rooshvforum.network is a fully functional forum: you can search, register, post new threads etc...
Old accounts are inaccessible: register a new one, or recover it when possible. x


Digital Privacy for the Neomasculine Man
#1

Digital Privacy for the Neomasculine Man

I was going to send this to my tribe members but realised it would have more value shared with everyone.

I don't think everyone is on the same page when it comes to privacy, so let me just put it in perspective:

We're all targets. And it's because we're linked to one of the most widely known anti-globalist groups in the world.

We've unveiled all their tricks and lies. Most other groups have just seen a small slice of truth each whether it be about traditional sex roles, or democracy, or egalitarianism, but we've uncovered the whole pie and put it on display for the whole world to feast on.

And after they've scammed the world for so long do you think they're going to take this lying down?

They've prepared to fight any opposition for years. They've paid for power in every way they can and today one of our foremost threats is global surveillance.

For example, Google, Microsoft, Facebook, Apple and a bunch of other companies have been in the NSA'S PRISM program for years being paid millions to share data.

These companies are pervasive. You are almost certainly using their software or hardware in your daily life. And because of that, you're at risk.

In any group you're part of, you have unique terminology only known to members of that group. Our corner of the internet has invented thousands of little memes and terminology.

We also know the NSA flag individuals based on the keywords used on social media or in email.

And they've also indirectly shown that they flag keywords said by users of their PRISM companies too, unless you believe stories like 'Google tipped off the police' is actually Google being vigilantes. [Image: rolleyes.gif]

We also known that our group has been targeted by the establishment.

This all means: everything you say on these platforms that has even a tiny dose of red pill in it, will have you flagged as a thought criminal.

Our beliefs aren't a formal crime (yet) but this information will be shared with people who have the ability to make our lives more difficult.

Government applications will take longer to process. Job prospects will seem to disappear overnight. Your information may be surreptitiously handed to a feminist to dox you.

After all, you're a scumbag rapist who wants to enslave women. You deserve it.

So what can you do to protect your privacy?

If you're still using any of these companies, stop immediately.

You can find replacements for everything at these links here, here and here.

Another note, in Roosh's secure messaging post he recommended Telegram, however I'd take it further and use Signal instead because it has more privacy, though it's compatible with less platforms. But if you have to settle for Telegram it's still better than WhatsApp as it's open-source and group chat data would only be shared with the pro-privacy developers, rather than Facebook-owned WhatsApp.

More privacy tips:
Use VPNs always. No need for your ISP to know that you're a thought criminal.
For especially sensitive information, use Tor.
Encrypt all your devices.
Only use open-source software. Ensure that hosts are zero-knowledge/there's end-to-end encryption.
Get rid of metadata from your files.
Never give out your real name or any identifying information.
Never cross-contaminate - new usernames, emails and passwords for everything. Use Spamgourmet and Bloody Vikings! to quickly create email addresses. Use KeePass to store all logins.
Only communicate sensitive information via encrypted channels or in-person.

In this day and age we've got to be completely anonymous until we can withstand anything they can throw at us.

And this is how we'll continue to grow, protected, in the shadows.
Reply
#2

Digital Privacy for the Neomasculine Man

+1 rep

--Dr. Kahn

Quote: (02-21-2016 10:11 PM)Valentine Wrote:  

I was going to send this to my tribe members but realised it would have more value shared with everyone.

I don't think everyone is on the same page when it comes to privacy, so let me just put it in perspective:

We're all targets. And it's because we're linked to one of the most widely known anti-globalist groups in the world.

We've unveiled all their tricks and lies. Most other groups have just seen a small slice of truth each whether it be about traditional sex roles, or democracy, or egalitarianism, but we've uncovered the whole pie and put it on display for the whole world to feast on.

And after they've scammed the world for so long do you think they're going to take this lying down?

They've prepared to fight any opposition for years. They've paid for power in every way they can and today one of our foremost threats is global surveillance.

For example, Google, Microsoft, Facebook, Apple and a bunch of other companies have been in the NSA'S PRISM program for years being paid millions to share data.

These companies are pervasive. You are almost certainly using their software or hardware in your daily life. And because of that, you're at risk.

In any group you're part of, you have unique terminology only known to members of that group. Our corner of the internet has invented thousands of little memes and terminology.

We also know the NSA flag individuals based on the keywords used on social media or in email.

And they've also indirectly shown that they flag keywords said by users of their PRISM companies too, unless you believe stories like 'Google tipped off the police' is actually Google being vigilantes. [Image: rolleyes.gif]

We also known that our group has been targeted by the establishment.

This all means: everything you say on these platforms that has even a tiny dose of red pill in it, will have you flagged as a thought criminal.

Our beliefs aren't a formal crime (yet) but this information will be shared with people who have the ability to make our lives more difficult.

Government applications will take longer to process. Job prospects will seem to disappear overnight. Your information may be surreptitiously handed to a feminist to dox you.

After all, you're a scumbag rapist who wants to enslave women. You deserve it.

So what can you do to protect your privacy?

If you're still using any of these companies, stop immediately.

You can find replacements for everything at these links here, here and here.

