LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-13-2013, 01:46 AM   #1
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Rep: Reputation: 39
Privacy of bookmarks with a live CD or other non-persistent system


A non-persistent system such a live CD or non-persistent VM has many advantages such as leaving no traces of internet activity on hard disks. But one disadvantage is that it does not remember browser bookmarks added in a session. Unless you share bookmarks with Netscape Inc or whatever (bookmark sync), which is not very private. If maximum privacy is required, bookmarks can in theory be stored in a truecrypt container file that is held in cloud storage, so the remote server operator cannot see the bookmarks. In practise this runs into problems, you're either forced to put the entire browser profile in the truecrypt container and lose performance, or do what amounts to hacks with soft links that firefox is not happy with and at certain times deletes.

Any open-ended ideas what can be done to ensure privacy of the bookmarks when using a live CD or non-persistent VM so no trace is left of internet activity in the hard disk but new bookmarks are remembered?

Last edited by Ulysses_; 12-13-2013 at 06:49 AM.
 
Old 12-13-2013, 06:58 PM   #2
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
If you are that interested in it, just save the links you need to a regular file and encrypt it, then place it in a persistent container (USB, for example).

You can always get the config folder of the browser you are using, tar it, encrypt it, and save it in the same fashion. For example, saving stuff in $HOME/.mozilla could do the trick. You would just have to copy it back to its intended place in the Live system after each reboot.
 
Old 12-14-2013, 04:50 AM   #3
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
Thanks. That could use a little scripting as there are hundreds of bookmarks and it would be nice if all of them were private, not just the new ones. Maybe a firefox addon?

Last edited by Ulysses_; 12-14-2013 at 05:01 AM.
 
Old 12-15-2013, 05:53 AM   #4
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
Found a way to do it with scripts:

ftp ... # get truecrypt container file from a free ftp service like exavault.com
truecrypt ... # mount container
gunzip places.sqlite.gz ... # and put this in firefox's profile, it holds the bookmarks
firefox
gzip places.sqlite ... # put it back to the container
truecrypt ... # unmount container
ftp ... # put container back to ftp server

Would be nice if this kept the server up to date with every bookmark you add or modify while firefox is running. How can a script that runs in parallel with firefox be made to wait until firefox is exited (for one last update) and then exit?

Last edited by Ulysses_; 12-15-2013 at 07:57 AM.
 
Old 12-15-2013, 08:02 AM   #5
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 1,353

Rep: Reputation: 205Reputation: 205Reputation: 205
You could mount a thumb drive as your ~/.mozilla folder or equivalent depending on browser. And your browser stuff including bookmarks goes there. Pros and cons as you'll need root access to mount the filesystem in some cases. And thumb drives are extremely slow. Although a lot of distros automount them these days. So a simple link "ln -s <existing> <new>" could do you. Which could be done as a user if your drive mounts automagically and you have write access to it (i.e. user id matches). Steps which you'd have to repeat everytime you boot the non-persistent distro.
 
1 members found this post helpful.
Old 12-15-2013, 11:56 AM   #6
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
Apart from performance, this also has the issue of traces left of internet activity on the thumb drive. Could link places.sqlite instead of the whole profile, and if firefox is happy with this, there is still the fact you are in physical possession of those private bookmarks. In a dictatorial regime you cannot deny they exist.

Whereas cloud storage can be accessed anonymously and it is on raid arrays too, not to mention backups. Could use 2 or 3 cloud storage providers too, simultaneously, in case one goes out of business.

Last edited by Ulysses_; 12-15-2013 at 01:29 PM.
 
Old 12-15-2013, 12:40 PM   #7
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
If ftp is not wanted because it won't go through some anonymity services, is there a free storage service that can download and upload the tiny file of the bookmarks just as easily as ftp but by other means?

Last edited by Ulysses_; 12-15-2013 at 01:33 PM.
 
Old 12-15-2013, 12:40 PM   #8
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 1,353

Rep: Reputation: 205Reputation: 205Reputation: 205
A local physical copy ensures that there's not 10k backups of your data, anywhere and everywhere, and in possession of everyone. There's only one physical copy that you can physically destroy or encrypt to some degree. Of course there's ISP packet logging and other tracking methods. So no matter what you do you're probably not as anonymous as you think.
 
