Cross-posted from “It’s Time to Wake Up: A Darknet Anarchist’s Case for Anonymity & Digital Safety” by @Illegal_Computer@lemmy.dbzer0.com in !Resist@fedia.io
(Note: .onion links should be accessed with Tor Browser)
The main source of Anonymity: The Tor Network http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torvsvpns/index.html
Tor Web Browser Setup (on Desktop and Mobile) http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/torbrowsing/index.html
Have you ever been afraid to speak your mind on the internet? Do you have peace of mind that you know what your electronics are doing? Is technology working for and empowering you, or has it become a tool of oppression tracking your every move and storing it on corporate/government servers to be used against you in the future?
These powerful tech companies work closely with our fascist government to surveil, track, manipulate, and scare vulnerable citizens into compliance and silence. We have been tricked into giving up all control and privacy for the sake of convenience.
This is no accident.
The state has the most sophisticated surveillance network ever known, and you are voluntarily participating in it.
The phones Americans carry in their pockets are proprietary black boxes, constantly communicating with cell towers logging your position and IMEI/IMSI tied to your real identity. They are also constantly recording the strength of wifi access points, and other devices around you, sending this back to HQ to build a map of everyone’s movements. This is not even mentioning how most people are logged into a google/apple account at all times. You probably know this costs you YOUR privacy, but do you realize you are also snitching on everyone around you and contributing to this surveillance network?
Kill the Cop in your Pocket: http://uwb25d43nnzerbozmtviwn7unn7ku226tpsjyhy5n4st5cf3d4mtflqd.onion/posts/nophones/
Ask yourself how you feel about this? How much would freedom, privacy, and anonymity be worth to you? Many realize the situation is dire, but are preoccupied with trying to survive the next rent payment, and are do not have the knowledge necessary to resist.
Those organizing in the US (50501) overwhelmingly are using reddit and discord to plan protests. A few who know better use signal and consider this good enough, not thinking about how they are linked to a phone number. Signal is secure and private, but when your adversary is the US gov/tech corps that is not enough. We need ANONYMITY.**
Phone Numbers are incompatible with Anonymity: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/phonenumbers/index.html
“Laws” and “rights” are meaningless now. If the state deems you an enemy they have hundreds of ways to crush you into submission, throw you in prison, or worse. Things will only get worse over the coming years. The only hope we have is to maintain real anonymity
Here on Lemmy many are curious about digital privacy, but only have bits and pieces of the knowledge required. Without a solid understanding of how to use technology safely, misinformation, half truths, and FUD abound. There is a pervasive attitude that you have no choice at all, and that it is hopeless to stand up against your oppressors.
I am here to tell you this is NOT TRUE. I am here to tell you it is POSSIBLE, and WORTHWHILE.
You can reclaim technology to work for you instead of against you, but it will require effort and change.
Using Lemmy anonymously Is not too hard. You just need to register an email account in tor browser, and use that to verify a lemmy account. Be sure to ONLY access this account over Tor. The more privacy invasive the service, the more likely they will try to prevent you from doing this. Circumventing that is an advanced topic for another time.
How to Get an Email Account Anonymously (Emails as a Service) http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonemail/index.html
https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
Trump wants green card applicants already legally in the US to hand over social media profiles: https://www.independent.co.uk/news/world/americas/us-politics/trump-green-card-applicants-social-media-b2720180.html
How long until similar demands are made of others? Every day the risk grows greater and less possible to ignore. The time to wise up is now! Start learning and investing in yourself today so that you can be prepared to protect yourself and those you care about before it is too late.
What is Anonymity ? Why is it Important ? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymityexplained/index.html
Why isn’t Privacy enough for Anonymous Use? http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonuse/index.html
In this technocracy lines are being drawn. They are wielding technology to oppress and control us, and we need to decide if we are subservient data cattle, or if we are willing to learn how to use technology to empower ourselves and resist.
The relationship between average people and technology is unacceptable. Even those with advanced “tech skills” know next to nothing about how to maintain security/privacy/anonymity against the state. It does not have to be this way.
You deserve better. The people in your life deserve better. They NEED you to educate yourself so you can help teach them. The only way we can do this is together. The time for learning is limited and the clock is ticking.
Operational Security: Privacy, Anonymity and Deniability (Current and High quality) https://nowhere.moe/ http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/index.html
Anonymous Planet: Hitchhiker’s Guide to Online Anonymity (Classic resource, somewhat dated) https://anonymousplanet.org/guide/
It’s time to decide. Will you allow these corporations to own you, or will you rise to the challenge?
