OK, stealth is the only option. The first requirement is a safe place for communicating, researching, and downloading stuff. Doing that on a compromised machine is most likely pointless. I know nothing about parental monitoring software. But one could get a good sense of its universe from searching.[0] Task Manager shows what's running, but Process Explorer is much more informative.[1] It doesn't require installation, or admin rights to run, and one can run it from a USB flash drive. Its use will be logged, of course, but at least it won't show up as an installed program. Right click on processes of interest, and select Properties. The Environment tab shows where logs etc might be found. The TCP/IP tab shows network activity and remote IPs/hosts. If there is stuff that requires admin rights to see, and there is some private time, booting with a Linux LiveCD would be useful. makeuseof recommends Hiren’s BootCD, The Ultimate Boot CD, and Knoppix.[2] If there's no evidence of sophisticated efforts, it might be worth using Portable VirtualBox[3,4] and a Ubuntu VM with LUKS.[5] However, using Portable VirtualBox would likely require admin rights to install drivers. It's fairly trivial to get admin rights in Windows.[6] And one could reverse all changes after installing drivers needed for Portable VirtualBox. But consequences of discovery might be painful. [to be continued] [0] https://search.disconnect.me/searchTerms/serp?search=46415e34-ef20-48fd-96b3... [1] https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx [2] http://www.makeuseof.com/tag/5-best-rescue-disks-windows-system-restore/ [3] http://www.vbox.me/ [4] http://www.howtogeek.com/188142/use-portable-virtualbox-to-take-virtual-mach... [5] http://mirror.pnl.gov/releases/14.04/ubuntu-14.04.2-desktop-i386.iso [6] http://www.pcworld.com/article/2039773/regain-your-pcs-administrator-rights-...

Remark: Just wonder how many later hackers started by bypassing parental/school network limits. Strict rules are just encouraging the right education. With limited budget is also not a bad idea to collect the components and other 'computer waste' from luckier friends and build an own computer for free. Kids will always win. At least in the long run. ;-) Sun, May 31, 2015 at 08:14:10PM -0600, Mirimir pise:

OK, stealth is the only option. The first requirement is a safe place for communicating, researching, and downloading stuff. Doing that on a compromised machine is most likely pointless.

I know nothing about parental monitoring software. But one could get a good sense of its universe from searching.[0] Task Manager shows what's running, but Process Explorer is much more informative.[1] It doesn't require installation, or admin rights to run, and one can run it from a USB flash drive. Its use will be logged, of course, but at least it won't show up as an installed program.

Right click on processes of interest, and select Properties. The Environment tab shows where logs etc might be found. The TCP/IP tab shows network activity and remote IPs/hosts.

If there is stuff that requires admin rights to see, and there is some private time, booting with a Linux LiveCD would be useful. makeuseof recommends Hiren’s BootCD, The Ultimate Boot CD, and Knoppix.[2]

If there's no evidence of sophisticated efforts, it might be worth using Portable VirtualBox[3,4] and a Ubuntu VM with LUKS.[5] However, using Portable VirtualBox would likely require admin rights to install drivers. It's fairly trivial to get admin rights in Windows.[6] And one could reverse all changes after installing drivers needed for Portable VirtualBox. But consequences of discovery might be painful.

[to be continued]

[0] https://search.disconnect.me/searchTerms/serp?search=46415e34-ef20-48fd-96b3... [1] https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx [2] http://www.makeuseof.com/tag/5-best-rescue-disks-windows-system-restore/ [3] http://www.vbox.me/ [4] http://www.howtogeek.com/188142/use-portable-virtualbox-to-take-virtual-mach... [5] http://mirror.pnl.gov/releases/14.04/ubuntu-14.04.2-desktop-i386.iso [6] http://www.pcworld.com/article/2039773/regain-your-pcs-administrator-rights-...

-- ..<(o)>..klokanek.............................................. (honza sipek) * klokanek (zavinac) eldar (tecka) cz skype: brouci.tykadylko * gsm: +420 776 817 817 ..................................... . .. .. . . klokankova homepage >------------------------> http://eldar.cz/kangaroo

Well, Depending on your particular bent options range from: Subversion, Evasion, Opposition, Resistance or Appeal to Authorities, such as teachers, law enforcement and so on. Arguments abound, and are largely the fodder of flame-bait and trollery. [Which is the source of my earlier comment, "accepting paternalism during youth is the slippery slope to paternalism from the state" - this is a popular opinion on this list, I'm sure, as are the gamut of opposing viewpoints.] This topic is ridiculous, there is no difference between hiding from 'your parents' and hiding from a nation-state attacker, in both scenarios you assume all of your equipment is untrustworthy, you have the advantage with 'your parents' because you know who they are, where they live, where they sleep and have physical access to all their devices. Unfortunately it is not trivial to hide from either attacker, depending on their abilities. Some degree of technical savvy is still required. Any constructive exercise might want to start with Threat Intelligence, thankfully this is fairly easy if you live in the same abode as your attacker, no? If your attacker has no goals or motivations, and carries out no attacks then there is very little you need to do, except, perhaps, clear your browser history. -Travis On Tue, Jun 2, 2015 at 2:46 PM, Gadit Bielman < thetransintransgenic@gmail.com> wrote:

On Sun, May 31, 2015 at 4:52 PM, Softy wrote:

...

Several responses have stated, and questioned, the children's rights accessing the Internet. Yes, with supervision. What all the responses have missed is the lack of distinction between communication and email. Claiming a child has a right to private extra-familial communications is as divided as the general access to the Internet. With supervision, without any more or less privacy than the child has in non-virtual communications.

And, what hasn't been connected to deciding on the level of supervision, the developmental state of the child is highly relevant.

