[Fenix]

I'm big on privacy and having a private lifestyle and am creating this thread for us to share tips & advice on the right moves to do or not do, tools that work or don't, etc.

I'll start off by sharing my notes & links that I've compiled below. I haven't used all the apps mentioned so one of the goals of this thread is to get feedback from members who have tried & used them.

Online/Digital
File & Hard Drive Encryption
PC
TrueCrypt
- encrypt entire hard drive
- create virtual drive partition which is an encrypted file
- encrypt individual drive partitions (C: drive, D: drive, etc.)

Thumb Drives
Kingston Data Traveler
- comes in many sized from 8 to 256GB
- http://www.kingston.com/us/usb/encrypted_security
- http://www.kingston.com/us/usb/personal_business
- media.kingston.com/pdfs/DTFamily_US.pdf
- Data Traveler Locker+ G2
- DataTraveler Vault - Privacy
- DataTraveler Vault Privacy - Managed
- DataTraveler 4000
- DataTraveler 4000 - Managed

Mobile
WhisperCore
Cloudfogger
Cryptonite
BoxCryptor
Luks manager
Optio Labs
- created a custom version of Android that can control what can and cannot be accessed depending on location, network or running apps.

How To Encrypt Your Smartphone
- http://www.pcworld.com/article/242650/ho...phone.html

WhisperCore app encrypts all data on Android
- http://news.cnet.com/8301-27080_3-20043439-245.html

Notes on the implementation of encryption in Android 3.0
- http://source.android.com/tech/encryptio...ation.html

Built-in Encryption In Android
- go to Settings
- scroll down and click on 'Location & security settings'
- choose 'Data encryption'
- check 'Encrypt device data' or 'Encrypt memory card' to activate


Encrypted Backups
Flashback
- for Android

Web Browsing
Tor Bundle
- Aurora Browser
- Vidalia
- Tor Network
- uses OpenSSL for encryption
- encrypts messages in three layers (hence the onion analogy) on three hops/machines

Proxies
ProxyBlind
- http://www.proxyblind.org
- http://www.proxyblind.org/free-web-proxy/
- http://www.proxyblind.org/free-proxy.shtml

Proxyhttp.net
- list of free proxies

Sockslist.net
- list of free proxies

Proxy4Free.com
- http://www.proxy4free.com/list/webproxy1.html

HTTPTunnel.ge

Aplusproxy.com

ProxyWiki.org

MRP Proxylist
- http://proxylist.sakura.ne.jp

KProxy
- https://kproxy.com
- KProxy Agent
- https://kproxy.com/agent.jsp

Proxy4Free
- http://www.proxy4free.com

MegaProxy
- https://www.megaproxy.com/freesurf/

Zend
- zend2.com

Proxy
- proxy.org

Proxify
- proxify.com

SecureTunnel Xpress Web Proxy
- https://www.securetunnel.com/xpress

VectroProxy
- http://vectroproxy.com

https://www.megaproxy.com/freesurf/
http://www.anonr.com
http://www.samair.ru/proxy/
http://www.unblocked.org
http://www.youhide.com
http://www.bestamericanproxy.com
http://www.anonymouse.org
http://www.proxy4free.com
http://www.spysurfing.com

misc
Top Free Anonymous Web Proxy Servers
- http://compnetworking.about.com/od/proxy...sproxy.htm

http://www.similarsitesearch.com/alterna...kproxy.com

Anti Tracking Plugins
- DoNotTrackPlus
- Collusion
- Ghostery
- HTTPS-Everywhere
- Adblock Plus

Mobile Web
- Orbot
- Tor on Android
- OrWeb
- web browser on Android that uses Orbot
- GibberBot
- chat client on Android that uses Orbot

VPN
http://www.lifehacker.com/5759186/five-b...providers/

WiTopia
- http://www.witopia.net
VyprVPN
StrongVPN
proXPN
Ipredator

How To Make VPNs Even More Secure
https://torrentfreak.com/how-to-make-vpn...re-120419/

Which VPN Providers Really Take Anonymity Seriously?
https://torrentfreak.com/which-vpn-provi...ly-111007/
1. BTguard
2. Private Internet Access
3. TorrentPrivacy
4. TorGuard
5. ItsHidden
6. Ipredator
7. Faceless
8. IPVanish
9. AirVPN
10. PRQ
11. VPNReactor


Email
MailVault
- 4Mb freestorage
- uses PGP, can import PGP key

TrustTone Stealth Web Mail

File Fortress
- http://www.filefortress.com
- free edition can receive secure email but cannot compose secure email

S-Mail.com
- login page: https://mail.s-mail.com

HushMail
- ** read online that it can get compromised by law enforcement

GnuPG
- the GNU project's complete and free implementation of the OpenPGP standard
- http://www.gnupg.org
- http://www.gpg4win.org


