From 6938aa464e32512b9c44b2e186dbddb7d2a29b1c Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Tue, 6 Aug 2024 15:19:21 +0000 Subject: [PATCH 01/11] Review introduction --- src/introduction.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/introduction.md b/src/introduction.md index 9254276..38e317d 100644 --- a/src/introduction.md +++ b/src/introduction.md @@ -1,18 +1,18 @@ # Introduction -This book is dedicated to all those good people giving their time and energy, even sometimes in some places, their freedom or even their lives, to do something they truly value. This is a book on anonymity and privacy in this lush forest full of data hunters called the internet. +This book is dedicated to all those good people who give their time and energy, and sometimes in some places, their freedom or even their lives, to do something they truly value. This is a book on anonymity and privacy in this lush forest full of data hunters called the internet. -Every species in this jungle has one thing in common: they all have data they want to protect, even if they don't want to admit it. Even if they say they have nothing to hide, and maybe they're right. I don't hide my credit card credentials either, but I never want anyone who I don't trust to have their hands on them. And that's what privacy is. +Every species in this jungle has one thing in common: they all have data they want to protect. Even if they don't want to admit it, even if they say they have nothing to hide—and maybe they're right—I don’t hide my credit card credentials, but I never want anyone I don’t trust to have their hands on them. And that’s what privacy is. -Privacy is a human right, and nobody should have the right to take it away from someone else. Unfortunately, we live in a world where our rights mean nothing. Companies, doxxers, governments, spy agencies—everyone violates our right to privacy every day. And they won't stop; they profit from our data. Our data is the bricks of their offices. We're the ones who need to stop handing them our data, at least to some degree, without making our lives miserable and unnecessarily difficult. +Privacy is a human right, and nobody should have the right to take it away from someone else. Unfortunately, we live in a world where our rights mean nothing. Companies, doxxers, governments, spy agencies—everyone violates our right to privacy every day. They won’t stop; they profit from our data. Our data is the foundation of their businesses. We are the ones who need to stop handing over our data (to some degree at least, without making our lives miserable and unnecessarily hard). -Some might call this need for privacy paranoia, but protecting yourself and your loved ones from future damage is not paranoia. Look at privacy as insurance; you might trust your government today, you might trust your messenger with your messages, you might trust Google with your whole life. But remember, Satan was once an angel too. Anyone can turn evil; any government can become corrupt and dictatorial. You wouldn't want them to know every single second of your life when they do.‍ +Some might call this need for privacy paranoia, but protecting yourself and your loved ones from future harm is not paranoia. Think of privacy as insurance. You might trust your government today, you might trust your messenger with your messages, you might trust Google with your whole life, but remember, Satan was once an angel too. Anyone can turn evil; any government can become corrupt and dictatorial. You wouldn’t want them to know every single second of your life when they do. -Privacy nowadays is not possible without security. Your data needs to be secure to authorize those whom you want to have access to it. You should expect that everything you put online will be read and opened one day. All you can trust with your data is encryption algorithms and the mathematics behind them, ensuring their security and reliability. But even the most secure encryption algorithms might be broken one day, and that's something to keep in mind. +Privacy nowadays is not possible without security. Your data needs to be secure to authorize those you want to have access to it. You should expect that everything you put online will be read and opened one day. All you can trust with your data is encryption algorithms and the mathematics behind them that ensure their security and reliability. However, even the most secure encryption algorithms might be broken one day, and it's good to keep that in mind. -Privacy and security are also the building blocks of anonymity. You will need both to stay anonymous. Anonymity is when people see what you do—what you want them to see obviously—but they can't know who actually is behind those acts. It's similar to privacy, but in privacy, they know who you are but they don't know what you're doing. +Privacy and security are also the building blocks of anonymity. You will need both to stay anonymous. Anonymity is when people see what you do, what you want them to see, but they can't know who is actually behind those actions. It is similar to privacy, but in privacy, they know who you are, but they don’t know what you’re doing. -This book isn't meant for criminals, terrorists, racists, or anyone seeking to hide their wrongdoing. It's for human rights activists, those fighting for freedom in places where it isn't allowed, and those who contribute positively to society rather than tearing it apart. It's for the heroes who wear masks to protect themselves and their loved ones, not for supervillains. +This book is free, not just in the sense that it costs nothing to read, but free as in freedom. It is a side project of mine, written in my free time under the CC BY-NC 4.0 license. This license allows anyone to share and copy it in any medium and make changes to it, as long as they give credit to the author and indicate the changes they’ve made. Additionally, this license does not permit commercial use. -This book is also free, not in the sense of not costing anything to read, but free as in freedom. It's a side project of mine, written in my free time under the CC BY-NC 4.0 license. This license allows anyone to share and copy it in any medium and make changes to it, as long as they give credit to the author and indicate the changes they've made. Additionally, this license does not permit commercial use. +I’m not doing this for profit; if I wanted money, I would have worked for it. This book and all other projects of mine are driven by my passion for creating free content and software that I think could help others who need them. However, I accept and greatly appreciate donations, as they allow me to spend more time on what I value and not worry as much about working another job that I don’t like just to make a living. If you find my work helpful or want to support what I do, please check the donation section of this book. -I'm not doing this for profit; if I wanted money, I would work for it. This book, along with all my other projects, is driven by my passion for creating free content and software that I believe can help others who need them. However, I do accept and greatly appreciate donations. They enable me to dedicate more time to what I value and worry less about working another job I don't enjoy just to make a living. So, if you find my work helpful or you want to support what I do, please check the donation section of this book. \ No newline at end of file +This book isn’t meant for criminals, terrorists, racists, or anyone who wants to hide their wrongdoings. It is for human rights activists, those fighting for freedom in places where it is not allowed, and those contributing something good to society rather than tearing it apart. It’s for the heroes who need to wear a mask to protect themselves and their loved ones, not for the supervillains. \ No newline at end of file From 17fbbb00731bff1edf640e3c0dcd934d99aaa6c7 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Tue, 6 Aug 2024 15:19:31 +0000 Subject: [PATCH 02/11] Review Chapter 1 --- src/chapter_1.md | 62 ++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 33 deletions(-) diff --git a/src/chapter_1.md b/src/chapter_1.md index a481e9b..ad4e6db 100644 --- a/src/chapter_1.md +++ b/src/chapter_1.md @@ -1,75 +1,71 @@ # Chapter 1 -The Dunning-Kruger effect manifests when you begin learning a skill. Initially, you have high confidence in yourself and your abilities due to your limited understanding of the task. As you delve deeper into learning, your confidence declines as you realize how much you still have to grasp. However, as you continue to master the skill, your confidence gradually rises again. This time, it's supported by your actual proficiency. +The Dunning-Kruger effect shows that when you start learning a skill, you often have very high confidence in yourself and your skill because of how little you know about what you're doing. As you actually start learning, your confidence drops, and over time, as you begin to master the skill, your confidence increases again, but this confidence is now backed by your actual skill. The same applies to privacy and security. Initially, when you start, you might think that opening an incognito tab makes you safe, and nobody knows what you're doing. But as you learn more, paranoia can creep in because you realize how vulnerable you actually are. However, over time, you will build confidence and actually feel safer, and this time, you are genuinely safer than before. -The same principle applies to privacy and security. Initially, you might believe that simply opening an incognito tab makes you safe and anonymous. But as you learn more, paranoia sets in as you realize how vulnerable you actually are. Yet, over time, you'll build confidence, and you'll feel safe again. This time, however, your safety is grounded in actual knowledge and skill. - -In the first chapter, the focus will be on debunking some privacy and security myths that many newcomers in the world of privacy believe in. These myths can actually worsen your privacy by making you more identifiable while providing no real benefit. +In the first chapter, the focus will be on uncovering some privacy and security myths that most newbies in the world of privacy believe in, which can actually make your privacy worse by making you more unique while providing no actual benefit. ## I have no enemies -The first myth, and perhaps the biggest one in the world of privacy, is what I call the "I have no enemies" phenomenon, or what you might know as "I have nothing to hide." As I mentioned in the introduction, even if we don't have things to "hide," we surely have things we want to protect. Maybe it's not even about us; perhaps people we know and care about have things to hide, and we could be the weak link in their privacy chain. +The first myth, and apparently the biggest one in the world of privacy, is what I call the "I have no enemies" phenomenon or what you might know as "I have nothing to hide." + +As I mentioned in the introduction, even if we don’t have things to “hide,” we certainly have things we want to protect. Or maybe it’s not about us; perhaps people we know and care about have things to hide, and we could be the weak link in their privacy. -You and I might not have enemies today, and we might not have things to hide today. But can we say for sure that this will be true in five or ten years? Surely not. We don't and can't know what will happen. Our privacy today can serve as insurance for what might happen later. +You and I don’t have enemies today; we don’t have things to hide today. But can we say for sure that this will be true in five or ten years? Certainly not. We don’t and can’t know what will happen. Our current privacy can serve as insurance for what may happen later. -Imagine if someone managed to gather your personal information and used it for illegal activity. Would it be harder to convince the police or FBI that you didn't do it than it would be to protect your personal information in the first place? Or maybe ten years later, if Google turned evil and worked as a "terrorist detection tool" for the government. When you're traveling with your wife and kids, they pull up your emails, search histories, and suggestions you've received. Due to your searches on explosives last year for your kid's birthday and the ad suggestions you received because of them, you get flagged as a terrorist. Now you spend the rest of your life on a watchlist. +Imagine someone managed to gather your personal information and used it for illegal activities. Would it be harder to convince the police or FBI that you didn’t do it than to protect your personal information in the first place? Or maybe, ten years later, if Google turns evil and acts as a “terrorist detection tool” for the government, and while traveling with your wife and kids, they pull up your emails, search histories, and ad suggestions. If, because of your search on explosives last year for your kid’s birthday and the ad suggestions you received, you are flagged as a terrorist, you could end up spending the rest of your life on a watchlist. -But I assume that if you're reading this book, you probably understand the importance of privacy, especially in this day and age where it's the least respected human right. But we all can change that. The blame for this situation lies with governments, doxxers, companies, and those so-called "national security agencies." However, the responsibility to make things right lies with us. We should protect our privacy. +But I assume if you are reading this book, you probably understand the importance of privacy, especially in this day and age when it is one of the least respected human rights. However, we all can change that. The blame for this situation falls on governments, doxxers, companies, and those so-called "national security agencies." Nevertheless, the responsibility to make things right is on us. We should protect our privacy. ## I'd just go incognito -If you ask someone who's not familiar with how the internet works what they would do to become totally anonymous online, they might say, 'I'd just open incognito mode.' And that is probably the most common myth in the privacy world among normies. The belief that incognito mode means no one will be able to track them or see their activities online. But that's far from reality. All incognito mode does is it won't save the history and logins on the browser you're using. +If you ask someone who's not familiar with how the internet works what they would do to become totally anonymous online, they might say, "I'd just open incognito mode." This is probably the most common myth in the privacy world among those who aren't tech-savvy—that incognito mode means no one will be able to track them or see their activities online. But that's far from reality. All incognito mode does is prevent the browser from saving your history and logins. -Still, your ISP knows what you're doing, the website knows your IP address, and you're still unique and fingerprintable. Incognito mode has some privacy benefits though, especially if you're using someone else's computer. In that case, you wouldn't want your cookies, your search history, or your logins to be stored on their device. But it doesn't contribute much more to your privacy or security than that. +Your ISP still knows what you're doing, the websites you visit know your IP address, and you remain unique and fingerprintable. Incognito mode does have some privacy benefits, particularly if you use someone else's computer; in that case, you wouldn’t want your cookies, search history, or logins to be stored on their device. However, it doesn't contribute much to your overall privacy or security beyond that. -To hide your activities, you'd need something that encrypts your requests and redirects them to your desired destination. This could be a secure proxy, an SSH tunnel, or a VPN. However, it's crucial to note that the sites you visit can still fingerprint you and track you across other websites. I'll cover these in depth in the next chapters. +To hide your activities, you would need something that encrypts your requests and reroutes them to the destination you want to go, such as a secure proxy, an SSH tunnel, or a VPN. However, the sites you visit can still fingerprint you and track you across other websites. I’ll cover these in depth in the next chapters. ## VPNs are Anonymous -This is kind of the biggest myth in the privacy and anonymity world: the belief that if you use a VPN, nobody will know what you're doing and you'll become totally anonymous. But that's completely wrong. Think of VPNs as shifting the trust from your ISP to your VPN provider. When you connect to your VPN, you're now letting them see what your ISP was seeing before. - -Also, they don't do a good job at hiding your real IP. With most VPN companies, a court order will get them to hand over all the logs and data they have on you, and usually, they have a lot. There are some exceptions though. Companies like Mullvad, ProtonVPN, and Windscribe have built their reputations based on the privacy of their users. They can be signed up for anonymously, paid with cash or crypto, and they claim not to log user traffic and activities. But still, that doesn't make them an anonymity tool. - -Even if your VPN provider doesn't log anything, the datacenters hosting their servers surely will. Another thing is that VPNs are vulnerable to traffic analysis; the VPN traffic can be analyzed to find patterns that indicate the source and destination of your traffic. And that's okay; VPNs aren't meant to be anonymity tools after all. +This is kind of the biggest myth in the privacy and anonymity world: that if you use a VPN, nobody will know what you’re doing, and you’ll become totally anonymous. But that’s completely wrong. See VPNs as shifting the trust from your ISP to your VPN provider. When you connect to your VPN, you are now letting them see what your ISP was seeing before. -Another problem with VPNs is fingerprinting. With