├── .gitignore ├── Assets └── overview.png ├── README.md ├── Scripts ├── Section 1 │ ├── 1_ Welcome! First Words.._.md │ ├── 2_ Why Should You Care_.md │ ├── 3_ Security vs Privacy.md │ ├── 4_FOSS.md │ ├── 5_ Metadata.md │ ├── 6_ The Convenience Line.md │ └── 7_ Supporting This Course.md ├── Section 2 │ ├── 1_ Section 2 Introduction.md │ ├── 2_ Minimalism_.md │ ├── 3_ Erasing Your Local Identity.md │ ├── 4_ Erasing Your Online Identity.md │ └── 5_ Section 2 Finale.md ├── Section 3 │ ├── 10. Browser Uniqueness.md │ ├── 11_ Proxies _ VPNs.md │ ├── 12_ Antiviruses _ Malware.md │ ├── 13_ File Deletion.md │ ├── 14_Storage _ Encryption.md │ ├── 15_ Safe Communication.md │ ├── 16_ Section 3 Finale.md │ ├── 1_ Section 3 Introduction.md │ ├── 2_Stay Updated!.md │ ├── 3_ Permissions _ Settings.md │ ├── 4. Passwords.md │ ├── 5_ Two-Factor Authentication.md │ ├── 6_ Search Engines.md │ ├── 7_ Your Browser.md │ ├── 8_ Hardening Your Browser.md │ └── 9_ Your Browsing Habits.md ├── Section 4 │ ├── 1_ Section 4 Introduction.md │ ├── 2_ Deskop Operating Systems.md │ ├── 3_ Mobile Operating Systems.md │ ├── 4_ Expendable Operating Systems.md │ ├── 5_ Tor.md │ ├── 6_ Cryptocurrencies...True Anonymity_.md │ ├── 7_ Audits.md │ └── 8_ Section 4 Finale.md ├── Section 5 │ ├── 1_ Section 5 Introduction.md │ ├── 2_ The Basics.md │ ├── 3_ MAC.md │ ├── 4_ Networking.md │ ├── 5_ Radios.md │ ├── 6_ Device Separation.md │ └── 7_ Section 5 Finale.md ├── Section 6 │ ├── 10_ Section 6 Finale.md │ ├── 1_ Section 6 Introduction.md │ ├── 2_ Who Can You Trust_.md │ ├── 3_ Minimizing Data Access.md │ ├── 4_ Anonymization _ Pseudonymization.md │ ├── 5_ Shopping Safely.md │ ├── 6_ Lifestyle Changes.md │ ├── 7_ Pre-configured Hardware _ Software.md │ ├── 8_ Downsides to Safety.md │ └── 9_ Becoming an Activist.md └── Section 7 │ ├── 1_ Course Summary.md │ └── 2_ Congratulations!.md ├── changes.md ├── premium-improvements.md └── sources.md /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store -------------------------------------------------------------------------------- /Assets/overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/techlore/go-incognito/189d7dcb23a707b7136d1afed50cb129c6380e97/Assets/overview.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Go Incognito: A Guide to Security, Privacy, & Anonymity 2 |

3 | 4 |

5 | 6 | **IMPORTANT UPDATE: Go Incognito is now officially a project we will continue to support for future iterations. We are currently [in the process](https://dispatch.techlore.tech/i/116795784/go-incognito-v) of planning & producing a V2 to the project. A free variant will remain, and all current premium students will be auto-enrolled in future iterations for life. [To view more information and to leave us feedback on what to improve, visit here.](https://discuss.techlore.tech/t/go-incognito-fans-we-need-your-feedback-for-a-v2/1830)** 7 | 8 | Go Incognito is a video-based course teaching users of varying experience levels about privacy, security, and anonymity. It’s a core part of the Techlore mission to educate users and transform their mindset of why, where, when, and how to treat their personal information. Go Incognito is available free to watch, is shareable to the public through a Creative Commons license, and features a premium version with serveral perks - also functioning as a support method for the course. 9 | 10 | Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. 11 | 12 | ## Navigating Go Incognito 13 | - [Watch Go Incognito Now For Free](https://techlore.tech/goincognito) 14 | - [Enroll in the Premium Version Now](https://techlore.teachable.com/p/go-incognito) 15 | - All scripts have been completed since summer, 2018. You'll find them [here.](https://github.com/techlore-official/go-incognito/tree/master/Scripts) 16 | - The [changelog](https://github.com/techlore-official/go-incognito/blob/master/changes.md) accounts for changes. Things change, but so can the changelog. Premium Go Incognito implements many of the changes through 2021 as it was produced most recently. 17 | - The sources used in each lesson are [available here.](https://github.com/techlore-official/go-incognito/blob/master/sources.md) 18 | 19 |

20 | 21 |

22 | 23 | ## Premium Perks & Improvements 24 | - No ads, promos, or video outros 25 | - Hundreds of video production improvements. [View them here](https://github.com/techlore-official/go-incognito/blob/master/premium-improvements.md) 26 | - Updated to reflect 2021 changes 27 | - Course quizzes 28 | - Downloadable resources, guides, checklists & more 29 | - Tight-knit course community where you interact with other students 30 | - Ability to contact myself, your instructor 31 | - Certificate to show-off Go Incognito completion 32 | - Polished experience in a dedicated portal to access and track progress from a single place 33 | 34 | ## Contributing to Go Incognito 35 | There are several ways you can support this initiative, here are the main methods: 36 | - [Purchasing the premium course](https://techlore.teachable.com/p/go-incognito) 37 | - Directly donating to our channel through Patreon, Liberapay, Monero, or other support methods [found here.](https://techlore.tech/support) 38 | - Sharing the course with your friends and family. It's friendly to both beginners and advanced users alike. 39 | - Spreading the course to different communities around the internet. 40 | - Uploading the free course to a platform of your choice. Because the free course is licensed under Creative Commons, go for it! Assuming: A) It's unmodified B) It's unmonetized and C) Techlore is credited. Premium is not under CC. 41 | -------------------------------------------------------------------------------- /Scripts/Section 1/1_ Welcome! First Words.._.md: -------------------------------------------------------------------------------- 1 | # Welcome! First Words... 2 | 3 | Hello future privacy and security advocates, and welcome to Go Incognito, a 4 | course teaching you how to be secure and private in our modern-day world. This 5 | is a pretty big number **1,946,181,599** Well, it’s the total number of records 6 | containing personal and other sensitive data that have been compromised 7 | between January 1st, 2017--and March 20, 2018. Pretty crazy stuff that we will learn 8 | how to prevent through the course! 9 | 10 | 11 | My name is Henry, and I am a privacy and security enthusiast. Since 2014, I’ve 12 | been running a YouTube channel called Techlore, where we have a community 13 | covering topics like VPNs, Tor, encryption, and other security and privacy 14 | tutorials. 15 | 16 | 17 | My goal with the channel, and especially this course, is to make more and more 18 | people around the world aware and educated in taking control of their privacy 19 | and security. Not only should this information be easy to follow and implement, 20 | but it should be accessible. This course brings both of those things to the table. 21 | So what are we going to cover? Well, just about everything you need to know 22 | about how you’re tracked online, how your information is shared, all the 23 | techniques required to take back your digital privacy, how you can properly 24 | secure all of our data, prevent identity theft and hacks, and lastly, how to get as 25 | close to anonymous as we possibly can. All of this information will help keep you 26 | safe from websites, people you know, strangers, and everyone in between. 27 | Now it’s easy for me to tell you that’s all that’ll be covered and it’s easy to follow 28 | along, but the truth is each of these topics requires a lot of information and a lot 29 | of work on your end. Luckily, I’ve condensed everything you need to know, in the 30 | shortest and most concise manner possible to make it easy for everyone to 31 | follow, no matter your previous experience. 32 | 33 | 34 | Here’s what you can expect: There are 7 sections, each focusing on a general 35 | topic, and individual lessons within each section narrowing down on specific 36 | things you need to know. Anytime I reference something inside of a lesson, you’re 37 | going to see a number on the screen, which corresponds to the PDF I have on the 38 | course’s page on my website with all of my sources. You should continually check 39 | that webpage because there will also be a changelog, where I will update and 40 | change any information in the future since privacy and security is 41 | always-changing. 42 | 43 | 44 | This version of the course is the free version, which gives you the same exact 45 | information as the premium version, but there will be advertisements, and you will 46 | be missing out on the quizzes, checklists, certificates, and other perks. You can 47 | find the premium version with all of those benefits on Udemy. You will also be 48 | able to view and download this entire course for free through my website. 49 | Thank you in advance for purchasing the premium version of this course. It’s 50 | been a long journey to make this happen and your support means so much to 51 | me. Throughout the ad-free course, you’ll find quizzes, tests, checklists, scoring 52 | methods, and lots of other perks only available to you. If you want to view the free 53 | version of the course it can be found on the course’s website, my channel, on 54 | several file-hosting services, and its own torrent. 55 | 56 | 57 | Before wrapping things up, I do want to leave a few disclaimers: 58 | 59 | 1. As I mentioned, things change. Projects shut down, technology improves, 60 | and new methods of doing certain tasks are created. The website and my 61 | channel will continually push out changes for any information when 62 | needed. Please contact me if you think something should be added to the 63 | changelog. 64 | 65 | 2. This course is not created for illegal purposes. This is not what privacy and 66 | security is about, and it’s important that people aren’t breaking the law, 67 | furthering the incorrect association with privacy and security and criminal 68 | activities. 69 | 70 | 3. Lastly, know that you can build the world’s largest fortress, but at the end 71 | of the day, anyone with enough time and resources can succeed in 72 | breaking into your life. Our goal is to make this as humanly difficult as 73 | possible, or near impossible. No one is truly private, secure and 74 | anonymous, but we can work towards it. 75 | 76 | 77 | So that’s it for the introduction! It’s an absolute pleasure to have the opportunity 78 | to be here, and I want to welcome you on your new journey. Thank you for tuning 79 | in, I will see you all in the first lesson, going through why you should care. Best of 80 | luck in advance with your new digital lives. 81 | -------------------------------------------------------------------------------- /Scripts/Section 1/3_ Security vs Privacy.md: -------------------------------------------------------------------------------- 1 | # Security vs Privacy 2 | 3 | One of the biggest digital misconceptions, which I still fall victim to, is confusing 4 | security and privacy. These are two very different concepts, and although they 5 | typically can be associated with each other, it’s entirely possible to be secure, but 6 | not private, and vice-versa. So let’s break these down now, so that later in the 7 | course, you, the viewer, will understand what it means when I say something is 8 | meant to improve your privacy, but not your security. 9 | 10 | Security can be simply defined as how you protect yourself and your data. Do 11 | you have a password on your phone? Do you encrypt your hard drives? Do you 12 | use an antivirus? Well these are all important security measures that keep your 13 | personal data safe and out of hands of people who shouldn’t have it. 14 | 15 | Privacy, on the other hand, is any information that can be tied to your personal 16 | identity. Just because something is secure, doesn’t mean that people can’t collect 17 | any of your personal information. 18 | 19 | *(Hold Book)* Let me give you some stories to make this easier to understand: 20 | 21 | Let’s say you’re dating someone, and they go psychopath on you. They break 22 | your car, they wreck your house, it’s just a bad situation. You go to court to claim 23 | the damage: when you walk in, you’re going to notice “security” cameras, guards, 24 | metal detectors, etc… This is great for security, no one’s going to sneak in with a 25 | firearm and endanger the building. The building is secure. But why do you think 26 | they’re called security cameras and not privacy cameras? Well, probably because 27 | all of the footage with every person who walks in the building is stored 28 | indefinitely, and we don’t know who’s in control of the footage. The guards have 29 | every right to search you and your belongings on the spot, and metal detectors 30 | are designed to reveal what you’re carrying. This is similar to the TSA in airports, 31 | who have your security in mind--but not your privacy. Let’s move on to a digital 32 | example: 33 | 34 | Antiviruses are one of the most widely debated topics for Windows PC users. 35 | Some people say Windows Defender is enough, some say you don’t need 36 | anything, some say to invest in a paid service, and some say to use as many paid 37 | services as you can (don’t do that one). I’m not going to talk too much about that 38 | here, I already have a video discussing this on the Techlore YouTube channel, 39 | but let’s discuss the security and privacy of an antivirus software. Security-wise, 40 | it’s amazing, Antiviruses protect you from malicious files and programs, they let 41 | you scan your computer for threats and vulnerabilities, and paid options 42 | typically give you even more security features, like web-plugins, which keep you 43 | off malicious sites, password managers, ad blocking software, you guys get the 44 | point. Your security has dramatically improved because of this software. 45 | 46 | But, privacy has gone down the drain. You’re putting your trust in a third-party 47 | company to scan the contents of every file you download to your computer, every 48 | program you open, and a lot of this data is sent to Antivirus companies to 49 | “Improve their service and detection.” In reality, we don’t know what they’re doing 50 | with that data. They could very well be selling it to third parties who are using this 51 | data to influence an election. AVG, an antivirus company, actually came under a 52 | lot of fire for a very intrusive privacy policy. The truth is, we don’t know since we 53 | don’t have control of our data, a company does. 54 | 55 | That’s the antivirus example, it typically helps people understand the difference 56 | between security and privacy pretty well. It’s very important to fully distinguish 57 | these two terms, because they represent two completely different goals and 58 | ideas, that are difficult to simultaneously achieve. However, I will be teaching you 59 | about both, and how to maximize both your privacy and security throughout the 60 | remainder of the course. Thank you for watching, and I’ll see you in the next 61 | lesson on FOSS. 62 | -------------------------------------------------------------------------------- /Scripts/Section 1/4_FOSS.md: -------------------------------------------------------------------------------- 1 | # FOSS 2 | 3 | A term that I’m going to consistently use throughout this course is FOSS, *(Show 4 | Floss)* not FLOSS , FOSS, which stands for Free and open-source software. Rather 5 | than me explaining it every time I use the acronym, let’s cover the term right now. 6 | 7 | FOSS isn’t just a category of software--it’s a movement. FOSS is any software that 8 | can be freely licensed to use, copy, study, and change in any you want, while 9 | leaving the source code openly shared so people can voluntarily improve the 10 | software. This is contrary to the idea of proprietary software, where the software 11 | is under restrictive copyright and the source code is hidden from users. 12 | Microsoft, Apple, and most companies use proprietary software on their desktop 13 | operating systems, and most other pieces of software they release. 14 | 15 | So what are the benefits to FOSS, well there are plenty: 16 | 17 | FOSS is fantastic for privacy and security, which is obviously going to be great 18 | for you taking this course. Manufacturers of proprietary, closed-source software 19 | are sometimes pressured into building backdoors (which gives them or anyone 20 | else access to private data) or other undesired features into their software. 21 | Instead of having to trust software vendors, people that use FOSS can inspect 22 | and verify the source code themselves and can put trust in a community of 23 | volunteers and users. 24 | 25 | Now you might be asking, if it’s public, won’t it be easier for hackers to exploit it? 26 | This is far from the truth, since the code is public, more and more people are able 27 | to collaborate to fix any possible exploits to make the software as secure as 28 | possible. This has proved to be very accurate when looking at statistics between 29 | FOSS and proprietary software. 30 | 31 | FOSS also gives you greater personal control, customizability, and freedom. If 32 | someone wants to change the functionality of a particular software they can 33 | bring about changes to the code and, if they wish, distribute the modified version 34 | of the software on their own. You gain much more control over your usage and 35 | data as well, since software vendors like Apple, Google, and Microsoft want to 36 | lock you into their ecosystem, which works only the way they intend it to work. 37 | Meaning, you can’t disable those pesky automatic update notifications on your 38 | iPhone, you can’t easily remove Google services on an Android device, and 39 | Microsoft bugs you all day to sign in to your Microsoft account on Windows 10. 40 | These are just a few of the thousands of things companies force you to deal with 41 | everyday. The last benefit is the most obvious one, it’s all free and accessible, you 42 | never have to pay a *(show dime)* dime, since it’s voluntarily run by the 43 | community, and typically relies on donations from users. 44 | 45 | Because of all these benefits, I’m going to be recommending FOSS as much as I 46 | can throughout the course. We need to have trust in our software to improve our 47 | privacy and security, and I will typically recommend the software that has 48 | thousands of public eyes looking over it, over the software that is controlled by a 49 | company with 20 eyes looking for their next paycheck. If you want more 50 | information on FOSS, I made a more in-depth video discussing it on my YouTube 51 | channel. 52 | 53 | I hope this explained what FOSS is, and why it’s important for this course. If you 54 | want to get a head start, you can start looking for FOSS alternatives to the 55 | software you use everyday by going to alternativeto.net, searching for your 56 | software that you want to change from, and filtering by open source. Thank you 57 | for watching, and I’ll see you in the next lesson covering metadata. 58 | 59 | ## Changes 60 | ***Something I regret not mentioning about FOSS relates to the code and control 61 | companies/governments have over proprietary software. Just as mountains are natural 62 | architectural limitations found in nature, software and code have architectural limitations on what 63 | a user can/can’t do. With proprietary software, the user doesn’t know what these limitations are, 64 | but FOSS allows the community to understand what the software can and can’t do. Sure, Tesla’s 65 | have semi-automatic driving utilizing cameras around the car, but how do we know those cameras 66 | aren’t constantly collecting identifiable information about other cars around us? It is unlikely, but 67 | there’s no way to disprove the claim. With FOSS, we can disprove it. With FOSS, we know we aren’t 68 | being limited. With FOSS, we can’t be oppressed unknowingly.*** 69 | -------------------------------------------------------------------------------- /Scripts/Section 1/5_ Metadata.md: -------------------------------------------------------------------------------- 1 | # Metadata 2 | 3 | Another term I’m going to be using that you need to know and understand is 4 | metadata. Metadata is any data that doesn’t directly expose any sensitive 5 | information, but can be used to expose information about us. For example, *(Hold 6 | several books up)* libraries use metadata to sort books by title, author, and 7 | publishing information. Having 2 of any of these three 3 things is enough 8 | information to find that book, open it up and view the contents. This is very 9 | similar to our digital lives; where even though your messages may be encrypted, 10 | there could be metadata collected like who’s talking to who at what time for how 11 | long, all things that can be used to figure out what is being said. 12 | 13 | A post by Kurt Opsahl from the EFF, a digital rights group, gives a few examples 14 | as to why metadata can be so dangerous. 15 | 16 | They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But 17 | they don’t know what you talked about. 18 | 19 | They know you called the suicide prevention hotline from the Golden Gate Bridge. 20 | But the topic of the call remains a secret. 21 | 22 | They know you spoke with an HIV testing service, then your doctor, then your 23 | health insurance company in the same hour. But they don’t know what was 24 | discussed. 25 | 26 | So just because the contents of the call or message are confidential, doesn’t 27 | mean there isn’t data being collected that can give more than enough 28 | information to figure things out. Metadata isn’t inherently harmful and has been 29 | in our society for thousands of years. The issue is that it’s being utilized as a 30 | method to track users. 31 | 32 | One organization who abuses metadata is FISA, who oversees all requests for 33 | surveillance warrants against foreign individuals in the US, which seems 34 | reasonable since it requires a court order. The problem is that in 2012, 1,856 35 | requests were presented, and 1,856 requests were approved, suggesting that the 36 | process today is largely a political coy to make it appear like there’s selection in 37 | these surveillance decisions. After the FISA court grants a request, law 38 | enforcement can force private corporations to turn over all of your data and 39 | specifically metadata--assuming they haven’t already done so. 40 | 41 | Now you might be saying, this doesn’t impact me, I’m not one of those 1,856 42 | people. Well if you’re following the tips in this course, you could raise a lot of 43 | suspicions, so yes it still may concern you, even if you don’t do anything illegal. 44 | On top of that, one person can ruin it for everybody. When the FBI was trying to 45 | get Edward Snowden’s emails on Lavabit, they forced Lavabit to hand over the 46 | SSL keys which wouldn’t just let the FBI access Snowden’s keys, but everyone on 47 | Lavabit, giving access to all Lavabit user’s private emails. When the FBI wanted 48 | Apple to unlock the single iPhone from the San Bernardino case, it meant 49 | installing a backdoor which would give them access to any iPhone around the 50 | world. When VPN companies are forced to keep logs to catch a user, it typically 51 | means keeping logs on all users in a server. So yes, you might not be committing 52 | the crime, but you’re suffering the privacy invasion, which (without getting too off 53 | topic) is why metadata can be just as revealing as the contents in your texts, 54 | emails, and operating systems. 55 | 56 | A person who fell victim to metadata was John McAfee, a cyber-security expert, 57 | and although people don’t typically like him as a person, he spreads a lot of 58 | good information related to privacy and security. He developed the McAfee 59 | antivirus which many of you might be using right now. McAfee didn’t have the 60 | cleanest life though, as he admits to living sexual fantasies with guns and bath 61 | salts in Belize, where he was accused of killing his neighbor. He eventually fled 62 | and went into hiding. So how did law enforcement find him? It wasn’t from his 63 | blog post detailing what happened, it was actually from a picture he posted on 64 | Twitter. The picture contained exchangeable image file data, or EXIF data, which 65 | is photo metadata. It includes things like color saturation and other color details, 66 | as well as the exact location that a picture was taken. This is how he was 67 | eventually tracked and this is why your camera on your smartphones asks for 68 | your location the first time you start it up. McAfee did sneak by all of this and 69 | ended up running for US presidency in 2016 for more cyber friendly policies. 70 | Lately he’s become fascinated with blockchain technology and is always saying 71 | the next “out there” thing. Really interesting dude. 72 | 73 | To view the metadata of your files, you can use sites like these to see what kind of 74 | information there is on a file. There are programs and sites out there that claim 75 | to delete metadata on your files, so definitely take a look at them. For Android, 76 | there’s Scrambled EXIF, photexif for jailbroken iOS devices, viewExif for 77 | non-jailbroken iOS devices, and the LiveOS tails includes a tool as well, we will 78 | discuss Tails in section 4 of the course. 