Go Beyond

Only read if you don't mind being offended.

Announcing Vagabond Workstation

I'm not usually this nervous when I write. I'm about to share something I've invested two years of work into with the world. Something that is not kosher to a great number of people. I have a great deal of ethical concerns around this as I don't understand the maturity of the human condition. We are capable of making incredible things, the Internet, the atomic bomb, firearms, and medicine, and yet do we let these things make our lives better or worse? Do we harm ourselves with our ingenuity? Is our push for bigger, faster, smaller, actually moving us somewhere? Or perhaps we're just hamsters spinning the wheel, thinking it's going faster and faster. And maybe it is, but our actions are every bit as insignificant. Worse yet, maybe the faster the wheel turns, at a point, our abilities destroy ourselves.

I want to share what I've been up to for the past two years. Some of you know that I've been up to a couple things, and that is true. There was something else I was working on. If it didn't take up more of my time, it certainly took up more of my mental energy. A couple years ago, give or take a couple of months, I had launched my fourth Bitcoin accepting service. I was living with a very kind friend spending $400 a month renting a room in his house. I made money doing odd jobs, from working on motorcycles, scooters, painting, and even Postmates for a brief period of time. I also wrote and published a book, Fifty-two. Normally, I do fairly well financially being in software/systems engineering. Going from that to nothing was a bit of a jump, and pinching my finances was a good experience for me. Actually, it was one of the happiest moments in my life. The dynamic life was enjoyable, but I wanted more steady income and something "autonmous".

My latest attempt at making more money was SporeStack, which unlike my first three Bitcoin accepting services, had customers in the first week. Bitcoin blogs and The Register picked up on SporeStack which helped drive interest. With all of the traffic to SporeStack and my blog, someone saw my post looking for half-time, half-pay remote work. I don't know who this person is, still to this day.

This person had me work on a project which they envisioned. Interestingly as I found what it was, I saw that it was very much along the lines of things I had imagined prior. The project was largely to kill many birds with one stone, and naturally I led in a particular direction with it. This evolved in time and I was paid to solve some of the most interesting problems I've ever heard of. Sometimes I would get an assignment that sounded like science fiction at the beginning of the week, and I had a working prototype at the end of the week. Working for an anonymous figure is confusing and took a long time for my mind to come to terms with. I've wondered many times if I've been working for a three letter agency, an crypto anarchist millionaire, or Satoshi Nakamoto, himself. I don't know if any of these are true, but the anonymous friendship has been interesting to say the least. I am very grateful for the job, especially working on something that seems so much up my alley, and more so for the push to finally do it. At different points I had accepted my fate as living a somewhat calm and collected life. This does not help push me in that direction.

I could write on and on about this in some story-esque way. This thing I've been working on has been at times a huge burden on my shoulders. And it's not just one thing, sometimes it's concepts. There's many parts to the whole that I believe are unique, powerful, and not yet tapped into.

I'll try to name the sum of the parts. Well, I guess I have some time ago. While I was a vagabond, driving across the country, working from motel room to motel room, paying for my life with Bitcoin, I just called it Vagabond Workstation. You don't have to be a vagbond to use it, but the name has stuck thus far.

It's, in a nutshell, a Linux distribution designed to enable a user to have multiple identities with zero crossover and run anonymous corporations or services. Something like that.

In other language, it's like TAILs on steroids. It's different than Qubes/Whonix, maybe inferior in some ways, though sadly I've never ran either.

SporeStack has been powered by this for some time and I've been unable to consider having anyone look at the core code without exposing the thing as a whole. So now, I open source perhaps 80% of SporeStack with this.

There's a number of innovations and ideas that make this up. I'm not sure where best to begin.

brainvault, is the tool and concept of generating as much as possible deterministically. Let's say you were kidnapped and tossed into a city on a different continent. Your online persona has been removed, your online backups, etc. You remembered one phrase. How much does that get you?

  • SSH key

  • Username

  • Email address

  • Bitmessage

  • Bitcoin wallet

  • Bitcoin cash wallet

  • Deterministic password manager

That's without storing any data. brainvault makes it easy to register with MEGA.nz and upload your home folder there, and subsequently retreiving it. I can retreive my data with one command, at least what's most important to me. I can do it from any machine with Vagabond Workstation installed.

