I'm Touring The United States! Starting in June, I'm conducting private events in 23 American cities. Click here for full details.

Post Reply 
How To DeGoogle Your Life - Cyber Security, Privacy and Anonymity The Complete Guide
Author Message
CaptainChardonnay Away
Ostrich
****
Gold Member

Posts: 2,111
Joined: Aug 2012
Reputation: 36
Post: #1
How To DeGoogle Your Life - Cyber Security, Privacy and Anonymity The Complete Guide
This past week I decided I need to step up my online security. I am not an advance computer user. I say this because if I can do it then so can you. Some of this information will be copy and pasted.

I do not do anything illicit however I do value my privacy. By becoming anonymous online, I am doing my part in supporting Free Open Source Software (FOSS) development and at the same time, telling companies such as Google that I do not support their business model.

The goal will be to move away from private companies such as Microsoft and Google and towards FOSS. The mentality to put yourself in is to stop trusting private code and start trusting code that is open and transparent. You want to be in full control of your devices.

I will be posting a lot of the videos I watched to lean about how to become anonymous online because I feel like these videos do a good job of explaining things better than I can. Watch all the videos I post as they are all important. Play them at 2x speed to save yourself some time. The stuff you hear that is repeated in multiple videos is obviously more important.

All this information seems like a lot to do but it comes down to changing your internet habits very slightly after installing the basics. After you get used to it everything will become seamless.

What is often referred to as "security" is actually a combination of three main elements: Security, Privacy, and Anonymity.

Security is the resilience of an operating system (or program or technology, etc) against being attacked.

Privacy is when data in transit cannot be read by any parties except the sender and recipient (or whatever third-party provides the service assuming the sender/recipient uses the service, and that is their policy)- but the sender and recipient are no secret and are not obscured.

Anonymity is the concept that the sender of data is kept secret- the data may or may not be readable at some point in transit, but the origin of data is hidden.

This is what I do not support from Google.




Privacy doesn’t matter if your individual freedom doesn’t matter to you.




I learned a lot from these two YouTube channels, you will see that I posted a lot of videos from these channels.
https://www.youtube.com/channel/UCs6Kfnc...ug4o_bzijg
https://www.youtube.com/channel/UCjr2bPA...5MvcgT3W8Q

Different levels of security, privacy and anonymity. Make sure at the very minimum to do the basics.








Any system, not matter how secure, will eventually get breached. Nothing is perfectly secure. Your goal is to make it so that if you are breached, the attacker cannot do anything with your information because it’s encrypted




More resources:
https://www.privacytools.io/
https://www.eff.org/
https://thatoneprivacysite.net/

The areas you will need to focus on are:
1. Computer
2. Mobile Phone
3. Online

Computer
QubesOS/Whonix>Linux>Macintosh OS>Microsoft Windows

Which Linux distros?
Most Linux distros will be fine. If you are a beginner to Linux then I'd recommend Ubuntu (see warning), Mint and Manjaro. If you want max privacy then use Tails, Whonix or Qubes OS.

Linux Hardening
Apparmor
You should always enable apparmor. This limits what a program can do. The script below will automatically enable apparmor for Arch Linux. If you don't use Arch then you need to modify it for your package manager and kernel paramaters.
pacman -S --noconfirm -q apparmor 
sed -i 's/quiet/quiet apparmor=1 security=apparmor audit=1/' /etc/default/grub 
grub-mkconfig -o /boot/grub/grub.cfg 
systemctl enable apparmor
Firejail
Firejail is a very secure and easy to use sandboxing program. It can be used in conjunction with Apparmor with the firejail --apparmor command. Running firecfg will make all programs automatically run in a sandbox if there is a profile for them in /etc/firejail. If you want to make only 1 program automatically run in a sandbox then run
ln -s /usr/bin/firejail /usr/local/bin/program

