[Discussion] Variety of Questions and musings with technical focus

[Fasterandfaster]

I am trying to get answers to an number of specific technical questions, each of which might be addressed in its own thread, however there is a unity of theme that unites them all and that is: secure connection for data transfers (updating, software downloads). I have posted some elsewhere, but perhaps this is the best location for a discussion. Please feel free to casually comment on anything I have mentioned or direct me to more precise technical discussions elsewhere. Thank you. Since the entry to the forum was sightly humorous and with a salt grain in a manner of speaking, forgive me if I have taken certain liberties and artistic license in this technical discussion. There are also important social issues at stake regarding liberty, privacy, and the impact of technology on society.
***********************************************
Are everyone else’s tor circuits just VPNs to Bush (busshy)? How do you get total control over your tor circuits? I have explored Nyx. The install and interface is easy enough but there is not much info about configurations (like Sandboxing, FascistFirewall, and bridging [my tor can get total bridge blocked even if I request and input more]). When I start system tor with init.d tor start nothing happens. I verify tor browser downloads but still anomalies happen. There is some way tor circuits are manipulated outside the user’s system. Then everyone tells me I am not the “dominant” male but no one is dominant with Tailored Access Ops. If you think you are dominant, your endpoint just hasn’t been TAOed yet. How is an individual supposed to be dominant so they can reproduce with the NSA and other trillionaire class hackers around? Impossible. No one is dominant. They just won’t take the submissive female role. They should get mad at the other party for not being the submissive female. You are not dominant, any of you: your stuff just hasn’t been destroyed yet. People only have the illusion of dominance because someone bigger than them isn’t messing it all up for them! For further clarification. I am a legitimate free software user who is trying to improve the security of the system. I am suited to this task because I am constantly being cyber attacked. Hackers have taken control over my computer and then blame me for its behavior. So I am trying to keep them out so that the system works properly. I don’t see how the APThreat is legitimate. The hardware is my property and the software is strongly passworded by me. I do nothing illegal ever, so I can’t see how the attacks could be justified judicially: must be just some scriptid with a bad pwn habit. My conduct is all white hat. This scriptid thinks that they can convince the public that FreeSoftware is defective if they destroy my system. Proprietary software can also be hacked. The hacks are just hidden in EULAS or in unnoticeable background stealth processes that people are unaware of and in security and privacy they have been forced to forfeit in order to use the product. The scriptid needs flipped. Debian tor+http sources are good but must not be the best. Qubes has tor+httpS but I have encountered update hacks even with those sources. Debian tor+http security sources have an gpg (In)Release signing issue, so I have tried https transport only for security sources. If that was covered by a VPN, my updates might be successful. That it why I am interested in Nym (see History of Mixnets on invidous yt for more information). Other VPNs I have tried get broken and altered by my attacker. Yggdrasil is still in its early stages. Does anyone know how to improve the security of up dating beyond tor+http in Debian? Furthermore, not everything can be accessed via tor. How do people access tor blocked webpages securely? If I want an iso, how do I get it without an attacker injecting malicious code? Onion server downloads (e.g. Ignite and Qubes) take eons. I verify my iso but then there must be forgeries of verifications or installations can be interrupted with RF (see COSADE, spectrum analyzers). It would appear that there is no secure way of getting access to information if anything is connected. Is the best I can do for this threat model is to run Live Read-only Tails DVDs? Tails does not virtualize and there is fingerprinting through /proc that can be used to target and attack a particular system. Yes, anonymity improves the odds of maintaining integrity of the system because then the attacker doesn’t know who to attack. But Qubes is writable and I don’t have VT anyway. Virtmanager might be improved on TAILS. And there are big problems with Java. LibreJS might help. Not everything can be done via command line, or if it can there should be more guides (well written and not omitting any steps).

[arochester]

In Forums it is usual to only ask one question per thread.

If your thread was short and simple you would have a better chance of getting an answer.

For a start, try breaking things into meaningful paragraphs.

This is too long and too heavy for me.

TLDR

[CwF]

more guides (well written and not omitting any steps).

Understand that any simple 123 is preceded by a few dozen 'if' statements.
When those are sufficiently provided in the OP, then there may be a 123.
Actually, answers have the same issue. Many are presented as 'the' even if only 'a' way. Unstated 'ifs'

Does ChatGPT have a 'ramble' mode?

[sunrat]

TL:DR

[donald]

@Best_Threads

[canci]

Nothing like a text wall slapping you in the face early in the morning.

But honestly, here are my 2 cents about posting successful threads:

1. Very wordy threads with superfluous wordage usually don't get read. If someone wants to read a wall of text, they will get a nice book. Please use concise sentences that have a clear point.

2. Please state a clear aim, and preferably 1 or very few per post. E.g. do you want to discuss security and be a bit more meandering? Then by all means post it here in off-topic. But even then, it's best to maybe stick to few points so that people aren't overwhelmed. Maybe start with a discussion of Qubes. Then start another on securing routers etc. The way your post is now, you'll scare off half of the people who are overwhelmed by your text wall and the other half are going to pick out 1 point anyway, so you'll end up with several concurring points and a messy mega thread.

3. Keep genuine support questions to the support threads and keep those, unlike off-topic discussions, as brief as possible and provide examples, etc.

4. This isn't against forum rules per se, but it's a pet peeve of mine and might make you sound like a douche in the eyes of some -- but then again others might find it amusing: If possible, refrain from doing this dance where you ask a question that looks like a support question, and then when someone answers, you pretend it was a rhetorical question all along so you can start off a diatribe about the topic. Not saying that's what you intended, this is just a general tip.

Hope this helps.

[Fasterandfaster]

I got it. I will someday find the time to put every specific question in its own thread. However, if people spent as much time critiquing the presentation of questions as answering them, the entire topic consisting of multiple replies would be much briefer. I could write several volumes of book length manuscripts also. It's a matter of (un)packing and (de)compressing.

No one has told me how to make a secure VPN like connection in which the sources don't get blocked and I can get secure software that hasn't been tampered with or altered maliciously. I am making a thread about tor+http security InRelease gpg signing next.

[canci]

Well, I'm the off-topic moderator, so it's in my interest to keep the section legible. Otherwise I might have not reacted.
But your new posts are much more concise and coherent. Thank you.

[Fasterandfaster]

I would direct anyone sincere and interested to my other topic entries. I have divided each specific technical question into its own thread which I hope can be addressed in a serious and professional manner. I am really looking for the answers and not for trolling. I'm not getting many genuine answers to the questions posed. I would think others have the same questions as me. Currently, I cannot get tor+http sources anymore but I have found protonvpn-cli to be useful for httpS sources when tor fails. Maybe this is better since then no one can inject http over tor.