FORWARD: Everything described here deserves pages of their own. I am not doing these topics justice with my shitty explanations, I am simply trying to learn through my teaching and catch other unknowing people up to speed as far as what is available and what they should look in to if they want to seek privacy. There are so many levels to this and I know absolutely nothing in the grand scheme of things. I probably fucked up some of the explanations as well. If you are genuinely curious then you would benefit greatly from doing your own research on the following topics. It will open doors to other methods that you may not have known existed. Some pictures relating to the topics will be posted at the bottom.
The lack of privacy and security in todays day and age is as embarrassing as it is violating. Everything is up for grabs and most people are blindly submitting to this system. Watching companies like Palantir operate in the wide-open whilst legally hoarding your information and using it against you should be despised way more than it is. I'm not even as concerned with the privacy aspect as I am with the idea that these types of entities are profiting off of my usage, creating prediction models off of me, grouping me, etc... As we move in to this increasingly digital age, you should be defending yourself against weapons of math destruction (I say this as someone with multiple social media accounts, a smartphone, etc... while researching on a public network to post on a public blog page. Whatever.) as much as you see fit. Throw some lies up on the internet. Input fake data. Create fake internet personalities. Lie about interests, location, family, whatever you can to throw your algo off.
The bright side is that this can create a fun game of cat and mouse to those who are aware of the game being played and the bounds to which it is restricted to. There are a multitude of things you can do to at least put up somewhat of a fight against this. I'll discuss a few. Maybe add more later. Nothing is final.
First of all, if you must run social medias or anything involving a digital personality, use burners. Wow groundbreaking idea, I know. But I do not mean burners in the conventional "oh I made a fake name and use pictures of a fake guy from the internet" way. I'm talking from the ground up. I'll probably go more into detail on the methods described here so stay with me. The second you use gmail / any other major host you're done. Just count that idea out. The safest way is probably going to be loading up your Tor browser and setting up a "private" email. Not going to suggest any out of protection of my own privacy, but I'm sure you can figure it out. Many of these have paid tier levels. You're going to need to stick to the free tiers for obvious reasons. You can wash crypto if you must upgrade tiers but that topic needs an entire post of its own. Once this account has been created, do not use it on any unprotected browser/network unless you want your IP address attached to the account. I'm sure in terms of creating socials you're gonna have to use that email off the browser, which is where VPNs come in to play. When using a VPN, the only thing that should be available to your ISP is the fact that you connected and disconnected, how much bandwidth was used, which VPN service you connected to, and duration of sessions. Use it at a location that it is out of your ordinary routine. Anything in between that time, if its a trusted VPN provider, should not be logged. There are a select few that have been G-checked. Pick those. Again, I am going to avoid using names. Now with these accounts, avoid recovery phone numbers or back up emails that are tied to you. This should be obvious too.
You are still susceptible to being linked to accounts via behavioral fingerprints such as activity and writing style. Proceed with caution.
Tor is a fantastic tool. This is a network anonymization system that will basically act as a VPN while you're using it. You can stack if it makes you feel better. Tor encrypts your shit through a process of bouncing. Any activity you have on there will go from your computer -> entry/guard node -> middle node -> exit node -> destination website. These layers are how onion (the Tor exclusive domain) got its name. Each node can only decrypt one layer, like peeling an onion. Clever. The entry node will know your real IP address, but not your final destination. The middle node knows its relaying traffic but doesn't know the source or destination. The exit node knows the final destination but does not know who sent the request. The website (destination) sees the exit nodes IP, not yours. Your activity is pretty much being scrambled through each process. To put it short, you are hiding in a crowd. Tor has 7,000 relays worldwide that are currently run by volunteers, roughly 2 million daily users, and a multitude of paths through the network. This mixes your traffic in with the crowd. The more the merrier. Similar to using a VPN, your ISP can not see what websites you are visiting, it can only see that you are currently on Tor. Websites also cannot identify your real location/IP address. These elements make surveillance much more difficult. In terms of weapons of math destruction, it protects you from leaving a digital footprint that is tied to your name/routine.
Encrypted messaging. Short answer here is get an ObeliskOne (obsidian intelligence group) phone. This is also worthy of its own post, but long story short its equipped with NSA level encryption out of the box. Most people by now are familiar with PGP encryption (I think). This method of encryption is considerably strong and may hide your ass for a little while, but it does have its weaknesses. For starters, most people use it incorrectly. You are heavily dependent on your receivers skillset as far as privacy and security goes. Another issue arises when receiving a key from your sender. There is not a bulletproof way to verify that it is coming from your intended party. It very well could be from an attacker. Two of the biggest issues in my opinion are the lack of forward secrecy and protection of metadata. The message content will be encrypted, but not the headers, timestamps, and sender/recipient info. A stronger solution would be implementing AES-256-GCM + X25519, which solves the forward-secrecy issue by having both parties generate and agree upon private and public keys on an insecure channel. Once they keys are agreed upon, messages are encrypted and decrypted on each end, and the keys will continue to generate each session, which is way better practice for maintaining security long term. This acts as good defense because you cannot use old (stolen) keys to decode future messages, just as you cant use old (stolen) keys to decode previously sent messages. Recently, Jack Dorsey has taken steps towards one of the coolest methods of communication we have seen in recent years, BitChat. BitChat utilizes a combination of mesh networks and the AES-256-GCM + X25519 encryption process to send and receive messages without needing any sort of internet connection. No cellular, no wifi, nothing. The major drawdown here is the dependency on IOT, specifically people having the app installed on their device. Bluetooth normally is limited to about 30 meters. By having BitChat installed, users are essentially acting as a booster for the messages by relaying them from device to device until reaching their final destination. Unfortunately, with TTL based messages they are limited to 7 "hops" (resulting in about 980ft of range if stretched to the max) before they are discarded. And thats assuming that there are even people around you with the app installed. I am moving outside my realm of understanding here but I can imagine that under certain circumstances a user could theoretically install the app into unsuspecting parties devices via some sort of exploitation / remote access (Metasploit or something along those lines? idk talking out my ass here just an idea(if you go looking you will find what you need)).
TAKEAWAYS: burner emails, tor, obsidian intelligence, bitchat, diffie-hellman key exchange
