Hi! I´m almost a newbee when it comes to Linux, but the need of anonymity while surfing has made me look at the tor-project live-usb Tails based on Debian. But since I´m new to linux I have tried the LinuxMint live usb, and I´m looking for other solutions as well. But first, here is my dilemma.

For several years I worked in one of the neighbor municipalities of where I live. In this municipality the local administration have acted in ways that must be described as close to corruption. I still have a lot of friends in this municipalities administration, and they are tired of the way things are done. They are also afraid that they will be blamed if the press starts writing about this, or if the politicians start digging in the dirt. Therefore we have started to ask a lot of questions. Questions that the municipalities administration have to answer according to Norwegian law.

So far we have been using an gmail account and https. Since none of us are advanced computer users we don´t really understand what is safe and what is not. When it comes to information traveling over the network, none of us have any knowledge at all.

Here are some of the questions and uncertainties we have:

- The municipality owns the company (IPS) that provides the network that we use, we do not trust them.
- Is gmail safe when https is used?
- When we download some of the documents hosted on the municipalities webpages, is it possible to track the person downloading the pdfs?
- Is it possible to put scripts and other stuff inside the pdf to track down the computer viewing them?
- If we start using the Tor-network, would it bring more attention towards the computers that we use, and in this way expose our identity?

All suggestions and explanations how to hide our identity are welcome.

"The municipality owns the company (IPS) that provides the network that we use, we do not trust them" - use a VPN service to connect to the outside world - your network provider won't be able to see what your traffic is (see Swedish VPN service Mullvad and their competitors).
"Is gmail safe when https is used?" - combined with a good password and my advice above - yes
"When we download some of the documents hosted on the municipalities webpages, is it possible to track the person downloading the pdfs?" - if you use the above-mentioned VPN or especially Tor over VPN - they would find it very hard to find out your identity (UNLESS you download while on their network as they would then be able to correlate both ends)
"If we start using the Tor-network, would it bring more attention towards the computers that we use, and in this way expose our identity?" - use bridges (bridges.torproject.org) and only use those bridges that use port 443. And if you use VPN service first (and connect to Tor network only after all your traffic is routed through VPN) there will be no way for your network operator to know you are using Tor.
Word of caution - watch out for VPN failures, use something like Shorewall to prevent traffic escaping in the event of VPN failure.

Melvind, welcome to LQ.

After reading your post, I think that it would be prudent for you to review the LQ rules. Specifiably, attempting to circumvent govt entities and restrictions and aiding in such attempts is forbidden. I mention this as a caution. Your post does not sound like you are trying to violate any laws, but it would be better for you to not mention the municipal ISP aspect and the lack of trust and instead focus on how to browse securely.

klearview has provided you with an excellent overview of VPN and TOR. Combined this should be sufficient to privatize your activity in a potentially hostile environment.

Email is a little trickier because even when using HTTPS there are other weak spots. These include: the body of the email being sent in plain text while the authentication is secured, storage of unencrypted email both on servers and by the recipients and senders, passage of unencrypted email over devices like phones. To communicate via email, I would suggest using GPG and to make it easy use a plugin like Enigmail in Thunderbird.

Your idea to use a USB based system is good, but USB drives are still writable and hence may become compromised with walware and other trojans. It is quite unlikely that the Linux portion itself will contract malware, but java, javascript, flash, and even PDF files can contain these things, so caution should be exercised. Please keep in mind that to place useable tracking malware in a .PDF that is being viewed on a Linux system using a viewer other than Adobe would be extremely difficult.

Thanks for your replys. very helpfull for a newbee.

Noway2: What we are doing are indeed legal. To be able to anonymously ask questions is actually a part of the same law that force the politicians and administration to answer the questions asked. In this way everyone can see how our tax-money is used. When the admins block my sons linux based laptop at school, I want to know why. Actually they block everything that is not Windows. Two of the neighbour municipalities running Linux on their schools have been forced to change to windows because of this. For years we have asked why our schools are running windows and not linux, we can clearly see that the linux-schools have 3-times more computers in the classrooms.

If you would like to submit questions anonymously, consider using an email system like Hushmail. Unless they are able to get a legal warrant in BC, Canada, Hushmail won't release your information.