patrick.net
An Antidote to Corporate Media
1,257,229 comments by 15,002 users - Blue, Ceffer, Misc online now
invite response« First « Previous Comments 12 - 34 of 34 Search these comments
12
richwicks
2022 Nov 17, 9:38pm
richwicks
2022 Nov 17, 9:38pm
Hircus says
I don't believe that there are any attempts to stop low effort decryption. It's all about efficiency in encryption, which is stupid.
Consider this - enter a key "this is a k3y that ! hope you can't break" - do an SHA256SUM on that, and then repeat the SHA256SUM on the result, and repeat this process 1,000 times. Make the result your AES256 key. This is computationally expensive. You can be more complex. The SHA256SUM of "this is a k3y that ! hope you can't break" is:
42bd22ce6ecda78c3dcb10f506e2e198dbbf4ff7e6931a0115c964ad257db873
Take the first 2 digits to be 0x42 PLUS 1000 iterations, so each time the number of iterations changes.
The idea is you NEED THE ORIGINAL KEY to break it.
I'm fully convinced that all off the shelf encryption is now compromised, at least for symmetrical. There was a known bug in the random number generator of (I believe) BSAFE which was repeatedly identified, and ignored, and was later discovered to be a backdoor.
And in fact, yes:
https://en.wikipedia.org/wiki/BSAFE
First paragraph.
The Soviets had something similar to DES, but they had more more rungs, and the S-Boxes changed based on the key. Understanding the math is a good thing, but difficult, but making it so that the math CHANGES constantly, that's an exponentially more difficult problem. The trick I think today is making it very difficult for hardware solutions to solve the problem. If you have an algorithm that wastes a couple thousand cycles to decrypt, that's not a big deal for a known key, but for guessing a key, it makes the problem exponentially more difficult.
We hear about side attacks where the sound of a chip, or the EM frequencies can help decrypt the key, that's bullshit. You'd need a device next to the encryption device to do this, and if you have access to the machine, you basically can bypass all the encryption. The intelligence agencies are constantly trying to make us think they are geniuses, when in reality, they engage in subterfuge. The easiest way to get a key, is to put a camera on your keyboard, and watch you type it.
BTW: ever notice that when you read a book on security, you are CONSTANTLY warned not to implement it yourself? Why not? It's pretty easy to check it is accurate, if you encrypt with your implementation and can decrypt with an off-the-shelf solution, you don't have a bug. How could you? Why are they CONSTANTLY telling you not to roll your own? Well, any side attacks known won't work on your roll your own version, and you might be using a truly good random number generator. Can't have that!!!
Let's remember that Kevin Mitnick stole a bunch of information (presumably) and used his own encryption to secure what he had. He refused to give up the key, and the intelligence agencies couldn't break it - didn't save him from prison though. I'm pretty convinced that most off the shelf crap is compromised. Security is very hard, however, I believe the algorithms are strong, the implementations are weak.
richwicks says
I'm a linux coder, I can make an encryption tool which is basically unbreakable under Linux. Anybody wanting to port it to Windows, I'll make it available.
It uses the NaCL library (also know as SALT of course), AES256, SHA256SUMs, and the only way to crack it (that I can think of) is by guessing the initial password.
richwicks why would someone want to use it over some of the existing tools, like GPG / PGP / openssl etc...
I know they have both javascript and java ports for NaCL, which would make it easy to run on any popular platform. Adding those runtimes into the mix adds some tiny attack vectors via increased surface area, but that may not matter for most uses.
I have thought of rolling my own encrypt / decrypt routines using established libraries. My reasoning is that by making some changes, I can probably escape most low-effort attempts to defeat encryption. They may have ways to defeat certain encryption schemes now, or will discover them in the near future, and by me not using the same flavor as everyone else, I may gain some degree of immunity to some automated tooling someone might use.
I don't believe that there are any attempts to stop low effort decryption. It's all about efficiency in encryption, which is stupid.
Consider this - enter a key "this is a k3y that ! hope you can't break" - do an SHA256SUM on that, and then repeat the SHA256SUM on the result, and repeat this process 1,000 times. Make the result your AES256 key. This is computationally expensive. You can be more complex. The SHA256SUM of "this is a k3y that ! hope you can't break" is:
42bd22ce6ecda78c3dcb10f506e2e198dbbf4ff7e6931a0115c964ad257db873
Take the first 2 digits to be 0x42 PLUS 1000 iterations, so each time the number of iterations changes.
