From 75f7b62d61eb61ffabfa514a89ec9b3227e942b5 Mon Sep 17 00:00:00 2001 From: arcanedev Date: Mon, 9 Aug 2021 22:47:16 +0000 Subject: [PATCH] MD tweak & removed scope creep section --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index aae0263..823aa0f 100644 --- a/README.md +++ b/README.md @@ -430,13 +430,12 @@ With nuances added from the modern surveillance state, traffic cameras force you It should go without saying that any tech devices that you purchase will have some identifier that could lead back to you. Make this a moot point and procure every device (even USBs) anonymously with cash. If you're out on a distant roadtrip, make some of your purchases. Wear a hat accompanied with some baggy clothes. Perform a slight change in your gait as you walk (uncomfortable shoes could help with this). Alternatively, pay that bum off the street to do your bidding. -##### ADD DETECTION SECTION ## Use Cases There is no way to address every threat model, therefore I have opted to provide mitigations to some of the justifiably paranoid cases. -- Anonymous Activism +1. Anonymous Activism Anonymous activism may be seem counter-intuitive as activism typically implies attracting an audience in large numbers to support your cause. Unless you have a specific niche that lies in the darkest recesses of the internet such as forums on onion/i2p addresses, likely you will have to conform to expand your ideas to a larger audience. This involves communication with social media platforms that are more or less espionage outfits for intelligence agencies. Not only is the communication hostile, but anonymity is constantly challenged by the forced verification of phone numbers. Voice-over Internet Protocol (VoIP) numbers are dynamic internet numbers that can be provided via applications. For some time, this was a decent alternative to the privacy-invasive practice of SIM correlation. Unfortunately, the espionage outfits are beginning to filter out any VoIP-based phone numbers. To be more blunt, this is not for the purpose of security; the core is surveillance. If security was the primary goal, they would provide you with a key for setting up a time-based one time password (TOTP). Unfortunately all workarounds for this require money and time. Many legacy accounts have bypassed these practices by being fathered in. If these platforms must be used, your options stand to either purchase a legacy account from someone anonymously with cryptocurrency, or buy a burner SIM card and phone for the purpose of verification. If the goal is anonymity, based on where the traffic is coming in from alone, you will likely be flagged as suspicious, and a code will be sent to your number for verification. If they offer TOTP for accounts, turn it on. Likely if there is a flag for suspicious activity, you can leverage an offline password database for TOTP and the hassle with constant phone verification will be reduced. If phone verification is enforced solely, your options are to store the dumb phone without the battery and inside of an EMF shield faraday bag. Only use this in public locations (you can see why key-generated TOTP can save a lot of time). That addresses phone activation. Another problem you may run into is that certain platforms do not provide a way of access without a mobile application (i.e. Instagram). While stronger permission controls have been imposed on applications in more recent mobile builds, correlation can still be made in a number of ways, even if on a segmented device. The best solution to mitigating correlation is to run an emulated Android on a hardened linux base. Consider finding the APK file to install the platform from the mobile device's browser to avoid the use of Google. If Google framework is not required to make the application run properly, do not flash it.