├── .gitignore ├── 01_1_why_privacy.md ├── 01_2_regain_privacy.md ├── 02_1_threat_model.md ├── 03_1_technical_choices.md ├── 03_2_create_identity.md ├── 03_3_operate_identity.md ├── CLA-signed ├── CLA.namcios.55A24BE0AEE5DB4152C6A4108E3A368317269AB4.asc └── README.md ├── CLA.md ├── CODEOWNERS.md ├── CONTRIBUTING.md ├── LICENSE └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by https://www.gitignore.io/api/macos 2 | 3 | ### macOS ### 4 | # General 5 | .DS_Store 6 | .AppleDouble 7 | .LSOverride 8 | 9 | # Icon must end with two \r 10 | Icon 11 | 12 | # Thumbnails 13 | ._* 14 | 15 | # Files that might appear in the root of a volume 16 | .DocumentRevisions-V100 17 | .fseventsd 18 | .Spotlight-V100 19 | .TemporaryItems 20 | .Trashes 21 | .VolumeIcon.icns 22 | .com.apple.timemachine.donotpresent 23 | 24 | # Directories potentially created on remote AFP share 25 | .AppleDB 26 | .AppleDesktop 27 | Network Trash Folder 28 | Temporary Items 29 | .apdisk 30 | 31 | # End of https://www.gitignore.io/api/macos 32 | 33 | # Created by https://www.gitignore.io/api/c 34 | 35 | ### C ### 36 | # Prerequisites 37 | *.d 38 | 39 | # Object files 40 | *.o 41 | *.ko 42 | *.obj 43 | *.elf 44 | 45 | # Linker output 46 | *.ilk 47 | *.map 48 | *.exp 49 | 50 | # Precompiled Headers 51 | *.gch 52 | *.pch 53 | 54 | # Libraries 55 | *.lib 56 | *.a 57 | *.la 58 | *.lo 59 | 60 | # Shared objects (inc. Windows DLLs) 61 | *.dll 62 | *.so 63 | *.so.* 64 | *.dylib 65 | 66 | # Executables 67 | *.exe 68 | *.out 69 | *.app 70 | *.i*86 71 | *.x86_64 72 | *.hex 73 | 74 | # Debug files 75 | *.dSYM/ 76 | *.su 77 | *.idb 78 | *.pdb 79 | 80 | # Kernel Module Compile Results 81 | *.mod* 82 | *.cmd 83 | .tmp_versions/ 84 | modules.order 85 | Module.symvers 86 | Mkfile.old 87 | dkms.conf 88 | 89 | # End of https://www.gitignore.io/api/c 90 | -------------------------------------------------------------------------------- /01_1_why_privacy.md: -------------------------------------------------------------------------------- 1 | # 1.1: Why Is Privacy Important? 2 | 3 | If you ask anyone if they need privacy, their likely answer will be something along the lines of, "Of course not, only people performing bad actions need privacy. I don't need it because I have nothing to hide." These remarks are far too common; nonetheless, they are often short-sighted. 4 | 5 | Someone who says they don't need privacy because they have nothing to hide usually contradicts their everyday actions. It wouldn't be uncommon to see that person close the window and pull the curtains of their bedroom before having an intimate moment with their partner. The action of reducing the spectators or participants of an event to only those in it is a clear claim on privacy, yet one took for granted. Ask if that person would like their boss or coworker to be peaking through the window, and the likely answer would be an astonishing "no." So why do people say they don't need privacy? Didn't they say they have nothing to hide? How is this different? 6 | 7 | In reality, people dismissing privacy with the premise that only those doing nefarious actions need it entails there are only two types of people in the world: good and bad. Besides being a blunt misrepresentation of the world, this assumption has a bias embedded in it. What is considered bad enough for someone to be labeled as a bad person? Do good people only perform good deeds? What if they don't intend to do something wrong but end up doing it either way? 8 | 9 | Reality is grey rather than black-and-white. Nonetheless, it is still in the general public's best interest to catch people performing actions that harm others. One's freedom of choice can't supersede another's right to life and well-being. But where in the sand is the line drawn? What ought to be public, and is a crime to be kept private? Contrastingly, what can be kept confidential, and is a crime to be made public? 10 | 11 | In the physical world, intimate moments such as having sex are intuitively seen as private ones. In that case, pulling the curtains is something natural and expected, and nobody will judge you for it because it follows societary orthodoxy. But saying you need privacy in the digital realm is often taken as an offense in and of itself. The simple act of seeking to "pull the curtains" for some of your online activity is surprisingly perceived negatively, while physically doing so is a norm. What changes? 12 | 13 | Human society has been enjoying physical privacy –– pulling the curtains for having sex –– for some centuries, but digital privacy –– pulling the curtains for browsing the web –– is very much new in the history of humanity. For the most part, those reading this document will intuitively understand and instantaneously mentally picture what pulling the curtains for having intimate moments means. On the other hand, the same cannot be said about pulling the online curtains for internet browsing. This fact highlights how society usually cannot understand online privacy, both what it is and how it is achieved. 14 | 15 | In the physical world, you generally can tell if your privacy is being invaded. For instance, if you're in your bedroom with all the curtains and windows and doors closed, you can be reasonably sure that no one else is there with you besides those who you intended to be in the first place. In the online world, however, things aren't as straightforward. Most of the time, people assume they are doing something alone on their laptops simply because the room's door is locked and nobody is physically present with them. As a rule, online presence is harder to identify and measure than physical presence. You would likely be astonished if you could see behind the digital curtains and observe the many entities likely to be watching your every online move. 16 | 17 | In reality, most of what is done online is not done alone –– there is always someone or something watching, or in online jargon, tracking. Not necessarily all your movements, but indeed what, when, and how you're browsing the web. Google can gather as much information on you and your behaviors as you're willing to give them, and the chances are that data will live for very long. Google was all it took for a U.S. Internal Revenue Service (IRS) special agent to uncover Ross Ulbricht's identity[^1], the alleged operator of the deep web marketplace Silk Road. 18 | 19 | Silk Road only operated as a hidden service (.onion instead of .com), but the agent thought there could be site mentions on the open web, also referred to as clearnet. After Googling "Silk Road" and ".onion," the agent found a forum post that quoted another post by a user named "altoid." [^2] He then looked at older posts by that user until he found altoid seeking "the best and brightest IT pro in the bitcoin community to be the lead developer in a venture backed bitcoin startup company" [^3] years before Silk Road was online. The recruitment post said interested candidates should email "rossulbricht at gmail dot com." The agent then asked the judiciary to break into that email account, and Ulbricht was in jail a little later. 20 | 21 | You most likely have little clue about the massive amount of data the internet and Big Tech companies like Google have on you. Some of which you handed out willingly, although frequently due to carelessness like in Ulbricht's case, but many of which you have no idea the internet possesses. 22 | 23 | After the Cambridge Analytica case, the data analytics company that used Facebook data of millions of U.S. voters to target them with advertising in the Trump campaign in 2016 and ultimately led the Republican candidate to victory, *The New Yorker* reporter Brian X. Chen sought to see how much data the social network had of him. Chen details how surprised and terrified he was after discovering all the pieces of information Facebook had on his persona. "Yikes." 24 | 25 | "When I downloaded a copy of my Facebook data last week, I didn't expect to see much. My profile is sparse, I rarely post anything on the site, and I seldom click on ads," Chen wrote.[^4] "But when I opened my file, it was like opening Pandora's box." 26 | 27 | If you were to follow Chen's steps and take a peek at all the personably identifiable information (PII) that Facebook stores about you, chances are you'd have a similar jaw-dropping reaction. 28 | 29 | Since your online behavior is being tracked without your consent or acknowledgment, companies, hackers, and even the government can use that data to coerce you into doing something you don't want to do. They can threaten you if you deny, invade your personal life with physical stalking or harassment, or permanently damage your reputation by exposing things you wouldn't like made public. In short, the amount of data you leave online is likely far beyond what you'd be comfortable to share with others deliberately –– even the close ones. 30 | 31 | Due to society's digitization, it has become more accessible and easier to harness and analyze data on anyone, anytime. Citizens can be tracked anytime, regardless of where they are, at the whim of a regulator or influential person. And worse, the citizens themselves have no clue they're being watched until those watching decide to tell them. 32 | 33 | The panopticon is a system created in the 18th century to enable a security guard to watch over all inmates in jail without their knowledge[^5]. But it has since been extended to any institution that wishes to obtain oversight and control over its members. In modern times, the model has been referenced in surveillance technology[^6], employment and management[^7], and social media[^8]. The government, corporations, and motivated entities can use panopticon-like online tactics to enforce belief systems, political orientation (as in the Cambridge Analytica case), and most importantly, obedience. The constant oversight of those in power over their people is the most critical piece of the puzzle in obtaining conformity and compliance – and that is why totalitarian governments are keen on achieving it. 34 | 35 | Big Tech most certainly knows all about you since it tracks all your online movements. Amazon knows what you like to buy, Facebook (and Instagram) knows your interests, and Google knows what you're looking for next. Puzzle that information together, and there's crucial PII on any person's interests, habits, social circle, political orientation, shopping preferences, and subconscious habits and inclinations of which not even the person themselves are aware. 36 | 37 | Furthermore, even if you still say that you have nothing to hide and thus don't need privacy, you miss that privacy catalyzes diversity. There is no diversity in a panopticon because while being watched, people's behavior does not represent their true intentions but the expectations others have of them instead[^9]. Authoritarian regimes don't want diversity; they want obedience. By stripping away personal privacy, the system ends up crashing individual freedom as well. 38 | 39 | Moreover, a person that only does good things could quickly be turned into a bad person, by their definition, if they moved jurisdictions. Advocating for women's rights in the U.S. is seen as legitimate, while in most of the Middle East, it is seen as entirely absurd and even illegal in some areas. The definition of "good" or "bad" is more often than not determined by those in political power. Therefore, "bad" is any and everything that threatens a regime and its establishment –– authoritarian or not. 40 | 41 | Constant China bans on Bitcoin are a clear example of this. The communist-ruled country has been trying to ban or restrict BTC usage since 2013[^10] to suppress a monetary technology that, at its core, enables freedom and sovereignty. It goes against China's best interests to have a sound money system that empowers the individual since the idea of individual freedom is incompatible with a communist ideology[^11]. 42 | 43 | The Chinese government has been taking active measures to restrict or censor all the different forms an individual could gather information and form opinions. As early as 2002, the communist-led country blocked its citizens from accessing pro-democracy sites, health sites, Web pages from U.S. universities, online comic books, science-fiction fan centers, and the Jewish Federation of Winnipeg's Internet home[^12]. 44 | 45 | "To human rights research consultant Greg Walton, these patterns of suppression are beacons, showing where these regimes see threats to their authority," reported Wired[^12]. 46 | 47 | Countries seeking some or total control of their citizens will lash out at privacy, similar to what China is doing[^13]. Often with propaganda, such governments will try to lead their population into believing that privacy is something only bad people need - a fallacious argument that this document has explored at length. In truth, behind the curtains, these governments want to be in the loop of what their citizens are doing and analyze anything that may threaten their power, even if said "bad" things aren't a crime and their regime isn't authoritarian. A panopticon-like nation-state subconsciously drives people away from their actual wants to favor the needs of the minority which is in power. 48 | 49 | Despite all the negativities of government and Big Tech surveillance, privacy extends far beyond that. In addition to the general privacy requirements for individual freedom in a national or global context, many people crave privacy in their daily interactions, in their communities, families, or work settings. You may or may not relate, but people living in the margins of society face privacy needs that those in the mainstream ethos seldom think about. 50 | 51 | "Queer Privacy: Essays From The Margins Of Society" [^14] shares the stories of many people in situations where their very existence is seen as a threat. People on the margins of society often need the details of their personal lives to be kept private, even from the ones most close to them. In "Privacy On The Margins," an essay in "Queer Privacy," Morgan Potts explains how close people can often cause more harm than a government. 