Monero (dont hoard the info , this keeps us all safe)

  • Thread starter Thread starter Whoopiegoldburgg222
  • Start date Start date
@Clarissa, if someone for instance is running tor over vpn with an encrypted e mail provider on android and uses xmr when at all possible. Is there more one could do for safety ? Im guessing creating a personal pgp key but im not too savvy on that and don't know if it can be done on mobile platforms. Thoughts ? 

 
@LysergamideLandscapes1938 Dude I have chrome os laptop for school and it sucks!! is there anyway for someone like me to be able to download tails on a usb or do you think I just need to get a windows or something? 
TAILS is SUPPOSED to be run on a USB! Of course you can! You should research it! Edward Snowden recommends TAILS. It's an amnesiac OS, meaning when it is shit down it doesn't keep any residual data unless you created an encrypted partition for storage.

 
@Clarissa, if someone for instance is running tor over vpn with an encrypted e mail provider on android and uses xmr when at all possible. Is there more one could do for safety ? Im guessing creating a personal pgp key but im not too savvy on that and don't know if it can be done on mobile platforms. Thoughts ? 
If you want to use PGP on a mobile device, then use OpenKeychain for Android. Idk if they have an iOS counterpart created or if you'd need to use another app, but that is your start. It is very simple. But make sure your PGP keys are always 4096-bit, as anything lower is outdated and less secure. If using OpenKeychain, go to the Advanced tab when creating your PGP, and that is where you will find the means to set the bitrate and more. You should ensure your subkeys also are 4096-bit. You also should enter random gibberish when prompted to enter your email (it won't recognize that it isn't an email, and you don't want your PGP linked to you, and using a made up email with a legitimate domain like Gmail or Protonmail could link it to an innocent party who happens to possess the made up email unbeknownst to you), and do NOT publish your key to the key servers, again for anonymity and security sake. It is good to set an expiration for your keys so that you have to keep rolling your keys using new ones, and the common practice agreed upon is every 3 to 6 months. This way you can't have your keys used to decrypt everything, and thus one key being compromised means only risking a chunk of your encrypted communications and not all the old ones. Also, if you are willing to dedicate a separate key to each contact you have them used with, that means you won't risk communications with everyone you use PGP with if one is compromised.

 
@Clarissa, if someone for instance is running tor over vpn with an encrypted e mail provider on android and uses xmr when at all possible. Is there more one could do for safety ? Im guessing creating a personal pgp key but im not too savvy on that and don't know if it can be done on mobile platforms. Thoughts ? 
@meds7922 Safety from who/whom?  Outside hackers, LE, all the above?  A PGP key is only useful for sending and receiving encrypted messages.  Just creating a private key pair doesn't really make you safe or safer unless you have the public keys of all the recipients you want to communicate with.  PGP is likely redundant if you are already using an encrypted e-mail provider.  I don't know much about using PGP on mobile, but @LysergamideLandscapes1938 seems to have some good advice on how to get started.

If you want to completely insulate yourself then your best bet is to run TAILS from a bootable USB drive with no persistent storage.  It also depends on how you are using XMR.  If you are buying XMR anonymously on a peer-to-peer site like localmonero and paying transactions from your XMR wallet, then you are doing everything right for optimal safety.  The problems with monero safety usually happen early on in the process if you are purchasing BTC through an exchange and then converting to XMR.

I would definitely recommend first looking into TAILS OS because running TOR over VPN isn't really a safe or reliable option.

 
@meds7922 Safety from who/whom?  Outside hackers, LE, all the above?  A PGP key is only useful for sending and receiving encrypted messages.  Just creating a private key pair doesn't really make you safe or safer unless you have the public keys of all the recipients you want to communicate with.  PGP is likely redundant if you are already using an encrypted e-mail provider.  I don't know much about using PGP on mobile, but @LysergamideLandscapes1938 seems to have some good advice on how to get started.

If you want to completely insulate yourself then your best bet is to run TAILS from a bootable USB drive with no persistent storage.  It also depends on how you are using XMR.  If you are buying XMR anonymously on a peer-to-peer site like localmonero and paying transactions from your XMR wallet, then you are doing everything right for optimal safety.  The problems with monero safety usually happen early on in the process if you are purchasing BTC through an exchange and then converting to XMR.

