Security Privacy Course Outline

October 18, 20191,657 words

Ghost Phones: how to buy a completely anonymous phone AND cell phone service

Buy phone in cash (can't finance as that requires credit check)

get prepaid plan with Tmobile, doens't require name/address/etc.  Pay upfront 1st month, buy $40/$50 gift cards at grocery store each month in cash to load prepaid balance.


email security
Secure email with 33mail
encrypt email with proton mail (affiliate link)
* can use passwords
* Can set time to disappear
Check your email to make sure it isn’t hacked with haveIbeenpwnd.com
check email/usernames on https://ghostproject.fr
Hide IP traffic with a VPN (affiliate link)
Never open emails from people you don’t know, never open attachments thatvlook sketchy. If you are unsure email the person back to confirm they sent it

Private web browsing
Use Brave Browser to stay private
Use Duck Duck Go or Start Page for search on mobile and desktop
using Firefox containers extension so sites can't track what you are doing in other tabs

Ghostery extension to block trackers/scripts

U-Block Origin extension to block IP sniffing

Using TOR to REALLY stay off the radar
2FA via Trezor or physical device
TURN OFF SMS TEXT - Sim port hacks
check out all tools at https://objective-see.com/products.html (tells you if mic/cam are being accessed on machine)
* Oversight checks for mic and cam access

Private Cloud Storage
Using Spider Oak for zero-knowledge file storage
Turn off automatic cloud backup for phone. Nudes will be leaked to cloud provider and hacked. Manually upload backup by choosing images. Share story about searching for certain term in phone and coming up with nudes (Photo recognition AI knows what ou are uploading - leak potential)


Private Messaging
Signal is easiest and most secure for most people
Always verify safety number in person when possible. If not talk on phone and have them verify safety number
Set disappearing messages ALWAYS and be aware if they are turned off
If safety number changes it means there is either a man in the middle attack happening or they got a new phone. Regardless verify the number

Wire is great alternative, doens't require phone number for identification (created by creator of Skype).  Zero-knowledge and end-to-end encryption


Password managers
How to use them securely so every site has a unique login/password
1passord
keypass
Trezor hardware wallet
Dashlane
etc.


Private Search Engines:
Use Startpage.com and/or Brave with duck duck go.
turn off web history and cookies in Google/Chrome
turn off Google ad tracking opt out
https://myaccount.google.com/activitycontrols? turn off EVERYTHING
Protecting your computer from attack
Keyboard key scrambler to beat keyloggers
Virtual Machines to separate important stuff from non important stuff
use guest login to do most things since it doesn’t have admin account (malware can’t take over since no admin permission)

Private Asset protection
Anonymous New Mexico LLC’s
* how to set them up, costs, administration, set it and forget it privacy
* using ‘friendly liens’ to become your own first creditor (using LLC A to ‘loan’ money to LLC B and get a lien so you are first in line for all assets
Cryptocurrency - getting some money ‘off the grid’ and infinitely portable anytime/anywhere - buy with cash
Precious metals - have some gold/silver stashed away in cash of a black swan event/store of value

Privacy with your name
Never use your real name when possible (when creating new accounts
take advantage of sweepstakes and other dumb shit to create disinformation campaigns to clog up data brokerages
* use misspellings of first name, last name, wrong address, zip code, etc. so nothing matches up
Get new debit/credit cards for ‘employees’ with different names than you so when you pay for something its not your name
* Do a search on top search engines for your first name last name and address, f+L and zip, f+l and phone number to see extent of damage. Work backward removing these
* Log out of any browser before doing this search
* Search your email address as well
* Search most frequent usernames. These can surprise you from 10 years ago!

Data Brokerages (could be a ongoing scrubbing/removal service)
How they work, what they are, how to remove yourself from all the top ones (since most trickle down from the top)
* LexisNexis
* Westlaw/Thompson Reuters
* Acxiom
* Sterling Infosystems
* Innovis
* Rapleaf
* Been Verified
* Accutellus
Address/info websites that list you and your family associations
www.beenverified.com
peekyou.com
infospace.com
Mylife.com
spoke.com
emailfinder.com
People Directories
www.spokeo.com
www.pipl.com

Anonymous utilities, water, gas, and internet services at your house (using a fake name)

Anonymous Amazon accounts in fake name delivering to your anonymous address





Protecting your credit
Set up a credit freeze on these accounts so no one can open new lines of credit

Protect your address
Keeping your address off of public records
using a PO Box
Not entering your actual address into Uber/Food delivery, etc. (use a very close one) or a corner nearby
Remove yourself from all credit offers (show how)
Remove yourself from all direct mail offers (show how)
https://www.directmail.com/mail_preference/
optoutprescreen.com
Create two Ghost addresses via JJ Luna (one in Alaska for US requirements) and one in Canary Islands
Remove a photo of your address from Google Maps
Removing voter registration details

Physical home safety
security cameras (cheap and expensive)
door sensors
protecting your wifi router from attack
guns or some fork of protection nearby and accessible
Using a waterproof/fireproof safe, and putting important electronics inside a faraday cage to protect them


How to build/buy a faraday cage in case of EMP
How to create a hideaway hole in your home that can’t be found


Consider using a private vault disconnected from the banking system for sensitive documents and valuables (home invaders can’t steal what isn’t there) and banks can’t subpoena since vault is disconnected from the banking system. Can’t find what they don’t know about
File sharing/data
Slack chat alternative: keybase.io
Google docs alternative - Blockstack


removing junk mail and other shit in your mailbox
* DMAchoice.com
* catalogchoice.com
* epsilon.com
* all coupon companies.