Tor, you have the Tor Browser, which is designed to make all Tor users look identical. But with VPNs, you're the most unique person on this planet, especially if you have a browser that is modified in any way or if you're using an operating system like Linux or BSD. Even the smallest changes can make you super unique when it comes to fingerprinting, and that's not what you want for anonymity. For privacy, though, that would be fine. You can safely use a hardened Firefox, for example, for your personal usage, like watching YouTube and paying your bills. That's actually a good move. In that scenario, you don't need to look like everybody else; you can be unique. I'll cover fingerprinting more in the next chapters. +Also, they don’t do a good job at hiding your real IP. With most VPN companies, a court order can compel them to hand over all the logs and data they have on you, and usually, they have a lot. There are some exceptions, though; some companies like Mullvad, ProtonVPN, and Windscribe have built their companies based on the privacy of their users. They can be signed up for anonymously, paid with cash or crypto, and they don’t log user traffic and activities. But still, that doesn’t make them an anonymity tool. -If you want to maintain your anonymity, you should use tools specifically built for it, like Tor (and the Tor Browser). What Tor does is precisely what its name stands for: the onion router. It works like an onion, encrypting your data in three layers. As the data passes through each Tor relay, one layer of encryption will be removed, revealing the address of the next relay in the chain until the data reaches the final destination. When browsing the clearnet with Tor, your last relay will be a node called the exit node. The exit node is able to see the data inside your packet, but it won't know for sure where the packet originated. To trace a packet back to its sender, all relays that your traffic passes through must be controlled by one person, which is very unlikely and costly to implement. +Even if your VPN provider doesn’t log anything, the data centers hosting their servers surely will. Another issue is that VPNs are vulnerable to traffic analysis. VPN traffic can be analyzed to find patterns that indicate the source and destination of your traffic, and that is fine; VPNs aren’t meant to be an anonymity tool after all. -However, when you browse websites hosted on the Tor network, your data is end-to-end encrypted with the website's public key (the website's address is the public key, which is why Tor addresses are so long and hard to memorize). Therefore, nobody in the middle can open the traffic; they will simply pass it through until it reaches its destination. +Another problem with VPNs is fingerprinting. With Tor, you have the Tor Browser, which is designed to make all Tor users look identical. But with VPNs, you’re the most unique person on this planet, especially if you have a browser that is modified in any way or if you’re using an operating system like Linux or BSD. Smallest changes can make you super unique when it comes to fingerprinting, and that’s what you don’t want for anonymity. For privacy, though, that would be fine. You can safely use a hardened Firefox, for example, for your personal usage, like watching YouTube and paying your bills. That’s actually a good move. In that scenario, you don’t need to look like everybody else; you can be unique. I’ll cover fingerprinting more in the next chapters. -There are other anonymity tools as well, such as Lokinet, which is the newest, and I2P. Both of these are technically more anonymous than the Tor network, but technicality isn't everything. I2P and Lokinet both have very limited nodes compared to Tor, which makes the network more vulnerable. Additionally, neither of them provides a browser like the Tor Browser to prevent fingerprinting of users. +If you want to keep your anonymity, you should use tools specifically built for it, like Tor (and the Tor Browser). What Tor does is what its name stands for: The Onion Router. It works like an onion; it encrypts your data in three layers. As the data passes through each Tor relay, one layer of encryption is removed, revealing the address of the next relay in the chain until the data reaches the final destination. When browsing the clearnet with Tor, your last relay will be a node called the exit node. The exit node can see the data inside your packet, but it won’t know for sure where the origin of the packet is. To trace a packet back to its sender, all relays that your traffic passes through must be controlled by one person, and that’s very unlikely and costly to implement. When you browse websites hosted on the Tor network, your data is end-to-end encrypted with the website’s public key (the website’s address is the public key, and that’s why Tor addresses are so long and hard to memorize). So nobody in the middle can open the traffic; they will just pass it through until it reaches its destination. -So for now, the best option is Tor, both because of its proven track record over the years and the considerable number of volunteer nodes and relays it has. Moreover, the Tor Browser does a great job of making Tor users identical to each other when using the Tor network. +There are other anonymity tools as well, such as Lokinet (which is the newest) and I2P. Both are technically more anonymous than the Tor network, but technicality isn’t everything. I2P and Lokinet both have very limited nodes compared to Tor, which makes the network more vulnerable. Additionally, neither provides a browser like the Tor Browser to prevent fingerprinting of users. For now, the best option is Tor, both because of its proven track record over the years and its considerable number of volunteer nodes and relays, and also because the Tor Browser does a great job at making Tor users identical to each other when using the Tor network. -Something to keep in mind when using the Tor Browser is that you shouldn't modify anything. Leave it as is; don't install plugins or tweak it. The Tor Browser is meant to have similar fingerprints to other Tor browsers, and even the smallest changes might make you the most unique person on the Tor network. +Something to keep in mind when using the Tor Browser is that you shouldn’t modify anything. Leave it as is; don’t install plugins or tweak it. The Tor Browser is meant to have similar fingerprints to other Tor Browsers, and even the smallest changes might make you the most unique person on the Tor network. ## I'm using a strong password -Another/ myth that I see a lot of normies believe in is that they have to have a strong password, something random and hard to memorize. Having strong passwords is a must, but having a strong password for everything not only doesn't contribute much to your security but also makes you really vulnerable. +Another myth that I see a lot of normies believing is that they have to have a strong password—something random and hard to memorize. Having strong passwords is a must, but having a strong password for everything not only doesn’t contribute much to your security but also makes you very vulnerable. -Imagine you've used your password for every site you've ever signed up for. The password is really complicated and strong, though. But if one of these sites didn't store your password properly and they got hacked, and their database went public, now anybody can use that same password for any other website or service that you've signed up for, and they'd log in. +Imagine you use your strong, complicated password for every site you’ve ever signed up for. If one of these sites didn’t store your password properly and they got hacked, and their database went public, now anybody can use that same password for any other website or service you’ve signed up for, and they’d log in. -Instead of bothering with memorizing a really hard password, you should be using a password manager, either something locally stored like KeePass or something online like Bitwarden. +Instead of bothering with memorizing a really hard password, you should use a password manager, either something locally stored like KeePass or something online like Bitwarden. -Those password managers that store the passwords locally are obviously more secure than the online ones, simply because if anyone wants to gain access to their database, they'd have to gain access to your computer. Not saying that it's impossible to gain access to your computer, but Bitwarden's servers might be far more targeted than you personally. Other than that, they're both fully encrypted. Even if something got leaked someday, your data will be securely stored and near impossible to access, at least with the tools and computers we have today. +Those password managers that store passwords locally are obviously more secure than the online ones, simply because if anyone wants to get access to their database, they’d have to gain access to your computer. I’m not saying it’s not possible to gain access to your computer, but Bitwarden’s servers might be far more targeted than your personal device. Other than that, they’re both fully encrypted. Even if something got leaked someday, your data will be securely stored and nearly impossible to access, at least with the tools and computers we have today. -Your password manager then can be accessed using a passphrase (not a password). Passphrases are way more memorable while being a lot more secure. A passphrase can be something like: `Name-Seat-Look-Chair-Plane7-Stree7`, just six words, one punctuation character, and 7s instead of the letter T. Compared to a password like: `*&(*747983HJGHgdgsutpshlnb`, the passphrase will be more secure while being memorable. +Your password manager can then be accessed using a passphrase (not a password). Passphrases are way more memorable while being a lot more secure. A passphrase can be something like: `Name-Seat-Look-Chair-Plane7-Stree7`—just 6 words, one punctuation character, and 7s instead of the letter T. Compared to a password like `*&(*747983HJGHgdgsutpshlnb`, the passphrase will be more secure while being memorable. ## Big Tech is evil -There's this idea, even among people who are not normies, that the big tech companies are evil. They're believed to have bad security and bad privacy practices. While this may hold true for privacy concerns, it's not necessarily the case for security. Companies like Google and Microsoft probably have good security measures in place, but we can never be entirely sure. +There is this idea, even among people who are not normies, that big tech companies are evil, and that they have bad security and bad privacy. That might be true for privacy, but not much for security. Companies like Google and Microsoft probably have good security, but we can never be sure. -The reason for this uncertainty is that they're not transparent about how they implement things. We can't see what they do to protect our data, and that's what makes them untrustworthy. A company like Signal has its server, client, and encryption schemes open-sourced for the public. On the other hand, something like Telegram only has its client open-sourced, and that's it. We don't know much about the server or even their encryption scheme that they brag is unbreakable. In this situation, we might say Telegram is not suitable for its purpose, which is messaging people, as it is not secure. +This is because they’re not open about how they have implemented things. We can’t see what they do to protect our data, and that’s what makes them untrustworthy. A company like Signal has its server, client, and encryption schemes open-sourced for the public. On the other hand, something like Telegram only has its client open-sourced, and that’s it. We don’t know much about the server or even their encryption scheme, which they brag is unbreakable. In this situation, we say Telegram is not good for its purpose, which is messaging people. It is not secure. -However, in the case of something like Google Drive, which offers a reasonable amount of free cloud storage, you can still use it. If you already have a Google account associated with your identity, you can use that Google Drive to upload some encrypted data that you don't have space for elsewhere. Just because it's Google doesn't mean it's pure evil, and there can still be uses for it. You can use Google once you're self-conscious about your privacy. +However, in the case of something like Google Drive, which gives you a reasonable amount of free cloud storage, you can use it. If you already have a Google account associated with your identity, you can use Google Drive to upload some encrypted data that you don’t have space for. Just because it’s Google doesn’t mean that it’s pure evil, and there can be uses for it. You can use Google once you are self-conscious of your privacy. -Although, every day, more and more privacy-friendly alternatives are emerging. In the near future, you might not need to use Google or other similar companies. +Although every day more and more privacy-friendly alternatives are coming out, so in the near future you might not need to use Google or other companies like it. ## Open-source means private -Yes, open-source software is more transparent than proprietary software and has the potential to be more secure and private. However, transparency and potential alone don't make them more private or secure. It's essential to look for independent audits of the software you intend to use. Also, being proprietary doesn't necessarily mean it's less safe. Assess the reputation of the software and its maintainers and determine whether it undergoes audits. +Yes, open-source software is more transparent than proprietary software and has the potential to be more secure and private, but transparency and potential alone don’t make them more private or more secure. You need to look for independent audits of the software you are about to use. Also, being proprietary doesn’t mean they’re less safe. Look for the reputation of the software and the maintainers of it and whether they are audited or not. --- -These were some of the most common myths about online privacy and security. Countless misconceptions exist, and in such situations, it's crucial to approach them with logic rather than bias. We need to plan out where to focus our time and energy wisely. The next chapter will delve into threat modeling and the common threats you should be aware of before designing your own threat model. \ No newline at end of file +These were some of the most common myths about privacy and security online. There are endless myths that people believe in. In these situations, we should be logical rather than biased. We need to plan out what we need to do, what is worth our time and energy, and the next chapter is about that—about threat modeling and common threats that you need to know before you start designing your threat model. \ No newline at end of file From f7f8ddbea614a77c603252fd83f9d2dd1a83a73c Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Tue, 6 Aug 2024 15:36:13 +0000 Subject: [PATCH 03/11] Review Chapter 2 --- src/chapter_2.md | 122 ++++++++++++++++++++++++----------------------- 1 file changed, 63 insertions(+), 59 deletions(-) diff --git a/src/chapter_2.md b/src/chapter_2.md index 051ab33..8a24a0d 100644 --- a/src/chapter_2.md +++ b/src/chapter_2.md @@ -1,154 +1,158 @@ # Chapter 2 -Imagine you're playing Minecraft. You've respawned somewhere random on the map, and you don't have the geo-location of the house you had built. It would be really annoying and time-consuming, or sometimes even impossible (leading to frustration), to find your home in the game if you don't know where and in which direction to go. You run out of food, out of energy, and there will be nights with all the mobs—zombies trying to attack you, skeletons shooting arrows at you, and creepers blowing themselves up right beside you. But if you had the X, Y, Z coordinates of your house and the direction you needed to go, you could've gotten there before nightfall, before facing all those challenges. +Imagine you're playing Minecraft, and you have respawned somewhere random on the map. You don’t have the geolocation of the house you built. It will be really annoying and time-consuming, or even sometimes impossible (you might give up due to frustration), to find your home in the game if you don’t know where and in which direction to go. You run out of food and energy, and there will be nights with all the mobs, zombies trying to attack you, skeletons shooting arrows at you, and creepers blowing themselves up right beside you. But if you had the X, Y, Z coordinates of your house and the direction you needed to go, you could have gotten there before nightfall and avoided all that hard time fighting mobs and getting nowhere. -In this book, I've planned to explain more advanced stuff as the chapters progress. So, the first chapter was about debunking some common myths about privacy and security. In this chapter, things get a little more actionable. This chapter will focus on threat modeling because I believe it's the most crucial step to take when you start your privacy journey. Otherwise, you'll spend a lot of time, stress, hard work, and sufferings without achieving your personal needs. +In this book, I’ve planned to explain more advanced topics as it progresses. So the first chapter debunked some common myths about privacy and security, and in this chapter, things get a little more actionable. This chapter is all about threat modeling, as I believe it is the most important step to take when you start your privacy journey. Otherwise, you’ll spend a lot of time, stress, and hard work, and all the effort will be of no benefit for your personal needs. -Having a threat model can be the equivalent of having the location of your house in Minecraft written down on a paper. Whenever you go far away from your home, you know where to go to get back. In the case of privacy and security, you'll be understanding what