A modest proposal for the protection of your privacy. Part III
The third and final part of the article jameson Loppa, a leading developer keys.casa, about how to maintain confidentiality in the era of total surveillance. The first part here and the second here.
Protect your PC
The first thing to do is to cover the webcam. Malware can easily access them. I like the magnetic SpiShutter for MacBook. Another decent option is a simple self-adhesive blinds.
At the level of better software to control all the processes in your PC. A great solution is Little Snitch. To combat a variety of spyware applications you can use the Micro Snitch which warns you about unknown applications attempt to access the microphone or camera. If you want to protect, then do refrain from OS X and Windows. Linux on protecting privacy are much better.
If your paranoia has reached the level of Edward Snowden, disassemble your PC and disconnect the ribbon cable from the camera and microphone. Edward claims it’s just “pain in the ass,” you want to get rid of.
If you are a fan of Linux but don’t want to disassemble your computer, please note the laptops with open source companies Librem. They have hardware switches for the webcam, microphone, WiFi and Bluetooth. These laptops are operating on a clean Debian system.
Protect your profiles in the network
It is obvious that we need to do everything to not leave uninvited guests the chance to take over the access to your profiles in social networks, and especially to email. A regular user uses a maximum of three password for all their accounts. And this is the single point of failure. If one of the services is compromised, then you can be sure the username and password sell on the black market and feed it to the bots who try to use them on all possible online services. Perhaps your data is already used, you just don’t know it yet.
Get a good password Manager e.g. LastPass, 1Password, KeePass. Generate strong and unique password for each online service and add two-factor authentication. Not be amiss to protect the password Manager using one of the hardware keys security: Yubikey, or best wallet Ledger.
Despite the fact that you submit your personal information to third parties, the above password managers are convenient and rather safe. However, these services have drawbacks. They, too, can hack and steal all your logins/passwords. There are less convenient but much more secure password managers with hardware cryptographic keys (hardware tokens), with which you can manage your personal information. Lance wick, leading engineer of safety systems at BitGo, has written a great guide on how it works.
Special attention should be paid to e-mail security. Many people use only one address. And in this box can store a lot of personal information. If someone hacks it, then most likely, uses the received information to change the passwords to all of your other accounts on the network. So that one email address is, again, a single point of failure. Create several addresses for different purposes. And don’t forget about two-factor authentication.
Protection of communication channels
Sent an email, a text message, a phone call can be intercepted as they travel over the public communication channels without encryption. The program PGP (Pretty Good Privacy) will not solve the problem. Try to use secure email, such as Registered Envelope Service by Cisco. You can still get yourself a “burner phone”, which will be installed messengers through encryption (Signal, Whatsapp or Telegram). So you can protect your phone calls and text messages. For transferring large files suitable services like Send Safely.
Signal, Whatsapp and Telegram is a closed and centralized platforms that do not have the ability to read the content of your messages, but, theoretically, you can sell your metadata. All these services request a phone number during registration, and this is a breach in protecting your privacy, as they will know who and when you spoke. There are more secure, though less convenient alternative: decentralized instant messenger open source, such as a Riot, using the XMPP protocols/IRC and OTR/OTR.
Protect your financial data
Most financial services are extremely unsafe, and the protection of personal data there is generally bad. It’s easy enough to fix using the above mentioned strategy for the protection of online accounts: secure password and a hardware module with two-factor authentication. Remember, do not list your real address anywhere, ever!
Credit bureaus are agencies that centrally store a lot of personal data of many people. This information can be stolen. And of course, the base of these offices from time to time hacked.
Most US citizens only know about the “big three” credit bureaus, but actually them much more.
The best thing you can do is to freeze your credit reports (Credit freeze) that will not allow unauthorized persons to access your personal data. Then — a few links on the pages of the credit bureaus USA where you can do this:
Advanced Resolution Services ;
Clarity Services ;
The ideal option to opt out of credit cards.
Protect purchase information
Cash is the most convenient and safe payment method. But cash is used less and are not suitable for online purchases.
Debit or gift card remains the most secure and convenient payment method. The ideal option is to issue a card on your “OOO No name”. Just make sure that your company data is your personal data. Billing specify the address of the “company Without a name” (this can be the address of your agent or mailbox). There is a small caveat: releasing the card, banks want to know your real name. I have no specific solutions to this problem. You may be able to make friends working in the Bank, which will help to make the system work for you.
A great option is a virtual one-time card. They are more secure, because you set yourself limits for each card, and the sellers in the payment record different details.
You can have up to 10 prepaid cards simultaneously;
Additional charges apply.
