How does a person under surveillance safely download tor or tails in a hostile environment?

One of tor’s stated goals is to help individuals such as journalists, activists and whistleblowers protect against surveillance, and in many countries people in those lines of work or activities are usually subject to surveillance, especially targeted surveillance.

Given a scenario in which a journalist working in an environment where he is subject to active targeted surveillance, how would he safely download tor? Assume that the journalist in question is using a new computer with a freshly installed Linux distribution. In what ways could an adversary with man-in-the-middle capabilities affect or compromise the download?

Does using https to download TAILS or the distribution package manager to download tor provide enough security to protect from malicious third-parties? How can someone in this scenario safely download tor or TAILS?

Using an example to comprehend why “safely” erasing a drive yields better results than filling it up with meaningless data

A hypothetical 1GB USB stick is full of sensitive documents/images/etc. and it is not encrypted.

The owner wishes to discard it and is aware of having to safely erase it first.

There are several tools and utilities to do this. Some can be configured to do it “faster yet less safely”, others do it “slower but more safely”.

As opposed to have it erased using all the different ways known to do this, the owner chooses to simply drag all the current items to the recycle bin and then paste one 1GB (~2-hour) black screen movie file to the USB stick.

Again, no fancy erase utilities are used. The USB stick is then discarded.

If it falls into the wrong hands, can any of the sensitive files (that filled the stick before the movie file was pasted) be retrieved?

(1) If no, why do complex hard drive erase utilities exist? Some of them feature “safe” erase procedures that take houuurs, when simply filling a soon to be discarded HD with meaningless files, can do the job?

(2) If yes, how can 2GB (movie file + sensitive files) co-exist in a 1GB stick? Seems to me like the only logical explanation is (a) the movie file was in fact less than 1GB, (b) the USB stick was secretly larger than 1GB as stated, or (c) the movie file was copy-pasted only partially and the owner did not notice.

Where Can I Buy High Quality Backlinks With Safely?

Do you know where anyone can buy high-quality backlinks with safety? Because there are a lot of fraud companies who build backlinks through black hat methods. I want to add more sites that are providing spam-free and white hat backlinks. Also, I have already added some great sites for buying backlinks on my site. But I want more for helping my audiences. Can You recommend something?

How does someone (safely) construct, expand & renovate any given demiplane? [closed]

Casting Demiplane allows the caster (warlock or wizard… or sorcerer using Wish… &/or sneaky bard) to have:

  • A Medium-only door (‘Must be this size or smaller to ride – NO OGRES ALLOWED’) that vanishes when spell ends / after one hour.

  • Creates a permanent (30′ x 30′) room of stone &/or wood walls.

This spell has amazing uses yet serious limits which others have questioned:

Question: “How much one can customize the interior of this spell?”

Answer: “If / as / so much as the DM says / so!”

OR

Question: “What the nature of this demiplane for location & tracking purposes?”

Answer: “They must describe it a bit &/or use a ‘tuning fork‘!”

Information on Demiplane is amazingly light, especially for a game system that prides itself on doing the absolute minimum possible for a spell’s casting. This spell is neither useful for combat mechanics nor very clear for role-play purposes.


My concerns with this spell description & use:

  • Does this shadowy connection door between Demiplanes vanish within the hour? The spell description does not specify, so this may be a way to build up a massive interconnected demi-mansion. Can this door stay ‘open’? Can it be a ‘window’ instead? Can the connection between planes let larger creatures through if you double it up multiple shadow doors in one spot?

  • What happens if one adds plane-space expanding magic to this Demiplane? Say you cast a Mordenkainen’s Magnificent Mansion in there – does the whole plane become a bit bigger? Or does this simply not fit? Or does this spell trigger a collapse-explosion similar to sticking a Bag of Holding into a Portable Hole? Can one change the time-passage of the original Demiplane so as to make these space-holder-builder spells permanent?

  • The 5e spell specifies the new parts must be cast OUTSIDE of the original. Is there ANY way to add or expand to the space-size of this 30′ x 30′ plane? Possibly the repeated use of the (non-exhausting) Wish spell? ‘You need not meet any of the requirements’… does that allow one to add bonus space to this walk in closet? Or even make this silly vanishing smoke-door a bit more durable.. or big enough to fit a donkey through?

Base question: Demiplane feels small / simple / specific / stuck. How does an Arch-mage add bits / expand / give it more space for activities?

Answers may include: any of the guides (Volo’s Mordenkainen’s, etc.), tweets from Lord Crawford, Sage Advice, any 5e Unearthed Arcana… or whatever one can find that is RAW, quasi-legal or even slightly more tested than outright home-brew.

How to safely handle non public data in memory

Alice needs to get non public information from Bob, validate it (let’s say check that birth day is between 1900 and now) and forward it to Charlie. There’s an end to end encryption between Alice and Bob and Alice and Charlie.

If the computer Alice uses is some remote machine, can Alice avoid leaking the non public information she is handling to whoever has access to the machine she uses?

My undestanding is that the moment the data is decrypted in the machine’s memory it’s at the mercy of whoever has physical access to that machine. Is that correct? If so. Does that mean that for handling non public information I should never use cloud solutions and rely only on physical machines that I own?

I see there’s “Homomorphic encryption”. But I understand that if, as in my example, I have to validate that a number is btween x and y it’s equivalent to the number being known?

There’s a somewhat similar question here: encrypting data while in memory

But it does not focus on these questions and is implementation specific.

How to safely display html emails?

I’m building a webmail application using php at the moment. I’m getting the email content from gmail using Imap and wanted to display the email as close as I can to how gmail shows it. Is it safe to display the raw html body from the email or is there additional steps I should take to ensure my application is secure from attacks?

I also looked at this question “how-to-safely-display-html-emails-like-gmail-does-it” but its from 5 years ago and couldn’t find any recent sources on the topic.

Can I safely sell a used keyboard without risk of new owner recovering previous inputs?

As far as of my knowledge goes, keyboard don’t store keystrokes in their memory by default (excluding those bundled with keyloggers). The thing that comes to my mind though is that some keyboards do have some built-in memory for storing user’s preferences (e.g. gaming keyboards). Can this be somehow reprogrammed to store other data than just LEDs color combo?

Can I sell my keyboard without worrying that new owner might recover previous input in some way?

Cheers, Dominic

Is it possible to use WeChat (Weixin) more safely in recent versions of Android by using permissions?

I assume that anything written or read on WeChat is read by the government of the People’s Republic of China. I understand the risks of that.

However, I would like to understand the implications of using WeChat for other data on my device. With earlier versions of Android, you had to grant all an app’s permission requests in order to use it, and WeChat demanded every possible permission. More recent versions of the OS allow users to grant or deny permissions in groups. Is there a combination of permissions which would allow WeChat to function as a chat/messenger app, but prevent it from reading other data on my device?