Hardening Sysctl
Sysctl is a tool for examining and changing kernel parameters at runtime. It can be used to harden the kernel. To harden it edit /etc/sysctl.conf or if you run Arch create a file called /etc/sysctl.d/99-sysctl.conf and add the sysctl configs in there. My sysctl changes are below.
kernel.dmesg_restrict=1 
kernel.kptr_restrict=2 
net.ipv4.tcp_syncookies=1 
net.ipv4.tcp_rfc1337=1 
net.ipv4.conf.default.rp_filter=1 
net.ipv4.conf.all.rp_filter=1 
net.ipv4.conf.all.accept_redirects=0 
net.ipv4.conf.default.accept_redirects=0 
net.ipv4.conf.all.secure_redirects=0 
net.ipv4.conf.default.secure_redirects=0 
net.ipv6.conf.all.accept_redirects=0 
net.ipv6.conf.default.accept_redirects=0 
net.ipv4.conf.all.send_redirects=0 
net.ipv4.conf.default.send_redirects=0 
net.ipv4.icmp_echo_ignore_all=1 
kernel.unprivileged_bpf_disabled=1 
net.core.bpf_jit_harden=2 
kernel.yama.ptrace_scope=2 
kernel.kexec_load_disabled=1 
vm.mmap_rnd_bits=32 
vm.mmap_rnd_compat_bits=16 
net.ipv4.tcp_timestamps=0

Ubuntu Warning
Many people consider Ubuntu to not be privacy friendly. These claims are justified somewhat as Ubuntu has violated user's privacy in the past such as with the Amazon launcher tracking users or when telemetry was enabled by default. Ubuntu also comes with proprietary software so they could also be tracking you as well. Ubuntu is commercial and owned by a UK company who are part of the 5 eyes. I do not believe Ubuntu is anti-privacy but you should still be aware of this.

Qubes is an operating system that attempts to accomplish Security using the "security by compartmentalization" approach.

Whonix is not focused primarily on Security, but rather on Anonymity. It leverages the use of the Tor network, and it attempts to provide security against exploits that can be used to subvert Tor.

Qubes comes bundled with Whonix as well, which is often called Qubes/Whonix. Qubes/Whonix attempts to blend the Security advantages of Qubes with the Anonymity advantages of Whonix. With Qubes more concise and ostensibly less vulnerable compartmentalization, Whonix's approach to protecting Tor is less likely to be defeated.

Most of you will not need to use Qubes/Whonix however I wanted to high light what is the most secure and anonymous way to be online currently. To put it into perspective, Edward Snowden uses and endorses Qubes.

Make sure to fully encrypt the disk on your computer. Skip to the VeraCrypt video below for reasons why this is important. This is one of the most basic things you should do on ALL of your devices.

This guy has a good YouTube channel on switching to Linux
https://www.youtube.com/channel/UCoryWpk...CJul9KBdyw
(This post was last modified: 06-02-2019 02:55 AM by CaptainChardonnay.)
06-02-2019 02:49 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 7 users Like CaptainChardonnay's post:
TheFinalEpic, LINUX, Dream Medicine, DJ-Matt, RiskIt4Biscuit, Isaac Jordan, oilbreh
CaptainChardonnay Away
Ostrich
****
Gold Member

Posts: 2,111
Joined: Aug 2012
Reputation: 36
Post: #2
Part 2
Mobile Phone
Before you do any of the following, make sure to back up things such as photos, and contacts. If you mess up you can simply factory reset your phone. The goal is to stop using apps that track you. This has a few benefits such as increasing battery life and privacy.

I use android so I will only briefly touch on iPhone.

iPhones vs Androids for privacy
iPhones out of the box are a lot better than Androids for privacy and security. There are a few flaws. iPhones are completely proprietary so you have no idea what Apple are doing on your phone. Apple also track iPhone users although not as much as stock android. Apple were the first company to use location tracking.

Android Privacy
Android tracks you a lot by Google Play Services. To remove the tracking then you need to flash a custom ROM that is de-googlified. LineageOS is the best one. It strips all google tracking and bloatware. If you do this then you will not be able to use some apps that require Google Play Services. There is a thing called MicroG that is an open source Google Play Services alternative. It stops Google from tracking your device and rarely connects to Google servers. When it does connect to Google servers then it anonymizes the data so Google still can't track you. You can use LineageOS with MicroG by using LineageOS for MicroG.