**When law enforcement subpeonas Signal for user information, all they hand over is the phone number associated with the account, and the last time they logged in. Due to the secure end to end encryption the contents of the messages are safe. No problem right? Well the cell phone number and associated metadata is more than enough for them to prosecute, imprison, and kill. Which cell towers has this phone number been around? What other numbers has it been communicating with and when? How is this cell service paid for?
It is not impossible to circumvent these issues, for instance by paying for a jmp.chat phone number with monero XMR. In this case you don’t actually have the sim, but rather access it remotely over XMPP. If you do this over Tor very little can be used against you.
Ask yourself though, how many signal users actually go through these lengths? These phone numbers change law enforcement investigations from stumped, to having valuable leads and evidence. What motivations could signal have for requiring this valuable personally identifying information to be shared?
If a service requires your phone number, they are against your Anonymity http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/phonenumbers/index.html
Easy Private Chats - SimpleX (http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/privatesimplex/index.html)
(sorry for the semi off topic rant, no signal is not the worst thing or the first problem to fix, but KYC*** phone numbers are.)
***KYC: Know your Customer: https://kycnot.me/about
I was going to make some anonymity guides, but I needed to first address the issues and problems so I can follow up with solutions. Please give me your feedback and feel free to ask if you have any questions or requests for guides.
Another anonymous chat service without phone numbers: https://delta.chat/
Thank you db0, i am an average internet user, no vpn, limited pirate activity, minimal social media activity, minimal hacking knowledge; this is the kind of info that helps inform me about how to be safe in the dystopian cyberpunk frontier that is no longer a looming science fictional threat in the future, but a present that we have firmly arrived at.
So, your key takeaway seems to be getting an untraceable phone number. From an opsec point of view I see a few problems.
First, this is implicitly aimed at going against state level actors, which is a whole other game than random internet services. With that in mind…
You assume TOR is actually anonymous, but it has been shown that with enough compromised exit nodes that fails. It’s also a NSA project originally, which may or may not be relevant, the code may be good and is open and has had eyes on, but at the least shows they are intimately familiar with it.
You assume acquisition of Monero is uncompromised and untraceable. Perhaps cash at a machine might be pretty good, but a camera could easily invalidate it, or the machine itself be compromised, wouldn’t be hard to imagine a profit motive or false flag driving that.
What’s the security implications of the XMPP protocol ? Just using TOR may not be enough (I don’t know, just asking the questions). What about the other end of the phone call?
One approach, especially for local efforts, is just using old school spycraft, dead drops, one time pads etc.
You asked for feedback.
MalReynolds,
So, your key takeaway seems to be getting an untraceable phone number.
Absolutely incorrect. I do not recommend using a phone at all. I do not recommend using services that require a phone number at all. I found the clearnet version for you to read: https://www.anarsec.guide/posts/nophones/
From my point of view the options are grapheneOS with no sim, permanently on airplane mode, or no “phone” at all.
The point of my post was purely to point out the challenges and problems, and to get people in /c/resist open to rethinking and making changes to their relationship with technology. Not to use phone numbers, monero, or XMPP. The bit about anonymous signal was a side tangent not the “key takeaway”. Please re-read if you are interested in engaging further.
You asked for feedback.
I did not post this here, the owner of the instance took it upon himself to make this post. I asked for feedback from active resisters who need help, not privacy forum posters.
Hope you are well
Fair enough, I got the wrong impression with the post (which I did read) finishing with
It is not impossible to circumvent these issues, for instance by paying for a jmp.chat phone number with monero XMR. In this case you don’t actually have the sim, but rather access it remotely over XMPP. If you do this over Tor very little can be used against you.
and so on, which I found wanting from a privacy perspective at the implied threat level. No phones (or perhaps faraday bags, or aircraft mode, if tested, depending on threat model) is a much more astute take home, hence the spycraft suggestion.
Anyhow, best of luck.
Security and privacy benefits from building threat models. It is good to understand how trackable you are on the internet and walking around with your phone.
Do you need to think about how trackable your phone is if you are driving to and from the grocery store? At most you are providing information that the interested parties already have (where you live, where you shop, and when you shop). If you ran into some trouble it could be useful to have not had a tracking device in your pocket, but otherwise little to worry about.
On the other hand if you are taking part in a sensitive action, then yes you need to leave your phone at home or turned off and in a Faraday bag. If it is particularly sensitive then you need to make sure everyone involved does that. Having a tracking device that shows you were at the location at that time is very bad for you and your compatriots. If you need to communicate on-site, use walkie talkies and speak in code. And plan your action around not having comms. This will make your action better planned out in the first place, which is also important for security.
A threat model makes all the difference.