52 | 53 | "For a long time the threat for me wasn't just the state, or identity thieves; more than anyone else it was my partner. For three years I was in an abusive relationship where my then-boyfriend cyberstalked me," wrote Potts. "He used our shared network to get access to my browser history. He would use that information to pretend he knew me better than I knew myself, and to exploit my fears. He also used a keystroke program to get my email password and therefore all my social media passwords, and made my email account passively forward him every email I sent and received." 54 | 55 | Do you think someone would label Potts a "bad person" because of her need for privacy? Potts was a victim of stalking, coercion, and harassment, leading her to seek ways to achieve enough privacy so that she could sleep at night. To say that only people doing bad things need privacy seems a rather narrow-vision statement now that things have been put in perspective. Those uttering such remarks are often so privileged that they can't perceive the many different realities people face around the world. Similarly, those developing or marketing privacy-preserving technologies can't be labeled as bad people or called out for enticing wrongdoing. It was those tools that enabled Potts to reclaim her privacy, and ultimately her life. 56 | 57 | "Reclaiming my privacy has been important both as an activist and immigrant, and on a personal level to regain control over my life," Potts wrote. "It's been empowering to realize that tools and methods which my ex used against me can be frustrated and blocked with tools of my own. Now my ex would need access to my phone (which is encrypted with its own passphrase) in order to gain access to my email or social media accounts. My confidence in my privacy from the prying eyes of the state is medium to low, but at least I'm fairly confident that my abusive ex can't track my movements across the city anymore—and if he did, my friends have bats at the ready." 58 | 59 | To realize the need for privacy and work towards securing that right is to acknowledge the 4.3 billion people in the world who live under authoritarian regimes. It is an act of compassion towards those "on the margins" that need privacy only to exist peacefully. Moreover, fighting for the right to privacy even as a privileged person in the West is preventive. Kath Rella also shared her story in "Queer Privacy" in the essay "What's In A Name?" Rella, which is not her real name but instead her online pseudonym, shared the many ways with which the U.K. government had secretly been spying on law-abiding citizens[^15]. 60 | 61 | "The simple fact is we all have a private life. We should all have a right to a private life. Our government does not feel this is the case," she wrote. "The argument made by many, that the government is only interested in serious crime, falls apart when we look at how pre-existing powers are being used. With such comprehensive access to people's personal information, the likelihood of more invasive surveillance of innocent people only increases." 62 | 63 | Ultimately, even if you are the most privileged human in the world, who enjoys financial inclusion, freedom of speech, and rights to form an opinion, and therefore claims to not need privacy, fighting for privacy is fighting for the rights and lives of those who are not that privileged. Saying you don't need privacy because you have nothing to hide is an unfair discourse that misses how your privacy is actually necessary for all the privileges you enjoy. Moreover, it doesn't account for the billions of people worldwide who live under totalitarian regimes and can't enjoy the same assurances you have. 64 | 65 | To say that only people doing bad things need privacy because they want to cover it up is a selfish, reductionist, short-sighted, narrow-visioned, privileged statement. It places everyone alive in one of two boxes and fails to acknowledge the diverse set of realities people live in around the world. It completely dismisses good people such as Potts that need privacy to live without fear. 66 | 67 | But even if you wish to dismiss all that and take the selfish route, being aware of and fighting to protect your privacy is an act of self-respect and preservation because you might not know the path your country chooses to follow next. By neglecting your privacy now, you may find yourself in troubled waters if democracy keeps declining worldwide as it has been in the 21st century[^16][^17][^18]. 68 | 69 | ## Conclusion 70 | 71 | > "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." – Edward Snowden. 72 | 73 | The internet has become a hotbed for data harvesting as users are faced with ever-increasing requirements of data submission to access online services (aka know-your-customer, or KYC, procedures). Although KYC is marketed as being a counter-terrorism practice, it often leads to users having their personal information compromised. This is because data collecting companies, such as a phone company or bank that, which collect data to offer their services, are bad in securing that data. 74 | 75 | The solution is not always hardened security for those companies' systems. The companies will always pose a security and privacy issue because they represent single points of failure: one system that guards many data points. Compared to a distributed peer-to-peer system, it is easier for such a single system to be targetted by hackers or attackers, and so they will be. 76 | 77 | But full anonymity in the internet is likely a far-fetched reality. Tracking companies and their practices can extend far beyong your browser and its cookies. Someone who seeks online anonymity––or at least pseudonymity––must go at great lengths, usually at the expense of time and money. Basic habits will allow you to protect against the most commons threats that arise from online data harvesting from government, companies, and fellow humans, including: 78 | 79 | - **Marketing manipulation.** Marketing companies can purchase your information from other corporations, e.g. banks, social media, hospitals or clinics, and bombard you with their marketing efforts through mail, email, phone number, etc. This can also be used to manipulate persons or groups of people, as in the [Cambridge Analytica case](https://www.theguardian.com/technology/2019/mar/17/the-cambridge-analytica-scandal-changed-the-world-but-it-didnt-change-facebook). 80 | - **Credit card fraud.** Bad actors can steal your information through social engineering or phishing scams and make purchases in your name. This can usually be reverted but will result in at least many days of headaches. 81 | - **Identity theft.** Also through social engineering, people can commit crimes under your name, permanently injuring your personal records and affecting your life forever. 82 | - **Personal stalking.** Technology has enabled tracking to be easier and more accurate, often putting peoples' lives in danger. Information sellers can also be harmful in this case, and might've been liable in the [Amy Boyer case](https://epic.org/privacy/boyer/). 83 | - **Government surveillance.** Some examples include: [ECHELON](https://techcrunch.com/2015/08/03/uncovering-echelon-the-top-secret-nsa-program-that-has-been-watching-you-your-entire-life), [FinCEN](https://www.thomsonreuters.com/en-us/posts/investigation-fraud-and-risk/fincen-leaks-aml/), [XKeyScore](https://www.hackread.com/xkeyscore-nsa-tool-spy-data-online/), [Fascia](https://www.digitaltrends.com/mobile/nsa-tracking-cell-phone-location/), [Optic Nerve](https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo), and [PRISM](https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet). The issue is that many of these projects, created to target and trim terrorism, more often than not [don't deliver](https://www.wired.com/2015/05/breaking-news-federal-court-rules-nsa-bulk-data-collection-illegal/) and end up harming civilians. 84 | 85 | > Reminder: this guide currently does not help you guard from highly-skilled, highly-motivated individuals that are tracking you individually. 86 | 87 | Privacy, including digital privacy, is not only a basic right but should be encouraged and practiced by regular people everyday. Bottom line is, everyone can benefit from adding even a little extra privacy in their online lives. 88 | 89 | Now that you have understood why privacy is important, move on to take [Basic Steps To Regain Online Privacy](01_2_regain_privacy.md). 90 | 91 | ## Footnotes 92 | 93 | [^1]: Joe Mullin. Retrieved September 2021. "The incredibly simple story of how the gov’t Googled Ross Ulbricht." Arstechnica Policy. [https://arstechnica.com/tech-policy/2015/01/the-incredibly-simple-story-of-how-the-govt-googled-ross-ulbricht/](https://arstechnica.com/tech-policy/2015/01/the-incredibly-simple-story-of-how-the-govt-googled-ross-ulbricht/) 94 | [^2]: Bitcointalk.org. Retrieved September 2021. "A Heroin Store." Bitcointalk.org. [https://bitcointalk.org/?topic=175.70;wap2](https://bitcointalk.org/?topic=175.70;wap2) 95 | [^3]: altoid. Retrieved September 2021. "Topic: IT pro needed for venture backed bitcoin startup." Bitcointalk.org. [https://bitcointalk.org/index.php?topic=47811.msg568744#msg568744](https://bitcointalk.org/index.php?topic=47811.msg568744#msg568744) 96 | [^4]: Brian X. Chen. Retrieved September 2021. "I Downloaded the Information That Facebook Has on Me. Yikes." The New York Times. [https://www.nytimes.com/2018/04/11/technology/personaltech/i-downloaded-the-information-that-facebook-has-on-me-yikes.html](https://www.nytimes.com/2018/04/11/technology/personaltech/i-downloaded-the-information-that-facebook-has-on-me-yikes.html) 97 | [^5]: Wikipedia. Retrieved September 2021. Panopticon. Wikipedia.org. [https://en.wikipedia.org/wiki/Panopticon](https://en.wikipedia.org/wiki/Panopticon) 98 | [^6]: Wikipedia. Retrieved September 2021. Panopticon, surveillance technology. Wikipedia.org. [https://en.wikipedia.org/wiki/Panopticon#Surveillance_technology](https://en.wikipedia.org/wiki/Panopticon#Surveillance_technology) 99 | [^7]: Wikipedia. Retrieved September 2021. Panopticon, employment and management. Wikipedia.org. [https://en.wikipedia.org/wiki/Panopticon#Employment_and_management](https://en.wikipedia.org/wiki/Panopticon#Employment_and_management) 100 | [^8]: Wikipedia. Retrieved September 2021. Panopticon, social media. Wikipedia.org. [https://en.wikipedia.org/wiki/Panopticon#Social_media](https://en.wikipedia.org/wiki/Panopticon#Social_media) 101 | [^9]: FS Blog Science. Retrieved September 2021. "The Observer Effect: Seeing Is Changing." Farnam Street Media Inc. [https://fs.blog/2020/08/observer-effect/](https://fs.blog/2020/08/observer-effect/) 102 | [^10]: Kashmir Hill. Retrieved September 2021. "Bitcoin in China: The Fall-out From Chinese Government Banning Real World Use." Forbes. [https://www.forbes.com/sites/kashmirhill/2013/12/06/bitcoin-in-china-the-fall-out-from-chinese-government-banning-real-world-use/?sh=1320362481a8](https://www.forbes.com/sites/kashmirhill/2013/12/06/bitcoin-in-china-the-fall-out-from-chinese-government-banning-real-world-use/?sh=1320362481a8) 103 | [^11]: Eric Roberts. Retrieved September 2021. "Communism and Computer Ethics: Censorship and Freedom of Speech." Stanford Computer Science. [https://cs.stanford.edu/people/eroberts/cs201/projects/communism-computing-china/censorship.html](https://cs.stanford.edu/people/eroberts/cs201/projects/communism-computing-china/censorship.html) 104 | [^12]: Noah Shachtman. Retrieved September 2021. "An Inside Look at China Filters." Wired Security. [https://www.wired.com/2002/12/an-inside-look-at-china-filters/](https://www.wired.com/2002/12/an-inside-look-at-china-filters/) 105 | [^13]: Eric Roberts. Retrieved September 2021. "Communism and Computer Ethics: Privacy." Stanford Computer Science. [https://cs.stanford.edu/people/eroberts/cs201/projects/communism-computing-china/privacy.html](https://cs.stanford.edu/people/eroberts/cs201/projects/communism-computing-china/privacy.html) 106 | [^14]: Sarah Jamie Lewis. Retrieved September 2021. "Queer Privacy: Essays from the Margins of Society." [https://leanpub.com/queerprivacy](https://leanpub.com/queerprivacy) 107 | [^15]: Anushka Asthana. Retrieved September 2021. "Revealed: British councils used Ripa to secretly spy on public." The Guardian. [https://www.theguardian.com/world/2016/dec/25/british-councils-used-investigatory-powers-ripa-to-secretly-spy-on-public](https://www.theguardian.com/world/2016/dec/25/british-councils-used-investigatory-powers-ripa-to-secretly-spy-on-public) 108 | [^16]: Rick Shenkman. Retrieved September 2021. "The Shocking Paper Predicting the End of Democracy." Politico Magazine. [https://www.politico.com/magazine/story/2019/09/08/shawn-rosenberg-democracy-228045/](https://www.politico.com/magazine/story/2019/09/08/shawn-rosenberg-democracy-228045/) 109 | [^17]: Tim Sullivan. Retrieved September 2021. "For democracy, it's a time of swimming against the tide." AP News. [https://apnews.com/article/joe-biden-middle-east-africa-europe-government-and-politics-fea9b7509bb99a836edd62f32bb45ac3](https://apnews.com/article/joe-biden-middle-east-africa-europe-government-and-politics-fea9b7509bb99a836edd62f32bb45ac3) 110 | [^18]: Arend Liphart. Retrieved September 2021. "Democracy in the 21st century: can we be optimistic?" European Review 9, no. 2 (2001): 169-84. [https://www.cambridge.org/core/journals/european-review/article/abs/democracy-in-the-21st-century-can-we-be-optimistic/B4929D9B5E63A2D03E798B9B6B32C100](https://www.cambridge.org/core/journals/european-review/article/abs/democracy-in-the-21st-century-can-we-be-optimistic/B4929D9B5E63A2D03E798B9B6B32C100) 111 | -------------------------------------------------------------------------------- /01_2_regain_privacy.md: -------------------------------------------------------------------------------- 1 | # 1.2: Basic Steps to Regain Online Privacy 2 | 3 | Privacy is a basic human right, often protected and ensured in the physical world, which has been a reality for the entirety of human existence. However, in the new digital world, privacy is seldom secured, and companies, governments, and other people often overextend their powers to the detriment of individual rights which get left behind as the differences between physical and online privacy encourage illegitimate data harvesting. 