In this document we try to present the Incognito LiveCD in an easy to understand and reasonably thorough manner in hope to give the new user a crash course in what might be a completely new set of applications and concepts regarding anonymity and security on the Internet. It is quite long so you might want to not read it in one go but instead read the introduction and conclusion, as well as the sections on only those applications you intend to use with the possibility to return to it whenever you want to try something new or use it for reference. If you have experience with these applications and concepts from elsewhere and feel comfortable with the user interface in general, reading this document is maybe not necessary at all. A word of caution to all users is not to alter the network, proxy and firewall settings unless you know what you are doing – poking around with them too much might spoil the built-in defences of Incognito.
Incognito, noun:
Incognito is an open source LiveDistro based on Gentoo Linux assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet café or local library. Incognito is designed to be used from either a CD or a USB drive and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USB that you have installed Incognito on in a computer and restart it. Incognito should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run Incognito as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.
Incognito is Free Software released under the GNU/GPL (version 2).
In case you did not know, we currently find ourselves in a state of steady decline of our freedoms and privacy, with increasing levels of mass surveillance and repression all over the world (see this report from Privacy International). Without taking any precautions, your Internet service provider, the state, the police and global surveillance systems like ECHELON (which is not a conspiracy theory; see this report from the European Parliament) can record what you do online: what you read, what you write and who you communicate with. This is possible since all messages sent over the Internet contain the IP addresses of both the sender and receiver, much like an ordinary mail sent through the postal system contain addresses of both sender and receiver for two-way communication. IP addresses can easily be traced back to the physical location of the computers and their owners, and from that ultimately back to you. If you do not mind this fact, then more power to you, but if you do mind, then Incognito might be just what you need.
First of all, true anonymity is impossible. Given enough resources an attacker will get you. What one can do is to make the cost of doing that so high that it becomes infeasible. Incognito tries to do this by sending all your Internet traffic through the Tor™ network which makes your Internet traffic very hard to trace. If someone tries to trace you when you are using Incognito, the trail will stop somewhere in Tor network with the IP addresses of some of its participants, not your. Similarly, if someone tries to see destination of your traffic, they will only reach as far as some computer in the Tor network. In fact, you will be the only one knowing exactly what is going on – not even the computers in the Tor network that you send your traffic through will know the whole picture!
As at least a rudimentary understanding of Tor currently is essential for using it securely (and knowing its limits) we strongly recommend reading the Tor overview and Understanding and Using Tor – An Introduction for the Layman. At the very least you should read the following paragraphs about common misconceptions about the service offered by the Tor software:
By relaying your Internet traffic through the Tor network (which Incognito does per default) your communications should only be considered to be untraceable back to the computer you use, not encrypted or in any other way hidden. While the traffic is encrypted when it leaves your computer and when you get back your responses, it will not be so when sent between the Tor network and your destination (this is unavoidable for technical reasons). This means that an eavesdropper at some later point will be able see your traffic without Tor's encryption, but will not be able to link it back to your computer.
As such, if you are sending or receiving sensitive data whose disclosure would be damaging in itself even if it is untraceable, you need to use end-to-end encryption to hide the meaning of your data to everyone except the recipient. Examples of such sensitive information that you need to protect in this way are your real identity or other personal information linkable to you, login details and passwords, bank account or financial details, anything illegal or political, and secrets in general.
There are several tools bundled with Incognito offering end-to-end encryption for various applications: GnuPG provides with encryption for email, OTR is for instant messaging (MSN, ICQ, IRC etc.) among others. Also, bear in mind that while web browsing on sites for whom the addresses begin with "http://" the connections are not encrypted. However, web sites whose addresses start with "https://" (notice the additional s) use encrypted connections and are thus secure (many web browsers, including Firefox, also display a lock or a similar symbol in the address field or status bar indicating that the connection is secure).
Furthermore, some applications have features and services that may compromise the anonymity offered by the Tor network. All modern web browsers, such as Firefox, support JavaScript, Adobe Flash, Cookies and other services which have been shown to be able to defeat the anonymity provided by the Tor network. For instance, a web page using JavaScript can make your web browser send your real IP address to the web server hosting the web page which possibly can disclose it not only to the web server's owner but also eavesdroppers that happen to fetch the message when it is sent between the Tor network and the web server. Even if most web pages using JavaScript do not do this, it is important to be very cautious when determining which sites you allow to use these extra features. When running Firefox in Incognito all such features are handled by an extension called Torbutton which does all sorts of things to prevent the above type of attacks. But that comes at a price – since this will disable some functionality, certain sites might not work as intended.
