TL;DR : You’re f_cked
Table of contents:
- Don’t use Windows
- Don’t use Intel CPU
- Not all VPN are equals
- Avoid DNS leak
- Burn your identity
- Avoid GAFAM
- Avoid transparent Blockchain
- Not all privacy coins are equals
- Use a different wallet address for each payment
- Encrypt Files & Folders
- Emails aren’t secure
- Use Encrypted Communications
- Use UnGoogled phone or Custom ROM
- MAC spoofing (Illegal in most countries, don’t do this)
- When shopping online
- Give something to the Feds
1. Don’t use Windows
Windows is a proprietary operating system with endless privacy policies, longer than toilet paper, which includes stuff like this :
Need I say more? Use Linux!
There are plenty of distributions ranging from beginner to master:
Ubuntu: A good user-friendly starting point, but is essentially the same as Windows.
Aarch: Full customization, but isn’t beginner friendly
Whonix: Privacy focused Linux, works on windows, Linux, VM, Qubes
Qubes: Ultimate privacy & security focused layer Linux distribution ever
Don’t be afraid, Linux is a journey, it isn’t plug-and-play! (Except Ubuntu) It teaches you to search information on the internet and read the docs ❤️
2. Don’t use an Intel CPU
All CPU hardware has a built in backdoor.
Intel seems to be the most vulnerable on this, but AMD has issues as well, especially on Ryzen & Epyc CPU.
3. Not all VPNs are equal
When you are considering VPN’s, there are free ones and paid ones.
Basically, when the product is free, you are the product.
It’s really as simple as that.
Very few VPNs are honestly doing what they’re meant to do.
All free VPNs keep user logs and are more than happy to sell your data and logs to regulators and law enforcement agencies.
These 3 VPN’s have the strictest policies about not keeping user logs:
Doesn’t require you to enter email nor any private details, and you can pay with cryptocurrencies.
They have embedded options to customize DNS to avoid leaking your queries to your Internet Service Provider (ISP) — discussed later.
“Hardcore mode” to disable everything from Google to Twitter to Facebook. Which is handy for whistle blowers and helps resist online surveillance. Possibility to use WireGuard!
Strong and cheap VPN, with SOCKS5 proxy options.
Some downsides are, aggressive and misleading marketing.
For example, a discount with a countdown that is always on. Even if you’re using another VPN, they will tell you that you’re not secure until you purchase from them.
You’re allowed to use them only for lawful purposes, otherwise they will leak everything to law enforcement authorities.
Best free plan, but free servers are mostly overloaded.
Not the best paid option, and Protonmail got caught reading emails.
4. Avoid DNS leaks
Foremost, what is a DNS?
DNS stands for “Domain Name System” it’s what binds domain names with their respective server IP addresses.
If you’re using a VPN, that’s great, but isn’t enough to be completely anonymous, since you’ll still be leaking your queries to your ISP through their default DNS service.
You can setup those both on router, in-browser or network device config.
There are few Custom DNS that you can use to avoid DNS leaks:
Blocks shady websites on DNS level, and Privacy-Friendly
Primary DNS: 184.108.40.206
Secondary DNS: 220.127.116.11
Another Privacy respectful option, faster on the market
Primary DNS: 18.104.22.168
Secondary DNS: 22.214.171.124
Run by Cisco, but still a decent choice:
Primary DNS: 126.96.36.199
Secondary DNS: 188.8.131.52
5. Burn your Identity
When you’re browsing, you’re leaving tracks. You can check all accounts you’re linked to on https://justdeleteme.xyz
It is a good idea to delete your social medias accounts every so often and make new ones with different IP addresses.
Also re-install your OS regularly to get rid of any spyware/malware that might be installed on your machine (after backing up important data of course.) I do this approximately every 3 months.
Use services like deleteme.com (US only) to delete your unwanted online presence used by data brokers.
This will only work for Google.
There are plenty of DIY tutorials available online.
Norton’s LockLife has a paid service, if you’re not willing to do this time-consuming task by yourself, with a bonus of insurance in case of ID theft.
6. Avoid GAFAM
GAFAM stands for “Google, Apple, Facebook, Amazon, Microsoft”.
Google & Facebook made fortune by selling your data, it’s a not a secret.
Apple was known for its respect for privacy but this will end on iOS 15!
iOS is built on FreeBSD but has lot of proprietary parts.
Amazon’s business strategy is to sell lower than anyone else to wreck all opponents. Along with this, Alexa, Echo and Dot are simple microphone and a speaker. They are always listening, send raw data to Amazon’s servers, that process it, and send back audio file for you to listen through the speaker.
You have to be really dumb to let this creepy AI enter into your house. Microsoft has been explained in section 1.
Because the Chrome Store is blocked, in order to install extensions, activate developer mode at chrome://extentions, then load from extension downloaded unzipped folder.
Falkon is another completely independent initiative.
7. Avoid transparent Blockchains
Using a transparent Blockchain is the same as letting everyone look into your bank account. Do you want everyone to be able to see your bank account balance and transactions?
I guess not, otherwise you wouldn’t be there reading these lines.
Here are some tools to track other’s portfolios:
https://etherscan.io/ for Ethereum
https://bscscan.com/ for Binance SmartChain
https://www.blockchain.com/ for Bitcoin
https://litecoinblockexplorer.net/ for LiteCoin
https://xrpscan.com/ for XRP
And this list goes on for each other transparent Coin or Token.