4 | 5 | In the previous article, you learned about the importance of privacy. This document discusses actions you can take to regain some of your online privacy. It highlights steps you can take today to diminish the footprint you leave online and reduce the overall risk of falling victim to online doxxing, stalking, coercion, and other undesirable consequences of carelessly browsing the internet. 6 | 7 | > It is important to note that perfect privacy is not practical. Aiming for the perfect setup, one that would allow you to be a true ghost on the internet and unreachable by global, skillful entities with unlimited resources, would require an incredible amount of _daily_ work, effort, and time to achieve –– if it's possible at all. Additionally, striving for the perfect setup will most likely freeze you or lead you to despair once you realize you haven't reached it after countless dedication. So, remember: perfection is the enemy of good. 8 | 9 | You have plenty of options regarding _what_ to use for your online activities, but perhaps the most important aspect is _how_ you use it. Details of specific hardware and software you will need to use for your new identity are discussed in [3.1: Technical Choices for a New Identity](03_1_technical_choices.md), but here we will focus on what behavioral changes you can start performing right away. 10 | 11 | For every problem or issue you face, you also face decisions. Often, those decisions are enacted by taking into consideration the tradeoffs between ease of use and the consequences. In digital systems, people often turn to the most convenient solution possible, pushed by the "technology was created to make our lives easier" narrative whilst completely ignoring the unintended side effects and the risks associated with each technological choice. 12 | 13 | Here, we propose best practices that will allow you to regain some of your online privacy. Some of these will require you to lose some convenience, but the benefits gained as a result should be worth the extra effort. Remember that these aren't a one-time thing; rather, you'll need to make these a habit. 14 | 15 | The tips shared in this document should be practiced and done by everyone who uses the internet, regardless or their threat model. In that sense, a more advanced setup and specific habits will be discussed in Section Three, for your new identity. Until then, take note of and perform the below to start reclaiming your online privacy now. 16 | 17 | ## Use Free and Open Source Software (FOSS) 18 | 19 | Every time you choose to sign up for an online service or company or to download an app, you should think about the [potential consequences](https://www.eff.org/deeplinks/2020/03/google-says-it-doesnt-sell-your-data-heres-how-company-shares-monetizes-and) of that decision. For instance, you should consider what the data collection policies of such app or service is, how hard it is to delete your account and its information, and whether you have other alternatives. 20 | 21 | Generally, opt for free and open source software whenever possible. Although such tools will often not be as easy to use as proprietary software, you often gain in privacy. 22 | 23 | Proprietary software is literally a black box, and so you don't actually know what it is doing with your data when you use it. They do have privacy policies and terms and conditions, however, you will need to believe them. With FOSS, you can check for yourself. 24 | 25 | * [This wiki privacy guide](https://www.reddit.com/r/privacy/wiki/de-google) provides a nice list of alternative solutions for "de-Googling" you life. (One easy thing you can do right off the bat is to use DuckDuckGo instead of Google.) 26 | * Be sure to reference [privacytools.io](https://privacytools.io/) whenever you need a new software solution for a certain use case (they also have an [onion website](http://www.privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/)). 27 | 28 | Small choices can go a long way! 29 | 30 | ## Practice Digital Minimalism 31 | 32 | Technology is great, and it can indeed improve your life for the better. However, it is important you keep only the apps you truly need on a regular basis on your devices. Unused apps, which you most likely don't update as often as the ones you use regularly, can introduce an attack vector to your tech gear that you'd want to avoid. In this sense, digital minimalism, a term I first heard from [Techlore](https://www.youtube.com/playlist?list=PL3KeV6Ui_4CayDGHw64OFXEPHgXLkrtJO) is a low-effort, high-benefit standard to live by. Here are two techniques you can use to practice and achieve that standard. 33 | 34 | ### Remove Bloatware 35 | 36 | Every new device, including a computer or smartphone, comes with default software already installed out of the box. Evaluating which ones you _must_ keep versus the ones you can safely delete without compromising the functioning of the system can go a long way. Bloatware can compromise the performance, security, and privacy of that system –– and thus yours too. 37 | 38 | Perform a deliberate scan of all the default apps and programs installed in each of your devices (computer, smartphone, TV, smartwatch, etc.), asking yourself, for each app, "Do I really need this installed? Would the functioning of my device be impaired if I uninstalled it?". For the most part, you will be able to delete just fine. As a rule of thumb, especially for smartphones, if the device truly needs a certain default app installed to function properly, it won't allow you to uninstall it. In any case, if you're in doubt, you can search it online and see if a given app can be removed safely. 39 | 40 | ### Remove Apps and Programs Not Used Frequently 41 | 42 | The idea is similar to the bloatware case, but here you are the one keeping unnecessary apps and programs you don't really use anymore. Make a habit of regularly evaluating the many applications you have installed in your system and see if you still need them installed. The greater the number of applications, the greater the attack surface and the bigger the system's vulnerability. You are better off uninstalling a certain app and installing it again when you need it than just keeping it around. _Only keep the bare minimum of applications that you need_. And while you're at it, you can also remove unused files. 43 | 44 | The process is the same as above; scan your devices _entirely_ and ask yourself if you truly need a given app. Do that for all the applications and programs installed in your devices. You'll most likely want to repeat this a few times over the course of a week or more, spacing them out, in case you forget some apps or just get tired. In any case, **make this a habit!** 45 | 46 | ### Reset Your Devices from Time to Time 47 | 48 | Although not a complete and flawless solution that fits every circumstance, resetting your devices can be a good idea if they have become too bloated, or if you think they have been compromised by software, or if you just want to start anew. Doing it regularly can be even better. Just don't assume that if you're doing this you don't need to perform the other steps in this section; they complement each other. 49 | 50 | ## Basic Security Best Practices 51 | 52 | Although privacy and security aren't the same thing, they complement each other. Having a basic mindset in technological security can go a long way in preserving your privacy (by helping safeguard your information) and protecting your assets. Here are a few basic but essential habits for increasing your digital security. 53 | 54 | ### Be Skeptical of Links 55 | 56 | You should _always_ be skeptical of any link you receive online. Of course, the level of skepticism will depend on the medium that link is sent through, for instance, a link received in an email from an account you don't recognize should ring all the alarm bells, but one received from a close friend in your regular messaging app most likely shouldn't. 57 | 58 | However, a good rule of thumb is: if a link includes a sense or urgency, _do not click on it._ Moreover, if a link promises or advertises something that seems too good to be true, it most probably is, so _do not click on it._ Similarly, don't click on links offering free products or services. 59 | 60 | The importance of scrutinizing links and thinking carefully before clicking on them is because they are an attack vector easy to be used and leveraged by nefarious entities. Hackers can email you a link that, if clicked on, would give them full access to your device – and you wouldn't even realize it. One link received in WhatsApp was all it took for an attacker to obtain full access to Jeff Bezos' smartphone, for instance. 61 | 62 | Everytime you receive a message with a link, be aware. The following best practices will help you safeguard from becoming a victim of an attack: 63 | 64 | * Check the website without clicking on the link. Type it out on a web browser and see if the website is legit. Scrutinize the link to make sure it is pointing to where it should be. Some phishing sites use similarly-looking characters to fool you into thinking it's a legit site, so also check for those by reading the link thoroughly and carefully. 65 | * If the link is a shortened URL, such as bit.ly, use a URL expander service such as [URL Expander](https://urlex.org/) or [Expand URL](https://www.expandurl.net/) to see what the full link looks like. 66 | * If the link came from someone you know but it looks suspicious (free services, sense or urgency, or too good to be true), consider giving that person a call to confirm veracity. 67 | 68 | Most importantly - if in doubt, _don't click!_ 69 | 70 | ### Use a VPN 71 | 72 | Some think Virtual Private Networks (VPNs) are the holy grail of privacy or anonymity, but that is not the case. VPNs are better for security when using public Wi-Fi networks, because they make sure all your network traffic gets tunneled through encrypted channels. You also get a new public-facing IP address, so that would give you some privacy from your internet service provider (ISP). Apart from that, a VPN will also let you circumvent blocked content in your location and access content that can only be reached from other places. Just don't expect using a VPN will make you anonymous! 73 | 74 | Overall, there are some advantages to using a good VPN. However, there are also negative aspects. By using a VPN you're trusting that company not to snoop on your traffic or keep logs of it, and a bad VPN would do just that –– spy on your network traffic and keep logs to sell it out or hand it over at a whim. For that reason, never use a VPN that keeps logs, and choose one that has been audited by a third party. 75 | 76 | Additionally, it might be helpful to use a VPN service that does not require extensive information for account setup and that you can pay for with Bitcoin. This would grant you some anonymity - or at least pseudoanonymity. [Mullvad](https://mullvad.net/en/) is a good choice for all the above reasons, and they have an [onion website](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion/en/) too. 77 | 78 | The proper steps you need to take to subscribe to a good VPN securely and privately will be discussed in Section Three, so you might want to wait until you get there to get it sorted out. But you might want to have a VPN for your real-world identity too, in which case you can start getting right away. Just be sure to use a different option than Mullvad, because that will be used for the identity you'll be creating later on. (A good alternate VPN is ProtonVPN. Check it out and see if it fits your real-world identity needs.) 79 | 80 | ### Harden Your Internet Browser 81 | 82 | Your internet browser is your bridge to the online world. It can reveal a great deal of information about you and can easily become an attack vector if it's used on the default configurations and you're careless. So you should carefuly consider which one to use, how to use it, and when to use it. 83 | 84 | "Hardening" is a process of increasing the security of your internet browser by tweaking some configurations. There are plenty of hardening guides online and different people prefer different browsers. I like Firefox because it is open-source and flexible for great customization. 85 | 86 | Here's a good [Firefox hardening guide](https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/), and here's [another one](https://restoreprivacy.com/firefox-privacy/). 87 | 88 | Proceed with caution though and just harden it as much as you need; things can break otherwise. If some websites you visit frequently stopped working as intended after hardening your browser, consider using separate browsers for different types of tasks. Again, you might need to determine how far you want to go. 89 | 90 | Your threat model, which you will develop in Section Two, will help you think how much you'll need to harden your browser. Well, you might even need to use a different browser altogether! In any case, feel free to experiment with hardening a Firefox browser from scratch now, because you might use it for your real-world identity, increasing its security. 91 | 92 | #### Use the Tor Browser 93 | 94 | The Tor Browser is a hardened version of the Firefox Browser that also connects to the Tor network for increased privacy and anonymity. It enforces good best practices as a default, and is a great option for increasing your level of security and privacy online. 95 | 96 | The Tor Browser is a good, easy solution you can embark on right away, but it is not a fix-everything solution. It. As you progress in your journey to online anonymity or privacy, the Tor Browser may become the smallest part of your setup, but until then, it can be a significant step up in your current habits. 97 | 98 | Dedicate Tor Browser usage to sensitive online searches, advocacy use cases, or other activities that require greater privacy and security from your end. That alone can provide a compartmentalization that you can start performing right now, with zero time and effort requirements and without needing to purchase additional hardware. But beware that your Internet Service Provider (ISP) will be able to know that you're using the Tor anonymity network, and that alone can be undesired in many places: it is often looked at as suspicious even if no bad acting is being done. So, for greater privacy benefits, connect to your VPN first, then Tor. If you face Tor censorship instead, you might need to use Tor Bridges. 