Android Root
Rooting your android can be dangerous if you don't know what you're doing. If you do it correct then you can get big privacy and security gains. If you do it wrong then you can brick your device or give a malicious program root which allows it to do anything on your device.

Rooting Methods
DO NOT USE SuperSu, 
KingoRoot or 
OneClickRoot

USE Magisk, or 
LineageOS SU

Why shouldn't I use SuperSU?
SuperSU is proprietary and owned by a Chinese company. The Chinese government can do whatever they want with it including making it contain malware.

Why shouldn't I use KingoRoot or OneClickRoot?
These programs are proprietary and could possibly be malware. Some people have claimed they have given them malware.





If you do not want to install a custom ROM onto your mobile then iPhone will be the most secure stock option. Currently it is in Apple’s best interest to value user privacy however this is placing too much trust into a company. If tomorrow their interest change then you can be sure they will also be selling your data.

For mobile, if you are an android user then you can install LineageOS. This is a FOSS operating system designed for Android and is updated very regularly. What I did was I installed Lineage on an old phone before installing it on my daily phone to get a feel for the installation process and for using it. With Lineage, you can have an Android device without any Google Apps. Make sure you understand the installation process before you begin by watching a few YouTube videos of the whole process.
https://www.lineageos.org/

This is a forum on all things related to your phone. If you are installing LineageOS, it will have how to guides for your specific phone and troubleshooting guides.
https://www.xda-developers.com/

A quick video on Android privacy




For apps, you can install F-Droid. F-Droid is a FOSS app store.
F-Droid only allows open source apps and they cannot have trackers. If an app uses non-free network services or anything else you might not want they will tell you with AntiFeatures. They also verify the builds so they will most likely not contain malware. You can read more here.
https://www.f-droid.org/

For a Google Maps replacement, the best FOSS option right now is OsmAnd. This app can be found in the F-Droid app store and the regular app stores, Google/Apple.
https://osmand.net/

Yalp and Aurora Store
Yalp lets you download apps from Google Play Store without being tracked by Google. It allows you to sign in with a Yalp Store account so you do not have to use your own. Aurora Store is a fork of Yalp which looks nicer. Aurora Store often crashes and right now I can't even open the app on my phone. You can get both of these on F-Droid.

Apps
These are the apps you should install on your device.
Orbot (For Tor)
XPrivacyLua (Needs root)
A firewall

XPrivacyLua spoofs the information apps can get off your device. You can stop your browser from reading your text messages or having access to your camera etc. It needs to have the Xposed Framework installed. Installing Xposed Framework can leave your device in a boot loop so be careful. Get the Xposed Installer from F-Droid to install it then get XPrivacyLua from the module repository.

If you have root then you should use AFWall+. If you do not have root then you should use NetGuard. Netguard uses a local VPN so you cannot use a VPN along side it. Both of these can be found on F-Droid.

Disconnect Pro
This app provides your phone with tracker protection for your entire device, browser and apps. iOS includes SmartVPN features to encrypt all HTTP and DNS connections. By blocking these trackers, you will save battery life on top of increasing your privacy. If you don’t want to pay for this app, there is also a pirated version online that works.
https://disconnect.me/

Bloatware
Your phone comes with a lot of junk software. By uninstalling this “bloatware” I found that the battery life of my phone increased by a noticeable amount. When you look up how to do this you’ll see that you’ll be running command scripts in terminal, don’t let this intimidate you. This was the first time that I ever used terminal and I got it to work easily. You will just be copying and pasting instructions word for word. Before you start uninstalling bloatware, make sure to have all the apps you want installed first such as Disconnect Pro. Also keep in mind that there is a difference between disabling an app and uninstalling an app.