I can allow an exception for using Bitcoin along SamouraiWallet.
You can learn more about Bitcoin’s privacy here.
The Lightning Network will make Bitcoin more private since the transactions will happen off-chain, but you can still be traced inside payment channels if they’re public ones.
Joining/Exiting channels will still be public and traceable.
Otherwise, watchdogs can’t spy on private payment channels.
8. Not all privacy coins are equal
When it comes to privacy coins, they’re not all equal.
Monero for example, was the original privacy coin but isn’t private anymore due to projects like CipherTrace, which aims to track Monero and to make it worthless. You can learn more about Monero here.
PirateChain has by far the best anonymity set ever on the market:
I don’t see any better privacy coin, or maybe I’m missing something.
Also, the fact they rely on Google & Google Forms to host their “ScrtAgent” website to report their so called “scrt missions” raises real doubt and legitimate questions about their purpose and privacy.
On the other hand, this problem is well known in Zcash community.
9. Use a different wallet address for each payment
If you’re not sure about the tracks you’re leaving online, it’s good to not use the same address to receive payments, otherwise it can be used to track you.
Using a different address for each payment is a feature by default in SamouraiWallet for using Bitcoin in a more private and secure way.
PirateChain’s “Treasure Chest” for example, has an option to create a new public address within seconds. Many other currencies and wallets may do the same, but why use something else other than the best?
10. Encrypt Files and Folders
Follow their docs in order to get this done.
You can still use GPG to encrypt and share Eureka’s one-time-key.
Use self-destructing notes to do so.
- BitLocker on Windows (not recommended)
- Encfs for Linux flavored distributions
- Disk Utility or FileVault on Mac OSX
Keep in mind none of those above protect you against common security threats and issues.
Always encrypt your seed phrases, and store them offline!
11. Emails aren’t secure
Email protocols are very old and aren’t secure anymore.
That’s their business model, and how they made billions.
They got caught opening your emails.
They also have an AI scanning all emails attachments.
And guess what? Protonmail, supposed to be the most private and secure email provider, got caught opening emails too.
12. Use Encrypted communications
First, don’t use PGP based communications.
Even “Phil Zimmermann” inventor of PGP, don’t use it.
Second, don’t use emails even if they pretend to be private or secure.
When it comes to encryption, it’s the same rule as cryptocurrency :
If you don’t own your keys, someone else does.
Don’t fool yourself into thinking E2EE (End-to-End Encryption) messaging apps such as WhatsApp, Messenger, Signal, Telegram, Discord and others aren’t listening to you.
Instead use OTR (Off-The-Records) messaging, which is a cypherpunk cryptographic messaging protocol.
Altermail is a promising privacy respectful messaging app. Users are in charge of their private keys. Private keys are password protected. They aim to serve an “enterprise grade” quality of service.
13. Use UnGoogled phones or Custom ROM
You can also install custom ROMs on your android device in order to have more control over your privacy.
But in the end, this won’t disable trackers from apps you install if you still want to receive notifications or are using the most popular apps contained in Google’s Firebase.
Rox Braxman explains a lot about Google tracking and why use custom ROMs.
⚠️Flashing your device is risky and may damage it permanently ⚠️️
⚠️I’m not responsible for anything you do with your phone⚠️
⚠️Flashing your device result in an immediate loss of its warranty⚠️
14. MAC spoofing (Illegal in most countries, don’t do this)
The MAC address is the physical address of your networking interface.
I’ll tell you why it’s part of privacy, instead of how to do it.
- Used in pentest to redirect traffic
- Bypass MAC filtering
- Free WiFi uses MAC address to track users
You can find more information about this here.
15. When shopping online
It isn’t a secret that shopping online with your credit/debit card directly leaks your identity, unless you are shopping with preloaded prepaid cards.
You can buy them just about anywhere.
If you buy a card €500, there will be €500 on it. Use cash to purchase.
Another way to shop anonymously is to user burner cards :
Burner Cards are “Proxy” Cards. (provider example)
Enter your card details and you receive a virtual burner card.
This adds a layer of anonymity, and you don’t need to give any of your personal information when registering with them.
Their free premium membership lasts 30 days.
Try to shop on decentralized marketplaces and avoid using your home address. To setup a postal box, you need to go to your national mail courier service and discuss with them about options & pricing. This is easier to setup for a corporate entity, but still possible for individuals. Using this will anonymize your residential address when shopping on shady websites or getting stuff delivered.
⚠️ Some companies and services refuse to deliver to Postal Boxes⚠️
Same goes for shipping to your lawyer, but might be more expensive.
16. Give something to the Feds
Finally, if you’re being a complete ghost without using most common social networks, this will raise suspicion among tracking companies and services accounting for governmental agencies. Give them something, but clearly differentiate profiles on separate devices.
As you have seen, privacy is a difficult and overwhelming topic for most people. Tech Giants are working together against us. Here’s another complete 30min Privacy Tutorial I’ve found online:
👏👏👏 Thanks for reading👏👏👏
You can clap this article up to 50 times if you enjoyed reading through.
Don’t hesitate to bookmark it in order to apply these principles.
Special Thanks :