Difference between revisions of "Contributor privacy and opsec"

From Bisq Wiki
Jump to navigation Jump to search
Line 3: Line 3:
 
There are parties though that would rather have Bitcoin either disappear, or be turned into the ultimate mass-control tool (the latter being a very realistic scenario, given the peculiarities of the blockchain and its workings). This might, in turn, lead these parties to act in such a way that Bitcoin itself doesn't prosper, or projects around it disappear completely.
 
There are parties though that would rather have Bitcoin either disappear, or be turned into the ultimate mass-control tool (the latter being a very realistic scenario, given the peculiarities of the blockchain and its workings). This might, in turn, lead these parties to act in such a way that Bitcoin itself doesn't prosper, or projects around it disappear completely.
  
Bisq contributors, as "key" elements for Bisq's well being, might be among the targeted elements for the above reason, and for this, other than for best practices regarding privacy on the internet, it is advisable they act accordingly, first and foremost for their own safety, and then for Bisq's.
+
This is not an advanced privacy/anonymity guide, but is rather tailored to Bisq contributors and their selective need for pseudonymity, which should not impact too much on convenience unless they cover very sensitive roles (in which case they are already prepared on the matter of personal security, and do not really need this guide anyway).
  
This article will not be a duplicate of existing, well written resources about privacy on the internet, like this one: https://github.com/BlockchainCommons/Pseudonymity-Guide
+
Bisq contributors, as key elements for Bisq's well being, might be among targeted individuals, and for this, other than for best practices regarding privacy on the internet, it is advisable they act accordingly, first and foremost for their own safety, and then for Bisq's.
  
Rather, this will be a short heads up to aspiring contributors, but really, anyone, to follow some simple principles.
+
The aim of this guide is containerization, which means that a ''contributor'' will appear to an ''adversary'' (someone trying to understand who you really are, to do bad things to you) as a specific individual, traceable online as ''contributor'', but hopefully (if you do things well enough) not linkable to their real identity, nor to other possible nyms ''contributor'' uses while participating in other projects.
 +
In other words, ''adversary'' will be able to tell if something on the internet has been said by ''contributor'', but it should not make them any wiser about who ''contributor'' really is, where they live, or which other works they have done for other initiatives.
 +
We will be making Tor Browser work as a much more convenient, much less privacy hardened browser, that will still force you to connect through Tor to do whatever you need; an adversary will be able to fingerprint you as a nym, but they won't find details to locate your real identity if you are careful; the previous statement will not be liked by enthusiasts of online privacy, but a mild yet consistent plan, is still much better than a very strong plan that is not adhered to 100% of the time because it is very unconvenient.
  
* Assume any online service will keep all the information about you that you allow it to obtain (browser/PC information via javascript, OS preferred language, obviously your IP, cookies...) and store them for the long term even after you think you deleted them
+
Let's clear up some definitions:
* Assume that anything you do, say, or write, will be used against you, even if it was innocent and apparently inconsequential at the time
+
* privacy is when someone knows who you are, but not what you do
 +
* anonymity is when someone knows what you do, but not who you are
 +
* pseudonymity is when someone knows "who" you are and what you do, but the "who" is an imaginary identity that exists only in its own reality, without any ties to your real or alternative identities
  
An "affordable" way to being able to do and say almost anything you would want to, is to remove the ties between your real ID and your internet ID:
+
For more info:
# Use Tor
+
* https://github.com/BlockchainCommons/pseudonymity-guide
# Create a whole new virtual identity, with emails and usernames that you don't use for other personal things
+
* https://anonymousplanet.org/guide.html
# Keep that identity in check with itself, and never mix things you do and say with that, with those you do and say with either your real ID, or other IDs you might have created
 
  
These are just the basics: do your own research, privacy is not easy to obtain as everything which is free, is usually at the cost of it; privacy is also inconvenient, as everything which is convenient and free also comes at the cost of your privacy. So start with small steps, learn to develop a routine, and then progressively document yourself, for example on guides like the one linked above.
+
= Tenets =
  