79 | 80 | And that is it! Thank you for watching, I know this stuff might not be the most fun 81 | to learn about, but it is necessary to know and it only gets better from here. We 82 | have to cover all the basic terms so we can learn about the advanced things later 83 | on in the course. I’ll see you in the next lesson, discussing a neat thing called The 84 | Convenience Line. 85 | -------------------------------------------------------------------------------- /Scripts/Section 1/6_ The Convenience Line.md: -------------------------------------------------------------------------------- 1 | # The Convenience Line 2 | 3 | I mentioned in the first lesson that every individual lesson will cover a specific 4 | topic. These range from passwords, to encryption, pseudonyms, VPNs, Tor, and 5 | more... To give you a heads up: every lesson is broken down more or as less as 6 | follows: 7 | 8 | I’ll start with the basics, what you need to know. This will be an introduction to the 9 | topic. Then there’s the big no-nos. Not using the same password for every 10 | website, the easy things that you should be implementing no matter who you are. 11 | Then it will start to get a little bit more advanced. I may tell you to use a password 12 | manager to create more secure and unique passwords for websites. Then, I will 13 | go to the very advanced side of things, where I’m going to recommend not using 14 | cloud-based password managers because you don’t own your keys--things that 15 | are more extreme. 16 | 17 | Now you might have noticed the colors were changing behind me. As the lesson 18 | gets more and more advanced, the color will change along with it. Green is the 19 | easy stuff, red is the advanced stuff. Yellow is in the middle. And black is extreme. 20 | Every lesson will be setup this way to better allow you to draw a line; A line 21 | between what? Well I like to call it the convenience line. In general, the more 22 | private and secure you wish to become, the more time and work you’re going to 23 | have to put in, there’s just no way around this. 24 | 25 | It’s just like riding a bike. You can have zero security protection for your bike, and 26 | very quickly be able to grab it, hop on, and ride away, very convenient indeed. *( 27 | hold up lock and key)* Now let’s say you put a simple lock on it that requires a key, 28 | well now you have to carry the lock on you everywhere, you have to lock your bike 29 | everytime you stop, and you have to make sure you don’t lose the key. 30 | Convenience has dropped significantly, but your security has gone up. Now let’s 31 | say you get a heavy duty lock, that requires an 8 digit pin, in addition to a key. I 32 | don’t know if they make this, but let’s assume it’s a thing. The convenience has 33 | dropped even more, with a slight bump in security. So yes, there are very 34 | commonly diminishing returns when it comes to security and privacy. 35 | 36 | Very similar story to your digital life. You can have all of your files synced across 37 | all of your devices to quickly access everything, you can use no password on your 38 | phones to quickly unlock them, and you can disable encryption to boost speeds 39 | on your phones and computers. At the end of the day, most of us are okay 40 | sacrificing privacy and security for convenience, and we need to turn this 41 | around, it’s become a big problem. Neil Postman, an American author, stated “It is 42 | a mistake to suppose that any technological innovation has a one-sided effect. 43 | Every technology is both a burden and a blessing.” We have lost power over our 44 | lives because we want to enjoy the convenience offered to us. We are open to 45 | dealing with anyone who has a way of bringing us something quickly, 46 | conveniently, and/or cheaply--but in exchange for a little information and 47 | freedom. We will all draw our lines in different areas, and it’s important to 48 | understand your boundaries. Some things in this course will seem extreme to 49 | some, and introductory to others--be aware of your boundaries and how 50 | different people have different lines. 51 | 52 | Once again, every lesson will start with the basics, and progressively get less and 53 | less convenient, and this is where you have to draw a line. I am sure that not 54 | everyone watching this course will follow everything I discuss to the max, and that 55 | is totally okay. This course is setup to be used by anybody, no matter who you 56 | are. So I now grant you the ability to *(Hold pencil up)* draw your own line. Thank 57 | you for being here, and see you in the next lesson. 58 | -------------------------------------------------------------------------------- /Scripts/Section 1/7_ Supporting This Course.md: -------------------------------------------------------------------------------- 1 | # Supporting This Course 2 | 3 | Congratulations, you have completed the introduction to the course! Before we 4 | go into section 2 where we really start getting into the fun stuff, I wanted to 5 | quickly ask for your help. My goal is to make this course public, accessible, and 6 | free to everybody. and have a free variant for those who can’t afford the premium 7 | version. More people need to be educated on security and privacy, and this is 8 | how I believe I can contribute to the cause. This project has taken me well over 9 | 1000 hours to put together. So, if you want to support the course and the channel, 10 | there are tons of ways you can do that, and I would really appreciate it. 11 | 12 | First, there are lots of free ways you can help, at 0 cost to you. You can do all of 13 | your Amazon shopping after clicking the Techlore Amazon affiliate link in the 14 | support tab, so make sure to go through that next time you buy something on 15 | Amazon, or better yet bookmark it. It won’t cost you a cent more, but some of that 16 | purchase goes back to Techlore, which helps maintain the channel. 17 | 18 | Another great way to help is by being a part of the community. Sharing the 19 | course with your family and friends, keeping up with the YouTube videos, joining 20 | Minds, joining the Discord, following Instagram; your support and contribution to 21 | the community is just as important as any financial support. 22 | 23 | Financially, there’s Bitcoin, Litecoin, ZenCash, and Monero addresses in the 24 | support page which you can use to donate. If you are planning on creating a 25 | Coinbase or Binance account, I have affiliate links for those, and if you buy $100 26 | worth of bitcoin through Coinbase using the link there, you will get a free 27 | additional $10 in BTC which is free money. 28 | 29 | You can also purchase the course on Udemy, where there are lots of perks like 30 | quizzes, tests, checklists, cool scoring games, no ads, and a certificate. 31 | 32 | Lastly, don’t forget the swaggy merchandise on the Techlore store you can get to 33 | show off your privacy and security, while spreading a good message to the 34 | people around you. 35 | 36 | So that’s going to wrap up Section 1 of the course. It’s a lot of talking, and not 37 | much doing, but no longer. Section 2 will be geared towards erasing as much of 38 | your public and private digital life as we possibly can, to offer as clean of a slate 39 | as possible in order for us to really get down to business in section 3-7. Thank 40 | you for watching up to this point, and I’m excited to work with every single one of 41 | you in the future. I’ll see you in section 2: A Clean Slate. -------------------------------------------------------------------------------- /Scripts/Section 2/1_ Section 2 Introduction.md: -------------------------------------------------------------------------------- 1 | # Section 2 Introduction 2 | 3 | Welcome to Section 2! Things are finally going to *(KICK)* kick off, and it’s time to 4 | learn some new stuff. If you’re going through this course, you’re going to fall into 5 | a few categories: You could be a beginner who is learning about all of this for the 6 | first time. Maybe you understand the basics but need to learn more advanced 7 | techniques, or maybe you are advanced and just trying to make sure you’re 8 | doing the right stuff. Well the best place to start is to look in the mirror, What 9 | does your digital life look like? How is it mapped out and what stains are on your 10 | mirror? This is known as your digital footprint, or your digital identity, digital life, 11 | there are lots of names for this. Essentially it is how much information that is tied 12 | to you on the internet. Some of you have publicly accessible passwords you don’t 13 | know about, and some of you have your entire life downloadable in a profile 14 | online. This would be a very large and extensive digital footprint, which you don’t 15 | want, but unfortunately many of you have. 16 | 17 | So what do we do? Sadly, there’s no single website that quantifiably tells you how 18 | good or bad your footprint is, but section 2 will teach you how to personally 19 | evaluate your footprint, as well as how to make it as small as possible. In general, 20 | the younger you are, the easier this is going to be. You’re going to have less 21 | emails, less websites you’ve signed up for, less companies you’ve applied to, but 22 | this isn’t necessarily the case for everybody. 23 | 24 | So without further adieu, let’s start section 2 with ‘Minimalism’. 25 | -------------------------------------------------------------------------------- /Scripts/Section 2/2_ Minimalism_.md: -------------------------------------------------------------------------------- 1 | # Minimalism. 2 | 3 | Before we even discuss the internet, let’s talk about minimalism pertaining to your 4 | local files and programs. “Local” means files and programs stored on your *(show 5 | devices)* physical hard drives, phones, and other personal devices. In general, 6 | the rule of thumb is the more programs and services you’re using, the higher 7 | chance of a security exploit and/or personal data collection. 8 | 9 | A basic example: *(Hold Smartphone)* Almost all of us have smartphones. Let’s 10 | say you download the Facebook app onto your phone. It can now read all of your 11 | contacts, your SMS messages sent outside of the app, and it can view your phone 12 | calls. This already is alarming. But let’s say you download Snapchat. Now 13 | snapchat has access to similar information, but two different companies have 14 | access to it. You have doubled the chances of your information leaking in some 15 | fashion. Over on your computer, it’s not uncommon for programs to also open up 16 | your computer to exploits, like Java, Reader, and Flash. The more apps and 17 | programs you leave installed on your devices, the greater chance of an exploit, 18 | or that a company will harvest your information, making your digital footprint 19 | more extensive. The goal is to be as minimal as you possibly can, I want you to 20 | brag about how few apps you use on your devices. 21 | 22 | So where do we start? First, if you just got a new device, it most likely comes with 23 | preinstalled programs called bloatware, which is a loose term for any software 24 | that isn’t needed and is considered bloat. Windows loves this, Android has this, 25 | iPhones have this, almost all devices do. They take up valuable system resources 26 | and more often than not are detrimental to your privacy and security. The first 27 | thing I’d recommend you do when you get a new device is to reinstall the 28 | operating system to remove the bloatware. If the operating system itself includes 29 | bloatware (like windows), uninstall as much of it as you can manually. 30 | 31 | After that, we need to delete those old games and other apps you don’t use 32 | anymore--it’s doing much more harm than good in the background! In some of 33 | my old videos, I clearly didn’t follow this. Just looking at the apps I had installed, 34 | you could learn so much about my life, and you can bet that some of these apps 35 | were collecting data in the background. 36 | 37 | The top shows my cellular provider, Cydia shows I was jailbroken, Pearson 38 | PowerSchool reveals that I was most likely a minor attending High school or 39 | middle school. OneDrive shows I was using a cloud service that uses no default 40 | encryption; just to name a few! Swiping to page 2, things just get juicier and 41 | juicier, if we, humans, can visually see these patterns, imagine what these devices 42 | can do when they’re collecting countless amounts of data on your personal life. 43 | 44 | As a totally random note, I want to remind you that most software that comes 45 | with new accessories is completely unneeded, and you should avoid installing 46 | them. Printers come with their own software, but you don’t need it because your 47 | operating system already takes care of that. Monitors come with software too 48 | which you don’t need. Headphone and other device manufacturers also like 49 | advertising their own software; in general it’s not necessary. 50 | 51 | So that explains apps and programs, but what about files. I’m going to talk about 52 | cookies, cache, and history in the next lesson, but right now let’s discuss your 53 | personal files: photos, videos, documents, and anything else you own. Deleting 54 | some of your personal files has advantages as well. First, if someone is able to get 55 | into your devices, they’re going to have a tougher time figuring out information 56 | about you. As an example, I frequently clear my SMS messages so that if someone 57 | gets into my phone, they can’t view any old private messages. On a digital level, 58 | some programs on your computer have the ability to collect your data, like 59 | antiviruses cloud-based programs, and even certain browsers, so the less you 60 | give them the better. The last and most obvious benefit is that you will free up 61 | storage on your devices and have a much more organized life. 62 | 63 | First, go through and remove things that are unused and unneeded across all of 64 | your devices, typically this involves cleaning up your desktop, removing files in 65 | your Downloads folder, and emptying your trash bin. Now technically things 66 | emptied from your trash or recycle bin can be recovered, but we’ll cover 67 | shredding files later on in the course. Then you can start moving to your other 68 | files, finding things you really have no use for anymore. Old screenshots, 69 | unneeded videos, expired documents, this is all on you to decide. At this point, I’d 70 | recommend transferring any documents which contain sensitive information 71 | about your life to a properly secured *(show both)* external hard drive or flash 72 | drive, which can only be accessed if you physically plug it in, that way the 73 | information isn’t always accessible by your operating system. We will cover how to 74 | properly secure these later on with encryption. 75 | 76 | As for mobile devices, Android does have a file manager which you should 77 | frequently check on to make sure there are no files you can remove. And for iOS 78 | 11, there is a “sorta" file manager for you as well. Don’t forget to frequently clear 79 | your text and call history to keep things minimal on all mobile devices. 80 | I do want to mention that deleting icons from your computer’s desktop isn’t 81 | uninstalling programs, it has to be done in the control panel or the new Windows 82 | 10 settings app, I can’t tell you how many people aren’t aware of this. For Macs 83 | you have to drag it into the trash bin. For the more advanced users, when you 84 | uninstall programs from your computer (especially in windows), there are 85 | commonly still leftovers of the program which aren’t fully removed. Some key 86 | places to look are these directories. *C:/Program Files, C:/Program Files (x86), 87 | C:/User/YOURUSERNAME/Appdata* You can also hit Windows Key + R, and enter 88 | Regedit.exe. Once here, just search for keywords from the program to find 89 | leftover registry keys, or there’s a tool in the next lesson which will automate this 90 | process. For Mac users, do the same thing by looking through these directories 91 | to clear program remnants. To avoid leftovers like these in the future, make sure 92 | to remove settings for your programs during the uninstallation process, if 93 | prompted, and use a free tool like Geek Uninstaller, which automatically picks up 94 | remnants when you uninstall a program. For Macs, AppCleaner is an amazing 95 | app that works similar to Geek uninstaller. 96 | 97 | Before wrapping it up, Parents and spouses, try to avoid installing 3rd party spy 98 | software on your loved one’s devices. First, try to create enough trust between 99 | you two to figure out a physical compromise, like leaving the phone outside the 100 | bedroom for kids. 3rd party spy software is extremely dangerous because it gains 101 | access to everything on a phone, and it’s all being stored on that company's 102 | servers. This is a huge security and privacy issue, software like mSpy continually 103 | suffers leaks, and an app even leaked Teens’ Apple IDs, which is enough 104 | information to break into an account--as we’ll discuss later in the course. If you 105 | have to setup parental controls or spy software of some sort, most devices have 106 | built-in parental controls allowing you to do this without handing over data to a 107 | third party company. Additionally, lots of routers allow you to setup parental 108 | controls as well, so you don’t need to setup parental controls on the device itself. 109 | No matter what, avoid spy software from third party companies, that’s a big 110 | no-no. 111 | 112 | So that wraps it up for minimalism. Remember: Less is more. The less programs, 113 | apps, and files you store on your devices, the less data there is to collect about 114 | you, and less risk of a security exploit. This was a simple and casual step, but it’s 115 | very important nonetheless down the road. This is also one of the beautiful 116 | things to do, because it actually speeds up your devices and improves your 117 | battery life, without really affecting convenience. The next lesson for section 2 will 118 | dive a little bit deeper into minimalism. I will see you then. 119 | 120 | ## Changes 121 | ***As important as making a lesson geared towards beginners can be, I have made the fatal mistake 122 | of failing to mention those of you already using Linux. This entire lesson applies to Linux. BleachBit offers Linux support, just as it does for Windows.*** 123 | -------------------------------------------------------------------------------- /Scripts/Section 2/3_ Erasing Your Local Identity.md: -------------------------------------------------------------------------------- 1 | # Erasing Your Local Identity 2 | 3 | Now that we understand the basics of minimalism, we need to finish cleaning up 4 | our local identities, Let’s discuss *(show cookies & Cash)* cookies, cache, and any 5 | temporary files stored on your devices. 6 | 7 | History, cookies, and cache (or we’ll use HCC for short) are most commonly seen 8 | and used within web browsers. History shows all the websites you’ve visited, 9 | cookies are used by websites to track your visits and activity like when you have a 10 | shopping cart on a website, and cache stores elements of a webpage so if you 11 | load the webpage again, those elements are ready to go without needing to be 12 | refreshed. 13 | 14 | HCC all have their functions, but they are terrible for your privacy, since websites 15 | are able to view and record data associated with them. 16 | 17 | *(Dip cookies in Milk)* Cookies are one problem, and are frequently used for 18 | cross-website tracking, but *(Dip huge cookie)* supercookies are a super 19 | problem. Think of supercookies as those squabbits from Brickleberry, or a hydra. 20 | If one dies, two more are created, although this is just an analogy. You can’t clear 21 | super cookies like you can clear regular cookies, because it is injected into your 22 | system through several different methods. One method is an HTTP header by an 23 | Internet service provider. This uniquely identifies your device and is used to track 24 | you. Verizon was caught doing this in 2016, using a unique code attached to your 25 | device called a UIDH. Even after being fined, they still continue this practice to 26 | this day by default. You have to call them and opt out of this tracking, yay for 27 | Verizon! Because this information is injected between the device and the server 28 | that it’s connecting to, there’s nothing that a user can really do. Another common 29 | form of supercookies are utilized through Adobe flash and Microsoft Silverlight, 30 | which are both outdated and very rarely used, so make sure you have these 31 | uninstalled. 32 | 33 | In section 3 and 4, I will teach you how to stop all of these things from being 34 | recorded in the first place. But for right now, we’re focusing on deleting cookies 35 | and other temporary files on your current setup. Let me show you the easy and 36 | lazy way first, followed by the more in-depth method. 37 | The easy way is by clearing them within your web browser itself. Each browser’s 38 | different, but typically in the settings you’ll see an area to clear history and any 39 | other data like cookies and cache. This is quick, easy, and lazy. 40 | 41 | But what about all the stuff other programs and your operating system store on 42 | you? For this, we need to use *(Hold Up Screwdriver)* special tools. 43 | 44 | CCleaner is a free option for both Windows and MacOS, it’s a good program, but 45 | it is closed source. On top of that they did suffer a hack which installed malware 46 | onto user’s computers by hacking the certification on the latest version. 47 | (Although do keep in mind this was extremely targeted and could have happened 48 | to just about any service.) I still use CCleaner, but there’s also a great alternative. 49 | BleachBit is free and open source and does very similar things; it’s much more 50 | trusted in the community. Both of these tools will clear tons of unneeded data on 51 | your computer, which is exactly what we want! There are tons of great guides 52 | already on how to use them, that you can find online, so I’ll let you discover these 53 | tools, and I may do a guide on it on my channel as well. Sadly there’s no GUI 54 | version of BleachBit for Macs at the time of making this course, so CCleaner is 55 | the recommended service for you Mac users, unless you want to do it manually. 56 | 57 | The last little thing you want to do if you’re on Windows is go to file explorer, right 58 | click on your computer’s boot drive, click properties, and then Disk Cleanup. Click 59 | clean up system files, then select everything and delete it. 60 | 61 | You should clear your history and data on your mobile devices as well, but I’d 62 | recommend you avoid using third party tools to do it, since phones really don’t 63 | need it. Both iOS and Android have good built-in tools for both browsers and 64 | individual apps to clear cache and other types of temporary data like HCC. On 65 | Android you can use SD Maid, but like I said--it’s really not needed. 66 | 67 | So now we’re all done, but before finishing up the lesson, here’s a fun story about 68 | erasing your files--told by the notorious hacker, Kevin Mitnick: In April 2013, 69 | Matanov, a cab drive from Massachusetts went to dinner with a pair of brothers, 70 | where they discussed the events that happened that day at the Boston Marathon 71 | bombing--where someone planted rice cookers packed with nails and gunpowder 72 | to explode at the finish line. The brothers at the table, Tamerlan and Tsarnaev 73 | would later be identified as prime suspects. Although Matanov said he had no 74 | prior knowledge of the bombing, he allegedly left a post-bombing meeting with 75 | law enforcement officers to delete the browser history from his computer, which 76 | resulted in charges against him. This also happened with the college student 77 | David Kernell, who hacked Sarah Palin’s email account. The charges against both 78 | Matanov and Kernell resulted from something called the Sarbanes-Oxley Act of 79 | 2002, which aimed at preserving data to be used as evidence. 80 | 81 | So, if you followed this lesson, you could be charged if you were to be accused of 82 | a crime. Luckily, you’re hopefully not being accused of a crime, and the 83 | workaround is to not store the information in the first place, and this is exactly 84 | what I will be teaching you how to do in section 3. This was just a lesson to start 85 | you off on a cleaner slate. Thank you for watching, and I’ll see you in the next 86 | lesson: erasing your online identity. 87 | 88 | ## Changes 89 | ***As important as making a lesson geared towards beginners can be, I have made the fatal mistake 90 | of failing to mention those of you already using Linux. This entire lesson, as well as the previous 91 | lesson (2.2) apply to Linux. BleachBit offers Linux support, just as it does for Windows.*** 92 | -------------------------------------------------------------------------------- /Scripts/Section 2/5_ Section 2 Finale.md: -------------------------------------------------------------------------------- 1 | # Section 2 Finale 2 | 3 | If you’ve gotten to this point, I want to personally congratulate you. These have 4 | been your first steps to a more private and secure life, and it’s great to see 5 | people take the plunge and make it happen. 6 | 7 | In this section, we focused on minimalism and your digital footprint, which, in 8 | itself is a very new concept to many of you. We talked about erasing your local 9 | identity by removing unnecessary files and programs on your devices, and we 10 | learned the basics of managing your online identity and what you can do to 11 | minimize the amount of information that is publicly accessible about you online. 12 | 13 | All very fun stuff! 