I would definitely recommend first looking into TAILS OS because running TOR over VPN isn't really a safe or reliable option.
Yes, safety from all. I am not really doing a lot of shopping, but it it only takes once to get caught up in some mess. I did figure buying btc from a large cryptocurrency market the converting to xmr really could be a bad idea. I will have to research tails and one part I do know is that would not be able to be done on mobile. Does tails keep all data off the computer and hd ? I believe I also read where there are different steps for keeping everything wiped after each session. It seems when people get lazy and overconfident, we read about their demise.

 
If you want to use PGP on a mobile device, then use OpenKeychain for Android. Idk if they have an iOS counterpart created or if you'd need to use another app, but that is your start. It is very simple. But make sure your PGP keys are always 4096-bit, as anything lower is outdated and less secure. If using OpenKeychain, go to the Advanced tab when creating your PGP, and that is where you will find the means to set the bitrate and more. You should ensure your subkeys also are 4096-bit. You also should enter random gibberish when prompted to enter your email (it won't recognize that it isn't an email, and you don't want your PGP linked to you, and using a made up email with a legitimate domain like Gmail or Protonmail could link it to an innocent party who happens to possess the made up email unbeknownst to you), and do NOT publish your key to the key servers, again for anonymity and security sake. It is good to set an expiration for your keys so that you have to keep rolling your keys using new ones, and the common practice agreed upon is every 3 to 6 months. This way you can't have your keys used to decrypt everything, and thus one key being compromised means only risking a chunk of your encrypted communications and not all the old ones. Also, if you are willing to dedicate a separate key to each contact you have them used with, that means you won't risk communications with everyone you use PGP with if one is compromised.
Thank you, that makes sense to me, everything I researched on it was way above my pay grade !  Lol.

 
Yes, safety from all. I am not really doing a lot of shopping, but it it only takes once to get caught up in some mess. I did figure buying btc from a large cryptocurrency market the converting to xmr really could be a bad idea. I will have to research tails and one part I do know is that would not be able to be done on mobile. Does tails keep all data off the computer and hd ? I believe I also read where there are different steps for keeping everything wiped after each session. It seems when people get lazy and overconfident, we read about their demise.
TAILS does keep your HD safe, as you don't boot from your HD, you boot from your USB containing TAILS. It is totally a separate system, isolated from your HD. Purchase XMR and BTC from Bisq, as it doesn't require KYC, is p2p (Peer-2-Peer), and is configured to route all traffic through TOR when using it .

 
@meds7922 Safety from who/whom?  Outside hackers, LE, all the above?  A PGP key is only useful for sending and receiving encrypted messages.  Just creating a private key pair doesn't really make you safe or safer unless you have the public keys of all the recipients you want to communicate with.  PGP is likely redundant if you are already using an encrypted e-mail provider.  I don't know much about using PGP on mobile, but @LysergamideLandscapes1938 seems to have some good advice on how to get started.

If you want to completely insulate yourself then your best bet is to run TAILS from a bootable USB drive with no persistent storage.  It also depends on how you are using XMR.  If you are buying XMR anonymously on a peer-to-peer site like localmonero and paying transactions from your XMR wallet, then you are doing everything right for optimal safety.  The problems with monero safety usually happen early on in the process if you are purchasing BTC through an exchange and then converting to XMR.

I would definitely recommend first looking into TAILS OS because running TOR over VPN isn't really a safe or reliable option.
TOR over a VPN is not as good as TAILS, but you can use Express as your VPN and they have been the ONLY VPN proven to keep no logs of data of any sort like many VPNs only claim with us having to take them at their word. Express has even had their servers seized by the Turkish government for an investigation, and they found NOTHING on them whatsoever. This, along with many independent audits as well as being open-source on GitHub all verifies their legitimacy. Also, purchasing from localmonero isn't optimal security. It is better than an exchange, but using Bisq is the safest bet, as it runs through TOR itself as well as being KYC-less. Also, Bisq supports several cryptocurrencies including BTC and XMR both.

Also, I've seen talk of how using PGP is redundant when using an encrypted email provider, but it is a NECESSARY AND VALUABLE, PRAGMATIC REDUNDANCY. For one, these email providers only are encrypted between users of the same service, not when emailing to other domain types, and they also can be decrypted and thus made insecure by the services themselves, which means that they are only secure until the service is compromised or they are made to hand over info to LE.