Another note, in Roosh's secure messaging post he recommended Telegram, however I'd take it further and use Signal instead because it has more privacy, though it's compatible with less platforms. But if you have to settle for Telegram it's still better than WhatsApp as it's open-source and group chat data would only be shared with the pro-privacy developers, rather than Facebook-owned WhatsApp.

More privacy tips:
Use VPNs always. No need for your ISP to know that you're a thought criminal.
For especially sensitive information, use Tor.
Encrypt all your devices.
Only use open-source software. Ensure that hosts are zero-knowledge/there's end-to-end encryption.
Get rid of metadata from your files.
Never give out your real name or any identifying information.
Never cross-contaminate - new usernames, emails and passwords for everything. Use Spamgourmet and Bloody Vikings! to quickly create email addresses. Use KeePass to store all logins.
Only communicate sensitive information via encrypted channels or in-person.

In this day and age we've got to be completely anonymous until we can withstand anything they can throw at us.

And this is how we'll continue to grow, protected, in the shadows.
Reply
#3

Digital Privacy for the Neomasculine Man

I used the term "oneitis" on Facebook a few times right after I took the red pill (about a year and a half ago).

So that's why I've had so much trouble finding gigs recently...
Reply
#4

Digital Privacy for the Neomasculine Man

I would add that you should vary your MAC addresses.

A MAC address is the unique, hardwired identifier for your ethernet or wifi receiver.
Buy a used laptop from France, and you get French advertisements, even if you've completely replaced all data on the computer, e.g. by changing the hard drive. This is because the MAC address hasn't changed, and it's been logged with advertisers.

Now, if a private company can maintain an automated dossier on your laptop's browsing interests, why can't an unfriendly government, or even a non-profit group?
What if a group like Antifa decided to dedicate themselves to professional doxxing, using advertisers' methods?

There's a simple program called macchanger that can create random MACs or randomised MACs within variables associated with a manufacturer. If you're using a device or internet connection that can be connected to your public identity, take a minute to change the hardware address before you connect to wifi.

Since ethernet and wifi have separate MAC addresses (it's specific to the connection,) you could have a computer with a split personality if you wanted. It'd be safer just to keep using randomised addresses, though.

---

If I used a tool like Aircrack-ng, I could obtain information from a wifi connection, such as the number of connected devices, the probable operating systems, and the probable brand of the device connected. This would be easiest with centralised public connections, like café wifi.
So If I saw one person with a Samsung and one person with an HP device, with a little research about the hardware used in these, I could connect the MAC addresses I see listed with specific people.

I could also find a wifi connection and crack its password within a few hours. If I idled in a car or van outside a house, I could crack the house wifi, and tell how many devices are connected - including how many phones.

Meaning, in this day and age, I can tell how many people are in the house.

The MAC addresses are distinct enough that I could also tell who is in the house, or at least be able to narrow it down.
I would be able to narrow things down pretty well even if they were all using separate internet connections and not just house wifi, because I could also estimate the distance by the strength of the signals involved.
This would mean that the people involved would practically be wearing tracking collars - if they weren't careful about their MAC addresses.
Reply
#5

Digital Privacy for the Neomasculine Man

Quote: (02-21-2016 10:11 PM)Valentine Wrote:  

Another note, in Roosh's secure messaging post he recommended Telegram, however I'd take it further and use Signal instead because it has more privacy, though it's compatible with less platforms. But if you have to settle for Telegram it's still better than WhatsApp as it's open-source and group chat data would only be shared with the pro-privacy developers, rather than Facebook-owned WhatsApp.

The problem with Signal is that you need to share your phone number to use it. That kind of strikes it out on the anonymity front, especially for meet ups. Phone numbers are too easily linked to real identities.

Also, the line below "Telegram" on the EFF's scorecard shows "Telegram (secret chats)". If using that feature, it scores just as well as Signal.
Reply
#6

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 06:25 AM)dispenser Wrote:  

I would add that you should vary your MAC addresses.

I don't think MAC addresses are a serious issue because they can't be used to track a person on the internet. A static MAC may be a problem if you think you have a stalker following you around, but that's a fringe case. Anyway, iPhones and the later versions of Android already do randomisation in order to prevent stores and malls from tracking their customers.

There are more significant issues from a privacy perspective, like website tracking services(eg. Google Analytics) and browser fingerprinting.
Reply
#7

Digital Privacy for the Neomasculine Man

While I support all efforts to protect ones privacy, it should be noted that if you're of interest to alphabet soup agencies there isn't anything you really can do to protect yourself except sort of completely disappearing off of the grid. That means no bank accounts, no cell phone, no computer, no job, no car, and pretty much avoiding modern civilization as a whole.

None of these solutions are truly safe. The whole act of "hiding yourself" makes you instantly more attractive to said security groups.