Paranoia is not going to get me to bin my phone. Cell service and sms despite all it’s vulnerabilities are basically a requirement for life nowadays, unless you’re a squatting complete Diogenes type of anarchist. Which I say, bully to you comrade, but I need to go to work to pay rent
Ask yourself how you feel about this? How much would freedom, privacy, and anonymity be worth to you? Many realize the situation is dire, but are preoccupied with trying to survive the next rent payment, and are do not have the knowledge necessary to resist.
You don’t need to bin your phone, you just need to start using it more strategically. Different phones for different things if you can, or move only absolutely necessary things to the phone and keep sensitive data elsewhere if not.
ETA: Actually I just read some comments and apparently yeah OP thinks you should bin your phone
JustAnotherKay,
My post was addressed at US residents engaging in “terrorism” by resisting the regime. We are being disappeared, deported, and imprisoned with zero due process or legal recourse simply for speaking out. Every day brings increasingly brazen impunity. You should definitely not use a phone if this is your situation. I did not intend this message for normal privacy fans in free places.
Hope you are well
I do see your point, but these people absolutely should have a phone with a number. This phone should be used to make it appear as if you are never anywhere near protests. Create a paper trail that makes you look good
I recon federation should be made to work for .onion servers.
I think it’s important for me, and was thinking about it
If I have my wifi, Bluetooth and location disabled does my phone still get tracked via other people’s stuff? Id presume not, but I’m also presuming turning off those settings actually turns them off. Given nothing else on my phone turns off when I tell it to maybe those things stay on in a hidden way as well?
The hated one has a video on the subject of making your phone not get tracked, and the main point is that it’ll keep tracking you no matter what if the sim card is in it.
EDIT: Even with the sim card removed, it can ping towers to due to the emergency call feature (airplane mode may or may not temporarily disable the pinging). The only way to be sure you’re not being tracked is to a put a phone in a faraday bag.
It’s been said for a while: if you’re doing anything remotely questionable (even just attending a protest or meeting with friends to plan one) do not even bring your phone. Even a dumb phone will ping cell towers and record your relative location.
Due to the emergency call function, a mobile phone will still connect to cell towers and send the unique device id even if you take out the sim.
(Might be mentioned in the video)
He seems to think that removing a sim card and turning on airplane mode is enough to make it untrackable, at least with graphene OS. He doesn’t mention anything about emergency calls, which sounds like a big oversight on his part if airplane mode doesn’t disable it, though he does bring up faraday bags for when he’s feeling ‘extra cautious’.
From https://grapheneos.org/faq#cellular-tracking
“Connecting to your carrier’s network inherently depends on you identifying yourself to it and anyone able to obtain administrative access. Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device.”
This behavior has been independently verified by security researchers
Related discussion: https://discuss.grapheneos.org/d/16284-request-for-opinions-on-airplane-mode-is-a-myth/1
Well, in theory airplane mode should disable it, but as a software feature that could be spoofed if the device is compromised. Some privacy focused phones have hardware kill-switches for the cell-modem because of that.
I thought the more important point is whether airplane mode really makes your phone ping the towers. If it has any cellular connection, it is obvious there would would be triangulation.
I’m at work ATM and can’t watch it for 3 more hours, is it just signal triangulation if everything else is off? Because that gives a not super accurate location where live to the point where things online claim my location as 20km+ away from what’s actually true.
It’s been a while since I saw the video, but looking at it again, he seems to trust that taking out a sim card and turning on airplane mode will render the phone untrackable, but as Povoq mentioned in another response, even without a sim card it would still be trackable, since the phone would still be pinging towers so it can make emergency calls, which is a good point.
I think realistically the only way to have a phone on your person and truly 100% know you’re not being tracked with it is by putting it in a faraday bag/cage, and knowing that the moment you take it out, your location will likely be known to varying degrees.
I think realistically the only way to have a phone on your person and truly 100% know you’re not being tracked with it is by putting it in a faraday bag/cage
Nope. If the OS is malicious, it could use gyroscopes and the accelerometer to determine exactly where you are
Maybe some old phone can still be usable? Or maybe there is some modern device without network hardware.
I think the best solution is starting to create real Linux mobile alternatives with open hardware.
I suppose an old 2g phone would be safe since they shut down the 2g networks, AFAIK, but those aren’t particularly useful as a non-phone device :p
There’s quite a few small handheld laptop/computers on the market now like the Mecha Comet or ClockworkPi which only have wifi and bluetooth, I think those would be pretty safe. (Could also make one, like this)
Open hardware would be great. AFAIK there is currently no open-source cellular radio hardware on the market.
The “not super accurate” location is only from one cell tower (via the shared public IP). Triangulation via multiple cell towers is something only the ISPs with antennas near you can do, and it can be much more accurate.
You can be tracked with reasonable precision just by data on cell base tower connections.