14 | 15 | If you haven’t already, consider supporting the course by purchasing it on Udemy 16 | for an ad-free experience with quizzes, tests, checklists, and most importantly a 17 | certificate! You can also help out by checking out all of the support methods, 18 | which can be found on the course’s website and sharing it with the people you 19 | know. Thanks to everyone in advance who helps out. You’re the ones who are 20 | bringing this course to life. 21 | 22 | Don’t forget to support the course by checking out all of the support methods 23 | which can be found on the course’s website. Thanks in advance to everyone who 24 | helps out, you’re the ones who are bringing this course to life. 25 | 26 | Section 3: Basic Digital Protection, is Part 1 of 2 sections covering techniques that 27 | you need to implement in order to avoid any future privacy and security invasion 28 | (in the digital world) to maintain this clean slate you’ve worked so hard for. I will 29 | see you there, thank you for watching, and good luck! -------------------------------------------------------------------------------- /Scripts/Section 3/10. Browser Uniqueness.md: -------------------------------------------------------------------------------- 1 | # Browser Uniqueness 2 | 3 | This is going to be more of an educational lesson, so sit back, and relax. Browser 4 | uniqueness, more commonly known as fingerprinting, is something very 5 | commonly overcomplicated. Luckily, this lesson will keep the topic easy to 6 | understand, so let’s go ahead and take care of it! 7 | 8 | But it won’t be as easy to understand as this message… 9 | 10 | Browser uniqueness is exactly what it sounds like, how unique you are on the 11 | internet. The idea here is the more you stick out from normal web traffic, the 12 | easier it is to track you, since you’re the only person with a specific configuration. 13 | It’s like being the only person in class with a 17.3 inch Alienware laptop. 14 | Something you have to realize about the configuration I’ve given you in the 15 | previous three lessons, *(hold guy fawkes mask)* is that it’s not anonymity, or else 16 | you’d be blending in with everybody else, we’ll talk about ways to do this in 17 | section 4. The configuration I’ve given you is created for personal safety and 18 | possible pseudonymisation. Anonymization blends you in with people, essentially 19 | making you anonymous. Whereas pseudonymisation relies on you replacing any 20 | PI^2 with fake identities, or pseudonyms, which aren’t tied to your real 21 | information, we’ll discuss this more in section 6. So even though you’re unique, 22 | you're only using this browser for accounts that are inherently unprivate, like 23 | your personal banking and emails. 24 | 25 | You can actually test your browser uniqueness using a service like panopticlick, 26 | amiunique, or browserspy.dk. What you’ll find if you followed the last few lessons 27 | is you are extremely unique. We have made ourselves so private and secure that 28 | we stand out enough for websites to track us and continue to build a profile, just 29 | because we are unique—the irony is real. Does this mean everything we did was 30 | wasted? Well no, there are still lots of benefits from everything we’ve done. Being 31 | able to force HTTPS requests is enormously important, blocking invasive trackers 32 | that track you across websites are also important, and don’t forget the ethical 33 | reasons to stop companies from tracking you nonstop. 34 | 35 | On top of this, the hacker Kevin Mitnick brings a different argument to the table: 36 | He says the less unique you are, the less he has to work to target you since you’re 37 | using a more common, less private and secure configuration. So even though a 38 | common fingerprint may benefit your anonymity, from a technical perspective, 39 | this opens you up to malicious activities. 40 | 41 | Luckily, even with uniqueness concerns, there are a few things we can do to 42 | improve the problem, but keep in mind there’s no fool-proof way of fixing this. The 43 | first thing is to make sure your scripts are being blocked with something like 44 | NoScript, since scripts reveal so much about your configuration. Run 45 | panopticlick and view the revealing information with your script blocker on 46 | versus off to see why this is so important. The second thing is to install an 47 | extension that periodically spoofs your user agent, making it look like you’re 48 | using a different operating system in a different browser to confuse trackers. 49 | User-Agent Switcher for Firefox has been working amazingly for me. The last 50 | thing you should do is implement pseudonyms so there’s as little information to 51 | tie to you as possible. This is not a pseudonym tutorial, and I’ll be getting into 52 | that later on in the course. Using these three tips I’ve given you will help a lot, and 53 | they are as close as we can get you to full privacy and security without touching 54 | the Tor browser—which we will do in section 4. 55 | 56 | That’s going to wrap up our browser quadrilogy for section 3 of the course. I 57 | doubt this was more exciting than the star wars trilogy, but I hope it was still 58 | interesting and valuable nonetheless. I’ll see you all in the next lesson, which will 59 | talk about VPNs and proxies. Thank you for watching, and see you soon! 60 | -------------------------------------------------------------------------------- /Scripts/Section 3/11_ Proxies _ VPNs.md: -------------------------------------------------------------------------------- 1 | # Proxies & VPNs 2 | 3 | Welcome back to the course! If you follow or keep up with any security or privacy 4 | news, I’m sure you’ve heard of one of the following terms: Proxies and/or VPNs. 5 | What are these tools? Do they make you anonymous? Are they different from one 6 | another? In this lesson, we’re going to cover all of those questions, and much 7 | much more! 8 | 9 | Let’s start with proxies. A proxy’s main goal is to hide your real IP address. An IP 10 | address is a unique code used to identify you on the internet. Proxies spoof this 11 | by acting as a middleman between you and the websites you visit, so that the 12 | website thinks you’re visiting from the proxy server. They are typically programs 13 | you download, or they can be configured directly in the settings of applications. 14 | The main downsides to proxies is they don’t typically encrypt your traffic between 15 | your computer and the proxy server, they don’t tend to strip identifying 16 | information outside your IP address, and there are no additional privacy or 17 | security considerations built in. so when it comes to protecting your data from 18 | internet service providers, governments, or network attacks—proxies won’t really 19 | help you. What they will help with is simply masking your IP address. 20 | 21 | Let’s move to VPNs…VPN stands for Virtual Private Network; they’re going to hide 22 | your IP address and allow you to connect to servers around the world--like 23 | proxies; except there’s one major difference--your traffic is encrypted. So now, no 24 | one except the VPN company and you have the direct ability to view and see what 25 | you’re doing online. If your VPN is a good one, they themselves shouldn’t know 26 | what you’re doing either. Because VPNs are encrypted, any people who could 27 | potentially be between you and your final destination will have a difficult time 28 | figuring out what’s happening inside the VPN, meaning people like internet 29 | service providers won’t be able to snoop, collect, and sell your browsing data, 30 | which they DO do. (doodoo) In fact they lobbied congress to make this legal in 31 | 2017. 32 | 33 | Another benefit to VPN encryption is if you’re on public wifi, there’s a possibility 34 | the shady guy in the corner is using a free tool like wireshark to view every 35 | connected device on the network to view its contents, including yours. He could 36 | just be watching, or he could be redirecting your connection to a javascript 37 | keylogger that logs all of your keystrokes to steal your passwords. This is called a 38 | man-in-the-middle attack. If you’re using a VPN, the creepy man can only see that 39 | you’re connected to a VPN, nothing else. 40 | 41 | This is all great, but, there are downsides to VPNs. First, they use processing 42 | power to encrypt traffic, which may be tougher on older hardware. Second, they 43 | tend to \* show money \* cost more than proxies since they offer more functionality. 44 | Third, some sites like Google will give you a CAPTCHA request to ensure you’re a 45 | human, since your IP address is likely being used by a great number of people, 46 | this is extremely annoying. Fourth, some websites will block VPNs because of the 47 | large amount of people using the same IP address, Amazon is a big fan of this. 48 | The last downside to VPNs is they’re typically slower than proxies, which could be 49 | a problem for people looking to stream or download content--although most VPNs nowadays are plety fast. 50 | 51 | Whether you go for a proxy or VPN, I will typically push you away from free 52 | services. It costs money to run them, so if you’re not paying with your cash, you’re 53 | most likely paying with your data. There are exceptions to this rule, like if a 54 | quality VPN service offers a free tier, like ProtonVPN or Windscribe. This can be 55 | okay, just avoid services that are only free with no paid variants, and no clear 56 | business model. Security expert Chema Alonso demonstrated at DEFCON how he 57 | setup a free ‘anonymous proxy’ to attract bad guys to the service. After just a few 58 | days of the creation of xroxy.com, he had over 5,000 people using the service. 59 | Alonso could have used this opportunity to push malware into people’s browsers, 60 | tracking everything they do. He could harvest and sell their data, or he could 61 | turn everyone over to law enforcement. Let this demonstrate how easy it is for 62 | someone to put up fake services, and why free services should be treated with 63 | caution. We've covered this more thoroughly on our YouTube channel. 64 | 65 | Outside of not being free, what are some other considerations you should take 66 | when picking a VPN? 67 | 68 | - Check the encryption and make sure they offer AES-256 bit data 69 | encryption and at least 2048 bit handshake encryption utilizing OpenVPN 70 | or WireGuard—we’ll talk about WireGuard soon. 71 | 72 | - Check their jurisdiction if you believe the location of the company impacts 73 | its ability to be private. Avoiding US companies tends to be a common 74 | pattern. 75 | 76 | - Do they implement Perfect Forward Secrecy, meaning they continually 77 | cycle encryption keys so that if one key is compromised, the others will still 78 | be safe? 79 | 80 | - Investigate their history to see their background and if they’ve ever given 81 | up user information. 82 | 83 | - Check their privacy policy to see their stance on how they work with law 84 | enforcement. If they publicly state they do, then you should assume they 85 | keep or will keep logs. 86 | 87 | - Some extra things to look for are system-wide kill switches, a setting where 88 | if the VPN disconnects, all internet traffic from your computer will be 89 | stopped--never exposing your true IP address. 90 | 91 | - If you want a quick list of good services, privacytools.io has a good basic 92 | list, or we evaluate VPN services on our website and YouTube channel, 93 | utilizing a systematic, public, review protocol and other tools to make your decision an easy one to make. 94 | 95 | It’s important to mention that VPNs are NOT all-in-one anonymization tools. If you 96 | want your VPN to be private, not just secure, you’re going to have to open an 97 | account anonymously. This means utilizing techniques you’ll learn throughout 98 | the rest of the course, like setting up an account with a fake name and email on an open 99 | wireless network using something like Tor, we’ll discuss how to do all of this later 100 | on. Next, you have to find a way to pay for the VPN anonymously. In short, you 101 | have to find a service that takes cash like Mullvad or IVPN, anonymous 102 | cryptocurrencies like NordVPN, gift cards like PIA, or you can buy prepaid debit 103 | cards anonymously and use those--I’ll discuss anonymous transactions later on 104 | in section 6. 105 | 106 | Even if you take proper precautions, you should not fully trust your VPN to 107 | handle your data--they can be a single point of failure. IPVanish, Hidemyass, and 108 | PureVPN are just a few services who handed over user data. All vital information 109 | should be encrypted before it reaches the VPN’s encrypted tunnel. Use HTTPS 110 | everywhere in your browser, use encryption for your emails, and anything else 111 | you can do to encrypt yourself, before it leaves your computer. We’ll discuss how 112 | to do all of this later on. 113 | 114 | All of this mistrust with VPNs brings up a valid question, should you host your 115 | own VPN server? It’s difficult to self-host a VPN anonymously, because you’re self 116 | hosting it. There are some configurations I’ve seen to mitigate this issue, but 117 | they’re pretty complex to implement. Self-hosting vs commercial VPNs will come 118 | down to what your priorities are, and what works best for your use-case. 119 | The very last thing I want to bring up is WireGuard, a new protocol designed to 120 | replace the current VPN standard--OpenVPN. As of today, they have recently left 121 | beta, and are becoming a more standard offering across both operating systems 122 | and VPN providers. I’m still wary since it’s relatively new to the scene, but 123 | definitely keep an eye on Wireguard, it’s a very promising project that may one 124 | day be the new recommended protocol, over OpenVPN--promising better security and speeds. 125 | 126 | That’s going to wrap up everything! Hopefully now you understand the differences 127 | between proxies and VPNs, and what they're actually good for. I hope you enjoyed the lesson, and I will see you in the 128 | next one, where we talk about antiviruses and malware. Thanks for watching. 129 | -------------------------------------------------------------------------------- /Scripts/Section 3/12_ Antiviruses _ Malware.md: -------------------------------------------------------------------------------- 1 | # Antiviruses & Malware 2 | 3 | Antiviruses are a sensitive topic in the privacy and security community, so I will 4 | try to stay impartial. This is a topic that you absolutely need to understand the 5 | difference between privacy and security, so if you haven’t already seen section 1 6 | of the course where I break those concepts down, you need to go back and watch 7 | that. 8 | 9 | We all know that the internet can be a dangerous place. There are scammers, 10 | hackers, but the most frequent issue we hear about is viruses, a form of malware. 11 | We’ve grown up being taught you need to have an antivirus on your computer, or 12 | else you will get viruses. This is also pushed by antivirus companies themselves 13 | (for obvious financial reasons) and these services do everything possible to latch 14 | onto your computer, as made famous by John McAfee himself. 15 | 16 | Let’s start with the pro to antiviruses: They are generally good for your security. 17 | They continually scan your system for malware and vulnerabilities, they check 18 | every websites you visit, scan email attachments, and they can sometimes include 19 | tools like password managers and payment- specific security features. 20 | 21 | But, and this is that big butt...it is probably one of the worst things you can do for 22 | your privacy. Antiviruses need to scan every file on your computer, every website 23 | you visit, and all of your personal data. They almost always collect everything 24 | flowing in and out of your computer, and admit to collecting this information. Go 25 | read your antivirus’s privacy policy on their website. 26 | 27 | For this course, we need to be working towards security, and privacy. Which 28 | makes this a very difficult topic, since antiviruses are generally good for security, 29 | but detrimental to our privacy. 30 | 31 | Every user will have different options, and to figure out where you should go from 32 | here, there are three things you need to answer: 33 | 34 | 1. How strong is your ability to download from trusted sources with no 35 | malicious intent? If you aren’t sure, then assume it’s not good. 36 | 37 | 2. What operating system are you using? Are you on Android, iOS, Windows, 38 | MacOS, Linux, or something else? Different platforms have better security 39 | than others, which may impact the need for an antivirus. 40 | 41 | 3. How good are your browsing habits? I covered these tips in our recent 42 | lesson teaching the basic rules to avoid viruses, scams, and hackers from 43 | invading your system. 44 | 45 | After you’ve answered these three questions, I made this very convenient chart 46 | you can use to help guide your decision. This is not supposed to be definitive 47 | answer, but hopefully it’s a decent guide to demonstrate how to approach this 48 | issue. 49 | 50 | In short, I will always recommend having some line of defense on Windows as a 51 | safety net. To combat privacy concerns, I recommend using Windows Defender 52 | for moderate and advanced users. Despite popular belief, WD is able to compete 53 | against many paid options out there. First, it’s free. Second, we know that 54 | Windows is collecting your information anyway. So using our rules of minimalism, 55 | we can simply say: “Hey! Microsoft already has our information, so let’s use their 56 | antivirus, to avoid two companies getting access to the same data.” I hope this 57 | acceptance of data control from Microsoft encourages you to switch over to 58 | something more privacy-friendly like Linux, we’ll talk more about this later on in 59 | Section 4. 60 | 61 | On the other hand, if you’re a beginner and you seriously don’t trust yourself, you 62 | may want to invest in a paid antivirus for better security. There will likely be a hit 63 | to your privacy, but if you can’t properly secure yourself, that’s a sacrifice you’ll 64 | have to make. 65 | 66 | For MacOS, the likelihood of an infection is generally smaller than Windows 67 | because it is a less targeted OS. Advanced users don’t typically need anything. 68 | Beginners and moderate users may need to use an antivirus for peace of mind, 69 | but it’s still not required. If you follow the basic guidelines we’ve discussed to 70 | browse the internet, you should be safe on MacOS. But, still be cautious because 71 | it’s more than possible to get infected, despite what Apple thinks. 72 | On Linux, you almost never need an antivirus, at least as of today. Beginners may 73 | want it for peace of mind, but I doubt many beginners will be using Linux in the 74 | first place. No matter who you are, I would recommend doing occasional scans 75 | using something like ClamAV to make sure nothing slipped. 76 | 77 | On iOS, no antiviruses, ever. Anything that claims it’s protecting you is doing 78 | more harm than good. iOS does not need an antivirus thanks to Apple’s heavy 79 | restrictions on what apps can be downloaded to the device. 80 | 81 | Android devices are a bit more open than iPhones. If you’re moderate or 82 | advanced, you don’t need anything. If you’re a beginner, you CAN get one if you 83 | download 3rd-party apps frequently, but it’s honestly still not recommended. 84 | 85 | An option for any operating system is to upload a file you download to 86 | VirusTotal, a web-based antivirus that utilizes different antivirus databases. It’s 87 | nice, but do keep in mind their privacy policy is not very friendly. 88 | 89 | The last thing everyone watching needs to understand is Antiviruses are not 90 | intended to do the work for you. They are supposed to be used as a safety net in 91 | case anything slips past you. So make sure to follow these tips to make protect 92 | yourself as much as possible: 93 | 94 | 1. Go back to the “Your Browsing Habits” lesson and follow the rules of 95 | browsing the internet safely. 96 | 97 | 2. Make sure you’re using a quality firewall, which will stop malicious incoming 98 | and outgoing traffic requests. Windows comes with one, although there are 99 | better solutions out there. MacOS has one, although when this script was 100 | written, it was off by default, so make sure to enable it in your system 101 | preferences. Linux offers firewalls as well. If you’re on Android, check out 102 | netguard for similar functionality. 103 | 104 | 3. To avoid keyloggers from slipping past your setup, which is when someone 105 | or a software captures your keystrokes, a virtual keyboard may help 106 | depending on the keylogger’s sophistication. Or you can use a service like 107 | Guarded ID to prevent hackers or malware from capturing your keystrokes 108 | by scrambling everything you type. Another secret but hidden benefit to 109 | using password managers is they eliminate the need to type a password 110 | into websites, making them a small defense against the simplest 111 | keyloggers. 112 | 113 | 4. The last tip is to make sure you’re aware of your ability to browse the 114 | internet safely. Use an antivirus if you think you may need one, don’t be 115 | overconfident. 116 | 117 | To put everything together, I have a love-hate relationship with antiviruses, and 118 | you should too. They will boost your security, at an enormous cost of your 119 | privacy. You need to decide whether or not you need one, and that depends on 120 | your experience, in combination with the operating system you’re using. I can’t 121 | make the final decision for you, but I hope this lesson put you on the right track. 122 | 123 | And that’s going to wrap up everything I have to say about antiviruses. Thank you 124 | for watching this lesson, and I will see you in the next one, where I discuss file 125 | deletion, and why emptying your recycle bin isn’t properly deleting your files. See 126 | you soon. 127 | -------------------------------------------------------------------------------- /Scripts/Section 3/13_ File Deletion.md: -------------------------------------------------------------------------------- 1 | # File Deletion 2 | 3 | This is going to be a quick lesson covering proper file deletion. On both Windows 4 | and MacOS, we’re familiar with the process of deleting a file, and emptying the 5 | recycle bin, or trash bin. After you empty the bin, the file is gone forever right? 6 | Well no...not even close actually. This lesson is going to cover the basics of how to 7 | properly delete files, especially sensitive ones that you don’t want to be 8 | recoverable. 9 | 10 | First, how come emptying the recycle or trash bin doesn’t work? I’m going to 11 | loosely quote this website, since they explain it perfectly: “On traditional spinning 12 | hard drives, Windows keeps track of where files are on the drive through 13 | “pointers.” Each file and folder on your hard disk has a pointer that tells Windows 14 | where the file’s data begins and ends, in order to quickly store and locate it. 15 | When you delete a file, Windows removes the pointer and marks the sectors 16 | containing the file’s data as available. So all it’s doing is removing the connection 17 | from Windows to the data being stored on the disk. But, until Windows writes new 18 | data over the sectors containing the contents of the old deleted file, the file is 19 | still recoverable using a recovery program like Recuva, made by the same peeps 20 | who made CCleaner, there are actually hundreds of these programs online. I’d 21 | recommend you install a file recovery program right now to see all of the files 22 | you’ve deleted that can still recovered. 23 | 24 | So what do we do about this? On Windows, you probably want to wipe your 25 | drive’s free space using a tool like CCleaner to get rid of the files you never 26 | properly removed before watching this lesson. This will overwrite those open 27 | sectors while keeping your current data safe. Bleachbit offers this functionality as 28 | well. For Macs, there’s this excellent article that has a command you can run in 29 | terminal to accomplish the same task. For Linux, Bleachbit is your best bet as 30 | well. Keep in mind this all for traditional spinning hard drives, SSDs will be 31 | covered soon. 32 | 33 | As for future files you need to delete, make sure you shred your files instead of 34 | simply deleting them, this will overwrite the data making it unreadable. There are 35 | many programs that do this for Windows, Eraser is FOSS and performs 36 | beautifully, and Bleachbit offers file shredding as well. 37 | For Macs, you used to be able to do a secure deletion from your trash bin, but 38 | they removed this function because they couldn’t get it to work on SSDs. That site 39 | I showed earlier explains this more in-depth and also gives instructions for how 40 | to shred your files on Macs. 41 | 42 | For Linux, Bleachbit can shred your files. 43 | 44 | As for SSDs, or Solid State Drives, which many newer devices use today, wiping 45 | data is much more difficult than wiping data on traditional spinning hard drives. 46 | Your main places to look are in your BIOS, which sometimes offer secure deletion, 47 | or your SSD manufacturer may have their own proprietary software. This is overall 48 | much more difficult to remove data, for this reason, I’d advise keeping your most 49 | sensitive documents on *(show hard drive)* spinning hard drives. You can do 50 | wipes on your SSD but I wouldn’t recommend doing more than 1 because you’re 51 | wasting writes on the drive and shortening its lifespan. I would recommend 52 | full-disk encryption for your SSDs to avoid any file from being recovered in an 53 | unauthorized fashion. We’ll talk about encryption in the very next lesson. 