A few critiques on this:

More privacy tips:
Use VPNs always. No need for your ISP to know that you're a thought criminal. Unless you own the VPN, you're exposing yourself to MITM (man in the middle) attacks. Your VPN provider can now examine all of your data that passes through their server and easily duplicate encrypted data for cracking at a later date.
For especially sensitive information, use Tor. TOR exit nodes have occasionally been used by the NSA again in MITM attacks) http://motherboard.vice.com/read/how-the...-anonymity
Encrypt all your devices. Always smart
Only use open-source software. Ensure that hosts are zero-knowledge/there's end-to-end encryption. Have you personally gone through each line of code to ensure that nefarious data hasn't been added to the repository for the source of the software? http://www.zdnet.com/article/hacker-hund...-backdoor/
Get rid of metadata from your files. Smart, always get rid of this
Never give out your real name or any identifying information. Good advice
Never cross-contaminate - new usernames, emails and passwords for everything. Use Spamgourmet and Bloody Vikings! to quickly create email addresses. Use KeePass to store all logins. Good Advice
Only communicate sensitive information via encrypted channels or in-person. Again unless you've personally gone through each line of code to ensure that there isn't anything nefarious you're acting on assumptions. In person is far more difficult.

Finally, call me a wet blanket, but it doesn't matter how strong your network security is when social engineering is your weakest vector for attack.

Our most common enemies are tech illiterate SJWs and script kiddies. These two groups can easily infiltrate us using social engineering. No need for IBM super computers cracking 2048 RSA ciphers.

Edit: Sometimes, the simplest solutions are the best. Here's some actionable advice:

1. Change key details of your stories. Don't post exact details, but fudge them a bit. Obviously steer them so you're not embellishing and be honest. The group can smell a bullshitter.
2. From above, switch your usernames around
3. Use a burner email. A gmail account is fine. No one at Google will go out of their way to dox you. I have never heard of someone getting Doxxed from a sympathetic employee at Google, Paypal, and the like or from people using Google Analytics to expose folks. I have heard of people getting doxxed from information that they posted on the internet and doxxers used that information to find them. If you have a Linked in or FB set it so it is hidden from public searches.
4. Don't plan to do illegal things and then post about it on the internet. The government spy software will flag it and have a real life person follow up to make sure you're not serious.
5. Use Adblock Plus and make sure to disable "Allow non obtrusive ads". This will block Google Analytics amongst other ad tracking junk.

Our enemies are SJWs and their allies. Don't give them information.
Reply
#8

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 06:46 AM)DaveR Wrote:  

There are more significant issues from a privacy perspective, like website tracking services(eg. Google Analytics) and browser fingerprinting.

Can someone elaborate on exactly how this works? From my understanding, a cookie is just a .txt file in your browser that only the server that placed it there can see and retrieve. That is, if you visit RVF, RVF puts a cookie in your browser and the next time you visit RVF, the site can retrieve that cookie so that it knows you're a previous visitor along with some other details. However, the cookie does not tell RVF what other sites you have visited in the interim.

So how does something like Google Analytics work? Or more broadly, how does an entity like Google know what non-Google sites your browser has visited? I'm really curious about this, both for security and because I'm an amateur coder.
Reply
#9

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 06:30 AM)DaveR Wrote:  

Quote: (02-21-2016 10:11 PM)Valentine Wrote:  

Another note, in Roosh's secure messaging post he recommended Telegram, however I'd take it further and use Signal instead because it has more privacy, though it's compatible with less platforms. But if you have to settle for Telegram it's still better than WhatsApp as it's open-source and group chat data would only be shared with the pro-privacy developers, rather than Facebook-owned WhatsApp.

The problem with Signal is that you need to share your phone number to use it. That kind of strikes it out on the anonymity front, especially for meet ups. Phone numbers are too easily linked to real identities.

Also, the line below "Telegram" on the EFF's scorecard shows "Telegram (secret chats)". If using that feature, it scores just as well as Signal.

You can buy a new SIM card to register Signal, then toss it and put in your normal SIM card.

Secret chats can only be used on 1:1 chats, not group chats unfortunately. For 1:1 chats though it is as good as Signal.

Quote: (02-22-2016 06:46 AM)DaveR Wrote:  

Quote: (02-22-2016 06:25 AM)dispenser Wrote:  

I would add that you should vary your MAC addresses.

I don't think MAC addresses are a serious issue because they can't be used to track a person on the internet. A static MAC may be a problem if you think you have a stalker following you around, but that's a fringe case. Anyway, iPhones and the later versions of Android already do randomisation in order to prevent stores and malls from tracking their customers.

There are more significant issues from a privacy perspective, like website tracking services(eg. Google Analytics) and browser fingerprinting.

Agreed.

The Firefox extension Disconnect works well against trackers and Random Agent Spoofer is useful vs browser fingerprinting.

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

While I support all efforts to protect ones privacy, it should be noted that if you're of interest to alphabet soup agencies there isn't anything you really can do to protect yourself except sort of completely disappearing off of the grid. That means no bank accounts, no cell phone, no computer, no job, no car, and pretty much avoiding modern civilization as a whole.

Disagree. The three links I added have alternatives for all PRISM software and hardware.

If you're interested in a full NSA-proof strategy I don't think that's necessary. There's software available which is open-source and encrypted to allow us to still use computing devices, rather than going without.

Bank accounts will always be traceable true, cryptocurrency is your best bet if you want to hide all your financial happenings.