Old 12-15-2013, 01:55 PM   #9
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
Quote:
Originally Posted by Shadow_7 View Post
A local physical copy ensures that there's not 10k backups of your data, anywhere and everywhere, and in possession of everyone.
Certainly, but do we mind that if they are encrypted?

Quote:
Of course there's ISP packet logging and other tracking methods. So no matter what you do you're probably not as anonymous as you think.
Do you have a little more detail on this, as it is crucial? Isn't tor good enough? Intending to use tor to connect to a vpn service, so hostile exit nodes are not an issue. Can this be de-anonymized?
 
Old 12-16-2013, 07:27 AM   #10
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 1,353

Rep: Reputation: 205Reputation: 205Reputation: 205
Quote:
Originally Posted by Ulysses_ View Post
Certainly, but do we mind that if they are encrypted?
computationally infeasible is the term used by the authors of encryption software. With enough computations, time is the only factor. And technology keeps advancing to make that time factor less infeasible.

Quote:
Originally Posted by Ulysses_ View Post
Do you have a little more detail on this, as it is crucial? Isn't tor good enough? Intending to use tor to connect to a vpn service, so hostile exit nodes are not an issue. Can this be de-anonymized?
To use a stupid analogy. You go to your drug dealer in a disguise. Your pastor sees you leave your house in disguise. The pastors wife sees you enter the drug dealers house in disguise. Do you really think the disguise helped prevent them from knowing where you went?
 
Old 12-16-2013, 10:46 AM   #11
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
If I'm dead of old age by the time they break my encryption I do not mind.

Regarding tor, are you suggesting that there is bound to be some collusion between all 3 tor servers and the vpn provider at some point in time, and only once is enough?
 
Old 12-16-2013, 08:30 PM   #12
Shadow_7
Senior Member
 
Registered: Feb 2003
Distribution: debian
Posts: 1,353

Rep: Reputation: 205Reputation: 205Reputation: 205
Quote:
Originally Posted by Ulysses_ View Post
If I'm dead of old age by the time they break my encryption I do not mind.

Regarding tor, are you suggesting that there is bound to be some collusion between all 3 tor servers and the vpn provider at some point in time, and only once is enough?
Computers get better. When I was a teen it took an hour to render 10 frames of 20 3D points in a 10px x 10px grid. 30-ish years later and video games render 1920x1080 pixels at 60fps while using 30% of a computers resources. You probably wont be "that" old when "they" catch up to you.

There doesn't have to be any collusion between tor, just someone watching at the source (your ISP) and some place "near" the destination. With enough technical prowess to know how to paint by number. TCP headers don't really change much, regardless of the packets contents. Or even if they do the packet content sans headers match, suspicion perked and link made. (if only in theory)

Last edited by Shadow_7; 12-16-2013 at 08:34 PM.
 
Old 12-17-2013, 05:56 AM   #13
Ulysses_
Member
 
Registered: Jul 2009
Posts: 589

Original Poster
Rep: Reputation: 39
So TOR is probably like a big global honeypot by three-letter-agencies then. I can buy that. Maybe the Russians or other foreign nationals have found workarounds, maybe long chains of socks proxies that clean and obfsucate tcp packages are better than tor.

Last edited by Ulysses_; 12-17-2013 at 05:58 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: I'm using Debian Live-based Tails from a live USB stick to preserve privacy and anonymity LXer Syndicated Linux News 0 01-09-2012 11:50 AM
Will Deleting 70-persistent-cd.rules and 70-persistent-net.rules Work As a "Live USB" Konphine Linux - General 1 10-09-2011 03:55 PM
Privacy resque live cd . gabsik Linux - General 2 06-02-2008 06:19 AM
Live user to Persistent ? a1234 Linux - Newbie 5 05-17-2008 04:04 PM
LXer: Bookmark Sync and Sort: Bookmarks synchronisation with privacy LXer Syndicated Linux News 0 01-28-2008 08:00 AM


All times are GMT -5. The time now is 08:02 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration