Imagine Being This Web Dumb
An 8-Step Plan and Quick Long Take on Something Else Important I Mentioned a Month Ago
My American-based advice here is directed strictly for Canadians to help minimize their exposure to more bad actors who wish them IRL harm.
People who wanted to support Canadian truckers trusted the non-bank banks called GoFundMe and GiveSendGo (soon to be GoneGoneGone, h/t to a Slav fren for that phrase) but these donor friends are simply not skeptical enough of humans generally and the internet specifically. Saddens me. Their reliance on these Silicon Clowns has resulted in some $20 million (U.S.) to be passed around the interwebs and landing in the hands of exactly the people the donors sought to avoid helping.
I wrote about this in January 2022 nestled among other things:
GSG was “hacked” by “hackers” who hacked up real-world identities of the givers and by releasing their data into the wild, have staged about 103,000 donors for the tender mercies of Revenue Canada inquiries, CBC harassment, license and certification and insurance discrimination, activist visits to their doorsteps (perhaps the worst of these things), and for Americans, IRS manhandling, perhaps more “law” enforcement on both sides of the border if the allied North American governments keep expanding the definition of “emergency threats” and “insurrection.”
GSG hosted their site with Amazon Web Services (er, what is wrong with this picture?) and apparently, on some kind of shoestring budget, hired low-rent security people who left a giant front door wide open called a “S3 bucket.” You can believe that reporting, or you can imagine a deeper rabbit hole where Amazon techs, seeking favor with global Lefty Overlords, stepped in to “assist.” You can believe even more about what the rest of the global intel apparatus gets up to, it is hard to be sure. The bad news for GSG is that their donators’ credit card information is now known to have been stored in an unencrypted format, which is a big no-no for big processors like VISA and MasterCard. GSG could (I bet will) lose all rights to process payments for this oopsie. The politics is pointing in only one direction. I wish them luck.
Time was once where the average techno-anarchist-dissident was against the powers that be, rebelling against the Ruling Class. Now, it seems they are all co-opted. The stories of Snowden and Assange have acted as a cautionary tale that has given the techs a sense perhaps that it is better to join TPTB than be bulldozed by them. DO NOT TRUST TECH.
Here are some simple guidelines for the basic-model normie Boomer to follow when attempting to navigate the shark-infested interwebs. It will be a little more cumbersome than you are used to, but if you don’t like canceling credit cards and moving away to another physical address while being put on watchlists for thinking the Bouncy Houses in Ottawa are cute and those chilly kids need $25 worth of hot dog buns, then pay attention to how bad things have just been revealed to be.
8 Steps to More Interweb Anonymity That Will Harden You to Exposure
Step 1: Get off the interwebs and stay off. A good idea, especially if you have been caught up in the GSG data breach. If you must be on, switch providers if you can. Leave all social media behind: delete accounts, go cold turkey. You don’t need Faceberg to remember your friends’ birthdates. If you do, you aren’t a very good friend. If you are using that or Snapchat or IG or Twitter or TikTok for any reason, you are literally on your knees begging bad actors to deliver you some nice targeted harassment. Find another non-compromised, non-global social media if you need to stay in touch with friends and groups. Some say Keybase is a cure.1 Others know that China owns it, so choose wisely. Some say Poa.st and some say Gab.com but each have drawbacks.
Step 2: Since most people can’t easily pull the plug on the web, a solid router and multi-layered VPN is essential hardware and practice. Essential. Not negotiable. Without a router and just a raw plug into the modem or through a hub, outside can see into your machine, naked. Router makes that one-way only: you looking out. If you are going to get on, then use VPN like your life depends on it, else see Step 1. I am being as serious as a mild case of vaxx-induced myocarditis here. VPN operates in the background and simply encrypts and joins your web traffic with the traffic of many many other users and dumps all the traffic off at an IP address that does not reflect your home address (yes, without VPN in 2022 they can 100% see your [subpoenable] ISP and “home address” now….how do you think THIS happens.) There are many services out there that cost a few bucks, but a really easy one to start with is a hardware VPN where the firmware is loaded inside the router that you absolutely need (see above). We are talking $300 for the router + service the first year and $100 each year after that. Once you plug your modem into the router and activate VPN, your wireless devices are automagically routed via VPN. It is really seamless, remarkably straightforward. (Your Netflix and Amazon and Hulu subscriptions will deny you access when VPN is on, so make your choice: pay for media that hates you and hand them your exact dronestrike GPS coordinates, or save a buck and tune them out.) Once hardware VPN is up, you can then use software VPN within your computer OS which makes VPN tunnels within tunnels. ProtonVPN is a solid choice. Some say NordVPN has this problem of being dark in the daytime and glowy in the dark. It isn’t clear. I have no experience with them. Some say DigitalOcean is good, but it is more involved than comfortable for the typical newbie. Once VPN is formed, within the OS you can use TOR as a browser option for an added layer of obfuscation as to where you actually live. This prevents hackers from easily knowing everything about what you probably hold dear with a few evil keystrokes. Make it hard for them. It is in no way illegal to be a hard target. Right now, naked, they are 20 minutes and an Antifa doorknock away. Doing what I have said will make it exponentially hard for them to know where to find you. You have a really, really high probability they will just give up and go look for the guy who blew off this advice.
