rooshvforum.network is a fully functional forum: you can search, register, post new threads etc...
Old accounts are inaccessible: register a new one, or recover it when possible. x


Avoiding Deep State-Corporate Data Harvesting Datasheet
#1

Avoiding Deep State-Corporate Data Harvesting Datasheet

With the extent to which social media, corporations, the intelligence apparatus and governments are now known to collude to share, sometimes gigabytes, of personal data, here are some tips to reduce your footprint.

Credit-rating Agencies

The industry of big data started with credit-rating agencies (Equifax, Experian etc), who are virtually unregulated companies that have direct access to your domestic bank account details, your mortgage data and your loans. This data is compiled and is used by financial institutions to vet your credit worthiness.

As the digital world has grown so did the usefulness of the data. The credit rating agencies began buying up data like magazine subscription lists, land registries, voter lists, social security databases, utility customer details, mobile phone customer details and who knows what else.

Most of the spam phone calls and mail you get are based on such credit-rating agency data, which is sold as consumer marketing lists.

Here is an example of the Experian database for The Swamp District:

http://www.mediafire.com/file/idmw74qxx4...c.rar/file

You'll see it contains about 270? columns of data, including all sorts of financial, ethnic, religious, political and lifestyle data. And this is only their smaller database. The larger one contains SSN, emails and who knows what else.

Loyalty Cards

This data is also used and sold for marketing purposes, tracking buying habits and building psychological profiles. This data is all bound up with credit-rating agencies data to form an even bigger picture of you.

More: https://www.bbc.com/news/technology-43483426

Social Media

As the mainstream has now confirmed what we knew for a long time, because we had the documents, tech giants are giant spy nets that have been selling your data to pretty much anyone. This is the sort of data that governments would have dreamed of a few decades ago, has now been on the global market and no doubt has been sold to the likes of Qatar.

Gigabytes of your movements, establishments you've bought a coffee, what hate crimes you've liked, what you've shared, your images have been scanned and shape-mapped.

From this site you can get a more basic feed at a cost to what they have been providing to data clients:

https://pipl.com/



I have worked for one company that is a contractor to governments relating to various types of data analysis. This guy said they (the NSA) have it all, all your calls, all your likes, friends, all your bank transfers, all your purchases, all your photos. It's the Soviet Union with privatised arms. The media is Pravda. Facebook-Google is the CIA. Universities are re-education camps.

They bind up all your, mash it all together, analyse and build psychological profiles. At some point this could all be used as a kill list some have envisaged in threads like Migrant Invasion. Just imagine Stalin or Mao with all that. They would have done everyone in. Then look at the deranged Democrats, the UK police state and the left/mainstream in general. They're loosing control and swerving to an open police and thought control state.

Reducing Your Footprint

It's not really possible to stop your data getting all bound up into a giant profile; and it's only somewhat possible to stop them being able to follow you if they specifically investigate you. However, it's relatively easy to spike your data so their systems cannot detect your various footprints as one person.

1) Delete your accounts – Unless you are a public figure, delete Facebook, Twitter, LinkedIn, Instagram, Google and so on. If you use a major email provider (they scan your email and sell their profiles on you) switch to something like Tutanota or Protonmail. They aren't great, but they're much better until decentralised communications come about.

If you need LinkedIn for work, delete your ZIP/postal code and make your location as vague as you can. Also use the technique listed later for your name. LinkedIn are real data selling whores. If you don't really need it, bin it. They've also been hacked more times than they have disclosed.

2) Confuse your bindables – all your data is automatically bound up and merged on a number of criteria: name, date of birth, address, ZIP/postal code, username, phone number, email and maybe password.

There will be cases where you need to give legit details, like opening a brokerage account, but if you are being asked for details when signing up to a forum or something not important, fill in random data. Don't keep using the same data.

i) Never use the same or probably even similar username. I always use a new one for any site I sign up to.

ii) I'd also go for using unique passwords. For important sites, like a bank, I use unique super secure ones, but if I'm signing up for something non-important like a forum. I'd suggest this is important as with the amount of hacks that happen now, many of your user accounts get dumped online with the password (often in a crackable or generic encrypted form). So, for example, if this site got hacked it would be possible to bind some accounts to other databases by the password. For non-important sites I suggest something simple so you can login to them easily, like: #49Donald[last three letters of domain]trump.

iii) For emails I have two tiers:

1 – a tier that I use to sign up to sites that I could be tracked relatively easily from via a human. This is a domain that I registered for ten years and host myself. It's a catch all email that will collect any emails sent to any email on the domain in one inbox. To have it hosted for you, there are Yandex and Zoho you can use for free that have catch all. I don't really know what would be a good host to do it for you. I use this domain for signing up to any site that I could be identified by a human researcher, but not a computer binding up my personal data. I use a different email for every site I sign up to. This way you can also see who is selling your details.