54 | 55 | Let this lesson be a reminder that emptying your files, isn’t the same as deleting 56 | your files! Make sure you properly dispose of files so people can’t recover 57 | sensitive data on your devices. Thank you for watching, and I’ll see you in the next 58 | lesson discussing storage and encryption. See you then! 59 | -------------------------------------------------------------------------------- /Scripts/Section 3/14_Storage _ Encryption.md: -------------------------------------------------------------------------------- 1 | # Storage & Encryption 2 | 3 | Something we overlook frequently is how we store sensitive files. We discussed 4 | how to delete and dispose files in the previous lesson, but how do you protect 5 | them when you’re not trying to delete them? Should you store them locally? Over 6 | the cloud? No matter what the content, the general process of securing it is 7 | pretty straightforward. 8 | 9 | The easiest place to start is to encrypt your drive with full-disk encryption, but 10 | that’s going to be its own topic in section 5. For this lesson, we’re going to look at 11 | individual files and/or folders you want to safely protect. 12 | 13 | There are countless tools out there that encrypt files, preventing anyone without 14 | the password from viewing them. The three pieces of software we will use for 15 | Windows, MacOS, and Linux (these softwares work on those operating systems) is 16 | 7zip, Veracrypt, and GNU Privacy Guard. Let’s cover these more in-depth. 17 | 18 | The first software, which isn’t technically an encryption software is 7zip. 7zip is a 19 | FOSS archiving tool, allowing you to compress and uncompress files in zip, 7zip, 20 | rar, and other archiving extensions. The reason I included 7zip is because many 21 | people already use it, and it allows you to password-protect archives, which is a 22 | form of encryption. As an example, let’s encrypt these files. We’re going to convert 23 | them to a zip archive, which will compress them and save space on your 24 | computer, but we can also encrypt the archive with a password to properly 25 | secure it. Now no one can access the files without a password. That’s 7zip! 26 | 27 | The next software is Veracrypt, and it’s my go-to piece of software. The way it 28 | works is you create a volume that you can load your files into, kind of like a 29 | virtual flash drive. However, the volume is encrypted so you need a password to 30 | gain access, protecting every single file stored within the volume. Veracrypt is 31 | open source, free, and even offers partition and full-disk encryption for Windows, 32 | which like I said will be discussed later in the course. Veracrypt is considered one 33 | of the most versatile and robust options, so I would highly recommend you at 34 | least try it out. I have a guide on how to use it on my YouTube channel. 35 | 36 | The last piece of software is GNU Privacy Guard, which works slightly different 37 | from the others. GNU Privacy Guard is FOSS and implements PGP encryption, aka 38 | Pretty Good Privacy, a pretty good form of encryption. Something that can be 39 | either an advantage or disadvantage is GNU Privacy Guard relies on third parties 40 | to build a frontend graphical user interface for you to use, meaning there’s no 41 | official client offered--you pick the one you enjoy the most. This is different from 42 | Veracrypt, which for the most part uses the same unified software for all major operating systems. 43 | 44 | So those are three different pieces of software you can use to encrypt your files. 45 | Keep in mind there are many others, but these are three good options to get you 46 | started today. It’s important to encrypt content, so if anybody gains access to 47 | your computer, flash drives, or external hard drives, they won’t be able to view 48 | your files. Keep in mind that if your whole disk is not encrypted, anyone can view 49 | your files on your computer (even if it’s password protected). I demonstrated this 50 | in a video on my channel--I recommend you go check it out. We will once again 51 | cover full-disk encryption in section 5. 52 | 53 | Okay awesome Henry, but what about cloud storage? Is the cloud safe? Let’s 54 | break down the largest 4 services: iCloud, Google Drive, Dropbox and Microsoft 55 | Onedrive. All 4 of them encrypt your traffic while it’s being transmitted, that’s a 56 | great start. There’s a problem though, they encrypt data while it’s being 57 | transferred, but what about data at rest stored on their servers? Dropbox 58 | encrypts your data with 256 bit AES encryption, which is great, but they also hold 59 | the keys for the encryption, which could lead to unauthorized access by them or 60 | law enforcement requests. iCloud and Google Drive have the same law 61 | enforcement problem, but even they 128 bit encryption which is weaker and could 62 | possibly be cracked by computational force. Onedrive as of writing this script, 63 | doesn’t even use encryption with data at rest, which is surely by design and 64 | should raise suspicions on who is accessing your data. In general, cloud services 65 | are difficult to trust. We know the NSA has access to user data with some 66 | companies through the PRISM project. If you do go with one of these services, try 67 | to encrypt your files using one of the services we discussed earlier and only send 68 | encrypted files through the cloud services. That way even your data is accessed 69 | on the cloud service, it’s still encrypted. 70 | 71 | Now hold up, not every cloud service is created equal. MEGA seems to be more 72 | decent, and and ProtonDrive is an upcoming service from the creators of 73 | ProtonMail, which may be promising. 74 | 75 | The last and best cloud storage option is Nextcloud, which is a self-hosting cloud 76 | storage service, meaning you host it yourself and you own all of your data. The 77 | setup can be tricky for beginners, but this is by far the best way to go if you’re 78 | able to go this route. 79 | 80 | And that wraps up the basics on proper storage and encryption. I hope this was 81 | useful to you, and I will see you all in the next lesson, teaching safe 82 | communication, including messaging, calls, and emails. Thank you for watching, 83 | and see you then. 84 | -------------------------------------------------------------------------------- /Scripts/Section 3/16_ Section 3 Finale.md: -------------------------------------------------------------------------------- 1 | # Section 3 Finale 2 | 3 | This has been a long journey so far...but we’re only halfway through the entire 4 | course. I’m sure this is a lot of information, but I hope you’re absorbing it and 5 | utilizing a lot of what’s discussed 6 | 7 | In this section, we went over Basic Digital Protection, which is a very broad topic. 8 | Keeping software up-to-date, minimizing permissions and settings granted to 9 | apps and programs, passwords and two-factor authentication, privacy-oriented 10 | search engines, private and secure web browsers, how to harden web browsers, 11 | proper browsing habits, and a lesson on browser uniqueness. Don’t forget about 12 | proxies and VPNs, antiviruses and malware, shredding files, proper storage and 13 | encryption, and lastly: safe communication. Whoo! That’s a lot of stuff. 14 | 15 | Since this course is free, I’m asking you to consider helping out the channel, and 16 | the course. You can do that by using our Amazon affiliate link anytime you buy 17 | something on Amazon, you can donate through cryptocurrency on our support 18 | page, as well as other affiliate links there, you can purchase some awesome 19 | merch, and don’t forget there will be a premium version of the course on Udemy 20 | that gives you quizzes, tests, checklists, and an ad-free experience! You can find 21 | all of the support methods on the channel website. 22 | 23 | Lastly, your support and part of the community is enormously important So don’t 24 | forget to subscribe to the channel on YouTube, share the course and the 25 | channel with your friends, and make sure to follow us on social media. Not only 26 | does this support our work and the course, but it allows me to send all of you 27 | updates if anything in the course becomes outdated. 28 | 29 | Thank you in advance for being a premium viewer, you really are an important 30 | part of what’s keeping this course alive. You’re halfway through, so I want to 31 | congratulate you! Section 3 is the most information-packed section of the course 32 | so from here on out--it should hopefully be smooth sailing. 33 | 34 | Thanks again to everybody watching, and I’ll see all of you in section 4, which is 35 | the sequel to section 3: Advanced Digital Protection. -------------------------------------------------------------------------------- /Scripts/Section 3/1_ Section 3 Introduction.md: -------------------------------------------------------------------------------- 1 | # Section 3 Introduction 2 | 3 | Welcome to section 3 of the course! This section is titled ‘Basic Digital Protection’, 4 | and it’s the first part of our Digital Protection series, the following section will be 5 | part 2: ‘Advanced Digital Protection.’ 6 | 7 | These next 2 sections are aimed at teaching you how to improve the way you use 8 | your devices, so that there is both an improvement in security, and privacy. At 9 | this point, you should have completed section 2 to get yourself a pretty clean 10 | slate and a manageable digital footprint. We have done all of this to protect your 11 | Pi^2, or PII, aka Personally Identifiable Information. The techniques we will discuss 12 | in section 3 will make sure that your digital life stays that way, and it doesn’t once 13 | again become cluttered with your data roaming everywhere without you having 14 | control. We are going to accomplish this by discussing how to stay updated, 15 | setup proper password management, two-factor authentication, browser setup, 16 | browser hardening and habits, browser uniqueness, VPNs, Proxies, malware 17 | protection, secure file deletion, secure storage and encryption, and safe 18 | communication methods. Yes, this is a huge section packed with information so 19 | I’d encourage you to take notes to help you follow along. Premium viewers have 20 | access to the checklist, which will make things easier to manage on your end. 21 | 22 | Since every lesson you watch will give you more and more control of your data, 23 | my hope is you’ll begin to feel ownership of it for the first time in your life. That is 24 | all I have to say, thank you for watching the course, and I’ll see you in the next 25 | lesson: ‘Stay Updated.’ -------------------------------------------------------------------------------- /Scripts/Section 3/2_Stay Updated!.md: -------------------------------------------------------------------------------- 1 | # Stay Updated! 2 | 3 | To kick off section 3 with a pretty easy start, let’s talk about security 4 | vulnerabilities and why keeping your programs, apps, and operating systems up 5 | to date is important. 6 | 7 | At the Black Hat Conference in 2017, security researchers found a vulnerability on 8 | all Android devices called The ‘Toast Overlay’ attack, \* Have Plate of Toast \* 9 | which was able to deceive users into installing malware by overlaying 10 | unsuspecting images users interacted with. So the person thought they were 11 | pressing buttons related to an app, when they were invisibly giving the app the 12 | ability to infect the device. The only version of Android at the time that wasn’t at 13 | risk was the latest one, Android Oreo. 14 | 15 | BlueBorne is another vulnerability, which exploited Bluetooth in Android, Linux, 16 | iOS, MacOS, Windows, and it led to the possibility of man-in-the-middle attacks, 17 | letting hackers hijack the device. Vendors immediately started rolling out 18 | patches, which required an update to install. 19 | 20 | *(Hold bag of sugar)* Crack….no no. KRACK exploits vulnerabilities in the WPA2 21 | security protocol on routers and allowed hackers to eavesdrop on any device 22 | hooked up to a wifi network. This affected all major operating systems, and 23 | vendors like Microsoft and Android rolled out their own patches. 24 | 25 | These all happened in 2017, and they reveal a very small portion of the exploits 26 | out there. Something interesting though was that there was one similarity in all of 27 | these attacks: they were all patched and fixed by updates rolled out by a 28 | manufacturer. Every program and operating system you have on your devices 29 | can be used as an avenue for attack. Now, minimalism in itself is already a great 30 | defender against exploits, since there is a smaller likelihood of a program being 31 | utilized for wrongdoing. But, one of the best things you can do is to make sure 32 | your programs, apps, and operating systems are fully up to date! That way you’re 33 | receiving the latest security patches, and quite honestly your device should run 34 | smoother with the newest features (assuming the developer behind the update is 35 | doing it properly) 36 | 37 | Some tips: it’s pretty frequent nowadays for programs, apps, and operating 38 | systems to update themselves automatically in the background, which is great for 39 | our security. However, this can be increasingly frustrating. Windows is well-known 40 | to reboot and go through updates at the worst possible times, and automatic 41 | app updates on your phones don’t allow you to easily see what’s being changed 42 | in the app by showing a changelog. Personally, I go through all of my devices and 43 | update everything manually once a week, because I can’t stand automatic 44 | updates--I like having control over the update process and I enjoy reading the 45 | changes developers are including in the update. But, for most users out there, I 46 | do recommend you leave automatic updates enabled to receive security patches 47 | at the fastest possible rate. 48 | 49 | So that’s the first lesson and probably the easiest of section 3. Keep your 50 | programs, apps, and operating systems up-to-date, and your future self will 51 | thank you later. The next lesson is going to dive into the more complex topics, 52 | beginning with permissions and settings. Thank you for watching, and I’ll see you 53 | there! 54 | -------------------------------------------------------------------------------- /Scripts/Section 3/3_ Permissions _ Settings.md: -------------------------------------------------------------------------------- 1 | # Permissions & Settings 2 | 3 | Permissions! Like giving the permission to access your data is something very 4 | powerful that we typically overlook. We tend not to read the permissions we grant 5 | services, and we unknowingly configure our operating systems to allow ourselves 6 | to be tracked. This is obviously a big problem for several reasons. Let’s cover 7 | some stories and scenarios where permissions led to privacy invasions, and how 8 | we can change that! 9 | 10 | Recently, Facebook suffered a pretty big hit after it was revealed that a company 11 | called Cambridge Analytica was stealing private customer data from users who 12 | authorized access to their Facebook account. This was HUGE, millions of people’s 13 | information was stolen and it’s believed to have been used to influence the 2016 14 | US election. On top of that, Facebook tried to push it under the mat until it was 15 | finally made public. 16 | 17 | Android typically enables location history, which tracks everything you do and 18 | everywhere you go with extreme accuracy. You can open your Google maps and 19 | view the timeline of your entire life if you haven’t disabled this yet. Apple does the 20 | same thing with their significant locations setting, comboed with Popular near 21 | me, device analytics, and more. 22 | 23 | Uber is an app that routinely asks users for permissions, including access to their 24 | location, something that’s necessary to use the app in order to find drivers. Uber 25 | compiles a personal collection of every trip users take, creating a digital 26 | honeypot. A honeypot is a large amount of wanted information in one 27 | easy-to-access place, which can be easily targeted by hackers or other data 28 | collectors. In 2015, Uber changed some of its privacy policies so that they could 29 | collect location data from all US-based users when the app was running in the 30 | background, even if the satellite and cellular communications were turned off. By 31 | using nearby Wifi and IP addresses. This titled ‘god view’ was extremely 32 | dangerous and unneeded, since it collects data about everywhere you go when 33 | the app isn’t even open. Additionally, Uber also got caught for working with Apple 34 | on a secret permission allowing them to copy a user’s screen content. 35 | 36 | On the topic of cars...Tesla is an excellent company that makes phenomenal cars. 37 | When you buy a Tesla, you’re given a consent form which gives you the ability to 38 | allow Tesla to record any information about your car over a wireless 39 | communication system. If you accept, Tesla will collect your Vehicle ID, speed 40 | information, odometer readings, battery usage information, battery charging 41 | history, safety-related data, and much more. An entire portfolio of where and how 42 | you drive is created which you have no control over, Tesla owns it and can do 43 | with it whatever they please. You can contact Tesla to opt out of this, but you will 44 | miss out on automatic software updates, as well as other features of the car. 45 | 46 | The lesson with all of these stories is the less permissions you grant programs 47 | and apps the better. All it takes is one of these companies to suffer a breach for 48 | your information to be publicly available online. Practice minimalism to avoid 49 | rogue permission abusers, go through all the settings on your devices and deny 50 | any unneeded permissions, and restrict as many features and settings as 51 | possible, especially unneeded ones. You have to remember that by default, most 52 | companies will heavily track you. It’s up to you the user to take back ownership of 53 | your data. 54 | 55 | Some good pointers: 56 | - Don’t enable information sharing between apps. 57 | - Disable diagnostics and other information sent to the manufacturer of 58 | your device. 59 | - Find alternatives to apps, programs, and services you use that are FOSS 60 | and non-proprietary. 61 | - Personalization is the enemy, so make sure to disable as many settings and 62 | app permissions that can be used for personalization, because 63 | personalization is a synonym for data collection. 64 | - For Android devices, checkout the Appcensus website, they break down 65 | privacy concerns for lots of apps from the Play Store, so it may be worth 66 | checking this before downloading an app. 67 | - As we’ll discuss later, ditching Windows 10 isn’t a bad idea, it’s a privacy 68 | nightmare, but for many of you--you may still need to use it. You can 69 | optimize windows 10 for privacy and security, using tools like these, 70 | although keep in mind they don’t remove 100% of everything, they just help. 71 | - Avoid syncing accounts that allow friends or family members to access or 72 | share private information. It’s easy to end up in a situation where you have 73 | to explain to your kid what’s that monster hanging between your legs and 74 | why their mother sent a salivating emoji as a response to it. Try to keep 75 | your accounts private, and only accessible by you to avoid any possible 76 | confusion. 77 | - Lastly, make sure you’re the administrator and that any other users or 78 | guests have limited permissions. This is similar to the principle of “least 79 | privilege” in a corporate or security setting. Where employees are granted 80 | the minimum permissions needed to get a job done. 81 | 82 | I hope that helped you understand the need for limiting permissions, because 83 | most data breaches and privacy invasions are a result of poor permission 84 | etiquette. It’s important for you to understand what type of data is being 85 | collected about you from the features, settings, apps, and programs you use 86 | everyday. Remember minimalism and transfer the ideas from there to here. 87 | Thanks for watching, and I’ll see you in the next lesson talking about passwords. 88 | 89 | ## Changes 90 | ***- Uber gets picked on A LOT in this lesson, which sparks the question: What about Lyft? They are a 91 | smaller company, but this doesn’t protect everything from getting out. Lyft has also come under 92 | some fire, as seen in this article: https://techcrunch.com/2018/01/25/lyft-god-view/*** 93 | 94 | ***- Tesla is mentioned to have a form where you opt-in to cellular communication with the vehicle. Please be aware their process has updated, and opting out MAY involve voiding your vehicle’s 95 | warranty and many other major concerns. The Techlore channel has covered this topic here: https://www.youtube.com/watch?v=Qjkt3X2WLrw and will be covering this more in the future.*** 96 | -------------------------------------------------------------------------------- /Scripts/Section 3/5_ Two-Factor Authentication.md: -------------------------------------------------------------------------------- 1 | # Two-Factor Authentication 2 | 3 | The last lesson talked about passwords and why they are so important. But, 4 | something that is just as important is two-factor authentication or 2FA, which…as 5 | it sounds, is a second form of authentication required to access an account. This 6 | could be verifying a code sent to your phone number after you’ve put in your 7 | password, it can be a second password requirement, a code from an app like 8 | Authy or Google Authenticator, a USB key, or security questions can work as well. 9 | 10 | The idea with 2FA, is even if your password fails you, you are still protected. 11 | Maybe a service you use gets hacked and someone gets your password. Maybe 12 | you’re tricked into handing your password over through social engineering, a 13 | scammer, a phishing site, or maybe your password is brute-forced, this stuff can 14 | happen to any of us. But, even though someone has your password, which 15 | assuming you followed your OPSEC is only being used on that one service, they 16 | still can’t gain access to that account because additional authentication is 17 | required. It’s similar to movies, where in order to authorize access, you need to 18 | have two people turn the key at the same time to unlock the door. 19 | 20 | This is all great in theory, but not every form of 2FA is created equal. The most 21 | common form of 2FA is an SMS text message sent to your phone with a code. The 22 | site asks you what the code is, and you simply type it in. This seems extremely 23 | secure. Well, not really. Lots of cell phone providers are known to have weak 24 | security when it comes to social engineering, something we’ll talk about down the 25 | road in the course. Someone can call your cell phone provider pretending to be 26 | you, and forward all the SMS messages sent to your number--to theirs. This 27 | actually happened to Linus Tech Tips, leading to the compromise of their Twitter 28 | page and their website, as well as many other YouTubers including Boogie2988. 29 | On top of this, Kevin Mitnick in his book The Art of Invisibility discusses a pretty 30 | easy social engineering technique that exploits SMS two-factor authentication. 31 | Here’s what he said: “Say I want to take over your email account and don’t know 32 | your password. I do know your cell phone number because you’re easy to find 33 | through google. I can go to the reset page for your email service and request a 34 | password reset, which, because you enabled 2FA, will result in an SMS code sent 35 | to your phone.” Mitnick then directly social engineerings the user by texting the 36 | person a non-suspicious text “from Google” saying “Google has detected unusual 37 | activity on your account. Please respond with the code sent to your mobile device 38 | to stop unauthorized activity” So he’s impersonating Google here to get a user to 39 | send over the two-factor authentication code. Now that Mitnick has the code, he 40 | has all the information he needs to reset the account password and gain access. 41 | 42 | On top of all of this, SMS is unencrypted, opening up the potential for SMS 43 | sniffing; we’re going to talk more about that in lesson 3.15: safe communication. 44 | Because of all of these SMS risks, I highly recommend avoiding SMS 2FA, unless 45 | it’s the only option available, which unfortunately does happen. If your account 46 | only gives you the option to use text verification, I encourage you to speak your 47 | voice and push them to be more secure. But, do remember that having text 2FA is 48 | better than nothing. 49 | 50 | So what is proper two-factor authentication? Well, one solution is an app which 51 | generates keys for you. The reason these are so much more secure is most never 52 | touch the internet or any communication protocols; they locally store keys 53 | generated on your device, making it extremely difficult for anyone to get these 54 | keys outside someone with physical access to your device. 