 
Last edited by a moderator:
TOR over a VPN is not as good as TAILS, but you can use Express as your VPN and they have been the ONLY VPN proven to keep no logs of data of any sort like many VPNs only claim with us having to take them at their word. Express has even had their servers seized by the Turkish government for an investigation, and they found NOTHING on them whatsoever. This, along with many independent audits as well as being open-source on GitHub all verifies their legitimacy. Also, purchasing from localmonero isn't optimal security. It is better than an exchange, but using Bisq is the safest bet, as it runs through TOR itself as well as being KYC-less. Also, Bisq supports several cryptocurrencies including BTC and XMR both.

Also, I've seen talk of how using PGP is redundant when using an encrypted email provider, but it is a NECESSARY AND VALUABLE, PRAGMATIC REDUNDANCY. For one, these email providers only are encrypted between users of the same service, not when emailing to other domain types, and they also can be decrypted and thus made insecure by the services themselves, which means that they are only secure until the service is compromised or they are made to hand over info to LE.
@LysergamideLandscapes1938 Everyone (from expert researchers to ordinary users) has their own opinion or data on VPN companies.  I kind of gave up on trying to find the "perfect" VPN.  Express sounds good from what you are telling me, but it's difficult to trust these providers without actually having access to one of their servers to prove their claims.

Yeah I thought I said to purchase from a peer-to-peer like localmonero, not that localmonero is best for security.  It was just the first example I could think of.  I didn't realize Bisq runs through TOR.  I see why you would recommend it over other p2p's.

In this specific context (a beginner looking for easy practical advice), PGP with an encrypted provider may be redundant.  But I don't believe that for all cases.  I would personally rather PGP over encrypted email provider because these providers are vulnerable to attacks and I would rather put my trust in cryptography over a service.

 
@LysergamideLandscapes1938 Everyone (from expert researchers to ordinary users) has their own opinion or data on VPN companies.  I kind of gave up on trying to find the "perfect" VPN.  Express sounds good from what you are telling me, but it's difficult to trust these providers without actually having access to one of their servers to prove their claims.

Yeah I thought I said to purchase from a peer-to-peer like localmonero, not that localmonero is best for security.  It was just the first example I could think of.  I didn't realize Bisq runs through TOR.  I see why you would recommend it over other p2p's.

In this specific context (a beginner looking for easy practical advice), PGP with an encrypted provider may be redundant.  But I don't believe that for all cases.  I would personally rather PGP over encrypted email provider because these providers are vulnerable to attacks and I would rather put my trust in cryptography over a service.
Again, I would like to reiterate that Express got their servers in Turkey seuzed and the Turkish government found literally NOTHING on them, proving their claims. Normally I concur with you about having to take VPNs at their word, but Express has been proven by that seizure to really stick to their guns about not logging data. I appreciate your knowledge about OpSec regarding digital aspects of it. All too rare to find people who do have a healthy knowledge-base to work from. And yeah, Bisq is awesome. I'm very satisfied with how the software is set up.

 
Last edited by a moderator:
Again, I would like to reiterate that Express got their servers in Turkey seuzed and the Turkish government found literally NOTHING on them, proving their claims. Normally I concur with you about having to take VPNs at their word, but Express has been proven by that seizure to really stick to their guns about not logging data. I appreciate your knowledge about OpSec regarding digital aspects of it. All too rare to find people who do have a healthy knowledge-base to work from. And yeah, Bisq is awesome. I'm very satisfied with how the software is set up.
@LysergamideLandscapes1938 I try to pitch in here and there.  I have a Cybersecurity degree that I don't use during the day (well I use the computer science part, just not security).

I wrote a short tutorial about using Monero/XMR somewhere on this forum and I remember referencing Bisq.  I should probably heed my own recommendations and check it out.

 
@LysergamideLandscapes1938 I try to pitch in here and there.  I have a Cybersecurity degree that I don't use during the day (well I use the computer science part, just not security).

I wrote a short tutorial about using Monero/XMR somewhere on this forum and I remember referencing Bisq.  I should probably heed my own recommendations and check it out.
Really? Do you mind swapping DMs? I'm wanting to pick your brain and perhaps I can be of help with educating you as well perhaps. I don't have a cybersecurity degree, but am an avid researcher for my own education and use (as well as to help others like I am trying to do here) in my free time and have by necessity had to implement my knowledge for a decade now due to involvement in the ŘČ scene and the Đ@ŘĶŇ3Ţ scene as well, amongst other activities. 

