What should SaidIt users be doing to maintain their personal security when participating here?

submitted by [deleted] from self.AskSaidIt

all 36 comments
sorted by:
top
newinsightfulfun

[–][deleted] 38 insightful - 4 fun38 insightful - 3 fun39 insightful - 4 fun -  (22 children)

Good OpSec should be practiced by everyone in general:

  • If you use your Saidit username in other places, consider all uses linked with respect to how much you've doxxed yourself
  • Consider the email you registered to a site with public information, never use an email that links back to your real identity on a social media account. The most common way people get doxxed is using a real email like yourname(at)gmail.com on on a site like LinkedIn or Facebook, as well their shit posting account on a place like reddit, or some other internet forum.
  • Assume that most all of your emails will be compromised at some point, make new ones for new sites - it's free
  • Never talk about where you work or where you go to school
  • Never make arguments from authority, even if you are an authority in a field
  • Don't use the same password on different sites
  • Have a burner phone you use for social media accounts / emails where required. A prepaid phone in a made up name with 30$ on it will last ages when you only use it for dual factor
  • Use a VPN / maintain certain regions of IP addresses on your politically incorrect accounts
  • If you want to use social media or the internet for normal purposes have a normie account
  • You don't need a VPN on your normie account

Finally:

  • If you have good reason to believe you're on a glownigger watchlist, have fun with it. Leave Tor and I2P open all the time as a relay, but don't use them. They'll expend loads of resources trying to decrypt traffic that doesn't exist.

[–][deleted] 12 insightful - 1 fun12 insightful - 0 fun13 insightful - 1 fun -  (4 children)

And please secure the ship that you are flying through the internet, as far as you can or consider building a new one, if you can. Blackhat hacking is imo not just to be considered as criminal activity, i regard it more like a rain problem, which only gets into your house, if your roof has holes in it.

Some gangs made a business model from this.

Make it as expensive as you can - for them to achieve - with the things you know and have energy and time to read into.

Furthermore: Use different passwords for every account you need and get a password manager and at least two different trustable backup solutions of your choice for that.

And don't buy those nasty bugs from Asshole-Zon or googol INTO your own rl house.

Finally: There is no cloud, there are just other's people's computers. It is label dizziness or a straight-out direct lie ("free" clouds...) into your face. Trustable cloud computing is very, very expensive, that is why these solutions are spread very thin in the market. With the massive computing power asshole-zon and googol bought, i believe there is no practical concept so far, that can withstand these giants, other than keeping your stuff on your ship, behind a big, massive door with a very complex lock.

Behind them is ATLAS, namely the NSA (and Palantir selling this very dark magic), employing over 20000 mathematicians manipulating the curves to beforehand control almost every good crypto you can implement easily.

[–][deleted] 12 insightful - 2 fun12 insightful - 1 fun13 insightful - 2 fun -  (3 children)

I agree that Technical security is important to have; but I've seen far too many people ignore the fundamentals.

Most doxxing isn't done by blackhats, it's done by politically motivated internet activists, often in cooperation with employees that work at the social media platforms and Google. If you ignore fundamentals your custom security focused Linux install with your real disk image layered behind stenography isn't going to save you.

The key lesson is not trusting anyone with your real information. Especially activist corporations like Google, Reddit, etc.

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

Agreed. I'm like water, in mirrors I can see the future :) .

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Lots of extra good information edited in. I was saying this shit back in the 90's due to Carnivore/DCS1000 and Total Information Awareness; everyone called me a crazy tin foil hat conspiracy theorist. Funny how that worked out.

I've always been fond of Twofish + Serpent for encryption, what are your flavors?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Excellent choice.

[–]quipu 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (0 children)

If you have good reason to believe you're on a glownigger watchlist, have fun with it. Leave Tor and I2P open all the time as a relay, but don't use them. They'll expend loads of resources trying to decrypt traffic that doesn't exist.

I like this.

I also like to maintain weird random accounts at foreign "free" email providers. I don't use the accounts, but I could! It's fun to add to the noise.

[–][deleted] 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (10 children)

how do you tell if you're on a watchlist?

[–]nolivesmatter 7 insightful - 9 fun7 insightful - 8 fun8 insightful - 9 fun -  (0 children)

you are on saidit

[–]Shitskinned_Faggot 7 insightful - 4 fun7 insightful - 3 fun8 insightful - 4 fun -  (6 children)

Police broke my door down and searched my house because of my comments on Reddit, that's how I know.

[–]aThievingStableboy 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (3 children)

adfgfaSD

[–]Shitskinned_Faggot 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (2 children)

UK.

[–]aThievingStableboy 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

adfgsfads

[–]Mallard 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

I knew where you were from the first comment you made. Hope they didn't lock you up.

[–]LarrySwinger2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

What was it about the comments that triggered this?

[–]Shitskinned_Faggot 12 insightful - 3 fun12 insightful - 2 fun13 insightful - 3 fun -  (0 children)

Suicidal threats actually, concern for safety.

But I was asleep and didn't hear them until they pulled out their battering ram.

Then they questioned my nastier comments too and I played dumb. I had 3 police visits in a month over my online comments on Reddit, they claimed 'malicious international communications'.

Waiting for a FOI request to see what information they hold about me.