But this all depends on your threat model. There's far more stuff you can do to become full anonymous but it's a lot of extra work for little visible reward. However if you are being attacked by Anonymous/NSA etc then you should be relying on burner phones and a secure OS exclusively at the very least.

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Use VPNs always. No need for your ISP to know that you're a thought criminal. Unless you own the VPN, you're exposing yourself to MITM (man in the middle) attacks. Your VPN provider can now examine all of your data that passes through their server and easily duplicate encrypted data for cracking at a later date.

Better than sending your IP address/location/identity in the clear. The solution here would instead be to rotate VPNs regularly if you are at risk of being targeted. Or only use Tor depending on your threat model.

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

For especially sensitive information, use Tor. TOR exit nodes have occasionally been used by the NSA again in MITM attacks) http://motherboard.vice.com/read/how-the...-anonymity

Again, only if you're being actively targeted is this a risk. If you're forced to always use Tor and you happen to download a large file from a website without verifying it, then you're an idiot.

If that's your threat model you'd be downloading files from websites only within a virtual machine at the very least.

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Only use open-source software. Ensure that hosts are zero-knowledge/there's end-to-end encryption. Have you personally gone through each line of code to ensure that nefarious data hasn't been added to the repository for the source of the software? http://www.zdnet.com/article/hacker-hund...-backdoor/

I didn't say all open-source was trustworthy. Just that closed source software was untrustworthy. From there you should do your due diligence before sharing sensitive information via any software.

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Finally, call me a wet blanket, but it doesn't matter how strong your network security is when social engineering is your weakest vector for attack.

Our most common enemies are tech illiterate SJWs and script kiddies. These two groups can easily infiltrate us using social engineering. No need for IBM super computers cracking 2048 RSA ciphers.

Thing is, the only attack point they should be able to reach you with is a PM or email. You should know not to trust any attachment you receive from a stranger.

Most people are hacked via social engineering but if you compartmentalise your online aliases (i.e. your RVF identity isn't linked to any of your other accounts) then this is unlikely for anybody here. If you have any possible scenarios though I'd like to hear so we can brainstorm solutions.
Reply
#10

Digital Privacy for the Neomasculine Man

All nonsense.

This is the most secure form of communication for us now

[Image: type-string-use-tin-can-telephone_9aac6f56279057ce.jpg]
Reply
#11

Digital Privacy for the Neomasculine Man

I can recommend TOR Browser for anonymous browsing.
For anon chatting on a computer, I recommend Ricochet, it's a messenger that send chats through TOR.
https://ricochet.im/ If you would like to test it, my current address is:
ricochet:mysr6l5to5wuwwwe
Reply
#12

Digital Privacy for the Neomasculine Man

I realised I have used the word 'target' differently between both posts.

1) In the original post when I say "we're all targets" I mean that any crimethink and terminology we use will be flagged on all platforms. The solution here is to communicate via encrypted channels only or in-person.

2) In my reply when I say "you're at risk only if you're being targeted" I mean that you're at risk only if a high-powered entity with the ability to hack you has taken an interest in specifically you, and will go to lengths to reveal your identity.

In this case if you have followed proper compartmentalisation you can only be attacked via PM, email or the RVF server will be hacked.

If the RVF server is hacked, they will have your IP address (which is why you should always use a VPN at the very least). They can to go to your VPN to get logs, but won't be able to if you have a VPN in a privacy-friendly country like Sweden. If you think they are willing to hack or push legally relentlessly against your VPN provider to get your IP address, then you should be using Tor instead.
Reply
#13

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 06:58 AM)Fast Eddie Wrote:  

Quote: (02-22-2016 06:46 AM)DaveR Wrote:  

There are more significant issues from a privacy perspective, like website tracking services(eg. Google Analytics) and browser fingerprinting.

Can someone elaborate on exactly how this works? From my understanding, a cookie is just a .txt file in your browser that only the server that placed it there can see and retrieve. That is, if you visit RVF, RVF puts a cookie in your browser and the next time you visit RVF, the site can retrieve that cookie so that it knows you're a previous visitor along with some other details. However, the cookie does not tell RVF what other sites you have visited in the interim.

So how does something like Google Analytics work? Or more broadly, how does an entity like Google know what non-Google sites your browser has visited? I'm really curious about this, both for security and because I'm an amateur coder.

Website owners add Google Analytics to their pages for traffic analysis purposes. Each time you visit a page with GA installed your browser also makes a connection to Google and sends details about which page it's accessing, IP address and a lot of other details. Google stores that information in a database and summarises it for each website owner. But because GA is installed on so many websites (I would guess at least 80% based on my browsing), Google knows most of the sites you've visited.

Even if you use a VPN or ToR, it's still possible to uniquely identify a browser most of the time. The combination of plugins installed, window size, screen size, colours, language and region settings, etc.
For a demonstration, click "test" on the following site, then click "show full details" to see the exact information your browser is sharing: http://panopticlick.eff.org
Reply
#14

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

You can buy a new SIM card to register Signal, then toss it and put in your normal SIM card.