For starters, avoid linking your real ID, or even an existing alternate ID, with what you do on Bisq, but rather prefer building a whole new identity.
+
* I will have a Bisq nym, that will be the only one used for everything related to Bisq
 +
* My Bisq nym will be its own person, it will not be similar to, know about the existence of, or participate in the same chats/groups/forums/activities as my real or alternative identities
 +
* I will only use Tor for everything the Bisq nym does
 +
* I will endure the slowness of Tor, and will NOT use my real connection nor my faster VPN to do Bisq stuff
 +
 
 +
= Steps for base setup =
 +
 +
== If you don't already have Tor Browser installed: ==
 +
 +
* download Tor Browser for your OS
 +
* have Tor Browser "installed" (actually it is just uncompressed in a folder with no ties to registry or system config) in a path that's unique to your Bisq nym
 +
 
 +
== If you have another Tor Browser already installed ==
 +
 
 +
* make a copy of your installed Tor Browser directory. (For example copy to <code>Tor Browser Bisq</code>)
 +
* run the copy, ignore the error about restarting Tor if the other Tor Browser is open (they will try to bind the same ports, returning an error), close the popup and open <code>about:config</code> in the URL bar, say that you really want to access the options, then search for <code>_port</code>
 +
* you want to edit <code>network.proxy.socks_port</code> and <code>extensions.torlauncher.control_port</code>, the standard values here are respectively 9150 and 9151 (standalone tor daemon is 9050 and 9051), so you can change them to 9250 and 9251, or increase them to 9350 and 9351 if you want several Tor Browser instances running at the same time
 +
* still in about:config, search for "privacy.resistFingerprinting.letterboxing" and set it to false (allows maximizing pages to fill the whole screen)
 +
* close Tor Browser and restart it
 +
* start the other Tor Browser in your system
 +
 +
== Common steps ==
 +
 +
* go to geolocation.com in Tor Browser, verify the IP and location is different from your real ones (it will necessarily be, this is just to show you where you appear to be coming from, when using Tor)
 +
* make sure the shield icon in top right is empty (clicking on it says "standard"); this will enable scripts, which are not "safe" for anonymity, but you want a bit of convenience to be able to use Matrix and other websites that require javascript, as long as all activity in this browser stays withing your Bisq nym
 +
* go to settings > privacy, and under "history" disable "always use private browsing", this will restart Tor Browser; after restart, return to same settings, disabled cookie deletion after Tor Browser closes (so you can log back in to websites automatically), enable all logins&passwords saving, in under history enable what suits you (enable both "remember" for maximum convenience), then under Permissions, block requests to access camera and location (maybe you need to enable mic for calls).
 +
 
 +
== Tips ==
 +
 
 +
* if for some reason you don't like the IP/location you are coming from out of Tor, or the connection has become unbearably slow for you, you can click on top right tool button and choose "New Identity", Tor Browser will restart and find another circuit
 +
* sometimes Tor will become slow, really, unbearably torturing slow; stay strong, don't go clearnet; if all else fails, blame Tor with your correspondents, it will immediately excuse you for your unresponsiveness, and at the same time show you are very privacy-oriented and make you look really cool
 +
* the usual tip to leave the tor browser window at default size is not really needed here, as we are okay with "fingerprinting" the nym
 +
 
 +
= Known issues and warnings =
 +
 
 +
* real anonymity does not exist, even if you could "plug" into the internet like rebels plugged into the Matrix, someone could still be able to trace the source of your "signal"; proper personal protection can be achieved based on one's dedication and skills, and always relative to one's thread model (a Bisq contributor shouldn't get the same attention that a whistleblower does, for example)
 +
* it only takes one mistake, where you let a hint to your real identity slip through your pseudonym, and your whole nym is compromised, plus all of their past activity will be linked to you
 +
* assume any online service will keep all the information about you that you allow it to obtain (browser/PC information via javascript, OS preferred language, obviously your IP, cookies...) and store them for the long term even after you think you deleted them
 +
* assume that anything you do, say, or write, will be used against you, even if it was innocent and apparently inconsequential at the time
 +
* in the above configuration, Tor Browser loses most of its specific privacy strengths, yet it's still very useful to have a portable, containerized browser that will only work through Tor, and builds its own Tor connection, distinct from any other Tor daemon you might have on your system (versus, for example, using several chromium instances tied to the same Tor proxy, which will all use the same entry and exit node, and which will be at risk of going on clearnet if for any reason the plugin you use to proxy through Tor doesn't do its job)
 +
* this guide is only aimed at online protection, offering nothing in the compartment of offline security: anyone physically accessing your PC will be able to tell that you are, in fact, ''contributor'', plus any other identity you might have used online, unless you also hardened your system with additional layers that will not be covered in this guide, at least for now (see Tails, Qubes, Whonix, or any other renowned tool for PC protection)
 +
 