In this section we will briefly present the main applications included in Incognito. Users are encouraged to look for further information about them elsewhere and to experiment (while not doing anything sensitive!) for their own benefit. All the pictures are clickable to get them undistorted and in full size, but note that some of the text is smudged in order to protect identities. Let us take a look at the Incognito desktop:
The graphical user interface used in Incognito is called KDE and share many fundamentals with that of Microsoft Windows, Mac OS X and most other modern operating systems, so if you have used any of them, getting used to KDE will take no time. As this document is not intended as a complete guide for KDE there are only a few things about it that we will mention here to spare you some time. First of all, in the lower left corner of the screen there is a blue button with a K in it, called the "K menu button". Pressing it opens the "K menu" where you will find short cuts to many different applications. Please explore the different categories of applications and try out those that seem interesting. If there are any KDE or system settings that you want to change, like the screen resultion or KDE's appearance, this can be done in the "Control Center", found at the first level of the K menu. Also notice that there is a category named Incognito which contains some things relevant for the user, like a short cut to this document. The Incognito category is also available from as a quick launch item, located right of the K menu button, among the short cuts to your home directory (where you store your files), Firefox and Thunderbird.
In the lower right corner you will find something referred to as the system tray, or simply systray, that has a couple of icons in it, each which offers an interface for some running application. One of them helps you keep an eye on the battery level if you run from a laptop, one allows to instantly change the keyboard layout, and one helps you control the network settings, for instance. You are encouraged to check them out, but we will say more about some of them later on in this article. You will also see a clock showing the time in UTC (Greenwich Mean Time) which might not be appropriate for your location. To make it show your local time, right-click it and choose "Show timezone" and either choose one of the timezones available there or add a new one with the "Configure timezones..." option.
Some other important things that need to be understood before proceeding are the concepts of LiveDistro, LiveCD and LiveUSB. In essence a LiveDistro is an operating system (like Windows or Mac OS X, although Incognito uses Linux) that is run from some removable media like a CD or USB memory stick. Most likely you are running Incognito from a CD, which makes it into a LiveCD, and this brings some limitations to its operation. Most importantly, since the CD is a read-only medium once it has been burned by your CD recording software no changes persist through reboots. So, if you download a file or make some application settings they will be gone once you shut-down. This is both good and bad – on the plus side, if you screw up anything or get a virus, the system will be restored once you have restarted it. But not being able to save stuff is of course inconvenient in some cases. If you find it frustrating you might want to run Incognito from and USB memory stick instead, making it into a LiveUSB. Since a USB memory stick is writeable medium it is possible to make it so that the changes persist through reboots. You can read more about this and its implications later in this walkthrough.
The name is quite self-explanatory – this is what you should use manage your network, which usually only consists of establishing an Internet connection. In many cases this is done more or less automatically. For example, if you are connected with wire NetworkManager will try to obtain network access automatically. If you are using a wireless connection you are basically two clicks away. First Right-click its icon in the systray to summon this menu:
All wireless networks your computer is picking up are listed there, as are all wired networks you have access to (usually one per wire), so the second click is used for choosing any one of these. If the network is protected you will be prompted for a password. There are other options too, e.g. for dial-up connections and setting up VPNs although these will require further set-up in the "Options -> Configure..." section. Hopefully all your networking needs will be satisfied using this interface.
TorK is an anonymity manager. Basically this means that it can be used to control Tor, and is used here as an alternative to which some of you might be familiar with (Vidalia is also included in Incognito if you prefer it to TorK). But TorK can do a few more things than just control Tor, one which is evident from the following picture of its main window:
The "Anonymous Email" entry is pretty interesting. Pressing the envelope icon will open a window which makes it possible to send anonymous email. Besides first routing the mail through the Tor network, it will also be routed through the Mixminion network, which offers even greater anonymity than the Tor network, at least in theory. In practice the Mixminion network is a bit too small for offering much anonymity, but that extra layer of indirection will probably not hurt. Also, notice that this is one-way only, so the recipient cannot answer unless you specify a response address or some other means of reaching you in your message. Of course, that could defeat the whole purpose of sending email anonymously. If you want the recipient to be able to answer you by attaching a response address you should consider encrypting the message. TorK does not offer an interface to GnuPG, so you will have to do the encryption manually, perhaps with PGP (KPGP might be suitable for this).