There are some problems with that:

- it's difficult to buy a SIM without providing ID in many countries

- each phone has an ID number (called "IMEI"), and carriers keep records of which IMEIs have been used with each SIM card. That makes it very easy to associate your temporary SIM with your main one (and such lines of inquiry are standard operating procedure, by the way).

So in order to maintain anonymity, you'll need to find a way to buy a SIM anonymously and also use a separate phone that hasn't ever had any of your (preferably also your friends') SIM cards in it.

Signal does offer some advantages in theory, but I think it's far less practical in reality and that's why its user base is still quite small.
Reply
#15

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 08:07 AM)DaveR Wrote:  

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

You can buy a new SIM card to register Signal, then toss it and put in your normal SIM card.

There are some problems with that:

- it's difficult to buy a SIM without providing ID in many countries

- each phone has an ID number (called "IMEI"), and carriers keep records of which IMEIs have been used with each SIM card. That makes it very easy to associate your temporary SIM with your main one (and such lines of inquiry are standard operating procedure, by the way).

- You can potentially buy a VoIP number anonymously, haven't looked into which ones accept Bitcoin but there's bound to be one.

- Good point, I didn't realise that. I guess there's no way of hiding your primary Signal number then if your threat model means that carriers would share data with Gov agencies to identify you.

This means if you want to have encrypted group chats, you should only share your Signal number with vetted individuals. Otherwise, stick to Telegram for 1:1 secret chats.
Reply
#16

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:30 AM)DaveR Wrote:  

Quote: (02-21-2016 10:11 PM)Valentine Wrote:  

Another note, in Roosh's secure messaging post he recommended Telegram, however I'd take it further and use Signal instead because it has more privacy, though it's compatible with less platforms. But if you have to settle for Telegram it's still better than WhatsApp as it's open-source and group chat data would only be shared with the pro-privacy developers, rather than Facebook-owned WhatsApp.

The problem with Signal is that you need to share your phone number to use it. That kind of strikes it out on the anonymity front, especially for meet ups. Phone numbers are too easily linked to real identities.

Also, the line below "Telegram" on the EFF's scorecard shows "Telegram (secret chats)". If using that feature, it scores just as well as Signal.

You can buy a new SIM card to register Signal, then toss it and put in your normal SIM card.

Secret chats can only be used on 1:1 chats, not group chats unfortunately. For 1:1 chats though it is as good as Signal.

Quote: (02-22-2016 06:46 AM)DaveR Wrote:  

Quote: (02-22-2016 06:25 AM)dispenser Wrote:  

I would add that you should vary your MAC addresses.

I don't think MAC addresses are a serious issue because they can't be used to track a person on the internet. A static MAC may be a problem if you think you have a stalker following you around, but that's a fringe case. Anyway, iPhones and the later versions of Android already do randomisation in order to prevent stores and malls from tracking their customers.

There are more significant issues from a privacy perspective, like website tracking services(eg. Google Analytics) and browser fingerprinting.

Agreed.

The Firefox extension Disconnect works well against trackers and Random Agent Spoofer is useful vs browser fingerprinting.

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

While I support all efforts to protect ones privacy, it should be noted that if you're of interest to alphabet soup agencies there isn't anything you really can do to protect yourself except sort of completely disappearing off of the grid. That means no bank accounts, no cell phone, no computer, no job, no car, and pretty much avoiding modern civilization as a whole.

Disagree. The three links I added have alternatives for all PRISM software and hardware.

If you're interested in a full NSA-proof strategy I don't think that's necessary. There's software available which is open-source and encrypted to allow us to still use computing devices, rather than going without.

Bank accounts will always be traceable true, cryptocurrency is your best bet if you want to hide all your financial happenings.

But this all depends on your threat model. There's far more stuff you can do to become full anonymous but it's a lot of extra work for little visible reward. However if you are being attacked by Anonymous/NSA etc then you should be relying on burner phones and a secure OS exclusively at the very least.

The point I was getting at is, if you want to be apart of the "system" and the benefits that come with it how are you going to make sure your data from the grid (bank accts, credit cards, etc) doesn't connect you to your activities? There seems to be a rather worrying level of trust in your plans placed on 3rd party systems. Nothing is secure unless you can see it for yourself.

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Use VPNs always. No need for your ISP to know that you're a thought criminal. Unless you own the VPN, you're exposing yourself to MITM (man in the middle) attacks. Your VPN provider can now examine all of your data that passes through their server and easily duplicate encrypted data for cracking at a later date.

Better than sending your IP address/location/identity in the clear. The solution here would instead be to rotate VPNs regularly if you are at risk of being targeted. Or only use Tor depending on your threat model.

So then what is the point of using a VPN if you're still exposed elsewhere? Your VPN's ISP will then be able to identify you instead of your own.

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

For especially sensitive information, use Tor. TOR exit nodes have occasionally been used by the NSA again in MITM attacks) http://motherboard.vice.com/read/how-the...-anonymity

Again, only if you're being actively targeted is this a risk. If you're forced to always use Tor and you happen to download a large file from a website without verifying it, then you're an idiot.

If that's your threat model you'd be downloading files from websites only within a virtual machine at the very least.

