Comments 1 - 34 of 34 Search these comments
Memorise as much as possible
Specifically, questions like "best VPN", "best cloud storage" etc. seem to come from people who are quite new to online privacy, and tend to come from the wrong mindset. Namely, that any data you store on networked hardware, or anything 'cloud', then you must assume that it has been harvested by LE and will be available for them to review at any point in the future.
never maximize the Tor window
Not going to hold your hand here but d/Opsec is a good place to start.
Using AI to track people in TOR:
If you really want to know, I think Mullvad is the best VPN
I'm a linux coder, I can make an encryption tool which is basically unbreakable under Linux. Anybody wanting to port it to Windows, I'll make it available.
It uses the NaCL library (also know as SALT of course), AES256, SHA256SUMs, and the only way to crack it (that I can think of) is by guessing the initial password.
richwicks says
I'm a linux coder, I can make an encryption tool which is basically unbreakable under Linux. Anybody wanting to port it to Windows, I'll make it available.
It uses the NaCL library (also know as SALT of course), AES256, SHA256SUMs, and the only way to crack it (that I can think of) is by guessing the initial password.
richwicks why would someone want to use it over some of the existing tools, like GPG / PGP / openssl etc...
I know they have both javascript and java ports for NaCL, which would make it easy to run on any popular platform. Adding those runtimes into the mix adds some tiny attack vectors via increased surface area, but that may not matter for most uses.
I have thought of rolling my own encrypt / decrypt routines using established libraries. My reasoning is that by making some changes, I can probably escape most low-effort attempts to defeat encryption. They may have ways to defeat certain encryption schemes now, or will discover them in the near future, and by me not using the same flavor as everyone else, I may gain some degree of immunity to some automated tooling someone might use.
Reinette Senum interviews a NorCal county worker whistleblower and exposes how Covid-blood-money is funneled from the Federal HHS to individual states’ Department of Health Care Services (DHCS), ultimately to be distributed to all the counties to create this electronic statewide healthcare record system. This will allow all government and its agencies, schools, clinics, higher education, law enforcement -and more- access to your medical records, including mental health, 24/7 and without your consent or knowledge.
To some, this may seem innocuous. But in the era of “abuse of power,” lack of government transparency, and the dystopian specter of China’s Social Credit system, one quickly realizes this is a slippery slope.
By design, Covid is the driving mechanism and justification for installing this personally invasive digital medical system.
You will always have as much privacy and freedom as you're willing to fight for.
The tax-prep companies—TaxAct, H&R Block, and TaxSlayer—are said to have “shared millions of taxpayers’ data with Meta, Google, and other Big Tech firms” using computer code known as pixels, according to the report by congressional Democrats.
Pixels are used across the Internet as pieces of code on websites that are used to gather information about visitors.
Companies, such as advertisers, use that information to understand the website users’ interests and behaviors.
“Tax-prep companies shared extraordinarily sensitive personal and financial information with Meta,” the report said.
Collected data include names, tax information, and details of dependents among others. ...
The data of users were collected via Meta Pixel and Google Analytics.
TaxAct’s Meta Pixel deployment collected the following information on taxpayers:
full names
email address
country
state
city
zip codes
phone numbers
gender
date of birth
filing status
approximate adjusted gross income
approximate refund amount
names of dependents
buttons clicked online
web browser used
In addition, TaxAct used another Meta tool to collect indicators of whether a taxpayer was the head of the household, had certain assets, investment income, mortgage interests, standard deductions, charitable contributions, Schedule Cs, and student loan interest. ...
TaxAct collected “substantially similar” data using Google Analytics.
“H&R Block and TaxSlayer also revealed an extensive list of data shared via the Meta Pixel, including transmitting information on whether taxpayers had visited pages for many revealing tax situations, such as having dependents, certain types of income (such as rental income or capital gains), and certain tax credits or deductions,” the report said.
Taxpayer privacy laws contain penalties for violating the rights of those who pay taxes, including large fines and potential jail time.
Tax preparers are required to obtain written consent from the taxpayer before disclosing their tax return information to a third party.
The report notes that, by handing over such data to Meta and Google, the three tax-prep firms violated the law.
Violation of the law comes with criminal penalties of up to $1,000 per instance as well as jail time of up to a year.
Since the companies shared the data of millions of taxpayers, they could be on the hook for billions of dollars in potential criminal liability
The tax-prep companies—TaxAct, H&R Block, and TaxSlayer—are said to have “shared millions of taxpayers’ data with Meta, Google, and other Big Tech firms” using computer code known as pixels, according to the report by congressional Democrats.
What do most of you use for taxes?
How do you get your bills? Online? Do you get mail?
How do you think you get marketing mailers from national brands that you never used?
In contrast, the electric utility just said, "Fine, no SSN, we need a $100 deposit (refundable once I terminate service in good standing)." That's what those idiots at the gas company couldn't even remember.