Next we will have a look at the "Tor Network" tab:
In here, all the Tor nodes in the Tor network are listed, as are all your circuits and connections that go through the Tor network. All this requires a bit of technical knowledge of how Tor works in order to understand and use, but it is not at all necessary. From the connection listing it should at least be relatively easy for you to see which exit node and country it appears your connections come from.
One very useful thing when working with Tor is the following option, found in the TorK menu that you get by right-clicking its systray icon:
The selected "Change Identity" option will tear down all you current circuits and build new ones which means that the set of computers you route your Internet traffic through will exchanged by some others. This is very useful if you experience bad performance or even time-outs accessing some Internet resource as you might have better luck with the new circuits that are built. Also, if you ever want to make sure that one thing you are doing will not be linkable to the next thing you are going to do you should use this feature.
TorK also makes it easy to use some of the Tor Network's more advanced features. For example, if you switch back to the "Anonymize" tab you will find an entry for "Anonymous Websites and Web Services" which allows you to set up hidden services by clicking its icon (an English style police hat). Another feature that might be useful when you are using Incognito from a restrictive network can be found in "Settings menu -> Configure TorK -> Firewall/Censor evasion". This makes it possible to use bridges as entry points to the Tor network in order to circumvent censorship systems that blocks normal access to the Tor network, intentially or not.
Lastly TorK will assist you setting up yourself as a Tor server, helping out the Tor Network by relaying other people's traffic. You also have the possibility to act as an exit node, which means that other Tor users' traffic will exit in the clear from your computer. You should really think through if you want to do the latter (act as an exit node) as your ISP might start sending you complaints for other people's file sharing traffic that happens to exit from you, and potentially even worse things that might attract the attention of the police. But simply relaying traffic is completely safe and will only cost you some bandwidth (how much can be configured). However, at the same time you will get more anonymity – it will be impossible for eavesdroppers to distinguish the Tor traffic you are relaying from your own traffic generated by web browsing etc. So if you have bandwidth to spare, you might want to consider doing this.
In order to succeed with setting up a relay you might have to do something about your firewall or router if you have one, like enable port-forwarding for ports 9001 and 9030 – if you do not know what this is or how to do it you should either look it up on with favourite search engine or simply skip it. The next step would be to actually enable it in TorK, which only requires a few clicks. First press the button with a plus icon called "More options" which will make a few more buttons and options appear. One of them says "Run as a server" when you hover the mouse cursor above it. Simply click it and choose "Relay Tor traffic" and follow the instructions. After that you will just have to wait for half an hour or so before the connections start rushing in. Due to this delay and some technical reasons it is best if you only act as a Tor server if you run from USB as that will speed things up a little next time and also spare you of the time taken to set-up the server.
Given Mozilla Firefox's recent surge in popularity many of you have probably used it before. Its user interface is like any other modern web browser, but there are a few things we want to mention, some that is special with this particular installation. Do you remember what we said earlier about end-to-end encryption and its importance while using Tor? Here is how it looks in Firefox when you are using a secure, end-to-end encrypted connection:
Notice the locks in the status bar and address bar (the latter which also has turned yellowish) and that the address begins with "https://" – these are the indicators that a secure connection using SSL is being used. You should try to only use services that use secure connections when you are required to send sensitive information (like passwords), otherwise its very easy for an eavesdropper to steal whatever information you are sending. In this case what we are trying to do is logging in on an email account at lavabit, using their webmail interface. Let us proceed with logging in there so we can se how it is possible to send end-to-end encrypted email with any webmail service out there with the nifty FireGPG extension:
Here we have written a silly email to Bob, mentioning stuff like "public" and "private" keys. If you do not know what this means but are interested in sending encrypted email, we suggest you take yourself some time and read up on public key cryptography and PGP just to get the basic concepts.