99 | 100 | ### Perform Regular Updates 101 | 102 | Software updates exist for a reason. Yes, they do often introduce nice and cool new features, but more importantly, they fix bugs. Every software has some kind of a bug, and updates fix them; this is how it works. So make sure you're keeping up with your devices' software updates. Some will give you the option to enable autoupdates, turn that on where possible. 103 | 104 | ### Prevent Physical Access 105 | 106 | This one might be a bit harder, but there are some steps you can take to diminish the risk of having your device be compromised through physical access. You can, for instance, make sure you don't lose sight of it when on risky environments. That is to say that maybe losing sight of your phone while at home likely won't incur high risk, but leaving it in your hotel room while you go for a jog could pose a more serious threat. 107 | 108 | So analyze and think what would consist threatening situations and hug that phone if you need to. One note on physical access, which is something this guide will cover in the next section: if you ever find yourself walking into risky places or situations, either don't bring your phone with you (you can take a burner phone instead) or turn it off. When you turn your phone off, its encryption keys are evicted from memory, increasing the security of your data (at least marginally). And when leaving your device unattended, you can put it in a temper bag, or a Faraday bag, or both. Again, analyze and think how far you need to go in your specific case. 109 | 110 | ## Compartmentalize 111 | 112 | Compartmentalization is a low-effort practice that can go a long way in helping you increase your online privacy. People using the Tor network, for instance, can get de-anonymized by an observer entity through behavioral patterns and cross-links between different activities. Always strive to achieve the highest level of compartmentalization in your digital life, based on use case. 113 | 114 | ### Email Addresses 115 | 116 | You can ramp up your privacy from online companies and data centers through email compartmentalization. It will separate your behavior, allowing you to use a different email address for every service you sign up to or every activity you conduct. [Simple Login](https://simplelogin.io) is one such provider. But note that for an advanced threat model, you would be better off not trusting a third party company and using the Tor Browser to manually create new email addresses for each use case. That would require greater effort and time, but would also yield greater privacy. 117 | 118 | ### Phone Numbers 119 | 120 | Similar to email addresses, you also can (and should) use one phone number with each activity, identity, or use case you conduct. For a simpler threat model, a service such as the one provided by [MySudo](https://mysudo.com) can go a long way. For a riskier set of threats in a more advanced threat model, you would need greater time and dedication; you would need to physically purchase a new SIM card, with cash and without revealing your identity if possible, for each identity or use case. A middle ground would be to use VoIP numbers. 121 | 122 | ### Credit Cards 123 | 124 | Another piece of information about you that you can compartmentalize online is credit/debit card information. You can use a company like [Privacy.com](https://privacy.com) to generate card aliases for each purchase, store, service, or use case. Again, doing it by yourself is always better, although in this case slightly more complicated. 125 | 126 | It can be unrealistic in most places and countries to open a bank account or get a payment card with your pseudonymous identity, for example. Even though you can purchase prepaid debit cards in a local pharmacy in places like the U.S., personably identifiable information (PII) is more often than not required, undermining your privacy. A realistic alternative to the third party service here is to use "clean" bitcoin for purchases; and if the store itself doesn't support it, you can use a platform such as Bitrefill to buy gift cards with BTC. 127 | 128 | ### Devices 129 | 130 | Software separation is good, but physical separation is better. If you have two identities, or two different roles or jobs which you wouldn't like getting mixed or doxxed, consider having separate devices for each. If you also keep them physically separate themselves, that's a bonus, because if one phone gets compromised and becomes a wiretap and tracking device, information in the other device will likely be safe. Evaluate if you could benefit from having multiple devices and go down that route if so. And just so that doesn't incur a high investment, you don't need a flagship device most of the times. Also –– if you end up using two separate phones for two different uses, get two different VPNs, one for each; compartmentalize that as well. 131 | 132 | ## Conclusion 133 | 134 | Privacy is a rare commodity these days, but you can start reclaiming yours with the habits and tips shared in this document. 135 | 136 | For dissidents, human rights activists under totalitarian regimes, or other people on critical situations: the above tools might just not suffice. With that threat model, you would need to go at greater lengths for increasing your privacy or even strive for complete anonymity. Nonetheless, everyone can benefit from even the smallest steps; how far you go will depend on your threat model. 137 | 138 | In the next sections you'll be figuring out what your threat model looks like, as well as taking actions to enforce it. But if you're curious and would like to research a bit more, some good resources, complementary to this guide, for determining digital security and privacy needs and actionable steps are the [EFF Surveillance Self-Defense](https://ssd.eff.org/) and [Front Line Defenders: Security-in-a-Box](https://securityinabox.org/) guides. 139 | 140 | Now that you have taken basic steps to start reclaiming your online privacy, move on to [Define Your Threat Model](02_1_threat_model.md). -------------------------------------------------------------------------------- /02_1_threat_model.md: -------------------------------------------------------------------------------- 1 | # 2.1: Define Your Threat Model 2 | 3 | Before creating your pseudonymous identity, you should step back and take some time to figure out your threat model and the security requirements associated with it. 4 | 5 | > NOTE: Be aware that this guide does not aim to help you guard from highly skilled, highly motivated actors with unlimited resources –– such as high-profile nation-states (in terms of resources, e.g. the U.S.) who are coming after you individually or an individual with unlimited resources who wants to track you down. In these cases, you'd need tactics that go beyond the scope of this guide. 6 | 7 | You should think about what you want to protect and who you want to protect it from. Additionally, you may want to consider the consequences if you fail. This will help you to determine how serious each threat is and plan accordingly. You will most likely take into account the likelihood of each threat happening and evaluate it against the potential harm it may cause and the general cost to protect against it. In the end, you'll have to decide how much trouble you're willing to go through to try and prevent potentially dire consequences. This might require listing out the options you have that could help mitigate such scenarios and proof-testing them one by one. 8 | 9 | The _exact_ steps you should take to define your threat model go beyond the scope of this guide. We will present you, however, with an overview and link to good resources. Generally, you should think about: 10 | 11 | 1. **What do you want to protect?** Think about the assets you have which you don't wish to lose. This could encompass a wide range of goods, from physical to digital and pure information. It could be your bitcoin, your identity, your car, your smartphone, etc. Think about each and every good you wouldn't want falling into undesirable hands and list them out. 12 | 2. **Who do you want to protect it from?** Now, look back on your list of assets that you want to protect and think about who shouldn't get a hold of them. This may change from asset to asset. For example, you might not want your spouse to have all the keys to your bitcoin, but it probably wouldn't bother you to have them borrow your car. Again, you'll have to think about your unique circumstances, priorities, and levels of threat. In summary, who or what are the people/companies/governments that shouldn't be able to get to or control or seize each of the listed assets? 13 | 3. **How bad are the consequences if you fail?** Take a moment to think about the worst-case scenarios that could come true if that entity took hold of that asset. Would they only be able to steal the asset itself? Would you or your family be put in danger? If so, what kind, online danger or physical danger? Both? It might also be helpful to rank the potential consequences; it might make it easier for you to spot the worse ones. 14 | 4. **Which potential consequences should you really guard against?** You may take into consideration both the likelihood of that consequence happening as well as how dire it would be. If something really bad is very likely to happen and is possible to be guarded against, that could be on the top of your priority list. Of course, not everything is preventable, but that also doesn't mean you shouldn't try. Threat modeling will help you figure out what you should work towards improving so that the chance of someone doing something bad with that diminishes. So in this step, you should focus on deciding what threats you should work to mitigate. 15 | 5. **How much trouble are you willing to go through to try to prevent the potential consequences selected in the previous step?** Different assets and different bad actors require different measures for protection, and that is what this step covers. Here you will think about what would be necessary to mitigate the chance for each threat to actualize. Let your thoughts run free and outline all the possible steps you could take to make sure that threat's likelihood of happening would be diminished significantly or completely. Think about the options you currently have available to help mitigate your unique threats. Then, you will need to decide which of those steps you are willing to act upon. This is necessary because some of them might require a commitment of time, money, or skills which you either may not have or may decide not to be worth committing to. So elicit the requirements for mitigating each threat, in terms of money, time, efforts, technical skills, and others. Next, carefully evaluate how realistic each action is for your circumstances and rank them in priority so you know what you need to do and when you need to do it. 16 | 17 | The above five steps are based on the Surveillance Self Defense (SSD) initiative of the Electronic Frontier Foundation (EFF). You can find the complete guide [here](https://ssd.eff.org/en/module-categories/security-scenarios) –– it encompasses different requirements based on your specific activity. Take a look at it through the lens of the new identity you want to create and its required activities or scenarios. 18 | 19 | For more complete ways of determining your threat model, you can browse through these resources: 20 | 21 | - [Threat Modeling: 12 Available Methods](https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/) by Carnegie Mellon University 22 | - [LINDDUN privacy engineering](https://www.linddun.org/): a systematic elicitation and mitigation of privacy threats in software systems 23 | - [Threat Modeling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html): OWASP Cheat Sheet Series 24 | - [PASTA Threat Modeling](https://versprite.com/tag/pasta-threat-modeling/) 25 | - [STRIDE Threat Modeling](https://en.wikipedia.org/wiki/STRIDE_%28security%29) 26 | - [DREAD Risk Assessment Model](https://en.wikipedia.org/wiki/DREAD_%28risk_assessment_model%29) 27 | - [Smart Custody](https://github.com/BlockchainCommons/SmartCustody): threat modeling for your bitcoin and secure storage best practices. 28 | 29 | ## Conclusion 30 | 31 | Threat modeling is an essential activity you need to conduct in order to successfully create and operate a new identity. More than that, it can also help you pinpoint the exact assets you need to protect and from what entities. Without a clear threat model, you may feel inclined to try to protect everything from everyone, a counterproductive mindset that will most likely freeze you and prevent you from achieving your goals. 32 | 33 | After you have taken the time to carefully analyze what your threat model would look like, and developed one, move on to Section Three, where you will be making [Technical Choices for a New Identity](03_1_technical_choices.md). -------------------------------------------------------------------------------- /03_1_technical_choices.md: -------------------------------------------------------------------------------- 1 | # 3.1: Technical Choices 2 | 3 | Now that you have understood the importance of privacy, taken initial steps to increase yours and sanitize your online environment, as well as crafted your own threat model, you are ready to start making important technical choices. The tools you'll be using to conduct the activities of your pseudonymous identity are central to the level of privacy and security of that identity, so you want to put great thought into it. Hopefully you have done the hard work already in your threat model, and the correct route you should take here will most likely be obvious. 4 | 5 | So before you jump into the cool stuff and create a new identity, you should decide what hardware and software you'll be using. 6 | 7 | ## What Smartphone to Use? 8 | 9 | This is a choice that depends on many different aspects. But most importantly, you need to consider your threat model. 