Instant Messaging (IM)
Off-the-Record Messaging
- http://www.cypherpunks.ca/otr/

Silent Circle **found this via the forum
- https://silentcircle.com

Phone
Hushed app for Android
- lets Android owners create disposable, fake, fully functional phone numbers usable in 40 countries on five continents
- https://play.google.com/store/apps/detai...ed.release

Chat
Cryptocat
- http://www.Crypto.cat


Offline
- When traveling, I don't give out my hotel/address to anyone, especially a local, who asks where I'm staying.
- Also, once I'm past luggage claim, I remove my baggage tags and name/address tag.
- I don't reveal my future itinerary or plans in casual conversation with strangers/locals.

..I have more and will post them as I think of them and put them in writing.

[thegmanifesto]

I wish I even understood 10% of this stuff.

Quote:

Phone
Hushed app for Android
- lets Android owners create disposable, fake, fully functional phone numbers usable in 40 countries on five continents
- https://play.google.com/store/apps/detai...ed.release

Can you explain this a little?

[NuMbEr7]

How do you set up Truecrpyt? I tried to set up TrueCrypt on my hard drive once and failed miserably.

Is it possible to access all your files while they're encrypted?

Have you used Tor?

[Fenix]

(04-05-2013 04:56 PM)thegmanifesto Wrote:  

I wish I even understood 10% of this stuff.

Quote:

Phone
Hushed app for Android
- lets Android owners create disposable, fake, fully functional phone numbers usable in 40 countries on five continents
- https://play.google.com/store/apps/detai...ed.release

Can you explain this a little?

G - if you're familiar with the Burner app on iPhone, they are similar, and both are somewhat similar to Skype, where one can buy a local phone number that can be used temporarily or as needed, then disposed of. So say you're in Barcelona, you can buy multiple local phone numbers, give them out to different people and if you don't want someone calling you anymore, you just 'burn' that number.

FYI, I don't use this app as it's still new and unproven (one of the reasons I'm asking for feedback on them on this thread) and I'm not fully convinced how 'private' it is, but I have Skype and bought a 'Skype-In' phone number. When I have the Skype app running, anyone calling that number will make the Skype app ring then I can pick it up. Judging by screenshots on their website, the functionality is similar.

[Fenix]

(04-06-2013 12:04 PM)NuMbEr7 Wrote:  

How do you set up Truecrpyt? I tried to set up TrueCrypt on my hard drive once and failed miserably.

Is it possible to access all your files while they're encrypted?

Have you used Tor?

I have used TC on both my laptops - entire HD encrypted - and on my PC - drive partition encrypted without any problems. If you explain what was giving you the problem, I can try to help.

Yes, you can access all your files on the encrypted drive as long as the drive is currently 'mounted' in TC. I am using my laptop right now and every input/output activity on the HD is via TC.

I am using Tor and the Aurora browser right now to access the forum.

[NuMbEr7]

I couldn't even set up a partition. Do you have a link to a guide?

Have you ever been on the dark web?

[debeguiled]

Have you guys heard of this?

http://www.zerohedge.com/news/2017-11-29...as-written

Quote:

Imagine you are in the middle of your typical day-to-day activities. Maybe you are driving, spending time with family, or working. If you are like most people, your phone is at your side on a daily basis. Little do you know that, at any time, police and law enforcement could be looking at information stored on your phone.

Quote:

How? They use a shoebox-sized device called a StingRay. This device (also called an IMSI catcher) mimics cell phone towers, prompting all the phones in the area to connect to it even if the phones aren't in use.

The police use StingRays to track down and implicate perpetrators of mainly domestic crimes. The devices can be mounted in vehicles, drones, helicopters, and airplanes, allowing police to gain highly specific information on the location of any particular phone, down to a particular apartment complex or hotel room.

Quietly, StingRay use is growing throughout local and federal law enforcement with little to no oversight. The ACLU has discovered that at least 68 agencies in 23 different states own StingRays, but says that this "dramatically underrepresents the actual use of StingRays by law enforcement agencies nationwide."

Quote:

Little Regulation
Law Enforcement is using StingRays without a warrant in most cases. For example, the San Bernardino Police Department used their StingRay 300 times without a warrant in a little over a year.

In 2010, the Tallahassee Police Department used a StingRay in a warrantless search to track down the suspect of a crime. A testimony from an unsealed hearing transcript talks about how police went about finding their target. The ACLU sums it up well:

"Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood ‘at every door and every window in that complex’ until they figured out which apartment the phone was located in. In other words, police were lurking outside people’s windows and sending powerful electronic signals into their private homes in order to collect information from within."
A handful of states have passed laws requiring police and federal agents to get a warrant before using a StingRay. They must show probable cause for one of the thousands of phones that they are actually searching. This is far from enough.