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Assume if you were ever the head of or an active participant in any small or medium sized groups/channels/etc where someone snapped and got violent, you're on a list.

[–]wrongthink 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

If you're able to tell then the watchers kinda fucked up.

[–]Aureus 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

This is an excellent guide, thanks!

Assume that most all of your emails will be compromised at some point, make new ones for new sites - it's free

What providers do you recommend?

[–][deleted] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

If you don't care if the site can contact you just use a temp provider to sign up. Guerrilla mail, etc.

If you want private emails it doesn't really matter which email provider you use. Exchange keys with people outside of the context of the emails and send encrypted communications (Enigmail, etc). Don't trust anything that "handles it for you" (transparent encryption) as this ultimately means your private keys are in the hands of a third party. As long as you never associate your real identity or use the same key for "real emails" as the ones you use under pseudonyms it should be fine.

Gmail is sketchy unless you have a whole sandbox set up for your persona, because they will correlate activity elsewhere on the web to establish your identity through their "free tools", and ad business. If you do have such a sandbox set up and your real information never touches it / gmail away.

[–]Sscratchie 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Protonmail is Swiss. All the mail is encrypted on the server. Only access it through Tor. Tails is the most secure OS and it's portable.

The best password is 2 lines of the first letter of every word in a song. Heartbreak Hotel is A1acYcsfsr. Add Fbhl2ct1tg for NSA proof.

This all fails if they beat the passwords out of you.

Edit Tails executes an emergency shutdown if the USB is removed. All evidence is gone in less than a second.

[–]cloudrabbit 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

What about passwords? How do you memorize passwords for so many accounts? And the account/email usernames?

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

What about passwords? How do you memorize passwords for so many accounts? And the account/email usernames?

https://keepass.info

Something like this works fine - but your grandparent's embarrassing habit of keeping a notebook next to their desk works fine too. After all, your biggest threat is not someone physically walking in your door, it's someone hundreds or thousands of miles away.

[–]quipu 15 insightful - 1 fun15 insightful - 0 fun16 insightful - 1 fun -  (1 child)

Don't reuse identities. It's tempting to build a well-known identity by using the same name across different websites, but it only builds your ego and makes you more attached to that identity. Then you get afraid that something might happen to it, and bans have a huge impact. It also makes it easier for people to stalk/dox you.

It's liberating when you fully embrace throwaway handles. You don't have to worry as much about karma or reputation. The only downside is that it's harder to make friends across platforms, but these days I find it hard to do that anyway. There's too many suspicious people fishing for personal details.

[–]Raavan 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

Yep totally true. When I had 2 main accounts on redbit both the bans hurt me so much. Fast forward to when I had 30+ accounts by June 29th bans were just an everyday thing.

[–]DrScience 8 insightful - 3 fun8 insightful - 2 fun9 insightful - 3 fun -  (3 children)

All good stuff.

What are your thoughts on deliberate disinfo? Of course never giving any personal info, but "letting slip" a few fake personal details once in a while. Once in a long while posting in a sub for people who live in a certain city which you have never even visited, but does match your time zone and thus posting timing. This is just for the social media activists who go through your post history hunting for clues.

[–]Raavan 3 insightful - 9 fun3 insightful - 8 fun4 insightful - 9 fun -  (1 child)

The weather here in Delhi is real nice today, you can almost see 10 meters through the smog lmao

[–]King_Brutus 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Typically if people are going to be doing open source intel gathering they aren't usually combing through your comments, they'll take the quickest way to find where/who you are which will be matching up phone numbers, emails, and physical addresses anywhere they are listed.

LE involvement would be a different story though and they wouldn't need your comments to find out who you are anyways unless they are building a case with your comment history.

[–]bald-janitor 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 2 fun -  (0 children)

Using tor like me maybe, saidit app and orbot app from F-droid is a good combo imo

[–]DestroyerOfSoy 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 2 fun -  (1 child)

don't run Windows.

[–]m68k 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

Don't use your real name on the internet... when possible.

[–]LarrySwinger2 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

What Marou said, except that I recommend using Tor. When you rely on a VPN to keep you anonymous, you're simply trusting their word on not keeping logs, even though many have cooperated with authorities before. The NSA really does seem to have trouble tracking Tor users, or at least they did in 2012.

Next to that, I recommend picking a username that doesn't reveal anything about you. Like mine. My name isn't Larry and I'm not a swinger; it's just random. Don't name yourself after a character from your favourite book either. And don't give up an email address when signing up on this site.

Edit: oh, and one more thing. Saidit often returns 1020 when you use it through Tor (to prevent DDOS attacks), but it's easy enough to press ctrl-shift-L (or cmd-shift-L under macOS) until you have an identity that does get accepted. A bit of a nuisance, but nothing unacceptable in my experience.

[–]King_Brutus 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

This should really be stickied to the site.

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I added a link in the SaidIt welcome message comments, feel free to upvote it! If the admins think it's a good idea maybe they could add a "security tips" section to the welcome message.

[–]TripleXChromosomeGal 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Don't tell anyone who you are or where you live.

[–]forgottenpasswordguy 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Deleting older comments, maybe 3-6 months old? If I feel like I shared some unique and helpful advice I'll leave it up, but in time the everyday discussion type comments become a liability instead of an asset when visible under your account. It's not a huge step but it's something.