But, Governments should not be afraid of their people either. There needs to be a balance between the two. I’m not one to start a descussion about that, I’d rather have a hand made bunker under ground in the mountains somewhere, so that when the shit hits the fan, I can survive, and go on to lead the revolution.
Anyway, did you know that October is the National Cybersecurity Awareness Month. I didn’t know that, but whatever. There are all sorts of ways to protect yourself online, all sorts of simple things that get repeated day after day after day on blog after blog after blog, so much so, that most people don’t listen to them anymore (if ever). Well I’m gonna change that. Right now, after the click is a list of ways that, if you follow, will make you incredibly hard to track, crack, and smack you online. Be warned though, as these methods are so crazy that even I don’t follow all of them (yet).
Disclaimer Everything you do online can be found out by anyone with enough time, resources, and dedication. The very act of connecting your computer to the internet is sometimes enough for someone to find out every single thing about you. No amount of firewalls, proxies, encryption, or safeguards can protect you from a sentient computer program hell bent on using your credit card to purchase bootleg copies of The Gillmore Girls Season 3 DVD set and then using those in an elaborate series of murders designed to bring down the entire Eastern World. (And do not even think of an excuse why that will not happen, because it already has!)
The simple truth of the matter is this:
The government is watching you.
What government? Doesn’t matter. They’re watching you, could be the US gov, the British gov, the Russian gov, or the Mexican gov. Doesn’t matter, somewhere, someone is watching you.
And there’s nothing you can do about that.
They watch us all. “Don’t they have better things to do?” No, they don’t.
They pay people to sit at computers and gather data, they build computers to gather data. The NSA analyzes all internet traffic every day to find/make/break new codes. So it’s not a question of if they can find you (and it sure as hell isn’t a question of when either I hate that cliche), it’s a question of why will they find you. If you give them a reason, they will be find you, and it’s only a matter of which branch of what government is after you for you to know how long you have. For the most part, you will have nothing to worry about. You can search for how to make bombs at home, how to enrich your own uranium, how to hack computers, or anything you want really. The knowledge of how to do these things isn’t illegal. But still, you may want to know how to do them, because knowing is half the battle, but you just don’t want people to find you. Well I have news for you, that’s gonna be hard. But here are some other tips on how to stay hidden.
First, you may want to stay hidden by using one of the private browsing sessions offered in all the major browsers now a days. Well, I have news for you, that really won’t work. All it does is leave fewer traces on your computer of what sites you visit. Those websites keep their own trackers, and if you have a key logger on your system, guess what, it knows too. So if all you want to do is keep your bomb making tips hidden from your room mate, that’s fine, but it won’t help much when you bookmark the site cause you need to keep referring to it, and trust me, there are only so many “reports to write on bombs” in a school year. If you really want to stay hidden you need to add in a proxy server or 3. (Another tip, always keep anything you do in multiples of prime numbers, here’s a list of primes for your reference, and no 1 is not prime). You gotta remember though with each proxy server you go behind, your internet gets slower. Also, change up your proxy servers tri-monthly (more on the tri part later on).
After you’re behind a proxy or 3 in a private session, you need to log into your sites. Your password should be no shorter then 11 characters, consisting of UPPER CASE, lower case, $ymbol$, Numbers, and punctuation. If applicable. Some sites don’t let you have symbols, or punctuation those sites are STUPID. At the very least, it should be long. Remember, the longer the password, the more time it takes to break. Assuming there are 76 different characters (lower Upper, symbol, number), at 11 characters long, that is 4.9 X 1020 Or, 490,000,000,000,000,000,000 different combination. Good luck trying to guess them. Oh, and if you add 2 extra characters onto it, you get 4.9 X 1024
Now, after you have your 11 character password, be sure you change it monthly. If you can’t remember that many times (hint, it’s 12 times a year), then go for tri-monthly. NEVER DO ANYTHING IN 2s!. Also, never change your password on the same day of the month, that’s also too easy to figure out. Make it random. The best way to make it random is to forget about it, and say “hey, I gotta change my password now” It’s best if you stagger your password changing too. So change your Gmail password one day, and your Facebook password 3 days later, and continue.
While we’re on the subject of Facebook, let’s talk about the pictures you upload to there. Not only are you showing the world what you look like, where you hang out, who your friends are, and all that stuff, you are secretly giving the government valuable data about your cameras. Information that can come back and bite you when you least expect it.