Additionally, there are many concerns that agents are withholding information from federal judges to monitor subjects without approval - bypassing the probable cause standard laid out in the Constitution. They even go as far as to let criminals go to avoid disclosing information about these devices to the courts.

If the public doesn’t become aware of this issue, the police will continue to use StingRays to infringe on our rights in secret and with impunity.

[Running Turtles]

On Android, there are some guys working on a solution here: https://cellularprivacy.github.io/Androi...-Detector/

It's still very experimental and I can't get it to work on my phone, but it might be viable at a later time.

On another topic: Previous posts recommend using TrueCrypt, which is now discontinued. VeraCrypt (here: https://www.veracrypt.fr/en/Home.html) is one of the TrueCrypt successors and have a very good and free product. They recently had a security audit and came out fairly strong. Very similar to TrueCrypt and it's simple to use. The System Encryption is particularly strong and very easy to set up if you follow the guide and remember your password.

[The Beast1]

(11-29-2017 06:17 PM)debeguiled Wrote:  

Have you guys heard of this?

http://www.zerohedge.com/news/2017-11-29...as-written

Quote:

Imagine you are in the middle of your typical day-to-day activities. Maybe you are driving, spending time with family, or working. If you are like most people, your phone is at your side on a daily basis. Little do you know that, at any time, police and law enforcement could be looking at information stored on your phone.

Quote:

How? They use a shoebox-sized device called a StingRay. This device (also called an IMSI catcher) mimics cell phone towers, prompting all the phones in the area to connect to it even if the phones aren't in use.

The police use StingRays to track down and implicate perpetrators of mainly domestic crimes. The devices can be mounted in vehicles, drones, helicopters, and airplanes, allowing police to gain highly specific information on the location of any particular phone, down to a particular apartment complex or hotel room.

Quietly, StingRay use is growing throughout local and federal law enforcement with little to no oversight. The ACLU has discovered that at least 68 agencies in 23 different states own StingRays, but says that this "dramatically underrepresents the actual use of StingRays by law enforcement agencies nationwide."

Quote:

Little Regulation
Law Enforcement is using StingRays without a warrant in most cases. For example, the San Bernardino Police Department used their StingRay 300 times without a warrant in a little over a year.

In 2010, the Tallahassee Police Department used a StingRay in a warrantless search to track down the suspect of a crime. A testimony from an unsealed hearing transcript talks about how police went about finding their target. The ACLU sums it up well:

"Police drove through the area using the vehicle-based device until they found the apartment complex in which the target phone was located, and then they walked around with the handheld device and stood ‘at every door and every window in that complex’ until they figured out which apartment the phone was located in. In other words, police were lurking outside people’s windows and sending powerful electronic signals into their private homes in order to collect information from within."
A handful of states have passed laws requiring police and federal agents to get a warrant before using a StingRay. They must show probable cause for one of the thousands of phones that they are actually searching. This is far from enough.

Additionally, there are many concerns that agents are withholding information from federal judges to monitor subjects without approval - bypassing the probable cause standard laid out in the Constitution. They even go as far as to let criminals go to avoid disclosing information about these devices to the courts.

If the public doesn’t become aware of this issue, the police will continue to use StingRays to infringe on our rights in secret and with impunity.

Yes and there's absolutely nothing you can do about it. Even Running Turtle's post has questionable success detecting these. Mostly because the company only sells to police departments and of course those customers will never allow such a device to be used like that. You can bet however that the tools at Stingray are testing the app against it themselves to obscure it further.

The only safe solution is to connect to VPN into a server that you have physical ownership of and then use a VOIP app to dial through that. Don't bother renting service to some 3rd party, you just handed over all of your content to a man in the middle.

Treat all of your actions on the internet as trackable and do your best to obscure your activities Make it hard for someone to google your name. If you really want 100% privacy, get rid of your phone and get an old-fashioned flip phone and regularly swap and dump sims between the major carriers (verizon, t-mobile, att, and sprint). Avoid MVNOs because switching from Verizon to Virgin Mobile means diddly since you're technically still on Verizon.

[realRichardJohnson]

All in all, sound advice.

I use a shit ton of burner emails and aliases on social media, so in that sense its hard to google me.

The one problem I face are data mining sites
- Whitepages
- MyLife
- Intellius

Now, the information about me found on those sites isn't too in depth but it has my address and other shit Id rather not have online.

What are some recommendations to avoid having your info fall into these data miners hands?

