Came across this one and thought it’s worth sharing as it is privacy related as well…
It could be cool to have an ongoing thread about full-stack privacy and opsec!
I changed the subject, ok or you have a better suggestion? Adding some other interesting articles to the this thread…
Hi! What country are you from?
Very useful info. I like to read news via Medium as well, there’re a lot of good articles about cryptocurrency and other spheres
The Grugq’s blog is one of the best in-depth opsec resources out there: https://grugq.github.io/
He also writes on Medium: https://medium.com/@thegrugq
The Grugq’s work is more like case studies — it’s not usually straightforwardly instructional — but there’s a lot to learn if the topic interests you. How do people screw up and pwn themselves? A lot of ways, honestly.
And David Friedman on privacy is quite good.
One part from this article that made me thinking:
If you drive an internet-connected car, hackers can crash it into a concrete wall and kill you and your family. I know, this sounds crazy, but it’s real.
Good articles, thank you. I also read Medium sometimes.
By the way, I’m planning to curate a privacy reading list for the Zcash Foundation’s blog. I will definitely be paying attention to this thread for suggestions (and will credit forum users for articles y’all bring to my attention). Thanks for starting it up @boxalex!
quisquis is an interesting privacy protocol that has come up recently.
It’s not as strong as Zcash, but much more light weight
This is really really bad advice. the person who wrote this does not understand what they are talking about. A vpn does nothing to hide you from govts. It rarely hides you in the way you think it does on the internet. All you are doing is letting NordVPN (or whoever) sell your data rather than your isp. You are paying twice to have your data sold.
When you try to dumb down InfoSec and opsec you end up with rubbish like this. You are relying on a for profit 3rd party not to give your info to anyone that asks. Think KYC and ASIC’s if you want a relevant example.
The solution is TOR, or possibly I2P depending on what you are trying to do. There is no one size fits all. and no TOR +VPN is worse than just TOR. If you need secrecy use a TOR Bridge, privacy use the TOR browser bundle.
Can we please vet advice we give when recommending 3rd party software.
The best way to learn about opsec is to learn how people fail.
I will be updating this post with relevant links as and when I pull them from my mind.
Tor is good, TOR is really good. This is how people get caught when using tor (note: none are by an exploit in tor itself, just really bad opsec, including how a VPN provider who doesn’t keep logs, did keep logs and gave them to the authorities. - I am not making any moral judgement. this is purely about opsec.)
EDIT 2/3: youtube seem to be removing videos. updated with a new link.
Just in case it goes down it is easy to find on google too.
“DEF CON 22 - Adrian Crenshaw- Dropping Docs on Darknets: How People Got Caught” - I have it downloaded too tho.
I’ve never heard of this guy before. but this is a decent video to work out if you are being screwed with via text/phone and to do due diligence on potential business.
He does gloss over how a lot of the sites will track you, and that python script is not running over tor. Id suggest using the webtools over tor.
- download this! it will probably be pulled next!
I am going to put some stuff up about tor in general. in the next few days as I go through all my old links and download them.
The only VPN that I would trust at all is Private Internet Access, and only because it’s been proven in court that PIA doesn’t keep logs. On the other hand… that could change at any time, and how would I know? VPNs make the most sense if you just want to pirate media without getting popped by your ISP.
I definitely prefer Tor, and the Tor Browser Bundle is not bad. It’s improved a lot over the past few years (I hardly even notice the latency). I’m currently considering switching to it as my main browser, but idk if I want that amount of hassle.
Yeah, I know what you mean. I don’t use it as my main browser, there are still too many opsec fails that you can do without thinking (loading not https in a https session over tor - I think httpseverywhere should fix it tho if it hasn’t been addressed already) is one that used to be an issue, I don’t know if it still is, but a lot of people run exit nodes just to sniff traffic. - this is much less of an issue with your ISP, but again it depends on your privacy/secrecy model.
Personally, I really only use .onion sites with tor and to bypass geolocation blocks. In no small part to sodding cloudflare and their stupid capture system they put on all tor exit nodes
I will look into PIA.
Anyone remember why mailshack closed down? I think it was WikiLeaks, cant find much on google. anyway they gave over their private keys.
If someone wanted to pirate some media, say via torrent, a VPN would still be an issue. The way someone might do it, would be:
Get the tor browser bundle.
Find the .torrent file they want and save it locally.
Open their favourite torrent client and select Encrypted connections only in the settings.
Change the traffic port to 443 (not always needed, but can help sometimes - makes it look like https traffic.)
Download over your encrypted torrent stream through your normal ISP connection.
This is just a thought exercise though.
I think if the VPN is in a different jurisdiction, that helps, since the authorities relevant to you may not have access to whatever records the VPN company keeps? But I’m not an expert on this by any means.
You can also run your own VPN, using a tool like Streisand or Algo… which circles back to both lots of hassle and many opportunities to pwn yourself
Maybe, I still wouldn’t rely on them not bending the knee, but like you I am not a legal expert on this either. One very good use, and probably the only real usecase is if you do a lot of travelling or connecting via public wifi spots. Id much rather a VPN provider handled that genral traffic in privacy from any spod on the wifi who wants to mitm/sniff traffic/etc.
The geo location block avoidance is another good feature for a traveller. But it doesn’t do much to protect you from corrupt govts.
This is the only usecase that I can that makes a vpn worth paying for.