Available physical prepaid Visa card;
The limit for withdrawal: up to £ 100 without an ID;
Additional charges apply.
Virtual prepaid Visa or Mastercard;
Additional charges apply.
The ability to create an unlimited number of virtual Visa cards;
Each map can be configured separately;
You need to specify information about the current account;
The creation of prepaid virtual or plastic Mastercard;
Additional charges apply.
Virtual gift cards for sellers of goods and services;
For those who have a Bank account in the United States, the most convenient option is Privacy.com. Note that by default they will ask for a username and password to log into your account Internet banking. To protect yourself, ask to connect your Bank account through the Automated clearing house (Automated Clearing House) not to allow Privacy.com to track the movement of funds in your account.
Note Privacy.com does not report the amount of daily and monthly limit. I’m not sure of the numbers specified by default, but the day limit, it seems, is less than $2000. You can write to the support center and increase it, but the result will depend on payment history on your card.
There is one caveat regarding the use of disposable virtual cards Privacy.com. Some shops remove money from them several times. Most often this is because the sellers do a pre-withdrawal of funds to verify the card, then they cancel, and the fee for the goods is debited at the moment of sending. Another problem I faced when I make a purchase at the Home Depot. This company has several delivery services (local and remote). In the end, even if you made one order, the payment is not one but multiple transactions. And again, some services refuse to accept a virtual debit card, as sellers consider these operations risky.
It is also worth noting that Privacy.com prohibits the creation of multiple virtual cards for one company. During setup, the account made no mention of it. You will learn about it only after Privacy.com will reject the payment.
Payment in the amount of $0.00 on the website HOMEDEPOT.COM rejected because we found a few of your cards registered on HOMEDEPOT.COM. To protect the data of our new customers and prevent the promotions of such actions is prohibited. If you have any questions, please contact our support team [email protected]
And the last: for next level security, you can create a double proxy, that is to register on Privacy.com account tied to the account of your “OOO No name”. In this case Privacy.com most likely not immediately confirm the creation of your new account. This service focuses mainly on work with accounts of individuals. But in a few days, after security checks Privacy.com for this to happen.
Protect data of your driver’s license
It may be harder. In the United States driver’s license must comply with the requirements of the law on identity card, REAL ID Act. It is necessary to provide information on the actual place of residence, presenting the received address accounts or financial reports. If you followed the instructions in this article, then you can’t receive mail in his name. The redirector that I wrote above, here will not help. In order to use them, you must specify the actual place of residence.
The common man is difficult to access information about your license. But private detectives can easily do it. In addition, your data is available to thousands of civil servants, and they have them literally at your fingertips. Lately, there has been recorded a huge number of violations related to the use of personal data. Moreover, aministratsii some States earn tens of millions of dollars selling driver’s license data to third parties. So you should understand from whom you want protection. If you assume that someone wants to hire a private investigator to hunt you down — care must be taken to protect data license.
As I wrote earlier, you can read the forums on the nomadic lifestyle and look for useful information. The impression that the nomads just find friends near his parked trailer and use their address. Of course, you have to trust the person who receives your mail and address can not be associated with your name. You don’t want to expose your friend?
In addition, there is always the possibility to use the services of a local lawyer who will help to resolve the issue. As I said, if you have the money — take out a cheap apartment and use it as official residence. And try to appear there as seldom as possible.
Until you decide what to do with a driver’s license, think about obtaining an ID card if it is issued in your country. ID-card can be presented as proof of identity without revealing the address. The US passport it is not specified.
Travel and border crossing
If you are traveling by car, it is likely that the cameras will record the license plate, scan it and identificeret him and you. There are a number of devices, masking the numbers, but I doubt their effectiveness.
In this case, you again can help check the car for a “No name”. Attention mega-paranoid: remember that new car models are equipped with GPS tracking systems such as OnStar. You need to disable that or just not buy the car in this configuration.
If you want to reach the top level of privacy, then do not buy a car. Without a car you can easily do in densely populated areas, although in rural areas without a car will be difficult. In areas with an average density of the population can use the services of car-sharing and joint visits. Account, of course, it is better to have a “No name”.
Crossing borders, be prepared for security. There are two ways:
Bring all necessary information with you in an encrypted form
Pros: It’s convenient
Against: You can’t deny that it’s yours
Don’t take your data with you
For: Border services can do a quick check, but didn’t find anything
Against: the Data will have to pass on another way
If you don’t want to carry through the border device to store the data in advance send the disk with encrypted data in the destination. You can also create a disk image, encrypt it and upload to the cloud. Another option is to store all your data on a constantly running home computer. In this case, you will always access the files via SFTP/SCP or more intuitive programs Syncthing. You can also manage your computer using a third-party server and work with a laptop as a thin client using RDP and SSH for remote access.
