What is the most optimal way for a complete tech noob to get as anonymous as possible? I ask this because recently I've gotten really paranoid redpilled about everything tech-related stuff, but I'm quite literally as unknowledgeable about it as someone posting on site can be. But this also interests me on a purely hypothetical level.
So let's first assume Linux is not an option for OS: even if I was capable of learning how to use it with intense enough autism, your average normie wouldn't. So what would one go for? Get some old Windows OS like XP onto a laptop you obviously never use for non-anonymous posting/messaging? Or is there another option? Surely the older OS's aren't as riddled with backdoors etc. as the newer ones right? What about e-mail, is something like ProtonMail the most optimal, even despite it not being actually that anomymous in specific situations? Duckduckgoy for browser, or is there something better a tech noob could use with some effort?
Of course it can be debated what is the most effort one should have to put into it with it still being "tech noob -friendly". That would probably depend on the goals: if it's anonymity for anonymity's sake, not too much effort would make sense.
Step 1: Get smart.
Stop making excuses for being dumb. If you don't have time because of a demanding job or something, then you should be asking for time management tips and a learning guide of sorts. But you're asking to be spoonfed like a baby because you're too lazy to learn or put in effort.
>>3245 >What is the most optimal way for a complete tech noob to get as anonymous as possible?
Don't use credit cards or store reward cards. Pay cash. Don't order from places like Amazon. Buy secondhand when you can.
Don't use a cell phone.
Don't use IoT devices, especially Echo/Google Home, etc.
Don't use Facebook and other social media.
Don't use automated passes for toll roads. Better to avoid toll roads altogether, because they still use cameras.
It's illegal to wear masks in many places, and that would draw a lot of attention anyway. Settle for hats and sunglasses. A bushy beard, if you can grow one, can obscure the shape of the lower face.
Install Linux. Use Tor Browser with the security slider set to high. Never use Tor to sign in to a service you've signed into without Tor, and never sign up for a service through Tor with personally identifying information. Better not to sign in to anything at all.
Be careful about metadata. Wipe exif data from photos you post online. Better yet, don't post photos online.
Use Anonymouth to analyze your writing to minimize stylistic analysis. (I don't bother with this anymore, but I've had some success with it, at least with fooling Anonymouth).
>So let's first assume Linux is not an option for OS
Let's not. Tens of millions of dollars worth of work has gone into making Linux user friendly. Anyone with an IQ above room temperature can install and learn to use Mint or Ubuntu these days. Anyone with a room temperature IQ or below can find a tech-savvy relative or a LUG to install it for them.
>Get some old Windows OS like XP
Ridiculous.
>Surely the older OS's aren't as riddled with backdoors etc.
They're riddled with ancient cryptographic code and devastating security flaws that will NEVER be fixed because they're beyond EOL.
>What about e-mail, is something like ProtonMail the most optimal, even despite it not being actually that anomymous in specific situations?
Anonymity and privacy are not the same thing. ProtonMail was not designed for anonymity, it was designed for privacy, and it fails at that. PDF related.
>Duckduckgoy for browser
It's fine if you're using it via Tor Browser for non personally identifiable searches. They even have a hidden service.
>Of course it can be debated what is the most effort one should have to put into it with it still being "tech noob -friendly"
Everything I have listed is within the capacity of almost every "tech noob," especially since a lot of anonymity means not engaging with technology in the first place.
The problem isn't that these things are hard. It's that people want their gadgets, and their creature comforts, and their rewards points, and their "convenience," and they suffer from FOMO if they're not on 5 social networks and getting constant notifications. They're feeding the beast that will eat them, of course. Every time someone takes an Uber, they're helping a company that, in a few years, will fire every single one of their drivers to rely on self-driving cars. Every time someone uses Facebook, they're giving the platform data that will be used to categorize, score, commodify, and manipulate them and the society in which they live.
It turns out that the issue isn't that people aren't tech-savvy enough to avoid slavery. It's that they like to be slaves.
>>3250 This.
The only extra suggestion I would say is, if you can handle it, increase the security setting on the Tor browser (blocks most JS by default, that will stop lots of google and other trackers but may partially break some sites until you manually whitelist some JS with the NoScript extension) and learn what the browser can and can't do for your privacy and anonymity.
Before you ask, smartphone are fucked through and through, but if you REALLY REALLY must, you can mitigate damage by removing every app you can, using an official Tor browser and installing LineageOS.
>>3250 Another thing I forgot. Don't ever get one of those 23andme, Ancestry, or other DNA tests done, and discourage members of your family from getting them. Law enforcement is routinely checking DNA samples from crime scenes against these databases, and in some cases have been able to track people down who never even had one of those tests by getting partial matches with their relatives who had.
>But I don't have anything to worry about, I'm not a criminal!
You might not be a criminal now, but governments and laws change. Posting here might be illegal in 5 years. DNA databases are vulnerable to abuse by unscrupulous authorities for all kinds of nefarious purposes.
This is another thing that's easy for "tech noobs." All you have to do is save $100 by not sending your DNA to one of these companies.