What we will do next is first selecting all of the text in the message (by using the mouse or simply pressing Ctrl + A) and then right-clicking somewhere on the selected text. This will make the usual Firefox context menu appear, which has a FireGPG entry that we are interested in. Clicking it will expand the following menu:
In the menu we choose "Sign and encrypt" and we get a dialogue asking us to select the public key to encrypt it with (Bob's) and the private key to sign it with (your). After doing this the message is only readable by Bob, and in addition Bob will be able to verify that the message was in fact written by you. The signed and encrypted text will look something like this:
At this stage we are ready to press send. When Bob receives this email he can also use FireGPG to decrypt it in a very similar way – he will just have to select the encrypted message and then use the FireGPG menu to choose "Verify" or "Decrypt", or both. This can be done with any so called PGP block. There is one important limitation in FireGPG, though. It cannot generate new keys, so you will have to use another application for that. We recommend using the GNU Privacy Assistant, found under the "Utilities" section of the K menu, or KPGP, found in the "Utilities -> PIM" section.
Returning to web browsing again we need to do something about the problems with JavaScript, cookies and Adobe Flash that you might remember from an earlier section. To deal with these problems we use an extension called Torbutton which is specifically designed for dealing with them (and other things) for Firefox in combination with Tor. Torbutton can be either switched on or off, indicated by "Tor enabled" and "Tor disabled" in the Firefox status bar in the bottom right of its window. It should be noted that these labels are a bit misleading for Incognito users as Tor cannot be switched off. So, in our case "Tor enabled" means that Torbutton will disable a lot of stuff that could harm anonymity, and "Tor disabled" simply means that you only get Tor and no additional protection. As such, you should only disable Torbutton for sites that you trust.
But why would you ever disable Torbutton? Well, while it is enabled some sites might not work as you expect them to since certain features are disabled or will behave differently. For example, the popular video service youtube will not work properly as you can see here when we are trying to watch this clip:
In order to get the video player to show up, we will have to disable Torbutton by clicking its panel in the Firefox status bar. Normally this would disable the use of Tor completely, but as we have mentioned earlier, nothing escapes Tor while running Incognito so your connection will still be anonymized. However, you will have to trust that Google (the current owner of youtube) is not doing anything fishy with all their JavaScripts, the Flash-based video player etc. that could break your anonymity.
After disabling Torbutton we can finally learn how onion routing (the technique used by the Tor network) works from the guys in the TV series Numb3rs!
If you are reading this document as a local file in Incognito (which is the case if the address begins with file://) you might have noticed that all links that point outside of this document do not work. This is also due to Torbutton since it is possible for others to steal any file from you otherwise. In order to visit them you will need to disable Torbutton and reload the page in a new tab. Indeed there are a few more oddities related to toggling Torbutton on and off. If a web site does not work as expected after toggling Torbutton you might have to do any of the following to get it to work:
This is a security feature, also used for separating the different states in Firefox, which otherwise could lead to trouble (arguably a bit less so for Incognito users).
As we hope you understand by know, there are reasons for all these quirks, and while they might be annoying we hope you will learn to cope with them. If not, feel free to disable Torbutton and never use it again, but in that case you should expect much less anonymity and security. There have been several demonstration of uncovering the true identities of Firefox users using Tor, but to the authors' knowledge Torbutton protects you against all of them.
There is also another web browser installed, namely KDE's Konqueror which we will deal with later on in this article, although for other uses than web browsing. We encourage you not to use Konqueror for web browsing, not because it is a bad web browser, but simply because there is no Torbutton or equivalent functionality for it. When possible (which should be always) you should use Firefox and Torbutton for your web browsing unless you really know what you are doing.
Not everyone is happy using webmail (like the authors) but want to use a real email client instead of some fragile web-based interface. For that we have included Mozilla Thunderbird which looks like this:
Composing email looks like this:
Notice that there are buttons for PGP encryption in both of the above windows (labelled with "Decrypt" and "OpenPGP"). These are provided by the Enigmail extension, and pressing any of them for the first time will start a guide for setting up PGP, possibly generating new keys if you do not have any. Their web site is a great resource for learning how PGP encryption works so make sure to check it out.
Setting up your email account requires a tiny amount of knowledge, like what POP, IMAP and SMTP is, and indeed that your email service supports these. This step-by-step guide might be useful. However, this initial configuration requires writing down the addresses of the servers involved, downloading mail, etc. which will take some time. It is a bit annoying to have to redo everytime you start Incognito, which is necessary when running from a CD, so you might want to consider using a persistent home directory by running from USB if you plan to use Thunderbird often. One more thing to consider is that Tor exit nodes usually block the plaintext SMTP port (25) in order to prevent spam. This is easily fixed by enabling end-to-end encryption with the email server through SSL, which you should do any way for all of POP, IMAP and SMTP as your password otherwise will be sent in plaintext.