I thought all of this write up was predicated on the idea that we're being watched. If we're not being watched what is the point of using these systems? All they do is add unnecessary complexity and remove convenience.

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Only use open-source software. Ensure that hosts are zero-knowledge/there's end-to-end encryption. Have you personally gone through each line of code to ensure that nefarious data hasn't been added to the repository for the source of the software? http://www.zdnet.com/article/hacker-hund...-backdoor/

I didn't say all open-source was trustworthy. Just that closed source software was untrustworthy. From there you should do your due diligence before sharing sensitive information via any software.

Again, I ask what is the point? Both open source and closed source are inherently untrustworthy until you can confirm that they're safe. There was one time a previous employer of mine wanted to be 100% sure that the software they were getting was secure and had no back doors. They paid the developer a license that allowed them to examine the source code and compile the builds using company owned machines. Sure we could trust them as it was a big name software company, but sometimes you need that level of security.

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Finally, call me a wet blanket, but it doesn't matter how strong your network security is when social engineering is your weakest vector for attack.

Our most common enemies are tech illiterate SJWs and script kiddies. These two groups can easily infiltrate us using social engineering. No need for IBM super computers cracking 2048 RSA ciphers.

Thing is, the only attack point they should be able to reach you with is a PM or email. You should know not to trust any attachment you receive from a stranger.

Most people are hacked via social engineering but if you compartmentalise your online aliases (i.e. your RVF identity isn't linked to any of your other accounts) then this is unlikely for anybody here. If you have any possible scenarios though I'd like to hear so we can brainstorm solutions.

I'll be honest Valentine, a lot of these suggestions are excessive and fall into the realm of paranoid cryptonerd. They are all well intentioned, but the advice of:

1. Use a burner email
2. Don't post too much identifying information in your posts on the forum
3. Use a username that is different from your other ones

Is about as good as it gets when it comes to protecting yourself. Part of my job is network and IT security. I have to balance the cryptonerd side of me with the employee "convenience factor". My coworker is full on cryptonerd and would require everyone to do 2 step timed authentication, use USB keys, and change their passwords weekly. I play the counterpart where we step back and say, "this seems unnecessary". Our security requirements are moderate so we can afford to be lax in certain places so people aren't inconvenienced by having to change a password every week.

Finally, most of these suggestions are relatively pointless from a security stand point if it requires too much trust on 3rd parties.

The greatest insult to security and privacy is saying, "Do this, that and the other and you'll be safe" without also identifying the trade offs to and inherent risks which is what I'm trying to do here.

You can implement all of these and tell yourself you are safe, but at the end of the day this is how they're most likely going to get their information:

[Image: security.png]

So I guess the real question is: Valentine, what is your threat model and who do you fear getting exposed to the most? Is it SJWs and anonymous or GCHQ/NSA/etc?

Lets answer that question and then identify what security applications fit best for you because all of your suggestions are all over the place and leave yourself exposed in different areas.
Reply
#17

Digital Privacy for the Neomasculine Man

A great read.

Your second link under mail said not to use Yandex mail. I know Yandex is Russian so i double checked by doing a trace route and ip lookup where all their mail servers are in Moscow.

Yandex mail doesn't need a mobile number to set it up which I highly recommend!

I installed Windows 10 on one of my computer where I believe it's not very safe. Advertising comes up in the start bar and it updates automatically. When i first installed it, I was watching all these advertising programs install on my computer from the store.

I'm happy with Windows 7 on my main computer for now! I use TOR when possible!

Tails is the best OS for security! https://tails.boum.org/
Reply
#18

Digital Privacy for the Neomasculine Man

One thing i like to add is Google your full name and try to hunt down yourself.

This is what will happen if you get doxxed in the future. Try not to use your full name on the web.
Reply
#19

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 08:57 AM)The Beast1 Wrote:  

The point I was getting at is, if you want to be apart of the "system" and the benefits that come with it how are you going to make sure your data from the grid (bank accts, credit cards, etc) doesn't connect you to your activities? There seems to be a rather worrying level of trust in your plans placed on 3rd party systems. Nothing is secure unless you can see it for yourself.

Don't purchase things which link you to the community with accounts in your real name. Cryptocurrency is best but you can also buy VCCs and in many countries like the US you can easily buy prepaid debit cards without ID.

If you can elaborate on possible scenarios, we can see the leaks and then work to make ourselves as anonymous as possible. We haven't got a choice now that this community has global recognition.

Quote: (02-22-2016 08:57 AM)The Beast1 Wrote:  

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

Use VPNs always. No need for your ISP to know that you're a thought criminal. Unless you own the VPN, you're exposing yourself to MITM (man in the middle) attacks. Your VPN provider can now examine all of your data that passes through their server and easily duplicate encrypted data for cracking at a later date.

Better than sending your IP address/location/identity in the clear. The solution here would instead be to rotate VPNs regularly if you are at risk of being targeted. Or only use Tor depending on your threat model.

So then what is the point of using a VPN if you're still exposed elsewhere? Your VPN's ISP will then be able to identify you instead of your own.

