Online armour: Duncan Campbell's tech chief on anonymity 101
Of Tor, TAILS and Jabber
A Linux that's good at forgetting
In many cases, your typical web-browser traffic will contain personal identifiers (things like Facebook login cookies, advertising-network tracking cookies and so on) that could allow your Tor-anonymised activity to be correlated with your regular open browsing. Accordingly, the recommended approach is to use the Tor Browser Bundle which includes a privacy-optimised browser (derived from Firefox), pre-configured to run through Tor and always operating in Incognito mode.
Websites and other services can be provided as a Tor Hidden Service, which means your traffic to that location disappears in to Tor and never emerges through an exit node. This allows the service to be hosted in a fairly anonymous manner which is very difficult to track down - but given that the Silk Road eventually fell to the feds, apparently not totally impossible. Silk Road was run as a Tor Hidden Service, as are many "dark web" sites.
The Electronic Frontier Foundation's Surveillance Self-Defense project has a lovely writeup describing how Tor works, which is well worth the time to read if you're going to use it.
If the opposition has compromised the software on your local machine, through exploiting an unpatched vulnerability in the operating system or tricking the user in to opening a poisoned file that exploits an application-level bug, you have a very real problem. Your data is in "plaintext" on your computer, and if the opposition are in there too, they can just take it at the source. The ultimate back-stop against this is to boot in to a read-only environment which doesn't allow itself to be modified except in very limited ways.
The preferred solution is a Linux live distribution called TAILS (The Amnesiac Incognito Linux System); Amnesiac because by default it won't remember anything about you between sessions or leave any trace on the host PC. “Incognito” because it comes pre-configured for Tor and has a strong focus on preserving your anonymity.
The OpenOffice suite is included to allow for general productivity, along with a GPG-ready email client, the Pidgin IM client with OTR plugin pre-installed (both configured to run via Tor straight away). There is an insecure web browser available in case you need to get through a browser-based Wi-Fi login, but otherwise you will be going via Tor for everything.
Don't run TAILS inside a virtual machine. If your real machine is compromised, all your keystrokes would be at risk before they get into the VM – and the RAM of the VM could also potentially be breached from the outside. You need to boot a real machine in to it; to be properly safe, an un-sexy laptop from a few years ago should fit the bill nicely. It will certainly detect VirtualBox and complain accordingly.
There are general guides around for TAILS on the project's own website. I recommend burning the ISO to a DVDR initially, because the absolute-best end result is to use TAILS to install itself on to the USB stick you want to keep using. Boot from the burned disc, but then use the TAILS Installer tool to install it onward to your USB stick.
Alternatively, you can temporarily ignore my previous dire warnings about not using TAILS in a VM; boot a VM from the ISO disc image, configure your VM software to pass-through your desired USB stick drive so the virtual TAILS machine sees the stick plugged in to it, and proceed from there.
It would be very little fun if you had to re-enter all your configuration details every time you booted this Amnesiac operating system. So there is a feature available called the Persistent Volume, which gives you an encrypted partition on your USB stick where the included apps can store settings and you can store user files. It is also the reason for installing TAILS twice as I described earlier – it only works properly when TAILS fully installs itself to your USB stick, rather than us loading the ISO using the "Universal USB Installer" tool.
Don't run TAILS inside a virtual machine. If your real machine is compromised, all your keystrokes would be at risk before they get in to the VM...You need to boot a real machine in to it - to be properly safe, an un-sexy laptop from a few years ago should fit the bill nicely.
At the absolute strongest level of paranoia (but is it paranoia when we know they really are out to get us?), you may wish to validate that your TAILS download has not been tampered or replaced with an evil version. As the developers publish their PGP public key and sign their releases, we can use that to validate that the ISO we download is intact.
Buuuuut... Wouldn't the agencies just serve us one of those false public keys too?
The best defence I can come up with to that fundamental problem is to presume that their original website is intact and the intrusion would be a man-in-the-middle sort of attack. I previously downloaded their PGP public key using a wide variety of approaches (directly, then over Tor, then over my 4G mobile data connection, then over a commercial VPN service and so on) and compared them by taking SHA256 hashes of all of them.
They all matched up, so I decided there was in fact no monster hiding under my bed. This time. ®