threats are relevant to you personally, what you want to protect, and taking actions based on that. Instead of blindly using Tor on Whonix OS for no actual reason and making your own life harder and even worsening your privacy in the process. +Having a threat model can be the equivalent of having the location of your house in Minecraft written down on paper. Whenever you go far away from your home, you know where to go to get back. In the case of privacy and security, you will know what threats you personally face, what you want to protect, and take actions based on that, rather than blindly using Tor on Whonix OS for no actual reason and potentially making your life harder and even your privacy worse in the process. ## There's nothing called full security -Nothing can be fully secure, fully private, or fully anonymous. When it comes to threat modeling, you need to make sacrifices. You should prioritize what matters the most and work on those areas, rather than wasting time trying to make everything private and secure, which would be impossible. +Nothing can be fully secure, fully private, or fully anonymous. When it comes to threat modeling, you need to make sacrifices. You should see what matters the most and work on those areas rather than wasting time trying to make everything private and secure, which is impossible. -A threat model is a list of the threats that are most likely to happen. You can't protect yourself from every threat, never. However, you can work on protecting yourself from those that are most likely to occur. +A threat model is a list of what threats are most likely to happen. You can't protect yourself from every threat, but you can work on protecting yourself from those that are most likely to happen. For example, for a rapper, the most likely threat could be their music getting leaked. When designing your threat model, you should address these questions: - What do I need to protect the most? In the example of the rapper, the unreleased music would be the answer. -- Who do I need to protect it from? For the rapper, this could include online hackers and those physically with access to the songs. -- What are the chances of it happening? For the rapper, if they're famous enough, it's quite likely. -- What will happen if I fail? For the rapper, this could cost them financially. -- What can I do to protect it? For the rapper's example, they could use encrypted hard drives and restrict access to prevent human errors. +- Who do I need to protect it from? For the rapper, that could be online hackers and those who are physically with him and have access to the songs. +- What are the chances of it happening? For the rapper, if he's famous enough, it's quite likely. +- What will happen if I fail? For the rapper, that could cost him financially. +- What can I do to protect it? For the rapper's example, he could use encrypted hard drives and restrict access to others to prevent human errors. ### What do I need to protect the most? -To answer this question for yourself, you first need to list what you value the most. It could be your digital assets, like your cryptocurrencies, the information you have, such as your emails, contacts, messages, or important files. Whatever you value, write them down. +To answer this question for yourself, you need to first list what you value the most. It could be your digital assets, like your cryptocurrencies, the information you have, like your emails, your contacts, your messages, or some files that are important to you. Whatever you value, write them down. -Make your list like this: specify what data it is that you're protecting, how and where you're keeping it, who you want to allow access to it, and what can be done to prevent unauthorized access. +Make your list like this: what data it is that you're protecting, how and where you're keeping it, who you want to allow to have access to it, and what can be done to prevent unauthorized access to it. -Once you've written your list, prioritize it based on the most valuable to the least valuable data. Then, you can take a step forward. +When you write your list, prioritize it based on the most valuable to the least valuable data. Then you can take a step forward. ### Who do I need to protect it from? -It can be anyone or anything, depending on your personal situation. For an activist, for example, it could be governments. For someone protesting against fascism, it could be neo-Nazi hackers and doxxers. For a business, it could be their competitors. +It can be anyone and anything; it's up to your personal situation. For an activist, for example, it could be the government. For someone who protests against fascism, it could be neo-Nazi hackers and doxxers. For a business, it can be their competitors. -Try making a list of those who might be interested in getting their hands on your assets or data. Your list can include individuals, federal agencies, corporations, doxxing groups, cults—anything you think might be relevant. +Try making a list of those who might be interested in getting their hands on your assets or data. Your list can include individuals, a federal agency, a corporation, a doxxing group, a cult, anything—you know it better. -This list can help you understand what and who you're up against, what they can do, and what costs they might be willing to pay to get their hands on your data. It helps you see more clearly and realistically. +This list can help you see what and who you're standing against, what they can do, and what costs they might be willing to pay to get their hands on your data. It helps you see more clearly and realistically. ### What are the chances of it happening? -Not everything that might happen will happen. Write down the threats that you think are likely to occur, as many as you can think of, and then rate them based on their probability. Is it highly probable to happen? Is it unlikely? Is it even possible to protect your data against it? +Not everything that might happen will happen. Write down the threats that you think are going to happen, as many as you can think of, and then rate them based on their probability of happening. Is it highly probable to happen? Is it rarely going to happen? Is it even possible to protect your data against it? -For example, you might get struck by lightning when it's raining and die, but how probable is that? Would you find an insulating shelter until the rain ends? No, because there's a low chance of it happening. Or you might crash your car every time you get behind the wheel to drive, but do you stop driving? No. Or you might get shot if you go to a gang war zone, and you probably won't, because it's quite likely to happen. The same applies to your threat modeling—you need to rate the threats based on their probability of happening. +For example, you might get struck by lightning when it's raining and die, but how probable is that? Would you find an insulating shelter until the rain ends? No, because there's a low chance of it happening. Or you might crash your car every time you get behind the wheel to drive, but do you stop driving? No. Or you might get shot if you go to a gang war zone, and you probably won't, because it's quite likely to happen. The same goes for your threat modeling; you need to rate the threats based on their probability of happening. ### What will happen if I fail? -Next, you need to consider the consequences of failing to protect your data. For example, if an anti-fascist protester's home address and information are put online by doxxers, it could pose physical threats to their safety. If a company fails to protect its data, hackers or competitors might corrupt all the company's data, leading to bankruptcy. Or, in my case, if someone were to read the memes I send to my friends on Telegram, probably nothing horrible would happen to me. +Then you need to see what the consequences of failing to protect your data are. For example, for an anti-fascist protester, if doxxers put his home address and all information online, it could pose physical threats to him. Or, if a company fails to protect its data, hackers or competitors might corrupt all the company's data and drive it toward bankruptcy. On the other hand, if I, who sends memes to my friends on Telegram, have my messages read by someone, probably nothing horrible will happen to me. -You need to write down what the attackers might want to do when they get their hands on your data. Will the harm they cause be minor enough that you wouldn't bother? Or is it severe enough that it could be life-threatening? You need to address those potential consequences. +You need to write down what the attackers might want to do when they get their hands on your data. Will the harm they cause be so little that you wouldn't bother? Or is it so significant that it could be life-threatening? You need to address these questions. ### What can I do to protect it? -Then, you can move on to researching what can be done to protect that data, what costs come with those measures, and how much they'll complicate your life, or if you're willing to make the effort. +Then you can move on to doing your research, seeing what can be done to protect that data, what costs will come with it, and how much it will make your life harder. Are you willing to take the effort? -For example, if you have cryptocurrencies, you can explore how to protect your assets. You might need to implement multisignature wallets, or store your assets offline on a secure and dedicated machine with encryption and no additional software. +For example, if you have cryptocurrencies, you can see how you might protect your assets. You might need to implement multi-signature wallets or store your assets offline on a safe and dedicated machine with encryption and no additional software on it. ### Then you take action -After designing your threat model, you can move on to taking action. For example, with cryptocurrency assets, you can start by backing up your assets on paper, storing them somewhere safe, using an offline and audited wallet, downloading your own blockchain instead of relying on other nodes run by others, or even purchasing a dedicated machine specifically hardened for this need and purpose. +After you design your threat model, you can move on to taking action toward it. In the example of cryptocurrency assets, you can start by backing up your assets on paper, putting it somewhere safe, using an offline and audited wallet, downloading your own blockchain instead of relying on nodes run by others, and even buying a dedicated machine specifically hardened for this need and purpose. -You might create a checklist at this point to ensure you don't forget anything and implement all the actions you believe will keep your data secure. +You might create a checklist at this point to make sure you don't forget anything and implement all the actions you think would keep your data secure. ## Common threats when threat modeling -Different threats require different actions; there would be no action you can take to protect yourself from all of them. And that's fine—you don't need to. That's why you designed a threat model: to take actions on the most probable and most consequential threats based on your own personal situation. +Different threats require different actions; there is no action you can take to protect yourself from all of them. And that's fine—you don't need to. That's why you designed a threat model: to take actions on the most probable and most consequential threats based on your own personal situation. -Your threats might not be among this list of common threats; they might require their unique strategies to protect yourself against. Again, you should act on your threat model. These are some concepts that I will refer to in this book, especially in this chapter: +Your threats might not be among this list of common threats. They might require unique strategies to protect yourself against. Again, you should act on your threat model. These are some concepts that I will refer to in this book, especially in this chapter: -- Anonymity: Separating and protecting your real identity from your online activities, shielding yourself from anyone or anything wanting to unveil your vigilante mask and expose your real face. -- Targeted Attacks: Shielding yourself from hackers, doxxers, government agencies, etc., that are specifically trying to get their hands on your data. -- Passive Attacks: Defending yourself against attacks that target a large group of people, like when a company gets hacked and their data breaches to the public, or malware and scammers targeting thousands of people. -- Supply Chain Attacks: Attacks that occur because of a vulnerability in a dependency of a trusted program, like the Linux distros getting backdoored because of a backdoor in xz utils (CVE-2024-3094) in 2024. -- Service Providers: Protecting your data from service providers, like your ISP, usually through end-to-end encryption of your communications. -- Mass Surveillance: Shielding yourself from surveillance systems that target the mass population, usually done by governments, but the websites that track you across the web are also in this category. -- Big Tech Surveillance: Safeguarding yourself from big tech companies that profit from tracking you on the internet and selling your data for advertisement, like Google, Facebook, etc. -- Public Exposure: Limiting the data available of you publicly on the internet, for example, your personal data indexed by search engines, etc. -- Censorship: Bypassing digital censorship or avoiding being censored when using the internet or putting something out on the internet. +- **Anonymity:** Separating and protecting your real identity from your online activities, protecting yourself from anyone/anything wanting to take your vigilante mask and see your real face. +- **Targeted Attacks:** Protecting yourself from hackers, doxxers, government agencies, etc., that are specifically trying to get their hands on your data. +- **Passive Attacks:** Protecting yourself from attacks that target a large group of people, such as when a company gets hacked and their data breaches to the public, or from malware and scammers targeting thousands of people. +- **Supply Chain Attacks:** Attacks that happen because of a vulnerability in a dependency of a trusted program, like the Linux distros getting backdoored because of a backdoor in xz utils (CVE-2024-3094) in 2024. +- **Service Providers:** Protecting your data from service providers, like your ISP, usually through end-to-end encryption of your communications. +- **Mass Surveillance:** Protecting yourself from surveillance systems that target the mass population, usually done by governments, but also includes websites that track you across the web. +- **Big Tech Surveillance:** Protecting yourself from big tech companies that profit from tracking you on the internet and selling your data for advertisement, like Google, Facebook, etc. +- **Public Exposure:** Limiting the data available about you publicly on the internet, for example, your personal data indexed by search engines, etc. +- **Censorship:** Bypassing digital censorship or avoiding being censored when using the internet or putting something out on the internet. ### Anonymity vs Privacy -Anonymity is totally different from privacy, but privacy is required to achieve anonymity. Anonymity is when Daredevil goes out at night to fight the Russians working for Wilson Fisk. They don't know that Daredevil is Matt Murdock, but they know what he does. Matt Murdock has untied his personal identity, which is a blind attorney, from his vigilante identity, which is this badass dude in a black and red suit fighting crime in Hell's Kitchen. Matt Murdock is anonymous when he's Daredevil, and the Wilson Fisk and every other criminal he has fought are the attackers who would love to unveil his identity and find out who's behind this mask. +Anonymity is totally different from privacy, but privacy is required to achieve anonymity. Anonymity is when Daredevil goes out at night to fight the Russians working for Wilson Fisk—they don't know that Daredevil is Matt Murdock, but they know what he does. Matt Murdock has untied his personal identity, which is a blind attorney, from his vigilante identity, which is this badass dude in a black and red suit fighting crime in Hell's Kitchen. Matt Murdock is anonymous when he's Daredevil, and Wilson Fisk and every other criminal he has fought are the attackers who would love to unveil his identity and find out who's behind the mask. -Here in this example, Matt Murdock has used privacy to achieve that anonymity. He has separated his identity in a way that nobody would be suspicious of him being Daredevil. He pretended all the years that he can't see anything, can't even walk without his cane, and even if he was injured, he would say that he fell down some stairs. And that's the privacy there, protecting his anonymity. He decided for people to see this side of Matt Murdock, not the Daredevil side of him. +In this example, Matt Murdock has used privacy to achieve that anonymity. He has separated his identity in a way that nobody would be suspicious of him being Daredevil. He pretended all these years that he can't see anything, can't even walk without his cane, and even if he was injured, he would say that he fell down some stairs. That's the privacy there protecting his anonymity. He decided to let people see this side of Matt Murdock, not the Daredevil side of him. The same thing applies in the online world, but here the tools are different. The masks are digital tools using encryption and onion routing, but the concept is the same. If you're some kind of vigilante like Matt Murdock, you probably need to protect and separate your real identity from your vigilante identity. ### Targeted Attacks -Daredevil was targeted too; all of the Hell's Kitchen criminals were after him. So he needed to protect his identity and anonymity while defending himself against targeted attacks from one of