The idea is you NEED THE ORIGINAL KEY to break it.
I'm fully convinced that all off the shelf encryption is now compromised, at least for symmetrical. There was a known bug in the random number generator of (I believe) BSAFE which was repeatedly identified, and ignored, and was later discovered to be a backdoor.
And in fact, yes:
https://en.wikipedia.org/wiki/BSAFE
First paragraph.
The Soviets had something similar to DES, but they had more more rungs, and the S-Boxes changed based on the key. Understanding the math is a good thing, but difficult, but making it so that the math CHANGES constantly, that's an exponentially more difficult problem. The trick I think today is making it very difficult for hardware solutions to solve the problem. If you have an algorithm that wastes a couple thousand cycles to decrypt, that's not a big deal for a known key, but for guessing a key, it makes the problem exponentially more difficult.
We hear about side attacks where the sound of a chip, or the EM frequencies can help decrypt the key, that's bullshit. You'd need a device next to the encryption device to do this, and if you have access to the machine, you basically can bypass all the encryption. The intelligence agencies are constantly trying to make us think they are geniuses, when in reality, they engage in subterfuge. The easiest way to get a key, is to put a camera on your keyboard, and watch you type it.
BTW: ever notice that when you read a book on security, you are CONSTANTLY warned not to implement it yourself? Why not? It's pretty easy to check it is accurate, if you encrypt with your implementation and can decrypt with an off-the-shelf solution, you don't have a bug. How could you? Why are they CONSTANTLY telling you not to roll your own? Well, any side attacks known won't work on your roll your own version, and you might be using a truly good random number generator. Can't have that!!!
Let's remember that Kevin Mitnick stole a bunch of information (presumably) and used his own encryption to secure what he had. He refused to give up the key, and the intelligence agencies couldn't break it - didn't save him from prison though. I'm pretty convinced that most off the shelf crap is compromised. Security is very hard, however, I believe the algorithms are strong, the implementations are weak.
14
Patrick
2023 Jan 17, 8:19pm
Patrick
2023 Jan 17, 8:19pm
https://reinettesenumsfoghornexpress.substack.com/p/how-county-health-and-human-services
The federal government should NEVER have access to medical records. Not even for prisoners or the military, imho.
Reinette Senum interviews a NorCal county worker whistleblower and exposes how Covid-blood-money is funneled from the Federal HHS to individual states’ Department of Health Care Services (DHCS), ultimately to be distributed to all the counties to create this electronic statewide healthcare record system. This will allow all government and its agencies, schools, clinics, higher education, law enforcement -and more- access to your medical records, including mental health, 24/7 and without your consent or knowledge.
To some, this may seem innocuous. But in the era of “abuse of power,” lack of government transparency, and the dystopian specter of China’s Social Credit system, one quickly realizes this is a slippery slope.
By design, Covid is the driving mechanism and justification for installing this personally invasive digital medical system.
The federal government should NEVER have access to medical records. Not even for prisoners or the military, imho.
16
fdhfoiehfeoi
2023 Aug 9, 12:10pm
fdhfoiehfeoi
2023 Aug 9, 12:10pm
I was once again able to setup a move without giving our real info to anyone outside the property manager. Trash, water, electric and internet all think I'm someone else. It has gotten a bit harder and electric company requested I send them a copy of a photo ID, but the rest asked for little or no documentation.
You will always have as much privacy and freedom as you're willing to fight for.
You will always have as much privacy and freedom as you're willing to fight for.
19
WookieMan
2023 Oct 13, 2:27pm
WookieMan
2023 Oct 13, 2:27pm
NuttBoxer says
How do you get your bills? Online? Do you get mail? It doesn't matter what you give the utilities. They know who you are. If you have a drivers license they all know who you are and you're easily findable. Finding any American is trivial. It's not hard. First and Last name and I can find where anyone is living currently within the last 30-60 days. It's easy.
