Security & Privacy
This page contains our recommendations on how to try and stay private, anonymous and secure in the world today. While much of this is focused on computers and online interactions we will also discuss topics related to everyday life.
TRUTHS TO NEVER IGNORE:
1 – Hackers are a threat to everyone. But the absolute biggest direct threat to your privacy, anonymity and security is not likely some mysterious hacker. It’s more likely the search web site you use, the social web sites you use, the forums you participate in, the manufacturer of your device and operating system, your cell phone provider, your internet provider, your email provider and countless other sites and things you use every day and never think twice about.
2 – Nothing can be erased after it’s posted. Your email, your text messages, your forum posts, your social media posts your comments on various web sites and everything else you put online exist forever. You can't erase anything once it’s in the wild. Delete does not mean erase in this world. Delete is the equivalent to closing your eyes and thinking, 'I can’t see it, so now it's gone.'
3 - Software and apps many times have malware. These can be hacked and many times have hidden functions other players have access to. These other players include the app designer, the phone company, your cell device manufacturer and many others.
Any of the above can be easily used to undo your device settings to whatever they want from wherever they are.
Software settings and switches are Software. (Did we really have to state the obvious here?). Pretty much every switch on every device these days isn’t a real switch. Anything software changes can be easily and instantly changed back without your knowledge by your phone company, the manufacturer of the device, the developers of the apps you have or hackers, without you knowing it.
Changing settings on any device is a way to make you feel good. No privacy setting actually ensures you any additional privacy. Anyone who recommends that changing settings will actually significantly protect your privacy, security and anonymity is either an idiot or lying to you. Because you have no way to know if any of these settings actually mean anything for real or actually do anything. But they will make you feel better.
4 – Smart phones and other smart devices (think voice assistants, smart TV’s, smart appliances, smart home security devices, etc.) were conceived and designed from the ground up to gather as much information as possible and to spy on you.
Many believe they did all of this to make life easier for you. Many also believe that the companies main objective was to sell the device and make money on it. Well that’s true in a way. The profit on a $1000 Smart Phone or $100 appliance is nothing compared to the profit of all the information they gather and sell about you. So yes, in the end it is actually about you, your family, your friends, your habits, your beliefs and any other data they can gather. The one thing it’s definitely not about is making a few bucks on a tangible product.
So they catalog your decisions and thinking, follow your every move, listen to your conversations. Determine who and how you interact with, to make the cataloging even more complete.
Amazingly they got people to buy their own ball and chain and strap it onto themselves willingly. Back in the day they had to hit you on the head and manhandle you to put the ball the chain on. Now, people put it on with glee.
Imagine what the Roman emperors could have done if they had Smart devices?
Imagine what the KGB could have done if they had Smart devices?
Imagine what the East German Stasi could have done if they had Smart devices?
Imagine what Nazi Germany could have done if they had Smart devices?
Now that you've imagined this, you should realize and accept what’s happening to you right now.
What does a 21st century ball and chain look like? It looks like a fitness band, a smart watch or a smart phone. Or any of the various voice assistants that do all these amazing things for you when you talk to them. As they listen to everything you say, record everything you watch and do, and learn your every thought, feeling and emotion.
One last thought on this...anyone who tells you you can make any Smart Device private and safe and ensure your anonymity and privacy is either an idiot or lying to you.
5 – Social media is a trap designed to get people to reveal their deepest secrets and personal information.
It sweeps up every last detail and then uses it in ways people cannot imagine. Cataloging the herd so it can be properly branded and dealt with.
What more is there to really say other than, anyone who has posted their photo, shared secrets, or posted their every personal detail, will one day regret what they have done. But it will be way too late.
Even more so for the deluded masses that post their children's information as well, to give them a running start at being perfectly branded cattle before they even get a chance to grow up and decide anything for themselves.
Do we have any tips on how to safely use social media? Unlike many other places that pretend to tell you how to be safe online, we’re not going to tell you to change settings and permissions or any other of that baloney.
The only way to be safe on social media is to not use it.
