If anybody has the time, I have some questions about what I need to do (e.g: dom0/special admin VM).
Any & all help is very much appreciated.
actually, a good project,
hopefully, can be an additional option for solution.
if I understand it correctly,
so the purpose of flexi-chains / proxychains, is to cover the flaw in Tor.
but If we use Tor, on top of Whonix, can it replace the flaw ?
1 Like
THe comparison of flexi-chains to proxychains: as an ‘advanced proxychains’ is more apt. than ‘cover the flaw in TOR’.
The point is, it’s giving you the control: hence ‘flexi’ ‘chains’.
TOR on whonix is still TOR, if you’re thinking purely in terms of the network-layer.
Let me elaborate. Proxychains limits you to socks/https, etc.
flexi-chains let’s you choose ANY protocol (current plan is to piggyback off-of glider).
fliex-chains lets you use any guardVM (e.g. minimal debian firewall, IPS, etc).
You can add multiple configs to a tunnel link and set the setting to rotate(random,minutes,10,20) and every 10-20 minutes that link will reboot and a new config (from the ones you added) will be loaded. SO you could add a vpn and a proxy config, respectively, as the last link in the chain - so any adversary is just really confused.
Does that make more sense? @newbie Apologies in advance if I’ve just made things more complicated.
1 Like
nope, it does make sense, all things have different complicacy.
hmm, apologies in advance, it looks like beyond my capacity.
but, thanks in advance, for initiating this kind of project.
i thought, web browser communicates via https protocol only,
but maybe, other software communicates via different protocol, i.e. ftp, etc
i am not sure, maybe different OSI layer has different protocol,
and flexi-chains can randomize setting, for every specific times,
it’s good, it can randomize proxy and vpn, let’s say every 10 minutes,
but it also randomize protocol ? or for protocol we can choose only,
hmm, what if it gives us ftp, while we need http, and vice versa,
also it looks like, it has not considered browser fingerprint,
also, software that using specific protocol, may have software fingerprint,
also it looks like, cannot solve my case , since definitely cannot block / remove NSA-tier backdoor.
do you have any project, that can block / remove NSA-tier backdoor ?
Don’t underestimate yourself.
firefox/chrome can use many different protocols, not just https.
A link can be one of either: a tunnel or a guard.
A tunnel is the type which forwards/proxies/VPNs/TORs/etc traffic - hence ‘tunnel’.
A tunnel has a ‘mode’ (i.e. static/reboot/rotate-[between configs]), as I explained earlier.
You can set config(s): hence you can have multiple configurations.
Within the configuration you can choose the protocol.
Now, what is interesting with V0, is that (when released), given I am currently planning to use glider, you could technically create a chain with one config.
That aside, (sorry if I complicated things again), the point is if you select rotate(random,minutes,10,20) as the ‘mode’ for your tunnel - link 1, and you have 2 configuration files, one of them we’ll call: VPN, the other: proxy - every 10-20 minutes that tunnel VM, link 1, would restart, so if it was previously on VPN it would switch to proxy, if it was previously on proxy, it would switch to VPN.
So it’s up to you if you switch the protocol. WHich would happen in the above case if your proxy was https, for instance, and your VPN was wireguard, for instance.
CHeck out the link I posted, (r/e glider), that’s the current plan for the supported protocols for V0.
If you checkout the roadmap (link on the github page), you’ll see that this has been factored in for a release Far In The Future. If you read the long-feature-list.md you will see the why says: this is a pivotal step to something approaching true anonymity. (e.g: super cool browser plugins :P).
I was not joking about the whole google-keep metaphor. I agree with you 100%, security is all about privacy. The only true privacy is in your head. However, you can use your computer securely (i.e. in a privacy respecting manner), even if it has been ‘compromised’. You just have to ensure what you do is done in a way that you understand, and your adversary doesn’t - does that make sense to you @newbie ?
Apoligies if the above are poor explanations.
I was not joking about the whole google-keep metaphor. I agree with you 100%, security is all about privacy.
hmm, actually I don’t really understand about the metaphor,
it feels like, it has multi-interpretation.
Apology if I have wrong interpretation.
You just have to ensure what you do is done in a way that you understand, and your adversary doesn’t
so, related to NSA-tier backdoor, for example ?
Yes. I think I may be explaining this poorly, how can I be more helpful to you?
Assuming that you understand the following assumptions:
You are only as strong as your weakest link
Hence, the strongest your achile’s heel (weakest link) is, the more difficult it is for an attacker, e.g: a bad NSA.
My point about google keep is this:
It’s all very well somebody attacking what /they/ may think your weakpoint is - let’s say a BIOS/firmware backdoor - that is, they’ve got root access over dom0 (for example).
However, if when they get inside dom0 they discover you are writing things such as ‘must send a cake to mount everest via teletubby’ - being inside dom0 isn’t really pwnage (owning you/your privacy/compromising your security) is it?
For instance, the above to me would mean, in my head:
Message Edward Snowden via Telegram to say happy birthday.
Is this making more sense @newbie ?
Again, I apologise if it doesn’t - just let me know.
i see, you mean, we can write data as disinformation,
which mean, only the writer can interpret.
hmm, yes, i think it works, only if we have few data,
but maybe, for writer, journalist, with huge writing data,
i could not remember, much information, and disinformation in my head,
that’s why we need notes, or laptop.
or maybe during writing email, or graphic designer, interior designer, architect,
also cannot disinformation.
but, thank you for your advice,
apology for keep reasoning.
That is what I mean, yes.
For somebody in such a situation, who for example had an NSA firmware-backdoor, it is best to assume that this information has been accessed already by the NSA. If they had logs I would recommend they check them.
Sometimes attacks cannot be prevented (because nobody has unlimited time to secure their computers). So, this is why I would always recommend a non-networked, passive logging system. That way you can try and discover when and how the attacker gained entry, thus identifying what exploit they used/how you are vulnerable - such that it cannot happen again.
Is this more helpful to you? @newbie
i apologize, i think our discussion, has made your thread out of context,
a non-networked, passive logging system
what kind of logging system it is ? any software / system name ?
Don’t worry about it, I’ve made more mess than anybody here.
Just make sure on this thread discussion is strictly relevant to flexi-chains.
I suggest you start here.
Sorry to be blunt, I have got other things to do.
I have tagged @deeplow on a thread linked where I’ve indicated to split (sry again deeplow - but also thankyou 
1 Like
okay, thanks in advance 
Let’s get this party started!!
I very much look forward to this. Will you have install and basic setup routines to help use out in doing “flex-chains”?
I have given it a star to look at later, thanks for the info.
Should I be looking at this as an alternative to glide?
EDIT:
Can you clarify, is the v2ray link you posted deprecated for v2fly/v2ray? I’m confused 
v2ray/v2fly/Project V confused me
it 404 now
Edit:the link is GitHub - nadoo/glider: glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
1 Like
Typo, sorry.
1 Like
Important UPDATE:
Flexi-chains is set to be adopted by a super-duper awesome new company I am launching very soon.
I will keep everyone posted.
And also, thanks everyone for your feedback & support - I really appreciate it all!
1 Like
You might need to take an introductory course to Information Security (@newbie might be interested too). Privacy (Confidentiality) is only one of the pillars of security. Also, hoping that your adversary won’t understand what you are doing, and hoping that will protect you, is called “security by obscurity” and doesn’t last for very long, if at all.
1 Like