I get there are sites that make you feel good that you can hide your identity. They're lying to you. They want clicks and ad revenue. They're worse than what you're hiding from. I've yet to be unable to find a primary residence of a human that I have a name for. That's it. No location. No family members. It's not difficult. Us cash and do all that other shit. I can find anyone with a name and address even if fake. It's not difficult.
You will always have as much privacy and freedom as you're willing to fight for.
How do you get your bills? Online? Do you get mail? It doesn't matter what you give the utilities. They know who you are. If you have a drivers license they all know who you are and you're easily findable. Finding any American is trivial. It's not hard. First and Last name and I can find where anyone is living currently within the last 30-60 days. It's easy.
I get there are sites that make you feel good that you can hide your identity. They're lying to you. They want clicks and ad revenue. They're worse than what you're hiding from. I've yet to be unable to find a primary residence of a human that I have a name for. That's it. No location. No family members. It's not difficult. Us cash and do all that other shit. I can find anyone with a name and address even if fake. It's not difficult.
20
Maga_Chaos_Monkey
2023 Oct 13, 2:40pm
Maga_Chaos_Monkey
2023 Oct 13, 2:40pm
Okay, I'll bite: Jennifer Warren. Last seen Slidell LA 1990. ~50 years old now. (extra info so I'm sure you can do it)
21
Patrick
2024 Feb 6, 2:08pm
Patrick
2024 Feb 6, 2:08pm
https://slaynews.com/news/tax-preparation-firms-facebook-extraordinarily-sensitive-personal-data-report/
The tax-prep companies—TaxAct, H&R Block, and TaxSlayer—are said to have “shared millions of taxpayers’ data with Meta, Google, and other Big Tech firms” using computer code known as pixels, according to the report by congressional Democrats.
Pixels are used across the Internet as pieces of code on websites that are used to gather information about visitors.
Companies, such as advertisers, use that information to understand the website users’ interests and behaviors.
“Tax-prep companies shared extraordinarily sensitive personal and financial information with Meta,” the report said.
Collected data include names, tax information, and details of dependents among others. ...
The data of users were collected via Meta Pixel and Google Analytics.
TaxAct’s Meta Pixel deployment collected the following information on taxpayers:
full names
email address
country
state
city
zip codes
phone numbers
gender
date of birth
filing status
approximate adjusted gross income
approximate refund amount
names of dependents
buttons clicked online
web browser used
In addition, TaxAct used another Meta tool to collect indicators of whether a taxpayer was the head of the household, had certain assets, investment income, mortgage interests, standard deductions, charitable contributions, Schedule Cs, and student loan interest. ...
TaxAct collected “substantially similar” data using Google Analytics.
“H&R Block and TaxSlayer also revealed an extensive list of data shared via the Meta Pixel, including transmitting information on whether taxpayers had visited pages for many revealing tax situations, such as having dependents, certain types of income (such as rental income or capital gains), and certain tax credits or deductions,” the report said.
Taxpayer privacy laws contain penalties for violating the rights of those who pay taxes, including large fines and potential jail time.
Tax preparers are required to obtain written consent from the taxpayer before disclosing their tax return information to a third party.
The report notes that, by handing over such data to Meta and Google, the three tax-prep firms violated the law.
Violation of the law comes with criminal penalties of up to $1,000 per instance as well as jail time of up to a year.
Since the companies shared the data of millions of taxpayers, they could be on the hook for billions of dollars in potential criminal liability
22
WookieMan
2024 Feb 6, 2:49pm
WookieMan
2024 Feb 6, 2:49pm
Patrick says
The IRS shares all your information. lol. Did you guys not know this? You won't get SS#'s but you can get name and income information. How do you think you get marketing mailers from national brands that you never used? They know what you're worth and if it's worth the time marketing to you for the sale. It's not always EDDM.
We'd buy data for renters in an attempt to get buyers that looked like they had good income. In hopes we could double side a listing we had nearby that they could afford.
I don't and will never dox anyone. I know where multiple active users live on this site. I like not being behind bars, so no worries. I'm not hunting down names to try and prove a point. My real estate days are done and so is my access to paid services to find people. It's easier than you'd think...
The tax-prep companies—TaxAct, H&R Block, and TaxSlayer—are said to have “shared millions of taxpayers’ data with Meta, Google, and other Big Tech firms” using computer code known as pixels, according to the report by congressional Democrats.