10 | 11 | A team of researchers of Johns Hopkins University published a [report](https://securephones.io/) that goes in depth into the _security_ of smartphones. The team compared the advertised security efforts of both iPhone and Android phones, mainly seeking to determine what security measures in these phones prevent unauthorized access to user data and how third parties may be able to bypass these measures. A summary of the report's main findings are below. It can help resolve the common arguments about whether iPhone or Android provides better security and privacy. 12 | 13 | ### iOS 14 | 15 | Main findings: 16 | 17 | - iCloud is a big vulnerability. When Apple's cloud backup services are enabled for an end-to-end encrypted app, if iCloud is used that encryption is compromised. 18 | - Encryption keys are not evicted from the device's memory when the phone is locked, only when it is turned off, leaving it vulnerable to exploits while locked but on. 19 | - Passcode guessing attacks are often feasible using a tool called GrayKey. 20 | 21 | More details: 22 | 23 | - iPhones are widely used, so it is highly valuable to seek exploits on iPhones. 24 | - Apple software and technical modifications are centralized, so the user can never be sure their device is not vulnerable. 25 | - iOS 14 introduced some privacy control features, but they focus on ensuring privacy against app developers only. That is a meaningful step, but those features do not protect against the phone itself. 26 | - iCloud _backup_ data is vulnerable, since Apple has the keys. This includes: app data, Apple Watch backups, device settings, home screen and app organization, iMessage, SMS, MMS, photos, videos, purchase history from Apple services, and ringtones. 27 | - iCloud data accessible to Apple includes: Safari history and bookmarks, calendars, contacts, find my iPhone, iCloud Drive, messages in iCloud, Notes, photos, reminders, Siri shortcuts, voice memos, wallet passes. 28 | - iCloud data that is end-to-end encrypted includes: Apple card transactions, home and health data, iCloud Keychain, Maps data, memoji, payment information, quicktype keyboard vocabulary, screen time, Siri information. 29 | 30 | Conclusion: 31 | 32 | "With sufficient time, money, and fortunate circumstance (e.g. capturing a phone in an after first unlock (AFU) state), law enforcement agents can typically extract significant (if not all) personal data from modern iOS devices, despite Apple's claims around user privacy. This is exacerbated by Apple's failure to widely deploy Complete Protection over user data, and its failure to more broadly secure cloud services. (particularly, in the decision to store cloud authentication tokens in AFU). These facts combine to offer extensive access to law enforcement agents, rogue governments, and criminals." 33 | 34 | Therefore, although there are strong protections in place for Apple iPhones, these are mostly security ones, apart from the recently introduced privacy features in iOS 14. But even then, they don't guard against the phone itself, which we can never be certain is not compromised. However, if one is using an iPhone for any reason, they are fairly well guarded against remote attacks if they _disable iCloud completely_. But the device will still be vulnerable if the attacker have it in their hands, due to the availability of encryption keys in memory and the fact that those keys are not evicted on locking the phone –– only on turning it off. 35 | 36 | ### Android 37 | 38 | The report also researched Android phones. 39 | 40 | Main findings: 41 | 42 | - Android has an auto-backup feature for all apps as default that is not encrypted. Developers have to explicitly and deliberately opt out of that and opt into end-to-end encrypted backups. 43 | - Android involves the coordination of many different companies, which means a large attack surface. 44 | - Native apps do not provide end-to-end encryption and there is extensive usage of Google services, which do not use end-to-end encryption. 45 | - Decryption keys remain in memory at all times AFU, making them vulnerable to capture. 46 | 47 | Conclusion: 48 | 49 | "The primary takeaway from this discussion is that there are many techniques to bypass user data protections on Android. Lacking an analogue to iOS Complete Protection, decryption keys for user data remain available in memory at all time after the first unlock of the device; live extraction then becomes a question of breaking security controls instead of breaking cryptography or hardware. Additionally, the extent of Google's data collection affords law enforcement and rogue actors alike considerable user data, acquirable either through the legal system or through a device bypass." 50 | 51 | ### Pick Your Mobile OS 52 | 53 | A good rule of thumb is to favor free and open source software (FOSS), which Android at its core _is_; however, the intensive data harvesting practices of Google undermine many of its benefits. The main issue with Android therefore lies in Google and its mandatory services, a default on Android devices. In that sense, using iPhone with the least of Apple services enabled, as well as opting out of iCloud _completely_, should provide increased security, and also increased privacy, in comparison. 54 | 55 | However, there _is_ a possibility to "de-Google" an Android device. Popular FOSS solutions exist to harden an Android phone, removing Google services and bringing encryption as a standard. Two notable ones are [CalyxOS](https://calyxos.org/) and [GrapheneOS](https://grapheneos.org/). 56 | 57 | GrapheneOS is a FOSS project that is constantly maintained, has a high user base, and provides very good privacy and security assurances compared to regular Android and iOS. However, it has some tradeoffs. More notably, some apps that need Google services enabled might not work. Below are two links for reference; research and decide if the tradeoffs are worth it for your identity. 58 | 59 | * Features overview: [https://grapheneos.org/features](https://grapheneos.org/features) 60 | * Anonymous Phone Update by the Privacy Security & OSINT Podcast with Michael Bazzell: [part one](https://soundcloud.com/user-98066669/232-anonymous-phone-update-part-i), [part two](https://soundcloud.com/user-98066669/233-anonymous-phone-update-parts-ii-iii). 61 | 62 | ## What Computer to Use? 63 | 64 | Choosing the right computer to use is very important. Generally, you should apply compartmentalization here and use a dedicated computer for your advocacy needs, and again, choose a free and open source software (FOSS) solution. But your setup can vary based on your specific needs. 65 | 66 | Below are the different routes you can take based on their required dedication of time, money, effort, and skill level, from the least to the most demanding. Have your threat model be the primary consideration you take into account for selecting a route, however, instead of effort or time. If you get slacky and choose an easier route, but one that doesn't fulfill your threat model entirely, you'll soon find some of your assets or your identity entirely in trouble. Be careful and choose wisely! 67 | 68 | ### Basic Setup - Tor Browser 69 | 70 | You should use the Tor Browser for your pseudonymous identity activities only if you have absolutely _no time, no money, no technical skills, no effort to allocate, and very limited resources_. 71 | 72 | The reason is that it will provide the smallest level of protection for you; but it is also the easiest to use, as you would not need to purchase any additional hardware. You can simply use the computer you already have, install Tor Browser in it, and use that for your advocacy needs. 73 | 74 | But beware of the shortcomings of this setup too, notably the limited protection it will give you. Tor usage can be deanonymized based on your non-Tor usage and behaviors, so keep that in mind. This route might make sense depending on your threat model, but _is not recommended._ 75 | 76 | ### Good Setup - Live Tails 77 | 78 | An improved setup is to compartmentalize _partially_ and flash [Tails](https://tails.boum.org/index.en.html) in a USB drive for usage with the laptop or computer you already have and use with your real-world identity. This route is suggested if you have some amount of time and learning motivation but limited resources and can't purchase a dedicated laptop. 79 | 80 | Tails will route all traffic through the Tor anonymity network as well as strictly compartmentalize storage, getting rid of all data when you turn it off (if in Amnesia mode). 81 | 82 | Although [not perfect](https://tails.boum.org/doc/about/warnings/index.en.html), Tails can help you [protect your digital life from censorship and surveillance](https://tails.boum.org/about/index.en.html) in a somewhat easy way. You can setup a Tails USB stick to temporarily turn your computer into a secure machine or stay safe while using the computer of somebody else. 83 | 84 | If you use Tails exclusively for your new identity's needs, and your regular OS for your real identity, your setup would be considerably secure and private. But if used on a compromised machine, for instance, a computer with viruses or malicious hardware, Tails won't _always_ be able to protect you. Considering how difficult it can be to spot some malicious software and hardware in a given device, physical compartmentalization is always a better choice! 85 | 86 | ### Best Setup - Dedicated Laptop 87 | 88 | A better but more expensive setup is to have one computer exclusively for each use case. This setup will only work if you don't mix identities with use cases and devices, however, because behavior patterns can still be used to deanonymize your Tor usage. Also, higher time, effort, and technical dedication are required in this setup. 89 | 90 | _This setup is encouraged and should be sufficient for most people, including human rights activists._ 91 | 92 | Here, you'll use two laptops: one for your real-world identity, and one for your pseudonymous identity. The former can run whichever operating system you'd like, so as long as you abide by the general habits suggested in [1.2: Basic Steps to Regain Online Privacy](01_2_regain_privacy.md). The latter, however, needs to be run in a privacy and security enforcing OS, such as Tails, Qubes, or Whonix. 93 | 94 | #### Tails 95 | 96 | If your budget allows it, you might want to purchase a dedicated laptop to use for your sensitive activities over Tor on Tails. You can purchase a used business laptop for cash and install Tails on it for increased privacy and security at lower costs. 97 | 98 | You can also buy a used MacBook Air from 2012 or 2013 for cheap, reset it, and [harden it for increased security and privacy](https://github.com/drduh/macOS-Security-and-Privacy-Guide); then you can use it more safely with Tails. 99 | 100 | Just make sure you only use this computer for the very specific set of activities your identity needs. 101 | 102 | #### Whonix or Qubes OS 103 | 104 | The reason for having these two operating systems separately here is because of the increased hardware and system requirements they have. Both [Whonix](http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/) and Qubes OS are more demanding to the machine they run on, so you'd need a bigger budget –– and more time and effort –– to set it up. 105 | 106 | Also reference [this comparison](https://www.whonix.org/wiki/Comparison_with_Others) (onion site [here](http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Comparison_with_Others)) to judge which system would be better for your specific case. 107 | 108 | ### Pick Your Computer Setup 109 | 110 | The golden rule of computer usage is compartmentalization. You should never mix use cases in the same device. However, the level of effort and money you'll apply on that will depend on your threat model. 111 | 112 | Using Tails on a dedicated laptop is likely to suffice for most use cases, including if you are a human rights activist facing censorship or restrictions from developing countries or mid-tier entities, and it gives you the most assurances for the lower price. 113 | 114 | For further information on how to protect your identity and achieve online anonymity, I recommend you take a careful look at [The Hitchhiker's Guide to Online Anonymity](http://thgtoa7imksbg7rit4grgijl2ef6kc7b56bp56pmtta4g354lydlzkqd.onion/guide.pdf), as it discusses technical routes with greater detail. 115 | 116 | Once you have decided the technology you'll be using going forward, you're ready to [Create Your New Identity](03_2_create_identity.md). -------------------------------------------------------------------------------- /03_2_create_identity.md: -------------------------------------------------------------------------------- 1 | # 3.2: Create Your New Identity 2 | 3 | After you have taken basic yet important steps to increase present privacy, carefully thought about your threat model, and identified where and how you can harden your privacy and security, you can begin the identity creation process. 4 | 5 | It is important to define the _scope_ of your new identity. As you've completed the steps above, think about how your identity will interact with the world. More precisely, what will your identity do, through which mediums, with which tools, and when? Having that clear (and often written down) will help you along the way to prevent you from getting distracted. 6 | 7 | For the following steps, use the setup you selected in [3.1: Technical Choices](03_1_technical_choices.md). At the very least, use the Tor Browser going forward in an internet connection that is not your home's and that has no video footage. All the following steps will assume you're using Tor. 8 | 9 | > **Note:** The following steps seem small and simple, however, it may take you a considerable amount of time to go through each one. _You should take your time to complete them right!_ Each tip or mention is worth considering and going through, so be calm and do it right rather than quick. 10 | > 11 | > **On downloads:** Always download through Tor, and always verify your downloads. Below download buttons for software products there is usually a "Verify Signature" or "GPG signature" little icon (or something similar). _Always click on that and go through the steps to verify your download_, otherwise you won't know if you downloaded the correct software or if it was tampered with. Download pages will also usually have instructions on how to verify that download, so follow them through to have it all verified. 