Online, and mail, to my real address of course. But not in my real name.
No one's asking you to dox anyone. Is that your excuse to not deliver? I can give you a temp email to send the data to, just send enough to prove your point, nothing more.
TLDR: Nothing is safe, for complete privacy, move inna woods and live like a caveman
TLDR2: If you're not a glowie, currently the most private setup is to have a 2nd hand laptop, running non-persistent Tails on starbucks wifi. Never use your home internet, real name, don't reuse usernames or passwords. Memorise as much as possible, don't write shit down anywhere.
Ok, so for most of us that isn't possible. However I do see a lot of posts on this forum that are, unfortunately, wrong, or at least unintentionally misleading, so I want to try clear things up a bit.
Specifically, questions like "best VPN", "best cloud storage" etc. seem to come from people who are quite new to online privacy, and tend to come from the wrong mindset. Namely, that any data you store on networked hardware, or anything 'cloud', then you must assume that it has been harvested by LE and will be available for them to review at any point in the future. The old adage of "there is no cloud, it's just someone elses computer" applies here.
Are you a fat pedo with 100TB of CP? Are you a darknet heroin seller? Are you a journalist in China? Are you a (god forbid) free-thinking citizen who does not 100% agree with the current narratives?
This matters, and does dictate the level of opsec you need to implement.
IF YOU ONLY CLICK ONE LINK, MAKE IT THIS ONE This is quite a comprehensive guide, which covers most privacy basics -
https://anonymousplanet.org/guide.html
KICK JACK & ZUCK OUT OF YOUR LIFE FOR GOOD List of alternatives to big tech platform, fediverse etc
https://wiki.techxodus.org/en/home
and
https://gitlab.com/FSMdotCOM/foss-front-ends-and-alternatives
If you have more time, understand that cybersec is always evolving faster than any individual can keep up with. Get to know the history of the field, the motivations of LE which make our lives oh so wonderful, and learn how to mitigate against them.
These are good places to start:
https://en.wikipedia.org/wiki/Global_surveillance
https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects
https://en.wikipedia.org/wiki/ECHELON
I'M NOT A CRIMINAL THOUGH neither were Charlie Chaplin, Princess Di or John Lennon... but they're on this list:
https://en.wikipedia.org/wiki/List_of_people_under_Five_Eyes_surveillance
INCENSER, aka intercepting traffic from the backbone of the internet
https://www.electrospaces.net/2014/11/incenser-or-how-nsa-and-gchq-are.html
DARKWEB Safer - never use JS, never maximize the Tor window, assume that one day you'll be caught anyway. Not going to hold your hand here but d/Opsec is a good place to start.
(Edit: There was another subdread (d/DNMbusts) that had lots of useful info but it appears to have been deleted. However, the general idea of looking how people have been caught and mitigating against those methods is a useful one, and lots of useful info can be found on this on the clearnet.)
Start here, you're on your own from there on -
dark.fail
or its DN address:
darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion
Even then, you're not safe, know that a lot of universities, LE and other people that don't know how to have fun spend a lot of time trying to 'disrupt' the dark web.
Pastebin link discussing how people are deanon'd on the DN:
https://zerobin.net/?e7bb1676c24b4bda=#kZhNYD3L8zfBYE/5nNfv86eZLPw+crCtb3TkP0T7v4w=
and how this was done:
https://zerobin.net/?5381524b75d99885=#krVptUhQzB1fkFaGW6HhfEvAAGtUh6QGtHr7jTxggpY=
Using AI to track people in TOR:
https://news.mit.edu/2019/lincoln-laboratory-artificial-intelligence-helping-investigators-fight-dark-web-crime-0513
Shit can, and will, come around to bite you in the ass. Here's a guy that got sentenced in 2021 for doing something in 2011:
https://cointelegraph.com/news/alleged-366m-bitcoin-mixer-busted-after-analysis-of-10-years-of-blockchain-data
Understand the importance of FUD and the emotional techniques behind it - you can only defend yourself against it if you know what it is and how it works.
FREE SOFTWARE Only use open source software you can audit yourself. If you absolutely need to open a binary, scan it with something like Malwarebytes, open it in a VM, run it through Ghidra, thanks to the boys at the NSA
https://github.com/NationalSecurityAgency/ghidra
That's all I have for now. Please let me know if I got anything wrong, feel free to share this. (If you really want to know, I think Mullvad is the best VPN). Also happy to answer any questions, but just know that I'm no cybersec professional, just a retard with a keyboard
And remember - you just run them over
https://invidious.namazso.eu/watch?v=AbG6u86t4bA
Edit: Thanks for providing more useful links in the comments.
I'll keep adding useful links as I find them too, they are:
List of companies that aren't pozzed by communists: https://www.cancelthiscompany.com/News-Alt-Tech-Outlets.html
Another useful site with lots of general info: https://www.privacytools.io/