Protecting your phone number/phone from hacks
* Google avoice forwarding, only give Google number. Never answer calls that you don’t know, send to voicemail. GV will text you a conversation of what they said, add to block list so they can never call again.
* Try not to use fingerprint to log in, police are legally able to force you to open it with your finger (whereas things stored in your brain are off limits)
* turn off all permissions for all apps and enable them as you need them.
* Researchers have just created a “master key” fingerprint that can get into all phones: https://motherboard.vice.com/en_us/article/bjenyd/researchers-created-fake-master-fingerprints-to-unlock-smartphones
* If using an iPhone youbcan goninto “cop mode” which removes fingerprint authentication by clicking the power button 5 times in a row quickly.
* Cops have scanned dead peoples fingers to open phones.
* NEVER USE FACIAL RECOGNITION/scanning for AUTHENTICATION!
* Turn off SMS 2FA
* message your cell phone provider to put notes in your accounts not to port your Sim without in-store ID
* Use your 33mail to make your phone account email impossible to deal with idiot customer service people
* ex: llilillililillliiillililiiliillilOO0O0O00O00O00oOOO00O0O0OO0@username.33mail.com or never.port.this.number.without.in.store.id.verification@cloak.33mail.com
* Create a fake number by using either Number Proxy (accepts Bitcoin) or Tossable Digits


Remove yourself from phone directories
* white pages.com
* yellow pages.com
* addresses.com
* superpages.com
* search bug.com
*

Random stuff:
Create fake name for grocery/drug store loyalty points so they don’t collect data
Don’t register to vote - horrible invasion of privacy and they sell your info to everyone
Don’t sign up for free services, theybsell your data
Avoid giving the post office data, they sell it to everyone


NEVER GIVE UP YOUR DNA/Biometrics!

Ancestry.com and 23andme.com have full rights to your data forever. Show example of guy being falsely accused of murder because his church sold his ancestry data to ancestry.com

Use example of black woman who’s cells were used for billions in dollars of cures and the family never received a dime of that money
Never give up your finger prints willingly. I present my ID at my gym which “requires it” to check in because I know their database will eventually be hacked.
Never use your iris/eye as a login method - database will be hacked.

Staying private with photos (horror story of pop start getting tracked down and assaulted by the reflection in her eyeball in a selfie
Turn off location for photos - geotagging images gives away your location (use examples of John McAfee leaking location while in Burma because of media bungling metadata
Scrub all metadata/exit data from photos
Show how cropped image thumbnails can be reverted back to full size (showing nudes with precious examples)
Black out almost everything in your drivers license or any other ID if you need to send it - they only need what they need vs. all the info total

Social media
mass-delete posts using this plugin: https://chrome.google.com/webstore/detail/social-book-post-manager/ljfidlkcmdmmibngdfikhffffdmphjae/related?hl=en-US
Avoid it if possible, if not lock down accounts and only approve people you know in real life (different if using for biz)
Never share location
lock down the ability for others to tag you - you get to approve these first before they go live
Don’t share photos of the exterior of your house or neighborhood/surroundings
If checking into a location (shouldn’t be doing this at all really) don’t post until a few hours after you are gone. (Shoe example of swatting from Jameson Lopp and checking into gym which saved his life
Use a fake name, never enter your past (high school, any school, city, age, birthday, interests, etc.
Remove all advertising preferences from Facebook, Google, Instagram, etc (show exactly how to do this step by step). Less data means less targeting
NEVER ACCEPT FRIEND REQUESTS FROM PEOPLE YOU DONT KNOW - tons of phishing campaigns happen this way
Change setting so only friends of friends can find you.
Burn your account after downloading all your data and start over with close friends. One program will replace all your posts with gibberish

Intentional Misdirection/misinformation campaigns to throw off hackers/data brokers
Use random names
Cleaning up your credit report
Check your credit report in January at annualcreditreport.com and request free Equifax report
In May get a free one from Experian
In September request a free one from TransUnion
Check for incorrect loans, balances, accounts, addresses, etc.
Good Habits:
Stop giving out your info - no more grocery/loyalty cards for tiny discounts, not worth the data leak (story about Target sending pregnant stuff to teen daughter before her dad even knew
Using TOR/Tails/Virtual Machines


Annonymous Vehicle registration: https://www.49dollarmontanaregisteredagent.com/montana/rv-llc


Monitoring (could also be a service)

www.haveIbeenpwned.com

www.spycloud.com

Google Alerts for your name/address (how to do it privately without Google tying this info to your IP address)