While many still argue about how their own views on the history of the internet are the truth, we do know the core timeline consists of the “Electronic computer” being developed in the 1950s. From there the ARPANET was created and quickly adopted the Internet Protocol, which soon began a wildly discussed and argued about origin story of the internet sometime in the 80s. However, while many will even argue the core facts to the point of the internet being born either earlier or later in the timeline, we do know that Usenet was not too far away. With the birth of Usenet, things like the BBS, Internet forum and terms like “Eternal September” quickly cropped up in a rapid session of growth and expanse.
Now things like Blogging or Social Media are common, and people with rose tinted glasses grow remorseful of how inclusive the internet has become. The early adopters and users are not too far off with their remorse. You see, many of the modern day users have grown complacent and wholly unaware of even the simplest uses of OPSEC. This chapter aims at giving the average user a simple and quick primer to enhance their privacy and security when using the internet.
The gateway to the internet, for the modern and average user, is their browser. It is a piece of software meant to help people transverse the World Wide Web by retrieving and presenting information resources taken from the internet. The modern browser is pre-built, requires hardly any tweaking, and is rarely, if ever, able to be fully customized. However, as more people aim for a free software or an open-source style of use, more browsers do offer some level of customization that range from modifying the settings under the hood to themes and other frivolous tweaks.
With so many choices, people usually stick to Internet Explorer or Google chrome; however these browsers leave a lot of wanting when it comes to usability. Chrome also has a notorious past of spying on you without giving you a warning, which should not be such a surprise with all the claims of Chrome being a botnet and not asking permission for accessing a user’s computer.
Ultimately, anything with Microsoft or Google is unavoidable, sadly, and a lot of work has to take place in order to avoid leaking information or having it sold. But that’s the way things flow as of late, especially when “Don’t Be Evil” is dropped in favor of “Do the Right Thing”.
So, what does that mean for the average user? Well I recommend picking from this list...
Avoid using password storage, password sorters, and similar features or AddOns. Write down your password, if you must, and hide it where no-one will find it but you.
Though many browsers have the ability for a Private Browsing mode or Incognito Mode, those only protect you from saving cookies and history. However the browser and search engine method still can track you. However your privacy can be improved with the implementation of Private Search Engines, the search engines that do not store your queries or track your steps on the Internet. With plenty of options available and each using their own unique algorithms and search options it may be hard to sort through them all to get the most secure and private options for us Paranoids. Though keep in mind this list is for function over form. They may not look great but they certainly are functional. Lets start with some Libre Options. Libre is the term for Truly Free Software as in GNU-Libre or Free as in Freedom.
Yacy Is a Libre engine that anyone can build a search portal for their private network or to the Internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. YaCy is fully decentralized and Peer-to-Peer, all users of the search engine network are equal, the network does not store user search requests and it is not possible for anyone to censor the content of the shared index. YaCy is true freedom when it comes to your searches.
SearX Is a Libre Internet meta engine which aggregates results from more than 70 search services. When using SearX you are neither tracked nor profiled. You can also use Public Instances or Private Instances of SearX allowing you personal Paranoia to take hold and establish your own private network of SearX.
Though on a centralized platform you can use SearX over Tor for online anonymity. If you are not a huge fan of tinkering and compiling you can also check out these more user friendly options.
Duck Duck Go Probably one of the most well known and most full featured engines available today. Available for major platforms like Firefox, Android, IOS, and more https://duckduckgo.com/app DDG is Quick and Simple.
Start Page If you can not beat em, use em, Start Page pays Google to use their results and in return Start Page removes all trackers and logs. What comes about is the in their own words Worlds best and most private search engine. This is great if you do not want to abandon Google result just yet and still want a full features Search Engine.
Now if these are still are not Wizard enough for you and you NEED to go full Arch-Mage you can also try some of these Tor options as well. These are the Onion URLs
Feel free to try these over Google or your other previously preferred tracking option.
Big brother is here and it is nothing new. Browser fingerprinting has been around without any of is ever noticing since the 20-aughts. Java-Script, Browser Identifiers, Internet Protocol Addresses, Even down to Time-Zone and Font choices. This canvas of data can be collected by both individual sites you visit or 3 letter organizations with the means to blanket many sites to make mitigation tactics less useful to those would be Paranoids like You and Me. This huge advertising scheme to allows parent companies to create a digital copy of you, a 1 dimensional clone that is only your wants, likes, and dislikes. Purging everything that is unprofitable, making a you that is for sale and will be sold.