It prevents your ISP knowing what you do online, MITM attacks on your LAN and websites you visit from identifying you. If you need further protection then Tor will make you near totally anonymous.

Quote: (02-22-2016 08:57 AM)The Beast1 Wrote:  

Quote: (02-22-2016 07:17 AM)Valentine Wrote:  

Quote: (02-22-2016 06:46 AM)The Beast1 Wrote:  

For especially sensitive information, use Tor. TOR exit nodes have occasionally been used by the NSA again in MITM attacks) http://motherboard.vice.com/read/how-the...-anonymity

Again, only if you're being actively targeted is this a risk. If you're forced to always use Tor and you happen to download a large file from a website without verifying it, then you're an idiot.

If that's your threat model you'd be downloading files from websites only within a virtual machine at the very least.

I thought all of this write up was predicated on the idea that we're being watched. If we're not being watched what is the point of using these systems? All they do is add unnecessary complexity and remove convenience.

See my previous post on using two meanings for the word 'targeted'.

Quote: (02-22-2016 08:57 AM)The Beast1 Wrote:  

Again, I ask what is the point? Both open source and closed source are inherently untrustworthy until you can confirm that they're safe. There was one time a previous employer of mine wanted to be 100% sure that the software they were getting was secure and had no back doors. They paid the developer a license that allowed them to examine the source code and compile the builds using company owned machines. Sure we could trust them as it was a big name software company, but sometimes you need that level of security.

We haven't got the time nor ability to check the source code of every single bit of software we use. So we have to rely on rules of thumb.

All things the same, it's more likely to be secure using a piece of open-source software that has had many eyes on it than closed-source where they can install a hundred backdoors.

By all means continue to practice strong OPSEC whilst using this software e.g. don't share identifying information.

It is not a perfect solution granted, but every bit of extra privacy is necessary in these times. Especially when there's little difference in usability when swapping to most pieces of open-source software eg WhatsApp > Telegram.

Quote: (02-22-2016 08:57 AM)The Beast1 Wrote:  

I'll be honest Valentine, a lot of these suggestions are excessive and fall into the realm of paranoid cryptonerd. They are all well intentioned, but the advice of:

1. Use a burner email
2. Don't post too much identifying information in your posts on the forum
3. Use a username that is different from your other ones

Is about as good as it gets when it comes to protecting yourself. Part of my job is network and IT security. I have to balance the cryptonerd side of me with the employee "convenience factor". My coworker is full on cryptonerd and would require everyone to do 2 step timed authentication, use USB keys, and change their passwords weekly. I play the counterpart where we step back and say, "this seems unnecessary". Our security requirements are moderate so we can afford to be lax in certain places so people aren't inconvenienced by having to change a password every week.

We all come on different levels of the spectrum when it comes to the tradeoff between privacy:convenience.

I'm merely offering solutions and if someone is happy without that level of privacy it's up to them. It all depends on their threat model.

Quote: (02-22-2016 08:57 AM)The Beast1 Wrote:  

Finally, most of these suggestions are relatively pointless from a security stand point if it requires too much trust on 3rd parties.

The greatest insult to security and privacy is saying, "Do this, that and the other and you'll be safe" without also identifying the trade offs to and inherent risks which is what I'm trying to do here.

You can implement all of these and tell yourself you are safe, but at the end of the day this is how they're most likely going to get their information:

[Image: security.png]

So I guess the real question is: Valentine, what is your threat model and who do you fear getting exposed to the most? Is it SJWs and anonymous or GCHQ/NSA/etc?

Lets answer that question and then identify what security applications fit best for you because all of your suggestions are all over the place and leave yourself exposed in different areas.

If you have a solution that doesn't rely on 3rd parties I'm all ears. The reality is, most people are relying on closed source software and the heuristic: open-source is more secure works in most cases.

We're not aiming for perfect anonymity here. If you wanted that you'd have to go analog. This is merely the 80/20 of digital privacy by reducing potential attack points and replacing software.

My personal threat model is aimed against dragnet global surveillence. The main changes being 1) Eliminating use of PRISM companies and 2) Compartmentalising any crimethink activities.

If you have other suggestions for which areas are exposed I'm interested in hearing them. My strategy isn't foolproof obviously but the reason I have shared it is that the average RVF member would get a huge upgrade in their cybersecurity by implementing these measures.
Reply
#20

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 09:53 AM)Valentine Wrote:  

My personal threat model is aimed against dragnet global surveillence. The main changes being 1) Eliminating use of PRISM companies and 2) Compartmentalising any crimethink activities.

If you have other suggestions for which areas are exposed I'm interested in hearing them. My strategy isn't foolproof obviously but the reason I have shared it is that the average RVF member would get a huge upgrade in their cybersecurity by implementing these measures.

Well, did you start dodging surveillance first or did you start doing thought crime first? Because if you are correct to think the major agencies are actively trawling for online crimethink, chances are they already tabbed you as a thought criminal and put your name in a database as such, before you started taking all these security precautions. So what's the point of going through all this pain if the cat is out of the bag?
Reply
#21

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 10:11 AM)Fast Eddie Wrote:  

Quote: (02-22-2016 09:53 AM)Valentine Wrote:  

My personal threat model is aimed against dragnet global surveillence. The main changes being 1) Eliminating use of PRISM companies and 2) Compartmentalising any crimethink activities.

