OP 06 May, 2020 - 03:25 AM
Figured I could post it here too, my first guide and post here.
little opsec guide because people don't know anything about it apparently.
rule 1: if your password contains your name, the word password or is just numbers, change your password and delete your account out of shame.
Here we go then!
Password Managers
Starting off with password managers, a password is very important & should not be overlooked at all. A password is very important and if a server does not store them right (which a lot of companies/servers don't) they get leaked quite often and even in plaintext. What does this mean? This means that when a site's database gets breached there is a chance a hacker can get your email and password in plaintext ([email protected]:password). With this they can try to sign in to other services using your credentials. It is very important to NOT use the same password for multiple websites for this reason.
I suggest you get the password manager Bitwarden, I use it myself and it's secure and open source (open source means other people can see the code & look for bugs and exploits).
If you want to learn more about this watch these computerphile videos:
https://www.youtube.com/watch?v=w68BBPDAWr8
https://www.youtube.com/watch?v=7U-RbOKanYs
Proxies & VPNs
Now we all know we don't just want to give out our IPs, it's very important to mask this in a way that it's not traceable back to you. You might have heard of Tor and Onion Routing (don't know what that is? watch this video! https://www.youtube.com/watch?v=QRYzre4bf7I). Basically a very simple version is that TOR scrambles your IP by connection to different (entry) points (nodes), it goes something like this. (your ip) -> (entry point) -> (middle point) -> (last point). Here the middle and last point do not know your IP and only you (origin) and the entry point know it. TOR was made by the US government to hide their activity, TOR relies on having good nodes.. but that's another discussion. Now you might be wondering, why should we trust TOR if its from the US goverment? Well, everyone can make their own points (also US governments) but because its a 3-point system the chances of connecting to 1 or more government nodes is very miniscule, you should still use a VPN (even nordvpn if you don't have anythng else) or a proxy when connecting to tor.
I highly suggest https://cryptostorm.is/ as your VPN provider, it's open source & they accept crypto-only payments making it completely untraceable.
Another option is to use tails (https://tails.boum.org/), tails is a bootable OS (put it on a USB) that runs completely over the TOR network. Everything you do on tails goes over tor making it very secure.
Encryption
Another big point is encryption. You probably want to read up on e2ee encryption (do that here: https://ssd.eff.org/en/module/what-shoul...encryption). Messaging is very important obviously but Disord and Skype aren't gonna cut it. You need a private E2EE (end-to-end encrypted) messaging apps, this makes it so that no one other than you and the receiver can read your messages.
Telegram is okay but I strongly suggest https://getsession.org/ or Signal.
Payments
Paying & receiving money is definitely important when conducting your business. Bitcoin is definitely miles and miles better than PayPal or the like however I suggest you use Monero for any payments. (If you NEED to use Bitcoin look into a tumblr & look into https://wasabiwallet.io/ or https://electrum.org/ for wallets).
Monero is the most private coin and it's untraceable. If somebody sends you money only the sender knows your address. To make all of your payments private this is what you need to do.
Step 1. Make two Monero wallets. (You can use https://www.getmonero.org/, https://www.exodus.io/, or MyMonero).
Step 2. When someone sent you money send the money from your first wallet to your second wallet.
Step 3. Profit! Now the money on your second wallet is untraceable.
Programming
Even though knowing how to code is not necessary I highly suggest you familiarize yourself with basic programming knowledge. I suggest Python or LUA, they are very easy languages to learn becasue they're almost like English and they don't need to be compiled. You just code & go.
Tools
Some tools I have not talked about (yet) but definitely worth checking out are:
https://privacytools.io/
https://privacy.sexy/
https://reddit.com/r/privacy
https://riseup.net/
That was it for now, I'm quite lazy to add more. Hope you liked it!
rule 1: if your password contains your name, the word password or is just numbers, change your password and delete your account out of shame.
Here we go then!
Password Managers
Starting off with password managers, a password is very important & should not be overlooked at all. A password is very important and if a server does not store them right (which a lot of companies/servers don't) they get leaked quite often and even in plaintext. What does this mean? This means that when a site's database gets breached there is a chance a hacker can get your email and password in plaintext ([email protected]:password). With this they can try to sign in to other services using your credentials. It is very important to NOT use the same password for multiple websites for this reason.
I suggest you get the password manager Bitwarden, I use it myself and it's secure and open source (open source means other people can see the code & look for bugs and exploits).
If you want to learn more about this watch these computerphile videos:
https://www.youtube.com/watch?v=w68BBPDAWr8
https://www.youtube.com/watch?v=7U-RbOKanYs
Proxies & VPNs
Now we all know we don't just want to give out our IPs, it's very important to mask this in a way that it's not traceable back to you. You might have heard of Tor and Onion Routing (don't know what that is? watch this video! https://www.youtube.com/watch?v=QRYzre4bf7I). Basically a very simple version is that TOR scrambles your IP by connection to different (entry) points (nodes), it goes something like this. (your ip) -> (entry point) -> (middle point) -> (last point). Here the middle and last point do not know your IP and only you (origin) and the entry point know it. TOR was made by the US government to hide their activity, TOR relies on having good nodes.. but that's another discussion. Now you might be wondering, why should we trust TOR if its from the US goverment? Well, everyone can make their own points (also US governments) but because its a 3-point system the chances of connecting to 1 or more government nodes is very miniscule, you should still use a VPN (even nordvpn if you don't have anythng else) or a proxy when connecting to tor.
I highly suggest https://cryptostorm.is/ as your VPN provider, it's open source & they accept crypto-only payments making it completely untraceable.
Another option is to use tails (https://tails.boum.org/), tails is a bootable OS (put it on a USB) that runs completely over the TOR network. Everything you do on tails goes over tor making it very secure.
Encryption
Another big point is encryption. You probably want to read up on e2ee encryption (do that here: https://ssd.eff.org/en/module/what-shoul...encryption). Messaging is very important obviously but Disord and Skype aren't gonna cut it. You need a private E2EE (end-to-end encrypted) messaging apps, this makes it so that no one other than you and the receiver can read your messages.
Telegram is okay but I strongly suggest https://getsession.org/ or Signal.
Payments
Paying & receiving money is definitely important when conducting your business. Bitcoin is definitely miles and miles better than PayPal or the like however I suggest you use Monero for any payments. (If you NEED to use Bitcoin look into a tumblr & look into https://wasabiwallet.io/ or https://electrum.org/ for wallets).
Monero is the most private coin and it's untraceable. If somebody sends you money only the sender knows your address. To make all of your payments private this is what you need to do.
Step 1. Make two Monero wallets. (You can use https://www.getmonero.org/, https://www.exodus.io/, or MyMonero).
Step 2. When someone sent you money send the money from your first wallet to your second wallet.
Step 3. Profit! Now the money on your second wallet is untraceable.
Programming
Even though knowing how to code is not necessary I highly suggest you familiarize yourself with basic programming knowledge. I suggest Python or LUA, they are very easy languages to learn becasue they're almost like English and they don't need to be compiled. You just code & go.
Tools
Some tools I have not talked about (yet) but definitely worth checking out are:
https://privacytools.io/
https://privacy.sexy/
https://reddit.com/r/privacy
https://riseup.net/
That was it for now, I'm quite lazy to add more. Hope you liked it!