Step 3: As with the TOR browser recommendation above, you must stop using legacy spyware, aka corporate web browsers. You absolutely may not use Apple Safari, Google Chrome, or Microsoft Internet Exploder. I cannot even strongly recommend Brave as an alternative because I see a lot of Chrome-looking things embedded in there. I have trust issues. Use no other browser but lynx (!) or TOR, which is a modified version of FireFox. FF may be OK if you wish to dig in, learn, and harden it. At minimum, you will need FF Add-Ons called: NoScript, PrivacyBadger, HTTPSEverywhere, and AdBlockPlus. Some people say uBlockOrigin, but YMMV. You will need to comb-through the settings here too. These things will make your web experience clunky (clunkier than wide-open acceptance of all corporate preferences and desires that you have been offering until now) and doing this will block loading invisible but intrusive (sometimes functionally needed) scripts unless you manually let them in, so pages will appear slightly broken. You will need to study-up on how to harden your FF further in the Settings menus. (I am just going to say it, the links for such things are always evolving, so I leave it to you.) You will need to resist accepting automatic updates that will wreck said settings. You will need to operate within Private Windows and save nothing at all, no cookies, no images, nothing. Enhanced Tracking Protection: Always On, etc. You must resist the urge to maximize your browser to fullscreen mode: they can quickly determine the dimensions of your screen in your office or tablet and tie that to other information they have on you to establish confidence about whether you are a return visitor. It is part of your fingerprint. This is adversarial. They will try to do deep interrogation of your machine, get a unique CPU ID. Don’t make it easy for them to take your information.
Step 4: Remove all spyware apps. I am not going to go into detail about how to spring-clean your boxen, but find a based tech guy and have him do a fine sift of all the silly plaque that has accumulated on your machine. No social media app can remain, and any install rhizomes must also be swept from “the Registry.” This Croatian company takes it’s job sorta seriously, they know what tyranny looks like, and they have not really let down my friends before: ESET. Their sweep for virus and malware may be an interesting reveal to you. Viruses and malware are some of the ways bad actors phone home to the Mother Ship with packets of information about you.
Step 5: Stop using corporate search, swap to another search engine. Google and Bing are definitely watching your every move and barfing what they know to bad actors upon request. Any website using Google Ad Trackers will plot your course through the net (NoScript will reveal this, just deny them access). Facebook implants (if you let them), 3rd party tracking “images” in your computer memory that lets them see where you have been. This is how that Tuscan chicken recipe link that your mom sent you 2 weeks ago suddenly leads to a rash of Tuscan flight offers, travel plans, and villa real estate. Twitter and YouTube also. Stop with social, I beg you. But the Holy Grail of all things interweb is what you search for. Don’t let them know. Or if you do, chaff them with goofiness a few times a day: ice skating rink Hawaii, Mercedes canonical ensemble, Doberman retriever, Capri Sun hard cider, Berkeley Republicans, Hillsdale Democrats, etc. All search products are pretty stupid, so avoid them, but know the above two generally could not care less about you, they look on you with disdain. There are 3 that you may be interested in seeing about: Qwant.com a French product that has interesting alternative results pages compared with Google, the otherwise Gold Standard of search; DuckDuckGo.com which has been around a while and some people like them, but I find their results algorithm very willing to deliver garbage; StartPage.com which is a weird anonymous “front-end” to subscribe to the Google algorithm, but without passing your information to Google itself or implanting any Google trackers. Choose for yourself. I like that SP runs no Google ads, no Google statistical scripts, so you can search and in a year you will tax Google servers $0.00001 and not pass them any revenue. muahaha
Step 6: Do NOT ever give away anything, for any reason, about your true identity or location or family members or friends. This is superhero secret identity stuff. TPTB quickly build a relationship tree that fleshes-out really well when they want you to feel intimidated. Pick an actual unrelated online alias. Change it a lot. Many may be surprised to note that my real name is actually NOT HiddenMarkov. You will find that you can pretty much fill out most web forms with information that doesn’t match your credit card and still get delivery (if you use CC and not gift cards). “Dave Smith” will get your mail. Another point: NEVER buy anything online that will be delivered to your physical address. Get a mailbox from UPS, get to know the proprietor. Cheap, and it cuts down on pilfering. A recent lawsuit in Texas described to the judge how important official court-service documents that were embarrassing to government were obviously tampered-with in the mail, the (supposedly) most sacred trust of government, as it is enforced with threats of jail and such. They simply don’t care. They are above all that petty pleb consequences stuff. But for you, your name in a database is devastating, or can be.
