for anyone interested, the tor program allows for encrypted browsing where your i.p address is swapped for another. (im not very technical so anyone who can explain it better, jump in!)

at any rate, https://www.torproject.o...projects/vidalia.html.en allows free download of the tor service.

sure it will be of use to someone!

I recommend TAILS for a complete solution.

Something in between:

https://www.torproject.o...jects/torbrowser.html.en

Has anyone looked into the IronKey Thumb Drive? It claims to be utterly "untouchable" --even to the extent that all files are irretrievably erased after ten incorrect password entries in a row. It also claims to somehow make web surfing anonymous "by triple-encrypting all of your Web surfing traffic." Supposedly, you can make your URL appear that it's coming from another country from where it actually is.

Kinda interested in this. I'm curious if anyone has expert opinions (I'm pretty naive about this stuff). Apparently, the US government buys these drives (they are the only ones they buy now)...which actually worries me a bit--maybe THEY have a backdoor to get into them, even though it's specifically claimed by the company that no back door exists.

that tails program seems pretty cool. what benefits would an external program have to the standard edition?

do you think it would work in addition to the other programs? ..i guess there wouldn't be a point using both?

and that Ironkey looks pretty cool. might have to add it to the Christmas list. surely it cant be totally fail-safe? any techies around know any downsides to these iron keys or their technology?

IRONKEY is just a USB stick with strong hardware encryption and a fancy metal case. Personally, I think IRONKEY is way overpriced. If it were me, I'd get the Imation Defender. It also has 256 hardware encryption - but does not require software on the OS. It uses the on-board fingerprint scanner.

As for the benefits of TAILS, it is a self-contained operating system with TOR built-in. SImply running TOR browser or Vidalia is not 100% secure as other scripts can run on your system not operating through the browser. These scripts can send internet history and other things. TAILS erases ALL trace of your doings once you shut down the system and everything is self contained.

Your ideal set0up would be the TAILS operating system installed on the thumb drive mentioned above (or any other thumb drive). This ensures about as full protection as you can find. (Team this up with using only at a library or public space and you're virtually undetectable.)

But here's the thing: Questions regarding security always must be framed by the question "SECURE FROM WHOM?"

For me, I'm most interested in being secure from LEGAL/JUDICIAL/POLICE HASSLE. Any judge can easily compel you to place your finger on a device to secure your print; it's much harder to force you to divulge a password.

Regarding passwords, how's this for an idea: Store your password (very complex and long--one you couldn't possibly remember) in a steel box with a simple timer/fuse set to light a small quantity of magnesium powder or similar if you haven't reset the timer in X period (probably a few days). No harm is caused by the small fire in the box, except the small piece of paper that holds your password is completely obliterated by a small but hot magnesium fire.

THEN, when you've been arrested, etc., and a few days later come in front of a judge (after your thumb drive has been forensically examined and found to be encrypted to the point where it's not feasible to try to break the encryption) who demands that you provide the password on penalty of PERMANENT INCARCERATION for contempt of court, you can announce your steel box system and state perfectly honestly that 1) You simply DO NOT KNOW your password, and have no way to retrieve it, and 2) You are not in any way in contempt of a judicial order, since the password was destroyed BEFORE the judge had requested it! ***Nor could you be charged with "obstruction of justice" for having "planned" to thwart the judge. Your reason for creating such a setup was "in case you died unexpectedly, you didn't want anyone to have access to your private thoughts and ideas, etc."

A somewhat less involved plan would be a service (hey, let's start one!) which STORES such passwords for you online, and which will PERMANENTLY ERASE the password under the conditions you specify (such as not resetting every few days). This wouldn't be a problem for me because it would only be for a thumb drive I used for SPECIAL internet work...so I could retrieve the password from the regular OS and browser, in order to open the thumb drive for my private browser work.


EDIT: And, of course, you could always have a "burnt box" ALREADY MADE, and in fact be using a password you know and keep in your head, but USE the burnt box story in order to CLAIM you don't know your password. Of course that's slightly risky, because it probably COULD be proved--if they wanted to go to the trouble--that the fire in the box in fact hadn't occurred within the last day or two.

Found this on Newegg - uses a key instead of fingerprint - still has hardware encryption and only $59.99.

Corsair Padlock 8GB

The people on newegg feedback raving about the ironkey here are noting its use of SLC memory instead of MLC. They explain that as the reason for the higher cost, and claim its worth it.

So, what's your setup SWIMfriend? Do you have an IRONKEY? How do you use it?

No. I'm currently in the process of trying to think through security to a high level, and plan how I will implement it. I may start a thread on the topic--not sure if it's really appropriate here (I'm getting an opinion).

I want to know and understand how to implement quite SERIOUS security measures--ones that would foil government/judicial investigation.

The best advice I've gotten so far recommends: 1) Out of country VPN (so that no court would be able to demand records of my browsing from either my ISP--because they wouldn't even know it with a good VPN--or the VPN itself, because it would be offshore). 2) Really comprehensive utilization of TrueCrypt (including their "plausible deniability" scenario), and 3) Browsing directly from a thumb drive, possibly with a hidden Linux volume under TrueCrypt.

I don't really have an URGENT need for such things. My strategy (and experience) is based on the idea that it's BETTER TO BE PREPARED. Read about many criminal cases these days and you will find that the person's COMPUTER went a LONG WAY toward convicting them. IMO drug prosecutions (persecutions) in the US are going to get WORSE (more severe) before they get better. It's only a slight turn of the screw before some DEA idiot decides god and country must be protected from MHRB.