like Gmail or Protonmail could link it to an innocent party who happens to possess the made up email unbeknownst to you), and do NOT publish your key to the key servers, again for anonymity and security sake. It is good to set an expiration for your keys so that you have to keep rolling your keys using new ones, and the common practice agreed upon is every 3 to 6 months. This way you can't have your keys used to decrypt everything, and thus one key being compromised means only risking a chunk of your encrypted communications and not all the old ones. Also, if you are willing to dedicate a separate key to each contact you have them used with, that means you won't risk communications with everyone you use PGP with if one is compromised.

Thank you, that makes sense to me, everything I researched on it was way above my pay grade !  Lol.

 

[LysergamideLandscapes1938]

Yes, safety from all. I am not really doing a lot of shopping, but it it only takes once to get caught up in some mess. I did figure buying btc from a large cryptocurrency market the converting to xmr really could be a bad idea. I will have to research tails and one part I do know is that would not be able to be done on mobile. Does tails keep all data off the computer and hd ? I believe I also read where there are different steps for keeping everything wiped after each session. It seems when people get lazy and overconfident, we read about their demise.

TAILS does keep your HD safe, as you don't boot from your HD, you boot from your USB containing TAILS. It is totally a separate system, isolated from your HD. Purchase XMR and BTC from Bisq, as it doesn't require KYC, is p2p (Peer-2-Peer), and is configured to route all traffic through TOR when using it .

 

[LysergamideLandscapes1938]

@meds7922 Safety from who/whom?  Outside hackers, LE, all the above?  A PGP key is only useful for sending and receiving encrypted messages.  Just creating a private key pair doesn't really make you safe or safer unless you have the public keys of all the recipients you want to communicate with.  PGP is likely redundant if you are already using an encrypted e-mail provider.  I don't know much about using PGP on mobile, but @LysergamideLandscapes1938 seems to have some good advice on how to get started.

If you want to completely insulate yourself then your best bet is to run TAILS from a bootable USB drive with no persistent storage.  It also depends on how you are using XMR.  If you are buying XMR anonymously on a peer-to-peer site like localmonero and paying transactions from your XMR wallet, then you are doing everything right for optimal safety.  The problems with monero safety usually happen early on in the process if you are purchasing BTC through an exchange and then converting to XMR.

I would definitely recommend first looking into TAILS OS because running TOR over VPN isn't really a safe or reliable option.

TOR over a VPN is not as good as TAILS, but you can use Express as your VPN and they have been the ONLY VPN proven to keep no logs of data of any sort like many VPNs only claim with us having to take them at their word. Express has even had their servers seized by the Turkish government for an investigation, and they found NOTHING on them whatsoever. This, along with many independent audits as well as being open-source on GitHub all verifies their legitimacy. Also, purchasing from localmonero isn't optimal security. It is better than an exchange, but using Bisq is the safest bet, as it runs through TOR itself as well as being KYC-less. Also, Bisq supports several cryptocurrencies including BTC and XMR both.

Also, I've seen talk of how using PGP is redundant when using an encrypted email provider, but it is a NECESSARY AND VALUABLE, PRAGMATIC REDUNDANCY. For one, these email providers only are encrypted between users of the same service, not when emailing to other domain types, and they also can be decrypted and thus made insecure by the services themselves, which means that they are only secure until the service is compromised or they are made to hand over info to LE.

 

[LysergamideLandscapes1938]

@Whoopiegoldburgg222 you should change the thread title to "Monero" since you misspelled it.

 

[Clarissa]

TOR over a VPN is not as good as TAILS, but you can use Express as your VPN and they have been the ONLY VPN proven to keep no logs of data of any sort like many VPNs only claim with us having to take them at their word. Express has even had their servers seized by the Turkish government for an investigation, and they found NOTHING on them whatsoever. This, along with many independent audits as well as being open-source on GitHub all verifies their legitimacy. Also, purchasing from localmonero isn't optimal security. It is better than an exchange, but using Bisq is the safest bet, as it runs through TOR itself as well as being KYC-less. Also, Bisq supports several cryptocurrencies including BTC and XMR both.

Also, I've seen talk of how using PGP is redundant when using an encrypted email provider, but it is a NECESSARY AND VALUABLE, PRAGMATIC REDUNDANCY. For one, these email providers only are encrypted between users of the same service, not when emailing to other domain types, and they also can be decrypted and thus made insecure by the services themselves, which means that they are only secure until the service is compromised or they are made to hand over info to LE.

@LysergamideLandscapes1938 Everyone (from expert researchers to ordinary users) has their own opinion or data on VPN companies.  I kind of gave up on trying to find the "perfect" VPN.  Express sounds good from what you are telling me, but it's difficult to trust these providers without actually having access to one of their servers to prove their claims.