Konqueror is KDE's file manager, (S)FTP client, web browser and more and it looks like this while in file managing mode:
As we already have mentioned, we recommend that you do your web browsing in Firefox instead since there is nothing like Torbutton for Konqueror. If you really want to use Konqueror you should make sure to disable all plugins, JavaScript and cookies in order to expect some anonymity, but even then Firefox and Torbutton is probably both a more secure and usable alternative. There are no problems using Konqueror for file managing or as an FTP client however. In the latter case, just enter "ftp://" followed by the address to the FTP server in order to connect, and the same applies for SFTP although you prepend "sftp://" to the address instead.
For instant messaging Incognito includes the Pidgin Instant Messenger. It is a multi-protocol client, so you can run MSN, ICQ, IRC, AIM, Jabber and many other protocols at the same time, even with several instances of the same protocol. See the following picture for a Pidgin user with three different protocols enabled at the same time:
Of course the issue of end-to-end encryption arises again. As we mentioned earlier, we have Off-the-record messaging (commonly called OTR) for instant messaging, and Pidgin and many other instant messengers have support for that. There are several resources on how it works and how to use it on their web site. Basically all you need to do is choose "Start private conversation" in the OTR menu and a key will be generated automatically if you do not have one already. After that OTR will establish a private conversation if the other end's instant messenger supports it. This is will look something like this:
OTR and other Pidgin plugins are enabled in the "Tools menu -> Plug-ins" section. Simply check the appropriate box for enabling any plugin you want, and possibly you might also want to configure it by pressing the "Configure Plug-in" button. When this is done for the OTR plugin a window that can be used to manage your keys will be opened. The use of OTR is recommended as many instant messaging protocols normally send your messages in plaintext. Force your friends to migrate to clients with support for OTR!
There are several other interesting security or Internet related applications included in Incognito some which we list and present briefly here. Those that have graphical user interfaces (which most do) can be found in the K menu.
If you paid attention when you started up Incognito you may have noticed an odd option in the language selection menu, namely the "Enable MAC changer" entry. Some further explanation is probably required in order to understand whether this is relevant for you or not.
First of all, you should know that all network cards, both wired and wireless, have a unique identifier stored in them called their MAC address. This address is actually used to address your computer on the local network, but it will never get out on the Internet so people can not use it to trace you. However, other computers on the network could log it which then would provide proof that your computer have been connected to it. As such, this is not a concern if you are using Incognito with your home Internet connection as that can be linked to you any way, but if you are connecting your computer to an untrusted, public wireless network you might consider enabling it. It is never useful enabling this option if you are using a public computer – only use this if you are using a computer that can be linked to you on a public network.
The reason why this is not always enabled is that is might cause problems on some networks, so if you experience network problems while it is enabled you might want try disabling it.
Running Incognito from a CD has its virtues but it certainly also have its limitations. While CDs are portable they usually do not fit in your pocket in a comfortable manner. But a USB memory stick certainly fits any pocket or your key ring. In addition, CDs are read-only and thus no data can be saved to them, but that is, again, not the case with USB memory sticks. However, storing sensitive data on a USB memory stick could be dangerous if it got into the wrong hands. Similarly, if we get a virus or manages to damage the system in other ways, the system is tainted or unusable from that point and all consecutive boots, either with or without your knowledge. Clearly that is not good.
It is actually possible to get the best out of these two worlds at the same time. When running Incognito from a USB memory stick you have the option to create an encrypted container wherein your home directory is stored so that any files stored and settings made are saved persistently. If you use a good password this deals with the dangers of storing sensitive data on it. But what about virus threats and the like? Well, when running from a USB memory stick, the system files are still set up to not be persistently writeable. It is only your home directory which will be persistent.
