Cybersecurity and Privacy
Internet tracking has evolved beyond the simple cookies and script to recognize who you are. Today AI who monitors your browsing “fingertip”. Everyone who browses over the Internet automatically is documented and cataloged based on their preferences. As a simple example: you wake up at 8 am and browse Facebook until 9:15 am every day. The AI will learn this behavior and identify you later on based on specific parameters about you no matter where you are and what you use.
“Nothing to hide” is irrelevant. Privacy is a right granted to individuals that underpins the freedoms of expression, association and assembly; all of which are essential for a free, democratic society. East Germany is the most extreme example of a surveillance state in history. The Stasi — its infamous security agency — employed 90,000 spies and had a network of at least 174,000 informants. The Stasi kept meticulous files on hundreds of thousands of innocent citizens and used this information to psychologically harass, blackmail and discredit people who became dissenters. But that was before the internet. Reflecting on the NSA’s current systems of mass surveillance, a former Stasi lieutenant colonel said: “for us, this would have been a dream come true”.
And then you have AI that is learning your every movement.
AI Now 100p White paper from the NYU Anduril Industries, a technology company that recently replaced Google on a Project Maven Department of Defense contract developing AI-based surveillance systems and that also produces autonomous drones,286 now provides solar-powered “sentry” towers for the Customs and Border Protection (CBP) agency.
How to fight?
I have been researching this topic for at least 10 years now, and I want to share some of my knowledge here. I’m no Infosec but just very passionate about. Some of the below is used by chinese protesters, russian freedom journalists or oppressed groups.
The best strategy for privacy should be compartmentalization. Don’t mix crap together, every tool and system should only run on a minimum need basis, and have access only to a it’s minimum needs, don’t give them more privileges and access than it’s necessary to run it. This means no dual boot, not mixing the USB sticks and SD cards of your personal data with your public data, use color labeling and things like that to keep stuff compartmentalized. Have multiple online personas/accounts for Reddit, Twitter, VK etc.
- Never reuse passwords, and change them on a regular basis, especially the ones that you use frequently, since any malware attack on a website could expose it.
- Never reuse online usernames, and keep online identities separate as well, and compartimentalized.
- Use temporary emails
- If you have public Wifi access near you then you should use those often but only through a VPN + HTTPS connections, since Wifi’s can definitely be honeypots, so heavy encryption is needed there. You should also randomize your MAC address when using Public Wifis for extra privacy.
- Only Firefox or GNU Icecat, Firefox might also need some hardening. Use these addons uBlock Origin, Privacy Badger, HTTPS Everywhere, ClearURLs
- Get a good VPN for regular browsing but remember to buy one. And buy one from a company that is not registered in your country. Why VPN is not enough or Tor Browser or I2P for extra privacy.
- Get a good FOSS firewall, like ufw (gufw), and block all incoming connections, block any outgoing port except 80 and whatever your system might use for synching and update checks, enable them on a need basis, otherwise block every unused port.
- Get a good router, preferably one that can use openwrt, and reflash it with a FOSS firmware, and connect to the internet only through the router, and configure it the same way, enable all DDOS protections on the router, block unused ports, IP and MAC filtering if necessary and all other security features if it has. I would also disable WIFI, bluetooth and whatever other radio systems it has and only use WAN cables to connect to the internet. Otherwise anyone near your house could hack it.
- A good password manager like KeepassXC, you can also keep a list of bookmarks there, but I prefer with Firefox’s bookmark bar which can be exported/imported.
- Deploy a Docker within a browser
- You should cover your phone cameras
- Use 2 factor authentication! ALWAYS
- For extra privacy flash custom ROM on your phone without using Google services. Or GrapheneOS
- Use call recording, automatically encrypt and upload them to your cloud. Check your local laws!
- Use Signal app (Or Silence) as it provides privacy against on-the-wire monitoring
- Use bouncer app to revoke permissions
- Use burner phones and Never turn your burner on at home. Leave your main phone when you go out to meet your contact.
- Don’t use smart unlocks on your phone. Someone can force you to unlock your phone.