The IRS shares all your information. lol. Did you guys not know this? You won't get SS#'s but you can get name and income information. How do you think you get marketing mailers from national brands that you never used? They know what you're worth and if it's worth the time marketing to you for the sale. It's not always EDDM.
We'd buy data for renters in an attempt to get buyers that looked like they had good income. In hopes we could double side a listing we had nearby that they could afford.
I don't and will never dox anyone. I know where multiple active users live on this site. I like not being behind bars, so no worries. I'm not hunting down names to try and prove a point. My real estate days are done and so is my access to paid services to find people. It's easier than you'd think...
24
WookieMan
2024 Feb 6, 3:33pm
WookieMan
2024 Feb 6, 3:33pm
RC2006 says
I use TurboTax and give no shits. If there's data on a server someone is getting it. Even if you file via mail. Scanning tech is crazy perfect so that's not even fool proof.
I'm not saying give up, but if you were born here you have no privacy. Doesn't matter what you do. Unless you were born to hunter foragers that somehow owned land without giving up any information, you're a known commodity.
What do most of you use for taxes?
I use TurboTax and give no shits. If there's data on a server someone is getting it. Even if you file via mail. Scanning tech is crazy perfect so that's not even fool proof.
I'm not saying give up, but if you were born here you have no privacy. Doesn't matter what you do. Unless you were born to hunter foragers that somehow owned land without giving up any information, you're a known commodity.
25
stereotomy
2024 Feb 6, 4:11pm
stereotomy
2024 Feb 6, 4:11pm
I moved from TX to NY (I know, WTF????!!!) and had to set up gas service. They wanted my SSN, I said I didn't have to give it to them, and that furthermore it is (or was?) a Federal crime for a business to require a SSN as a condition of service (there are of course exceptions like banks, financial companies). They made me go down to the central office to apply in person. Since I worked nearby, that was no problem. They demanded the SSN again, and the same exchange occurred. I finally warned them "I hope you haven't been illegally coercing all your customers to provide SSN's, because you are exposing yourself to massive class-action liability."
Needless to say, they main office was almost to a woman a diversity hire. They hemmed and hawed for almost 30 minutes, before relenting and setting me up for gas service. They finally said, "We need the SSN to track you down in case you don't pay." I said "No, you want my SSN to make it easier for yourselves - you'll just have to do it the old fashioned way with me." What a bunch of incompetents.
In contrast, the electric utility just said, "Fine, no SSN, we need a $100 deposit (refundable once I terminate service in good standing)." That's what those idiots at the gas company couldn't even remember.
Needless to say, they main office was almost to a woman a diversity hire. They hemmed and hawed for almost 30 minutes, before relenting and setting me up for gas service. They finally said, "We need the SSN to track you down in case you don't pay." I said "No, you want my SSN to make it easier for yourselves - you'll just have to do it the old fashioned way with me." What a bunch of incompetents.
In contrast, the electric utility just said, "Fine, no SSN, we need a $100 deposit (refundable once I terminate service in good standing)." That's what those idiots at the gas company couldn't even remember.
26
fdhfoiehfeoi
2024 Feb 6, 6:27pm
fdhfoiehfeoi
2024 Feb 6, 6:27pm
WookieMan says
Online, and mail, to my real address of course. But not in my real name.
We've played this game before, and you keep losing. Feel free to identify me and send the details to Patrick. I'll confirm. Not the first time I've said this, not the first time you've said that. And the score hasn't changed, you still don't know shit about me.
And I do get mail in my real name, but never, EVER to my real address.
How do you get your bills? Online? Do you get mail?
Online, and mail, to my real address of course. But not in my real name.
We've played this game before, and you keep losing. Feel free to identify me and send the details to Patrick. I'll confirm. Not the first time I've said this, not the first time you've said that. And the score hasn't changed, you still don't know shit about me.
And I do get mail in my real name, but never, EVER to my real address.
27
fdhfoiehfeoi
2024 Feb 6, 6:33pm
fdhfoiehfeoi
2024 Feb 6, 6:33pm
WookieMan says
Since I started protecting my privacy, never get these, and my income isn't low.
How do you think you get marketing mailers from national brands that you never used?
Since I started protecting my privacy, never get these, and my income isn't low.
