Privacy, Anonymity, Security.... Tinfoil Hats

Discussion in 'Off-Topic Discussion' started by SevenforfiveSarge, Dec 20, 2015.

  1. SevenforfiveSarge

    SevenforfiveSarge Senior Member

    Messages:
    360
    This is the thread where I'll shill some high encrypted products, services, or just privacy oriented alternatives and gear I'm fond of or that I'm looking forward to premiering. If you have any of your own, share them please.




    First up is the Black Phone. A phone that comes from the mind of Phil Zimmerman that guy who invented PGP encryption, an encryption method that even to this day there are no mathematical or computational means of cracking. The phone's not bad on that front either. It went to Def Con and it was discovered that the only way to root the phone is for the hacker to have physical access to the device among a few other requirements; this may not sound like much but every other phone on the market was hacked remotely. Though it's certainly not cheap at around $600

    A review:

    It's worth noting that the Blackphone 2 is out and is supposedly more secure than its predecessor.


    Then there's Protonmail, a free encrypted email alternative to Gmail. The email service was funded through indieGoGo and easily surpassed its initial goal of $100,000.00, raising a total of $550,000. The email service is mostly for those who are interested in privacy but don't have the technical know-how to mess around with PGP. It can communicate with Gmail and other email providers with the option to send encrypted mail and the option to turn encryption off; all the keys and such are handled by the Protonmail itself with no user interaction required.

    There's a two step process for logging in, entering one's username and password followed by entering a mailbox password that decrypts all of your mail before being allowed into the account. The mailbox password is not known to Protonmail so there's no way for them to recover it if one forgets it. Unlike the BlackPhone though, ProtonMail is free and doesn't require much know how; if you can use Gmail, you can use ProtonMail.


    Random internet privacy stuff:

    For FireFox users, there's HTTPS everywhere. It forces websites that have the option to default to the more secure HTTPS version. It's really something simple and I don't see a reason against having it installed.

    There's also Adblock and NoScript to consider. NoScript especially since it allows you to block unnecessary third party scripts that run on websites. Privacy badger is similar to Noscript and it also works on google Chrome unlike noscript.


    For search engines, I think Startpage, Ixquick, and DuckDuckGo are nice. They don't record your IP address or log all of your searches into a database someplace. They also use SSL by default.


    I think more relevant than ever with how many people have been doxxed left and right are VPNs. They mask your IP address with another so your location is hidden. Private Internet Access is a pretty good one, though it's not free. It costs around $40 a year. No logging of activity and AES-256 with RSA-4096 for really good protection.


    For an alternative to Skype, there's Jitsi. It's open source code which I'm always glad to see. It's also encrypted by default and more secure than Skype which is notorious for how easy it is from which to harvest IP addresses.

    Then there's some basic real life gear that's handy like the Silent Pocket. It's a wallet that blocks RFID signals. I think it's a worthwhile investment. The wallets range from $20-$40 and with how technology is advancing and how easy it is to acquire RFID scanning devices (many are just smart phones with the apps) I think it's better to be safe than sorry. It's mostly to keep credit cards and driver's licenses secure from RFID scanning.

    The leader in privacy and security cases that block wireless signal


    Anyways this is becoming a long post. I'm sure I forgot some stuff I like so I'll post more later. I just think this is becoming a more important topic since CISA was passed. House Passes U.S Budget Deal; Includes Cybersecurity Provision

    1984 is on its way so if you value your privacy, you should take some easy measures to protect it.
     
  2. isaacbeans

    isaacbeans Is totally sexy.

    Messages:
    486
    Very useful article!
     
  3. Black_Bob

    Black_Bob Recruit

    Messages:
    19
    Thank you, this is great stuff.
     
  4. Angelus

    Angelus Senior Member

    Messages:
    1,334
    Few things to also note...

    -Any privacy concerns on Mac or Windows (especially Windows 10) are pointless to address. Micro$oft still has access to your loli folder, even if it's on a separate, encrypted drive. Install Linux Mint or Xubuntu.

    -AdBlock Plus rates higher for protecting your personal data from websites than Disconnect and Ghostery. I don't have the source saved for this, but it's a university ongoing research type thing.

    -If you don't wanna pay for a VPN, grab VirtualBox and operate TOR from within a VM when trying to revolt against your tyranical government, doing gross pedo shit, or buying drugs.

    -Don't bother with NoScript if you aren't willing to abandon a lot of functionality or modify the settings for each site. Disconnect and Adblock will do just fine, as long as you use DuckDuckGo, ixquick, or startpage.

    -Have unique cookies explode when you close the browser, but set exceptions. Having nothing to set you apart sets you apart more than having basic, common stuff. Keep your Facebook, Wikipedia, Twitter cookies, but drop the unique ones like sadpanda. Use the greasemonkey script instead.