The username generation is something I've never quite seen before. At some point, it'd be good to update it so you can provide your own username. But at the moment, you might want to try a few phrases until something sounds cool to you.

$ brainkey public ManyPasswordSuchWow
$ brainkey public ManyPasswordSuchWow1
$ brainkey public ManyPasswordSuchWow2
$ brainkey public ManyPasswordSuchWow3

I guess I don't need to get too detailed with this, but your Bitcoin wallet, public username, etc, are all derived from a heavily hashed version of your passphrase. Thus, your "password" for Bitmessage, walkingliberty, etc, is 64 hex characters and from a very intensive hash function to begin with. And if say Bitmessage was compromised, it's from a different hash than say your Bitcoin wallet, so they should be kept isolated. I would rekon that in terms of bruteforceability, brainvault-derived Bitcoin, Bitcoin Cash, Bitmessage, etc, is extremely difficult.

Now, these memory-based identities that you carry around your in your head can be deployed to any number of identity_vm's that you run on your system. They run on separate Tor processes entirely, with DNS and all traffic either dropped or pushed through the Tor network. The isolation is such that your VM should not be able to know where it is, nor if someone had root access to that VM and another of yours, they would not be able to correlate the two (other than maybe timing analysis of files, and/or management commands (which are issued with unique SSH keys)) VMs.

Which brings us to keyplease, a simple way to generate SSH keys per host. These keys are not deterministic. Let's say you wanted to launch a server on SporeStack. You could use your regular key, which allows myself and perhaps Digital Ocean or others to determine that the same user launched two different servers. Or you could have a different key per server, then replace it once you configure it with automation.

Or if you really wanted to hide your tracks, you could make the disk useless for inspection. But how do you do that? The hedron.one_time_filesystem state. gocryptfs with randomly generated keys on the most important/interesting folders and mount points. Coupled with some being tmpfs (/root, /home/user, /tmp), it makes for a server that won't come back after a reboot, but for the most part should leave no trace on disk. Whether you're trying to protect your intellectual property, protect your family photos, or keep from leaving a trace with whatever you're running, this may not be a bad idea if you can live without reboot persistence. The alternative is quite a bit more difficult, and this allows for "securing" a system from disk inspection that's already running in an easy way.

Now let's say you're sick of hitting captchas everywhere using Tor. Another innovation is using a SOCKs proxy on a clearnet VM to browse, exiting out of that VM rather than a traditional Tor exit. To improve speed, the hidden service is non-annonymous (because the service doesn't care if it's found, only the user), and security, it's a V3 service. I have been using this for well over a year, having most of my browsing go through Tor and exiting out of one of my VMs. It works really well on the whole. Obviously more for maintaining a consistent identity than general browsing where you just want to cover your tracks.

There's been a number of features and rewrites and things found not to work well, so going back to the drawing board. There's some handy utilities, like a distributed rqlite backed basic numbers database (hedron.settlers_of_cryptotan), salt wrappers, testing interfaces, etc, etc. An installed identity_vm comes with the tools needed to develop the workstation, as well.

I know I've been rambling. I think I'll write another post about the ethics of anonymity as I've thought a lot about that. For now, I hope this spreads more good in the world. Now, maybe it will be used for more evil than good. Some day, perhaps it will be one of the few ways to share free thought and participate in free markets. I hope Tor in general changes from a tool for vices to a tool for liberty. Of course, liberty is hopeless without responsibility.

If what I said did not make sense and you want to browse Tor, TAILs is probably for you. If what I said made a little bit of sense and piques your interest, maybe it's worth poking around. It's built on Debian Stretch with heavy use of SaltStack and Python. This is currently geared towards your a Tor user who knows what configuration management is, knows bash, and uses a tiling window manager.

Keep in mind, this could use a security audit. And this could be a honeypot. I'd like to write more about why I decided to put my name in association with the development of this, but that will come later.


Source of truth: http://a3dninefan3vhkhkw36cgesk4hlfzwkbj3done4iscp3na7jckrcypid.onion/




"I'm too impatient for Tor and want to be tracked": https://vagabondworkstation.github.io/