the most powerful villains of New York, the Kingpin. But who else might be in a situation like Daredevil's? Whistleblowers, activists, and protesters. However, they need different tools than Matt Murdock. They might need the Tor browser rather than a mask, or end-to-end encryption tools to communicate and store data rather than an indestructible suit made by Melvin Potter. +Daredevil was targeted too; all of Hell's Kitchen criminals were after him. So he both needed to protect his identity and anonymity while protecting himself against targeted attacks from one of the most powerful villains of New York, the Kingpin. But who else might be in the situation of Daredevil? The whistleblowers, the activists, and the protesters. But they need different tools than Matt Murdock. They might need the Tor browser rather than a mask; they might need E2EE tools to communicate and store data rather than an indestructible suit made by Melvin Potter. -But if you think the NSA, CIA, and other agencies are after you, you can't run from them forever. You might be able to fake your death and live in a submarine, but they will probably find you. This usually falls into the category of threats that you'd rather not bother about because of how difficult it might make your life. Also, it is quite rare to be that targeted. Usually, those targeted by the NSA have the support of another corrupt government. +But if you think the NSA, CIA, and other agencies are after you, you can't run from them forever. You might be able to fake your death and live in a submarine, but they will probably find you. This usually categorizes as those threats that you rather not bother about because of how difficult it might make your life. Also, it is quite rare to be that targeted. Usually, those targeted by the NSA have the support of another corrupt government. ### Passive Attacks -This kind of attack affects most people of Hell's Kitchen, from Foggy Nelson to the Frank Castle, even the people of Gotham City. It affects both villains and heroes, from Batman to Harley Quinn. These attacks are usually towards large groups of people, like malware spreading on the internet. When WannaCry spread on the internet, it affected anything that had that vulnerable version of Windows; it didn't choose. +This kind of attack affects most people of Hell's Kitchen, from Foggy Nelson to Frank Castle, even the people of Gotham City. It affects the villains and the heroes, from Batman to Harley Quinn. These attacks are usually toward large groups of people, like malware spreading on the internet. When WannaCry spread on the internet, it affected anything that had that vulnerable version of Windows. It didn't choose. -This kind of attack, in my opinion, is the most probable for the majority of people. We all have signed up for many websites in our lifetimes; a data breach in one of them would be really likely and can definitely affect us if we haven't taken any precautions. +This kind of attack, in my opinion, is most probable for the majority of people. We all have signed up for many websites in our lifetimes. A data breach in one of them would be really likely and can definitely affect us if we haven't taken any precautions. ### Supply Chain Attacks -Supply chain attacks can target even the most trusted programs by exploiting vulnerabilities in the programs they depend on. Sometimes, these attacks are targeted towards businesses or governments, but they can affect the mass population in the process. Preventing supply chain attacks is challenging; it requires time and energy to audit and test every dependency in the chain to be sure, but even then, there are always flaws. Nothing can be fully secure. +Supply chain attacks can target even the most trusted programs by attacking other programs that our programs are built on. Supply chain attacks are sometimes targeted at businesses or governments, but they can affect the mass population in the process. These attacks are hard to prevent; they require time and energy to audit and test every dependency on the chain to be sure, but we can't be certain. There are always flaws—nothing can be fully secure. -But how are these attacks performed? There are several common methods: +So, how can these attacks be performed? There are a lot of ways; here are some common ones: - Someone with enough power and a high enough position in a company or developer team can have the authority to add malicious code to a software. - In the open-source world, someone can contribute malicious code in a way that it gets added to the codebase unnoticed. -- The author and maintainer of a library or dependency can decide to inject a backdoor into the code. +- The author and maintainer of a library or dependency can decide to inject a backdoor in the code. #### Minimizing the Risk -While the risk can't be fully eliminated, there are ways to reduce it: +How can we minimize the risk? Well, it can't be fully eliminated, that's for sure. But there are ways: -- Software and services from big companies like Google generally have a good reputation and better security than software developed by a small team or an individual. +- Software and services from big companies like Google usually have a good reputation and better security than software developed by a small team or an individual. - Checking the commits, changes, and contributors in the case of open-source software. - Frequently checking for known security flaws in software. - Using independently audited software. -- Sandboxing and isolation to minimize the impact of possible attacks. +- Sandboxing and isolating to minimize the impact of possible attacks. ### Service Providers -Your ISP can see all your traffic, much like Joker has put a GPS tracker on Batman's Batmobile. Joker knows where Batman is going, and he can log that information as well. However, thanks to TLS and HTTPS, the data that ISPs can see has become limited. They can know the IP address, the Server Name Indicator (SNI) of your traffic, and the DNS queries. But there are fixes for this. We can encrypt DNS, encrypt the client hello and SNI, and then all your service provider would see is the destination IP and timestamps if TLS is enabled for that website or service. +Your ISP can see all your traffic, like the Joker putting a GPS on Batman's Batmobile. The Joker knows where Batman is going and can log those movements as well. However, thanks to TLS and HTTPS, the data that ISPs can see has become limited. They can know the IP address and the Server Name Indicator (SNI) of your traffic and the DNS queries, but there are fixes. We can encrypt DNS, encrypt the Client Hello, and SNI, so all your service provider would see is the destination IP and timestamps if TLS is enabled for that website or service. -Here, you can shift the trust from your ISP to a VPN provider that doesn't log your traffic and allows you to sign up anonymously, such as Mullvad and ProtonVPN. However, this is just shifting the trust, not eliminating it. For that, there are other tools made, like TOR, which would ensure that no one in the middle would be able to see where you are going and what you are doing if you use the websites on the TOR network and not the clearnet. Using encrypted DNS is also shifting the trust; still, the DNS server knows you and when and where you wanted to go. Luckily, TOR has its own DNS as well. +You can also shift the trust from your ISP to a VPN provider that doesn't log your traffic and allows you to sign up anonymously, such as Mullvad or Proton VPN. But remember, this is just shifting the trust, not eliminating it. For that, there are other tools, such as Tor, which ensures that no one in the middle can see where you're going and what you're doing (if you use websites on the Tor network and not the clearnet). + +Using encrypted DNS is also shifting the trust; the DNS server still knows who you are and when and where you wanted to go. Luckily, Tor has its own DNS as well. ### Mass Surveillance -David Liberman, also known as Micro, was an NSA analyst and hacker who, when trying to expose the CIA's drug transshipment in Afghanistan, got "killed" by a corrupt Homeland Security agent. However, he survived and gained access to all CCTV cameras and everything that these government agencies had access to so he could find Frank Castle, aka Punisher, to help him kill all those who were a threat to his family so he could get back home. At least, that's what I remember from the show. The movie is not the point. This kind of act—spying on all people, spying on all internet traffic, logging every packet—is what's called mass surveillance. It affects everyone. +David Liberman, also known as Micro, was an NSA analyst and hacker who, when he tried to expose the CIA's drug trafficking in Afghanistan, was "killed" by a corrupt Homeland Security agent. However, he survived. He gained access to all CCTV cameras and everything that these government agencies had access to, so he could find Frank Castle, aka the Punisher, to help him kill all those who were a threat to his family so he could get back home. At least, that’s what I remember. The movie is not the point. This kind of act—spying on all people, spying on all internet traffic, logging every packet—is what is called mass surveillance. It affects everyone. -Governments usually justify this by saying that they're fighting terrorism, but in reality, it has little to no effect on crime, and some governments use it for social credit systems. +Governments usually justify this by saying that they're fighting terrorism, which is not true in reality. It has little to no effect on crime, and some governments use it for social credit systems. ### Big Tech Surveillance -There is another kind of mass surveillance that isn't done by governments or agencies; it's done by big tech companies like Google and Facebook. Being the largest tech companies with the most internet users, they gather and collect a vast amount of data—sometimes even more than what governments collect in certain countries. +There is another kind of mass surveillance that is not done by governments or agencies; it is done by big tech companies like Google and Facebook. Being the biggest tech companies with the most internet users, they gather and collect a huge amount of data, sometimes even more than the government would do in some countries. -This kind of mass surveillance differs from that of governments. These companies don't deny their activities or claim it's for stopping terrorism or national security. They simply do it to sell the data they gather. +This kind of mass surveillance is different from that done by governments. The companies don’t deny it or claim it’s for stopping terrorism or national security; they simply do it to sell the data they gather. -They make tons of money from your data by using it for advertising, tracking you across the internet. However, there are no guarantees that this won't go beyond being about money and advertisements. These companies might work with government agencies in the future as well. +They make tons of money from your data by using it for advertising. They track you across the internet. But there is no guarantee that it won't go beyond just money and advertising. They might work with government agencies in the future as well. ### Public Exposure -When I was 8 years old, I created a personal website that included my name, email, and phone number. It took months of back-and-forth with Google and the blogging website to remove it from search engine results. This is what public exposure is: the data publicly available about you online, often put out there by yourself when you didn't care about privacy. It can be quite hard and sometimes impossible to take this information down. In fact, it's always impossible to truly delete something you've posted on the internet. This is why you should adopt the mindset that anything you say, post, or share online might stay there forever. Even if it's encrypted, you need to assume it will be read one day—maybe not in your lifetime, but eventually. +When I was 8 years old, I created a personal website for myself, which had my name, email, and phone number on it. It took me months, going back and forth with Google and the blogging website, to take it down from the search engine results. This is what public exposure is: the data that is publicly available about you online. It can even be put out there by yourself when you didn't care about privacy. It is quite hard and sometimes impossible to take it down. In fact, it is always impossible to truly delete something you have put out there on the internet. That's why you should set your mindset to assume that if you say something, post something, or share something, it might stay on the internet forever. Even if it's encrypted, you need to assume it will be read one day—maybe not in your lifetime, but eventually. -Prevention is the best treatment. The best way to keep your data private is to not make it public in the first place. Remember, nobody will call the cops on you because you didn't sign up on Instagram with your real identity. It's the internet, not the military or a bank. You don't need to use your real name, phone number, or home address. Keep your real phone number for people you know personally, not for every troll, doxxer, or whoever might use the internet. The same goes for your real name and other personal details. +Prevention is the best treatment. The best way to keep your data private is to not make it public to start with. Keep in mind that nobody will call the cops on you for not signing up on Instagram with your real identity. It's the internet; you're not signing up for the military or opening an account at a bank. You don’t need to use your real name, phone number, and home address on the internet. Nobody needs to know these things about you. Keep your real phone number for those you know personally, not for every troll, doxxer, or anyone who might use the internet. The same goes for your real name and other personal details. ### Avoiding Censorship -Sometimes you need privacy and security to avoid censorship, whether it's applied by a government, a platform like Twitter, or a Matrix server administrator. Most of us, including myself, hate censorship. Censorship holds society back from growth; it's like shutting off innovation, creativity, and new ideas. It is typically applied by those who need to protect their empires by force because they themselves know how wrong they are. +Sometimes you just need privacy and security to avoid censorship, whether it is applied by a government, a platform like Twitter, or a Matrix server administrator. Most of us, including myself, hate censorship. Censorship holds society back from growth; it's like shutting off innovation, creativity, and new ideas. It is usually imposed by those who need to protect their empires by force because they themselves know how wrong they are. -In this scenario, privacy tools like VPNs, proxies, encrypted DNS, and Tor can help you bypass censorship. Privacy-friendly platforms like Mastodon, which allow you to host them yourself, enable you to freely express your thoughts without someone like Elon Musk getting mad at you. +In this scenario, privacy tools like VPNs, proxies, encrypted DNS, and Tor can help you bypass censorship. Privacy-friendly platforms like Mastodon, which allow you to host them yourself, enable you to speak freely without someone like Elon Musk getting mad at you. ## The journey begins... -These were some of the common threats and common ways to design your threat model based on. It can vary based on your very unique situation; you need to address your own personal needs when it comes to threat modeling. But it's not something you should skip; otherwise, you would be lost, wasting time and energy on things you don't need. That's how I started my privacy journey—I didn't design a threat model. Instead, I tried to make myself bulletproof from every possible attack and ended up wasting a year of my life. I also gave myself long-lasting anxiety and paranoia for no reason, all because I didn't plan out who I'm protecting my data from. +These were some of the common threats and ways to design your threat model. It can vary based on your unique situation; you need to address your own personal needs when it comes to threat modeling. But it's not something you should skip; otherwise, you would be lost and waste time and energy on things you don’t need. That was how I started my privacy journey. I didn’t design a threat model; instead, I tried to make myself bulletproof from every possible attack. Not only did I waste a year of my life, but I also gave myself long-lasting anxiety and paranoia for no reason, all because I didn’t plan out who I was protecting my data from. + +--- -That's it for this chapter. In the next one, I'll cover operational security, which I find to be not technical yet one of the most important aspects of privacy and anonymity online. Operational security, or OpSec, is about preventing sensitive data from getting into the wrong hands. +This concludes this chapter. In the next chapter, I will cover operational security, which, though not technical, is one of the most important aspects of privacy and anonymity online. Operational security, or opsec, involves preventing sensitive data from falling into the wrong hands. From 47989b0fe3ac5e1db9039694397392f6ad4d010a Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Tue, 6 Aug 2024 15:42:03 +0000 Subject: [PATCH 04/11] Review Chapter 3 --- src/chapter_3.md | 73 ++++++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/src/chapter_3.md b/src/chapter_3.md index 675a2b6..e66c1e1 100644 --- a/src/chapter_3.md +++ b/src/chapter_3.md @@ -1,14 +1,14 @@ # Chapter 3 -In 2012, the FBI nabbed a hacker known as w0rmer. He'd hacked several U.S. law enforcement websites and leaked their data online. You might think it took a big, complicated operation to catch him, but nope! w0rmer just had terrible operational security (opsec). He gave