12 | 13 | 1. **Get clean bitcoin.** Find ways to put your hands on some clean BTC through [KYC-free sources](https://bitcoinmagazine.com/guides/bitcoin-wallets-for-beginners-part-five-buying-kyc-free-bitcoin). Find more about it and ways to get it [here](http://lq2thd4kcnqvbm6k47qkt2ctzrfd567ewqeowehgqbekesgvn4npcmid.onion/nokyconly/) and [here](https://github.com/cointastical/P2P-Trading-Exchanges/). The Hitchhiker's Guide to Online Anonymity cited in [3.1](03_1_technical_choices.md) also has a section on this. _Take your time to get clean BTC because this is essential to the remainder steps_. Bitcoin itself is _not_ anonymous, but it can be privacy-preserving if you use it with [good practices](https://en.bitcoin.it/Privacy) in mind. 14 | 15 | - Buy it in batches to [_different_ addresses](https://docs.wasabiwallet.io/why-wasabi/AddressReuse.html), because you don't want to deal with change too much, as it can hurt your privacy. 16 | - Use a good wallet such as [Samourai](https://bitcoinmagazine.com/guides/bitcoin-wallets-for-beginners-part-two-how-to-install-samourai) or [Wasabi](http://wasabiukrxmkdgve5kynjztuovbg43uxcbcxn6y2okcrsg7gb6jdmbad.onion/) that uses Tor by default. 17 | - Both wallets above will [enforce some good practices](https://docs.wasabiwallet.io/why-wasabi/) for Bitcoin addresses and transactions, as well as let you [CoinJoin](https://www.samouraiwallet.com/whirlpool) your coins, [increasing your anonymity](https://samouraiwallet.com/privacy) (if you do it right). If you're using Samourai you can also make your spend a CoinJoin to [increase spending privacy](https://bitcoinmagazine.com/guides/how-to-use-stonewallx2-a-privacy-enhancing-bitcoin-transaction-tool-from-samourai-wallet) –– which will be important in the next step. 18 | 2. **Purchase a good VPN service**. Head over to [Mullvad's onion website](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion/en/) and create a new account. This will generate an account number; then, select the amount of time you want to fund your account for and pay with your clean bitcoin. It will help your anonymity to use the full contents of one UTXO for paying Mullvad, because then you wouldn't receive any change. But that may be hard to coordinate, so if not possible to match, just having your change a large amount instead of a negligible one will make it harder for chain analysis companies to spot which is the payment and which is the change. 19 | 20 | - After you have paid, [download](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion/en/download/) the Mullvad app _only_ to the devices your new identity will be using. Note that it may take a while for your account balance to update and see your payment, due to blockchain confirmations, so be patient. 21 | - When Mullvad is fully set up on your devices and working, always connect to it for all of the remaining steps. Also connect to it first, then connect to Tor / Tor Browser. 22 | - You can also go in Mullvad app's `Settings > Advanced > Always Require VPN`, so that if your connection goes down the app will block internet access. 23 | 3. **Pick an email provider**, but don't create your account just yet. [ProtonMail](https://protonmail.com/) is my personal advice, and should be the best choice for most people. But there are other good alternatives as well. You can reference [this page](http://www.privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/providers/email/) for choosing a privacy-preserving email provider that best fits your needs. 24 | 4. **Search for and pick a pronounceable handle.** Whilst doing everything over Tor (connecting to your VPN first), start thinking on what your new identity's name would be like. Focus on readibility, and it should be pronounceable as well. Search for and pick a handle that: 25 | 26 | - Is not already in use by ProtonMail (or the email provider you chose in the previous step). 27 | - Is not already in use by GitHub. 28 | - Is not already in use by Twitter (optional). 29 | - Is not already in use by Gmail (optional). 30 | - Has a cheap domain name available. Use [Namecheap](https://www.namecheap.com/) to search for and buy the domain if you wish to do so, since it accepts bitcoin and has some privacy-preserving features enabled automatically as well as some policies for protecting customer rights. This will be especially useful if you need to set up a website for advocacy, a donation page, or something of the sorts. 31 | 32 | Alternatively, you can use a full name, instead of a simple handle, with more complete personal details to create a _full_ identity (reference [Fake Name Generator](https://www.fakenamegenerator.com/) for help with this). 33 | 5. **Get a new phone number.** You will need it for creating some accounts later on, so do it anonymously if you can: buy a prepaid SIM with cash. That is not possible in some parts of the world, however, since KYC information may be required either to buy it or to set it up. So analyze what is best in your circumstances and considering your threat model. In either case, _do not use your real identity's phone number going forward_. 34 | 35 | - If your budget allows it, also get a new phone. In most cases, and to make your identity's Operational Security (OpSec) easier, you can [buy an affordable Pixel 4a with cash and de-google it](https://bitcoinmagazine.com/guides/how-to-establish-mobile-bitcoin-privacy-with-a-pixel-4a-and-calyxos) with a security- and privacy-conscious OS, such as Graphene or Calyx. But that may be hard to find in some areas or your skill level may not be there yet, so reference the Android-iOS discussion fleshed out in [3.1](03_1_technical_choices.md) to decide if you haven't already. 36 | 6. **Buy a WebAuthN key** (SmartCard) [for security](https://security.stackexchange.com/questions/38924/how-does-storing-gpg-ssh-private-keys-on-smart-cards-compare-to-plain-usb-drives). Purchase a [YubiKey](https://www.yubico.com/products/yubikey-hardware/) in person with cash. You can find resellers near you in their website. If there are none, adjust and purchase by revealing the least amount of personal information you can; notably, you can use a private mail box to prevent disclosing your home address. 37 | 7. **Create your email account.** Go to the email provider you selected and create your email account. If they have an onion hidden service, Tor Browser will automatically redirect you so maybe wait a minute after the site has loaded to begin the account creation process. 38 | 8. **Generate new GPG keys.** Remember to use your pseudonymous handle and its email as your key's user ID. 39 | - Follow [this guide](https://github.com/drduh/YubiKey-Guide) for creating your own keys and establishing a hardened setup with your new YubiKey. 40 | - Alternatively, if technical skills become a bottleneck, save your YubiKey for later and have your email provider create GPG keys for you (ProtonMail supports this). Although not perfect, it is functional and may be acceptable for some threat models –– and you can generate a new GPG keypair for your identity later when you're more comfortable using it. 41 | 9. **Create your GitHub account.** Of course, this assumes you'll need a GitHub account; if you won't, you may skip it. But it doesn't hurt to create one, as you might need it some day. So, [create one](https://github.com/), at least for securing your handle. 42 | 43 | - [Add your GPG key to your GitHub account](https://github.com/BlockchainCommons/Secure-Development-Setup-macOS/blob/master/gpg-with-github.md). 44 | 10. **[Optional] Create other accounts.** Your new identity might need additional accounts depending on its required activities. Go ahead and create them. Remember to use VPN and Tor for everything and provide the least amount of private information possible. Most service providers will prompt you for _many_ pieces of information but most of it is not _truly necessary_ for account creation. Just beware of that and create it attentively. 45 | 46 | - Note: some of your identity needs can be accomplished with similar, more private and secure tools than mainstream ones. For example, you might need a document editing tool and Google Docs might jump out in your head as the go-to service, but often you could use CryptPad instead. Refer to [Privacy Tools](http://www.privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion/) every time you realize you need to sign up for a new service and evaluate if there's a more private alternative that suits your needs. 47 | 48 | Phew! If you performed each and every step with caution and attention, your new identity should now be set and ready to be used. You have a pronounceable handle, a new phone number, an email address, maybe a domain, GPG keys, a YubiKey, and a GitHub account with GPG-commit signing enabled. 49 | 50 | Now, move on to discover the correct ways for you to [Operate Your New Identity](03_3_operate_identity.md). -------------------------------------------------------------------------------- /03_3_operate_identity.md: -------------------------------------------------------------------------------- 1 | # 3.3: Operate Your New Identity 2 | 3 | Before you start doing all the good things with your new identity, you should consider some best practices. Key habits can be the difference between ensuring long term success of your identity and having it fail and be uncovered. 4 | 5 | Your main goal while operating your pseudonymous identity should be to prevent having it be linked back to your real-world identity, because if that happens then all your work goes to waste. There are many techniques you can use to ensure that to the best of your ability, but that can vary depending on your specific circumstances. 6 | 7 | Read more about [privacy](https://www.eff.org/issues/privacy) and [anonymity](https://www.eff.org/issues/anonymity) to become more aware of the different ways adversaries may be able to threaten them. Also beware and grow accustomed to some basic security best practices for defending yourself: 8 | 9 | - [Create secure passwords](https://ssd.eff.org/en/module/animated-overview-how-make-super-secure-password-using-dice) (some complementary thoughts on strong passwords [here](https://ssd.eff.org/en/module/creating-strong-passwords)). 10 | - [Use a password manager](https://ssd.eff.org/en/module/animated-overview-using-password-managers-stay-safe-online). 11 | - Enable two-factor authentication and [use your YubiKey](https://www.wired.com/story/how-to-use-a-yubikey/). 12 | - [Mind your communications](https://ssd.eff.org/en/module/communicating-others). 13 | 14 | Generally, however, since the main goal is to avoid links to your real identity, you should focus on _compartmentalization_. The level to which you commit to compartmentalizing parts of your life will, again, depend on your available time, skills, and budget. 15 | 16 | The best case scenario, which you should strive for, is to have one separate device for each activity. That entails having one mobile device, one laptop, one phone number, one YubiKey (mabe here you'd want to have a second one as backup), and one of each device you might need for your pseudonymous identity –– and use them only for that single identity! Need a new identity? Then you'd need new devices. 17 | 18 | But that is often not feasible, and rather than quitting it altogether, you should start small and build your way to the top. Striving for perfection is good if it means stimulating you to improve, but it can quickly become detrimental if it stops you from acting. Therefore, start with the good rather than the perfect. 19 | 20 | In either case, you should compartmentalize as much as you realistically can at a given time.If you currently can't buy a new smartphone for your new identity, you can at least grab a new phone number, which is fairly cheap in most places, and a new VPN account with a different provider than your real identity's VPN. If your current phone supports two SIMs, for instance, you can use both numbers and both VPN accounts, switching VPN connections every time you need to connect to an app and based on the identity that app is associated with. I know, that can be rather cumbersome, but that's what a lower budget will often require. 21 | 22 | Similarly, if you can't afford a new laptop, you can start by buying a VPN subscription as described previously in the guide and use the Tor Browser. However, that would only suffice for more basic threat models. You might then consider dedicating some time to flashing Tails onto a USB stick and learning the basics of the anonymity live operating system. That will enhance your setup right away, as Tails will enforce many best practices for you. 23 | 24 | However, you _always_ need to remember that all these tools are [not perfect](https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting) and that you might still be at risk. For instance, [Tor can do little for you if you use it wrong](https://www.torproject.org/download/download.html.en#Warning). It currently goes beyond the scope of this guide to discuss why and provide some steps one could take to mitigate it, but here are some [good and thorough guidelines (really read this!)](https://security.stackexchange.com/a/43485). If you're more inclined to academic research, reference [Free Haven's Selected Papers in Anonymity](http://7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion/anonbib/index.html). 25 | 26 | ## Conclusion 27 | 28 | If you've come so far, congratulations, you are now conscious about the importance of privacy, have taken steps to protect yours, developed a threat model, created a new identity, and has been briefed on how to properly operate it. 29 | 30 | This guide is an on-going project, so if you think there's areas on which it can be improved, open an [issue](https://github.com/BlockchainCommons/Pseudonymity-Guide/issues) or [contribute](https://github.com/BlockchainCommons/Pseudonymity-Guide/blob/master/CONTRIBUTING.md). 