The Vespiary

Site => Harm Reduction Resources => Topic started by: g1ng3rbr34d_m4n on November 20, 2014, 11:26:31 AM

Title: SWIM
Post by: g1ng3rbr34d_m4n on November 20, 2014, 11:26:31 AM
SWIM has been thinking about this for a while now, wondered if any bees can shed light.

Suppose shit were to hit a fan somewhere, and Johnny Law started digging up all the posts from a bee's history that could potentially prove the bee was engaging in illegal activity.   The bee was cautious,  SWIMming like everyone has told them to, so the bee thinks they're safe. 

SWIM's opinion is that there is NO chance in hell that using SWIM would stand up in court.   Especially since everyone knows what the deal is.

So does anyone know if SWIMmming actually works?
Title: Re: SWIM
Post by: fractal on November 20, 2014, 11:44:05 AM
No it doesn't, that's why it's against the rules here and basically everywhere else this topic is discussed.
Title: Re: SWIM
Post by: Vesp on November 20, 2014, 01:08:28 PM
It's so asinine.
Review the rules here:

If one wants to be anonymous they need to write differently to avoid stylometric analysis,  understand EXIF data and properly remove it from all images and other content posted, use Tor over VPS or while possibly using public/open wifi use fake emails, and many other things, like abandoning accounts if they have possibly have been compromised.

using SWIM isn't going to stop anyone from going to jail. They don't go after someone until they have an excellent case against them. For instance silkroad 2.0 was infiltrated by the FBI since day 1 before taking down exactly a year later, on its anniversary. Think if Blake Benthall used a different name it would have made any  difference considering his shitty OpSec?

The key is to either not become a target/a target worth their time, or be really really good at it. So far I think everyone here is in the first half; not a target, or not a target worth worrying about.

It is truly rare that someone would have good OpSec - humans are inherently optimistic and think they will strike it rich and never get caught and because of this disposition they more often than not fuck up somehow - by using their real email to run silkroad or something along those lines.

Image: Blake Benthall showing how to "swim"
Title: Re: SWIM
Post by: g1ng3rbr34d_m4n on November 20, 2014, 01:24:34 PM
Good, I always thought it looked retarded.

Title: Re: SWIM
Post by: Vesp on November 20, 2014, 02:54:48 PM
You use it a lot though.
Title: Re: SWIM
Post by: g1ng3rbr34d_m4n on November 20, 2014, 04:28:43 PM
Its one of those just in case things, I guess...
Title: Re: SWIM
Post by: Tungsten.Chromium on November 28, 2014, 09:35:40 AM
Vesp put it very well.  Basically there's no one magic way to stay anonymous online, and even when you take all the precautions, there is still no guarantee.

Writing differently (professionally & from an anonymous point of view) won't save you, but I would think it would definitely be more helpful then SWIM or one of SWIM's derivatives.  Example:
In order to remove the H2O(water) from C3H6O(acetone) and make the solvent anhydrous, MgSO4 is used as a desiccant.  MgSO4 heptahydrate was spread in a fine layer over a baking tray evenly and then set in the oven for 4 hours at 477K.  When removed from the oven, the anhydrous MgSO4 was now a brittle white chalky solid piece. 
You should spread out some epsom salts on a cookie sheet and cook them in the oven on high for a few hours, thats the way SWIM does it.

Another point made was EXIF data, which are extra details about an imagine file that can reveal personal information.  I don't know a whole lot about this, but in order to remove this(or most of) the information, right click on the image(s) an select properties.  Go to the details tab and there will be a button at the bottom that says, "Remove Properties and Personal Information."  Click it, and when the new box pop's up select," remove the following properties from this file:", click the select all button, and hit OK. 
I don't know if this will erase all EXIF data, but it seems to clear out most of it.

Using Tor alongside a VPS is much much better then browsing in plain old Firefox and provides a much greater level of security/privacy on the internet, but just like Blake Benthall, if you become high enough of a target, law enforcement will use more an more resources until they get you.  Using public wifi is preferred, but IMO, if they get down to the WiFi you were using, I don't know if using a public one will help a lot, maybe buy you a little more time.

