A quick guide to OPSEC

Mark

Lurker
I know this might not sound like news, but I just want this thread pinned for any boomers on here. Let me begin:

Operating System: Qubes, Arch or Manjaro
Hardware: System76 or Purism
Web browser: Firefox (with the commonly recommended privacy plug-ins of course, like NoScript, Privacy Badger, Cookie AutoDelete, Multi-Account Containers, etc.)
Cell phone: Pinephone or Librephone. Some people say to buy an Android so you can "ungoogle" it by jailbreaking it and installing custom ROMs like GrapheneOS or LineageOS, but this is completely pointless because you're still supporting Google by buying an Android. But even if you want to, just don't buy a Samsung or Huawei.
Deep web: Lokinet or Nym. Tor isn't perfect and has a lot of problems.
VPN: Cryptostorm.is or VPS. VPNs are mostly bullshit. Don't waste your money.
Anti-viruses: iptables, firejail, clamav, rkhunter, kvm/qemu, a custom firefox profile that makes most of the internet unusable, custom tools for monitoring your network and a bunch of other stuff a winshitter won't have. Don't waste your money on anti-virus software, they're completely useless. Try writing your own virus and running it on your computer. It won't detect it 9/10.
Email: host your own email, if a product is free you pay with your data.
Passwords: xkpasswd.net, BitWarden, KeePassXC or masterpassword.app
Other: privacytools.io
Search engine: Searx. Go to searx.space to see a full list of searx instances. Although the websites requires Javascript.

Am I missing out on anything here?
 

.wil

Knight of the Old Republic
Staff member
Ancien Régime
I use grapheneOS on a refurbished pixel 3xl I paid $300 for and highly recommend. How am I supporting google again? Both pinephone and libre phone don't play nicely enough to make me want it as a daily carry.

Opsec isn't purely what hardware or software you choose, but how you conduct yourself as well.

This seems more like a wishlist than a guide. I'd love to see the average 50-60 yo boomer try to use arch or qubes lol.
 

GroyperSupreme

Helicopter Ride Operator
Very Cash
Money
no reason to make it easier for them
Ok sure. I can understand that reasoning. But, when Al Gore invented the internet back in the sixties, they were already thinking of a second type which was more secure, and as that one became available and widely known as the current internet/ darknet there have been parallels systems implemented to prevent internet breaches.

By the time the public knows about something the elites/government/BlackOPs have something already in place to take its place. When I was in, there was a thing called SIPPERNET (not sure on the spelling) but I'm sure there's another parallel network available incase that one is breached. It's just the way things are designed now days.

it's better than going full good goyim and doing nothing at all, especially if you are doing some shady shit
Well that's the rub. Don't break the law and you won't have anything to really worry about. Unless you're Ben Chode, posting your chode and applying for an entry level IT job at Sterns.
 

.wil

Knight of the Old Republic
Staff member
Ancien Régime
Hes not wrong though. If a gov wanted to find you they would. And the average person has no reason to go through such lengths to hide themself
It's not always about the paranoid schizo mentality of the government out to get you, but about your own privacy.

”such lengths” is relative. If the average person installed a tracker blocking plugin and kept their social media cookies in a different container corporations wouldn't know nearly as much about them. Both of those take two seconds to set up on Firefox. Just having a unique password on each account protects you immensely when broke Russians will try to log in on anything they can with your user and password combo that get disclosed in a leak.

Installing Qubes, routing all your traffic through tor ect. is pretty extreme though, and in many cases makes you more vulnerable to correlation attacks.
 

duder

Lurker
I don't have any experience with Qubes or Manjaro, but Arch Linux? its default repositories contain non-free 3rd party software, unlike Debian where you explicitly have to add those repositories in sources.list, so already your basic install most likely contains software where you have no idea what it actually does with your private data.

VPNs are not generally crap, you just have to spend time with finding a proper one which mainly depends on the jurisdiction the provider is under. if an american provider, for example, announces they run no logs it can only be a lie because it would violate US data retention laws. Sweden for example has pretty sexy laws in that context, so a swedish provider is a good choice.

iptables? what for? even if you provide public services they simply need to be properly configured, then you need no firewall rules at all. if you really have to use firewall rules, for what reason ever, use route instead,. especially on high traffic systems and/or lots of rules iptables will cause a nasty i/o-wait.
 

GroyperSupreme

Helicopter Ride Operator
Very Cash
Money
”such lengths” is relative. If the average person installed a tracker blocking plugin and kept their social media cookies in a different container corporations wouldn't know
Those very corporations know you and your details by signing up to use them. It's in the EULA which no one bothers to read. When the average EULA is longer than the OT the chances are NO ONE is going to sit through that legalese.
 

GroyperSupreme

Helicopter Ride Operator
Very Cash
Money
You're really showing your age.
Perhaps considering not downloading CP.

Case in point a pedophile who trafficked CP thought he could outwit the police and taunted them with a garbled pic of him.

If INTERPOL can do that while he was using TOR, then your little precautions are nothing more than a false sense of security.

Apple refused to unlock their phones in a terrorist investigation and the FBI busted the encryption in six months.

LOL. Your "stone walls" are false fronts.
 
Top Bottom