28
fdhfoiehfeoi
2024 Feb 6, 6:40pm
fdhfoiehfeoi
2024 Feb 6, 6:40pm
stereotomy says
Most utilities do ask for one, but not all. If you don't want to give yours, just make sure the one you use doesn't tie back to a real person. JJ Luna lists one in his book you can safely use, only $6 for hardcover. They use it to run credit, and if you don't check out, you just pay a refundable deposit. But certainly not required. In fact, most information on a form isn't required, or can be faked. People always assume you are telling the truth, and often don't care what info you give them.
In contrast, the electric utility just said, "Fine, no SSN, we need a $100 deposit (refundable once I terminate service in good standing)." That's what those idiots at the gas company couldn't even remember.
Most utilities do ask for one, but not all. If you don't want to give yours, just make sure the one you use doesn't tie back to a real person. JJ Luna lists one in his book you can safely use, only $6 for hardcover. They use it to run credit, and if you don't check out, you just pay a refundable deposit. But certainly not required. In fact, most information on a form isn't required, or can be faked. People always assume you are telling the truth, and often don't care what info you give them.
29
fdhfoiehfeoi
2024 Feb 6, 6:59pm
fdhfoiehfeoi
2024 Feb 6, 6:59pm
So I've promoted Vanilla gift cards before as a way to stay anonymous. But something has changed. They cards look different, and are missing the full barcode on the back. I can't get these new cards to work at any physical location. Even places where the old cards work fine. Not sure if they've changed all the vanilla gift cards, or it's just the place I buy from. Also my trash company stopped accepting them after January. Ironically the larger national company that also services my address took them no problem.
It's getting harder to maintain privacy, but just makes the game more fun for me.
It's getting harder to maintain privacy, but just makes the game more fun for me.
30
WookieMan
2024 Feb 6, 10:05pm
WookieMan
2024 Feb 6, 10:05pm
NuttBoxer says
So you rent and didn't have your credit pulled? Don't have a home loan? You did one or the other or you moved into a relatives house. The 3rd option is the only one your info cannot be found kind of.
I have no interest in doxxing people. Patrick is the only one that even knows my first name. I don't want this site to turn into that shit. People have been screwed before here. I'm not that guy. I respect your privacy, but just know you don't have it. If I wanted to find you, even from this site, I could. Understand the law. Hence why I'd never dox a person here. Disagreements aside I do have respect for you guys and I assume the occasional gal.
I may come across as a know it all dick, but I'm not lying. Words on the internet don't hurt me, though I'll argue. I'm not going to dox anyone to prove a point in an argument. We've literally had a murder from something posted on this site. Not anyone's fault. Just banter and a crazy husband. I like not knowing you guys. At some point I will cross paths with one of you. It will be good. Likely random since I live in IL and most of you are out west. I will meet one of you on accident.
Online, and mail, to my real address of course. But not in my real name.
So you rent and didn't have your credit pulled? Don't have a home loan? You did one or the other or you moved into a relatives house. The 3rd option is the only one your info cannot be found kind of.
I have no interest in doxxing people. Patrick is the only one that even knows my first name. I don't want this site to turn into that shit. People have been screwed before here. I'm not that guy. I respect your privacy, but just know you don't have it. If I wanted to find you, even from this site, I could. Understand the law. Hence why I'd never dox a person here. Disagreements aside I do have respect for you guys and I assume the occasional gal.
I may come across as a know it all dick, but I'm not lying. Words on the internet don't hurt me, though I'll argue. I'm not going to dox anyone to prove a point in an argument. We've literally had a murder from something posted on this site. Not anyone's fault. Just banter and a crazy husband. I like not knowing you guys. At some point I will cross paths with one of you. It will be good. Likely random since I live in IL and most of you are out west. I will meet one of you on accident.
31
fdhfoiehfeoi
2024 Feb 7, 10:48am
fdhfoiehfeoi
2024 Feb 7, 10:48am
No one's asking you to dox anyone. Is that your excuse to not deliver? I can give you a temp email to send the data to, just send enough to prove your point, nothing more.
I believe my credit was run, but you won't find that as helpful as you think. Those temp emails don't have long life for viewing messages, so let me know when you have something, I'll give you the address, either here, or through Patrick.