55 | 56 | So what authenticator app should you use? There are tons of apps that give you 57 | this functionality, and to be perfectly honest, this is one of the few areas of this 58 | course where I’m going to tell you it doesn’t matter too much which one you go 59 | with, it’s mostly personal preference. These are simple apps, and all they do is 60 | generate new keys for you every 30 seconds, that’s it. The way it works is you scan 61 | a QR code for the service you’re signing up for, and now it’ll generate codes for 62 | you to use. Probably the most popular ~~FOSS~~(Changes Below) authenticator is Authy, now don’t get 63 | me wrong, Authy is great...but it offers cloud syncing and key backups which is 64 | something we don’t want. We want all of this to be stored locally for better 65 | security. You can use Authy, just make sure to avoid the features inside of it. 66 | 67 | Alternatively, I’d recommend FreeOTP for iOS, and andOTP for Android. These are 68 | both FOSS, much more limited than Authy, and get the job done just as well. 69 | The last topic I want to cover is physical two-factor authentication, and this 70 | comes in many different shapes and sizes, so there are no specific rules or 71 | information to follow since everybody’s digital life is set up differently. You can 72 | require a password in addition to a * show USB * USB key to get into your 73 | operating systems, so the USB key is functioning as an additional authentication 74 | requirement. This can work with full-disk encryption as well. Something like 75 | YubiKey is great for this, or you can turn any flash drive into a device as well. You 76 | can use a TPM module if your computer supports it, so that your drives can only 77 | be booted from a specified computer, and there are hundreds of different 78 | products out there that have their own proprietary version of physical 2FA. Like I 79 | said, there’s nothing in particular I’m going to recommend, but just be aware that 80 | these products exist. 81 | 82 | That’s everything I have to say about 2 factor authentication. You can have the 83 | world’s strongest password, but you’re as strong as your weakest link..don’t let the 84 | lack of 2FA be your weak link. Thank you for watching, and I’ll see you in the next 85 | lesson: Search Engines. 86 | 87 | ## Changes 88 | ***- Authy is NOT FOSS. An empty GitHub isn’t open-sourcing your software, and it’s a shame this 89 | was mentioned as a FOSS service when it isn’t. (https://github.com/authy)*** 90 | 91 | ***- Biggest mistake of Go Incognito so far: No mention to BACK UP YOUR 2FA CODES! I repeat...BACK UP 2FA CODES. This is a major headache in the event you lose the device holding your 2FA keys. 92 | Have you backed up your codes yet?*** 93 | -------------------------------------------------------------------------------- /Scripts/Section 3/6_ Search Engines.md: -------------------------------------------------------------------------------- 1 | # Search Engines 2 | 3 | Search engines are your gateway to the sites you visit everyday. They act as a 4 | middle man, allowing us to search for what we want and connecting us to what 5 | we’re looking for. But, because of their ability to view everything we do, they have 6 | become some of the world’s largest data collectors, including Google, Microsoft 7 | (through Bing), and Yahoo. These are all very non-privacy oriented companies, 8 | and even if you don’t have an account with them, they are still building a profile 9 | on your searches for commercial purposes. Obviously, this is a big privacy 10 | concern...we can’t have people knowing everything we’re searching for and tying 11 | that to our personal information. 12 | Because of this, we need to find search engines that collect as little information 13 | about us as possible. Luckily there are three very good options which we will 14 | discuss today, each with their own pros and cons. 15 | 16 | The first service is DuckDuckGo, which is probably the most popular and widely 17 | used privacy search engine. Some of the nice things about DuckDuckGo is they 18 | have a beautiful UI, they are privacy-oriented and extremely public about the 19 | information they collect about you. In addition, they let you use tags to instantly 20 | search different search engines, and they offer an onion variant to be used 21 | inside of Tor. Some problems are they are based in the United States, sparking 22 | jurisdiction concerns, and the core of the service uses proprietary software. 23 | There are additional concerns with DuckDuckGo being a company that relies on 24 | Amazon to deliver their service, since this could be a potential avenue of attack 25 | from intelligence bureaus looking to track DuckDuckGo users Because of privacy 26 | concerns, I wouldn’t say DuckDuckGo is our best bet, although it’s still infinitely 27 | better than Google, Bing, and other mainstream search engines. 28 | 29 | The second service out there is StartPage, which works a bit differently from 30 | DuckDuckGo. What StartPage does is they grab Google search results, but they 31 | supply it to you through their own service, stopping Google from seeing the user 32 | behind the search. People typically call StartPage a Google proxy, since all they’re 33 | doing is acting as a private middleman. Because you are getting Google results, 34 | you are going to have the best possible search experience using StartPage. Some 35 | of the downsides are: one, they aren’t very popular, so setting this to work with 36 | your browser by default may prove to be difficult, depending on the device and 37 | browser of your choice. And second, they don’t offer an onion site for Tor users, 38 | so you’ll have to connect to their normal website when you’re using Tor, we’ll talk 39 | about Tor in section 4. 40 | 41 | The last service is Searx me, apparently the x can make a ch sound in some 42 | languages, so we’re going to go with that pronunciation. It is commonly regarded 43 | to be the best search engine when it comes to your privacy. They are an open 44 | source metasearch engine, meaning they get results from several search engines 45 | and bring them to you using their service. It privately grabs results like StartPage 46 | does with Google, but it offers a lot more services, as you can see here. It actually 47 | grabs results from DuckDuckGo and Startpage as well, soooo yeah if you can go 48 | this route, I highly recommend Searx. The way they supply results is plain 49 | awesome. 50 | 51 | So those are the three big names when we’re talking about privacy-oriented 52 | search engines. It’s important to move your searches off of unprivate search 53 | engines, to services that value your privacy. Once you pick the one you like, I’d 54 | recommend setting it as your default search engine and adding it to your 55 | omnibar search on the top of your browser if possible. 56 | 57 | That’s going to wrap this up, it’s a fairly simple topic and I hope it all made sense. 58 | The next four lessons are going to be a quadrilogy about browsers. There’s so 59 | much information about proper browsing habits, so those will teach you 60 | everything you need to know. The first lesson is titled: Your Browser. Until then, 61 | and thank you for watching. 62 | 63 | ## Changes 64 | 65 | ***- Please note this lesson isn’t covering the ONLY search engines to use—it’s simply giving three 66 | commonly-recommended options. There are several other great privacy search engines, and more 67 | advanced users can make an educated decision on which one they trust most. The Techlore 68 | channel will cover other search engines more in-depth in the future.*** 69 | 70 | ***- A beautiful thing about searx.me is they allow you to self-host it yourself. Underrated feature I failed to bring up.*** 71 | -------------------------------------------------------------------------------- /Scripts/Section 3/7_ Your Browser.md: -------------------------------------------------------------------------------- 1 | # Your Browser 2 | 3 | Your browser is your entry to the world of the internet, without it...you wouldn’t 4 | really be able to do anything. Since your browser plays such an important role in 5 | how we interact with our devices, it’s important that you, the user, configures it in 6 | a way that will increase your privacy and security, limit website tracking, and give 7 | you a much cleaner web experience. Let’s pick our knight! 8 | 9 | To start off simple, what knight, or browser should you be using? All of them claim 10 | to be either the best, the fastest, or offer the best battery life. So here are the 11 | browsers I recommend you use with a focus on either security, privacy, or both. If 12 | something isn’t mentioned, it’s because it’s too new, or it’s not recommended 13 | enough in the community for me to mention. 14 | 15 | Let’s start with the browser that over half of you watching this lesson are using: 16 | Google Chrome. Yes, Chrome is the fastest browser in a great deal of tasks, and 17 | it’s (for the most part) very secure, but it is terrible for your privacy, since it’s run 18 | by Google, and they’re collecting data. 19 | 20 | Google tracks your emails, location, search history, web history and much more, 21 | you guys know this because I took you to your activity page in section 2. Even If 22 | you’re using chrome without a Google account, they are still collecting the same 23 | information and building a profile within your browser. They even came under 24 | fire for scanning files on your computer for “improved security”. Because of this 25 | mistrust, I advise you avoid Chrome, and even avoid chromium, the open source 26 | version of Chrome, since there is still Google tracking going on. There are tools 27 | like ungoogled chromium that attempt to cut out background data collection, 28 | but I’d still be wary with them. 29 | 30 | The next popular option is Firefox. Firefox is a very good standard for privacy 31 | and security, and is commonly the recommended way to go. There is a very small 32 | amount of tracking down by the browser itself, and most of that can be disabled. 33 | It also has some of the best support for extensions and settings used to harden 34 | the browser for the best protection, even on mobile devices, something we’ll talk 35 | about in the next lesson. 36 | 37 | Some other honorable mentions are Waterfox, a version of Firefox with some 38 | tracking disabled by default, although I’d still recommend using Firefox if you’re 39 | willing to take the time to configure it properly. 40 | 41 | Brave is another option. I’d argue Brave is more private than Firefox out of the 42 | box. But, it won’t beat a properly configured Firefox, since Firefox will give you 43 | much more control over what’s being tracked, especially related to scripts. So 44 | Brave is a great option for users who don’t want to take the time to do the 45 | hardening themselves, and it’s quite honestly a very promising project with high 46 | ambitions for improving privacy and security on the internet. If you go with Brave, 47 | you don’t have to worry too much about the extension-oriented type of 48 | hardening we will be doing in the next few lessons. 49 | 50 | The very last browser is the Tor browser, which most of you have heard of. Tor 51 | deserves its own lesson, which will be in section 4 of the course. Even if you end 52 | up using Tor, I’m going to recommend having a secondary browser as well, which 53 | should be a fully hardened browser--so make sure to configure one of the other 54 | browsers in the following lessons. 55 | 56 | There is a lot more you need to do, mostly related to extensions and browsing 57 | habits. For most of you watching this lesson, I would recommend you go with 58 | Firefox because it offers such good support for extensions that we need to use. 59 | The instructions in the next few lessons will be aimed at Firefox. 60 | 61 | Thank you for watching this lesson, it was straightforward because there are 62 | three more lessons which will get into the more technical side of things. I hope 63 | you’ve made your browser choice, and I’ll see you in the next lesson: Hardening 64 | Your Browser. 65 | -------------------------------------------------------------------------------- /Scripts/Section 3/8_ Hardening Your Browser.md: -------------------------------------------------------------------------------- 1 | # Hardening Your Browser 2 | 3 | The last lesson talked about what browser to choose, and I hope many of you 4 | picked Firefox because it’s going to make your life a lot easier. In this lesson, we’re 5 | going to configure your browser to be as private and secure as possible, a 6 | process called “Hardening” your web browser. I will be demonstrating with Firefox, 7 | and most steps will apply to other browsers as well, like Chrome. The two 8 | browsers that can be hardened but shouldn’t have extensions are Brave and Tor. 9 | Brave because it doesn’t rely on extensions for hardening, and Tor has its own 10 | reasons which we’ll discuss in section 4. 11 | 12 | To start off with standard settings, make sure you always check for updates and 13 | install them automatically for the newest security patches. Set your homepage to 14 | a privacy-oriented search engine like the ones we discussed earlier, set your 15 | default search engine to a privacy search engine, and I’d recommend disabling 16 | all forms of suggestions in your omnibar. Make sure to disable any password 17 | management done by your browser, use a password manager as previously 18 | discussed. Set your browser to never remember history, block as many cookies as 19 | possible, remove cookies and other data on browser exit, enable tracking 20 | protection at all times, send a Do Not Track signal, block pop-up windows, and 21 | make sure to limit as many permissions as possible. Lastly, make sure to disable 22 | any data collection done by Mozilla, and make sure you’re not signed in to any 23 | Firefox account to sync your settings--keep it local. If you’re somebody who uses 24 | Chrome or another browser, find these settings in those browsers and cover 25 | those settings. They all include more or less the same stuff. 26 | 27 | Now something powerful Firefox has is an advanced settings menu, which you 28 | can access by typing ‘about:config’ into your search bar on top. Privacytools.io 29 | was nice enough to include a great list of tweaks that you should make inside of 30 | this menu to make your configuration inside of Firefox more private and secure. 31 | DO NOT skip this step. 32 | 33 | So now your settings are configured properly, but that’s only half the story. Even 34 | then, most browsers still aren’t configured to protect your information, so we 35 | need some third-party help. This is one of the few instances where we need to 36 | break the rules of minimalism in order to fully protect ourselves. 37 | 38 | The first extension is HTTPS Everywhere. HTTP is a protocol that serves as a 39 | foundation for data communication on the internet. Almost any website you visit 40 | utilizes HTTP or HTTPS. HTTPS is HTTP, but with a massive S at the end, which 41 | stands for security. HTTPS secures your connection and data by using an SSL 42 | certificate, encrypting your traffic. HTTPS Everywhere forces HTTP requests to be 43 | HTTPS, making it an extremely important extension to be using. 44 | 45 | Up next, we have Ublock Origin, an ad and tracker blocker. The reason you want 46 | to use Ublock Origin over other ad-blockers is because Ublock is open source, 47 | and Ublock doesn’t whitelist websites who pay money to show ads, which other 48 | extensions have done. Booo! 49 | 50 | The third extension you want is Privacy Badger, which blocks spy ads and 51 | invisible trackers. It sends a Do Not Track signal and if trackers ignore these 52 | wishes, the badger blocks them. 53 | 54 | Both Ublock Origin and Privacy Badger include options to prevent Webrtc leaks, 55 | which could potentially leak your real IP address when you’re using a VPN or 56 | proxy, so make sure to enable it in one of these programs. Or, if you’re a 57 | hands-on type of person, you can do this manually in the about:config menu, the 58 | instructions are on privacytools.io. 59 | 60 | Decentraleyes, clever name… Protects you against third-party tracking through 61 | large, centralized, content deliverers. It prevents a lot of requests from reaching 62 | networks like Google Hosted Libraries, and other non private libraries. 63 | 64 | Cookie AutoDelete is an extension that deletes cookies automatically when you 65 | close a tab. So if you’re on Facebook in one tab, Amazon in another, and Google 66 | in a third, closing one tab will delete all cookies associated with the traffic inside 67 | of that tab. 68 | 69 | When you visit a website, the basics of the website are programmed in a 70 | language called HTML, serving as the structure of the website. The second 71 | language is CSS, which styles the website and makes it look pretty. The third 72 | language is Javascript, a scripting language functioning as the brains of the 73 | website, allowing it to perform functions and features. Javascript and other 74 | pieces of software like Flash and Java are utilized by a lot of websites. The 75 | problem is, they’re extremely easy to exploit, and typically reveal a lot about your 76 | information and browser configuration. In fact, the infamous “Spectre” and 77 | “Meltdown” exploits rely on the use of Javascript. 78 | 79 | Lucky for us, the newest version of HTML: HTML5...has removed the need of one 80 | of these dangerous pieces of software: flash. But, it’s also brought its own 81 | tracking technology called canvas fingerprinting. Canvas fingerprinting uses the 82 | HTML5 canvas element to draw an image on your browser that’s not visible to 83 | you. The idea is your hardware and software configuration will render the 84 | invisible image uniquely, and this is used to track you across different websites. 85 | To avoid this, install ‘canvasblocker’ for Firefox, or ‘canvas defender’ for Chrome. 86 | Sadly though, HTML5 doesn’t fix the problems with Javascript and other 87 | scripting languages. So this is where NoScript comes into action. NoScript, as it 88 | sounds, disables all website scripts by default, which is fantastic! However, it is 89 | disabling the brains of a website; so if the website relies on brains, it will severely 90 | break the site. Luckily, fixing the site is as simple as clicking NoScript and 91 | enabling scripts for that website temporarily, or Noscript lets you load individual 92 | elements while continuing to block the others. It is not as extreme as a plugin as 93 | people make it seem; if you need a site to work, add it as an exclusion and you 94 | never have to worry about it again. If you’re using Chrome, ‘scriptblock’ replaces 95 | NoScript. 96 | 97 | The very last extension is uMatrix, which lets you manage cross-website requests 98 | to stop tracking between websites. I saved this for last because it’s a more 99 | complex extension to use, geared more towards advanced users. I would 100 | recommend it if you are comfortable configuring it. 101 | 102 | So that is how you harden Firefox and other web browsers to give you the safest 103 | browsing experience possible. We have implemented a ton of precautions on the 104 | technical side of things, but unfortunately this still isn’t enough to protect you 105 | online, because there’s still room for you to mess up--human error is a huge 106 | problem. The next lesson will teach proper browsing habits, including rules, tips, 107 | and tricks to keep you safer inside your browser. See you then! 108 | -------------------------------------------------------------------------------- /Scripts/Section 3/9_ Your Browsing Habits.md: -------------------------------------------------------------------------------- 1 | # Your Browsing Habits 2 | 3 | Alright, welcome back! The last two lessons have taught you not only what 4 | browser to be using, but how to harden your browser to make it as safe as 5 | possible. The problem is that your decisions when you’re browsing can be your 6 | downfall, so it’s equally important for you to understand risks on the internet and 7 | how to get around them. Let’s dive right into it... 8 | 9 | First, only visit trusted, non-suspicious websites. If you go to a website and it 10 | seems sketchy, just leave. The more you browse the internet and get exposed to 11 | different websites, the better your BS radar’s going to be. Here’s a few things you 12 | should watch out for: 13 | 14 | - Any website that hosts program downloads like download.com should be 15 | avoided. Only get programs from the original source to minimize the risk of 16 | someone tampering with the file. 17 | 18 | - Any website or ad that says your system is infected with malware is always 19 | fake. 20 | 21 | - Check for typos, since professional websites will typically not have 22 | mistakes. Outside of that, you’ll need to learn mostly through experience. 23 | 24 | Next up...if your antivirus, operating system, or browser warns you that a website 25 | is unsafe, don’t ignore the warning. Leave! 26 | 27 | Piracy can also be a problem. This isn’t an ethics lesson, I’m not going to tell you 28 | whether or not to do it, the reality is it’s happening. If you’re a person who’s 29 | pirating anything, you need to be aware of the risks that come along with 30 | downloading files from random people on the internet. The content is not coming 31 | from the original source and people can modify it in any way possible. Avoid 32 | pirating for the sake of your security. 33 | 34 | In other news, if you’re speaking to random people on the internet, scams are 35 | everywhere and you need to assume that everything is a scam, until otherwise 36 | proven legitimate. 37 | 38 | A common scam is phishing attacks, which are website and/or other digital 39 | impersonations, like you visit Google, but it’s not actually google.com, maybe it’s 40 | yoogle.com, a website owned by the attacker. When you type in your Google 41 | username and password, this information is sent to the hacker and they now 42 | have your information. To avoid this: 43 | 44 | - Check the URL when you visit sensitive websites 45 | 46 | - Check the site owner and certificate, browsers make this very easy to verify. 47 | 48 | - Make sure to setup two-factor authentication as discussed earlier in the 49 | course. 50 | 51 | Another form of phishing attacks is through communication, so maybe someone 52 | will impersonate your bank through email and ask for your details. To combat 53 | this: 54 | 55 | - Always check the email domain and make sure it is the correct domain for 56 | the service. 57 | 58 | - Watch for poor grammar, misspellings, urgent messages, pleas for money, 59 | or pleas for information. Keep in mind that your friend may get their email 60 | hacked, causing you to receive a malicious email from your friend. If 61 | anything seems suspicious, double check with them to make sure they sent 62 | you the message. 63 | 64 | Okay, that’s all covered. Here are some more random tips, let’s just rip through 65 | them! 66 | 67 | ● Try to log out of websites when you’re done using them. Google and 68 | Facebook can track your browsing habits and tie it to the account you’re 69 | logged in to. 70 | 71 | ● Within your browser, make sure to implement minimalism with permissions 72 | like we discussed earlier in the “Permissions & Settings” lesson. Don’t hand 73 | over your location, webcam, audio, or other any information to a website 74 | that doesn’t need it. 75 | 76 | ● At this point you’d think it’s difficult for websites to track you, and...don’t get 77 | me wrong it is. But behavioural analysis can still leave you exposed. The 78 | way you type is something extremely unique to you as a user, meaning it 79 | can be used to track you. This is concerning because Google and other 80 | firms can tie different types of data to an individual based on their typing 81 | habits. Luckily, there’s a plug-in called ‘Keyboard Privacy’ for Chrome which 82 | plays your keystrokes at random cadences to reduce behavioural tracking. 83 | Unfortunately, there’s no official version of this for Firefox, but ‘behavioural 84 | keyboard privacy’ attempts to do the same thing. You can take this to the 85 | extreme by never typing anything directly into your browser--type things in 86 | a text editor and copy and paste the data to your browser. 87 | 88 | ● On an unrelated note, when you’re installing programs on your computer, 89 | it’s not uncommon for them to try to sneak PUPs, or Potentially Unwanted 90 | Programs, onto your system. To avoid this, read all the checks within 91 | programs during the installation process, since some of them are not 92 | related to terms and conditions, it’s just asking to install PUPs. 93 | To finish everything off, try to use common sense on the internet. If a random 94 | stranger is asking for your personal details, you probably shouldn’t give it to 95 | them. If there’s an ad for a *(show pill)* penis enlargement pill, it’s most likely a 96 | scam and doesn’t work, just be aware. 97 | 98 | In reality, you’re probably going to mess up here and there, we all do, but that’s 99 | why we’ve discussed different precautions, and we will have many more safety 100 | nets throughout the rest of the course. The next lesson will be the final lesson of 101 | our browser quadrilogy, and it’s titled: browser uniqueness. It’s super interesting 102 | actually. Thank you for watching, and see you then! 103 | -------------------------------------------------------------------------------- /Scripts/Section 4/1_ Section 4 Introduction.md: -------------------------------------------------------------------------------- 1 | # Section 4 Introduction 2 | 3 | Hello, and welcome back to the course. This video will kick off section 4, a 4 | continuation to section 3, titled Advanced Digital Protection...the creativity is real. 5 | If you’ve done section 3, you’ve taken care of a lot of the basics for your general 6 | browsing habits and the way you interact with your devices, so good job there! 