away his exact location to the FBI by replacing their database with a picture of his girlfriend from the neck down in a bikini, holding a sign that said "PwNd by w0rmer & CabinCr3w, <3 u BiTch's!" It's not like they identified the girl from the picture; w0rmer forgot (or didn't care) to erase the GPS coordinates from the picture's metadata. The FBI saw the coordinates were from an iPhone 4 in an outer Melbourne suburb. w0rmer overshared his location through a picture. +In 2012, the FBI caught a hacker with the nickname w0rmer after he hacked several U.S. law enforcement websites and released their data online. You might think there was a big and complicated operation to catch this hacker, but no, w0rmer just had bad opsec. He handed the FBI his exact geo-location simply because he replaced the FBI's database with a picture of his girlfriend from the neck down in a bikini, holding a sign saying "PwNd by w0rmer & CabinCr3w, <3 u BiTch's!" It wasn’t that they figured out who the girl was from that picture; w0rmer forgot to (or didn’t care to) erase the EXIF metadata of the picture. The FBI looked at the picture, and in its metadata, they found that it was taken with an iPhone 4, with GPS coordinates of an outer-Melbourne suburb. w0rmer had overshared his location through a picture. -Having electrical tape on your webcam and using Tor browser inside Whonix OS won't save you if you share too much about yourself over time. Having good opsec often means being in control and aware of what you're sharing when talking to people or posting online. +The electrical tape on your webcam and your Tor browser inside Whonix OS can't help you if you share too much about yourself, if you over time tend to expose your real identity piece by piece. Having good opsec often means having control and awareness of what you're sharing when talking to people or when posting online. ## Identify the sensetive data and information -The first step to improving our OPSEC is identifying the data that's sensitive to us. To do that, we need to check our threat model. We figure out what threats are common and which data would cause the most trouble if it fell into the wrong hands. Then, we prioritize the information based on how severe the consequences would be. +The first step in improving your OPSEC is identifying the data that is sensitive to you. To do this, you need to refer to your threat model. Assess what threats are common and which data would have the most severe consequences if it falls into the wrong hands. Then, prioritize the information based on the severity of the consequences. -With this plan, we can cut down on unnecessary caution. Being overly cautious about everything we say or share can drain a lot of mental energy and increase the chances of slipping up. But if we focus on what's sensitive based on our own unique situation and threat model, we can reduce the mental energy needed to maintain our OPSEC. +Having this plan in place would reduce the unnecessary caution you need to take. Being overly cautious about everything you say or share can consume a lot of mental energy and increase the chance of slipping up. By focusing on what is sensitive based on your unique situation and threat model, you can minimize the mental effort required to maintain OPSEC. ### Common Sensitive Information @@ -78,72 +78,73 @@ These are some of the most common types of sensitive information that an individ - **Health information:** Data about your medical history and current health status. - **Memberships in various organizations:** Affiliations with clubs, societies, and other groups. -## Protecting Sensitive Information +## Protect the Sensitive Information -Now that we're familiar with some common types of sensitive information in OPSEC, let's explore approaches we can take to protect this data. These protections vary widely based on your personal situation and unique threat model, so always refer to your threat model. +Now that we know some of the common sensitive information in OPSEC, we can move on to approaches to protect this information. These protections also vary greatly based on your personal situation and your unique threat model. Always take a look at your threat model. -### Personal Identifiable Information (PII) +### **Personal Identifiable Information (PII)** -- Encrypt files and documents containing PII using robust encryption algorithms like AES. Avoid rolling your own encryption; use proven algorithms and audited implementations. -- Minimize the collection and retention of unnecessary PII. Provide your PII only when absolutely necessary, and consider using a pseudonym or fake identity where possible. -- Store physical documents containing PII, such as passports, in secure locations with surveillance systems like CCTV. +- Encrypt files and documents containing PII using strong encryption algorithms such as AES. Never create your own encryption; use an algorithm that has been proven to be secure and an implementation that has been audited. +- Minimize the collection and retention of unnecessary PII. Provide your PII only if you have to, and there is no other way around it. If you have the chance to avoid providing your PII and use a pseudonym or a fake identity, do it. +- Store physical documents containing your PII, like your passport, in a safe place with surveillance systems like CCTVs. ### Financial Information -- Use secure connections (HTTPS) when accessing financial websites like banks. -- Regularly monitor your financial accounts for unauthorized access and enable warning features where available. -- Enable transaction notifications for all transactions to stay informed about any suspicious activity. -- For cryptocurrencies, use decentralized and anonymous options like Zcash and Monero for enhanced privacy. +- Use secure connections (HTTPS, for example) when accessing your bank website or any other financial website. +- Regularly monitor your financial accounts for unauthorized access and enable warning features if your bank provides them. +- Enable transaction notifications for all transactions so you are alerted to any suspicious activity on your accounts. +- In the case of cryptocurrencies, use cryptocurrencies that are decentralized and provide anonymity, like ZCash and Monero. Most cryptocurrencies aren't anonymous; they're pseudonymous. Nobody would know the owner of the address, but as soon as you spend the money in the real world, it will be traced back to your real identity. This is not true for privacy coins like Monero. ### Account Credentials -- Utilize a reputable password manager to securely store passwords and account credentials. Avoid using the same password across multiple accounts. -- Enable two-factor authentication (2FA) whenever possible for an added layer of security. -- Never share account credentials via email or unencrypted messaging platforms. Use encryption or secure messaging apps like Signal for sensitive information. -- Periodically review and update account passwords, and consider signing up for services that monitor for data breaches. +- Use an audited and reputable password manager to store your passwords and account credentials. Never try to remember your passwords or, worse, use the same password everywhere. Each website should have its unique password to prevent unauthorized access to other accounts if one account's password gets leaked. +- Enable 2FA whenever possible to add an additional layer of security to protect your accounts. You can use physical devices for 2FA or audited open-source apps for TOTP codes. Also, make sure you protect your 2FA credentials as well as your passwords. +- Never share your account credentials via email or unencrypted messaging platforms. If you must share them, use encryption or a secure messaging app like Signal and enable auto-delete for the message. +- Periodically review and update account passwords. You can also sign up for services that check the dark web or database breaches for your account and notify you if your account is found in these breaches. ### Digital Footprint and Metadata -- Use a pseudonymous VPN or Tor (depending on your threat model) to mask your IP address and encrypt internet traffic. -- Configure browsers to minimize browser history, cookies, and other metadata. Consider using Tor Browser for enhanced privacy. -- Use privacy-focused search engines like DuckDuckGo or StartPage, or host your own search engine like Searx. -- Disable location services on your devices when not needed to prevent location data from being stored in images. +- Use a pseudonymous VPN or Tor (highly depending on your threat model) to mask your IP address by encrypting and rerouting your internet traffic. +- Harden your browsers or use Tor Browser to limit the collection of browser history, cookies, and other metadata. You can also configure your browser to minimize its fingerprintability, but using Tor Browser is generally better if you want to avoid fingerprinting. +- Use privacy-friendly search engines like DuckDuckGo and StartPage or host your own search engine like Searx. +- Disable location services on your device when you don't need them. The location, when enabled, can be stored in the pictures you take as well. +- Remove the EXIF metadata from pictures before sharing, or use a camera app that does this by default. ### Communication Content -- Always use end-to-end encryption when communicating. Choose messaging apps like Session and Signal for strong encryption and minimal metadata storage. -- Use encrypted email services like Tutanota and ProtonMail, or utilize PGP encryption for emails. -- Avoid sharing sensitive information over unencrypted channels like public Wi-Fi networks. +- Always use end-to-end encryption when communicating. Use messaging apps like Session and Signal, which have strong encryption and store little metadata. +- Use encrypted emails like Tutanota and ProtonMail or use PGP to encrypt your emails before sending. However, emails will always have a lot of unencrypted metadata. +- Avoid sharing sensitive information over unencrypted channels, such as public Wi-Fi. Ensure your communication channels are encrypted. ### Behavioral Information -- Use privacy-friendly search engines and disable search suggestions to minimize tracking. -- Regularly clear browser history, cookies, and caches, or consider using Tor Browser. -- Review and adjust privacy settings on social media platforms to minimize personal data collection. +- Use privacy-friendly search engines to minimize tracking of online activities. Also, disable search suggestions in your browser to prevent leaking your searches to third-party services. +- Regularly clear browser history, cookies, caches, etc., to ensure you don't leave any traces of your activities on your browser. Alternatively, use Tor Browser if it aligns with your threat model. +- Review and adjust privacy settings on social media platforms and websites you sign up for to minimize the collection of personal data. ### Professional Information -- Encrypt work-related documents and files using strong encryption methods. +- Encryption overlaps here as well, so encrypt work-related documents and files using strong encryption, just as you would for other data. - Use secure, encrypted collaboration tools for sharing sensitive work-related information. - Implement access controls and permissions to restrict access to confidential work data. ### Biometric Information -- Store biometric information encrypted using strong encryption algorithms. -- Limit the collection and storage of biometric data to what is necessary for authentication purposes, or avoid biometric authentication if possible. +- Again, store biometric information encrypted using a strong and known encryption algorithm and implementation. +- Limit the collection and storage of biometric data to what is necessary for authentication purposes. If possible, avoid using biometric data for authentication. ### Personal Preferences and Opinions -- Exercise caution when sharing personal preferences and opinions on public platforms, especially under your real name. +- Be cautious about sharing personal preferences and opinions on public platforms, or at least avoid using your real name. - Adjust privacy settings on social media to limit the visibility of personal preferences and opinions. -- Consider using pseudonyms or anonymous accounts for discussions on sensitive topics, which can sometimes be crucial depending on your location. +- Use pseudonyms or anonymous accounts for discussions on sensitive topics. This can sometimes be crucial depending on where you live. --- -Effective OPSEC goes beyond implementing techniques; it's about shifting your mindset. It demands a heightened awareness of the information we share and a commitment to continuous learning and adaptation. Threats are always evolving, and techniques may become deprecated, but if you set your mindset to understand why what you put online may stay there forever and be read someday, you'll find the right techniques. +Effective OPSEC goes way beyond implementing some techniques; it's about shifting your mindset. It demands a heightened awareness of the information we share and a commitment to continuous learning and adaptation. The threats are always evolving, and these techniques may become deprecated, but if you set your mindset to the fact that what you put online may stay there forever and will be read someday, you will find the techniques. > "If you know the why, you can live any how." > -> ― Friedrich Nietzsche +> ― Friedrich Nietzsche -The next chapter will explore the essentials of privacy and security. With the myths debunked, the roadmap established, and the mindset in place, we can delve into the tools and techniques that enhance your privacy in the digital world. \ No newline at end of file +The next chapter will be about privacy and security's essentials. Now that the myths are busted, the roadmap is ready, and the mindset is set, we can move on to the essentials of the privacy world: the tools and techniques that can be used to enhance your privacy. \ No newline at end of file From 39fe3ca7a3ca6590988256d29e6694d07b51539e Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Tue, 6 Aug 2024 15:47:26 +0000 Subject: [PATCH 05/11] Review Chapter 4 --- src/chapter_4.md | 70 +++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 36 deletions(-) diff --git a/src/chapter_4.md b/src/chapter_4.md index 4c45385..8645cef 100644 --- a/src/chapter_4.md +++ b/src/chapter_4.md @@ -1,42 +1,42 @@ # Chapter 4 -Continuing with the Minecraft analogy from Chapter 2, imagine you're still in the game. You've become quite familiar with it now—you've even got your locations written down, and you've gathered some wood and set up a crafting table. With these resources, you can start crafting essential tools like wooden axes, shovels, swords, a bed, and a shelter to survive the night. You're ready to take on mobs, gather rocks and stones, and explore your surroundings. +Continue imagining that you're playing Minecraft, like in Chapter 2. Now that you know the game, you have the locations written down, and you have some wood and a crafting table at your disposal, you can build tools like wooden axes, shovels, swords, a bed, and a shelter to sleep at night. You can kill mobs, pick rocks, and mine stones. -As you become more skilled, you'll progress to stone tools, then iron, and maybe even diamond if you're up for the challenge. Just like in the game, reaching the diamond level requires embarking on deep adventures into scary caves, requiring time and dedication. +As you get more and more advanced, you'll move on to stone tools, then iron tools, and eventually diamond tools. If you've played the game, you know that reaching the diamond level requires deep adventures down scary caves and a lot of time and passion. -But this chapter focuses on the essentials—the wooden and stone tools—of the privacy world. These are the basic building blocks of your digital privacy and security. The essentials in the privacy world include encryption tools, anonymity tools, VPNs, emails, secure messengers, password managers, and multi-factor authentication tools. These are the bare minimums for privacy, aligning with the threat models of most individuals. +But this chapter is all about essentials—the wooden and stone tools of the privacy world. These are the bare minimums and basics that form the building blocks of your digital privacy and security. The essentials in the privacy world are different, though: they include encryption tools, anonymity tools, VPNs, emails, secure messengers, password managers, and multi-factor authentication tools. These things are the bare minimums for privacy and match most people's threat models. ## Passwords and Password Managers -Passwords are what protect our accounts, devices, and our secrets. We need to take all actions to keep them safe, secure, and accessible to ourselves. Trying to remember a hard password is a bad idea, and I've already explained why. If you use a single password for everything, no matter its complexity, and a data breach containing your account happens, then all your other accounts are accessible using that leaked password. And if you try remembering different passwords for every website, you will forget them all. Humans aren't that good at memorizing random passwords, especially if you don't recall them often. +Passwords are what protect our accounts, devices, and secrets. We need to take all actions to keep them safe, secure, and accessible only to ourselves. Trying to remember a hard password is a bad idea, and I've already explained why. If you use a single password for everything, no matter its complexity, if a data breach containing your account happens, then all your other accounts are accessible using that leaked password. And if you try remembering different passwords for every website, you will likely forget them all. Humans aren't that good at memorizing random passwords, especially if you don't recall them often. -Here, the password