    -If you want to go for RFID-proofing, go all out or just use tin foil. Aside from individual card slots, anything cheap is useless. Things like passports should be microwaved (3 seconds, you'll see it explode), as should any cards you're disposing of. Lower quality, cheaper RFID blockers aren't even as good as tin foil. If it doesn't need RFID for your use (i.e. online only credit card), three seconds in the microwave can disable it.

    -Can't go wrong with HTTPS everywhere. Very little issues, the most significant in my experience being eBay listing thumbnails not appearing in search.

    -ProtonMail is great and all, as is tutanota, but unless the recipient is also a tinsec, it's a pointless security measure.

    -The fewer backups you need the better. Don't trust cloud services with any secret information, but they're fine for stashing your animu pics.

    -Dual boot with Linux, and get used to using Linux. That fat fuck Gaben is working towards making Steam more Linux-friendly, and almost all games without copy protection work fine, as well as games installed on a Windows side of your machine. WINE will run .exe applications just fine once installed. Linux should be what you use on a regular day, if you need Windows to game, just buy a PlayStation and accept a gnu way of life.
     
  5. isaacbeans

    isaacbeans Is totally sexy.

    Messages:
    486
    lol i kinda want to make an infograph of this.
     
  6. Nonscpo

    Nonscpo Member

    Messages:
    105
    Okay So I have some dumb questions to ask, but I gotta ask em. I'm aware of DuckDuckGo, but I've never heard of Startpage & Ixquick, and to be frank cosmetically they look the same. Are they owned by the same company, same open source team, or just a random coincidence? Also is there a good VPN service that works well on PC and Mobile OS's that your aware off or would recommend?
     
  7. Blank Slate

    Blank Slate Senior Member

    Messages:
    435
    Ixquick obtains search results from many search engines whereas Startpage just uses Google. I use Startpage.
     
  8. Naoto

    Naoto Member

    Messages:
    139
    Solid recommendations.

    I think I've manage to tone down at least some of my paranoia. Mostly just run ublock origin, Ghostery, WoT, HTTPS everywhere, and occasionally Zenmate if I can be bothered with the lag.

    Fan of duckduckgo, but will give Startpage and Ixquick a try since ddg isn't always the most accurate. Noscript is nice, but didn't feel it was necessary on top of already overlapping ghostery and . Would just rather have quick functionality than dealing with scripts constantly.

    Definitely use Firefox on mobile. Especially with android since it allows you to run add-ons.

    But yeah I'm on Windows 10 and have a modern smartphone so any assumptions or hopes I have of privacy are kept in check by the reality of the times.
     
  9. isaacbeans

    isaacbeans Is totally sexy.

    Messages:
    486
    You can use a VM with whonix on your PC for privacy. Atleast on demand privacy. and money there are encrypted texting services
     
  10. SevenforfiveSarge

    SevenforfiveSarge Senior Member

    Messages:
    360
    Private Internet Access works on windows and mobile devices. It's a pretty good service with no data logging. It's around 40 bucks a year though.
     
  11. isaacbeans

    isaacbeans Is totally sexy.

    Messages:
    486
    I can help anyone who needs it, aslong as they work under me. Also. Tor is free. Just tor browser. Good for everything but torrents. For torrents, Id suggest another service.
     
  12. Largo

    Largo Senior Member

    Messages:
    1,800
    Quite informative, thanks.
     
  13. Blank Slate

    Blank Slate Senior Member

    Messages:
    435
    PIA is based in the United States so you'll be logged by the NSA. Mullvad and AirVPN don't store logs and are based in Europe.

    VPNs based in Switzerland have a good reputation, though I believe that the country has mandatory data retention.
     
  14. Maciej Miszczyk

    Maciej Miszczyk Moderator Staff Member

    Messages:
    164
    here's some securityfaggotry advice from me. I know a bit about computer security but as always, take it with a grain of salt and use common sense. your level of paranoia should be proportional to how many secrets you have and how much money/respect/years outside of prison you can lose if they become known but even if you're broke, don't do anything wrong and have no dirty secrets, it won't hurt to learn some security shit.

    files
    : if you really absolutely need to leave as little traces as possible, your best bet is to boot Linux from Live CD/DVD and don't touch the HDD (everything you do stays in RAM so it will disappear soon after you power down). this is of course not very convenient so for everyday use, encrypting your system disk should be enough. while Linux is more secure than Windows and doesn't spy on you, I wouldn't say that Microsoft has access to your encrypted shit for one simple reason: bandwidth. uploading all your shit would take long and you'd notice it. still, they might have access to your keys if you use BitLocker so use something open source instead. also, remember that files you delete can be recovered - there are tools to prevent that which do so by overwriting their content a few times with junk data.