So when the rapist using his new 'find the photo' app takes takes a picture of you or your child on their phone, they won’t instantly get back the name and address and phone number of the person in the picture. Because the app developers have already indexed the social media sites and scrubbed them, forever knowing who you are and what you or your child looks like. And thanks to computer assisted aging software they know what your child will look like 30 years from now.
6– Security and privacy theater. The song and dance we constantly hear in the news. Giant billion dollar companies that make their money spying on people for maximum data gathering, posturing that they will not reveal their “whatever” to the government. It could be opening their encryption, or revealing names, phone data, web data, email data, etc.
Just realize it’s all an act and part of the game. Anyone who believes governments can’t get into phones, can’t get internet data and that the big mega companies are out to protect you from them, is insane.
And every few weeks or months Security Theater plays out the newest version of their carefully scripted act. Big bad evil government demands something from the really virtuous and saintly mega company. The saintly mega company publicly refuses, thereby showing how it’s protecting the masses it screws every day of the year in ways the masses never realize. And the masses then bow down in homage to the mega company, for protecting them from the big bad evil government.
If only the masses realized that the two sleep in the same bed and are best friends and lovers.
Below we provide a starting point in the world of privacy and digital freedom. All of these tips are helpful. The more you embrace them, the more safe and secure you will become.
One fact, a very persistent attacker after your data with unlimited resources will probably defeat all but the very best precautions. The issue for everyone is what are the odds such a persistent attacker is lurking in your life? Only you can answer that question.
1 - Any password can be cracked, given enough time and computing resources. However, if it takes 20 years to crack your current strong password, does it really mater? The goal is to make the time to crack long enough to where it is too expensive to pursue, or not worth doing.
Obviously longer passwords are better than shorter ones. But this is not always the case.
For example, your wife's name is Martha and your anniversary is 09/10/1995 (which you happily posted on your social media page) and your password is “ilovemartha09/10/1995” which is pretty long and you are content and patting yourself on the back with your big 21 letter password.
You think you have a great password, but it’s actually a lousy, easily compromised password.
But in reality GL*^40xp, while much shorter, is a much better password.
Which is a long round about way of saying passwords need to be random and not guessable. Twenty or more random characters (upper case, lower case, numbers, special characters) is what makes cracking your password really hard.
2 - Password Managers are false security. Why would anyone believe that the software running the password manager is secure, can’t be cracked, isn't a honey pot, and doesn’t have bugs and other vulnerabilities. Cloud managers are even less secure.
The most secure password manager is the one between your ears.
3 - Never use the same password for more than one thing!!! And never use social media logins as a gateway to log into other web sites. You will be hacked eventually. And why give the social media company access to all your other website accounts?
4 - Key codes or pins. 4 numbers is really not enough, but is often the only option. Use the maximum number of digits provided. And don’t use a pattern like all 4 corners top left clockwise, or your birthday, or similar.
5 - I don’t need a password, I have biometrics. And somehow you believe these can't be cracked, simulated or otherwise compromised?
6 - Password recovery security questions… Lie, lie and lie. All the information you provide should be completely false. Of course, you have to remember your lies.
7 - Two factor authentication. Oh, I'm really secure now because even if a perp gets my password, the two factor authentication of an email or text will save me. Sorry, but the determined perp could already have access to your email and text messages. Oh, I use a cloud site for the second factor. Yup, great, you give the keys to your castle to a mega corporation that’s sleeping with the government. But they promised privacy --- how dumb can you be?
Computers and Encryption:
1 - Whole disk encryption. If you loose your computer or someone gets into your house or hotel room and has access, they will not be able to boot it up or clone the drive and get your data. Simple, yet very bullet proof if done right.
Linux uses LUKS. Windows uses Veracrypt. Do not trust the encryption that comes with your operating system (excluding Linux). They likely have a way to get in.
2 - If using Chromebook, Windows or Mac PC’s ask yourself why you would expose yourself to an operating system that monitors everything?
Even better, use Linux, learn how to properly configure it and have the best possible platform for privacy and security.
