[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /cyb/ - 35429



File: 1471412044209.png (434.69 KB, 225x300, nwere.jpg)

No.35429

tips and standard operating procedure for sanitizing your online presence and avoiding meatspace exploits that compromise your privacy.

pay with cash
turn your phone off in crowded areas.
use openvpn on your cellular data.

  No.35433

I'll cover the obvious cases I do.

Don't use social media. This is easy.
Disable JS in the browser. Most browsers requiring it aren't worth it. Many websites have an API that doesn't require JS that you can use manually instead.
Use a VPN or Tor. This is self-explanatory.
Don't own a phone. I don't; it's as simple as that.
Change your appearance subtly in all documented photos, such as IDs. Changing your hair style is an easy way to do this.
Don't let people take photos of you unless it's reasonably necessary. Always offer to hold the camera for group pictures and whatnot.
Use Free Software. This is also self-explanatory.
Avoid mega websites such as Google that will attempt to track all of your online activity. This is pretty easy if you disable JS.

This is all I can currently think of, so I'll critique yours now.
>pay with cash
This is good advice.
>turn your phone off in crowded areas.
>use openvpn on your cellular data.
It's really better to avoid owning a phone. If you really need to use one, many people will let you borrow one.

It's also a good idea to wean yourself off media that has DRM or must be shared online illegally. This is no different than eating healthier, really.

  No.35437

>>35433
>Don't let people take photos of you unless it's reasonably necessary.
I wish I could call this paranoid, but I've seen too often people posting photos of me on fb after I had explicitly asked them not to do so.

  No.35443

File: 1471425983764.png (125.77 KB, 200x115, 2016-08-17-020427_1600x900_scrot.png)

>>35429
>>35433
I want to elaborate on some of these.

>pay with cash

this one is more important than you might think. If you want, you can use ATMs to have a bank account, but watch out for fake ATM fronts. Seriously, inspect them.

>turn your phone off in crowded areas.

personally I keep my phone off unless there's some reason I need it on(which is about half the time). Remove the battery. Text through Signal and try to get all your friends to as well.

>Disable JS in the browser

needs to be more precise. JS is oftentimes needed and usually benign. Use something like policeman or umatrix(I prefer umatrix) to enable content to/from certain websites. Image is a list of firefox addons that I use and would recommend. To further harden firefox, go to about:config, search for google, and delete every entry that comes up. Also consider enabling most of the options for Random Agent Spoofer, it gets most things.

>Change your appearance subtly in all documented photos, such as IDs. Changing your hair style is an easy way to do this.

this won't work. Anyone competent will be able to recognize your face. I recommend not having any more ID than is strictly necessary on you, though.

>Use Free Software.

Simply using free software is not enough to protect you, though. One needs a lot of technical experience to really get it right, and unfortunately it's usually hard to ask the right questions for personal research.
Some basic pointers:
-linux and OpenBSD are the only reasonably secure operating systems
-there are things called containers or jails, which you run applications in, that are very useful for preventing hacks. I recommend firejail.
-free software cannot fix defective/compromised hardware. Phones are guilty of this particularly.
-the chromium browser is open source and reasonably secure, but it's simply not possible to harden it as much as firefox.
-newer almost always means more secure.

>avoid google

good google alternatives include duckduckgo(I personally love the !bang functionality) and startpage.


generally, if you're coming down this rabbit hole, you need to be pretty paranoid, but it needs to be controlled paranoia. Don't be afraid of hypotheticals, be afraid of real possibilities. Keep up to date with the latest tech and hacking news. Many exploits that have been proven to work are outlandish, while many simple things that seem easily breakable are in fact not.

  No.35448

>>35429
>turn your phone off in crowded areas.
just turning your phone off isn't enough
Sim can be turned on its own, and phone can track you still
It's necessary to have complete control over your phone
Best course of action is to get Sim and battery out of phone

  No.35449

>>35443
>fuckfuckNo
didn't you know that creator already has previously owned a site and sold all private info on users to some companies?

  No.35455

What is the best VPN? Both paid and free.

  No.35466

>>35437
Yeah tell me about it.
I had to put a keylogger on my mum's phone to get her FB password to delete them.

  No.35467

>>35449
yah and startpage is shady as fuck. Ultimately, you have to trust someone or something, otherwise you can't do anything.

  No.35468

>>35467
>>35467
>you have to trust someone or something
>implying
how about meta-search engine on a remote VPS and you only contact it through Tor to retrieve data?
something like searx.me

  No.35475

>>35470
The irony is that opsec threads undermine opsec. The only rule of opsec is don't talk about it.