Cookies are small packets of text files that are stored on your computer, these packets contain certain data that may give websites information to improve the user experience or to remember previous sessions allowing you to pick up where you left off. Every time you visit a website, your browser will download cookies if allowed.You can disallow cookies via your browser settings. Either by clocking 3rd party cookies (Everything beside the home site) or all cookies. I recommend all cookies though this may cause some issues on most high traffic sites.
I am placing these two together due to the nature of both JS and HTML5. HTML5 is the coding language used to build websites, a platform much like Java Script. It is the core fundamentals of every website and this allowed unique identifiers to be placed on the user from the site. In HTML5 , there is an element which is called Canvas, canvas discerns certain data, such as the font, font size and active background information like screen size based on the browser of the user. This information serves as the unique fingerprint of every visitor. These can be blocked via the browser settings, you can follow the following walk through to disable JS on most major browsers.
The easiest to track and sometimes the most difficult to stop depending on your country and device. The "Internet Protocol Address" part refers to a unique number that gets linked to all online activity you do like a return address on a letter youd send out. A letter gets send asking for information and then gets returned with said information. Disguising your IP can be done in several ways, unfortunately nothing can be done via your browser settings. Using a VPN or Virtual Private Network this is widely considered the best option though I have to disagree due to the amount of VPNs available and many of them are absolute garbage. Here however are some fairly...fair VPNs
Using Tor, now I plan on going into a more in depth methodology of Tor. Here is a quick snippet. "The Tor Browser is a free software program that you download onto your computer that conceals your IP via Entry Nodes and Exit Nodes. These nodes are kinda like playing Telephone. You open with you IP, and as it goes through the Nodes, all with their own IP, by the time it reaches the Exit Node, in theory and somewhat in practice, your IP should be completely hidden. This process is layered with encryption, which means your data is obscured by security and privacy protection." More can be found here https://www.torproject.org/
Geo-tracking, put simply is your location. Use an Open Wifi network like in a Coffee Shop or your Local Library and not your home. Living off grid when it comes to Internet is frightening for most including myself. But this is an excellent option as an IP address does not travel with you. So if you simply go to a coffee shop, library or hotel and use their Wi-Fi, you will temporarily hide your usual IP address. You will be using their networks IP address for as long as you are online on their network. Using all of these in conjunction can keep you secure, private, and safe from our advertising overlords. For further reading and a list of resources I used for this post check these sites out here https://panopticlick.eff.org/
Electronic mail, shortened to E-mail, is one of many means to exchange digital messages between computers and their users. However, since seeing frequent use in the 60s to now, e-mail has become used more as a means of identification than communication when needing to sign up for an account or do some sort of business based task, or being a responsible adult and working on your taxes or banking.
Now, e-mail is just one of the many methods sites use to prevent bots, scammers and spammers from joining their communities. When you need to sign up for an account, you usually need to provide an e-mail from a provider that they have yet to blacklist, Example: Most common temporary e-mail services have been blocked by FaceBook.
The average internet user will usually use of the main three: Google, Outlook, and Yahoo.
Sometimes Yandex, among similar non-US based e-mail providers will be used, however the main three tend to rule. The issue with the main three (Shortened from now on to MT) is that they require a lot of data and “verification” to ensure that it’s you who’re signing up or at least not someone with malicious intent.
This would not be such a large issue if it was not for the fact that the MT are notorious data collectors who work in unison with the government, among other groups, to not only data-mine and spy, but also possibly put down dissenters. If any of this comes to light as being true and not just some gossiping theories put forth by many privacy groups, then that just shows how much of your information is at stake.
As of now, you can use some cheap or free alternatives, these should work as a free secure e-mail provider.
Tutanota Similar to Proton Mail with a few additional features with multiple authentication options and despite the encryption, you can still search your emails by body text. This is my preferred email provider.
Guerrilla Mail gives you a disposable email address. You can give your email address to whomever you do not trust. All incoming email is deleted after 1 hour. Great for quick communication.
Another issue, for many, is the fact that you can not sync or linking accounts together—this is a good thing, though. Syncing, storing or linking accounts is something you should not do, at all. Your accounts should always be separated, never touching and kept as far apart from each other as possible. Now it is recommend you use a mix of these e-mails each time you create an account or sign up for some service or another that is not tied to you offline. Example: Banking, bills, school or work. You should honestly have one account on each specifically for stuff that is offline. The reason for this is simple: You will generate enough of a trail to not be suspicious.