If i were him and I used do be him, I would go do my logal library and buy a boog on linug for dummies. Dhis will sed your mind in a diregdion dhad inebidably brings you do web seguridy.
Learn linug ob. Debian will do. Or Debuan. Or genndoo.
Ids a sdeeb sdeeb begginning bud hold on and sdard slow.
>>3259 This is common knowledge. It's as if you uploaded who you are to cloud. Shamefully /pol/iggers are all mutts from lumpenproletariat/'murican families with undocumented ancestry desperate to "connect" with their roots, uncertain with who they should side and if they have right to live they don't.
>>3259 > This is another thing that's easy for "tech noobs." All you have to do is save $100 by not sending your DNA to one of these companies.
It's actually not easy.
Allegedly, and I don't see any reason not to believe it, anonymous DNA can be identified as long as a relative as far as 3rd cousin in the database. I.e if any of your third cousins did a DNA test, you might as well just change your country, like, completely, emigrate and get a new citizenship, abandoning the old one etc. I mean, what else can you do?
Tell you what I run, and my mistakes.
First off, phones are no good for anything private at all.
I still browse imageboards through them when I'm in bed, but in reality, nothing you do in there really is safe.
Yeah, I run lineage os without gapps and whatever, but I still can't bring myself to trusting it 100%.
For your computer, a must is not running Windows.
>So let's first assume Linux is not an option for OS: even if I was capable of learning how to use it with intense enough autism, your average normie wouldn't. So what would one go for? Get some old Windows OS like XP onto a laptop you obviously never use for non-anonymous posting/messaging?
What a fucking faggot you are, lots of distros out there are really easy, mine included. Wanna run a closed source system with steam games and such and think you are anywhere near not being raped by cia? Retard. Let's go on.
I run Linux Mint, which is where my mistake starts since you shouldn't be running systemd if you are really paranoid.
Next, as my browser, I use GNU IceCat.
This is my go-to browser to do anything.
Browse the web in general, look stuff up, stuff that I don't attach to my personal identity.
My settings: I leave JS on. I do this as a tradeoff for convenience, and I can't deny, it might be hurting my privacy. Not that I believe that many clearnet websites are using malicious JS to get my real IP and stuff. From their privacy settings, all I do is disable WebGL, block third-party requests(this one is really important and doesn't break anything if you just allow the right requests in) and "tracking protection".
I also use a canvas spoofer.
Other than that, I'm using a VPN.
Recently I've been seeing a fair bit of shilling against the use of VPNs how all vpns keeps logs because etc etc, don't forget the ExpressVPN raid that turned out useless for the Turkish government. There are safe VPNs out there. Don't let your ISP log everything you access.
http://archive.is/KkBrB As a "private" e-mail, I don't trust any.
I tried out mail2tor.com for some stuff that I do over tor(not a pedo), and I can't really recommend it because I'm really not sure how safe it is. Thing is, e-mail having the need to be tied to a clearnet adress will never be a really privacy focused thing, or something that you can really trust you are safe using.
For "normal" stuff, like linkedin, personal e-mail account and such, I just use plain firefox, which is by no means private, but if I don't want to risk linking gnu icecat to my real identity.
>ProtonMail
Have it as a personal e-mail at most for professional stuff, that piece of shit is by no means private.
>Duckduckgoy
Absolute piece of shit, with shitty search results and has already been found guilty of selling user data. No better than google really as a search engine when you want to protect yourself.
Use searx.me.
Again, this post I'm just listing what I do, and I recognize some of my methods are flawed, and even called my self out on those that I'm aware off. If I'm off about anything else, please warm me, I wouldn't miss a chance of enhancing my privacy.
>>3250 Fine post, although the first part is basically "I'm doing something very illegal and don't wanna get caught" -tier, for which I see no reason if your not actually a criminal. That'd be way too inconvenient for a normal guy who just likes anonymity. You didn't give a good option for an e-mail either.
>>3309 >First off, phones are no good for anything private at all.
False, in the sense that phones are ideal for doing something once with a prepaid and a public wi-fi, then throwing it away. Obviously so that you can't be identified by the combination of ISPs location information and cameras. But yea for continuous use they're probably shit
Also is it really the case that there's no good e-mail for private use? I see cock.li talked about a lot here, but apparently many places block it? Also sauce for duckduckgo selling info?
Btw I recently saw a post regarding Intel ME and AMD PSP being backdoors for NSA, what's /g/s take on this? Is it really necessary to even pick your hardware based on a list, or is that too much?
>>3319 >False, in the sense that phones are ideal for doing something once with a prepaid and a public wi-fi, then throwing it away
Oh, sorry, I didn't think of it as throwaway phones. I meant that your phone(not a throwaway one) is just no good for anything private.
>cock.li
Requires JS to register.
Everything is stored in plain text, anyone who enters the host's apartment will get all the data. Cock.li is basically for throwaway accounts and shit that you don't really care about losing.
>>3322 >Everything is stored in plain text
Bullshit. He uses FDE and german authorities were not able to retrieve any data when they raided him.
>host's apartment
Nothing is hosted in his apartment.
>>3328 FDE means nothing when the system is running, as it most probably would be during a raid.