    passwords: the longer your password is, the harder it is to bruteforce. special characters add complexity too. avoiding actual words is a common advice but I personally disagree: if your password is something like EAismyfav0ritecompany&I<3dayoneDLC, finding it by combining actual words, substituting numbers for letters and checking for different capitalizations isn't really too far from bruteforcing as far as complexity goes and it requires preparing a complex set of rules for dictionary attack software. keep in mind that different places have different password restrictions and might not accept EAismyfav0ritecompany&I<3dayoneDLC so maybe just use EAismyfav0ritecompany&I<3dayoneDLC as a password for KeePass/LastPass* and generate all the other passwords with it (this also means that if someone gets into a database of one of the websites you're using - maybe because it's run by idiots who still use MD5 - they won't access your other accounts). also, use two-factor authentication whenever possible

    identity: if there's something you can learn from Ashley Madison hack, it's that if you do something you don't want other people to know about, separate it as much as possible from your real identity. basically, if you don't want your mother to find out about your erotic MLP fanfiction or your used panty selling business, don't use your real name on websites with erotic MLP fanfiction or used panty marketplaces. don't use the usernames which can be in any way associated with your real name (even if your mother doesn't know that xXxElectronicArtsCutieMarkxXx is actually you). don't use your normal e-mail. don't mention where you live. basically, have another e-mail and username you won't use anywhere else and if you have to give any more data, just make shit up. you may notice I'm using my real name here - that's because I don't mind anyone finding out that I write boring forum posts about hating everyone and everything (everyone already knows I do that)

    IP: most of the time, there's no need to hide your IP. your IP address is not accessible to most internet users, only to mods/admins - and given the existence of things like NAT, DHCP and a few other acronyms, it usually won't reveal your identity (often, your IP can change; sometimes, someone else might get the IP you used to have). your IP reveals your ISP and the general area you're writing from but that's all - getting to you specifically requires your ISP's cooperation and they generally won't give that data unless things get criminal. if you really need to hide your IP because you upload beheading videos in the name of My Little Pony/Electronic Arts jihad, using a VPN is generally more secure than using TOR. whatever you choose, remember not to use your shiny new fake IP to log onto your real accounts and follow my identity protection tips - the fact that the guy who uploaded MLP/EA terrorist stuff has the same IP as xXxElectronicArtsCutieMarkxXx might not be enough to put you in jail but might be enough to send forensics team to look for those severed heads in your freezer

    communication: Facebook might not read all your private communications (there's just too much of them) but they could if they wanted to - and they will want to if somebody associates you with Pony EASIS. treat everything you post on social media as forever accessible by said media and police

    not getting robbed: don't use fucking foursquare. also, if you post anything to facebook or similar websites that shows where you currently are, make sure that random people can't see that.

    not getting doxxed: separate your online identity used for communication from the one used for shopping and shit like that. the guy who bought those panties from you might be a member of Pony Al-Qaida who wants all the data he can find on the members of Pony EASIS.

    not taking your company with you if you get hacked: if for whatever reason you have a work e-mail which can be used to gain access to anything in your company's intranet, don't use this e-mail for fucking anything outside of your work.

    * actually, don't use EAismyfav0ritecompany&I<3dayoneDLC as your password for anything
     
  15. Maciej Miszczyk

    Maciej Miszczyk Moderator Staff Member

    Messages:
    164
    seconding AirVPN. not too expensive, no data logging and for bonus paranoia you can pay in BTC
     
  16. Nonscpo

    Nonscpo Member

    Messages:
    105
    Thanks everyone!
     
  17. gezegond

    gezegond Recruit

    Messages:
    23
    There's nothing to log, your communications are encrypted, that's the whole point of using VPNs. The only thing NSA could potentially find out is the fact that you're using the service.
     
  18. isaacbeans

    isaacbeans Is totally sexy.

    Messages:
    486
     
  19. Largo

    Largo Senior Member

    Messages:
    1,800
    Hmm there's methods here I've never contemplated before, thanks for the info everyone.
     
  20. SevenforfiveSarge

    SevenforfiveSarge Senior Member

    Messages:
    360
    With regards to PIA, they've been very adamant that they keep no logs and that they're not legally required to either.

    Some things they've written on the subject

    NSA Misconceptions Regarding VPN Usage | Private Internet Access

    Free Speech Cannot Exist Without Strong Encryption

    After Paris Attack Where Terrorists Used Cleartext Communications and Credit Cards, Police State Hawks Demand a Ban of Encryption and Bitcoin

    Data Logging

    Regarding CISA.

    Regarding CISA and PIA