7 | But, there is so much more to talk about...this section will cover alternative 8 | operating systems, live operating systems, virtual machines, the much 9 | anticipated Tor, shopping privately and securely online, a word on 10 | cryptocurrencies, and checking up on yourself, aka auditing. 11 | 12 | Section 3 involved mostly things you could implement today to change your 13 | security and privacy habits, and it (for the most part) was nothing life changing, 14 | despite the benefits it brought to the table. However, section 4 will cover things 15 | that may dramatically change the way you interact with your devices. That 16 | includes changing your main operating system, installing a custom ROM on your 17 | Android device, using a Live OS that records 0 information about you, shipping 18 | items to different locations, and using painfully slow browsers that may break 19 | some websites. This is why it’s advanced, and it’s important you go into section 4 20 | knowing that. 21 | 22 | That’s it for this introduction, I will see you in the next lesson, discussing desktop 23 | operating systems. -------------------------------------------------------------------------------- /Scripts/Section 4/2_ Deskop Operating Systems.md: -------------------------------------------------------------------------------- 1 | # Desktop Operating Systems 2 | 3 | Your digital world starts with booting up your computer into its operating system. 4 | Almost everything you do runs on top of an OS like Windows, MacOS, or 5 | Linux--making them extremely important in our quest towards privacy and 6 | security. *(show helmet)* It’s like wearing a super protective helmet on a bike 7 | without breaks. 8 | 9 | Now technically, operating systems run on top of a BIOS, on top of your 10 | hardware. This will all be discussed in section 5, we’re going from the top and 11 | working down. If you followed everything privacy-related I’ve taught you so far in 12 | this course, it’ll not be fully utilized if you did it on Windows 10, since a lot of what 13 | you’re doing is being tracked by the operating system itself. 14 | So let’s break down different operating systems. 15 | 16 | Let’s begin with the most used desktop operating system: Windows, by Microsoft. 17 | Overall, Windows is the option to strike a balance between hardware capability 18 | and application availability, but it falls short in privacy. I am forced to use 19 | Windows to edit this, since Adobe refuses to support other operating systems 20 | that allow me to use my own optimized hardware. Gamers may also find it 21 | challenging to use other operating systems. For privacy, 22 | it’s well known that Windows tracks you and functions as spyware. In fact, they 23 | even handed over encrypted messages to the NSA at one point. If you need to 24 | use Windows either for work or entertainment, you can use tools like W10Privacy 25 | to disable some of this tracking and help you out a little bit. Don’t forget to 26 | disable any settings you don’t need, and minimize the information you hand 27 | over--this was all discussed in lesson 3.3. 28 | 29 | MacOS is the next major operating system by Apple. Is it more secure than 30 | Windows? Yes, in general it is. 31 | 32 | As for privacy, Apple claims all personal data is processed on the physical device, not on an 33 | Apple server. In reality, consumer data is “anonymised”, and eventually sent to 34 | Apple’s servers. So Apple does form a portfolio on you and your habits, but it’s 35 | not tied to your personal iCloud account directly. The issue is things can be tied 36 | together extremely easily, especially when Apple has control of your data. 37 | This has proved to be true...Apple has disclosed and given up information on 38 | iCloud users, almost 2,000 times in just the first half of 2015. They helped the FBI 39 | identify the owner of Kickass Torrents. Don’t forget Apple is in the NSA’s PRISM 40 | project, which gives the NSA access to Apple data. So I would say Apple is a more 41 | privacy-oriented company than Microsoft, but it’s important to realize Apple may 42 | not be private as they market themselves to be. 43 | 44 | Between Windows and MacOS, MacOS will offer you overall better privacy and 45 | security than Windows. 46 | 47 | The third major variant of operating systems is Linux, which runs on the open 48 | source Linux kernel that serves as a platform for many different operating 49 | systems, known as linux distributions, ranging from Ubuntu and all the way to 50 | redstarOS. It’s what many consider to be the king of security and privacy, but 51 | don’t get on that hype train just yet. 52 | 53 | Most Linux distros aren’t inherently any more secure than Windows or MacOS, 54 | Security through obscurity will work in your favor at the time of making this 55 | course, since fewer people using Linux makes it a less targeted OS, but that’s not 56 | technically better security. A great thing about most linux distributions is they 57 | are free and open source, so any person is able to view the code, making it easier 58 | to catch exploits in advance. 59 | 60 | Privacy on Linux distributions is going to vary on the distribution, but in 61 | general…it is significantly more private than Windows or MacOS. Even the more 62 | popular distros that came under fire for privacy concerns suffered problems that 63 | are minor in comparison to what Apple and Microsoft have done. 64 | For those who are new to Linux, popular options like Ubuntu or Linux Mint make 65 | the switch easy, offering decent security and privacy. For moderate and 66 | advanced users, take a look at Fedora and Debian. Some of you are probably 67 | screaming “What about tails?!” Relax...Tails is a LiveOS, something we’ll be talking 68 | about in the next few lessons. 69 | 70 | The last major OS to discuss is BSD, or Berkeley Software Distribution. The two 71 | most common variants are FreeBSD and OpenBSD, and they both will feel similar 72 | to most Linux distributions with some under-the-hood changes and licensing 73 | differences. In general, most of you should probably stick with Linux-based 74 | operating systems, but if you are interested in BSD, there is this great website 75 | breaking it down pretty well, and then you can decide if Linux or BSD is right for 76 | you. 77 | 78 | That wraps up desktop operating systems. Each of you will draw your 79 | convenience line at different areas, and it’s fully understandable why switching to 80 | Linux may be difficult, since lots of the software you use may not be fully 81 | compatible with Linux. For those who are on the edge, I have a few words of 82 | wisdom: 83 | 84 | First, you can use Linux without installing it. You can create a virtual machine, 85 | which I’ll discuss later in section 4, or you can create a *(show flash drive)* 86 | bootable liveOS, which I’ll also talk about. 87 | 88 | Second, in terms of switching operating systems, there are many FOSS alternatives to the programs you use every day. It’s 89 | just a matter of researching and finding the best option. Alternativeto.net is a great place to start. 90 | 91 | Third, you don’t necessarily have to choose between Linux and Windows, you can 92 | have the best of both worlds by dual booting, which lets you use two operating 93 | systems on the same computer. This is common among gamers; what gamers do is they download and use 94 | games on Windows, restricting the amount of personal information they share, 95 | and they use Linux for everything else, making sure nothing crosses over. I’d also 96 | recommend checking out Switched to Linux’s channel on YouTube, who has 97 | amazing content talking about Linux and easy ways to switch over, we actually 98 | did a stream together going through some tips for all of you, to make the switch 99 | as easy as possible. 100 | 101 | And that’s everything I have to say about desktop operating systems. *(hold 102 | popsicles)* There are many flavors to choose from and the choice is entirely 103 | yours. The next lesson will cover mobile operating systems, so make sure to stick 104 | around for that. Thank you for watching, and see you then! 105 | -------------------------------------------------------------------------------- /Scripts/Section 4/3_ Mobile Operating Systems.md: -------------------------------------------------------------------------------- 1 | # Mobile Operating Systems 2 | 3 | Now that we’ve covered desktop operating systems in the previous lesson, I’m 4 | sure you’re wondering what options you have for *(hold iPhone and Android 5 | device)* mobile operating systems. Well, we’re pretty limited here. On the bright 6 | side: it’s a shorter lesson. 7 | 8 | Very similar to desktop operating systems, everything you do on your mobile 9 | devices runs on top of the operating system--like iOS or Android. You’re not 10 | going to be accomplishing much in this course if you’re on an inherently insecure 11 | and unprivate OS. 12 | 13 | Let’s start with the most popular, open source, operating system, Android. 14 | Android is difficult to analyze because vendors have the ability to modify the OS, 15 | or ROM, to their liking, causing a lot of variance between different devices. 16 | OnePlus, the Chinese budget phone manufacturer uses their own version of 17 | Android called OxygenOS, which in October of 2017 was found to be collecting 18 | data about user’s activities, tying the data to their serial number, which can then 19 | be tied to the individual who purchased the device. On the other hand, 20 | GrapheneOS is built from the ground up to be an extremely secure and private 21 | version of Android. These two ROMS took Android’s openness in two entirely 22 | different directions. So how do we analyze this? Well, I’ve split Android into three 23 | separate types, making it easy for you to understand the key differences. 24 | 25 | Type 1, the most common form of Android, is modified and skinned, from a 26 | manufacturer like HTC, Samsung, Motorola, or OnePlus--just to name a few. 27 | There will be exceptions, but in general, the security is alright. It fluctuates, but 28 | Android is typically more prone to vulnerabilities than iOS. Even Samsung’s Knox 29 | software, which is made to improve the phone’s security, had three vulnerabilities 30 | that affected Knox version 1.0-2.3. Additionally, the Google Play Store has suffered 31 | many more malware attacks than iOS, and has significantly less apps that are 32 | NSC compliant, versus Apple’s ATS compliance, I’ll leave a link to this great post 33 | talking about compliance, since it’s a complex subject I won’t be covering due to 34 | time restraints. Additionally, it takes these third-party manufacturers time to 35 | receive security patches from Google, who develops Android, and make 36 | compatible with their own versions of Android. This means you’re getting delayed 37 | security patches on your device. To top that all off, lots of manufacturers and cell 38 | providers like Verizon install their own apps that aren’t removable and increase 39 | the risk of exploits and/or privacy invasion. Speaking of privacy, most 40 | manufacturers implement some form of additional tracking on these devices, as 41 | seen by OnePlus, Motorola, HTC, and Samsung. Keep in mind that Android is 42 | tightly integrated with Google on Type 1, so you’re being tracked by Google, the 43 | manufacturer of your device, and possibly the cell provider you purchased the 44 | phone from. You are being thoroughly screwed here. 45 | 46 | Type 2 Android is more commonly known as stock Android, which is what Google 47 | pushes out on their devices. For security, this is definitely an improvement from 48 | Type 1. Google pushes out consistent security patches that don’t need to be 49 | cleared by third parties, and google is overall an extremely secure company that 50 | ensures the utmost security on their phones. But, there is still arguably a higher 51 | risk than iOS because of things like the poor compliance on the Google Play 52 | Store. Type 2 also limits the amount of preinstalled software, and cell providers 53 | won’t install anything--assuming you buy the phone unlocked. This is much better 54 | than Type 1, but it’s not perfect. Type 2 is still tightly integrated with Google, 55 | making it very poor for your privacy, but at least only one company has your 56 | data. 57 | 58 | Type 3 Android devices are custom ROMs. Custom ROMs can be installed on 59 | most Google and OnePlus devices very easily. As for other devices, cross your 60 | fingers for luck. The beauty of custom ROMS is they give you the ability to install 61 | a variant of Android that favors your security and privacy. The standout project 62 | at the moment is LineageOS, which is FOSS and built to protect your data. It 63 | adds some privacy features, it doesn’t dump location data, and it has many other 64 | security and privacy precautions not found in some ROMs. Additionally, it comes 65 | with no Google services, meaning no third party tracking. This also means there 66 | is no Google Play Store, so there’s no risk of malware from there, yay! But how do 67 | we get apps? Well, there’s the F-Droid Store, a store that only hosts FOSS 68 | applications. If you need an app not found on F-Droid, you can manually install 69 | an app yourself, or use the Aurora store from F-Droid. If you still need the play 70 | store, or want some Google Services, you can install gAPPS or MicroG on your 71 | ROM that correspond with the Google features you need, so you have full control 72 | of the entire process. LineageOS however, like other ROMs, arguably lowers 73 | security by not maintaining things like verified boot, as well as other concerns. 74 | As of today, the only two ROMs I’m aware of that don’t suffer this problem are 75 | GrapheneOS, and CalyxOS. GrapheneOS is considered the absolute most secure 76 | and private ROM out there, I covered the entire project on the YouTube channel. 77 | CalyxOS maintains the security of AOSP, and it preinstalled things like MicroG to 78 | make a ROM designed for the masses--this will be on our channel as well. They’re both great projects aimed at 79 | different people. 80 | 81 | Even though projects like LineageOS have security problems, that may be okay. If 82 | getting away from google means a small hit to your security, that may also be a 83 | good option for you. Overall, type 3 android is king. 84 | 85 | Let’s move over to iOS. Apple’s security is very strong, mostly because of their 86 | heavy app requirements from the App Store and general locked-down nature of 87 | the OS. iOS will almost always beat Type 1 Android in security and privacy. Now, 88 | comparing iOS to Type 2 Android is tough because they’re similar in many ways. 89 | They’re both managed by the company who creates the software and hardware, 90 | there’s little bloatware, security is overall good, and both are companies who 91 | perform data collection, although Apple is typically considered better than 92 | Google. Between those two, you need to make the call over what company you 93 | trust more with your information, and what device works best for your needs. 94 | 95 | Lastly, there’s iOS versus Type 3 Android. There is very little room for debate here, 96 | Type 3 Android is almost always considered better than iOS when it comes to 97 | privacy. As for security, projects like GrapheneOS are arguably better than iOS 98 | as well. The coolest thing is these ROMs are generally FOSS, offering another 99 | awesome benefit over iOS, increasing user trust and transparency. 100 | As a side note, avoid rooting and jailbreaking devices, since it’ll open up your 101 | device to malicious activities. There are scenarios where rooting and jailbreaking 102 | can be beneficial for us, but most of you should avoid it unless you know exactly 103 | what you’re doing. 104 | 105 | As for other mobile operating systems...Windows phones are for the most part 106 | dead, and we know their privacy and security doesn’t stack up. The last devices to 107 | mention, which are still in development at the time of making this lesson are 108 | Linux phones. Librem 5 and the pinephone are the most notable projects, and 109 | they rely on Linux. As great as this sounds for privacy, FOSS, and simply having a 110 | third option, Linux phone are currently a huge dropoff in user security, but they 111 | still have yet to be fully released so let’s wait for that to happen first. 112 | To summarize, if you’re a user who draws your convenience line pretty early on, I 113 | would recommend iOS or a stock Android device. But, if you’re willing to go above 114 | and beyond and get a truly private and secure device, you’re going to want to 115 | check out Type 3 Android, preferably without Google services, and ideally with strong 116 | security using as of today--GrapheneOS or CalyxOS. 117 | 118 | That’s going to finish the main options for a private and secure experience on 119 | your mobile devices. It’s not as simple as I originally envisioned, but the final 120 | choices really distinguish the direction you may want to head. I hope this was 121 | useful, and I’ll see you in the next lesson, where I’ll teach you about expendable 122 | OS’s, like virtual machines and live operating systems. See you then and thanks 123 | for watching! 124 | -------------------------------------------------------------------------------- /Scripts/Section 4/4_ Expendable Operating Systems.md: -------------------------------------------------------------------------------- 1 | # Expendable Operating Systems 2 | 3 | Welcome back to the course! Today’s topic is super fun: expendable operating 4 | systems...operating systems designed to be easily removable, replaceable, and 5 | destroyable. Let’s get right into it! 6 | 7 | To begin, virtual machines allow you to run operating systems within your current 8 | operating system, opening up many possibilities. To start with security, VMs run 9 | guest operating systems completely sandboxed and separate from your host 10 | operating system. So if you buy a Mac, your host operating system is MacOS. You 11 | can set up a Windows, Linux, or another MacOS operating system inside a virtual 12 | machine, this would be your guest OS. The host is your “real” one so to speak, and 13 | the guest is your expendable virtual machine, running on top of your host. 14 | 15 | This is great for security because it’s isolated from your actual system, as long as 16 | you don’t share folders between the two systems. Now, there have been cases, 17 | although very few, of exploits that would allow the host OS to be infected from a 18 | guest operating system. But, this doesn’t mean virtual machines don’t add a 19 | HUGE layer of security. You can even run something like Qubes OS, which keeps 20 | its programs in mini virtual machines, if that’s the way you wanted to go. 21 | 22 | When it comes to privacy, virtual machines are an excellent tool to create 23 | pseudonyms, or ghost identities. They are expendable, can be deleted in a couple 24 | mouse clicks, are separate from your host OS (so nothing is mixed between 25 | identities) and you have full control of how you want the OS configured. As an 26 | example, let’s say I used my *(show personal laptop)* personal Windows computer 27 | for work, but wanted to separate my personal life from my work life. I can create a 28 | Debian VM to store my personal information, and have no work data whatsoever 29 | inside of it. I can set up another VM running something like Whonix to handle 30 | sensitive data, like banking and online purchases, we’ll cover Whonix later. These 31 | use-cases demonstrate the potential you have as a security and privacy-minded 32 | individual to separate and compartmentalize your life across different virtual 33 | operating systems. We will cover pseudonyms and all that much more in-depth 34 | later in the course. 35 | 36 | So how do you set one up? The main virtual machine programs are Virtualbox, 37 | VMWare, and KVM. Virtualbox and KVM are FOSS so I’m going to lean you in that 38 | direction. Every OS has a slightly different setup, so dig online to find out how to 39 | configure the guest OS of your choice, it’s typically pretty straight-forward. 40 | 41 | Random interruption! Whonix is an OS that runs as a virtual machine and routes 42 | everything through Tor, similar to Tails OS, a LiveOS we’ll discuss shortly. It isn’t 43 | necessarily better or worse than Tails, they both have pros and cons. Whonix is a 44 | cool project to try for those of you wanting to properly access Tor in a virtual 45 | machine. Tor will be discussed in our very next lesson. 46 | 47 | The second major type of expendable operating systems is Live Operating 48 | Systems, which as the name implies, run live, and don’t retain any information or 49 | changes you make to the OS, unless configured to do so with persistence. Most 50 | of these run off a *(show flash drive)* flash drive, allowing you to quickly boot into 51 | the OS on any device, at any point in time. When you shut off the computer, all 52 | things you downloaded, changed, or configured in the live OS are deleted and 53 | restored back to factory settings. Probably the most well-known strictly live 54 | operating system is Tails. It is built on the Linux distro Debian, and tunnels all of 55 | your traffic through Tor, similar to Whonix. Tails attempts to offer an all-in-one 56 | anonymization tool, but keep in mind you still have to use it in an anonymous 57 | fashion, and not rely on it being your only tool to protect you. Most Linux 58 | distributions allow you to create a liveOS variant on a flash drive, so you can do 59 | this with almost all Linux distributions. 60 | 61 | Similar to virtual machine separation, live operating systems give us similar 62 | functionality, that you can bring with you anywhere, and delete all your data 63 | when you shut it off--truly expendable. Maybe you have a live version of Fedora 64 | to do banking, Tails OS for anonymizing your casual web traffic, or a Debian 65 | flash drive used for personal accounts like email. Being able to separate your life 66 | is essential, as we’ll discuss in section 6, and having an expendable arsenal is 67 | something very cool to have, with infinite opportunities for your individual needs. 68 | 69 | That’s going to wrap up expendable operating systems, the next lesson will talk 70 | about Tor which I’m sure is a topic many of you are looking forward to viewing. I’ll 71 | see you then, and thank you for watching. 72 | -------------------------------------------------------------------------------- /Scripts/Section 4/6_ Cryptocurrencies...True Anonymity_.md: -------------------------------------------------------------------------------- 1 | # Cryptocurrencies...True Anonymity? 2 | 3 | *(show coin with BTC taped on it)* Bitcoin! So mysterious to so many people, and 4 | so many misconceptions regarding the technology behind it and its capabilities. 5 | Is Bitcoin anonymous? Is it a fad? What is its future? 6 | 7 | Bitcoin is a cryptocurrency, or digital currency, like donuts in Simpsons Tapped 8 | Out, Gold in Candy Crush Saga, or Vbucks in Fortnight. There are two key 9 | differences though. First, Bitcoin is intended to be used as a common-day 10 | currency used to purchase common items, replacing modern-day currencies. The 11 | second difference is blockchain technology, where every transaction is fully 12 | public and verifiable. This means you can view every transaction taking place on 13 | the Bitcoin blockchain. A blockchain is resistant to modification of any data, 14 | making them secure by design. They’re also decentralized, meaning no one 15 | person controls the blockchain, giving power to users, and allowing them to 16 | control and send their funds worldwide with no third parties. There are other 17 | benefits... 18 | 19 | - The invention of the blockchain for Bitcoin made it the first digital currency 20 | to solve the double-spending problem without the need of a trusted 21 | authority or central server. 22 | 23 | - There are no banks or other third parties that control how you store and 24 | send money, you take full ownership. 25 | 26 | - And it’s a worldwide currency, which could rid the need for conversions and 27 | globalize currency. 28 | 29 | So that is Bitcoin, A) It wasn’t created to be anonymous B) It wasn’t created for 30 | illegal activities C) It wasn’t created as a scam D) And it wasn’t created as an 31 | investment opportunity. 32 | 33 | Now you might be asking: why is it used for illegal activities, if it’s not anonymous? 34 | Let me answer that… 35 | 36 | 1) Bitcoin is being replaced by Monero for illegal activities, and I’ll expand on 37 | that in a sec. 38 | 39 | 2) Bitcoin is not anonymous, but there are ways to make it very difficult to 40 | track where it came from. For example, you can buy Bitcoin with cash 41 | in-person using an ATM, and send it to a new wallet, which isn’t tied to any 42 | previous transactions--giving you decent anonymity. I say decent because 43 | these ATMs typically have cameras built into them, the malls and stores 44 | with ATMs have cameras, and your drive to these stores will face many 45 | challenges, like phone-based tracking, license plate monitoring, and other 46 | techniques which we’ll discuss in section 5 and 6. A better method is buying 47 | Bitcoins locally with cash using a site like LocalBitcoins; I like to call them 48 | cryptocraigslist. 