2 – a tier I use to sign up to sites that I want to remain anonymous on. It's a domain bought with Bitcoin and registered for 10 years. It's a catch-all domain hosted by Yandex, which I access via IMAP through Tor and a VPN. I've never sent email from it, only received. A paid alternative is Scryptmail, which gives you disposable email addresses.

iv) When it comes to buying something online I use my address but never my name.

v) For your name, address and possibly ZIP/postal code you can also replace Latin characters with identical appearing or almost identical appearing Cyrillic characters -

Capitals: АВСЕНІЈМОРԚЅТХ
Lower: асеіјорѕх

For numbers you can use these, they look pretty much the same as the 0-9 on your keyboard, but are different characters.

You can also take some characters from phonetic extensions and Lisu.

Another thing you can do is throw in a zero-width space, which is treated as a space by computers, but is invisible. See: https://en.wikipedia.org/wiki/Zero-width_space

So if your name is Hillary C. Clinton, of 88 Shawshank Boulevard. Using the above you can change your digital footprint to essentially be Joseph Mengele, of Sh?w shank ?oulevard, where those question marks are Cyrillic characters and the space is a zero-width space. With this computers won't be able to bind your data to your master psyche profile at the NSA.

Randomise.

3) If you can get a SIM card that you didn't buy in your name. I have a bunch of SIMs I've picked up from around the world. One I keep permanently active. It's from Serbia where SIMs last for 12 month of non-activity. I also take SIMs out of my phone, which I barely use, when I'm back at home. No one contacts me by GSM.

4) If you don't care about voting in your country, get yourself removed from the electoral register, or at least see if you can have your details removed from the version of the electoral register your loving government sells to data marketers.

5) Get a VPN. There are other sheets for this. Should act as a level of protection from deep NSA snooping.

6) Switch to the Brave browser, or if you are a Chrome addict, switch to Chromium, which is Chrome without Google spyware.

7) For more advanced level evasion you can get a business debit card, which will stop your purchases being linked to you via VISA etc. You can also get cards from Payoner, who have a very low bar for KYC.

8) For accounts that are linked to my person I use an address in country that is fairly off the spy grid.

9) Install a user-friendly flavour of Linux, like Ubuntu or Linux Mint and migrate away from Windows/Apple. For deep dives install Tails OS on a USB.
Reply
#2

Avoiding Deep State-Corporate Data Harvesting Datasheet

This is a solid thread for guys interested in this kind of thing....

I've known for the longest time about the collection of data corporations and the government have been gathering. But I don't really see the need to go off the grid and sacrifice using the apps, accounts, social media, ect... Not now at least, maybe in the future they will be using my online footprint for something more sinister but for now it doesn't seem worth going without because some company is selling my shit and sending me adds they think are relevant to my interest.

Last year a buddy sent me a message on Whatsapp asking me what I was doing. I was playing Xbox so I snapped a photo of my controller (a pretty rare limited edition controller from years ago) and told him I was playing Xbox. The next day on Facebook guess what shows up for sale on the right side of my Facebook.... a photo of the rare controller I just send my buddy the day before.... it's not a coincidence. However it didn't shock me or make me want to go live in a hut off the grid...

I don't really approve of whats going on with the collection of our information.... however its not enough for me to jump through the hoops I would have to to minimize it.

[Image: 1Z8d.gif]

Bruising cervix since 96
#TeamBeard
"I just want to live out my days drinking virgin margaritas and banging virgin señoritas" - Uncle Cr33pin
Reply
#3

Avoiding Deep State-Corporate Data Harvesting Datasheet

Good post. For unique usernames and passwords you should use a password manager like KeePass or Bitwarden, it's pretty hard to keep track of it all otherwise.

Going to have to disagree with the browser recommendations. Chromium (and Brave, since it's based on Chromium) still phones home to Google constantly. See the readme for Ungoogled Chromium, a fork which removes much of this spyware (but as you'll notice from the readme and issues list, there is still some that hasn't yet been removed).