Johnathan Corgan wrote a program to create a fully encrypted disk image of Ubuntu, with a choice of settings. Received ISO image you can burn to DVD, flash drive, or run the image on a virtual computer.
You may have noticed that during the passport control the passport scan and make photos. You have no choice and you must undergo this procedure if you are not a citizen of the country in which we drive. But if you return to your home, you have the full right to refuse it.
Arriving at the destination, you will likely settle into the hotel. During registration, use the alias. Earlier, it was simpler: you can call any name you want and pay cash. Now most of the hotels ask for ID and a Bank card. JJ Luna recommends that you add another “authorized user” to credit cards with a name that you will use as an alias. Administrators of hotels, often still whether the name of the person who reserved the room and who paid for it. So do the writers, actors and musicians. If you still ask why the names do not match, tell me that the room reserved for your stage name and it is decorated card.
Voting in the elections, you Shine in the public registries. Nothing to add here.
It is clear that to commit a crime is not necessary. If caught, the information in many databases. But there is another problem — what if you are the victim of a crime*? The consequences will be equally sad — your data will fall into all sorts of databases. The only thing that can advise — stay away from bad companies and avoid dumb situations. If you suddenly witness a crime or emergency incident and decided to call the police, use a burner phone, and in any case, do not leave contact information.
Protect your family
Here, too, everything is very difficult. The more family members living with you, the higher the level of privacy threats. That is, you must not only protect themselves but to take care of adequate levels of data protection all members of the family. In this situation, there should not be any weak link.
Marriage: creates an entry in the state register about your connection with someone. Given the fact that marriage, as a rule, the event is public, it is desirable to conduct away from the place of actual residence.
Children: you will need to obtain a birth certificate, medical records and school records. The last item to get around the most difficult. It is very expensive, but if you can afford it, you can transfer the child to home-school or send to private school.
Task: to confuse the trail
If you can afford it, think about how to set about pointers. Those who you are targeting, most likely, a limited budget. Specifically allowing the leakage of false information, you can send them off on a false trail and lead them into a dead end.
How to arrange it?
Select the address where you could move;
Tell friends and acquaintances that’ll definitely never come;
Change the place of residence in social networks;
Create profiles in social networks bound to this address so they lit up in the open databases.
Time all limited. Money — too. So in most cases people who want to find you, will cease to seek you out after several failed attempts.
Clean history and delete the data
In some countries/States you can send to the authorities a request to delete personal information from the databases of various services. However, this can be a waste of time because you cannot be 100% sure that all your data is really removed.
If you are determined to do away with the “old life” and start anew, then you do not need to worry about remaining in the registers of personal information — it can be left as a false trail.
Using these recommendations, you will not be able to hide from the government intelligence agencies. Also, be aware of the security cameras. They stick out on every corner and are networked, so to hide from “Big Brother” in an urban environment is extremely difficult. With full confidence we can assume that there are many companies that handle the recording of these cameras, using the algorithms for facial recognition, tattoos, gait, and then sell the data to third parties.
The weakest link of your defense is the people with whom you communicate. Recently I came face to face with the idiots who was leaking information about me. Some data loss incidents I figured out, the rest will hope that will carry. To avoid such situations, never, under any circumstances, do not list your real phone number and email address.
Be very careful and constantly monitor the actions of the services they use. I had a few moments when I had to intervene in their activities. For example, once the Bank has sent me the application forms for the issuance of debit cards to “OOO No name”, and on the letterhead indicated my real name. This could lead to serious leaks and any seller could track the relationship between me and “OOO No name”.
The only way to check how well you hid, is to hire specialists who try to overcome all the barriers set by you. Hire an experienced private investigator. Or two, and ask them to dig into your life. You will then be able to understand how deep you need to dig and at what price to calculate the you. By and large, everything depends on the motivation of your pursuers.
An experienced private investigator in search for your traces explores a variety of databases. And if he doesn’t find anything – don’t stay. Ask him to trace one of your friends or relatives who are able to merge information about you.
If you consider yourself an expert in this field, can indicate the gaps in my security system, or just want to add something — write to [email protected] Let’s talk.
Here are some useful sources of information, which I enjoyed, but not mentioned in this text:
Jolly Roger’s Security Guide for Beginners;
How to Disappear;
How to Protect Your Financial Privacy and Keep Your Accounts Secure;
JJ Luna — International Privacy Consultant;
Intel Techniques by Michael Bazzell;
How to Vanish.