I believe my credit was run, but you won't find that as helpful as you think. Those temp emails don't have long life for viewing messages, so let me know when you have something, I'll give you the address, either here, or through Patrick.
32
Patrick
2024 Aug 17, 11:52am
Patrick
2024 Aug 17, 11:52am
If you use Brave Browser, you can disable Javascript and make exceptions only for sites you like.
That will cut out a tremendous amount of advertising, popups, etc, as well as protecting you from Google and Facebook spyware, which is usually Javascript.
I was using Little Snitch on the Mac to block all Google and Facebook domains, but since I was forced to upgrade my OS to keep Brave browser working with Substack, Little Snitch demanded $50 to upgrade along and I refused.
But I found something pretty much as good: disable javascript for all sites except those you trust or really need:
Brave -> preferences -> Privacy and Security -> Site and Shields Settings -> JavaScript -> Don't allow sites to use JavaScript
Then below that, you can add sites you need:
It is a bit annoying to have to turn on javascript for sites you need that fail without it, but after a while the changes settle down as you accumulate permission for sites you need and you generally don't need to worry about it.
That will cut out a tremendous amount of advertising, popups, etc, as well as protecting you from Google and Facebook spyware, which is usually Javascript.
I was using Little Snitch on the Mac to block all Google and Facebook domains, but since I was forced to upgrade my OS to keep Brave browser working with Substack, Little Snitch demanded $50 to upgrade along and I refused.
But I found something pretty much as good: disable javascript for all sites except those you trust or really need:
Brave -> preferences -> Privacy and Security -> Site and Shields Settings -> JavaScript -> Don't allow sites to use JavaScript
Then below that, you can add sites you need:
It is a bit annoying to have to turn on javascript for sites you need that fail without it, but after a while the changes settle down as you accumulate permission for sites you need and you generally don't need to worry about it.
33
WookieMan
2024 Aug 17, 12:35pm
WookieMan
2024 Aug 17, 12:35pm
fdhfoiehfeoi says
I love it when people are proven wrong on a forum, change their username and run. Happens a lot here. I know this is an older comment I missed. If anyone is worried about privacy, I just wouldn't use the internet. Pretty simple. Or use a phone. Get mail. Have an address. Be alive with a SS card. Work a job. Drive a car. Get an ID. Go to the doctor. Have a pet. File taxes. Open a bank account. Have family. Vote. Fill out a census form.
Yeah... everyone does ALL of these things. You have no privacy. You can do things, but what I just listed is a starting point. Good luck. You'll be walking everywhere, with no job, no medical care and the IRS would likely be after you. Yeah, that's called being homeless. Enjoy that "private" life.
No one's asking you to dox anyone. Is that your excuse to not deliver? I can give you a temp email to send the data to, just send enough to prove your point, nothing more.
I love it when people are proven wrong on a forum, change their username and run. Happens a lot here. I know this is an older comment I missed. If anyone is worried about privacy, I just wouldn't use the internet. Pretty simple. Or use a phone. Get mail. Have an address. Be alive with a SS card. Work a job. Drive a car. Get an ID. Go to the doctor. Have a pet. File taxes. Open a bank account. Have family. Vote. Fill out a census form.
Yeah... everyone does ALL of these things. You have no privacy. You can do things, but what I just listed is a starting point. Good luck. You'll be walking everywhere, with no job, no medical care and the IRS would likely be after you. Yeah, that's called being homeless. Enjoy that "private" life.
34
Patrick
2024 Aug 18, 4:22pm
Better yet: make up bullshit answers to all of them, different ones for each website, and write them down so you can use them later if need be.
Patrick
2024 Aug 18, 4:22pm
Better yet: make up bullshit answers to all of them, different ones for each website, and write them down so you can use them later if need be.
TLDR: Nothing is safe, for complete privacy, move inna woods and live like a caveman
TLDR2: If you're not a glowie, currently the most private setup is to have a 2nd hand laptop, running non-persistent Tails on starbucks wifi. Never use your home internet, real name, don't reuse usernames or passwords. Memorise as much as possible, don't write shit down anywhere.
Ok, so for most of us that isn't possible. However I do see a lot of posts on this forum that are, unfortunately, wrong, or at least unintentionally misleading, so I want to try clear things up a bit.