31 | 32 | To support the development of this project, and other BlockchainCommons projects, consider sponsoring us with a one-time grant through our [BTCPay Server](https://btcpay.blockchaincommons.com/) and let us know "Pseudonymity Guide" was the reason why. Alternatively, consider becoming a [sustaining sponsor on GitHub](https://github.com/sponsors/BlockchainCommons). -------------------------------------------------------------------------------- /CLA-signed/CLA.namcios.55A24BE0AEE5DB4152C6A4108E3A368317269AB4.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP SIGNED MESSAGE----- 2 | Hash: SHA256 3 | 4 | # Contributor License Agreement 5 | 6 | Version 1.0 7 | 8 | Name: Namcios 9 | 10 | E-Mail: namcios@protonmail.com 11 | 12 | Legal Jurisdiction: Wyoming, United States of America 13 | 14 | Project: https://github.com/BlockchainCommons/bc-lethe-kit 15 | 16 | Date: 26 July 2021 17 | 18 | ## Purpose 19 | 20 | This agreement gives Blockchain Commons, LLC the permission it needs in order to accept my contributions into its open software project and to manage the intellectual property in that project over time. 21 | 22 | ## License 23 | 24 | I hereby license Blockchain Commons, LLC to: 25 | 26 | 1. do anything with my contributions that would otherwise infringe my copyright in them 27 | 28 | 2. do anything with my contributions that would otherwise infringe patents that I can or become able to license 29 | 30 | 3. sublicense these rights to others on any terms they like 31 | 32 | ## Reliability 33 | 34 | I understand that Blockchain Commons will rely on this license. I may not revoke this license. 35 | 36 | ## Awareness 37 | 38 | I promise that I am familiar with legal rules, like ["work made for hire" rules](http://worksmadeforhire.com), that can give employers and clients ownership of intellectual property in work that I do. I am also aware that legal agreements I might sign, like confidential information and invention assignment agreements, will usually give ownership of intellectual property in my work to employers, clients, and companies that I found. If someone else owns intellectual property in my work, I need their permission to license it. 39 | 40 | ## Copyright Guarantee 41 | 42 | I promise not to offer contributions to the project that contain copyrighted work that I do not have legally binding permission to contribute under these terms. When I offer a contribution with permission, I promise to document in the contribution who owns copyright in what work, and how they gave permission to contribute it. If I later become aware that one of my contributions may have copyrighted work of others that I did not have permission to contribute, I will notify Blockchain Commons, in confidence, immediately. 43 | 44 | ## Patent Guarantee 45 | 46 | I promise not to offer contributions to the project that I know infringe patents of others that I do not have permission to contribute under these terms. 47 | 48 | ## Open Source Guarantee 49 | 50 | I promise not to offer contributions that contain or depend on the work of others, unless that work is available under a license that [Blue Oak Council rates bronze or better](https://blueoakconcil.org/list), such as the MIT License, two- or three-clause BSD License, the Apache License Version 2.0, or the Blue Oak Model License 1.0.0. When I offer a contribution containing or depending on others' work, I promise to document in the contribution who licenses that work, along with copies of their license terms. 51 | 52 | ## Disclaimers 53 | 54 | ***As far as the law allows, my contributions come as is, without any warranty or condition. Other than under [Copyright Guarantee](#copyright-guarantee), [Patent Guarantee](#patent-guarantee), or [Open Source Guarantee](#open-source-guarantee), I will not be liable to anyone for any damages related to my contributions or this contributor license agreement, under any kind of legal claim.*** 55 | 56 | - --- 57 | 58 | To sign this Contributor License Agreement, fill in `$name`, `$email`, and `$date` above. Then sign using GPG using the following command `gpg --armor --clearsign --output ./CLA-signed/CLA.YOURGITHUBNAME.YOURGPGFINGERPRINT.asc CLA.md`, then either submit your signed Contributor License Agreement to this repo as a GPG signed Pull Request or email it to [ChristopherA@BlockchainCommons.com](mailto:ChristopherA@BlockchainCommons.com). 59 | -----BEGIN PGP SIGNATURE----- 60 | 61 | iQEzBAEBCAAdFiEEVaJL4K7l20FSxqQQjjo2gxcmmrQFAmD+xxkACgkQjjo2gxcm 62 | mrT5bwf/U/PG3z8UuwpO/wd4Z7t/Lvq3hEM2DLjPAmxC7GtgSBJ9lgsOFnWQOnJJ 63 | LWeRosB13EgfPH29yv21YLqa4Kyh5OnaypxEr4vKztGn1yQA6wmfrslAQ8tbD+/M 64 | KYKfnBxY56qFiLKCM+LKHXEfEo1z5e2OVi2+QC2XSjDRqW/+fQPirYBpynHyCR6p 65 | KxD1GV0DfWWrYMdpCRFq2GvUrTsE6j0/wvPd2I58WQ4FCfQPjgkeorKjBPaj0o33 66 | 1oXw0R3uNPMXOfxStOa7PhvINzLSD1R/ehXqNCnx+mdsJBRHNPdkfdGmArqCaCNO 67 | ofGq8oByF12bwUhtVlHc3xAOqEfjlg== 68 | =eysZ 69 | -----END PGP SIGNATURE----- 70 | -------------------------------------------------------------------------------- /CLA-signed/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/BlockchainCommons/Pseudonymity-Guide/b1201ca9bb07f7d6d4e53db4e54044d7e13f3659/CLA-signed/README.md -------------------------------------------------------------------------------- /CLA.md: -------------------------------------------------------------------------------- 1 | # Contributor License Agreement 2 | 3 | Version 1.0 4 | 5 | Name: `$name` 6 | 7 | E-Mail: `$email` 8 | 9 | Legal Jurisdiction: Wyoming, United States of America 10 | 11 | Project: https://github.com/BlockchainCommons/bc-lethe-kit 12 | 13 | Date: `$date` 14 | 15 | ## Purpose 16 | 17 | This agreement gives Blockchain Commons, LLC the permission it needs in order to accept my contributions into its open software project and to manage the intellectual property in that project over time. 18 | 19 | ## License 20 | 21 | I hereby license Blockchain Commons, LLC to: 22 | 23 | 1. do anything with my contributions that would otherwise infringe my copyright in them 24 | 25 | 2. do anything with my contributions that would otherwise infringe patents that I can or become able to license 26 | 27 | 3. sublicense these rights to others on any terms they like 28 | 29 | ## Reliability 30 | 31 | I understand that Blockchain Commons will rely on this license. I may not revoke this license. 32 | 33 | ## Awareness 34 | 35 | I promise that I am familiar with legal rules, like ["work made for hire" rules](http://worksmadeforhire.com), that can give employers and clients ownership of intellectual property in work that I do. I am also aware that legal agreements I might sign, like confidential information and invention assignment agreements, will usually give ownership of intellectual property in my work to employers, clients, and companies that I found. If someone else owns intellectual property in my work, I need their permission to license it. 36 | 37 | ## Copyright Guarantee 38 | 39 | I promise not to offer contributions to the project that contain copyrighted work that I do not have legally binding permission to contribute under these terms. When I offer a contribution with permission, I promise to document in the contribution who owns copyright in what work, and how they gave permission to contribute it. If I later become aware that one of my contributions may have copyrighted work of others that I did not have permission to contribute, I will notify Blockchain Commons, in confidence, immediately. 40 | 41 | ## Patent Guarantee 42 | 43 | I promise not to offer contributions to the project that I know infringe patents of others that I do not have permission to contribute under these terms. 44 | 45 | ## Open Source Guarantee 46 | 47 | I promise not to offer contributions that contain or depend on the work of others, unless that work is available under a license that [Blue Oak Council rates bronze or better](https://blueoakconcil.org/list), such as the MIT License, two- or three-clause BSD License, the Apache License Version 2.0, or the Blue Oak Model License 1.0.0. When I offer a contribution containing or depending on others' work, I promise to document in the contribution who licenses that work, along with copies of their license terms. 48 | 49 | ## Disclaimers 50 | 51 | ***As far as the law allows, my contributions come as is, without any warranty or condition. Other than under [Copyright Guarantee](#copyright-guarantee), [Patent Guarantee](#patent-guarantee), or [Open Source Guarantee](#open-source-guarantee), I will not be liable to anyone for any damages related to my contributions or this contributor license agreement, under any kind of legal claim.*** 52 | 53 | --- 54 | 55 | To sign this Contributor License Agreement, fill in `$name`, `$email`, and `$date` above. Then sign using GPG using the following command `gpg --armor --clearsign --output ./CLA-signed/CLA.YOURGITHUBNAME.YOURGPGFINGERPRINT.asc CLA.md`, then either submit your signed Contributor License Agreement to this repo as a GPG signed Pull Request or email it to [ChristopherA@BlockchainCommons.com](mailto:ChristopherA@BlockchainCommons.com). 56 | -------------------------------------------------------------------------------- /CODEOWNERS.md: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in this repo. 2 | 3 | * @ChristopherA 4 | * @namcios 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | We love your input! We want to make contributing to this project as easy and transparent as possible, whether it's: 4 | 5 | - Reporting a bug 6 | - Discussing the current state of the code 7 | - Submitting a fix 8 | - Proposing new features 9 | - Becoming a maintainer 10 | 11 | ## We Develop with Github 12 | We use GitHub to host code, to track issues and feature requests, and to accept Pull Requests. 13 | 14 | ## Report Bugs using Github's [issues](https://github.com/briandk/transcriptase-atom/issues) 15 | 16 | If you find bugs, mistakes, or inconsistencies in this project's code or documents, please let us know by [opening a new issue](./issues), but consider searching through existing issues first to check and see if the problem has already been reported. If it has, it never hurts to add a quick "+1" or "I have this problem too". This helps prioritize the most common problems and requests. 17 | 18 | ### Write Bug Reports with Detail, Background, and Sample Code 19 | 20 | [This is an example](http://stackoverflow.com/q/12488905/180626) of a good bug report by @briandk. Here's [another example from craig.hockenberry](http://www.openradar.me/11905408). 21 | 22 | **Great Bug Reports** tend to have: 23 | 24 | - A quick summary and/or background 25 | - Steps to reproduce 26 | - Be specific! 27 | - Give sample code if you can. [The stackoverflow bug report](http://stackoverflow.com/q/12488905/180626) includes sample code that *anyone* with a base R setup can run to reproduce what I was seeing 28 | - What you expected would happen 29 | - What actually happens 30 | - Notes (possibly including why you think this might be happening, or stuff you tried that didn't work) 31 | 32 | People *love* thorough bug reports. I'm not even kidding. 33 | 34 | ## Submit Code Changes through Pull Requests 35 | 36 | Simple Pull Requests to fix typos, to document, or to fix small bugs are always welcome. 37 | 38 | We ask that more significant improvements to the project be first proposed before anybody starts to code as an [issue](./issues) or as a [draft Pull Request](./pulls), which is a [nice new feature](https://github.blog/2019-02-14-introducing-draft-pull-requests/) that gives other contributors a chance to point you in the right direction, give feedback on the design, and maybe discuss if related work is already under way. 39 | 40 | ### Use a Consistent Coding Style 41 | 42 | * We indent using two spaces (soft tabs) 43 | * We ALWAYS put spaces after list items and method parameters ([1, 2, 3], not [1,2,3]), around operators (x += 1, not x+=1), and around hash arrows. 44 | * This is open-source software. Consider the people who will read your code, and make it look nice for them. It's sort of like driving a car: Perhaps you love doing donuts when you're alone, but with passengers the goal is to make the ride as smooth as possible. 45 | 46 | ### Use [Github Flow](https://guides.github.com/introduction/flow/index.html) for Pull Requests 47 | 48 | We use [Github Flow](https://guides.github.com/introduction/flow/index.html). When you submit Pull Requests, please: 49 | 50 | 1. Fork the repo and create your branch from `master`. 51 | 2. If you've added code that should be tested, add tests. 52 | 3. If you've changed APIs, update the documentation. 53 | 4. Ensure the test suite passes. 54 | 5. Make sure your code lints. 55 | 6. Issue that Pull Request! 56 | 57 | ### Submit Under the BSD-2-Clause Plus Patent License 58 | 59 | In short, when you submit code changes, your submissions are understood to be available under the same [BSD-2-Clause Plus Patent License](./LICENSE.md) that covers the project. We also ask all code contributors to GPG sign the [Contributor License Agreement (CLA.md)](./CLA.md) to protect future users of this project. Feel free to contact the maintainers if that's a concern. 60 | 61 | ## References 62 | 63 | Portions of this CONTRIBUTING.md document were adopted from best practices of a number of open source projects, including: 64 | * [Facebook's Draft](https://github.com/facebook/draft-js/blob/a9316a723f9e918afde44dea68b5f9f39b7d9b00/CONTRIBUTING.md) 65 | * [IPFS Contributing](https://github.com/ipfs/community/blob/master/CONTRIBUTING.md) 66 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Unless otherwise noted (either in /README.md or in the file's header comments) the contents of this repository are released under the following license: 2 | 3 | BSD-2-Clause Plus Patent License 4 | 5 | SPDX-License-Identifier: [BSD-2-Clause-Patent](https://spdx.org/licenses/BSD-2-Clause-Patent.html) 6 | 7 | Copyright © 2019 Blockchain Commons, LLC 8 | 9 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 10 | 11 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 12 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 13 | Subject to the terms and conditions of this license, each copyright holder and contributor hereby grants to those receiving rights under this license a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except for failure to satisfy the conditions of this license) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer this software, where such license applies only to those patent claims, already acquired or hereafter acquired, licensable by such copyright holder or contributor that are necessarily infringed by: 14 | 15 | (a) their Contribution(s) (the licensed copyrights of copyright holders and non-copyrightable additions of contributors, in source or binary form) alone; or 16 | (b) combination of their Contribution(s) with the work of authorship to which such Contribution(s) was added by such copyright holder or contributor, if, at the time the Contribution is added, such addition causes such combination to be necessarily infringed. The patent license shall not apply to any other combinations which include the Contribution. 