In order to get Incognito running on USB you currently have to get the usual LiveCD installation first. Once Incognito has started up from CD you will find a short cut to an installation guide in the "Incognito" section of the K menu, aptly called "Install Incognito to USB". The guide will tell you about your options and is self contained, and in most cases you only need to insert a USB memory stick and hit the OK button to get it done. Then you restart the computer without the CD in, but with the USB memory stick connected instead. Incognito will start to boot just like from the CD but at a certain point a guide will start asking about if you want a persistent home directory or not. The encryption we mentioned earlier is optional but definitely recommended.
The encryption is protected with a password, so it is very important to choose a strong password. But what is a strong password? Of course, there are many different opinions on that. What can be said is that to utilize the encryption algorithm used to its full extent you will need a password consisting of 40 randomly chosen characters of those available on the standard (western) keyboard layout, which have around 90 different characters. Such a password should remain uncrackable for the remainder of this universe's life span and the same goes for the actual encryption. Of course, such a password is almost impossible to memorize, so you will probably have to go for something shorter. 20 random characters is probably more than enough. It can also help to device mnemonics to help remember them but stay away from dictionary words of any language you know. Be creative! If you need help with generating the passwords you should check out KeePassX's built-in password generator.
What happens if the police knocks on your door when you are running Incognito? This is a tough one to deal with, and there is not that much that can be done actually. If you are really unlucky they have brought with them freeze spray and other equipment which can be used to mount a cold boot attack. This is done in order to get the contents of your RAM. Due to how modern computing works, basically everything that you have been doing for a good whike is stored in the RAM, so all information – including passwords, encryption keys and the secret plans you wrote in a text editor but then erased – may be stored in it in plain text. The more resent the activity, the more likely it is that it is still in the RAM.
RAM is usually considered to be extremely volatile, meaning that the data it stores starts to disintegrate rapidly once power is removed. However, it has been shown that the data might be recoverable for seconds or even minutes after this happens, and apparently freeze spray can be used to increase that period significantly. Once the power is restored the RAM state will keep getting refreshed, so if the power supply is portable the removed RAM modules' contents are in the hands of the attacker. Alternatively the computer can simply be reset (i.e. switched off and back on quickly), which barely even affects the power. Then a tiny LiveCD system is loaded with the ability to dump the RAM to some writeable media. In both cases the RAM contents can be analysed in a computer forensics laboratory which might turn into a major disaster depending on what they find.
So, what should you do when you hear them knocking? You should calmly make a clean shut-down of Incognito using the "Log out" option in the K menu, then selecting "Turn off computer" in the window that appears. Then you wait, possibly trying to buy valuable time by barricading your door. The reason for this is that one of the last things Incognito does before shutting down completely is filling the RAM with random junk, thus erasing everything that was stored there before. Unfortunately this might take a couple of minutes depending on the speed of your processor and the amount of RAM installed, so while this clearly is not a perfect solution it seems it might be the best thing to do.
In general this is of equal concern to both CD and USB users, but there is one exception. If you run from USB and use an encrypted home partition you are not safe any longer. The key will be stored in RAM if you did not have time to shut-down Incognito cleanly. As such, a cold boot attack against a system with mounted encrypted partitions is very severe as it likely gives the attackers access to all data stored on them.
As far as the authors know cold boot attacks are not standard procedure within law enforcements and similar organisations anywhere in the world yet, but it might still be good to be prepared and stay on the safe side.
Certain users might not want to restart the computer every time they wish to use the Internet anonymously withIncognito. For those, a so called virtual machine can be used to run Incognito inside the "host" operating system installed on the computer (e.g. Microsoft Windows, Mac OS X, etc.). Essentially these programs emulate real computers that you can run "guest" operating systems (in this case Incognito) in so they appear in a window within the host operating system. Using one of these technologies allows for convenient access to Incognito's features in a protected environment while you at the same time have access to your normal operation system.
There are a few security issues with this approach though. The main issue is if the host operating system is compromised with a software keylogger or virus, which Incognito does not provide any protection against (in fact, that is impossible). Secondly, performance is a usually a bit worse compared to running it on its own. As such, this is only recommended when the other alternative is not an option or when you are absolutely sure that your host system is clean. Additionally, some of these virtual machines are closed-source, so it is very difficult to determine if they do something that could break Incognito's security. In conclusion, use virtual machines with care.