Well, did you start dodging surveillance first or did you start doing thought crime first? Because if you are correct to think the major agencies are actively trawling for online crimethink, chances are they already tabbed you as a thought criminal and put your name in a database as such, before you started taking all these security precautions. So what's the point of going through all this pain if the cat is out of the bag?

"All this pain" is an exaggeration. For the changes suggested it's only a few days to a few weeks to setup the systems and create new habits.

If you're happy to say "fuck it, they already know about me, what's the point" then that's your prerogative. I created this thread to discuss solutions, not giving up.

I doubt they flag someone who stumbles into ROK once, then all Jezebel hate readers would be flagged also. But anyway, if you don't make yourself private you'll pop up more and more on their database. And with things progressing the way they are it seems infinitely smarter to prevent any lines of attack from our enemies. Most people here have a lot to lose if doxxed.
Reply
#22

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 10:11 AM)Fast Eddie Wrote:  

Quote: (02-22-2016 09:53 AM)Valentine Wrote:  

My personal threat model is aimed against dragnet global surveillence. The main changes being 1) Eliminating use of PRISM companies and 2) Compartmentalising any crimethink activities.

If you have other suggestions for which areas are exposed I'm interested in hearing them. My strategy isn't foolproof obviously but the reason I have shared it is that the average RVF member would get a huge upgrade in their cybersecurity by implementing these measures.

Well, did you start dodging surveillance first or did you start doing thought crime first? Because if you are correct to think the major agencies are actively trawling for online crimethink, chances are they already tabbed you as a thought criminal and put your name in a database as such, before you started taking all these security precautions. So what's the point of going through all this pain if the cat is out of the bag?

That's what i was getting at. They already know we all post here. The fact that you're going well beyond what is necessary makes you immediately more interesting to security agencies. TOR, VPNs, cryptocurrencies, just screams, "I have something to hide!"

Hiding in plain sight is much safer and easier to do.

As for the doxxing threat, security agencies and employees of telecoms do not dox people. Generally when intelligence agencies have information they don't want the subject of their investigation to know.

The people who do doxxings are folks googling people's names and looking for listed phone numbers and addresses of people. If you want to protect yourself from doxxing unlist your name and phone number from the internet, Google search the sh!t out of your name and hide stuff people can find, keep your posting habits on this site obscure enough so people can't identify you from posting, and obscure anything you do with multiple user names so people can't dig it up.
Reply
#23

Digital Privacy for the Neomasculine Man

Guys, I don't think the NSA is very interested in a bunch of Pussy Hounds. For defense against SJW's TOR is more than fine. Remember, even dissidents in China use it.
Reply
#24

Digital Privacy for the Neomasculine Man

Quote: (02-22-2016 10:36 AM)The Beast1 Wrote:  

The fact that you're going well beyond what is necessary makes you immediately more interesting to security agencies. TOR, VPNs, cryptocurrencies, just screams, "I have something to hide!"

Hiding in plain sight is much safer and easier to do.

These methods, when used correctly, make you extremely difficult to track.

Tor? You're almost impossible to identify.
VPNs? They'd have to gain logs from the RVF server AND THEN slap a court order on your VPN provider.
Cryptocurrency? Again, almost impossible to track (with proper OPSEC).

I hear what you're saying but how exactly would they identify that you specifically are using these measures?

As this website uses SSL even if you're just using a free proxy all they know is that a particularly username is posting on RVF, but nothing beyond that unless they get server logs. And if you don't use a proxy then your ISP knows, which is not ideal.

But I could be wrong. Who knows. Discussing this and identifying the leaks however is exactly how we'll make sure this movement survives, because they'll get increasingly aggressive to try and stop our momentum.

Quote: (02-22-2016 10:36 AM)The Beast1 Wrote:  

As for the doxxing threat, security agencies and employees of telecoms do not dox people. Generally when intelligence agencies have information they don't want the subject of their investigation to know.

The people who do doxxings are folks googling people's names and looking for listed phone numbers and addresses of people. If you want to protect yourself from doxxing unlist your name and phone number from the internet, Google search the sh!t out of your name and hide stuff people can find, keep your posting habits on this site obscure enough so people can't identify you from posting, and obscure anything you do with multiple user names so people can't dig it up.

If they can't hurt you in one way they may resort to others. Leaking your information won't necessarily get linked to them.

Agreed, most doxxing comes from publicly available information. Googling 'Skip Tracing' highlights some of their methods, it's quite ingenious.
Reply
#25

Digital Privacy for the Neomasculine Man

Timely reminder - the entire forum is NSFW.

You should never access this forum or ROK through your work connection. All internet access through work servers is logged.

If you must access at work, use your personal phone or tablet. Without fail, the device should use your personal data plan as the active connection, never your work internet.

All it takes is one person in HR to request an audit (say, to prove to higher management that no one is accessing "pro-rape" sites on company time) and you're screwed. It could also be a diligent system admin who does the audit by his own initiative.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)