managers come to play. Password managers are software, either online or offline, to store passwords and other notes and secrets safely and securely using encryption. The content inside them will be accessible through one password, usually known as the master password. So when using a password manager, you will memorize a complex password as your master password, and that will be used to access other passwords inside your password manager's vault. Now you don't need to remember any other password or secret. +Here, password managers come into play. Password managers are software, either online or offline, designed to store passwords and other notes and secrets safely and securely using encryption. The content inside them is accessible through one password, usually known as the master password. When using a password manager, you memorize a complex password as your master password, which is used to access other passwords inside your password manager's vault. Now you don't need to remember any other passwords or secrets. -A good password manager should have these characteristics, in my opinion: +A good password manager should have these characteristics: -1. They need to be encrypted. Never use a password manager that you're unsure of its encryption. -2. They need to be open-source. Not that open-source software is necessarily safer, but with them being open-source, we can check their codes and the implementation of encryptions and make sure they're safe. -3. They must be audited independently. We're not cryptography analysis experts. An audit will show if there are any flaws in the cryptography implementation of a software encryption. -4. They better be offline or self-hosted. There is no problem with a cloud-based password manager if it is implemented correctly. Even if their database gets leaked, the passwords should still be encrypted and secure. But when using a self-hosted or offline password manager, like Bitwarden (which can be self-hosted) or Keepass, you minimize the risk of leakage because it is far less likely that you will be more targeted than a password manager's server with thousands of users. +1. **Encryption:** It needs to be encrypted. Never use a password manager if you're unsure of its encryption. +2. **Open Source:** They should be open-source. While open-source software isn't necessarily safer, being open-source allows us to check their code and the implementation of encryption to ensure they are safe. +3. **Independent Audits:** They must be audited independently. We aren't cryptography analysis experts, so an audit will reveal if there are any flaws in the cryptographic implementation of the software's encryption. +4. **Offline or Self-Hosted:** They should preferably be offline or self-hosted. There is no problem with a cloud-based password manager if it is implemented correctly. Even if their database gets leaked, the passwords should still be encrypted and secure. However, using a self-hosted or offline password manager, like Bitwarden (which can be self-hosted) or KeePass, minimizes the risk of leakage because it is far less likely that you will be targeted more than a password manager's server with thousands of users. ### Choosing a Secure Master Password -But how can you generate a secure master password? You need to forget the passwords first. Passwords are a string of random letters, numbers, and punctuation characters. They will get really hard really fast for humans to memorize but not as much for computers to crack and guess through brute force attacks. But on the other hand, the passphrases can be a list of words separated by a character, which is easy to remember for humans but a lot harder for a computer to crack because they're usually way longer and have more entropy than a password. They're easier to remember because they are words, and words to us have meanings but not to computers. They see random strings still. +But how can you generate a secure master password? You need to forget the idea of passwords being random strings of letters, numbers, and punctuation characters. They become really hard for humans to memorize but not as hard for computers to crack through brute-force attacks. On the other hand, passphrases—lists of words separated by a character—are easy for humans to remember but much harder for computers to crack because they are usually longer and have more entropy than a typical password. They are easier to remember because they are words, and words have meanings to us, though not to computers. To computers, they still appear as random strings. -These passphrases are called Diceware Passphrases. An example of a Diceware passphrase is: `Batboy Wielder Defective Squire Facial Reptilian Monologue Avatar`. +These passphrases are called Diceware Passphrases. An example of a Diceware passphrase is: **Batboy Wielder Defective Squire Facial Reptilian Monologue Avatar** ![XKCD's password strength meme](./pictures/xkcd-password-strength.png) -Avoid changing your master passwords too often unless you suspect that it is compromised to minimize the risk of forgetting it. Also, a good practice would be having an encrypted back of your passwords somewhere safe, ideally outside your devices and with a different password (in case you forget the main password) so you can restore your password and minimize the risk of losing access to your accounts. +Avoid changing your master passwords too often unless you suspect that it has been compromised, to minimize the risk of forgetting it. Also, a good practice would be to have an encrypted backup of your passwords stored somewhere safe, ideally outside your devices and with a different password (in case you forget the main password), so you can restore your passwords and minimize the risk of losing access to your accounts. ## Email Security -Email services aren't secure by nature. New technology usually comes before security, and that's true for email as well as the earliest protocols of the internet. But this lack of security can be overcome to some extent by adding layers of encryption to email services. +Email services aren't secure by nature; new technology usually comes before security, and that's true for email as well as for the earliest protocols of the internet. But this lack of security can be overcome to some extent by adding layers of encryption to email services. -The first layer of encryption needs to be added to the communication channel. By communication channel, I mean the channel that the data needs to go through to get to the destination, not the email content. This can be done by adding TLS to the transport layer of the email protocol. Nowadays, most email service providers have TLS enabled by default. But if you self-host your email service, you'd need to make sure transport layer encryption is enabled. +The first layer of encryption needs to be added to the communication channel. By "communication channel," I mean the channel that the data goes through to get to its destination, not the email content itself. This can be done by adding TLS to the transport layer of the email protocol. Nowadays, most email service providers have TLS enabled by default, but if you self-host your email service, you'll need to ensure transport layer encryption is enabled. -The second layer of encryption would be for the email content. This can be done through using PGP or S/MIME encryption. But we would need to have our recipient's public key in order to send them encrypted emails. There are encrypted and privacy-focused email providers like ProtonMail and Tutanota which can eliminate this need for having the public key, only if our recipient uses the same email provider as us. For example, two ProtonMail users can send each other encrypted emails without having to know each other's public keys. +The second layer of encryption would be for the email content. This can be achieved using PGP or S/MIME encryption, but you will need to have your recipient's public key to send them encrypted emails. There are encrypted and privacy-focused email providers like ProtonMail and Tutanota that can eliminate this need for having the public key, provided that both sender and recipient use the same email provider. For example, two ProtonMail users can send each other encrypted emails without having to know each other's public keys. -And even if you encrypt the content of the email, the metadata would still be unencrypted. These metadatas can include: +Even if you encrypt the content of the email, the metadata would still be unencrypted. This metadata can include: 1. **Sender Email Address:** The email address of the person sending the email. 2. **Recipient Email Address(es):** The email address(es) of the recipient(s) of the email. @@ -45,26 +45,24 @@ And even if you encrypt the content of the email, the metadata would still be un 5. **Message-ID:** A unique identifier for the email message. 6. **Return-Path:** The email address to which bounced emails are returned. 7. **Received:** Information about the email servers and networks through which the email passed during transmission. -8. **X-Mailer:** Optional field indicating the email client or software used to compose the email. -9. **MIME-Version:** Version of the Multipurpose Internet Mail Extensions (MIME) protocol used in the email. +8. **X-Mailer:** An optional field indicating the email client or software used to compose the email. +9. **MIME-Version:** The version of the Multipurpose Internet Mail Extensions (MIME) protocol used in the email. 10. **Content-Type:** The type and format of the message content, such as text/plain for plain text or text/html for HTML-formatted content. ## Messaging Security -Most chat messages aren't secure either. For instance, Telegram, a messaging app that claims to be encrypted and secure, doesn't even have E2EE (end-to-end encryption) enabled by default. And even when it allows E2EE, it is only for mobile clients, meaning you cannot use Telegram securely on a desktop client. Worse yet, Telegram breaks the first and most important rule of cryptography, which states, "Do not roll your own crypto," by using a self-rolled cryptography scheme for its E2EE chats. Additionally, Telegram servers are all closed-source; nobody has any idea how the messages and data on Telegram are stored. Are they encrypted? Who has access to these servers? Nobody knows. Telegram is the perfect example of a bad messaging app in my opinion. I know there are messaging apps worse than Telegram, but none of them claim to be private and secure. So, I will use Telegram as a bad example of a messaging app to explain what a messaging app needs to have. +Most chat messages aren't secure either. For instance, Telegram, a messaging app that claims to be encrypted and secure, doesn’t even have end-to-end encryption (E2EE) enabled by default. Even when it does offer E2EE, it is only available on mobile clients, meaning you cannot use Telegram securely with the desktop client. Worse, Telegram breaks the first and most important rule of cryptography, which states, "Do not roll your own crypto," by using a self-rolled cryptographic scheme for its E2E encrypted chats. Additionally, Telegram's servers are all closed source; nobody knows how the messages and data on Telegram are stored, whether they are encrypted, or who has access to these servers. Telegram is a perfect example of a poor messaging app in my opinion. While there are messaging apps that are worse than Telegram, they do not claim to be private and secure. Therefore, I will use Telegram as a bad example to explain what a messaging app should have. -- **End-to-end Encryption:** A secure messaging app would allow E2EE messages with a known and audited cryptography scheme and implementation. Telegram allows it to some degree, but its cryptography is questionable. -- **Anonymous Sign-up:** A private messaging app would allow you to sign up anonymously, usually using an email. Telegram and Signal use phone numbers, which is reasonable for reducing spam. However, there are ways around this, like buying an anonymous VoIP number using Monero or cash. -- **Transparency:** A secure messaging app should be transparent about how they store data, what data they store, and in what scenarios the data can be handed over to authorities. -- **Metadata Collection:** Every message and account has some metadata that usually isn't encrypted. Telegram collects a lot about you, like your name, sign-up date, IP addresses, 2FA email, phone number, contacts, people you frequently talk to, and all your messages (if you do not use E2EE). They can hand this data over to authorities if they have to. Signal, on the other hand, collects little to no metadata about you and doesn't have much to hand over even if a court order compels them to do so. -- **Popularity:** We can't make people use what we use. If everyone I know uses Telegram, I have to use Telegram too, and that's a big part of a messaging app. I might prefer Matrix over Signal, though Signal has better security and collects less metadata than Matrix, but most people I talk to use Matrix, so I have to make some sacrifices here. +- **End-to-End Encryption:** A secure messaging app should offer E2EE with a known and audited cryptographic scheme and implementation. Telegram provides E2EE to some extent, but its cryptography is questionable. +- **Anonymous Sign-Up:** A private messaging app should allow you to sign up anonymously, typically using an email. Telegram and Signal use phone numbers, which is reasonable for reducing spam, but there are ways around it, such as buying an anonymous VoIP number using Monero or cash. +- **Transparency:** A secure messaging app should be transparent about how they store data, what data they store, and under what circumstances the data can be handed over to authorities. +- **Metadata Collection:** Every message and account has some metadata that isn't usually encrypted. Telegram collects a lot of metadata about you, including your name, sign-up date, IP addresses, 2FA email, phone number, contacts, people you frequently talk to, and all your messages (if you do not use E2EE). They can hand this data over to authorities if required. In contrast, Signal collects little to no metadata about you and doesn’t have much to hand over even if a court order compels them to do so. +- **Popularity:** We can't make everyone use the same app. If everyone I know uses Telegram, I have to use Telegram too. This is a significant factor for a messaging app. I might use Matrix over Signal, despite Signal having better security and collecting less metadata than Matrix, because most people I talk with use Matrix, so I have to make some sacrifices. -Your threat model plays a huge role here. You might not care at all if your messages with your friends can be read by Telegram or any other company. It depends on you and your threat model. +Your threat model plays a huge role here. You might not care if your messages with friends are readable by Telegram or any other company. It depends on you and your threat model. ## Choosing a secure VPN -Normally when you use the internet, your ISP can technically see all the data that is passing through the network. But nowadays, with most websites and services supporting TLS/SSL encryption, your ISP is not able to see much. However, they can still figure out the IP address and the domain name that you're requesting. Anything that your ISP can see, your VPN provider can see as well. Because of that, VPNs are mostly a shift in trust. For example, my ISP logs a lot of information that I don't want to be logged, and they hold the data for a long period of time. The VPN provider that I use (ProtonVPN and Mullvad) promise not to log anything. They're reputable privacy-focused VPN providers and they allow anonymous payments, especially Mullvad VPN. So in this scenario, I prefer to use the VPN all the time because I trust it more than my ISP. - -But we don't always need to shift the trust; sometimes it's because we want to bypass censorship. VPNs are a great way to bypass censorship as they encrypt the data that is passing through the network, making it hard for censorship systems to detect it. Even if it is for bypassing censorship, it is still shifting the trust, and it needs to be something that collects little to no data about us and our data. +Normally, when you use the internet, your ISP can technically see all the data passing through the network. However, with most websites and services supporting TLS/SSL encryption today, your ISP cannot see much of the data, but they can still determine the IP address and domain name that you're requesting. Anything that your ISP can see, your VPN provider can see as well. Because of this, VPNs are mostly a shift in trust. For example, my ISP logs a lot of information that I prefer not to be logged and retains this data for a long period of time. However, the VPN provider I use (ProtonVPN and Mullvad) promises not to log anything. They are reputable, privacy-focused VPN providers that allow anonymous payments, especially Mullvad VPN. In this scenario, I prefer using the VPN all the time because I trust it more than my ISP. Sometimes, using a VPN is about bypassing censorship. VPNs are great for this as they encrypt the data passing through the network, making it difficult for censorship systems to detect. But even in this case, it is still a matter of shifting trust, and the VPN should collect little to no data about us and our activities. ```mermaid graph TD; @@ -80,21 +78,21 @@ graph TD; ISP -.