NewPipe
This is a FOSS YouTube that doesn’t have any ads. NewPipe has been created with the purpose of getting the original YouTube experience on your smartphone without annoying ads and questionable permissions.
You can download your subs and then plug them directly into NewPipe.
https://newpipe.schabi.org/

Messengers
Use Signal

Signal Warning
Signal is in my opinion the best encrypted messenger but it requires a phone number to sign up. This is to prevent spam from bots and to allow you to use the Signal app for SMS. Signal also doesn't allow third party clients or F-Droid builds. These are for security purposes so someone doesn't mess up building signal and compromising its security.

Telegram Warning
Telegram uses their own encryption that has been audited in the past and has been proven to be weak. It may be stronger now but I am not sure. Their source code isn't always up to date and their server is proprietary. End to end encryption isn't enabled by default and is only in secret chats. Secret chats aren't available on PC. Telegram only uses server to user encryption outside of secret chats which keeps the decryption keys on telegram's servers. That means they can decrypt the messages at any time they want to. You need a phone number to sign up which may not be wanted. There is a lot of misinformation about Telegram such as their encryption being proprietary but this is not true.

Online
Striking the best balance between convenience and security




Stop using Google Chrome, switch to Firefox and Tor browser.

For Firefox, follow this guide to set it up for maximum privacy and security.




uBlock Origin




Tor
Do not change any settings in Tor other than the security settings, which should be set to safest.
Do not maximize the window for Tor as this can be used to determine your device and thus compromise your anonymity (the whole point of using Tor is to be anonymous). This is called hardware profiling.
Do not sign into online accounts on Tor, for example, Google or Facebook.
Do not install any plugins.

Search Engines
Alternate between DuckDuckGo, Searx, and Startpage, Qwant

DuckDuckGo Warnings
DuckDuckGo is based in the USA so they can be served a subpoena and gag order. So the FBI, NSA or any other agency will be able to see all of your search results and link them back to you. DuckDuckGo does have an onion service if you do not trust them to anonymize your data.

Email
Companies such as Yahoo and Google read your emails to send you targeted ads. By having a Gmail account, you can think of your emails as a post card easily read by the mailman. What you want is to start using is an email service that sends your mail in a sealed envelope so that the mailman can’t read your letter. The following are 4 email options that deliver your mail in a sealed envelope. Have a separate email for each compartment, professional and social.
Protonmail

Tutanota 

Startmail 

Posteo (Paid)

ProtonMail Allegations:
There was research done by a cryptographer who stated that end to end encryption has an increased risk when done within webapps. The paper said that if ProtonMail wanted to then they could send a malicious javascript that recorded your emails, passwords or do any other malicious thing. This could happen but this applies to all things that encrypt using javascript in the browser. So all email services will be affected. The paper was extremely biased against ProtonMail.

Typing
Type out what you want to write online in a text box and then copy and paste it into which ever website you want to post in. For example, Reddit. The reason you do this is because many scripts operating on websites can track your keystrokes to identify you. This is like identifying you by your gait. Less than 500 words written by you can lead to your identity so try to change up your writing style.
06-02-2019 02:51 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 6 users Like CaptainChardonnay's post:
TheFinalEpic, LINUX, Gopnik, DJ-Matt, Isaac Jordan, oilbreh
CaptainChardonnay Away
Ostrich
****
Gold Member

Posts: 2,111
Joined: Aug 2012
Reputation: 36
Post: #3
RE: How To DeGoogle Your Life - Online Security, Privacy and Anonymity The Complete Guide
Cloud
The best option would be self-hosting. This guy has a video series on how to do it.
https://www.youtube.com/playlist?list=PL...8GTkeUVOzZ

Why shouldn't I use iCloud?
Although Apple may seem like a privacy friendly company, they aren't. iCloud stores your decryption keys on the server and Apple are PRISM partners. This means Apple or the NSA can easily decrypt your data. Enabling iCloud on iOS also opens you up to lots of tracking by Apple.

I have read a lot good things about Nextcloud however I haven’t figured out how to use it yet. Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, although Nextcloud is free and open-source, allowing anyone to install and operate it on a private server.
https://nextcloud.com/

Anything posted on Google Drive is not secure. If you must use Google Drive then you can use FOSS encryption software to encrypt your file and then put it onto the cloud.