  No.35476

>>35468
do you trust your VPN? Do you trust those tor nodes? Do you trust your hardware? How can you know to trust that particular insance of searx.me?

Like I said, you have to trust someone or something. Controlled paranoia.

>>35475
this is fucking bullshit.

  No.35478

File: 1471457806350.png (58.17 KB, 200x136, 2016-08-17-131127_1047x708_scrot.png)

>>34643
>>35161

are both threads also about OPSEC, and that's just searching "OPSEC" in the catalog.

pic-related: Bottom-right.

  No.35480

>>35478
The frontpage should have a "before you enter" link that lists an up to date version of the rules and a faq on using chan features similar to http://www.4chan.org/faq but with more details on why it's important to use catalog, using the sage function to respond to a thread without bumping it, and discourage artificially bumping posts with "bump", and "me too".

  No.35498

>>35476
>do you trust your VPN
VPS* provider
And no, I don't need to because I paid them by anonymous means

>Do you trust those tor nodes?

I trust the truth, and truth about Tor is unnegotiable
Tor can see your data, but can't see who you are.
As long as Tor exit nodes and Tor entry nodes aren't owned by same person that can correlate the times of packets, I have nothing to worry about (but I can mitigate that sort of thing)

>How can you know to trust that particular insance of searx.me?

I look through the code provided
https://github.com/asciimoo/searx

>you have to trust someone or something

The only thing I need to trust is truth.

  No.35499

>>35467
>startpage is shady as fuck
why do you say that?

  No.35501

>>35480
I WOULD LOVE TO DO THIS BUT QUITE FRANKLY I HAVE NO IDEA HOW.

  No.35502

>>35498
>And no, I don't need to because I paid them by anonymous means

so because you're anonymous, they're not logging everything you do through their VPS?

>Tor can see your data, but can't see who you are.

not even correct.
>As long as Tor exit nodes and Tor entry nodes aren't owned by same person that can correlate the times of packets, I have nothing to worry about (but I can mitigate that sort of thing)
and you have any assurance that this is not the case?

>I look through the code provided

you have no way to know that that code is what's actually running

>The only thing I need to trust is truth.

seems to me you're putting a lot of trust into things that can't be proven.

  No.35505

>>35499
idk, when I read their 'about' page I got a little spooked.

Really they're not all that different from ddg, but ddg has !bangs so I go with them.

  No.35511

>>35502
>>35502
>they're not logging everything you do through their VPS?
even if they do, they don't know who is using that

>and you have any assurance that this is not the case?

did you miss the "I can mitigate that sort of thing"?

>you have no way to know that that code is what's actually running

>that that
sure thing buddy

>that can't be proven.


Look buddy, your posts ITT were at best low quality and at worst shitty baits
Just stop posting

  No.35515

>>35505
From DDG privacy terms:

"If you care about search privacy, you might also want to check out these other search engines that take it seriously by default."

Then it gives a link to Ixquick. Sounds slightly shady, but I don't think they're saying "if you really care, use something else", they're just making alternatives known out of support for anonymization.

Their privacy terms are here: https://duckduckgo.com/privacy

Most people are skeptical bc of the founder's work history, which is valid to a point but it doesn't prove they're lying about logging or anything or that he doesn't actually believe in privacy protection. Snowden worked for the NSA and is currently working on phone encryption technology for journalists abroad. Should they/we not use it then? (this would be the same logic)

  No.35519

>>35505
>even if they do, they don't know who is using that

they have an inbound IP address. Any chump can look up the location it's bound to

>did you miss the "I can mitigate that sort of thing"?


explain to me how.

>>that that

>sure thing buddy

it's valid syntax, and you didn't actually refute it.

  No.35520

>>35519

should reply to

>>35511

whupsie.

  No.35542

>>35501
Webmaster cannot into webmaster

  No.35580

Protip is not using Internet connection more than necessary. Personally my plan is to get stuff like movies or music for long time, use offline wikipedia and just be. It's shame I use W7 (habits, propertiary software, encrypted system and using two systems is uncomfortable with fucking to rice to look cool) and it frightens me. IMO It's effective to dissapear for some time and start again.

  No.35591

Any tips for hiding your identity from cameras?
I've seen those baseball caps with built in IR LEDs, but they only work if you're directly looking at the camera.

  No.35607

Moved to >>>/sec/28.