->|Encrypted Data| Destination ``` -For me, a VPN provider should have these characteristics: +For me, a VPN provider should have the following characteristics: -- **Strong encryption:** It should use secure encryption methods and protocols. For example, a secure protocol would be something like WireGuard or OpenVPN, and an encryption method that supports perfect forward secrecy. Perfect forward secrecy ensures that the encrypted data wouldn't be accessible even if the actual key gets into the wrong hands. +- **Strong Encryption:** It should use secure encryption methods and protocols, such as WireGuard and OpenVPN, and an encryption method that supports perfect forward secrecy. Perfect forward secrecy ensures that encrypted data cannot be accessed even if the actual key is compromised. - **No-Logs Policy:** A private VPN provider should not keep logs of user activities, connections, timestamps, or IP addresses. For example, VPN providers like Mullvad, ProtonVPN, and Windscribe do not collect much about your traffic. - **DNS Leak Protection:** A secure and private VPN should ensure that DNS queries are routed through the VPN tunnel, not through the user's ISP. This prevents the leaking of visited websites to the ISP. - **Kill Switch:** A private VPN should provide a feature that disconnects the user from the internet if the VPN connection drops, ensuring that no data is transmitted over an unencrypted connection. - **IP Address Masking:** The VPN should hide the user's real IP with one provided by the VPN servers. -- **Multi-Hop:** A nice feature for a VPN to have would be multi-hopping, which routes user's traffic through multiple servers in different locations, adding an extra layer of security and privacy. -- **Secure Authentication:** An ideal VPN provider would have multi-factor authentication systems (like TOTP or even SMS/Email authentication codes) to protect users' accounts. +- **Multi-Hop:** A useful feature for a VPN to have is multi-hopping, which routes user traffic through multiple servers in different locations, adding an extra layer of security and privacy. +- **Secure Authentication:** An ideal VPN provider would have multi-factor authentication systems (like TOTP or even SMS/email authentication codes) to protect user accounts. - **Private Servers:** It should use private or dedicated servers rather than shared ones to reduce the risk of data interception. -- **Obfuscation:** It should provide obfuscation features to bypass censorship systems like DPI (deep packet inspection), making the VPN traffic appear like regular traffic, usually using an obfuscation protocol like obfs4 or ScrambleSuit. -- **Jurisdiction:** It’s better if it is based in a country with strong privacy laws and outside the influence of surveillance alliances like the Five Eyes, Nine Eyes, or Fourteen Eyes. +- **Obfuscation:** It should provide obfuscation features to bypass censorship systems like Deep Packet Inspection (DPI), making the VPN traffic appear like regular traffic, usually using an obfuscation protocol like obfs4 or ScrambleSuit. +- **Jurisdiction:** It is better to be based in a country with strong privacy laws and outside the influence of surveillance alliances like the Five Eyes, Nine Eyes, or Fourteen Eyes. - **Regular Audits:** It should have regular security audits by independent third parties to verify the no-logs policy and the overall security of the service. -But these characteristics can vary based on the user's threat model. Not everyone cares about multi-hops and no-log policies. You should always act based on your threat model. +These characteristics can vary based on the user's threat model. Not everyone cares about multi-hops and no-logs policies. You should always act based on your threat model. --- From 330398b811a8f8737bb7d0bfece5a3057fbc0b01 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Wed, 7 Aug 2024 13:23:19 +0000 Subject: [PATCH 06/11] Write 'Operating Systems Security/Privacy' --- src/chapter_4.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/chapter_4.md b/src/chapter_4.md index 8645cef..de6a94c 100644 --- a/src/chapter_4.md +++ b/src/chapter_4.md @@ -94,6 +94,40 @@ For me, a VPN provider should have the following characteristics: These characteristics can vary based on the user's threat model. Not everyone cares about multi-hops and no-logs policies. You should always act based on your threat model. +## Operating Systems Security/Privacy + +Operating systems are software that communicate with the hardware and manage hardware resources, such as memory allocation, task scheduling, I/O processes, and more. While these are core functionalities of an operating system (or its kernel), layers of software stack up on the kernel to create a usable operating system, which can greatly impact the privacy and security of its users. + +The main operating systems I will discuss are iOS, Android, Linux, Windows, and macOS: + +### Android + +The **Android Open Source Project (AOSP)** is a decent and secure operating system, featuring verified boots, app sandboxing (a crucial security feature), and a robust permission management system. + +However, when you buy an Android phone, the operating system on it is usually not vanilla Android. It is often modified with many additional apps and features primarily used for gathering data from user activities. + +There are custom ROMs designed to address this issue. Even without custom ROMs, many unnecessary features can be disabled to minimize data collection. + +More important than data collection is ensuring the phone is updated with the latest security patches if available, and avoiding rooting (as it can break app sandboxing and compromise the phone's security). + +On some phones, like Google Pixels, you can install GrapheneOS, a very secure and privacy-respecting Android custom ROM. + +### iOS + +Unlike Android, iOS is not open source, so we cannot be sure how it operates internally, and there is not much you can do to change it if you have an iPhone. However, you can tweak the settings and disable unnecessary features to harden it for your needs. + +### Windows + +Microsoft Windows is one of the most common PC operating systems, but its security and privacy are not admirable. It sends a lot of telemetry data to Microsoft, it is closed source, making it harder to find and fix security bugs, so many zero-day vulnerabilities exist for Windows. + +There might be settings to tweak and adjust, but the safer option would be to install a Linux distribution and use Windows in an isolated virtual machine if you absolutely need to have a Windows machine. + +### Linux + +Linux is a free and open-source operating system with excellent privacy features. Because it is open source and has been around for a long time, very few zero-day vulnerabilities exist for it. + +Linux has thousands of distributions to choose from, making it suitable for any needs you might have. There are also many variations of the Linux kernel itself, such as linux-hardened, which is designed to have more security features enabled by default. + --- These were the bare minimums of privacy and security. As the book progresses, the chapters will become more technically advanced and more focused on anonymity. The next chapter will be all about encryption, as it is the building block of security in the online world. \ No newline at end of file From 07a82a9bdcd547f82032730103535f534bcc297a Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Wed, 7 Aug 2024 15:05:52 +0000 Subject: [PATCH 07/11] Write 'Appendix B' --- src/appendix_b.md | 144 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 src/appendix_b.md diff --git a/src/appendix_b.md b/src/appendix_b.md new file mode 100644 index 0000000..3af4ecb --- /dev/null +++ b/src/appendix_b.md @@ -0,0 +1,144 @@ +# Appendix B + +## Additional Resources for Chaper 1: + +**Books** + +- **"Nothing to Hide: The False Tradeoff Between Privacy and Security"** by Daniel J. Solove + - Breaks down why the idea that privacy and security are at odds is a total myth. + +- **"The Age of Surveillance Capitalism"** by Shoshana Zuboff + - Looks at how big tech companies are cashing in on our personal info and what that means for us. + +- **"The Transparent Society"** by David Brin + - Talks about how being open and being watched affects us, and how to keep a balance between the two. + +- **"VPNs Illustrated: Tunnels, VPNs, and IPsec"** by Jon C. Snader + - A book covering the details of VPN technologies, including IPsec and other tunneling methods. +- **"Network Security Essentials: Applications and Standards"** by William Stallings + - Covers the basics of network security, including important apps and standards to keep your data safe. + +- **"Applied Network Security Monitoring: Collection, Detection, and Analysis"** by Chris Sanders and Jason Smith + - A guide on how to monitor your network for security threats, from collecting data to spotting and analyzing attacks. + +**RFCs:** + +- **[RFC 2401 - Security Architecture for the Internet Protocol](https://www.rfc-editor.org/info/rfc2401)**: Explains the basic framework for IPsec, a bunch of protocols to secure internet communications. + +- **[RFC 4301 - Security Architecture for the Internet Protocol](https://www.rfc-editor.org/info/rfc4301)**: An updated guide to IPsec, outlining how its security features work together. + +- **[RFC 1826 - IP Authentication Header](https://www.rfc-editor.org/info/rfc1826)**: Talks about the IP Authentication Header (AH) for ensuring data integrity and confirming where data comes from. + +- **[RFC 4507 - Transport Layer Security (TLS) Session Resumption without Server-Side State](https://www.rfc-editor.org/info/rfc4507)**: Describes how to resume TLS sessions efficiently, which is useful for VPNs that use TLS. + +- **[RFC 4306 - IKEv2: The Internet Key Exchange Protocol Version 2](https://www.rfc-editor.org/info/rfc4306)**: Details how IKEv2 handles key exchanges, a key part of many VPN setups. + +**Online Technical Guides and Resources:** + +- **[Cisco’s VPN Protocols Overview](https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/vpdn/VPDNover.pdf)** + - Detailed information about VPN protocols and technologies. +- **[OpenVPN Protocol Documentation](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/)** + - In-depth details about the OpenVPN protocol, including its configuration and security features. +- **[WireGuard Protocol Documentation](https://www.wireguard.com/protocol/)** + - Official documentation for WireGuard, a modern and efficient VPN protocol. +- **[TLS/SSL Protocol Overview](https://wiki.openssl.org/index.php/SSL_and_TLS_Protocols)** + - Information on the Transport Layer Security (TLS) protocol, which is used in some VPNs for encrypting data. + +## Additional Resources for Chapter 2: + +**BOOKS:** + +- **Threat Modeling: Designing for Security** by Adam Shostack + - A guide to threat modeling. + +- **Security Engineering: A Guide to Building Dependable Distributed Systems** by Ross Anderson + - In-depth exploration of security engineering principles. + +- **The Art of Invisibility** by Kevin Mitnick + - Practical strategies for maintaining privacy online. + +**MANUALS & SPECIFICATIONS:** + +- *[OWASP Threat Modeling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html)* : Practical guidance for threat modeling. + + + +## Additional Resources for Chapter 3: + +**BOOKS:** + +- **Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World** by Bruce Schneier + - Breaks down how big companies collect your data and why it matters. + +- **Privacy and Security for Online Accounts** by David A. Chappell + - How-to guide for protecting your online accounts and staying safe online. + +**RFCs:** + +- [RFC 6750: The OAuth 2.0 Bearer Token Usage](https://tools.ietf.org/html/rfc6750): Specification for secure token usage in OAuth 2.0. + +- [RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content](https://tools.ietf.org/html/rfc7231): Details HTTP and how to secure data transmission. + +## Additional Resources for Chapter 4: + +**MANUALS & SPECIFICATIONS:** + +1. *[PGP (Pretty Good Privacy) User Guide](https://www.pgp.guide/)*: Instructions for using PGP to encrypt email content. +2. [*Tor Project: Tor Browser Manual*:](https://tb-manual.torproject.org/) Guide to using the Tor Browser. +3. [*ProtonMail Security Practices*:](https://proton.me/mail/security) Documentation on ProtonMail's encryption practices and security features. +4. [*Diceware Passphrase*](https://diceware.net/) : Guide for generating secure Diceware passphrases. + +## Additional Resources for Chapter 5: + +**BOOKS:** + +- **"Applied Cryptography: Protocols, Algorithms, and Source Code in C"** by Bruce Schneier + - All about cryptographic algorithms and how to use them in code. + +- **"Cryptography and Network Security: Principles and Practice"** by William Stallings + - Deep dive into how cryptographic techniques keep data secure. +- **"Introduction to Modern Cryptography: Principles and Protocols"** by Jonathan Katz and Yehuda Lindell + - Basics of modern cryptography and how it works. + +- **"Practical Cryptography for Developers"** by Svetlin Nakov + - Guide for using cryptography in software development. + +- **"The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography"** by Simon Singh + - Cool history of cryptography and its development over time. + +**TECHNICAL DOCUMENTS:** + +1. [NIST Special Publication 800-38A: Recommendation for Block Cipher Modes of Operation](https://csrc.nist.gov/publications/detail/sp/800-38a/final): Technical details on block cipher modes and their usage. +2. [NIST Special Publication 800-175B: Guide to Secure Use of Cryptographic Algorithms](https://csrc.nist.gov/pubs/sp/800/175/b/r1/final): Practical guide on the secure use of cryptographic algorithms. + + + +## Additional Resources for Chapter 6: + +**BOOKS:** + +- **"Privacy and Data Protection in the Age of Big Data"** by L. Westin + - Explores the intersection of privacy, data protection, and new technologies. + +- **"The Privacy Engineer's Manifesto"** by Michelle Finneran Dennedy + - Talks about privacy engineering and practices for protecting personal data. + +**MANUALS AND SPECIFICATIONS:** + +- [RFC 6454: The "Same-Origin" Policy](https://tools.ietf.org/html/rfc6454): Details the Same-Origin Policy which is critical in understanding web security and fingerprinting. +- [Canvas Fingerprinting](https://www.w3.org/TR/html5/): Specification for HTML5, including Canvas API used in fingerprinting. +- [WebGL Specification](https://www.khronos.org/registry/webgl/specs/latest/): Details of WebGL API used for fingerprinting. +- [AudioContext API Specification](https://www.w3.org/TR/webaudio/): Describes the AudioContext API used in audio fingerprinting. +- [Tor Project Documentation](https://2019.www.torproject.org/docs/documentation.html.en): Official documentation for Tor Browser and its features for anonymity. + + + +## Additional Resources for Chapter 7: + +**MANUALS AND SPECIFICATIONS:** + +- [**Tails User Manual**](https://tails.net/doc/index.en.html): A guide for using the Tails operating system. + +1. [**Whonix Documentation**](https://www.whonix.org/wiki/Introduction): Official documentation for setting up and using the Whonix OS. +2. [**Tor Project’s Tor Browser Manual**](https://tb-manual.torproject.org/): Guide to using the Tor Browser. +3. [**Qubes OS Documentation**:](https://www.qubes-os.org/doc/) Guide on using Qubes OS. From 116dd0e93ef419a730b282c2a10fa9109d0dfbc2 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Wed, 7 Aug 2024 15:09:48 +0000 Subject: [PATCH 08/11] Update chapter titles --- src/SUMMARY.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 996e217..cef8cdc 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -1,13 +1,15 @@ # Summary - [Introduction](./introduction.md) -- [Chapter 1](./chapter_1.md) -- [Chapter 2](./chapter_2.md) -- [Chapter 3](./chapter_3.md) -- [Chapter 4](./chapter_4.md) -- [Chapter 5](./chapter_5.md) -- [Chapter 6](./chapter_6.md) -- [Chapter 7](./chapter_7.md) -- [Chapter 8](./chapter_8.md) +- [Chapter 1: Pirvacy Myths](./chapter_1.md) +- [Chapter 2: Threat Modeling](./chapter_2.md) +- [Chapter 3: Operational Security](./chapter_3.md) +- [Chapter 4: Privacy Essentials](./chapter_4.md) +- [Chapter 5: All About Encryption](./chapter_5.md) +- [Chapter 6: Fingerprints and Footprints](./chapter_6.md) +- [Chapter 7: Going Anonymous](./chapter_7.md) +- [Chapter 8: Moving Forward](./chapter_8.md) +- [Appendix A: Technical Details](./appendix_a.md) +- [Appendix B: Additional Resources](./appendix_b.md) - [Acknowledgements](./acknowledgements.md) - [Donations and Support](./donations_and_support.md) From cc78a1723ee998582b193f1a320006aac73b4835 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Wed, 7 Aug 2024 15:09:59 +0000 Subject: [PATCH 09/11] Add heading 1 with the title --- src/acknowledgements.md | 2 ++ src/donations_and_support.