There are times in human history where there was more intense "space weather" in the solar system. These events were much more spectacular -- is in a much greater spectacle -- than the most spectacular events we know today which are eclipses.
In more ancient history there was obsessive worship of the planets on every habitable continent. Today we have a more scientific explanation for what was happening then, even if we don't see the same spectacles today.
download tor, run tor, go to darknet forums of any kind.
that's about the only use case I can think of for this approach, as well as where to find the few hundred people doing it.
that said, wearing walmart pants and hoodies, a face mask, and using a $200 laptop you got off of gumtree or kijiji or craigslist or FB marketplace at coffeeshop probably works just as well. bragging and laziness gets you busted, not a lack of local LLMs to check lexicon.
Common use cases, are, "as a Developer / DevOps practitioner, I want for":
- a client (company I do contract work for) sees a different source address that is different than the source address I use for casual browsing+posting.
- two SaaS used for purposes of servicing agreement with "client" don't see the same source IP address as used for other clients.
- a bank I use, and PayPal, always sees the same source IP address dedicated to my VPN account only and for this purpose.
- the tunnel (VPN) provider I use for casual browsing+posting does not see the destination IP address of my client's VPN.
- whatever first-hop ISP I use sees one single Wireguard tunnel and nothing else ever.
- the first-hop Wireguard tunnel is paid for with a pre-paid debit card, but any outbound TOR traffic is encapsulated by a secondary tunnel paid for with crypto.
- the TOR circuit used for browsing purpose A is not also shared by browsing purpose B.
- any arbitrary outbound tunnel is specific to the container or VM I intended to use but doesn't carry, nor has any risk of carrying, any of my other traffic.
Tor is important to me because I have a right to read.
There is no crime within Common Law for any of the above. Nor is there any violation of any statute for which any of the above is, per doctrine of minimum contact (such as with a pre-paid debit card), within jurisdiction of statute.
Perhaps some users do operate with some concern of being "busted", but most users that do outbound network path management do not operate with this concern.
In response to the comment further above (so not just the article), outbound network path management is not uncommon. However we often see it presumed to be uncommon by those who haven't thought of it, or have thought of it but the ability to do it is out of their reach.
Qubes makes outbound network path management easy enough but it's not too hard to do on Linux and FreeBSD, so it can also be done on machines with modest compute resources (which may or may not be subject to the machine being an older machine) as well.
Flipping the HAP bit on the Intel ME/AMT on older laptops is less difficult, generally (not always). However, with more recent UEFI releases containing newer Intel ME/AMT payloads, the HAP bit is benign on these newer releases of Intel ME for all we know.
There is a very dire need to have those with hardware hacking skills assist the larger freedom software community in "liberating" newer machines.
Someone recently got Libreboot running on a ThinkPad T480
This is exactly why there are some more "enterprise" machines out there that an arbitrary adversary with physical access can not "abruptly restart" from the outside.
It's a shame that popularly used OEMs still allow "abrupt restart" to be so easy.
Something you can do for free is block all outbound traffic and configure Firefox to use an outbound HTTPS proxy where you can dynamically enforce a blocklist or default deny and an allowlist.
The cryptography is not where Signal is vulnerable. What Signal is running on, as in operating system and/or hardware that runs other embedded software on "hidden cores", is how the private keys can be taken.
Anything you can buy retail will for sure fuck you the user over.
Retail hardware actually has a better track record at the moment than bespoke, closed market devices. ANOM was a trap and most closed encryption schemes are hideously buggy. You're actually better off with Android and signal. If we had open baseband it would be better, but we don't, so it's not.
Perfect security isn't possible. See "reflections on trusting trust".
Bespoke but-not-really-bespoke closed-market devices made by the right people are very secure, but they are not sold to the profane (you).
> ANOM was a trap
Yes, ANOM was intended to be a trap.
> and most closed encryption schemes are hideously buggy
Yes they are. Hence some of us use open encryption schemes on our closed-market devices.
> You're actually better off with Android and signal.
I am better off with closed-market devices than I am with any retail device.
> If we had open baseband it would be better
And the ability to audit what is loaded on the handset, and the ability to reflash, etc. In the real-world all we have so far is punting this problem over to another compute board.
> Perfect security isn't possible.
Perhaps, but I was not after "perfect security", I was just after "security" and no retail device will ever give me that, but a closed-market device already has.
We must implement as LAW that a SIM card can provide and only provide a Zero Knowledge Proof of "this SIM is valid for this cellular/data plan up to a specific date".
If they want to track us all the time, whatever, if they can't keep that data safe from the Chinese Communist Party, then they aren't competent enough to have it.
"We must implement as LAW that a SIM card can provide and only provide a Zero Knowledge Proof ..."
Now is a good time to remind everyone that a SIM card is a full blown computer with CPU, RAM and NV storage.
Further, your carrier can upload and execute code on your SIM card without your knowledge or the knowledge of the higher level application processor functions of your telephone.
Is there any sandboxing to prevent access from the SIM card computer to information on your phone? And if so, absent of some (admittedly not very unlikely) 0day allowing sandbox escape, what would a malicious SIM program be able to do?
And, hopefully your USB stack, or your phone's equivalent to SIM interface, doesn't have vulnerabilities that the small computer that is the SIM card could exploit.
Operating systems that center their efforts on protecting high risk users like Qubes dedicated a whole copy of Linux running in a Xen VM to interface with USB devices.
It'd be great if more information were available on how devices like Google's Pixel devices harden the interface for SIM cards.
In more ancient history there was obsessive worship of the planets on every habitable continent. Today we have a more scientific explanation for what was happening then, even if we don't see the same spectacles today.