Claiming a child merits access - with or without supervision - can only be made by the primary custodians of the child.

We wish to ignore this subtlety because we wish to ignore Society's overbearing on all of us.

The result in this specific scenario is, regardless of the child, the custodians require and merit a higher degree of technical faculty. To presume it is less than the childs is a mistake. Along with this ability comes the burden of communication: to provide an appropriate example. As with many non-virtual counterparts: many failure. such sad.

Why should this medium of bits be different?

Parents, yes, have a responsibility to raise their children, and as a result have a bunch of extra privileges and a bunch more authority over their children then any one person usually has over another. There is, for very good reasons, a very strong power dynamic in a parent-child relationship.

And any power dynamic is prone to abuse, the stronger it is the more likely. I'm am very scared of the idea of a power dynamic like that, where the person at the receiving end has their communication completely monitored. It means that, in case they need to ask for help, that request will be monitored. And depending on how abused the power dynamic is, that could be a Very Bad Thing.

Everyone needs a way to ask for help safely. Everyone needs a way to have peers safely. A power dynamic without those minimal checks is not a safe thing to have.

(Also, can I express surprise at seeing this opinion *here*? Like, I've heard this sort of argument before, and it definitely has merits -- but I Very Much did not expect it on the cypherpunks mailing list? Is there just some sort of toggle? Do people suddenly go from "no reason that they should be able to have privacy" to "spying and censorship are suddenly totally wrong" when they reach the arbitrary age where they are Now An Adult? Was "get breached" the only thing mSpy did wrong?)

-- Twitter https://twitter.com/tbiehn | LinkedIn http://www.linkedin.com/in/travisbiehn | GitHub http://github.com/tbiehn | TravisBiehn.com http://www.travisbiehn.com | Google Plus https://plus.google.com/+TravisBiehn

You're just assuming that the generic parental threat isn't omnipotent? Employees of the military industrial complex are parents too. There is no 'generic parental threat model.' What more do you want? What outputs are you expecting here? A flow-chart? Graphs & diagrams? The advice is the same as any other scenario: Threat Intelligence to figure out what the motivations and capabilities are. Standard opsec advice, such as compartmentalize as best as possible. Employ techniques and technologies used to achieve resilience in the face of generic nation-state attackers. Pursue externally mediated resolution [invoke the State's controls or employ physical manipulation] where it is merited. -Travis On Tue, Jun 2, 2015 at 4:37 PM, Gadit Bielman < thetransintransgenic@gmail.com> wrote:

On Tue, Jun 2, 2015 at 3:03 PM, Travis Biehn wrote:

...

Well,

Depending on your particular bent options range from: Subversion, Evasion, Opposition, Resistance or Appeal to Authorities, such as teachers, law enforcement and so on.

Arguments abound, and are largely the fodder of flame-bait and trollery. [Which is the source of my earlier comment, "accepting paternalism during youth is the slippery slope to paternalism from the state" - this is a popular opinion on this list, I'm sure, as are the gamut of opposing viewpoints.]

This topic is ridiculous, there is no difference between hiding from 'your parents' and hiding from a nation-state attacker, in both scenarios you assume all of your equipment is untrustworthy, you have the advantage with 'your parents' because you know who they are, where they live, where they sleep and have physical access to all their devices.

There's a big difference. A nation-state attacker you assume is maximally competent. Parents you don't. A nation-state attacker cannot personally monitor all their citizens. Parents can personally monitor all their children. As long as you aren't caught, a nation-state attacker cannot arbitrarily restrict your movement. Parents can. Besides non-automated methods such as looking up browser history, parents have a finite set of commercially-available software, with a mostly common set of capabilities. Nation-states have to be sort-of cautious -- if there was a mass-reveal of total surveillance of everyone, there would at least be some blowback, whereas there's not any social pressure on parents at all. In terms of what they care about, parents will prioritize moral issues -- being gay, trans, atheist, etc., among other stuff, depending on the family -- whereas nation-states will prioritize direct plans of action against them.

There's probably a lot more differences, and I probably messed up on some of them. Here's someone else's probably-pretty-inexperienced attempt at threat modelling parents: http://ilzolende.tumblr.com/post/110002779072/parents-as-a-threat-model . But there's not "no difference".

-- Twitter https://twitter.com/tbiehn | LinkedIn http://www.linkedin.com/in/travisbiehn | GitHub http://github.com/tbiehn | TravisBiehn.com http://www.travisbiehn.com | Google Plus https://plus.google.com/+TravisBiehn

On Tue, Jun 2, 2015 at 4:49 PM, Travis Biehn wrote:

...

You're just assuming that the generic parental threat isn't omnipotent?

On 6/3/15, Gadit Bielman wrote:

Yes, I am. I'm assuming that, if someone were to see some sort of generic

Please stop top posting.

parent solution, and they knew that their parents worked at the NSA and were able to use specialized technical skills, then they would know that it was just not applicable to their situation. But I'm assuming that that would nevertheless be useful for 90% of people. Or am I completely wrong about that?

Your assumption of useful to 90% of people is supposed to be relevant to this one person you are supposedly trying to help?

I don't know exactly what I want/expected. Like, it would be absolutely brilliant if there was some general, accessible-to-an-arbitrary-more-tech-savvy-than-average-teenager, howto security, possibly for simplicity specialized to parent-situations, but accessible security is in general a huge unsolved and possibly unsolvable problem. I suppose I was hoping to at least start.

You've been given quite a few practical starts in this list. Quite a few. Attempts to extract something which does not exist, is not seen in a good light. I suggest chill, and focus on how you might actually help the person you are proclaining to want to help.