49 | 50 | 3) Another method of making Bitcoin relatively anonymous is by using a 51 | mixer, essentially a laundering service. There are several options but 52 | coinmixer.se seems decent, and bitblender.io seems better since it requires 53 | Tor to use. The way these work is you send your Bitcoin into the service, 54 | along with many other people, and the service scrambles where the Bitcoin 55 | came from and its destination. Laundering is legal as long as you’re not 56 | using it to hide illegal activities. You also have to remember the wallet you 57 | use to send the BTC should have no information tied to you, as well as the 58 | destination wallet. 59 | 60 | 4) Another method of getting Bitcoin anonymously is by mining it yourself. 61 | Mining will require a GPU or miner, using something like Nicehash. I made a 62 | tutorial on mining and how to get started on my channel. 63 | 64 | So it’s a bummer Bitcoin isn’t inherently anonymous. Luckily, there are other 65 | cryptocurrencies that promise near anonymity by default. Monero is the main 66 | one, which utilizes a private blockchain. This way it’s impossible to view 67 | transactions on the blockchain. On top of that, your wallet address, which is how 68 | you identify your wallet, is never used in the transaction. There are two ghost 69 | addresses used to avoid exposing the real addresses. Monero implements all of 70 | this by default, which is great since it eliminates the possibility of human error. 71 | 72 | Before going out and buying cryptocurrencies, remember to secure them. This 73 | space is very new, there are lots of scams out there, and people are losing their 74 | money left and right. Avoid leaving your coins on exchanges, transfer them to a 75 | wallet where you have control of the private keys. If you want the utmost security, 76 | you should go pick up a Ledger Nano or other hardware wallet, which is 77 | considered the most secure method of storing cryptocurrencies. 78 | 79 | To recap everything, cryptocurrencies can be used to help anonymize digital 80 | purchases. With Bitcoin, it’s difficult and you’ll have to jump some hoops because 81 | it’s not inherently private. Other technologies like Monero offer more 82 | private ways of sending money, which are better than Bitcoin. Remember, 83 | as always--do not put full faith in the technology. Create these accounts and 84 | send transactions assuming they will be compromised, so even if they are 85 | compromised your personal data is still safe. 86 | 87 | I hope that cleared up some cryptocurrency misconceptions. It is very cool to 88 | witness where this technology will go, and only time will tell if cryptocurrencies 89 | really will take off. The use-case is definitely there. Thanks for watching, and I’ll 90 | see you in the next lesson: Auditing. 91 | -------------------------------------------------------------------------------- /Scripts/Section 4/7_ Audits.md: -------------------------------------------------------------------------------- 1 | # Audits 2 | 3 | The very last thing we’re going to talk about in section 4 is auditing. It is one of 4 | the most important things that you can do in this course, so don’t take it lightly! 5 | 6 | When we think of auditing, we think of inspections, uneasiness, error-finding, and 7 | unfortunately...that’s what it is. But, auditing is very important. Your privacy and 8 | security etiquette is going to change over time. Either you’re going to slowly start 9 | slacking off, or you’re going to want to continually improve your habits. 10 | 11 | Additionally, technology is always evolving, so things that worked when you 12 | started may need to change. For example, when two-factor authentication was 13 | being popularized, it was mostly used with email and phone numbers, which as 14 | we discussed in section 3, are susceptible to attacks. Now, many services 15 | implement apps that handle 2-factor authentication offline with OTP, something 16 | you all should be utilizing. Changes like this happen constantly, and it’s 17 | important for you to keep up with news related to these topics. Whether it’s 18 | through Reddit, a news source, us, make sure you’re continually keeping 19 | up-to-date. We have surveillance reports uploaded every week offered as a video 20 | and a podcast if you want an easy way to keep up with news. 21 | 22 | In order to make sure you’re always protected, you will need to self-evaluate your 23 | privacy and security habits. I broke up auditing into different steps to help you 24 | out. Premium users can refer to the checklist. 25 | 26 | 1) Check haveibeenpwned and search for your personal information through 27 | a search engine for hacks and leaks of your personal information. If 28 | anything has been compromised, you need to make sure you secure your 29 | account by changing your password and ideally the email associated with the 30 | password. Go back to lesson 2.4 and 3.4 for more instructions on what to do in 31 | this scenario. 32 | 33 | 2) Check for updates on every device you own, and every piece of software on 34 | that device. We covered why this is important in lesson 3.2. 35 | 36 | 3) Run antimalware scans on your devices that have a higher risk of infection. 37 | This will be most desktop operating systems, even Linux. Malware was covered in 38 | lesson 3.12. 39 | 40 | 4) Update all of your passwords, at least for your most sensitive accounts. 41 | Sometimes hacks and leaks aren’t publicized, so someone may have access to an 42 | account without your knowledge. Additionally, continually changing your 43 | passwords will make it difficult for somebody to brute force their way into your 44 | accounts using computational power. I covered these topics in lesson 3.4 and 3.5. 45 | 46 | 5) Check up on your phone’s settings, apps, and app settings. Make sure no 47 | recent apps you downloaded have unnecessary permissions. Shopping apps 48 | don’t need your microphone, and calculators don’t need your location. Go to 49 | lesson 3.3 for more details. 50 | 51 | 6) Delete unneeded files, photos, programs, and apps. What I tend to find is I’ll try 52 | a few apps and forget to delete them, and the audit will catch these, as well as 53 | any settings for new apps I haven’t configured yet. Refer to the minimalism lesson 54 | in 2.2 to re-cover this. Don’t forget to clear your temporary files like history, cache, 55 | and cookies as well. 56 | 57 | 7) Try to ask a friend to dig up information on you online. If they find more than 58 | you’d like, you need to ask them where they got the information so you can 59 | remove or falsify it. You can also do this yourself if you don’t have any friends \* 60 | long pause *(that don’t want to do it for you.)* 61 | 62 | 8) This is your decision, the other things we covered I recommend you always 63 | check up on, but you may have different priorities and things to look at. Section 5 64 | will talk about physical security and privacy, and some of you may have things in 65 | there you want to audit. I’d encourage you to find what’s important for your 66 | personal interests, priorities, and threat models and add them to your list of 67 | items to consistently check up on. 68 | 69 | Like I said before, auditing is an extremely important part of increasing your 70 | digital privacy and security. You can configure everything properly in January as 71 | a New Year’s resolution, but in six months you can be completely vulnerable. Stay 72 | on top of things! I recommend you set aside a day every week, other week, month, 73 | or every other month to sit down and audit yourself. The frequency is your 74 | decision and where you draw your convenience line. 75 | 76 | I wish you luck! Thank you for watching this lesson and I will see you in the finale 77 | of section 4, where we recap everything we covered. 78 | -------------------------------------------------------------------------------- /Scripts/Section 4/8_ Section 4 Finale.md: -------------------------------------------------------------------------------- 1 | # Section 4 Finale 2 | 3 | Section 4 has been a ton of fun! Although section 3 was very important in 4 | teaching the basics of what you should be doing every day, it’s a lot more fun for 5 | me to be teaching you about the advanced stuff. At this point in the course, you 6 | should know near everything you need to know about passwords, Tor, VPNs, 7 | proxies, cryptocurrencies, minimalism, erasing local and online identities, secure 8 | communication, two-factor authentication, and file encryption, just to name a few 9 | topics we’ve talked about. There was a LOT MORE! 10 | 11 | The only two major sections of the course left are “physical privacy and security”, 12 | and “living the lifestyle”:, both of which are important and need to be taken 13 | seriously if you want the other stuff you’ve learned to be fully worth it. Here’s a 14 | great little comic which demonstrates why…you can implement the absolute best 15 | protection on the software side of your life, but if you can’t physically protect it, 16 | you’re still vulnerable. It has been an absolute pleasure to be with you up until 17 | this point, and I will see you in section 5! Congratulations on making it this far. -------------------------------------------------------------------------------- /Scripts/Section 5/1_ Section 5 Introduction.md: -------------------------------------------------------------------------------- 1 | # Section 5 Introduction 2 | 3 | Welcome to section 5 of Go Incognito: Physical Privacy and Security! Throughout 4 | the section, you’re going to learn about the basics of physical protection, like 5 | taping up webcams, disabling microphones, encrypting your devices, changing 6 | Mac addresses, disabling radios on your devices, managing your routers, and 7 | much more. I’ve shown this image before, but it’s more important than ever 8 | because you can have the best encryption on the planet, but you’re as strong as 9 | your weakest link. If a simple password is all that’s needed to break into your life, 10 | then you’ve got a problem. Section 5 will teach you the physical side of things, 11 | which is vital in our quest for privacy and security. 12 | 13 | Before kicking off the first lesson, I want to say that I believe in every single one of 14 | you watching this course. I know many things we’ve discussed have been heavy, 15 | but I know all of you can do it. The last couple sections of the course are lighter 16 | on technical information, so I’d say you’re through the toughest part, and it’s a 17 | downhill race from here. Without further adieu, let’s get into the first lesson: The 18 | Basics. -------------------------------------------------------------------------------- /Scripts/Section 5/2_ The Basics.md: -------------------------------------------------------------------------------- 1 | # The Basics 2 | 3 | The basics of physical privacy and security is a broad topic with many little 4 | things you need to do. Instead of putting you through 5, 90-second lessons, I put 5 | all of the information randomly into one lesson, titled The Basics. Enjoy! 6 | 7 | Let’s start with encryption, one of the most overlooked vulnerabilities. According 8 | to a self-conducted poll by me, close to 80% of people don’t encrypt drives on 9 | their computers. As we’ve discussed in earlier sections, encrypting a file prevents 10 | unauthorized access to that file. This is the same story for full-disk encryption. 11 | Most operating systems by default are not encrypted, meaning they can be 12 | mounted to a computer where someone can access, modify, and delete any files. 13 | 14 | A password to login does not encrypt your drives, so this attack will work on all 15 | password-protected devices. I demonstrated this on my YouTube channel, where 16 | I plugged in a flash drive to a computer and accessed all the files on a password 17 | protected system. To combat this, you need to encrypt your drives. Windows 18 | offers Bitlocker on Windows Pro. MacOS has FileVault. Some Linux distros prompt 19 | you during installation to encrypt your system with LUKS. iOS is always encrypted 20 | with a password, and most Android devices also use encryption by default. 21 | These built-in options are great for convenience. As for Windows, Bitlocker is fine, 22 | but it is proprietary encryption, and they store encryption keys. Meaning they 23 | may be able to access your data. I recommend you go with Veracrypt for full disk 24 | encryption on Windows, especially since Bitlocker isn’t available on Windows 25 | home. Veracrypt is FOSS, versatile, and it lets you create hidden volumes to 26 | prevent this type of thing from happening… After setting up full-disk encryption, 27 | make sure you always fully power off your system when leaving it for periods of 28 | time, because it’s possible for someone to dump the memory and get the 29 | encryption keys. For those of you who don’t know what that is, just remember to 30 | shut off your system entirely. 31 | 32 | For physical security, you can lock laptops to a desk using a cable lock. That is 33 | what this mysterious port is for on your laptop. Macs don’t have them but most 34 | other PCs do. You can even get a lock that sounds an alarm if cut, and it’ll work 35 | for desktops and other electronics. 36 | 37 | Speaking of desktops, lots of motherboards have intrusion kits, that will alert you 38 | if the case on your computer has been opened. 39 | 40 | What about public computers? Avoid entering any personal information if 41 | possible. Assume the last person who used it installed malware, either 42 | consciously or unconsciously. You have no control over these devices, so be 43 | cautious when using them, or avoid them altogether. 44 | 45 | Another overlooked vulnerability is printers. Many printers have hard drives that 46 | store documents you print and scan. Meaning anything going through the 47 | printer has the possibility of being accessed later on. Let this be a reminder to 48 | wipe hard drives of all data before selling your computers and other devices, we 49 | covered how to wipe data in section 3. 50 | 51 | Up next is screen protectors, and not to protect your screen, but to protect your 52 | privacy. Shoulder surfing is a very common, and successful attack done in public 53 | to steal your passwords and personal information. Luckily, it’s easily thwarted by 54 | using a piece of plastic, called a privacy screen protector, *(show your screen 55 | protector)* making it hard to see a screen unless you’re directly looking at it. 56 | There are commercial options, but there are DIY methods. Don’t forget to put 57 | these on laptops and monitors as well if needed. 58 | 59 | Next is restricting access to your BIOS--the firmware directly interacting with your 60 | hardware and operating system. The BIOS can be used for wrongdoing in more 61 | ways than one, so I would recommend establishing a password to access and 62 | modify it. Every computer is different, so refer to your manufacturer on how to do 63 | this. Keep in mind, a simple CMOS reset or motherboard battery re-insertion can 64 | quickly bypass the password. So a password isn’t the world’s safest form of 65 | protection, but it can make a small difference. You should also lock down your 66 | boot priority to prevent people from booting into *(show flash drive)* live 67 | operating systems. On the topic of the BIOS, most of them are proprietary and 68 | rely on firmware from your manufacturer; if you want something a bit more open, 69 | libreboot or coreboot may be what you’re looking for. 70 | 71 | *(show watch)* Alright, what about smartwatches and fitness trackers? From a 72 | privacy perspective, they track vitals and other health data that could be used by 73 | companies to target you, or they could give up this data to third-parties. From a 74 | security perspective, you’re relying on that said company to secure your data, 75 | something dangerous considering there have been breaches. If you do track 76 | your health in any way, make sure it is all private and not being shared with 77 | anybody--especially the public. This was a problem in the 2015 Amgen Tour of 78 | California. Participants in the bike race were able to identify who had passed 79 | them and later, while online, directly message them. This is creepy, especially with 80 | social media platforms like Strava who publicize where you exercise. If you have 81 | to use something like a GPS watch to track your activities, keep it local on the 82 | watch and avoid syncing it to any devices or accounts. We've covered private health tracking 83 | options with smart watches and other devices on our YouTube channel, there are surpringsly 84 | a plethora of options at your disposal covered there. 85 | 86 | The last thing to talk about in this lesson is webcams and mics. This has turned 87 | into a bandwagon, where people tape up their webcams while browsing an HTTP 88 | site within Windows 10, and sending a private message on Facebook; as if the 89 | tape is protecting them. Don’t be THAT person who tapes up their webcam and 90 | thinks they’re anonymous. Regardless, it’s still something you should be aware of, 91 | since it’s possible for hackers, intelligence agencies, and even people you know to 92 | access webcams without your knowledge. 93 | 94 | The scary thing is this can happen to anybody. Blake Robbins was a high school 95 | sophomore who was called into the principal's office for “improper behavior at 96 | home” His school district gave students MacBooks, but what they didn’t tell the 97 | students was there was software designed to recover the device in case it was 98 | lost. The issue is this software was monitoring all 2,300 students’ behaviour while 99 | they were in view of the webcam. *(eat mike and ikes)* Robbin’s alleged offense 100 | was pill popping, but it was found in court to be him eating mike and ike's candy 101 | while doing his homework. The webcam on Robbins’s Mac took hundreds of 102 | photos, including some of him sleeping in his bed. The school had pictures of 103 | many other students, a few of whom were “partially undressed’. The moral of the 104 | story: first, don’t trust anyone, that’s a topic for section 6. Second, it’s easy for 105 | malicious software to activate your webcam and microphone without your 106 | knowledge, this is true for mobile devices as well. 107 | 108 | Desktops are great because they don’t normally have cams and mics built in, but 109 | laptops and phones do. You have two options for the camera: tape it up, there 110 | are many neat options available, or physically remove the camera from the 111 | device. This will obviously remove the camera entirely, but you can use a 112 | third-party webcam that you plug in. As for mics, there are also two options. You 113 | can plug in a dummy mic. The dummy can be an old pair of earbuds that are 114 | snipped near the jack, tricking your computer into thinking there’s a mic. This is a 115 | software workaround though, so I would recommend option 2: remove the 116 | microphone entirely and stick to using external mics. 117 | 118 | And that was the basics! It was pretty hectic but I hope you learned a few things 119 | throughout the lesson. The next lesson will be about Mac Addresses, what they 120 | are, and how they can be used to track you. Thanks for watching, and I’ll see you 121 | then! 122 | -------------------------------------------------------------------------------- /Scripts/Section 5/3_ MAC.md: -------------------------------------------------------------------------------- 1 | # MAC 2 | 3 | Welcome back viewers, and get ready for a lesson about your media access 4 | control address, or MAC address. A MAC address is a device’s unique hardware 5 | address. Almost every device uses one, and the name has nothing to do with the 6 | Macintosh, even though Macs do have MAC addresses. So what’s the problem 7 | with these and why should you be concerned? Let’s find out! 8 | 9 | If you were to gain access to a network, let’s say a free cafe’s WiFi, you would see 10 | the MAC addresses of every device connected to the network. MAC addresses are 11 | tied to your hardware, meaning everytime you connect to a network, it logs what 12 | device is accessing it, as well as the time and the type of bandwidth going 13 | through the network from that device. If you go to the same coffee shop 14 | throughout the week, it recognizes it’s the same device. They can even 15 | crossmatch security footage and MAC addresses to figure out exactly who is 16 | doing what on a network, and this gets even more extensive with companies like 17 | Starbucks, who save this information across all their stores. This is why you can 18 | hop between Starbucks locations and never have to re-login to the same device 19 | twice. 20 | 21 | Since every MAC address is unique and tied to only your device, it turns into a 22 | tool that can be used to track you. When you walk around, your smartphone 23 | scans for nearby Wifi networks to connect to, and in doing so broadcasts its MAC 24 | address. A company named Renew London used trash bins in the city of London 25 | to track people’s movements around the city based on their MAC addresses, 26 | which can then be tied to a person’s identity. So what can we do? 27 | The easiest way to thwart MAC address tracking is by changing our MAC 28 | address, so no one is able to tie traffic to a specific device. This is relatively easy 29 | to do! 30 | 31 | On Windows, open your device manager, right click on network interface, 32 | click properties, advanced, network address, and input a custom value. Keep in 33 | mind that your ethernet adapter most likely will use a separate MAC address 34 | from your WiFi interface, so change both. SMAC is a program for Windows that 35 | makes this easier. You can also use tools like Technitium but it’s not fully 36 | required. Try to do this as often as possible or set your system up to use a new 37 | MAC address every time your computer boots up. 38 | 39 | On MacOS, there’s this great guide showing how to change your MAC address, 40 | and you can have it automatically run when your computer boots up, since any 41 | changes to your MAC address go away after a reboot. The only program I could 42 | find that does this for you is WiFi Spoof, but it costs $19.99. So the manual route is 43 | the way to go for MacOS. 44 | 45 | Linux has a similar process to MacOS, I’ll leave a guide for it as well. It will also go 46 | away after a reboot, but you can make it permanent by modifying some 47 | configuration files. 48 | 49 | On to mobile devices! For Android, these are a couple guides you can use to help 50 | you, and there does seem to be built-in features for newer version of android. 51 | 52 | For iOS, iOS 14 introudces MAC address randomization, so just enable it per network! The 53 | workaround if you're not running iOS 14 is you tether internet traffic through your computer with a spoofed 54 | MAC address. 55 | 56 | So that summarizes MAC addresses and how to change them in order to 57 | continually make it look like you’re connecting with a different device. Try to do 58 | this as often as possible to prevent people from tracking where you go, and what 59 | you’re doing on a network by simply logging your MAC addresses. The next 60 | lesson will be on a similar topic: Networking...more specifically how to properly 61 | secure a network. I’ll see you then! 62 | -------------------------------------------------------------------------------- /Scripts/Section 5/4_ Networking.md: -------------------------------------------------------------------------------- 1 | # Networking 2 | 3 | Your home network handles a large amount of your traffic for most, if not all of 4 | your devices. If someone gains access to your router, they can view all traffic 5 | going in and out, and if you aren't using a VPN--all of your web traffic is fully 6 | visible. On top of that, routers are susceptible to malware infections, like the 7 | recent widespread one in the US, as well as password cracking, since routers are 8 | always live and people have unlimited time to figure out the password. Luckily, 9 | there are lots of things we can do to secure our home routers. Let’s do it! 10 | 11 | First, make sure your router is using at the very least WPA2 encryption, since the 12 | previous WEP encryption allows anyone with half a mind to get into your router. 13 | It’s been cracked for years and it’s criminal for it to still be an option. 14 | The next thing is to change the default password. Manufacturers have been 15 | getting better about this, but some models of routers use the same default 16 | password; meaning if someone gets the model of your router, they can search 17 | online what the password is and you’re, in a nice way, screwed. Go to this website 18 | and search for your router, hopefully it doesn’t use the same password. Even if it 19 | doesn’t, most default passwords aren’t strong enough, so you should still change 20 | it. 21 | 22 | Before getting into the password, let’s discuss how to make sure attackers can’t 23 | figure out the model for our router. First, make sure the SSID, the public name of 24 | the router, doesn’t reveal anything about the router, or yourself. Revealing the 25 | router model is a security concern. And giving personal data is a privacy 26 | concern. It’s good to use random SSIDs like “Furry Lemur”, “Nutella Sticks”, or my 27 | personal favorite: “That’s what she SSID”. Don’t forget to double-check the 28 | visibility of your router and make sure it isn’t visible from any easily accessible 29 | window or door. 30 | 31 | As for the password, you should be using the password rules outlined in lesson 32 | 3.4 to get yourself a secure password, which no one will be able to crack within 33 | their lifetime (using current technology). 