If your not at least using a fake email, then you need to start learning the basics on the internet before posting all over a forum like this, everyone I know has a few email accounts.  One main account and usually 2+ junk email/fake ones.  Making email accounts is the easiest part, knowing if they're compromised can be difficult, you just need to keep a very close eye out for something that doesn't seem right.  This is similar to when someone selling illegal drugs decided to get a new phone, new car, new place, etc.  Chances are that if someone manages to get into your account or is watching you, then they'll be careful not to leave any trace.  I recommend just getting a new one every so often, like changing a password.

All in all, your best bet is what Vesp said, don't make yourself a target worth their time.  The more knowledgeable and experienced you become, the tougher this will probably get.  Law enforcement will most likely go after who is popular, knows everything, and does large scale operations rather then track down a million newbees
Title: Re: SWIM
Post by: coolbruh on June 16, 2015, 03:20:15 AM
One definitely should be thinking about opsec from day 1. If you hadn't been, you may want to burn your nym/associated emails, smash/grind your hdd (why are you even using a hdd, and not tails flash/optical,?) learn some shit, then start poking around. There's no do-over, no delete, no room for error if you really want to retain anonymity, and minimize the shit that could come back to bite you in the ass in the future. Vesp is right about not making yourself a big enough target.  That's the only reason so many get by with as sloppy as they are. That's not to say if you had a CD, or got your door kicked in that they wouldn't image your hdd, analyze your data and your network traffic, and use all of that to build a case.

Swimming is the most retarded shit ever and I'm glad that it is on its way out.. Though there will always be remnants from noobs that hit certain clearnet boards..

Sorry for necro on old ass thread but I dig opsec concerns, and if there is a chance someone would take what is said here seriously, or come across it because of the bump it may help someone avoid reasonable suspicion.

Compartmentalize everything. Don't mix your tails session with doing other shit.
Use PGP.
Understand PGP will likely be broke one day.
Understand they look for patterns in everything. Even the times you post, or may be sleeping, they could find out your time zone.
Don't get lazy and complacent.
Stay up to date on news regarding opsec, you don't want to get caught with your pants down using software that needs an patch.
Lock your devices, if you have to store data learn how to bury containers and buy yourself some plausible deniability.

Good luck
Title: Re: SWIM
Post by: Lipbalm on June 16, 2015, 04:36:16 AM
When i used to be a businessman I was a ghost. I did not have one friend, my family didn't know where I was or how to get a hold of me, I never posted or even visited the forums, I used throw away encrypted computers bought with cash, I moved around a lot, I knew the law very well and knew what type of criminal liability I was exposed to at all times, i paid with cash for all my living places, and most of all i was prepared for the terrible consequences (high reward is high risk). Exercising good opsec is a very lonely existence. I do not see how an extrovert could be good at running illegal operations. And I never noticed any real overwhelming stress or anxiety at first but I noticed overtime you end up succumbing to it as if it starts beating down your defenses from day 1 without you even noticing. I no longer can conduct illegal business. Somewhere along the way my body and mind just could not handle the stress which surprised me. So I have recently got it. Illegal shit seems to be for the young and reckless, or at least it seems that way as I get older.
Title: Re: SWIM
Post by: Vesp on June 16, 2015, 06:58:30 AM
I feel like if they can find 5 instances of you being a 1/100 person, they've found you. Stylometric analysis, time when you've logged on, and a few other things get you mostly there.
Title: Re: SWIM
Post by: cleric on August 07, 2015, 07:23:41 AM
Lol, and i thought swimmin is a rule here, like on that harm So 'my monkey cooks meth' is no longer necessary...?    The truth is, even if you login on this forum thru tor and other 'protection' proggys, if you represent a danger they can still trace your ass... Public forums can be traced back to you, even if you use ip cloaks and useless shit like that... If it's public (not on the darknet) it can be traced.                   People have been traced on the darknet too...                                       Someone in this thread said that using datasticks, cds etc. Would be better... Yes it can help, because of no physical evidence but, when you use a datastick, a camera etc the some of the info you delete on the img/txt you have stored will still be present and uploaded along with the file on the board...     I think the best bet would be encryption of the file...  ?
Title: Re: SWIM
Post by: cleric on August 07, 2015, 07:29:49 AM
Or use linux