- Miclock that prevent your microphone to record
- Encrypt your phone
- Have a premium VPN
- For hardcore users:
Xposed, lataclysm (can’t hurt to hide location additionally and spoof network/sim/mnc code, etc), pmp (per app, fake mac addresses, fake imsi, etc), imei changer (randomly generated imeis), multiple sims (not associated with the same imei/tower), afwall (with multiples profiles), dns changed at OS level, xposed crc profile patch applied, VPN setup (in conjuction with AFwall), orbot for some apps, google removed, microg installed, pseudoGPS for location spoofing at os level, firefox browser with tweaks, scripts enabled, multiple web extensions (ublock, custom user scripts, decentralayzed, basically privacytools.io + more, randomly generated user id, i dont care about hiding my fingerprint if it keeps changing, every text i write online, this one too is randomely edited, errors inserted/and so on), instead of custom os shows a random real os to websites/google, yalp store instead of google store, sim editor for xposed, firewall settings are draconic.
- Always make sure your data is portable. If you have to run away for some reason, be it an incoming natural disaster, or some other reason, always have your data packed and ready to go. So something like a backpack with your backups, DVD’s and big enough to fit your laptop, so if SHTF you can just grab that and go. Never leave things to chances, because then you will make mistakes, you should be always ready for everything and safeguard your data.
- If you are worried that your home may be compromised — 6am raid by OMON — have a reinforced door that will allow you to act and Drill through the hard drives or use a USB killer
- Pickproof your door
- High security locks
- Use cash instead of cards whenever possible
- Buy or build IRglasses
- Camera detector
- RF detector
- Voice jammer
- USB condom
- Cloudfare Project Galileo
- IoT/Smart Devices I would recommend people to not use IoT and Smart devices.
- Security Cams not inside — 8 ways to hack your nest
- Have 2 PCs. One for your gaming/fun and one for business. Never mix the two, never use the same USB or SD cards. I would personally get a computer with EFI support and change it int the BIOS to EFI instead of UEFI. So for laptop a Thinkpad X series would be good or other ones that support coreboot. I would also get a Raspberry Pi 3 as a backup computer, it has ARM CPU and it’s more open source than regular desktop PC’s, and it can be a good backup one for various reasons and can also be used as a flashing station if you choose to go with the Libreboot road.
- OS: I would only use GNU/Linux based operating systems on the privacy computer. So just use a good enough and open source Linux Distro.
- For General Purpose OS:
- Fully Open-Source OS
- Extra Privacy & Security:
- Alpine Linux
- Linux Kodachi
- Qubes OS
Enable Hard Disk encryption at install (later it’s very hard) and use 2 separate passwords here, 1 for the Root Account of the OS and 1 for decrypting the hard drive. Needless to say that all of this info should be extremely carefully handled and hidden. I would also immediately install a MAC system like AppArmor,, and perhaps system vulnerability scanning tools, but only ones that are open source. You can also install ClamAV, on a Debian based distro if you want. Also install Bleachbit, to remove your metadata and cache files from the hard drive, it’s not as necessary if you have HD encryption enabled but still good practice to have a clean OS. If you want to further harden the OS, read and research these points. It would also be wise to replace all the applications in the OS with privacy friendly ones or configure them if they are not by default, just because the OS ships with a bunch of FOSS apps that doesn’t mean that they are privacy friendly, most of them can have telemetry or crash report enabled by default, if you want extra privacy, disable those.
- Deploy an ubuntu VM within a few minutes here
- Backups: For backups I would never use the cloud, today’s encryption standards might be broken with quantum computing, and most cloud providers store your data forever and hand it to the government and data brokers. So if possible avoid the cloud, but if you want to go with a reputable cloud provider, then still encrypt your data multiple times with different passwords and then upload it. I recommend Veracrypt for creating encrypted containers where you can put your sensitive data on it, and another layer of encryption with GnuPG with a different password, just to be sure. So you make a VC container with 1 password, put all your files in there, close it, and then encrypt the VC file with GPG again with a different password. Instead of using the cloud, I would buy a bunch of MicroSD cards and put it on them. So get like 10 SD cards, copy your backups on them, and hide them around your house, or possibly at your parent’s house or relative’s house if you fear that your house can burn down or flood or destroyed by earthquake.