D

Deleted member 65228

Heads up by the way, if it's obvious you're intentionally trying to avoid surveillance, it could just put you on a list and make it increase even more. Because from an agency's point of view, it could be a signal to them that you do actually have something to hide.

Just food for thought I guess. I care about privacy but I don't spend money on it, I do scrub the internet from personal info of my own though.
 
  • Like
Reactions: upnorth

Slyguy

Level 42
Verified
Heads up by the way, if it's obvious you're intentionally trying to avoid surveillance, it could just put you on a list and make it increase even more. Because from an agency's point of view, it could be a signal to them that you do actually have something to hide..
That's what makes it fun. It also helps keep you on your toes, train you in new tactics, help reveal their tactics and give you some entertainment. Also keep in mind, even basic stuff these days can trigger it, looking up VPN's, going to Linux sites, etc. Might as well make it hard, and in the process have a fun little hobby, right? Imagine their horror attempting to TAO you to get into your cascade encrypted drive only to find out it contains photos of your last vacation. They just wasted several hundred thousand dollars for some beach front photos. How rewarding is that to see unfold, right?

Remember, each operation they conduct risks revealing sources, tactics and tools. Sure, you might be able to take over Trend Micro on a guys computer, but you'd better be sure he isn't smart enough to find out or he's going to blab about it everywhere.. So much for that technique. When you hear 'compromise sources and methods' that's often what they are referring to. For example: Most people think the Nunes memo is a big nothingburger and why people didn't want it to be released... Hidden in plain sight in that memo is an important 'method' they use to circumvent the law and spy on Americans. It reveals, indirectly how American's rights are being violated. Basically, if they want to spy on Trump they can't, there wouldn't be any probable cause. So what they do is author a fake dossier, name a 'close associate' to Trump in the dossier. Then get a FISA warrant to conduct surveillance on the 'close associate' using that associate to scoop up data on the INTENDED target, which was Trump.. That's the extent of the 'sources and methods' they didn't want YOU to know about because it's circumventing our constitution and abusing the FISA court.
 

Slyguy

Level 42
Verified
I am taken by the "for our own good" part. Who decides? NSA? Google?
If anyone would like honest to goodness true privacy, it's obtainable but not convenient at all... For example I will share a technique to communicate with someone with virtually zero probability of interception.

1) Take an old laptop install a secure Debian build on it.
2) Spoof the MAC on the NIC and run a VPN on it.
3) Install Shashlik on the Debian to run AndroidOS.
4) Run a nested VPN on the Android OS.
5) Install Signal Private Messenger on the simulated Android OS.
6) Chat with impunity.

Even the most well funded, skilled actor isn't going to be able to monitor the system. Since everything is wiped and reset after each use there isn't anything specific for them to intercept that can be tracked over any major length of time. The nested VPN is quite secure, the Debian is quite secure. The simulated Android environment is safe, and Signal is very secure under these conditions. This is just one example of hundreds of different techniques. Have fun with it. :)
 
D

Deleted member 65228

Take out the hard-drive and use boot-OS like Tails as well. Tails is designed not to store after the session so once the session is over, all content on the session is over as well. However potential exploitation could change this (I've never seen such nor do I even use Tails/would have a need for it but I know some do). So not using a hard-drive would be safer. Of course it isn't convenient but it does suit usage of Tails from a bootable removable media anyway.
 

Slyguy

Level 42
Verified
Also, 'hiding' isn't the only technique. Chaffing is another. Saturate any potential monitoring with millions, if not billions of bits of 'noise' and you really start to make people mad. I assume my PhromFighter running on a dedicated server that does 1,500,000 searches a week blended with our normal searches is probably infuriating to anyone that may want to monitor this home. That's a significant amount of chaff being thrown out there.

You can really start to annoy if you setup a server with 8 different highly encrypted zero knowledge cloud services and then create a script to move junk files in and out of the cloud directory triggering constant activity. Then create a secondary account on one of the 8 that contains your 'real' data masked among the chaff of encrypted cloud drive activity constantly updating itself over your WAN. That'll make any potential actor pretty annoyed too and parsing the actual, usable intelligence from that gets really really messy. Even better, setup multiple zero knowledge, encrypted cloud storage with different vendors, then use scripts to migrate your data between multiple different services/companies each week 'automatically'... Yeah, that'll make anyone furious.

So maybe not necessarily hiding, but making what you do really messy or chaffed inside of a bunch of other trash may be the way to go? Or even combine that WITH privacy enhancement techniques for the ultimate combo?

I know a few guys that have a 'fake' public profile. They appear totally normal.. Talking about the latest news. Complaining about taxes.. Watching regular popular TV shows. It's all a racket... It's not them really, it's their profile for everyone else (including intelligence) to see. Their 'real' person you'll never find. It's not criminal, but it's exceedingly private.. So data mining collects trash on someone that looks totally normal but the trash is totally inaccurate and useless. They're future proofing themselves as well by doing this.
 
Last edited:
D

Deleted member 65228

Hahahahahahahahahaha yes that is a very good idea. Tons and tons of dummy requests, even if it's known to be dummy, it will really annoy anyone trying to get a peak under the hood. One minute they have something meaningful, and then bam, their logs get flooded with 1 million dummy requests. Good luck finding the meaningful one now. LOL.

This is actually a clever anti-reversing technique as well. Setup some threads to make tons of dummy requests, also to routines the main/genuine worker thread will be using. Except, make the parameters legit, not just NULL.

If someone is trying to identify whether the program opens a handle to a specific file/directory, unless they know in advance what to filter for, now they have to go through hundreds of thousands of NtCreateFile/NtOpenFIle API calls on the log. Setup a while/for loop to just automatically do it, also manipulating the buffer in the OBJECT_ATTRIBUTES structure for each invocation.
 