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/acknowledgements.md b/src/acknowledgements.md index a2d5493..697fe35 100644 --- a/src/acknowledgements.md +++ b/src/acknowledgements.md @@ -1,3 +1,5 @@ +# Acknowledgements + This book was a mess, is a mess, and will be a mess because I refused to use AI to write it. The content and structure are poorly written by me. I am not a writer, not a native English speaker, and I have no idea what I am doing (in terms of writing a book, of course). But this book is not AI-free; I have used AI only and ONLY to fix my grammar mistakes (where I don’t have that many, to be honest) and my misspellings. Although the AI might have decided that my human mind’s vocabulary is not complex enough for the readers of this book and changed them (which are fixed and rewritten in the review), I would rather write a poorly structured book, with the vocabulary of a 10-year-old, than have it written by a soulless algorithm, as everything is nowadays. So AI has been ONLY a tool to fix grammar and misspellings of this book; it has had no influence on the content, structure, wordings, and tone. If it is bad, that is my fault, and I take full responsibility for it. Writing this book wouldn't have been possible if it weren’t for those boring classes I had to take at the university last term. The boredom they gave me made me start the book that I had wanted to start for years, and for the moral support of the good friends who stood by me and wish to remain unnamed. diff --git a/src/donations_and_support.md b/src/donations_and_support.md index 4fa35da..0a6c3a7 100644 --- a/src/donations_and_support.md +++ b/src/donations_and_support.md @@ -1,3 +1,5 @@ +# Donations and Support + This book is free and open source and will stay free and open source because what's important to me is that it is read and comes in useful. I’m not looking for profit, but I can't deny that every donation, no matter the amount, or even an appreciation email, allows me to put more time into projects like this. So here are every cryptocurrency I could think of. If you would like to donate, here are the ways to do so: From 819ee781c5910f2f2272c80c357850606fe80917 Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Wed, 7 Aug 2024 15:11:01 +0000 Subject: [PATCH 10/11] Updates on 'Appendix A' --- src/appendix_a.md | 277 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 277 insertions(+) create mode 100644 src/appendix_a.md diff --git a/src/appendix_a.md b/src/appendix_a.md new file mode 100644 index 0000000..d9f444e --- /dev/null +++ b/src/appendix_a.md @@ -0,0 +1,277 @@ +# Appendix A + +## VPNs and Anonymity + +### **1. VPN** + +**Traffic Encryption:** + +- **Protocols:** VPNs use encryption protocols such as **OpenVPN**, **IKEv2/IPsec**, and **WireGuard**. Encryption algorithms include: + - **AES-256-CBC** or **AES-256-GCM** for symmetric encryption. + - **RSA-2048** for asymmetric key exchange. + +**IP Masking:** VPNs mask the client’s IP address with the VPN server’s IP. This does not anonymize the user but shifts the visible IP from the ISP to the VPN provider. + +**Logging Policies:** + +- **No-Logs Claims:** Providers like **Mullvad** and **ProtonVPN** claim not to log user activities. Verification relies on independent audits and court cases. +- **Data Exposure:** VPN providers can be compelled to disclose logs if they exist, which can include connection timestamps, IP addresses, and usage data. + +**Traffic Analysis:** + +- **Correlation Attacks:** Analyzing traffic patterns, timing, and volume can potentially link VPN traffic to specific users, despite encryption. + +**Fingerprinting:** + +- **Browser/OS Fingerprinting:** VPNs do not protect you against fingerprinting. Unique device and browser characteristics (e.g., user agent, screen resolution) can still be used for fingerprinting. + +### **2. Tor Network** + +**Onion Routing:** + +- **Encryption Layers:** Data is encrypted in three layers, with each Tor relay removing one layer of encryption. This process ensures end-to-end encryption with the following layers: + - **Layer 1:** Encrypted between the client and the first relay. + - **Layer 2:** Encrypted between successive relays. + - **Layer 3:** Encrypted until reaching the exit node. + +**Exit Node:** +- **Data Visibility:** Exit nodes decrypt the final layer and see the unencrypted data but cannot see the originating IP. Control of all relays is required to trace originating IP, which is theoretically and practically really costly to do. + +**End-to-End Encryption:** +- **.onion Sites:** Use **Elliptic Curve Cryptography** (ECC) with a public/private key pair for end-to-end encryption. + +### **3. Alternatives** + +**I2P:** +- **Routing:** Uses **Garlic Routing**, similar to onion routing but with packet encapsulation. +- **Node Count:** Limited nodes compared to Tor, making it less resilient to attacks. + +**Lokinet:** +- **Network Topology:** Uses **DHT (Distributed Hash Table)** for node discovery and routing. +- **Node Limitations:** Smaller node network than Tor, affecting it's anonymity. + + + +## Password Security and Password Managers + +### Password Security + +**Entropy Calculation:** +Entropy is the randomness or unpredictability of a password, which directly affects its strength against attacks. It is measured in bits and calculated as: +$$ +\text{Entropy} = \log_2(N^L) +$$ +where: + +- \( N \) = Number of possible symbols (e.g., 95 for a character set including uppercase, lowercase, digits, and symbols). +- \( L \) = Length of the password. + +For example, a password of length 12 using 95 characters has: + +$$ +\text{Entropy} = \log_2(95^{12}) \approx 78.7 \text{ bits} +$$ +### Passphrase Security: + +- **Design and Strength:** Passphrases are longer and easier to remember compared to traditional passwords. For example, “Name-Seat-Look-Chair-Plane7-Stree7” has high entropy because it combines multiple words and symbols. + + The entropy of a passphrase with six words and special characters can be calculated by: + + $$ + \text{Entropy} \approx \log_2(W^L) + $$ + where \( W \) is the number of possible words (e.g., a large dictionary of words) and \( L \) is the number of words. For a passphrase with a dictionary of 10,000 words and 6 words in length: + + $$ + \text{Entropy} = \log_2(10,000^6) \approx 79.6 \text{ bits} + $$ + + + + +## Big Tech Security and Privacy + +### Big Tech Security Measures + +**Security Practices:** + +- **Advanced Security Protocols:** Companies like Google and Microsoft implement good security measures, including multi-factor authentication (MFA), end-to-end encryption for specific services, and regular security audits. +- **Enterprise-Level Infrastructure:** These companies use enterprise-grade security technologies such as intrusion detection systems (IDS), firewalls, and advanced threat protection to protect user's data. +- **Vulnerability Management:** Regular patching and updates are applied to address security vulnerabilities. Bug bounty programs are often set to identify and fix security flaws. + +**Transparency and Trust Issues:** + +- **Lack of Transparency:** The specific details of their security implementations are not publicly disclosed, limiting the ability to fully verify their claims. +- **Closed Source:** Security measures and protocols are proprietary, making it difficult for independent verification and audit. + +## Email Security + +### Transport Layer Encryption (TLS) + +- **TLS Handshake**: When an email is sent, the sending server initiates a TLS handshake with the receiving server. This handshake involves: + - **Server Authentication**: The receiving server presents its TLS certificate, which is verified by the sending server using a trusted Certificate Authority (CA). + - **Session Key Agreement**: The servers exchange a symmetric session key using asymmetric encryption to establish a secure channel. The session key encrypts following datas. + - **Certificate Management**: Ensures that certificates are up-to-date and valid. Misconfigured or expired certificates can lead to vulnerabilities. Tools like Let's Encrypt can automate certificate issuance and renewal. + +### Content Encryption + +**PGP (Pretty Good Privacy)**: + +- **Key Generation**: Works by creating a pair of keys (public and private) using algorithms such as RSA (Rivest–Shamir–Adleman) or ECC (Elliptic Curve Cryptography). Key lengths typically range from 2048 to 4096 bits for RSA, or 256 bits for ECC. +- **Encryption Process**: + - **Symmetric Encryption**: The email content is encrypted with a symmetric key (e.g., AES-256). The symmetric key itself is encrypted with the recipient's public key. + - **Signature**: A digital signature is created using the sender's private key, allowing the recipient to verify integrity of the email. + +- **Key Management**: PGP requires manual exchange of public keys, often through key servers or direct exchange. Key management can be handled using tools like Gpg4win (Windows) or GpgTools (macOS). + +**S/MIME (Secure/Multipurpose Internet Mail Extensions)**: + +- **Certificate Authority (CA)**: S/MIME relies on X.509 certificates issued by trusted CAs. These certificates include the user’s public key and are used for encryption and signing. +- **Encryption Process**: + - **Symmetric Encryption**: Email content is encrypted using a symmetric algorithm (e.g., AES-256), and the symmetric key is encrypted with the recipient’s public key. + - **Digital Signature**: The sender’s private key is used to sign the email, for authentication and integrity. + +- **Certificate Management**: Certificates must be obtained and managed through a CA. They include public and private keys and are often stored in secure keystores or hardware security modules (HSMs). + +### Metadata Exposure + +- **Sender and Recipient Email Addresses**: These addresses are visible in the email headers and can reveal communication patterns and relationships. +- **Timestamps**: Include sending and receiving times. These timestamps are recorded in the `Date` and `Received` headers. +- **Subject Line**: Visible in the email headers and can provide a summary of the email’s content. +- **Message-ID**: A unique identifier assigned to each email message, useful for tracking. +- **Return-Path**: Shows where bounce messages are sent, indicating the sender’s address. +- **Received Headers**: Trace the path of the email through various servers, revealing server locations and potential network information. +- **X-Mailer**: Optional field showing the email client or software used, which can sometimes disclose information about the user’s environment. +- **MIME-Version and Content-Type**: The MIME protocol version and the type of content, such as `text/plain` or `text/html`. + +**Minimizing Metadata Risks**: + +- **Email Content**: Avoid putting sensitive information in the subject line or body if metadata is a concern. +- **Email Providers**: Use services that focus on minimizing metadata leakage, such as ProtonMail or Tutanota. + +### Best Practices for Securing Email + +- **Use Encryption**: Ensure that both transport layer (TLS) and content encryption (PGP/S/MIME) are properly configured and encrypted. +- **Regular Certificate Updates**: Keep TLS certificates up-to-date and manage encryption keys securely. +- + +## Operating Systems + +**Android Open Source Project (AOSP)**: +- **Verified Boot**: Ensures that the device boots using only trusted software, preventing unauthorized modifications. +- **App Sandboxing**: Apps are isolated from each other and the system, reducing the risk of malicious apps affecting other apps or system functionality. +- **Permission Management**: Users can control app permissions to limit access to sensitive data and features. + +- **Updates**: Ensure that the device receives timely security patches. Regular updates fix vulnerabilities and improve security. +- **Rooting**: Rooting can compromise security by breaking app sandboxing and granting elevated privileges to apps, making the device more vulnerable to exploits. + +- **Install Custom ROMs**: Consider using custom ROMs such as GrapheneOS on devices like Google Pixels. +- **Disable Unnecessary Features**: Turn off or uninstall pre-installed apps and features that may collect data. +- **Keep Software Updated**: Regularly update the device to ensure it has the latest security patches. + +**iOS:** + +- **Closed Source**: iOS is not open-source, which limits the ability to audit its source code for vulnerabilities. +- **Security Features**: Includes app sandboxing, data encryption, and secure boot. Apple controls app distribution through the App Store, reducing the risk of malicious apps. + +- **Limited Customization**: Users have limited ability to alter core settings or install third-party software outside the App Store. +- **Data Collection**: Apple collects a lot of user data. + +- **Review Privacy Settings**: Regularly check and adjust privacy settings to limit data sharing and access. +- **Keep iOS Updated**: Ensure that the device runs the latest version of iOS to have latest security patches. +- **Use Strong Passcodes**: Use strong passcodes and enable two-factor authentication to increase device security. + +**Windows:** + +- **Telemetry Data**: Windows collects telemetry data, which may include information about system usage and errors. +- **Closed Source**: Windows source code is not open for public review, making it harder to detect and fix vulnerabilities. + +- **Zero-Day Vulnerabilities**: Because Windows is closedsources it means that vulnerabilities can exist before they are discovered and patched. +- **Privacy Settings**: Windows offers settings to control privacy and data collection, but these settings cannot not fully prevent data sharing. + +- **Consider Linux**: For enhanced security and privacy, consider using a Linux distribution for regular tasks and only use Windows in a virtual machine if absolutely necessary. +- **Adjust Privacy Settings**: Configure privacy settings to limit data collection and sharing with Microsoft. +- **Use Security Tools**: Use additional security tools, such as firewalls to protect the system. + +**Linux:** + +- **Open Source**: The open-source nature of Linux allows for bugs and vulnerabilities to be found sooner than Windows, reducing the risk of unpatched vulnerabilities. +- **Customization**: Users can choose from thousands of distributions and variations of the Linux kernel. + +- **Kernel Variations**: Specialized kernels like linux-hardened include extra security features to enhance system protection. + +- **Select a Security-Focused Distribution**: Choose distributions like Qubes OS or Whonix for more security and privacy features. +- **Regular Updates**: Keep the system and software updated to protect against known vulnerabilities. + +## Encrypyion + +**Cryptographic Analysis**: Validated algorithms gone through extensive cryptanalysis, including: + +- **Differential Cryptanalysis**: Analyzes how differences in input affect differences in output. +- **Linear Cryptanalysis**: Uses linear approximations to describe the behavior of the encryption algorithm. +- **Algebraic Attacks**: Exploits algebraic structures in the cryptographic algorithm. +- **Sieve Attacks**: Finds solutions to equations used in cryptographic schemes. + +**Example Algorithms**: + +- **AES**: Operates on 128-bit blocks with 10, 12, or 14 rounds of processing, using SubBytes, ShiftRows, MixColumns, and AddRoundKey operations. +- **ChaCha20**: A stream cipher with 20 rounds of processing, using a quarter-round function for high-speed encryption. + +**The Encryption Pitfalls**: + +- **Security Through Obscurity**: Algorithms should be secure based on their design and resistance to cryptanalysis, not on secrecy. + +**Techniques to prevent some implementation attacks**: + +- **Constant-Time Algorithms**: Implementations that ensure constant execution time, can reduce the risk of timing attacks. +- **Noise Generation**: Uses randomness to mask power consumption patterns. + +**Hardware Performance Factors**: + +- **AES-NI**: Hardware acceleration for AES encryption, improving performance with modern CPUs. +- **TPM**: Provides hardware-based protection for cryptographic keys, ensuring they are not exposed even if the system is compromised. + +## **Backups** + +**Backup Technologies**: + +- **RAID Levels**: + - **RAID 1**: Mirroring for redundancy. + - **RAID 5/6**: Striping with parity for data redundancy. +- **Snapshot Technologies**: + - **ZFS Snapshots**: Efficient point-in-time copies of data. + - **LVM Snapshots**: Logical volume snapshots for incremental backups. + +**Encryption Tools**: + +- **VeraCrypt**: Provides both container and volume encryption. +- **Cryptsetup**: Utilizes LUKS (Linux Unified Key Setup) for disk encryption. + + + +## Advanced Anonymity Techniques and Tools + +- **VPN Usage** + - **Multi-Hop VPN**: Combining multiple VPN servers in different countries to add layers of obfuscation. Services like ProtonVPN offer this feature. + - **Onion Over VPN**: Routing your VPN traffic through the Tor network for added security. This can be set up on some VPN providers’ platforms. +- **Secure Operating Systems** + - **Qubes OS**: Offers security through virtualization. Each application runs in a separate virtual machine, which limits the impact of any potential bad code. + - **Whonix**: Uses a split-design where the Tor gateway and the workstation are isolated to enhance security. +- **Secure Communication** + - **PGP (Pretty Good Privacy)**: For encrypting emails and files. The OpenPGP standard can be used with email clients like Thunderbird with the Enigmail plugin. + - **GPG (GNU Privacy Guard)**: An open-source implementation of PGP. It's widely used for encrypting data and communications. +- **Metadata Removal** + - **MAT2 (Metadata Anonymisation Toolkit)**: A toolkit for removing metadata from files in batch. Useful for handling multiple files at once. + - **ExifTool**: A command-line tool for removing metadata from various file types, including images and documents. +- **Data Encryption** + - **VeraCrypt**: For encrypting data stored on your devices. It allows creating encrypted virtual disks and encrypting entire partitions. + - **EncFS**: A FUSE-based filesystem that transparently encrypts files. +- **Behavioral Analysis Tools** + - **Keystroke Dynamics**: Tools like KeyTracer can help analyze typing patterns, and avoiding these patterns can enhance anonymity. + - **Mouse Gestures**: Tools that randomize mouse movement or use scripts to obfuscate typical mouse patterns. +- **Network Security** + - **DNS-over-HTTPS (DoH)**: Encrypts DNS queries to protect against eavesdropping and tampering. Supported by browsers like Firefox and Chrome. + - **DNS-over-TLS (DoT)**: Another encryption method for DNS queries, supported by many VPNs and network configurations. +- **Data Sanitization** + - **BleachBit**: An open-source tool for cleaning up disk space and removing traces of activities. + - **CCleaner**: For Windows users to clean temporary files and system traces. From 8894d1fdeb8933a8c6355962c23be43f3f188aaa Mon Sep 17 00:00:00 2001 From: Zola Gonano Date: Wed, 7 Aug 2024 15:17:25 +0000 Subject: [PATCH 11/11] Add mathjax support and add github page --- book.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/book.toml b/book.toml index 043f057..382dbec 100644 --- a/book.toml +++ b/book.toml @@ -13,4 +13,6 @@ command = "mdbook-mermaid" [output] [output.html] +git-repository-url = "https://github.com/zolagonano/a-ninjas-handbook" +mathjax-support = true additional-js = ["mermaid.min.js", "mermaid-init.js"]