 +
= Steps for accounts setup =
 +
As a Bisq contributor, you will need at minimum a GitHub account, to be able to publish Compensation Requests. A GitHub account requires an email address, so you will need that one as well.
 +
Protonmail is one email provider that will let you register -as of now- without any KYC elements (no other email addresses nor phone numbers needed); riseup.net also offers no-kyc email, but you need an invite by another user; in case you know of similar services, please notify us and we will gladly add them in this guide.
 +
An account on matrix is also advised to access Bisq's space, you will register from https://bisq.chat and use the same email to associate to that account, you might want to also register at https://bisq.community to interact with the forum.
 +
An interesting customization can be to obtain an AI generated face to associate with your account, there are many services that let you get such a picture for free.

Revision as of 22:22, 27 December 2022

First of all: Bitcoin is good for you and the rest of the world, and dealing with Bitcoin is, in itself, perfectly fine and natural. This means that when you privately trade on Bisq, you are most probably doing nothing wrong, on the contrary you are furthering the ideals Bitcoin was created for, even if someone might try to convince you otherwise.

There are parties though that would rather have Bitcoin either disappear, or be turned into the ultimate mass-control tool (the latter being a very realistic scenario, given the peculiarities of the blockchain and its workings). This might, in turn, lead these parties to act in such a way that Bitcoin itself doesn't prosper, or projects around it disappear completely.

This is not an advanced privacy/anonymity guide, but is rather tailored to Bisq contributors and their selective need for pseudonymity, which should not impact too much on convenience unless they cover very sensitive roles (in which case they are already prepared on the matter of personal security, and do not really need this guide anyway).

Bisq contributors, as key elements for Bisq's well being, might be among targeted individuals, and for this, other than for best practices regarding privacy on the internet, it is advisable they act accordingly, first and foremost for their own safety, and then for Bisq's.

The aim of this guide is containerization, which means that a contributor will appear to an adversary (someone trying to understand who you really are, to do bad things to you) as a specific individual, traceable online as contributor, but hopefully (if you do things well enough) not linkable to their real identity, nor to other possible nyms contributor uses while participating in other projects. In other words, adversary will be able to tell if something on the internet has been said by contributor, but it should not make them any wiser about who contributor really is, where they live, or which other works they have done for other initiatives. We will be making Tor Browser work as a much more convenient, much less privacy hardened browser, that will still force you to connect through Tor to do whatever you need; an adversary will be able to fingerprint you as a nym, but they won't find details to locate your real identity if you are careful; the previous statement will not be liked by enthusiasts of online privacy, but a mild yet consistent plan, is still much better than a very strong plan that is not adhered to 100% of the time because it is very unconvenient.

Let's clear up some definitions:

  • privacy is when someone knows who you are, but not what you do
  • anonymity is when someone knows what you do, but not who you are
  • pseudonymity is when someone knows "who" you are and what you do, but the "who" is an imaginary identity that exists only in its own reality, without any ties to your real or alternative identities

For more info:

Tenets

  • I will have a Bisq nym, that will be the only one used for everything related to Bisq
  • My Bisq nym will be its own person, it will not be similar to, know about the existence of, or participate in the same chats/groups/forums/activities as my real or alternative identities
  • I will only use Tor for everything the Bisq nym does
  • I will endure the slowness of Tor, and will NOT use my real connection nor my faster VPN to do Bisq stuff

Steps for base setup

If you don't already have Tor Browser installed:

  • download Tor Browser for your OS
  • have Tor Browser "installed" (actually it is just uncompressed in a folder with no ties to registry or system config) in a path that's unique to your Bisq nym