Specifically, questions like "best VPN", "best cloud storage" etc. seem to come from people who are quite new to online privacy, and tend to come from the wrong mindset. Namely, that any data you store on networked hardware, or anything 'cloud', then you must assume that it has been harvested by LE and will be available for them to review at any point in the future. The old adage of "there is no cloud, it's just someone elses computer" applies here.
Are you a fat pedo with 100TB of CP? Are you a darknet heroin seller? Are you a journalist in China? Are you a (god forbid) free-thinking citizen who does not 100% agree with the current narratives?
This matters, and does dictate the level of opsec you need to implement.
IF YOU ONLY CLICK ONE LINK, MAKE IT THIS ONE This is quite a comprehensive guide, which covers most privacy basics -
https://anonymousplanet.org/guide.html
KICK JACK & ZUCK OUT OF YOUR LIFE FOR GOOD List of alternatives to big tech platform, fediverse etc
https://wiki.techxodus.org/en/home
and
https://gitlab.com/FSMdotCOM/foss-front-ends-and-alternatives
If you have more time, understand that cybersec is always evolving faster than any individual can keep up with. Get to know the history of the field, the motivations of LE which make our lives oh so wonderful, and learn how to mitigate against them.
These are good places to start:
https://en.wikipedia.org/wiki/Global_surveillance
https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects
https://en.wikipedia.org/wiki/ECHELON
I'M NOT A CRIMINAL THOUGH neither were Charlie Chaplin, Princess Di or John Lennon... but they're on this list:
https://en.wikipedia.org/wiki/List_of_people_under_Five_Eyes_surveillance
INCENSER, aka intercepting traffic from the backbone of the internet
https://www.electrospaces.net/2014/11/incenser-or-how-nsa-and-gchq-are.html
DARKWEB Safer - never use JS, never maximize the Tor window, assume that one day you'll be caught anyway. Not going to hold your hand here but d/Opsec is a good place to start.
(Edit: There was another subdread (d/DNMbusts) that had lots of useful info but it appears to have been deleted. However, the general idea of looking how people have been caught and mitigating against those methods is a useful one, and lots of useful info can be found on this on the clearnet.)
Start here, you're on your own from there on -
dark.fail
or its DN address:
darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion
Even then, you're not safe, know that a lot of universities, LE and other people that don't know how to have fun spend a lot of time trying to 'disrupt' the dark web.
Pastebin link discussing how people are deanon'd on the DN:
https://zerobin.net/?e7bb1676c24b4bda=#kZhNYD3L8zfBYE/5nNfv86eZLPw+crCtb3TkP0T7v4w=
and how this was done:
https://zerobin.net/?5381524b75d99885=#krVptUhQzB1fkFaGW6HhfEvAAGtUh6QGtHr7jTxggpY=
Using AI to track people in TOR:
https://news.mit.edu/2019/lincoln-laboratory-artificial-intelligence-helping-investigators-fight-dark-web-crime-0513
Shit can, and will, come around to bite you in the ass. Here's a guy that got sentenced in 2021 for doing something in 2011:
https://cointelegraph.com/news/alleged-366m-bitcoin-mixer-busted-after-analysis-of-10-years-of-blockchain-data
Understand the importance of FUD and the emotional techniques behind it - you can only defend yourself against it if you know what it is and how it works.
FREE SOFTWARE Only use open source software you can audit yourself. If you absolutely need to open a binary, scan it with something like Malwarebytes, open it in a VM, run it through Ghidra, thanks to the boys at the NSA
https://github.com/NationalSecurityAgency/ghidra
That's all I have for now. Please let me know if I got anything wrong, feel free to share this. (If you really want to know, I think Mullvad is the best VPN). Also happy to answer any questions, but just know that I'm no cybersec professional, just a retard with a keyboard
And remember - you just run them over
https://invidious.namazso.eu/watch?v=AbG6u86t4bA
Edit: Thanks for providing more useful links in the comments.
I'll keep adding useful links as I find them too, they are:
List of companies that aren't pozzed by communists: https://www.cancelthiscompany.com/News-Alt-Tech-Outlets.html
Another useful site with lots of general info: https://www.privacytools.io/