Yeah I thought I said to purchase from a peer-to-peer like localmonero, not that localmonero is best for security.  It was just the first example I could think of.  I didn't realize Bisq runs through TOR.  I see why you would recommend it over other p2p's.

In this specific context (a beginner looking for easy practical advice), PGP with an encrypted provider may be redundant.  But I don't believe that for all cases.  I would personally rather PGP over encrypted email provider because these providers are vulnerable to attacks and I would rather put my trust in cryptography over a service.

 

[LysergamideLandscapes1938]

@LysergamideLandscapes1938 Everyone (from expert researchers to ordinary users) has their own opinion or data on VPN companies.  I kind of gave up on trying to find the "perfect" VPN.  Express sounds good from what you are telling me, but it's difficult to trust these providers without actually having access to one of their servers to prove their claims.

Yeah I thought I said to purchase from a peer-to-peer like localmonero, not that localmonero is best for security.  It was just the first example I could think of.  I didn't realize Bisq runs through TOR.  I see why you would recommend it over other p2p's.

In this specific context (a beginner looking for easy practical advice), PGP with an encrypted provider may be redundant.  But I don't believe that for all cases.  I would personally rather PGP over encrypted email provider because these providers are vulnerable to attacks and I would rather put my trust in cryptography over a service.

Again, I would like to reiterate that Express got their servers in Turkey seuzed and the Turkish government found literally NOTHING on them, proving their claims. Normally I concur with you about having to take VPNs at their word, but Express has been proven by that seizure to really stick to their guns about not logging data. I appreciate your knowledge about OpSec regarding digital aspects of it. All too rare to find people who do have a healthy knowledge-base to work from. And yeah, Bisq is awesome. I'm very satisfied with how the software is set up.

 

[Whoopiegoldburgg222]

@LysergamideLandscapes1938 Ill leave it up to the mods lmao 

 

[LysergamideLandscapes1938]

@LysergamideLandscapes1938 Ill leave it up to the mods lmao 

Why? It would be making life much easier on anyone searching the term "Monero", as this won't pop up for them.

 

[LysergamideLandscapes1938]

@Admin @2earls please change this title to "Monero" instead of "Moreno" so it is able to pop up in searches by users!

 

[LysergamideLandscapes1938]

Tha k you, @Admin, this is much appreciated.

 

[Clarissa]

Again, I would like to reiterate that Express got their servers in Turkey seuzed and the Turkish government found literally NOTHING on them, proving their claims. Normally I concur with you about having to take VPNs at their word, but Express has been proven by that seizure to really stick to their guns about not logging data. I appreciate your knowledge about OpSec regarding digital aspects of it. All too rare to find people who do have a healthy knowledge-base to work from. And yeah, Bisq is awesome. I'm very satisfied with how the software is set up.

@LysergamideLandscapes1938 I try to pitch in here and there.  I have a Cybersecurity degree that I don't use during the day (well I use the computer science part, just not security).

I wrote a short tutorial about using Monero/XMR somewhere on this forum and I remember referencing Bisq.  I should probably heed my own recommendations and check it out.

 

[LysergamideLandscapes1938]

@LysergamideLandscapes1938 I try to pitch in here and there.  I have a Cybersecurity degree that I don't use during the day (well I use the computer science part, just not security).

I wrote a short tutorial about using Monero/XMR somewhere on this forum and I remember referencing Bisq.  I should probably heed my own recommendations and check it out.

Really? Do you mind swapping DMs? I'm wanting to pick your brain and perhaps I can be of help with educating you as well perhaps. I don't have a cybersecurity degree, but am an avid researcher for my own education and use (as well as to help others like I am trying to do here) in my free time and have by necessity had to implement my knowledge for a decade now due to involvement in the ŘČ scene and the Đ@ŘĶŇ3Ţ scene as well, amongst other activities. 

 

[meds7922]

TOR over a VPN is not as good as TAILS, but you can use Express as your VPN and they have been the ONLY VPN proven to keep no logs of data of any sort like many VPNs only claim with us having to take them at their word. Express has even had their servers seized by the Turkish government for an investigation, and they found NOTHING on them whatsoever. This, along with many independent audits as well as being open-source on GitHub all verifies their legitimacy. Also, purchasing from localmonero isn't optimal security. It is better than an exchange, but using Bisq is the safest bet, as it runs through TOR itself as well as being KYC-less. Also, Bisq supports several cryptocurrencies including BTC and XMR both.

Also, I've seen talk of how using PGP is redundant when using an encrypted email provider, but it is a NECESSARY AND VALUABLE, PRAGMATIC REDUNDANCY. For one, these email providers only are encrypted between users of the same service, not when emailing to other domain types, and they also can be decrypted and thus made insecure by the services themselves, which means that they are only secure until the service is compromised or they are made to hand over info to LE.

Thank you for this info. I can use those tips to make things as secure as possible with what I have to work with currently. PGP, another layer of security and I would be able to shop at the W.H. gift shop instead of just looking.