Step 7: Email is the Achilles’ heel in broadcasting details about many of your lives. You use Gmail or some form of Live/Hotmail, Yahoo or even AOL, or other corporate email-sniffing web applications. Stop it. This is going to be the hardest part for Boomers: leaving the comfortable look-and-feel of a perhaps decades-long relationship with the favorite T-shirt of a familiar GUI, and enduring the occasional bout of “this should JUST work!” But pay attention: Not only are your email transmissions a tool for customized marketing leverage, they are Carnivore’d and more for permanent review by hostile actors in an unsympathetic State. Nobody thought that getting that annual Christmas Letter from Aunt Bessie’s Gmail weeks before she joined the truckers in a kiddie hot tub in Ottawa would get you on a watchlist, but yet, here we are. There are many more private email systems, many of which are free or nominal in price (see below). A best-in-class favorite of many people which continues to have a free version available is ProtonMail.com hosted in Switzerland, the same people who do the VPN above. Email of the garden variety (Gmail, Live/Hotmail, Yahoo, etc.) contain in the background of the sent email file the IP address from which you sent the message, and if the above VPN obfuscation work is done right it will look like you came from an entirely different place. If you didn’t know it, this information can be easily copied and entered into any of a hundred geolocation websites and deliver your actual location. The key benefit to using privacy email services is that they strip your IP address from those hidden message headers entirely. So the only recourse for the bad actor is to try to hack into a place like ProtonMail. Good luck my guy. And even if they did, done VPN right, the best they could hope to find about you is that you live in Iceland some days, Germany on others, and Fridays in Dallas.
Step 8: Money is another Achilles’ heel. ACH transfers and the usual lines of bank-to-bank or credit card transfers, including via big Silicon Valley banking systems like PayPal are things I would not trust for maintaining cash reserves. They are under scrutiny and regulation and control. Bad actors in Canadian emergency government can simply thieve from any account they can name. And since they have the ability to basically name any account they choose means that what is yours is theirs whenever they have an emergency they feel like calling. Where you can, use obfuscated cryptocurrency. Privacy matters. I personally like Monero (XMR) and now that they have joined in portable wallets (USB keys), these things can be easily shared and transacted. Converting them into cash on the ground might be problematic, and that is a topic for more of a logistics expert. But when a Canadian communist-in-waiting declares “including cryptocurrencies” in her current financial dragnet, be advised that this is not how the people at Monero see it. Good luck cracking Ring Sigs, honey.
UPDATE: Others have noted that a (1) Monero wallet is under Freeland surveillance. How the Peoples’ Republic of Canada came to possess this knowledge is anybody’s guess, and it is also anybody’s guess as to whether this report isn’t another round of political theater to inhibit donations and starve their beast that way. One thing is for certain: if true, they didn’t hack into the Ring Signature. Somehow the wallet coordinates made their way into the hands of operatives at a local bank or somebody divulged. Use care on how and when cryptos are converted into IRL legal tender.
Do these above things and make these family-wide habits at your desktop. Avoid using anything but burner flip phones without GPS. You really don’t need those apps that amount to a chip implanted in your ass. Use care, be legal, stay safe(r).
If you choose Keybase, there are rules that must be followed to stay less obvious to the outside world: do NOT follow each other in your group, following is not needed to stay in touch. Following is something visible to outsiders. And even though I am sure that when the PLA/CCP bought Keybase to get their cryptography modules to fix a Zoom cryptography problem they inserted “front doors” into the code to peek in on private chats whenever they feel like it, unless they take screenshots before messages explode, the probability is that end-to-end encryption is properly employed.
Seems like sound advice to me. On the other hand, it is hard to imagine that we can bring about change in the real world if we remain in total anonymity all the time, isn't it? Any ideas on how to protect ourselves and fight the totalitarians at the same time?
Say No to NordVPN: https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ (better fleshing out here: https://www.bestvpn.co/nordvpn-hacked/)
Ok so it was 2 years ago, but uh... No.
May be way outdated, but TOR and FBI in Internet searches turn up more hits than I feel comfortable with.
Brave is based on Chrome, which is why you see bits of it in there. Some of the stuff built in to Brave is helpful and automatically does what you suggest re: trackers, ads, etc. May be worth a reconsider?
Other things that may be more difficult: ditching Intel chips and MS Windows OS. Both of which I still have to do...
eg: - (may be an overly melodramatic article - ymmv):
NB: this was from 2013, and accidentally discovered. Who tf knows what's in there now...
https://popularresistance.org/new-intel-based-pcs-permanently-hackable/
and
Consider you cannot stop MS Windows from updating their OS on your machine, plus "In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".
https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data