Remember: Never save your passwords on your computer and never use a password manager. Write down your password and the piece of paper with it somewhere safe and away from people trying to find it. Use a lock box if you must, but never save this info on your computer. Also look into writing down each account’s information down and hiding that paper, too, so you never forgot it.
Your password is the key to your account, without it you can not login without going through an entire process of laziness meant to make it easier on the geeks who run the website you are a part of or at least the “Help desk”. You see, that is all a lost password request is: Laziness. It does not mean you are lazy, though, it just means you are forgetful like everyone else. However, the people who run the site don’t want to deal with properly verifying your claim to your account, so they created these claims of simplicity where you submit a request to retrieve or change your password.
That is where laziness comes in. Anyone who spent time researching you and applied a liberal dose of social engineering will be able to guess certain security questions and your e-mail addresses to the point of being able hijack your account. This is why it pays to keep e-mails separated, not to use the same username twice, and to have a strong password. Your password should be sixteen 16 to thirty-two 32 characters long and consist of randomly select characters that range from upper case letters (ABC) to lowercase letters (abc) to numbers (123), punctuation (.,;?!) and special characters ($%#). Your password will not only be hard to remember, but also hard to guess. This is why you should write it down on a piece of information and hide it in a lockbox or locked drawer where no one will get at it, ever.
You should also avoid password managers, syncing your information, using “Master passwords,” reusing your password, or saving it on your computer or phone. Think of your password as a unique key and each account a unique door—you need a specific key for a specific door, ergo never use the same password twice. Always randomize your passwords, their length and the characters used to the point of each one never being overly similar.
For those who are using GNU/Linux, a section I will be discussing soon, you can use several handy terminal commands to make long, complicated passwords
Generate Random Passwords Using Terminal and md5 SHA to hash the date, runs through base64, and then outputs the top 32 characters.
Filters using the strings command, which outputs printable strings from a file, which in this case is the urandom feature.
This one uses the dd command.
The easiest way to make a password from the command line.
An account is like a membership you apply for when you join a community or a website. And like a membership, the difficulty to obtain an account ranges from something as easy as a username + password or to the near-impossible where you need to provide an arm length’s of information and an invite code. Regardless of what you are signing up for, however, you need to learn to compartmentalize each account and profile into its own isolated object. You do not need to interlink your information, account or anything like that. You do not even need to sync it up to your e-mails or our phone.
You do not need 40+ accounts across the internet. You need what you need, and at that, you only need it if there is a reason for it. So, in theory, what accounts do you truly need?
You do not need them, however gaming is a decent way to unwind and do something mindlessly to try and clear your head of troublesome thoughts. Honestly, though, do you really need any of those accounts? Well, yes, if you do not believe in piracy or simply wish to support the developers you prefer. But you do not need it to live or survive. There are plenty of non-DRM options that range from freeware to physical media options that do not need an internet connection in order to play it.
You do not need to one to watch videos or enjoy them. You only need an account if you, yourself, plan to comment, rate or upload videos. Do you really need to do that? There hundreds of ways to express yourself that do not require you sitting in a chair, staring at your computer, and reviewing bottles of Fuji water from when it first was released. You will need accounts or simply want to make an account, for whatever reason, and participate in the community or reap the benefits of releasing your information for that slim chance of being “Internet famous”.
No matter the reason, though, you need to treat your account and its associated profile as a contained fire during a camping trip. You want to give only as much information as is required, not what they offer you to give up. For instance: Your username should not be your real name or a nick name that you have been called before. It should be completely unique and unrelated to anything else you have made, claimed, were called or even thought about using. It should also be different from the e-mail address that you’re using for the account. Ultimately, outside of paid accounts or billing information, not a single thing on your profile should lead back to you or be associated with you or anything related to you. You should not use the same password, e-mail address, username or anything that you have used on another account. And, at that, no account should be linked, synced or associated with each other in any way possible.
These accounts and profiles, depending on their settings, should be made as private as possible and be as minimalist as possible. You could, in theory, supply false information in your bio or “about me” to create a false digital trail just in case, however leaving no information is better than leaving some. And, truthfully, you should avoid having more than ten 10 accounts at any given time.
This is nothing more than the barest basics needed to keep some sort of privacy when using the internet and trying to avoid being doxed during some kind of discourse. This will not make you 100% anonymous, nor will it make you undetectable when it comes to the government, yet it is better than nothing.