3 - Always keep frequent backups of everything on various drives in various physical locations. Drives with backups must be encrypted. Never use cloud backup. Why would you give a company total access to all your personal files? Yes, we know, they promised it was encrypted and safe and unhackable (LOL). How many bridges are there in Brooklyn these days?
4 - Multiple computers. PC’s are pretty cheap these days. Linux is free. Have more than one. One for every day surfing and even another for fooling around. And definitely one dedicated to only important things like bank accounts, credit card payments etc.
If carrying 2 or 3 PC’s is too much, consider the second or third PC on a bootable flash drive which boots on your main PC, isolated from it. (SEE Here). Or using multiple Virtual Machines on one physical PC.
Virtual machines can be your best friend. They allow you to boot up multiple “virtual” computers on one PC. These machines are pretty much (once again, software guarantees nothing) isolated from each other and the host machine. For everyday purposes like having a different PC for different tasks they are a good choice.
5 - Never set your laptop to sleep on lid closure or ever go to sleep or hibernate. Always set it to shut down on lid closure, push of the power button or low battery. If your computer is ever lost or stolen it is much easier for your opponent to get into it or get data from it if it’s in sleep mode.
6 - At the very least put tape over all cameras all the time. Microphone settings are software based on all modern devices. There is no hard switch to turn the mic off. As already discussed, since software turns it off, software can turn it on. So a hacker (really trivial to do), your favorite app, software you use, the designer of your operating system and even the manufacturer of your computer, using built in spy software on your device can turn on your microphone anytime they want to.
Lots of people and websites recommend putting a cut off mic plug into your computer or device, to prevent the computers microphone from being turned on. The theory is it tricks the system into thinking an external mic is attached and therefore turns off the internal one. But since this is also software accomplishing this, it’s just as easy to bypass this supposed rock solid fix, as it is to bypass any other software setting. This recommendation is the ultimate in make you feel good baloney, because you think you've actually built a security product by snipping off the mic cord. You’ve built this with your own two hands. And therefore you trust it, since you are the one that built it.
The one absolute foolproof method to all of this is simple and sometimes easy to do and other times not. It depends on your device. But the bullet proof solution is to open up your computer or device and physically remove the camera and microphone. No hack, malware or spyware can bypass this.
7 – Whenever you download software you need to check it to make sure it’s the real thing, especially if you’re downloading from a mirror or other site, which is not the main software website. There are a lot of download sites out there that have modified versions of popular software on them that work just fine, but contain malware or other code. You should get the manufacturers checksum of the software package to verify the integrity of the download and compare.
Email, texts and messaging:
1 – You need more than one email address. And you need disposable email addresses.
You should always have multiple email addresses and isolate various categories across email accounts. For example, have an email address for your bank accounts. Have an email address for your credit accounts, have an email address to talk to friends with, have an email address for shopping, and have an email address for when you sign up for things on web sites not included in the above. By isolating your categories in such a manner you ensure a breach at one does not overflow into the others.
If you spend a lot of time going to websites that you really wouldn't want co-mingled with your everyday life, get disposable email accounts. Sign up for the website, give them a disposable address, get the confirmation and never use that email address gain.
2 - Don’t open any unknown email and if you do, never respond to them.
3 - Make absolutely sure the email you think is known isn’t fake. Even if it looks like it’s coming from your best friend in the world. Their email might have gotten hacked and their email list taken and now spoofed to make you trust the sender. If you get an email from your best friend in the world, or your boss or someone at work that even remotely looks funny, pick up the phone and call them to verify before opening.
4 – If you use a typical commercial email service, understand that you can't really delete anything. Deleting anything from your account just hides if from your view. But the owner of the service keeps it forever.
5 - Email by itself is not secure. SSL encryption only encrypts the data over the internet. Not the email that arrives and lives at the server. And SSL can be broken and decrypted in transit. Therefore you must consider any standard email you send to be readable by many different actors.
6 - Set up PGP encryption for your email and get your friends to set it up too. Send all emails using PGP encryption. In this way the actual contents of the email are encrypted with your own encryption key that nobody else has access to. This is the only way to prevent your email from being read by anyone but the intended recipient.