Something that most of the world doesn’t realize is that their digital camera is unique to them. We’re not talking about the serial number, we’re talking about the exif data that the camera stores, and the unique way the CCD/CMOS sensor records the light of the image. Each one is unique, and not obvious to the naked eye. But throw a few hundred photos from your Facebook/Flickr/Picasa, web albums and you have a suitable pool of subjects to test.
This Instructable shows you how to hide yourself from just that. But I would like to add some stuff to it: Crop the picture, create a duplicate layer, add it on top, make it 30% opaque, and put a different color overlay on it. Then crop the picture again, add some more noise to it, and save it for the web. Then do it all over again two more times (The rule of 3s!).
To really throw them off use a 35mm film camera, develop the film yourself (or, send it to a different CVS each time under a fake name paid in cash & coins). Then scan it into your computer on your own scanner. However scan 3 to 5 pictures in at once, overlap them a bit so the top centimeter of the pictures overlap. DO NOT CROP THAT OUT. Then add some noise in Photoshop, and the usual messing around.
Now the next step is messages. If you have to send someone a message, you can’t trust email. You could encrypt your message, but remember the NSA, they have massive super computers designed to break your code in under a minute. Your encryption wont work. So how do you do it? Well, a combination. First you need to AES-256 encrypt each word of the sentence(s). This way it is impossible for someone to decrypt it. If you want to go a step further, why not embed the message in an image. Image Cipher comes to save the day for that one, but I have some problems with it.
The concept is simple, you upload an image of your choosing, and type in a message you want. The message could be anything you want, but I’m not sure how long it could be, or how large the picture could be. I tried a few long phrases, and it gave me errors (not nice errors, server errors), and a few large pictures and gave me the same thing.
Unfortunately by uploading it to the server I have ruined the message hidden inside it, guess you gotta resort to sending via email or something that doesn’t manipulate the image if you want to send it to someone.
Also, you would want to use your own things to encrypt/decrypt the messages, because you don’t know what kind of backdoors the NSA has programed into the code you download from the internet. (For the sake of argument, nothing on the internet can be trusted, ever).
The Rule of 3’s
I mention it alot in this post, now let me say what it is. Basically, the Rule of 3’s is something I came up with that says, keep things done in increments of 3. Why 3? Because 3 is the first odd prime number, making it significant, it is an overall, excellent number regardless. I could go on more, but it would seem like babbling to most, so I will hold it back maybe for a future post.
You’ve told me alot about how to protect myself while online Steve, now how do I go about doing it IRL? Well, that’s alittle harder, but the same basic principles apply. Firstly, cash is your friend. So are gloves, aviator sunglasses, and long pants/shirts/coats. All of those add to your “mystique” but watch out, because those same things could add to your remembrance. To quote Rusty Ryan: “He’s got to like you then forget you the moment you’ve left his side.”
The gloves combined with the long sleeved shirt, pants and coat all serve to keep stray DNA from leaving your body. Gloves are particularly important for not leaving fingerprints. But fingerprints are the easiest thing to get out of now adays with a good lawyer, they aren’t the end all be all tell tale sign you committed the crime. But, because we’re paranoid, gloves. Leather gloves. The aviators protect your face, and eyes from the prying eyes in the sky. More and more places are putting up video cameras, and while most of them are VHS tapes that get wiped once a week, some are digital, and saved to hard drives forever. Remember if it’s digital someone can find it. Despite what you may think, anything connected to the internet is vulnerable, given computing time, and brute force, two things the NSA has an infinite amount of.
RFID is the new poster child of awesome. It can do some awesome things, but it’s what it can also revel that’s disturbing. As some people at DefCon recently found out, the hard way.
It goes without saying that you should not have any form of identification that’s RFID enabled on you ever. Refuse it all the time. If you are forced into having one (such as at a job), then you will need a Faraday cage. While this writeup is on having your computer equipment survive an EMP, it is relevant for making your own portable Faraday cage. Basically, wrap your wallet in foil, as long as the foil doesn’t touch the cards, most radio waves will be dissipated around it, protecting the information stored on the card. This is not a foolproof way to protect it. To be extra safe, you may want to think about a led lined backpack/purse. It may be heavy, but it could save your life.
Now, I have far from gone into all the ways to protect yourself. Even as I reread this for the 13th time, I realize that I’m missing things, namely the rule of 3s. Also, I could go on forever about how to protect yourself in person from the horrors of the internet, but I’m already at 2000 words! Were you aware you just read 2000 words?! Damn, isn’t that impressive? If interest is high enough, maybe I’ll start a second part to this, maybe, if you ask nicely, and more then 2 people comment, and they can’t be the same 2 people who always comment, and you can’t make multiple accounts and comment like that, I know who you are.