A better alternative is Firefox, which has had it's issues in the past but is generally more pro-privacy than Google stuff. See user.js for how to harden Firefox further or consider just using the Tor Browser.

Curious to hear more about how you managed to do #8.
Reply
#4

Avoiding Deep State-Corporate Data Harvesting Datasheet

Great post thanks. I stopped using Gmail I couldn't be happier especially with their redesign coming in a week.
Reply
#5

Avoiding Deep State-Corporate Data Harvesting Datasheet

For those who use Firefox and are merely concerned with having usage data vacuumed up, there are guides on hardening the browser.

The Complete Firefox Privacy and Security Guide

Firefox Privacy – The Complete How-To Guide

If you are interested in seeing all of the companies that are spying on your usage with every site you visit, you can install an add-on like Lightbeam.


Related to the online accounts that many people already have, there is an option that was suggested to me by a serious privacy geek. According to this guy, many of the biggest data thieves (Facebook, Linkedin, etc.) have TOS that essentially allow them to keep some version of your usage data and personal information after you have deleted your account. He suggested neither to delete the account right away, nor to purge the page of usable information. Instead, he suggested to - over the course of perhaps a few weeks or months - add a whole bunch of useless and incorrect data to your account. *I don't know how much time a person would actually want to spend on this, but there was a software engineer who actually wrote a script that uploaded random data to his Facebook account.* Anyway, this guy told me to do that for a while and then close the account.

Another tip, and one I can confirm as useful for obfuscation, is to "modify" your own credit reports. In the US, you are allowed one free peek at your credit reports from the big three every year. See this site for instructions. Once you have these reports, you can dispute anything on them. Obviously I would not advise disputing legitimate outstanding debt. But, it is very, very easy to dispute address history and tell them where you "really lived". You could even go so far as to do them the favor of letting them know you currently live in that small apartment in Juneau, Alaska, or on that sailboat in Maui. Since we all know they are using this information for our own good, it's very important to make sure they have the most accurate data. HUGE CAVEAT: You are sometimes asked for this information when you request the reports or make an application for credit. Keep this in mind when you "amend" your own data.

Currently out of office.
Reply
#6

Avoiding Deep State-Corporate Data Harvesting Datasheet

Thanks for starting this thread.
Do you, or does anyone, know just how much of a privacy issue it is to use Apple computers? I've read articles that Windows 10 has a security hole in it that was deliberately placed there to allow the company to snoop on you. However, I've heard nothing bad about Apple privacy-wise.
Reply
#7

Avoiding Deep State-Corporate Data Harvesting Datasheet

Android, GApps free LineageOS, Xposed, FDroid, Firefox, DuckDuckGo, AFwall+, XPrivacyLua, DNSCrypt, ShadowsocksR running on a privately hosted server, and KeePass or Bitwarden with TOTP and long randomized unique passwords for each of your online accounts. If you need a cloud solution, roll your own on a self hosted server or a VPS that you can quickly delete if necessary. And that's just getting started.

If you're super paranoid, install Tasker and set up an SMS code trigger that reboots your phone into unassisted full-wipe mode. That way if you lose it, you can text it from any number with the code you assigned and have it completely wipe the system and data. It's not 100% foolproof, but it's better than almost any of the big-name remote wipe features available. Edit: Seems this method is no longer possible with systems running File Based Encryption. Something new for me to figure out.

Alternatively, if you just want to use your device with minimal headache, then at the very least you could simply set all of the app permissions to the off position and only enable them when prompted and you're sure it's what you want to do. That, and disabling or uninstalling anything you don't need or use, both go a long way. Also, use websites instead of apps whenever possible. Those three actions alone can be easily done by anyone who knows how to use a phone or computer, and will make you about 75% less data-valuable than most device owners.

I won't go into detail just how much I've tweaked my own phone and computer. It would easily take twice as long to write about than it took to actually do. Suffice to say the first paragraph is a big part of it, with a lot other device specific tweaks and modifications, followed by LOTS of trial and error. And I'm sure they both still leak like a sieve.

Of course, one of the downsides to that level of privacy and personal protection is that to any eyes that decide to come looking, it just makes you look all the more suspicious, especially if you happen to be in a place that doesn't hold those two rights in high regard. Another major downside is time. In the event of a lost or broken device, you gotta do it all over again. Backups help alleviate some of the pain, but they're really only useful if you're replacing what was lost or broken with a 100% identical device.

All this talk is making seriously rethink my youthful ideals of going off the grid and building my own commune of neo-Luddites. Who's with me?
Reply
#8

Avoiding Deep State-Corporate Data Harvesting Datasheet

I'd say the worst part about it, is that I don't even care about hiding anything. The most scanadalous thing on either of my devices is probably a picture with bare knees in it somewhere, and that's only problematic in countries I'd never visit anyway. The only reason I went the route I did is because I decided to run a traffic logger for a week as an experiment. What I saw at the end of that week blew my mind. Hundreds of Mbs, daily, attributed just to analytics, advertisements, and trackers. I generally run a pretty lean system, so I'd imagine that was on the low end. I can imagine what it looks like for most people with all their social media apps and other useless nonsense. It's no damn wonder people blow through their data allowances so easily.
Reply
#9

Avoiding Deep State-Corporate Data Harvesting Datasheet

Quote: (09-25-2018 06:11 AM)J_Sway Wrote:  

I'd say the worst part about it, is that I don't even care about hiding anything. The most scanadalous thing on either of my devices is probably a picture with bare knees in it somewhere, and that's only problematic in countries I'd never visit anyway. The only reason I went the route I did is because I decided to run a traffic logger for a week as an experiment. What I saw at the end of that week blew my mind. Hundreds of Mbs, daily, attributed just to analytics, advertisements, and trackers. I generally run a pretty lean system, so I'd imagine that was on the low end. I can imagine what it looks like for most people with all their social media apps and other useless nonsense. It's no damn wonder people blow through their data allowances so easily.

That's a good point about running experiments to educate yourself about all the privacy leaks occurring.

Here's a few more:

Cookie AutoDelete browser extension - you'll notice just how many 3rd party cookies are being delivered by the sites you visit.

uMatrix browser extension - you'll quickly realise how much unknown JavaScript you have to allow from 1st and 3rd parties just to get some webpages to load properly.

True Sight browser extension - many websites use a reverse proxy (eg Cloudflare) to use as a CDN/DDoS protection/etc, but they're essentially a Man-in-the-Middle that spies on and can intercept your traffic. Note: many sites rely on Cloudflare for DDoS protection, this can be done by self-hosting Deflect anti-DDoS instead.

LineageOS without GApps - so many apps rely on Google Mobile Services, especially for notifications and the maps API.
Reply
#10

Avoiding Deep State-Corporate Data Harvesting Datasheet

An alternate view on protecting yourself is nicely stated in the following proverb:

“If you don't want anyone to find out about it then don't do it”
Reply
#11

Avoiding Deep State-Corporate Data Harvesting Datasheet

@Donger, the problem with that is everything we do could be a potential crime in the future.

Many family members questioned me about not being on Facebook anymore. When I told them why, I don't want the gov't or ppl monitoring everything I post, they acted like I was crazy... saying things like "If you're not doing anything wrong then why should you care if they are watching you?" Because one day something I did or said WILL be used against me and I'm not gonna give them easy access to use it.

Quote: (04-21-2014 04:47 AM)WestIndianArchie Wrote:  
On the cool, she probably had at least one too many tortiillas, but the tetas was mas gorda, comprenede?
Reply
#12

Avoiding Deep State-Corporate Data Harvesting Datasheet

Quote: (09-25-2018 03:33 PM)louiebeans Wrote:  

@Donger, the problem with that is everything we do could be a potential crime in the future.

That's a very good point. I'd like to erase my entire social media footprint but it's very difficult to do.
Reply
#13

Avoiding Deep State-Corporate Data Harvesting Datasheet

Just make it bigger and confusing, put in as much useless information as possible.

"A stripper last night brought up "Rich Dad Poor Dad" when I mentioned, "Think and Grow Rich""
Reply
#14

Avoiding Deep State-Corporate Data Harvesting Datasheet

Quote: (09-25-2018 02:59 PM)Valentine Wrote:  

LineageOS without GApps - so many apps rely on Google Mobile Services, especially for notifications and the maps API.

Yeah. I don't personally use it, but it's about the best option for those that want to disconnect from the Apple or Google ecosystem of services and still use a modern smartphone. That's a bit tricky at the moment, especially if you're like me and have quite a few very useful apps that you've paid for over the years and are tied to licensing through Apple or Google. FOSS and FDroid hosted alternatives are catching up, and many of them are better, but overall they've still got a ways go.