7 - Big mega company free email services. No matter how much they boast of their security and all that jazz you must realize all your emails are read by their scanning software, cataloged, analyzed and saved. And they not only learn about you, but also about everyone you know. Every thing you ever wrote or received is theirs forever to use in any way they see fit. And they will use every bit of it. None of it is private. If you must use this kind of free email, use PGP as described above. This will at the very least prevent them from being able to scan and read your email.
8 - “Secure” free email providers. Many secure free email providers have popped up in recent years. Promising strong encryption of the email. These so called secure encrypted service providers may also not be secure. They have the encryption keys. Their platform, especially if proprietary, may have lots of bugs. They may have misconfiguration issues and weak keys, and ciphers. You have no way of knowing. Some of these are financed by various government entities to create effective honey pots and gather information on people who actually value their privacy. Others use the names of famous or known people as being part of the company to prove their legitimacy. The claim 'so and so' famous person is associated with our company, so we must be good and honest. But don't forget, Enron was legitimate until it wasn’t, Bernie Madoff was legitimate, until he wasn't. Harvey Weinstein was legitimate, until he wasn’t. And Jeffery Epstein was legitimate, until he wasn’t.
9 - To prevent your local IP address from being sent along with your email showing your current location, always use a VPN when sending emails. When on a VPN the 'send from' location IP address will mach that of the VPN server and the location of the VPN server.
10 – Text messaging and chat services. Understand this. All text messages are recorded and saved forever. They will never go away and what you said 20 years ago will come back and haunt you eventually.
11- Encrypted messaging and chat services. There are lots of new encrypted messaging services promising privacy and safety.
Many use weak and questionable encryption. But since these companies are usually funded by larger companies and possibly though government covert operations, you’ll never know exactly, because they will never tell you the details. With well funded advertising campaigns they will create a “new truth” about how great and safe they are. This will be repeated over and over again in all the magazines, websites and television reports that they can buy. And presented as a well known fact because of how many times it’s been said.
12 – Social web site messaging. Some social sites now offer secure and encrypted chat or text options. These social sites were built to spy on you and record data so they can sell it. No matter how secure they actually make it from “hackers” it will never be hidden from them or whomever they choose to share it with.
WiFi, routers and internet.
1 – Disable any guest logins you might have. No one should be able to log into your Wifi without full authentication.
2 – Update the firmware on your routers often to make sure you have all the latest patches. Patches are a good thing and prevent known bugs from becoming entry points into your router. And since new bugs are always being found that is the reason you need to patch often.
3 – Change the SSID on your Wifi router to a name that does not tell everyone what kind of router you have. Broadcasting the kind of router you have makes it that much easier for someone to look up known bugs and figure out how to get into your router. You should change the default password to a strong one while here too.
4 – Wifi even with the strongest encryption available can be hacked by a determined opponent. Which means someone can in theory sit outside your house or business and get into your network via your Wifi. If you really want to make this bullet proof turn off the Wifi and run Ethernet cables to your devices.
If you must use Wifi, use a very low power Wifi device that doesn't provide a strong enough signal to get much past the outside of your house. The $400 super Wifi router with 12 antennas that you can reach from the next block is not the best option.
5 – WiFi and Bluetooth can be and will be used to track your movements. Turn off WiFi and bluetooth when not needed. Delete unused WiFi Networks from your device. If you don’t, every time you get near one of those networks it will recognize you. In addition, by turning off WiFi and bluetooth you prevent your device from automatically connecting to rouge networks. It's trivially easy to spoof a WiFi network and trick you into thinking you have connected to a known safe network.
6 – When using free, unknown or otherwise shared networks always use a secure VPN to encrypt your traffic. A properly configured VPN also protects you from other users on that network and from the owners of that network.
Coming soon. Will include in no particular order:
Securely deleting data
Automobile computer and infotainment systems
Internet of Things (IoT) devices
Checksums, hash and PGP signatures.
Loyalty cards and programs
Reverse the roles and be the tracker to protect yourself.
Putting all of this together to make yourself as anonymous and secure as possible.
Tips on how to secure yourself and your life and make yourself as Anonymous as possible in this age of constant surveillance, reporting and spying: