The DNMs can be a scary and dangerous place if you don't know what you're doing. Use this thread to ask questions or give advice on harm reduction & OPSEC!
Safety & Security Saturday!
The DNMs can be a scary and dangerous place if you don't know what you're doing. Use this thread to ask questions or give advice on harm reduction & OPSEC!
[8 Points] AlpraCream:
[2 Points] savingfluffybunnies:
http://dreadecomdopooda.onion/
Lots of security discussion happening around there.
Also r/NetSec, love those boys, I haven't the sweetest fucking clue what's going on but I'm sure glad they do.
Oh and /r/murderhomelesspeople for your IRL dealing opsec discussion (now also on dread)
[2 Points] SpeedStepper:
right
[1 Points] Mandy-Bot:
Auto Bloober Blabber.
[1 Points] SlingDNM:
Can you pay DHL Postage with tracking nnumber with bitcoin somewhere?
[1 Points] fistedsister89:
So was deepdotweb posting phishing links to dream?
[1 Points] bnparibas:
hello, on Dream, after deposit my monero, my address has not changed. good or not ?
[0 Points] waxtelephone2:
Let them be auto mod let them be ...
Edit: I was just recommended to repost later in the week as my own post to get it some more exposure, so I might go ahead and do that too.
EDIT2: When I write a full guide I will likely have more information. I'm working with limited resources right now.
EDIT3: I want to emphasize never alter your tor browser in any way (aside from making sure your tor button is slid up to the highest it can be), a lot of this is for clearnet browsing as privately and securely as possible. Tor is configured the way it is for a reason, any changes made will make you stick out or worse
First of all before reading this, sacrifciing useabliltity over security and privacy, is something you need to get used to and make it a standard protocol. if you are not willing to scarifice usability over security and privacy, you are defeating the purpose of a lot of these tactics.
Great guides on how to use a wide variety of tools and explanations on many things a darknet user or privacy advocate should know.
https://ssd.eff.org/en#index
Use https://www.fakenamegenerator.com to make accounts using a vpn, nobody will know who you are! See my profile for example. It throws people off really well. Even the email address to sign up for stuff works (The designed website for the person in the profile expires into a parked domain)
This site contains such a wealth of information
https://www.whonix.org/wiki/Documentation
Great security related podcasts you don't have to be an expert to understand, they cover everything from the latest data breeches every week, to anythiing related to security . A lot of it is explained in an easy enough way that it doesn't take a lot of knowledge to understand.
https://www.youtube.com/channel/UCNbqa_9xihC8yaV2o6dlsUg
https://www.youtube.com/playlist?list=PL995EBE645950DFF5
If anyone knows of similar podcasts like that, please share! I look forward to these every week.
https://www.ipv6leak.com - (If you are on a vpn, make sure you are not leaking your ipv6 address, a lot of vpns do not use ipv6, if your network settings are incorrect you may reveal your true location through ipv6 because your vpn will not be able to provide one if requested by a website you visit, so you will be forced to use your real ipv6 address, most network cards enable ipv6 by default, you need to learn how to turn it off as well as disable ipv6 dns lookup in firefox about:config (don't mess with tor))
ip-check.info/?lang=en Fingerprinting test and what websites can tell about you every time you visit them
amiunique.org Fingerprinting test - (the less unique the better)
https://browserleaks.com - Various browser tests
THIS IS FOR CLEARNET BROWSING: DO NOT ALTER YOUR TOR BROWSER EVER!!!!
My full guide I intentd to write will also include more information to remain as private as one can on the clearnet. These were just thoughts I threw together on the fly, although effective, It is no a guarantee of your privacy and security from everything. It will help in most cases though.
https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation
https://github.com/ghacksuserjs/ghacks-user.js/wiki (guide to using the above user.js)
There are more changes to your about:config that can be made for privacy and security, they are kind of scattered around I can't find them, but that does cover a very large amount of privacy/security tweaks to make to FF. And the user.js gets updated frequently, with a one click update you can update your current profile to the latest revision.
Also, always block incoming connections by default with your firewall. Any application you use can phone home. For example, if you don't block Ccleaner on windows from making an internet connection, then the log of everything you deleted from your pc can be sent back to their severs to be sold to third party data brokers (Do you really think think many people buy the premium version to make them enough money?). Only let applications that absolutely need internet access to have it. Many will ask you for it to auto check for updates. You should check for updates on your own, not let them phone home to check.
In general, you should always run your browser from memory only, disable disk cache disable a lot of dom settings too, they allow for websites to see how you interact with their web pages, read the contents of your clipboard, they aalso block your normal context menu, often times with the right dom setting disabled, you can download videos by right clicking on them and saving the video.. The default settings do not allow that. (The user.js file should do most of ones that need to be done to the dom settings)
In my opinion, a must have application, that should be backed up on multiple devices, and used to create a strong password for every account you make. The database is encrypted as well, you must use a master key, and an optional keyfille to unlock the database. You can store files in it, pgp, market urls, wallet recovery words, anything, not just passwords. It is also cross compatible with the versions they use linux privacy based OS's as welll. I have the database backed up on all of my drives, as well as offline on a couple usb keys. There also some great anti keylogging features you can enable with a feature.
https://keepass.info https://en.wikipedia.org/wiki/KeePass
https://www.keepassx.org https://en.wikipedia.org/wiki/KeePassX
Also about keylogging malware safety
https://keepass.info/help/v2/autotype_obfuscation.html
Future plans to make firefox more like tor out of the box by default. A lot of thse features are already in it (disabled by default) and improve with every release!
https://wiki.mozilla.org/Security/Tor_Uplift
Couple of youtube lecturers on privacy I suggest everyone watch too. Not just the ones I am posting they have more talks on youube.
Bruce Schneier
https://www.youtube.com/watch?v=bjopJ-_vAUE Defcon QnA
Thegrugq
https://www.youtube.com/watch?v=S8GPTvq1m-w OPSEC talk