If you have another Tor Browser already installed

  • make a copy of your installed Tor Browser directory. (For example copy to Tor Browser Bisq)
  • run the copy, ignore the error about restarting Tor if the other Tor Browser is open (they will try to bind the same ports, returning an error), close the popup and open about:config in the URL bar, say that you really want to access the options, then search for _port
  • you want to edit network.proxy.socks_port and extensions.torlauncher.control_port, the standard values here are respectively 9150 and 9151 (standalone tor daemon is 9050 and 9051), so you can change them to 9250 and 9251, or increase them to 9350 and 9351 if you want several Tor Browser instances running at the same time
  • still in about:config, search for "privacy.resistFingerprinting.letterboxing" and set it to false (allows maximizing pages to fill the whole screen)
  • close Tor Browser and restart it
  • start the other Tor Browser in your system

Common steps

  • go to geolocation.com in Tor Browser, verify the IP and location is different from your real ones (it will necessarily be, this is just to show you where you appear to be coming from, when using Tor)
  • make sure the shield icon in top right is empty (clicking on it says "standard"); this will enable scripts, which are not "safe" for anonymity, but you want a bit of convenience to be able to use Matrix and other websites that require javascript, as long as all activity in this browser stays withing your Bisq nym
  • go to settings > privacy, and under "history" disable "always use private browsing", this will restart Tor Browser; after restart, return to same settings, disabled cookie deletion after Tor Browser closes (so you can log back in to websites automatically), enable all logins&passwords saving, in under history enable what suits you (enable both "remember" for maximum convenience), then under Permissions, block requests to access camera and location (maybe you need to enable mic for calls).

Tips

  • if for some reason you don't like the IP/location you are coming from out of Tor, or the connection has become unbearably slow for you, you can click on top right tool button and choose "New Identity", Tor Browser will restart and find another circuit
  • sometimes Tor will become slow, really, unbearably torturing slow; stay strong, don't go clearnet; if all else fails, blame Tor with your correspondents, it will immediately excuse you for your unresponsiveness, and at the same time show you are very privacy-oriented and make you look really cool
  • the usual tip to leave the tor browser window at default size is not really needed here, as we are okay with "fingerprinting" the nym

Known issues and warnings

  • real anonymity does not exist, even if you could "plug" into the internet like rebels plugged into the Matrix, someone could still be able to trace the source of your "signal"; proper personal protection can be achieved based on one's dedication and skills, and always relative to one's thread model (a Bisq contributor shouldn't get the same attention that a whistleblower does, for example)
  • it only takes one mistake, where you let a hint to your real identity slip through your pseudonym, and your whole nym is compromised, plus all of their past activity will be linked to you
  • assume any online service will keep all the information about you that you allow it to obtain (browser/PC information via javascript, OS preferred language, obviously your IP, cookies...) and store them for the long term even after you think you deleted them
  • assume that anything you do, say, or write, will be used against you, even if it was innocent and apparently inconsequential at the time
  • in the above configuration, Tor Browser loses most of its specific privacy strengths, yet it's still very useful to have a portable, containerized browser that will only work through Tor, and builds its own Tor connection, distinct from any other Tor daemon you might have on your system (versus, for example, using several chromium instances tied to the same Tor proxy, which will all use the same entry and exit node, and which will be at risk of going on clearnet if for any reason the plugin you use to proxy through Tor doesn't do its job)
  • this guide is only aimed at online protection, offering nothing in the compartment of offline security: anyone physically accessing your PC will be able to tell that you are, in fact, contributor, plus any other identity you might have used online, unless you also hardened your system with additional layers that will not be covered in this guide, at least for now (see Tails, Qubes, Whonix, or any other renowned tool for PC protection)

Steps for accounts setup

As a Bisq contributor, you will need at minimum a GitHub account, to be able to publish Compensation Requests. A GitHub account requires an email address, so you will need that one as well. Protonmail is one email provider that will let you register -as of now- without any KYC elements (no other email addresses nor phone numbers needed); riseup.net also offers no-kyc email, but you need an invite by another user; in case you know of similar services, please notify us and we will gladly add them in this guide. An account on matrix is also advised to access Bisq's space, you will register from https://bisq.chat and use the same email to associate to that account, you might want to also register at https://bisq.community to interact with the forum. An interesting customization can be to obtain an AI generated face to associate with your account, there are many services that let you get such a picture for free.