DavidLMO

Level 4
W00t. Hahahaha rotflmfao. I do so love privacy and security. Particularly the way some of us think. hehe
 

Arequire

Level 23
Verified
Content Creator
Heads up by the way, if it's obvious you're intentionally trying to avoid surveillance, it could just put you on a list and make it increase even more.
I say let it increase. You may get heightened attention but at least you're taking a stand against something that you believe to be morally wrong.
The way I see it, if some agency is forced to spend a single extra penny just to waste their time taking a closer look at me - a perfectly sane law-abiding citizen - because I'm trying to evade mass surveillance then I'm calling it a win.
 

Slyguy

Level 42
Verified
I say let it increase. You may get heightened attention but at least you're taking a stand against something that you believe to be morally wrong.
The way I see it, if some agency is forced to spend a single extra penny just to waste their time taking a closer look at me - a perfectly sane law-abiding citizen - because I'm trying to evade mass surveillance then I'm calling it a win.
Now that's the kind of attitude I respect.
 
  • Like
Reactions: Handsome Recluse

Slyguy

Level 42
Verified
Hahahahahahahahahaha yes that is a very good idea. Tons and tons of dummy requests, even if it's known to be dummy, it will really annoy anyone trying to get a peak under the hood. One minute they have something meaningful, and then bam, their logs get flooded with 1 million dummy requests. Good luck finding the meaningful one now. LOL.

This is actually a clever anti-reversing technique as well. Setup some threads to make tons of dummy requests, also to routines the main/genuine worker thread will be using. Except, make the parameters legit, not just NULL.
It gets better. My program draws specific topics, stories and relevant news via feeds. Then automatically keystrokes those into the browser. It simulates clicks. It uses several modes to simulate user timing with delays and burst spikes. Fun stuff. A log of anti-surveillance technology isn't about hiding, it's about introducing chaos into a clean surveillance environment. Same principle here, except with programs and web requests. For example sensitive EMF harvesting is quite easily disrupted by introducing EMF-Chaos into a room, it totally screws it up. 'Predictable' chaos has to be avoided, which is why a true Pink Noise generator is far better than white noise - and why a program chaffing the internet needs to factor predictability and disrupt it.

I think privacy in the future won't be about hiding, but chaffing. I think protection of programs won't be about security but about self-protecting mechanisms within programs themselves. Just my opinion, mostly because it's become very difficult to have privacy and anonymity this could be the logical evolution of all of this.
 
D

Deleted member 65228

I say let it increase.
Yeah, I mean if you don't care about it then it doesn't matter.

I still remember John McAfee VS an FBI or CIA agent on the news regarding privacy, and John destroyed him lmao
 

Prorootect

Level 53
Verified
Also, 'hiding' isn't the only technique. Chaffing is another. Saturate any potential monitoring with millions, if not billions of bits of 'noise' and you really start to make people mad. I assume my PhromFighter running on a dedicated server that does 1,500,000 searches a week blended with our normal searches is probably infuriating to anyone that may want to monitor this home. That's a significant amount of chaff being thrown out there.

You can really start to annoy if you setup a server with 8 different highly encrypted zero knowledge cloud services and then create a script to move junk files in and out of the cloud directory triggering constant activity. Then create a secondary account on one of the 8 that contains your 'real' data masked among the chaff of encrypted cloud drive activity constantly updating itself over your WAN. That'll make any potential actor pretty annoyed too and parsing the actual, usable intelligence from that gets really really messy. Even better, setup multiple zero knowledge, encrypted cloud storage with different vendors, then use scripts to migrate your data between multiple different services/companies each week 'automatically'... Yeah, that'll make anyone furious.

So maybe not necessarily hiding, but making what you do really messy or chaffed inside of a bunch of other trash may be the way to go? Or even combine that WITH privacy enhancement techniques for the ultimate combo?

I know a few guys that have a 'fake' public profile. They appear totally normal.. Talking about the latest news. Complaining about taxes.. Watching regular popular TV shows. It's all a racket... It's not them really, it's their profile for everyone else (including intelligence) to see. Their 'real' person you'll never find. It's not criminal, but it's exceedingly private.. So data mining collects trash on someone that looks totally normal but the trash is totally inaccurate and useless. They're future proofing themselves as well by doing this.
Look then at this topic I posted some days from now:
Noiszy, ipFlood - erasing your footprints - for Chome, Firefox....
Add-on - Noiszy, ipFlood - erasing your footprints
 

Slyguy

Level 42
Verified
Noizsy uses source code from the TMN project. The TMN project started as an anti-surveillance research project based on the anti-surveillance technologies in the MIT research paper "A Tack in the Shoe".

TrackMeNot

I use a server based program that relies on some of the things illustrated in the A-Tack paper. I've attempted to hire a programmer to clean it up and get it in a public-release state but haven't been successful and couldn't keep devoting time to it.
 

Gabriel.CWD

Level 1
Rather alarming. Since it was Google, I am NOT surprised. Trouble is probably 90 % of users are totally clueless about this and clueless as to why is IS important.

And at least in both the case of M$ & Google they practically force you to set up "Accounts" that facilitate in tracking you across all devices and all apps.

I think that given Congress just recently not only extended but enhanced FISA, the likelihood of getting help from them is slightly below Nil.
You're absolutely right.

The big companies do what ever they want. Installing trackers, spying on you.

Well... the other day I was chatting with a friend about drones, and not chatting online. We met at home and started a conversation, it was about drones.

Next thing when I open the phone, I see ads with drones. And I didn't even search online for drones. Maybe about 1-2 years ago.