The open source QEMU processor emulator and virtualizer handles Incognito nicely. In fact, QEMU is included in the Incognito distribution for Microsoft Windows users (more about this below). In order to start it from the command-line, simply type something like:
qemu -usb -soundhw sb16 -localtime -boot d -cdrom /path/to/incognito.iso
If you have severe performance problems you should look into KQEMU which is an accelerator module for QEMU, granting a more direct access to the systems hardware for additional speed. You will most likely need administrator privileges for installing KQEMU.
Incognito works very well in VMWare with the following VMWare Virtual Appliance (signature) devised by the Incognito developers. Simply unzip the file and follow the provided instructions in README.txt which is provided with the archive. The free (as in beer) VMWare Player might be useful for this. In order to get good performance you will probably need administrator privileges when you install VMWare. Note that VMWare is closed source, so it might be hard to determine of it does anything that is bad for anonymity, although it is unlikely.
Unfortunately Incognito does not work perfectly in VirtualBox yet, but we are working on it. That is not to say it does not work at all, just that you will have to tweak it a little. All will go well until the X server is starting, as it will fail due to problems with the auto-detected graphics driver. For some reason the correct driver is not detected, so when you get to the console you will have to change the graphics driver used in /etc/X11/xorg.conf to "vboxvideo", and then run the following command:
/etc/init.d/xdm restart
in order to restart the X server with the new driver in place. Of course, it is unacceptable to have to do this procedure at every startup (but this can be mitigated by making a snapshot of the VM state when you have fixed this), so this is only for testing purposes. Hopefully this will be fixed in a future release.
Thanks to QEMU, presented above, Incognito can be run within Microsoft Windows without the need to restart the computer. QEMU ships with Incognito, and is set up so you only have to insert the media when Windows is running and a menu should appear with the option to start Incognito through it. This is especially useful when you are using a computer you are not allowed to shut-down, which can be the case for public computers in certain Internet cafés or libraries. Also, for some some general remarks on QEMU and Incognito, and some security concerns about this mode of operation, see the above section on Incognito and Virtualization.
Since the Incognito developers do not have access to any Windows computers at the moment, any input if this actually works and how it performs etc. is welcome.
By offering you Incognito we hope that you have the technological means to stay anonymous on the Internet. However, we want to emphasize that staying anonymous is not only a technological problem – there is no tool, including Incognito and Tor, that will magically make you anonymous on the Internet. You will have to behave as well. While deep technical knowledge of the architecture of the Internet, cryptology, traffic analysis techniques and the applications you use certainly can help (mainly by knowing what not to do), we believe that some good ol' fashioned common sense and caution will be enough in most cases. Among other things, that includes:
Also, please try to follow the instructions given by security tools as much to the letter as possible. There are situations where one can be creative or improvise solutions, but you should really try to learn when that is appropriate before you do it. For instance, when using PGP encryption you are often asked to verify the authenticity of any new public key that you have just got. If you do not do this it is possible that you are using a compromised key sent by an attacker performing a man-in-the-middle attack. Usually the authentication works by presenting you with the key's so called fingerprint, which is a unique identifier for that key that cannot be faked. Verification should then be done by asking you friend to send you the fingerprint through some safe channel, which could be anything from telling it by telephone or VoiP (which is hard for an attacker to manipulate on the fly) or even face-to-face (but hen you can exchange the actual keys securely instead), and then making sure that they are the same. Assuming the channel is safe the fingerprint sent by your friend and the one you get from the key should be identical, otherwise something is wrong.
The above authentication methods are of course not always possible, but here is one of those places you can be creative. For example, you could send the fingerprint hidden in an innocent looking image by some means, although this is admittedly not bulletproof. You could make this method a bit safer by first sending the picture to your unknowing recipient and telling him or her how the fingerprint is hidden when you know that it has been received. Additionally, these kinds of tricky exchanges are always better to make over interactive communication channels such as IRC or with instant messaging since that will decrease the window of opportunity for any eavesdropper to interfere. Email is not very suitable as delays are long which gives the attacker ample time to act. An alternative authentication method to fingerprints, used by OTR, is to simply ask both parties of a shared secret that both should know. In this case, do not choose just anything – if someone is watching you they probably know which high school you went to, the size of your shoes and similar facts.
This is probably the place where we are expected to wish you good luck, but we will not. Relying on luck simply is not good practice in these situations. Stay cool and be smart! Thanks for you time!
The Tor™ trademark and the Tor Onion Logo are trademarks of The Tor Project.