What should SaidIt users be doing to maintain their personal security when participating here?

submitted by [deleted] from self.AskSaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 38 insightful - 4 fun38 insightful - 3 fun39 insightful - 4 fun -  (22 children)

Good OpSec should be practiced by everyone in general:

  • If you use your Saidit username in other places, consider all uses linked with respect to how much you've doxxed yourself
  • Consider the email you registered to a site with public information, never use an email that links back to your real identity on a social media account. The most common way people get doxxed is using a real email like yourname(at)gmail.com on on a site like LinkedIn or Facebook, as well their shit posting account on a place like reddit, or some other internet forum.
  • Assume that most all of your emails will be compromised at some point, make new ones for new sites - it's free
  • Never talk about where you work or where you go to school
  • Never make arguments from authority, even if you are an authority in a field
  • Don't use the same password on different sites
  • Have a burner phone you use for social media accounts / emails where required. A prepaid phone in a made up name with 30$ on it will last ages when you only use it for dual factor
  • Use a VPN / maintain certain regions of IP addresses on your politically incorrect accounts
  • If you want to use social media or the internet for normal purposes have a normie account
  • You don't need a VPN on your normie account

Finally:

  • If you have good reason to believe you're on a glownigger watchlist, have fun with it. Leave Tor and I2P open all the time as a relay, but don't use them. They'll expend loads of resources trying to decrypt traffic that doesn't exist.

[–][deleted] 12 insightful - 1 fun12 insightful - 0 fun13 insightful - 1 fun -  (4 children)

And please secure the ship that you are flying through the internet, as far as you can or consider building a new one, if you can. Blackhat hacking is imo not just to be considered as criminal activity, i regard it more like a rain problem, which only gets into your house, if your roof has holes in it.

Some gangs made a business model from this.

Make it as expensive as you can - for them to achieve - with the things you know and have energy and time to read into.

Furthermore: Use different passwords for every account you need and get a password manager and at least two different trustable backup solutions of your choice for that.

And don't buy those nasty bugs from Asshole-Zon or googol INTO your own rl house.

Finally: There is no cloud, there are just other's people's computers. It is label dizziness or a straight-out direct lie ("free" clouds...) into your face. Trustable cloud computing is very, very expensive, that is why these solutions are spread very thin in the market. With the massive computing power asshole-zon and googol bought, i believe there is no practical concept so far, that can withstand these giants, other than keeping your stuff on your ship, behind a big, massive door with a very complex lock.

Behind them is ATLAS, namely the NSA (and Palantir selling this very dark magic), employing over 20000 mathematicians manipulating the curves to beforehand control almost every good crypto you can implement easily.

[–][deleted] 12 insightful - 2 fun12 insightful - 1 fun13 insightful - 2 fun -  (3 children)

I agree that Technical security is important to have; but I've seen far too many people ignore the fundamentals.

Most doxxing isn't done by blackhats, it's done by politically motivated internet activists, often in cooperation with employees that work at the social media platforms and Google. If you ignore fundamentals your custom security focused Linux install with your real disk image layered behind stenography isn't going to save you.

The key lesson is not trusting anyone with your real information. Especially activist corporations like Google, Reddit, etc.

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

Agreed. I'm like water, in mirrors I can see the future :) .

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Lots of extra good information edited in. I was saying this shit back in the 90's due to Carnivore/DCS1000 and Total Information Awareness; everyone called me a crazy tin foil hat conspiracy theorist. Funny how that worked out.

I've always been fond of Twofish + Serpent for encryption, what are your flavors?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Excellent choice.

[–]quipu 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (0 children)

If you have good reason to believe you're on a glownigger watchlist, have fun with it. Leave Tor and I2P open all the time as a relay, but don't use them. They'll expend loads of resources trying to decrypt traffic that doesn't exist.

I like this.

I also like to maintain weird random accounts at foreign "free" email providers. I don't use the accounts, but I could! It's fun to add to the noise.

[–][deleted] 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (10 children)

how do you tell if you're on a watchlist?

[–]nolivesmatter 7 insightful - 9 fun7 insightful - 8 fun8 insightful - 9 fun -  (0 children)

you are on saidit

[–]Shitskinned_Faggot 7 insightful - 4 fun7 insightful - 3 fun8 insightful - 4 fun -  (6 children)

Police broke my door down and searched my house because of my comments on Reddit, that's how I know.

[–]aThievingStableboy 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (3 children)

adfgfaSD

[–]Shitskinned_Faggot 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (2 children)

UK.

[–]aThievingStableboy 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

adfgsfads

[–]Mallard 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I knew where you were from the first comment you made. Hope they didn't lock you up.

[–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

What was it about the comments that triggered this?

[–]Shitskinned_Faggot 12 insightful - 3 fun12 insightful - 2 fun13 insightful - 3 fun -  (0 children)

Suicidal threats actually, concern for safety.

But I was asleep and didn't hear them until they pulled out their battering ram.

Then they questioned my nastier comments too and I played dumb. I had 3 police visits in a month over my online comments on Reddit, they claimed 'malicious international communications'.

Waiting for a FOI request to see what information they hold about me.

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Assume if you were ever the head of or an active participant in any small or medium sized groups/channels/etc where someone snapped and got violent, you're on a list.

[–]wrongthink 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

If you're able to tell then the watchers kinda fucked up.

[–]Aureus 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

This is an excellent guide, thanks!

Assume that most all of your emails will be compromised at some point, make new ones for new sites - it's free

What providers do you recommend?

[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

If you don't care if the site can contact you just use a temp provider to sign up. Guerrilla mail, etc.

If you want private emails it doesn't really matter which email provider you use. Exchange keys with people outside of the context of the emails and send encrypted communications (Enigmail, etc). Don't trust anything that "handles it for you" (transparent encryption) as this ultimately means your private keys are in the hands of a third party. As long as you never associate your real identity or use the same key for "real emails" as the ones you use under pseudonyms it should be fine.

Gmail is sketchy unless you have a whole sandbox set up for your persona, because they will correlate activity elsewhere on the web to establish your identity through their "free tools", and ad business. If you do have such a sandbox set up and your real information never touches it / gmail away.

[–]Sscratchie 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Protonmail is Swiss. All the mail is encrypted on the server. Only access it through Tor. Tails is the most secure OS and it's portable.

The best password is 2 lines of the first letter of every word in a song. Heartbreak Hotel is A1acYcsfsr. Add Fbhl2ct1tg for NSA proof.

This all fails if they beat the passwords out of you.

Edit Tails executes an emergency shutdown if the USB is removed. All evidence is gone in less than a second.

[–]cloudrabbit 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

What about passwords? How do you memorize passwords for so many accounts? And the account/email usernames?

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

What about passwords? How do you memorize passwords for so many accounts? And the account/email usernames?

https://keepass.info

Something like this works fine - but your grandparent's embarrassing habit of keeping a notebook next to their desk works fine too. After all, your biggest threat is not someone physically walking in your door, it's someone hundreds or thousands of miles away.