This does work but not in the long term. The cloud you're uploading the files to can harvest your metadata. All the clouds I recommended you do not use are owned by PRISM partners or possible PRISM partners. Google, Microsoft and Apple are partners and Dropbox may be one. This means they could be sending all your files to the NSA and when they have working quantum computers they will be able to decrypt all of your data.

VeraCrypt is a FOSS encryptor that you can use to encrypt files before putting them on Google Drive. By doing this you are making it so that even if Google looked at your files, they will not be able to open them and actually see what they are.
https://www.veracrypt.fr/en/Downloads.html

Here is a VeraCrypt tutorial video




Mega is an encrypted cloud service.
MEGA Warning
MEGA is now under control of the New Zealand government who are part of the 5 eyes. This should not be much of a problem as MEGA encrypts data locally and their clients are open source. There has not yet been an audit of MEGA as far as I am aware of so this encryption could be weak. You should encrypt your files manually before uploading them but do not upload important files as they can still be decrypted in the future.
https://mega.nz/





SpiderOak Warning
SpiderOak took down their warrant canary a few months ago. They did put it back up but this is still suspicious. They also defended taking down the warrant canary and replaced it with a transparency report. As of now the warrant canary has not yet been updated but it is not time for it to be updated so this isn't a concern. You should still be wary of SpiderOak.

Alternative to Microsoft Office Suite
https://www.libreoffice.org/

VPN
This website has a comparison between VPNs. Make sure you do not use a free VPN service. The free ones are free because they are selling all your data.
https://thatoneprivacysite.net/

Here is a video explaining VPNs







Password manager
https://keepassxc.org
https://bitwarden.com/

Hardware
If your hardware is compromised and has a backdoor then none of your protections in your OS will protect against it. This is very dangerous and is why it is very important to use open source hardware with privacy in mind. These are near impossible to get. 

Modern Intel CPUs come with a thing called a Management Engine. This is mainly used for businesses but can be used to compromise your computer. The ME has full access to memory, the TCP/IP stack, can send and receive network packets, can activate your computer remotely and is signed with an RSA 2048 key that cannot be bruteforced. The ME is completely proprietary so nobody can audit it. 

AMD CPUs come with their own equivalent called the PSP. Many people claim that this has full access to your computer but none of these claims have any evidence it back it up. AMD has repeatedly refused to open source the code. This could indicate some kind of backdoor they don't want us to see but there isn't any evidence for this. 

These can be used as backdoors into your PC and nothing can stop it. This is why we must use secure hardware.

Purism
Purism is a company that makes hardware designed with privacy in mind. Most of the hardware and firmware is open source and they have disabled the ME. The process they used is described on their website. Ordinary people cannot use this method as you need to be the manufacturer to do some of these steps.
https://puri.sm/

Here are more informative videos
Anonymity vs privacy




Helpful Reddit Pages
https://www.reddit.com/r/privacy/
https://www.reddit.com/r/fossdroid/
https://www.reddit.com/r/LineageOS/
https://www.reddit.com/r/degoogle/
https://www.reddit.com/r/qubes/

With all the above, you should be able to have a good level of security and anonymity. By keeping things separate, we are making it so that you are not trusting a company such as Google with all your private data. Compartmentalization is the best current tool because it is the exact opposite of Google. Instead of keeping your whole life centralized, your life is instead divided separately so that no one will be able to get a full picture of you, they will instead find fragments that will be hard to put together. Not keeping all your eggs in one basket.