No idea on the specifics of the case/cock.li. Just saying.
>>3379 >as it most probably would be during a raid
But that requires the police to have the competency required not to shut down the system, and to be able to recover the password from it. If they just grab the hard drive and run they get nothing.
>>3379 during the cockli raid the germcuck zogbots didn't even know that the disks were encrypted, they just turned everything off the moment they got in.
>>3382 >competency to recover the password
The recent Silk Road 2.0 judgment revealed that the admin of the site had his encrypted laptop decrypted by police.
Explanation was they had found the password in a password manager data base.
Where was the password manager running? Smart phone?
Usually password manger apps are password protected too.
If the police suspected him some time before, they could have spied on him.
One "secret" that is not talked much is that keyboards emanate the scan code used over earth (PS/2 worst but USB too) and as EM radiation, dozens, hundreds of meters away.
Counter measures?
Screen keyboards
Tokens
Yammer that permanently emanate random scan codes (software defined radio?)
>>3451 Just RF shield your server room. Wouldn't want an EMP taking them out, wouldn't want random suspicious people spying on your wireless network/scan codes, either.
Literally just line the whole room with aluminium foil and you're done. cost less than $100.
>>3451 I meant recover the password from in memory, but there are a ton of $5 wrench attacks that don't even need the server to be live. Password managers are useful because they prevent password reuse. This is needed for websites, which don't support a public key system like they ideally would. For local stuff like disk encryption they're placebo. They shouldn't make things worse though, so this guy clearly had terrible opsec.
>>3454 >>3451 >Just RF shield your server room.
It isn't that easy and who lives in server room?
COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED AND WIRELESS KEYBOARDS Martin Vuagnoux and Sylvain Pasini
Computer keyboards are often used to transmit sensitive information such as username/password (e.g. to log into computers, to do e-banking money transfer, etc.). A vulnerability on these devices will definitely kill the security of any computer or ATM.
Wired and wireless keyboards emit electromagnetic waves, because they contain electronic components. These electromagnetic radiation could reveal sensitive information such as keystrokes. Although Kuhn already tagged keyboards as risky, we did not find any experiment or evidence proving or refuting the practical feasibility to remotely eavesdrop keystrokes, especially on modern keyboards.
To determine if wired and wireless keyboards generate compromising emanations, we measured the electromagnetic radiations emitted when keys are pressed.
http://lasec.epfl.ch/keyboard/
>>3456 >>3451 >I meant recover the password from in memory, but there are a ton of $5 wrench attacks that don't even need the server to be live.
This is all good and fine, but I'm suspicious not everything has been revealed.
>Password managers ...
>For local stuff like disk encryption they're placebo.
To get the password of of a password manager one need first a running computer, decrypted if it has protection by an encrypted filesystem. Android and IPhone do promise to protect their content, but many vulnerabilities have been found. Beside of this it seems foolish to me to trust into device that are known to spy after their users.
There are people that use security tokens, with password manager and for file systems. To me they are opaque system that promise something that I can not check. Anyway, not mentioned here at all.
So this explanation sounds 'odd' to me.
>this guy clearly had terrible opsec.
Sure, he once met a journalist to brag about his exploits:
Paul Chowles, an investigator from the National Crime Agency (NCA) who worked on the case, told Motherboard in a phone call one piece of evidence included the private encryption key belonging to DPR2 on one of White’s computers. If someone possesses the private part of a PGP key, which is used to decrypt and sign messages, it can be a good indicator that they are behind a particular online identity.
Chat logs US authorities recovered from the computer of Blake Benthall, Silk Road 2’s co-administrator, reflected much the same thing, Chowles added.
>>3245 If you're already using Tor, then I'd say the next step is setting up system encryption with Veracrypt. Then if someone raids your house, they can't do shit iff your computer is turned off.
But if you're going to do it, for the love of God backup your keys onto a USB stick.
I think that's about it for the easy stuff. More advanced stuff is using a secure OS, using a hotspot that can't be traced back to you, and living in a place that can't be traced back to you (surprisingly easy, just find a place that takes cash, and route all mail to a PO box or dead drop). These things alone will make you very difficult to trace.
What is the most optimal way for a complete tech noob to get as anonymous as possible? I ask this because recently I've gotten really paranoid redpilled about everything tech-related stuff, but I'm quite literally as unknowledgeable about it as someone posting on site can be. But this also interests me on a purely hypothetical level.
So let's first assume Linux is not an option for OS: even if I was capable of learning how to use it with intense enough autism, your average normie wouldn't. So what would one go for? Get some old Windows OS like XP onto a laptop you obviously never use for non-anonymous posting/messaging? Or is there another option? Surely the older OS's aren't as riddled with backdoors etc. as the newer ones right? What about e-mail, is something like ProtonMail the most optimal, even despite it not being actually that anomymous in specific situations? Duckduckgoy for browser, or is there something better a tech noob could use with some effort?
Of course it can be debated what is the most effort one should have to put into it with it still being "tech noob -friendly". That would probably depend on the goals: if it's anonymity for anonymity's sake, not too much effort would make sense.