That's the reason I'm still running stock firmware. That, and there's still no official LineageOS build available for my device. It'll be nice when/if one gets officially built and maintained. It'll save me a whole lot of time down the road, that's for sure. Until then, I've modded and stripped mine down to the point that it is almost as bare as LineageOS, but still am able to use the Google framework so my paid apps and so forth run properly.
Reply
#15

Avoiding Deep State-Corporate Data Harvesting Datasheet

Quote: (09-25-2018 04:50 AM)J_Sway Wrote:  

All this talk is making seriously rethink my youthful ideals of going off the grid and building my own commune of neo-Luddites. Who's with me?

I am.

Quote: (09-25-2018 03:20 PM)Sgt Donger Wrote:  

An alternate view on protecting yourself is nicely stated in the following proverb:

“If you don't want anyone to find out about it then don't do it”

For me, it isn't necessarily that I have anything to hide. I just disagree with what many of these companies do to acquire the data, and, then, with how they use it. I understand the adage of "If you're not paying for it, you are the product." But, I purposely have avoided social media and other services on which I would have to willingly compromise my privacy. My issue is with the fact that almost every site I visit is fingerprinting me and throwing all of my usage data to Google and other companies. And, this is all done under the protective umbrella of TOS that sometimes run in to the hundreds of pages. If it was all more transparent - and some of these apps and add-ons attempt to accomplish that - I would have less of a problem with it.

Currently out of office.
Reply
#16

Avoiding Deep State-Corporate Data Harvesting Datasheet

Maybe I should get rid of my dick pics... But I wouldn't mind being doxed about my dick
Reply
#17

Avoiding Deep State-Corporate Data Harvesting Datasheet

Adding confusing stuff to your footprint isn't useful. Algorithms will have traced all your activity back to the beginning of the internet now, it's easy to connect the dots from old server logs, online purchases etc. Your digital identity has been built from the very moment DARPA decided to make the internet "public" and AI will easily discern between your content and bogus information.

Any plans at this time other than a global post-apocalyptic regenerative community network are mostly off the table for me.
Reply
#18

Avoiding Deep State-Corporate Data Harvesting Datasheet

https://github.com/dan-v/rattlesnakeos-s.../README.md

A new project that aims to create a personal AWS based build environment for a fork of the now dead CopperheadOS, currently only configured for Google's Pixel phones. It's called RattlesnakeOS, and setting it up requires a small amount of technical know how and an ability to follow written directions, but you end up with a self owned, self signed, self maintained secure and open-source build of AOSP, clean of all Google services, that can be updated manually or automatically depending on how you set it up.

I'm sure with enough technical know how it could be ported to other devices, though hardware wise, the Pixel phones, despite having the Google name, are extremely secure devices, so you wouldn't be doing wrong buying one on a secondhand market like Swappa, wiping it clean, then building and slapping this on it. You'd just have to be sure you're ready to go all-in on having no Google Services available on your phone.
Reply
#19

Avoiding Deep State-Corporate Data Harvesting Datasheet

Should check out LineageOS for Microg fork. microg.org kept trying to get LineageOS to support signature spoofing, but the LOS team just couldn't commit, so they forked it. Still get lineageOS4microg OTA updates a couple days after official LOS releases. It comes with Fdroid Privileged Extension, all the microg dependencies, and ofc LOS.

Microg is an open source version of the closed Google APIs that playstore apps use, and they've built Playstore signature spoofing into it so that Playstore apps are "duped," so to speak.

Having push notifications and the maps api's really makes life great, I must admit. It sucked for a while not having them.

Check em out @ https://lineage.microg.org



Might also want to check out Nextcloudpi for hosting your own server for calendar, tasks, contacts, files, even SMS and the NC Talk app. $65 rpi 3b+ and some time to get things configured, and bam, your data is yours.

NC apps are available on playstore or fdroid (NC Talk on Fdroid doesn't have push notifications though, so use the Playstore version combined with microg).

Check em out @ https://ownyourbits.com/nextcloudpi



Also 2 more apps worth mentioning, Net Guard Pro combined with Orbot (both available on Fdroid or Playstore). Locks down all your phone traffic and gives you the ability to choose which connections for which apps you want to allow to get out, and if they do, they use TOR.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)