I copied and pasted a lot of information from this website:
https://theprivacyguide1.github.io/
06-02-2019 02:53 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 4 users Like CaptainChardonnay's post:
TheFinalEpic, DJ-Matt, Isaac Jordan, oilbreh
CaptainChardonnay Away
Ostrich
****
Gold Member

Posts: 2,111
Joined: Aug 2012
Reputation: 36
Post: #4
RE: How To DeGoogle Your Life - Online Security, Privacy and Anonymity The Complete Guide


06-02-2019 02:53 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 1 user Likes CaptainChardonnay's post:
Donpek
TheFinalEpic Offline
Pelican
****
Gold Member

Posts: 1,574
Joined: Apr 2014
Reputation: 26
Post: #5
RE: How To DeGoogle Your Life - Cyber Security, Privacy and Anonymity The Complete Guide
This sort of stuff is excellent if you are wanting to take yourself out of the prying eyes of the big tech companies, and stop them from advertising to you. You can also save literally hundreds of dollars a year with online purchases/travel with intelligent VPN use when shopping for flights, accommodation, and larger ticket purchases.

I think that more people should care far more about their privacy and ability to live their lives without being marketed to, or even discriminated against because of their online history. The fact is that most don't give a fuck. Our society is that of the frog in incrementally boiling water, and we've let it get to the point that most of these business models infringe upon our human right of privacy.

That being said, if your threat model includes government agencies, you are pretty much screwed. You do make it much harder for them, but if you are running a Dark market, involved in criminal activity of any kind, or are a dissident, and they want to find you, they will find you.

"Money over bitches, nigga stick to the script." - Jay-Z
They gonna love me for my ambition.
06-02-2019 10:06 AM
Find all posts by this user Like Post Quote this message in a reply
Guy80 Offline
Pigeon

Posts: 6
Joined: Jan 2017
Reputation: 0
Post: #6
RE: How To DeGoogle Your Life - Cyber Security, Privacy and Anonymity The Complete Guide
Checkout Mike Bazzell's material too. Good stuff.
06-02-2019 10:47 AM
Find all posts by this user Like Post Quote this message in a reply
RWIsrael Offline
Robin
*

Posts: 204
Joined: Nov 2018
Reputation: 1
Post: #7
RE: How To DeGoogle Your Life - Cyber Security, Privacy and Anonymity The Complete Guide
(06-02-2019 10:06 AM)TheFinalEpic Wrote:  This sort of stuff is excellent if you are wanting to take yourself out of the prying eyes of the big tech companies, and stop them from advertising to you. You can also save literally hundreds of dollars a year with online purchases/travel with intelligent VPN use when shopping for flights, accommodation, and larger ticket purchases.

I think that more people should care far more about their privacy and ability to live their lives without being marketed to, or even discriminated against because of their online history. The fact is that most don't give a fuck. Our society is that of the frog in incrementally boiling water, and we've let it get to the point that most of these business models infringe upon our human right of privacy.

That being said, if your threat model includes government agencies, you are pretty much screwed. You do make it much harder for them, but if you are running a Dark market, involved in criminal activity of any kind, or are a dissident, and they want to find you, they will find you.


Yeah you're not going to hide from the NSA et al unless you're willing to live like Bin Laden in a cave somewhere for years and have a rival nation protecting you, and even then you're on limited time.
06-02-2019 10:57 AM
Find all posts by this user Like Post Quote this message in a reply
Winston Wolfe Offline
Woodpecker
**

Posts: 298
Joined: Jan 2018
Reputation: 28
Post: #8
RE: How To DeGoogle Your Life - Cyber Security, Privacy and Anonymity The Complete Guide
This stuff is very interesting, but a real challenge when you work in the digital world (which almost everyone does these days to an extend).

My real name is all over the place on the internet, but all you're gonna find is business related information. I'm careful with more private stuff.

That doesn't take away the fact that these big companies have all of my information, but I've accepted that as a necessary evil. My income is 100% online and I don't see a way to continue doing that if I were to implement all of these measures.
06-02-2019 11:09 AM
Find all posts by this user Like Post Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Online privacy thread (formerly: Which VPNs have you used?) the-dream 67 9,681 Today 11:13 AM
Last Post: open source
  Credit Security Freeze Datasheet Lampwick 13 6,545 10-08-2019 07:02 PM
Last Post: bgbusiness
  Is it a good security measure to change your mobile number every once in a while? Kid Twist 14 2,276 10-23-2018 10:30 PM
Last Post: Drazen

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | RooshV.com | Return to Top | Return to Content | Mobile Version | RSS Syndication