Richard "Dick" Johnson

[Mr_Nobody]

(02-23-2018 06:08 PM)realRichardJohnson Wrote:  

All in all, sound advice.

I use a shit ton of burner emails and aliases on social media, so in that sense its hard to google me.

The one problem I face are data mining sites
- Whitepages
- MyLife
- Intellius

Now, the information about me found on those sites isn't too in depth but it has my address and other shit Id rather not have online.

What are some recommendations to avoid having your info fall into these data miners hands?

Richard "Dick" Johnson

Unfortunately, I think the only bulletproof way to prevent the data mining is to quit social media 100%.

[Mr_Nobody]

Here's my 0.02$ advice for the thread. Use this little nifty plugin, called Canvas Defender. The guys who make it have other cool IM related stuff.
http://www.multiloginapp.com

You can get the plugin for Firefox and Chrome as well.
https://addons.mozilla.org/en-US/firefox...rprinting/
https://chrome.google.com/webstore/detai...opadkifnpm

"Instead of completely blocking canvas fingerprinting, Canvas Defender add-on creates a unique and persistent noise that hides your real canvas fingerprint. This add-on protects you while browsing both in normal and private mode. With Canvas Defender you are in control to drop your spoofed identity anytime."

As a Information Security major, I'm fairly certain (If I can fucking remember) that almost all websites will take down what unique canvas fingerprint your browser is using, and can track you from site to site fairly easily in this fashion. This plugin detects fingerprint attempts and actually tells you right away, which is dope. It also spoofs your fingerprint. Good for privacy.

[Oz.]

Here is a good video for you guys, I think there was another thread on this elsewhere.

[realRichardJohnson]

@ porsche4k

“Quit social media”

I do not have any social media registered under my real name or email addresses. These data mining sites have my address and age range, stuff they wouldn’t find on social media.

Richard “Dick” Johnson

[IvanDrago]

Does anyone have experience with Opera's free VPN that is built in to the browser?

http://www.opera.com/computer/features/free-vpn

There is an app version on android as well.

https://play.google.com/store/apps/detai....vpn&hl=en

I am not sure if this tunnels just stuff like http and dns on android or if it will tunnel torrent traffic as well while running. Opera is now owned by a Chinese company so I would be concerned about sending any private data over it, but the browser itself seems to be a quick and easy way to protect your casual surfing habits from your local isp.

[Running Turtles]

(02-26-2018 11:44 PM)IvanDrago Wrote:  

Does anyone have experience with Opera's free VPN that is built in to the browser?

http://www.opera.com/computer/features/free-vpn

There is an app version on android as well.

https://play.google.com/store/apps/detai....vpn&hl=en

I am not sure if this tunnels just stuff like http and dns on android or if it will tunnel torrent traffic as well while running. Opera is now owned by a Chinese company so I would be concerned about sending any private data over it, but the browser itself seems to be a quick and easy way to protect your casual surfing habits from your local isp.

In general, never use a free VPN. Nothing is "free" and a VPN costs quite a bit of money to run. The Opera browser is "free" and the VPN is "free." How are they covering those costs? Most likely, your data is being sold or used somehow.

That might not be an issue for you, because you already identified your threat model: You want to conceal your surfing habits from your local ISP.

Any VPN will do that, and probably any free proxy. That doesn't mean that it's worth it though. A paid VPN is cheap and shouldn't be more than around $6 (€5) per month. Look for one that takes privacy seriously and is "logless". Here is a good selection: https://www.privacytools.io/#vpn

[IvanDrago]

(02-28-2018 06:50 AM)Running Turtles Wrote:  

In general, never use a free VPN. Nothing is "free" and a VPN costs quite a bit of money to run. The Opera browser is "free" and the VPN is "free." How are they covering those costs? Most likely, your data is being sold or used somehow.

That might not be an issue for you, because you already identified your threat model: You want to conceal your surfing habits from your local ISP.

Any VPN will do that, and probably any free proxy. That doesn't mean that it's worth it though. A paid VPN is cheap and shouldn't be more than around $6 (€5) per month. Look for one that takes privacy seriously and is "logless". Here is a good selection: https://www.privacytools.io/#vpn

I totally understand when anything is "free", "you" are the customer.

I was just wondering if anyone has any experience using Opera's VPN, particularly the clientless browser based one. I was just curious on the nuts and bolts of it.

My switch crapped out on me a few weeks ago so I don't have anything in the house that I can port mirror with right now. I will have to pick something up and throw wireshark on it and see what is going on. Was just looking for a quick answer

[realRichardJohnson]

Opera’s built in VPN is quite fast compared to most free VPNs.

If you just don’t want your ISP to snoop on you it’s a good choice but as someone before me said, don’t enter any sensitive info.

Richard “Dick” Johnson