 
TOR over a VPN is not as good as TAILS, but you can use Express as your VPN and they have been the ONLY VPN proven to keep no logs of data of any sort like many VPNs only claim with us having to take them at their word. Express has even had their servers seized by the Turkish government for an investigation, and they found NOTHING on them whatsoever. This, along with many independent audits as well as being open-source on GitHub all verifies their legitimacy. Also, purchasing from localmonero isn't optimal security. It is better than an exchange, but using Bisq is the safest bet, as it runs through TOR itself as well as being KYC-less. Also, Bisq supports several cryptocurrencies including BTC and XMR both.

Also, I've seen talk of how using PGP is redundant when using an encrypted email provider, but it is a NECESSARY AND VALUABLE, PRAGMATIC REDUNDANCY. For one, these email providers only are encrypted between users of the same service, not when emailing to other domain types, and they also can be decrypted and thus made insecure by the services themselves, which means that they are only secure until the service is compromised or they are made to hand over info to LE.
Thank you for this info. I can use those tips to make things as secure as possible with what I have to work with currently. PGP, another layer of security and I would be able to shop at the W.H. gift shop instead of just looking.  ;)

 
Drugbuyersguide Shoutbox
  1. ontovzik @ ontovzik: When I had long term shingles, lasting two months. All he could give me was a 10 day supply of dilaudid. He looked at the ground while we were talking about it. I could tell he was ashamed but it was the legislature and the governor that tied his hands. He was very upset that non-medical political people, the media, and the scared public were controlling how he treated his patients. Someday those people will need meds and a hospital bed and they will be gone.
  2. ontovzik @ ontovzik: I had a great doctor, he had the true gift of a healer and he stayed on top of all the science. He straight up told me that for many people opiods work for managing short and long term pain.
  3. ontovzik @ ontovzik: He peed it in the snow in my backyard.
  4. WTF7218 @ WTF7218: @xenxra 😆😂. Yes, but only a few brave souls will ever find the number. You must first order a Dirty Shirley from the bartender. Then you must discreetly take the cocktail napkin from under your drink and unfold it. There you will find the map to the location of the phone number, and clues to decipher the code that it is written in.
  5. xenxra @ xenxra: he left his phone number scribbled in a stall at the pub three blocks down
  6. aBBazaBBa123 @ aBBazaBBa123: @rockychoc How do I contact you?
  7. N @ NYStateofMind: @Alkazar I would try one of those easy online ones .. reddit gives useful info about that
  8. Alkazar @ Alkazar: @NYStateofMind I dont really have a history of abusing things, my docotr is just really stingy. I am thinking of switching.
  9. C @ Cheesus: Thanks xenxra
  10. xenxra @ xenxra: @Cheesus yeah, use snote
  11. P @ psychedpsych: Trump is cracking down….
  12. P @ psychedpsych: Hackers are the scum of the earth
  13. N @ NYStateofMind: so it was easy bc of my history
  14. N @ NYStateofMind: I didnt really tell him but he knew I needed a new script since my dr went to jail
  15. N @ NYStateofMind: @xenxra I was on Adderall since 15 years ago so my dr prescribed that w no problems and then when I lost my best friend my doctor rxed the valiums but
  16. C @ Cheesus: Temp.pm down for anyone else?
  17. xenxra @ xenxra: @NYStateofMind my doctor's have always been pretty open minded if i can actually come in and explain the pharmacological action of the drugs im seeking instead of just telling them why i think i should be prescribed. the only time it didn't work out for me is when i was trying pharmaceuticals for depression ten years ago and suggested they let me try testosterone instead (turns out i was hypogonadal so they made a mistake denying my request at face value)
  18. T @ Testisthebest: Even down here in Florida when the pill mill docs all switched over to Suboxone and/or retired you can still find some pretty liberal docs but you gotta know what to look for. Mine does "pain management, detox, anxiety,etc. And no insurance. My doc writes me 60 5mg Valium, 14 2mg Xanax and asked if I had ever tried adderal to get more focus at work as I told him I run my own business.
  19. N @ NYStateofMind: @Alkazar do they know your history? Like I dont tell my doctor anything about myself except what they need to know,...I was able to get my dr to rx the highest dose of adderall along with valiums ..... if they dont know your history or there is no history I would just come out and ask what is the reason for their mistreatment.... they have no problem billing your insurance or taking a payment for the visit
  20. T @ Turbo259: @Layne_Cobain Thank you fam
Back
Top