overview for daveyOsborn

Does there exist a clearnet-incapable OS? by daveyOsborn in c/tor@infosec.pub

[-] daveyOsborn@infosec.pub 0 points 3 weeks ago

What I am after may not exist. Tails without a clearnet browser would be close. It would be ideal if the platform were clearnet-free out of the box. Even better: clearnet incapable.

If I would uninstall the clearnet browser, that would be a deliberate act on my part to have a broken clearnet. It would be indefensible. The idea is to most faithfully play dumb when fighting public administrations who block tor.

Does there exist a clearnet-incapable OS? by daveyOsborn in c/tor@infosec.pub

[-] daveyOsborn@infosec.pub 1 points 3 weeks ago

thanks for pointing that out. I’ll have take look at their most recent version then.

Does there exist a clearnet-incapable OS? by daveyOsborn in c/tor@infosec.pub

[-] daveyOsborn@infosec.pub 1 points 3 weeks ago* (last edited 3 weeks ago)

Tails worked on clearnet, last time I used it. It gave a choice between tor browser or a clearnet browser.

10

Does there exist a clearnet-incapable OS? (infosec.pub)

submitted 3 weeks ago by daveyOsborn@infosec.pub to c/linux@sopuli.xyz

2 comments fedilink

cross-posted from: https://infosec.pub/post/41531898

I need this for political/activist purposes. When a public service blocks Tor, I want to be able to say that the public service marginalises/disservices ppl on some platforms.

My first thought was Qubes OS, because it can be setup as a Tor-only platform. The flaw of course is that users can configure it either way. So the public service would argue that it was the user’s choice to configure it to not use clearnet. If an OS were to operate purely on anonymous networks with no direct clearnet access, this would have some niche applications for activism.

4

Does there exist a clearnet-incapable OS? (infosec.pub)

submitted 3 weeks ago by daveyOsborn@infosec.pub to c/tor@infosec.pub

6 comments fedilink

I need this for political/activist purposes. When a public service blocks Tor, I want to be able to say that the public service marginalises/disservices ppl on some platforms.

My first thought was Qubes OS, because it can be setup as a Tor-only platform. The flaw of course is that users can configure it either way. So the public service would argue that it was the user’s choice to configure it to not use clearnet. If an OS were to operate purely on anonymous networks with no direct clearnet access, this would have some niche applications for activism.

7

Improvement on TLS underway → Namecoin and Tor as a Public Key Infrastructure (FOSDEM 2026) (fosdem.org)

submitted 1 month ago by daveyOsborn@infosec.pub to c/infosec@infosec.pub

0 comments fedilink

4

bank collects MAC addresses (infosec.pub)

submitted 3 months ago* (last edited 3 months ago) by daveyOsborn@infosec.pub to c/infosec@infosec.pub

2 comments fedilink

A bank’s privacy policy lists a lot of data they collect, including customers’ MAC addresses. I was dumbfounded. How is that possible? The router on your LAN obviously knows your device’s MAC address. And I guess the ISP’s router would know your gateway’s MAC address. But from there wouldn’t the bank only see your IP address from the WAN?

Then it occurred to me-- the bank has a smartphone app. So the app likely demands perms to get the phone’s MAC. But then what would the likely purpose be? To check vendor consistencies (to block VMs) and raise impostor flags if your MAC changes?

(update) Another question: instead of using the bank’s shitty phone app, you use their shitty web app instead. I would assume the JavaScript engine is naturally blocked from obtaining your MAC address and transmitting it. But I would like a sanity check.. anyone know for certain?

Netherlands: Two teenagers arrested in spying case linked to Russia - " walked past the offices of Europol, Eurojust and the Canadian embassy in The Hague carrying a "wi-fi sniffer" by daveyOsborn in c/blueteamsec@infosec.pub

[-] daveyOsborn@infosec.pub 2 points 5 months ago

So the question is, does Russia really have a hard time getting spies in? Or is it more of a matter of saving money on the travel effort and letting a couple local kids be the fall guys? Because the recruitment itself has some risk. Netherlands probably needs some counter spies posing as kids looking to be recruited.

docuseal: Open source DocuSign alternative. Create, fill, and sign digital documents ✍️ by daveyOsborn in c/blueteamsec@infosec.pub

[-] daveyOsborn@infosec.pub 1 points 5 months ago

I’ve been using JSignPDF for this by running:

java -jar jsignpdf-1.6.1/JSignPdf.jar

The tool you link looks quite a bit more comprehensive and user friendly. I think w/JSignPDF it just does the task of signing. You still need to generate SSL certs. I’ve not tried docuseal but looks like it tries to be foolproof.