17 | Except as expressly stated above, no rights or licenses from any copyright holder or contributor is granted under this license, whether expressly, by implication, estoppel or otherwise. 18 | 19 | DISCLAIMER 20 | 21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Blockchain Commons Pseudonymity Guide 2 | 3 | 4 | 5 | ### _by [Namcios](https://github.com/namcios) and [Christopher Allen](https://github.com/ChristopherA)_ 6 | 7 | **Pseudonymity Guide** is a tutorial on how to securely create and operate a pseudonymous identity. It is intended to help activists, journalists, and others prevent or evade online stalking, doxxing, harassment, oppression, coercion, or censorship. 8 | 9 | This guide is not meant to help malicious actors perform unethical, criminal, or illicit activities. It is written with the sole purpose of informing good-intentioned individuals, especially human-rights activists, about often-overlooked considerations and risks in online activities. Therefore, it provides insights and actionable steps that you can take to sanitize your online environment and habits. Additionally, this guide offers tips on creating and operating a new identity separate from your real-world identity. 10 | 11 | > **NOTE:** Be aware that this guide currently does not aim to help you guard against highly skilled, highly motivated actors with unlimited resources, for instance, high-profile nation-states or individuals with unlimited resources. In these cases, you'd need tactics that, at the moment, go beyond the scope of this guide. 12 | 13 | Start by reading the introduction below. It provides you with an overview of this guide's sections and their primary goals, the course of action you will take, and the benefits you can expect to gain from this project. 14 | 15 | ## Introduction 16 | 17 | In Section One, you will understand why you need privacy and why it is essential. Privacy is a fundamental human right that precedes many others. This guide will discuss these intricacies and present cases and examples when abuse of individual privacy has led to harsh consequences. Some negative side-effects of neglecting privacy are loss of freedom, less diversity in society, harassment, stalking, identity theft, permanent injuries to personal records or reputation, coercion, blackmail, and sometimes even death. 18 | 19 | The interconnected digital world offers a unique tool for people to communicate, share ideas, and comment on other's developments or projects. Moreover, it can lead to the development of personal connections in the physical world. However, such ease of flow of information also enables people to invade each other's private spaces, often resulting in the aforementioned consequences. Hackers, governments, and motivated entities have a massive amount of online data to exploit, which they can leverage to influence people's behavior without their knowledge or consent. 20 | 21 | This guide hopes that by becoming aware of the ever-increasing pile of data being collected on you and the possible consequences of having it fall into preying hands, you will change your relationship with the internet. More than ever, it is of utmost importance for everyone to think about what personal information they want and don't want to be made public online. 22 | 23 | After you understand all the major moving pieces in online privacy, you will be prompted to think about your threat model in Section Two. The guide will provide you with a basic notion of a threat model, why it is crucial, and how you can develop your own. You can also expect links to resources for further research into the complex topic. A well-defined threat model will prevent you from trying to protect everything from everyone, something that is not achievable nor desirable. Instead, you will have a good understanding of who your adversaries are, what information or assets you need to protect from them, and what actions you can take to enforce your threat model. Clarity on these is paramount to ensuring the success of your advocacy. 24 | 25 | Once you've defined what your threat model looks like, you will be ready to start creating a pseudonymous identity from scratch in Section Three. The benefits of separating your real-world identity from the one you use for your advocacy needs can compound over the long run. Ensuring that every human being can enjoy their dutiful rights is a good action, but one seldom secured by authoritarian regimes. In that case, your ability to shed light on the issues surrounding your community, or even humanity at large, can be empowered and facilitated by the correct use of a pseudonymous identity. 26 | 27 | Before offering a step-by-step guide to creating a new pseudonymous identity, Section Three will discuss the technical choices you need to consider to make that happen securely. Your technical abilities and budget will be leveraged to explain what route you should take regarding a computer and a mobile phone and what software you want to have in them. These choices will tie back to the online privacy questions raised in Section One, as well as to the threat model you created in Section Two. Since human-rights advocacy and activism are increasingly done online, the tools you use to connect to and engage with the internet matter. The correct selection and usage of such devices will play a significant role in the successful safeguarding of your private information and assets from your adversaries. 28 | 29 | Now that you know precisely what issues this guide aims to solve and the ones it doesn't, you can begin to understand why privacy matters in Section One's first file: [Why Is Privacy Important?](01_1_why_privacy.md). You can also reference the table of contents below at any time. 30 | 31 | ## Table of Contents 32 | 33 | **SECTION ONE: PRIVACY** 34 | 35 | - 1.1: [Why Is Privacy Important?](01_1_why_privacy.md) 36 | - 1.2: [Basic Steps to Regain Online Privacy](01_2_regain_privacy.md) 37 | 38 | **SECTION TWO: THREAT MODELING** 39 | 40 | - 2.1: [Define Your Threat Model](02_1_threat_model.md) 41 | 42 | **SECTION THREE: A NEW IDENTITY** 43 | 44 | - 3.1: [Technical Choices for a New Identity](03_1_technical_choices.md) 45 | - 3.2: [Create Your New Identity](03_2_create_identity.md) 46 | - 3.3: [Operate Your New Identity](03_3_operate_identity.md) 47 | 48 | ## Status - Edited 49 | 50 | **Pseudonymity Guide** has been edited but should not be used for production tasks until it has had further testing and auditing. 51 | 52 | ### Roadmap 53 | 54 | August 2021 55 | 56 | - Finish first version of the guide 57 | 58 | September-October 2021 59 | 60 | - [x] Improve organization by separating guide into sections with clear objectives. 61 | - [x] Provide more clarity in README with an intro. What can the reader expect from the guide and what will they gain from it? 62 | - [x] Create "Why Is Privacy Important?" file 63 | - [x] Break up "Privacy Basics" into more granular files (steps to regain privacy, threat modeling, technology choices, etc.) 64 | 65 | ## Origin, Authors, Copyright & Licenses 66 | 67 | Unless otherwise noted (either in this [/README.md](./README.md) or in the file's header comments) the contents of this repository are Copyright © 2021 by Blockchain Commons, LLC, and are [licensed](./LICENSE) under the [spdx:BSD-2-Clause Plus Patent License](https://spdx.org/licenses/BSD-2-Clause-Patent.html). 68 | 69 | In most cases, the authors, copyright, and license for each file reside in header comments in the source code. When it does not, we have attempted to attribute it accurately in the table below. 70 | 71 | This table below also establishes provenance (repository of origin, permalink, and commit id) for files included from repositories that are outside of this repo. Contributors to these files are listed in the commit history for each repository, first with changes found in the commit history of this repo, then in changes in the commit history of their repo of their origin. 72 | 73 | | File | From | Commit | Authors & Copyright (c) | License | 74 | | --------- | ------------------------------------------------------------ | ------------------------------------------------------------ | ------------------------------------------------------ | ----------------------------------------------------------- | 75 | | exception-to-the-rule.c or exception-folder | [https://github.com/community/repo-name/PERMALINK](https://github.com/community/repo-name/PERMALINK) | [https://github.com/community/repo-name/commit/COMMITHASH]() | 2020 Exception Author | [MIT](https://spdx.org/licenses/MIT) | 76 | 77 | ## Financial Support 78 | 79 | **Pseudonymity Guide** is a project of [Blockchain Commons](https://www.blockchaincommons.com/). We are proudly a "not-for-profit" social benefit corporation committed to open source & open development. Our work is funded entirely by donations and collaborative partnerships with people like you. Every contribution will be spent on building open tools, technologies, and techniques that sustain and advance blockchain and internet security infrastructure and promote an open web. 80 | 81 | To financially support further development of Pseudonymity Guide and other projects, please consider becoming a Patron of Blockchain Commons through ongoing monthly patronage as a [GitHub Sponsor](https://github.com/sponsors/BlockchainCommons). You can also support Blockchain Commons with bitcoins at our [BTCPay Server](https://btcpay.blockchaincommons.com/). 82 | 83 | ## Contributing 84 | 85 | We encourage public contributions through issues and pull requests! Please review [CONTRIBUTING.md](./CONTRIBUTING.md) for details on our development process. All contributions to this repository require a GPG signed [Contributor License Agreement](./CLA.md). 86 | 87 | ### Discussions 88 | 89 | The best place to talk about Blockchain Commons and its projects is in our GitHub Discussions areas. 90 | 91 | [**Blockchain Commons Discussions**](https://github.com/BlockchainCommons/Community/discussions). For developers, interns, and patrons of Blockchain Commons, please use the discussions area of the [Community repo](https://github.com/BlockchainCommons/Community) to talk about general Blockchain Commons issues, the intern program, or topics other than those covered by the [Gordian Developer Community](https://github.com/BlockchainCommons/Gordian-Developer-Community/discussions) or the 92 | [Gordian User Community](https://github.com/BlockchainCommons/Gordian/discussions). 93 | 94 | ### Other Questions & Problems 95 | 96 | As an open-source, open-development community, Blockchain Commons does not have the resources to provide direct support of our projects. Please consider the discussions area as a locale where you might get answers to questions. Alternatively, please use this repository's [issues](./issues) feature. Unfortunately, we can not make any promises on response time. 97 | 98 | If your company requires support to use our projects, please feel free to contact us directly about options. We may be able to offer you a contract for support from one of our contributors, or we might be able to point you to another entity who can offer the contractual support that you need. 99 | 100 | ### Credits 101 | 102 | The following people directly contributed to this repository. You can add your name here by getting involved. The first step is learning how to contribute from our [CONTRIBUTING.md](./CONTRIBUTING.md) documentation. 103 | 104 | | Name | Role | Github | Email | GPG Fingerprint | 105 | | ----------------- | ------------------- | ------------------------------------------------ | ------------------------------------- | -------------------------------------------------- | 106 | | Christopher Allen | Principal Architect | [@ChristopherA](https://github.com/ChristopherA) | \ | FDFE 14A5 4ECB 30FC 5D22 74EF F8D3 6C91 3574 05ED | 107 | | Namcios | Lead Author | [@namcios](https://github.com/namcios) | \ | 55A2 4BE0 AEE5 DB41 52C6 A410 8E3A 3683 1726 9AB4 | 108 | 109 | ## Responsible Disclosure 110 | 111 | We want to keep all of our software safe for everyone. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. We are unfortunately not able to offer bug bounties at this time. 112 | 113 | We do ask that you offer us good faith and use best efforts not to leak information or harm any user, their data, or our developer community. Please give us a reasonable amount of time to fix the issue before you publish it. Do not defraud our users or us in the process of discovery. We promise not to bring legal action against researchers who point out a problem provided they do their best to follow the these guidelines. 114 | 115 | ### Reporting a Vulnerability 116 | 117 | Please report suspected security vulnerabilities in private via email to ChristopherA@BlockchainCommons.com (do not use this email for support). Please do NOT create publicly viewable issues for suspected security vulnerabilities. 118 | 119 | The following keys may be used to communicate sensitive information to developers: 120 | 121 | | Name | Fingerprint | 122 | | ----------------- | -------------------------------------------------- | 123 | | Christopher Allen | FDFE 14A5 4ECB 30FC 5D22 74EF F8D3 6C91 3574 05ED | 124 | 125 | You can import a key by running the following command with that individual’s fingerprint: `gpg --recv-keys ""` Ensure that you put quotes around fingerprints that contain spaces. 126 | --------------------------------------------------------------------------------