34 | 35 | Okay! Now, you have a router using at least WPA2 encryption, a non-revealing 36 | SSID, and a super secure password. These precautions have no effect on your 37 | convenience besides typing in a complex password once on each device. All of 38 | this should be implemented by everybody. 39 | 40 | Some of you watching might be asking, should I hide my SSID altogether? Hiding 41 | your SSID will hide your router on the list of visible devices, requiring you to 42 | manually input the SSID and password. This seems like it’s more secure, since it 43 | requires someone to know both your SSID and password to connect to the router. 44 | But, it doesn’t make that much of a difference. Certain operating systems leak 45 | your SSID, and tools used by hackers can see the SSID anyway. So the only 46 | person this protects you against is your not so tech-savvy neighbor looking for 47 | free wifi. No matter what, hiding your SSID won’t severely work against you, it just 48 | won’t really protect you from genuine threats. 49 | 50 | What are some other things you can do to improve the security of your router? 51 | Glad you asked... 52 | 53 | Like we’ve mentioned earlier in lesson 3.2, make sure everything is up to 54 | date--including your router. *(hold manual)* Refer to your manual for instructions 55 | and do this as often as possible to receive the latest security patches. 56 | A big no-no is using the WPS button to connect to your router. WPS is a button 57 | you push that lets you quickly connect to a wireless connection without typing a 58 | password. All it takes is physical access for someone to connect to your network. 59 | On top of that, attacks like Pixie Dust can crack WPS-enabled routers in hours. In 60 | short, disable WPS. 61 | 62 | You can take your security a step further by only allowing a connection to a 63 | specified device via a MAC address, we discussed what these are in the previous lesson. 64 | This way, only devices you specify connect to the router, and any other device is 65 | blacklisted. But, similar to hiding your SSID, this won’t stop an experienced 66 | hacker, since tools like aircrack-ng reveal the authorized MAC addresses, and 67 | the attacker can spoof the MAC address to mimic an accepted device. So, once 68 | again, this will only help keep out your amateur attackers. 69 | 70 | Something I’d recommend you do do, if you use VPNs, is install a VPN on your 71 | router, which will route every device on the network through the VPN. Not only 72 | does this mean you don’t need to worry about VPN software on every device, but 73 | it also allows you to connect devices like your Xbox and other electronics to the 74 | VPN. Not to mention that a router counts as one device, allowing you to connect 75 | a huge number of devices to the VPN service-- a little workaround for VPN device 76 | restrictions. 77 | 78 | The last thing you can do, although more technical and on the advanced side, is 79 | installing custom firmware on your router, specifically openWRT or pfSense. 80 | openWRT is FOSS and based on the Linux kernel. The other option is pfSense, 81 | another FOSS firmware based on FreeBSD. It’s known to be extremely reliable and 82 | secure, although more advanced to set up than OpenWRT. They’re both very 83 | good, so I would research the features to see what’s best for you, although keep 84 | in mind not every router is compatible, so make sure to check beforehand if your 85 | device is supported. 86 | 87 | That is all I have to say about routers and networks. They aren’t crazy complex, 88 | and it’s one of the most important devices to lockdown, so make sure you’re 89 | implementing this as soon as possible. The next lesson will talk about radios, how 90 | they’re used to track you, and what you can do about them. Thank you for 91 | watching, and I will see you then! 92 | -------------------------------------------------------------------------------- /Scripts/Section 5/6_ Device Separation.md: -------------------------------------------------------------------------------- 1 | # Compartmentalization 2 | 3 | This lesson will be pretty simple and straightforward, and if you watched the 4 | expendable operating systems lesson in section 4, you’ll find this lesson will have 5 | many similarities. 6 | 7 | The ideas in this lesson aren’t foreign to you, your work or school may give you a 8 | device solely used for work or education--separate from your personal devices. 9 | One reason this is done, is to increase security, since one device being 10 | compromised won’t directly lead to another being compromised. As a general 11 | rule of thumb, never conduct personal tasks on a work device or network, since 12 | these are likely monitored; it’s better to use cellular data to do personal stuff at 13 | work. Separating different aspect of your life, is called Compartmentalization. 14 | 15 | Before we dive into the lesson, here is a major disclaimer, so listen up! I’m going 16 | to give you unrealistic scenarios, repeat: UNREALISTIC! that involve purchasing a 17 | device for everything task you perform. I know this is far from realistic, but I’m 18 | demonstrating how you can utilize multiple devices to benefit privacy and 19 | security. It is a mindset lesson training you how to think differently about device 20 | management. Here goes! 21 | 22 | As discussed before, you can’t anonymize your personal identity, so you can get 23 | a device used for your personal stuff: email, banking, school, and other things 24 | you can’t avoid. You should pick a device and operating system with an emphasis 25 | on security; privacy isn’t as important since you can’t hide your personal 26 | identity...although you should still implement the techniques taught in section 3 27 | and 4, and there are ethical reasons to still value personal privacy. Believe it or 28 | not, there are cheap and convenient devices that fit this criteria relatively well: 29 | the Chromebook and the iPad. Both devices are inherently very secure, so if 30 | you’re looking for a high-security device where privacy isn’t a huge concern, they 31 | aren’t a bad option. If you’re a more advanced user, Qubes is the recommended 32 | way to go, but don’t overlook the simple options sometimes. As one of my 33 | teachers once said, “Don’t shoot a fly with an uzi.” 34 | 35 | Let’s pick up a second device, one that’s used for anonymous web browsing that 36 | isn’t tied to you. The focus here is privacy. Utilizing Tor is highly recommend, 37 | making options like Whonix, and Tails extremely good options. Don’t forget that 38 | Tor needs to be used properly to achieve decent anonymity, so make sure to 39 | rewatch lesson 4.5 for a refresher. 40 | 41 | You can have a third device used only for work. Personally, I have my desktop 42 | used only for video production. I am unable to access any of my personal 43 | accounts from that computer for max separation. 44 | 45 | You can have a fourth device used for online dating, created from the ground up 46 | with maybe a pseudonym, or only with small pieces of your actual information 47 | that you don’t want mixed with your fully-fledged personal device. 48 | 49 | You can have a gaming device, a naughty device, anything! The sky's the limit, 50 | and the more boundaries created between the activities you do, the harder it is 51 | to tie them together. 52 | 53 | Before clocking out, I will remind you this was a mindset lesson. I don’t expect 54 | everybody to buy eight different devices for different tasks; but I do expect you to 55 | start thinking about how certain aspects of your life are mixed, when it could be 56 | beneficial to separate them through a physical barrier like several devices, or a digital one using 57 | maybe something like virtual machines or separate user accounts. 58 | 59 | To summarize compartmentalization, Create boundaries! Thank you for 60 | watching, and I’ll see you in the section finale. 61 | -------------------------------------------------------------------------------- /Scripts/Section 5/7_ Section 5 Finale.md: -------------------------------------------------------------------------------- 1 | # Section 5 Finale 2 | 3 | And that wraps up section 5, finishing the physical privacy and security series. 4 | Not only did section 5 cover the basics, MAC addresses, networking security, 5 | radios, and device separation, but we’ve covered close to everything you need to 6 | know about protecting yourself digitally throughout section 1 through 5. 7 | 8 | There’s just one problem. If you’re not living a private and secure lifestyle, it’ll be 9 | easy for most of the work you’ve done to go to waste. How is this? Well, if you give 10 | your personal information to a friend who posts it on the internet, all that time 11 | you spent making sure your data stays private went to waste. If you open a gym 12 | membership and they’re breached exposing personal information, a lot of the 13 | time you spent may go to waste. If you’re not locking your home, a lot of the 14 | physical security we’ve covered can go to waste. Lifestyle is extremely important, 15 | because it serves as another avenue used to eventually have your information 16 | published digitally--meaning we need to implement a proper lifestyle. 17 | 18 | This is what section 6 is about. It teaches who you can trust, how to minimize data 19 | access in public, proper anonymization and pseudonymization (we’re going to 20 | create pseudos), how to shop safely, and how to become an activist who 21 | preaches the benefits of privacy and security. 22 | 23 | Thank you for tuning in, and I’ll see you in section 6: Living the Lifestyle. -------------------------------------------------------------------------------- /Scripts/Section 6/10_ Section 6 Finale.md: -------------------------------------------------------------------------------- 1 | # Section 6 Finale 2 | 3 | Welcome to the section 6 finale! It has been an absolute pleasure, and I hope this 4 | section gave you insight into other things we need to do outside locking down 5 | our devices and accounts. Privacy and security is a lifestyle that you need to live 6 | and breathe everyday if you truly want to get the best out of it. We covered who 7 | to trust, minimizing data access, anonymization and pseudonymisation, 8 | shopping safely, lifestyle changes, pre-configured hardware & software, the 9 | downsides to safety, and how to be an activist. 10 | 11 | Remember, spread the message, and set the example. If we all play a part, we can 12 | make a pretty big difference. Thanks for watching, and I’ll see you in section 7 to 13 | wrap things up. -------------------------------------------------------------------------------- /Scripts/Section 6/1_ Section 6 Introduction.md: -------------------------------------------------------------------------------- 1 | # Section 6 Introduction 2 | 3 | Welcome to section 6 of the course; Living the lifestyle. This is arguably the most 4 | interesting and important section. When we think of privacy invasion, we think of 5 | digital device management and how this can impact your privacy. But what we 6 | don’t realize is lots of the information we give out in our physical daily lives can 7 | just as easily end up online--making this an important thing for you to learn 8 | about. 9 | 10 | Section 6 will not only teach you about the techniques used to track you 11 | everyday: from companies, governments, and people. But section 6 will also teach 12 | the mindset required to think in a precautionary way. Last but not least, you’ll 13 | learn how to preach the benefits of privacy and security in our society, and 14 | hopefully convince the people you know to care about it as well. We will begin 15 | with the first lesson: Who Can You Trust? -------------------------------------------------------------------------------- /Scripts/Section 6/2_ Who Can You Trust_.md: -------------------------------------------------------------------------------- 1 | # Who Can You Trust? 2 | 3 | Who can you trust? That’s a loaded question! Let’s start with a disclaimer: I don’t 4 | want to make it seem like everybody is out to get you, and no one is trustworthy 5 | in your life. But I do want to make you cautious with how other people can 6 | intentionally or unintentionally leak sensitive information about you. 7 | 8 | Let’s begin with the people closest to you--family and close friends. These are 9 | your most trusted peeps, but proceed with caution. Not because they’re 10 | necessarily untrustworthy, but their habits can be improper. For example, you 11 | and your wife are outside your home when she decides to take a selfie with you to 12 | share on Facebook. What she doesn’t realize is she included the house number in 13 | the picture, in addition to location metadata within the image. To top it all off, her 14 | Facebook account is public. A thief now has the necessary information to rob 15 | your home. Another more common scenario is someone screenshotting a 16 | conversation between you and them, or a friend gives out your personal phone 17 | number to a stranger without your consent. On the other hand, you should trust 18 | your family and close friends well enough for them to understand why you may 19 | want parts of your life kept secret. The key is communication, tell them 20 | transparently what information they can or can’t share about you with others. 21 | 22 | Moving on, casual friends and strangers are a much bigger concern. In the movie 23 | Now You See Me, the 4 magicians ask the character Tressler casual questions, 24 | which he gladly answers. What he doesn’t realize is he is gave them answers to his 25 | bank’s security questions. The 4 magicians eventually break into his bank 26 | account, and steal his funds as part of their magic trick. This is a form of social 27 | engineering, “The manipulation of the natural human tendency to trust.” Social 28 | engineering is dangerous because it exploits the way humans function to achieve 29 | unauthorized access. How is this done? Well we talked about phishing scams 30 | earlier in the course, which relied on you trusting a fraudulent website that steals 31 | your information--this is a form of social engineering. *(show phone)* This can 32 | happen with your phone calls as well. Hackers can call their targets from a 33 | "spoofed" phone number claiming to be someone needing your information. It 34 | could be spoofed to be your AT&T provider asking for your account details, or 35 | the IRS asking you to pay “missing” taxes. 36 | 37 | Tailgating is another form of social engineering where a person pretends to be a 38 | delivery service at a corporate office and asks an employee to hold the door 39 | open for them. If you think these things don’t happen, here’s a fun story similar to 40 | tailgating: A 17-year-old male from Oklahoma was fired from his job at Walmart 41 | for stealing money. Instead of considering himself lucky that he got away without 42 | being charged, he put his uniform back on and stole $30,000 from three other 43 | Walmarts by pretending to be a general manager from another store. 44 | 45 | Alright, so we’ve covered trusting individuals, both well-known ones and 46 | strangers, as well as how social engineering can be very dangerous. But what 47 | about trusting companies to handle your data? This course has already 48 | discussed dozens of different companies who have misused data—many times 49 | without user knowledge. So, can we trust them? 50 | 51 | Toysmart.com made a pledge of privacy to its customers, promising not to share 52 | its database with other companies or third parties. Then, the company went 53 | bankrupt and promptly put its user database for sale. This practice continues to 54 | this day. Hulu stated they will sell data if they suffer bankruptcy. In fact, this 55 | article from the New York Times found in the case of a merging, acquisition, 56 | bankruptcy, or asset sales, many companies, including Amazon, Apple, Facebook, 57 | Google, and LinkedIn may transfer user data to another entity without user 58 | consent. We saw this happen during RadioShack’s bankruptcy, when they 59 | attempted to sell user credit and debit cards, social security numbers, dates of 60 | birth, and even phone numbers; luckily politicians stepped in before ALL of the 61 | data was fully sold, although some still was. 62 | 63 | Let these examples be a lesson that even when companies promise privacy, they 64 | could be lying, or they could unpurposely implement poor methods of securing 65 | your data. 66 | 67 | Be careful with who handles your information. Don’t 68 | give up data when it isn’t needed, and don’t trust everybody to handle your 69 | information as well as you would. Here are some general rules for you to follow: 70 | 1) Don’t give up information that isn’t required. RadioShack didn’t need your 71 | social security number, Facebook doesn’t need your home address, and a 72 | stranger in public doesn’t need your date of birth. 73 | 74 | 2) Be aware. Ask yourself why a company needs a specific type of data. Don’t 75 | be afraid to ask why something is needed, and be aware of the existence of 76 | social engineering attacks and how they can impact you. 77 | 78 | 3) Don’t succumb to pressure. If you feel that a piece of information doesn’t 79 | need to be collected, ask to go a different route, or deny access to the 80 | information and pick a different service if possible. 81 | 82 | 4) Make sure the people around you know what information they can or can’t 83 | share about you. You can keep your life as locked down as possible, but if 84 | your partner or best friend is sharing your phone number and email that’s 85 | intended to be secret, well...that’s not good. 86 | 87 | And that wraps up this lesson. There will always be those you trust, but remember 88 | to educate and communicate with them about your privacy and security habits. 89 | As for companies and other entities, it’s safe to assume the worst, because there 90 | are little to no regulations on how your data is shared at least in the US, and most 91 | companies will take the opportunity to abuse your data for a quick profit. Thank 92 | you for watching, and I’ll see you in the next lesson: Minimizing Data Access. 93 | -------------------------------------------------------------------------------- /Scripts/Section 6/4_ Anonymization _ Pseudonymization.md: -------------------------------------------------------------------------------- 1 | # Anonymization & Pseudonymization 2 | 3 | We’ve covered pseudonymisation and anonymization earlier in the course, but it’s 4 | important for us to discuss these more in-depth. We’ve previously covered it’s 5 | nearly impossible to make your personal identity anonymous. We are registered 6 | and part of the system. We have social security numbers, we have birth 7 | certification, we pay taxes and have jobs. But this doesn’t mean we can’t hide or 8 | separate the non-necessities from ourselves. How do we do this? 9 | 10 | To recap, pseudonymization is the creation of an alias, or ghost identity. 11 | Pseudonyms are completely legal as long as you’re not using them to defraud 12 | someone else. They allow you to sideload information to aliases not tied to you, 13 | which is useful when services or people are requesting information that doesn’t 14 | necessarily need to be yours. 15 | 16 | Anonymization involves making sure something you’re doing is tied to no identity. 17 | The most common way of accomplishing this is by blending a group of people 18 | together, so no one user is unique. This is exactly what Tor does, it is built from 19 | the ground up to make you look like everyone else using it. 20 | 21 | To sum up how to use the two concepts...I would recommend you anonymize any 22 | traffic that doesn’t require an account with Tor and other anonymization tools 23 | discussed throughout the course. If something requires an account, but you 24 | don’t want it to be tied to your identity, pseudonyms are the way to go. The idea is 25 | to keep your pseudos and anonymous sessions completely separate from your 26 | true identity. Sounds easy enough, but how do you make a pseudonym? 27 | 28 | Let’s make one together with the master of pseudonyms: Roger Smith the Alien. 29 | But before we do that...remember the one and only golden rule: 30 | Your pseudonyms must not be tied to your personal identity. 31 | 32 | Okay, first...we need to figure out what this pseudo is for. What information does 33 | he/she need to have, and how in-depth does it need to be. Your pseudo can be a 34 | name and email, or it could be something like this... For this lesson, let’s create a 35 | pseudonym for Roger with the basics. 36 | 37 | Let’s start with a name. Since this will function as a general-purpose pseudo that 38 | doesn’t need to be a unique person, let’s give it a degree of anonymity. 39 | We’ll pick a very common name to blend in, something like Brian Smith. 40 | 41 | Now, Roger needs a form of communication, and this will vary depending on what 42 | service he’s trying to access. If it’s an online survey, he’ll need an email. If it’s 43 | Google, maybe also a phone number. He needs to form a communication 44 | method that isn’t tied to him. We’ve previously covered services in the course like 45 | tempmail, guerillamail, freephonenum, inumbr, burner, and shuffle. 46 | 47 | Up next, Roger needs an origin story. Is his pseudo Brian married? Does he have 48 | kids? Where did he grow up, how old is he? If Brian is only a digital pseudo, Roger 49 | can fake all of this easily. If Brian goes out into the real world though, some parts 50 | of Brian’s story may need to match with Roger’s story. He can’t say Brian is 80 51 | years old when Roger looks 25; people may have some trouble believing him. 52 | If Roger wanted to go more in-depth, he could give Brian his own shipping 53 | address using a PO box or Private Mailbox separate from his. If Brian needs to 54 | make a payment, maybe for a VPN, it needs to be done in a way not tied to Roger, 55 | we covered how to do this earlier in the course. 56 | 57 | And that’s Brian Smith, one pseudo. I would recommend creating multiple 58 | pseudos for different purposes. Maybe you have one for online surveys, one for 59 | spam, one for Jamba Juice, and one for craigslist--the sky's the limit! If you need 60 | help with creativity, fakenamegenerator is a great resource. 61 | 62 | Pseduos can also be used in an anonymous fashion to layer them. You can have a pseudonym 63 | that only lives in Tor sessions, so you're utilizing anonymity to hide a pseudonym to hide yourself. 64 | The sky's the limit. 65 | And before wrapping 66 | things up...remember the golden rule: 67 | 68 | **Your pseudonyms must not be tied to your personal identity.** 69 | 70 | And that’s the lesson, it’ll give you a lot of freedom with different ways you can 71 | sideload information that would otherwise be tied to your personal identity. I 72 | want to thank Roger Smith for helping me out, and I will see you in the next lesson: 73 | shopping safely. Thanks for watching. 74 | -------------------------------------------------------------------------------- /Scripts/Section 6/5_ Shopping Safely.md: -------------------------------------------------------------------------------- 1 | # Shopping Safely 2 | 3 | At this point in the course, you may be asking yourself about *(show groceries)* 4 | shopping. How can you order from Amazon, privately and securely? What about 5 | physical stores? This is tricky because it’s difficult to do. Stress on difficult, 6 | because it’s not impossible! Let’s go ahead and cover different techniques and 7 | methods we can use to make our shopping experiences, online and in-store, 8 | safer; keep in mind this is a more extreme lesson, so those of you who draw your 9 | convenience lines early may find this lesson out of your zone. 10 | 11 | Let’s start with in-person stores, leaving the digital-side out of the equation. 12 | Security-wise, we need to be careful, we don’t know how stores handle your data. 13 | Target has been hacked, Home Depot, Wendy’s, Chipotle, Whole Foods, Sonic, 14 | Under Armor, Panera Bread, Sears, and there are many more. 15 | 16 | The best way to secure your information is by not giving your information. Here’s 17 | how you do it: 18 | 19 | 1) Pay with cash as much as possible. Neither the store or your bank can 20 | collect any data on your shopping habits. 21 | 22 | 2) If a store doesn’t take cash, you can use prepaid debit cards without your 23 | information. Purchase the non-reloadable prepaid visa gift cards, like the 24 | Vanilla Visa, and use falsified information if needed. The idea is to 25 | purchase these \* show cash \* with cash, but if your threat model isn’t as 26 | high, you can use your credit card to buy them. Watch out for reloadable 27 | cards, since they require your real name, address, birth date, and social 28 | security number. Keep in mind even when you buy prepaid cards, there will 29 | be video cameras and other methods of tracking you within the store; not 30 | to mention your trip to the store is tracked as well, so you’ll need a private 31 | method of transportation --assuming your threat model is that extreme. A 32 | side note for EU viewers, the website viabuy.com can get you a credit card 33 | without credit checks or links to your bank account. Speaking of 34 | credit...credit bureaus are widely known to share and sell user data, which 35 | is why you may receive offers for other credit cards in the mail, you can opt 36 | out of this by visiting this website and opting out. 37 | 38 | 3) If you don’t want to (or can’t) use cash or prepaid debit cards in a store, 39 | and you’re set on paying with your personal debit or credit card, at least 40 | implement basic security measures. Contact your bank to increase the 41 | length of your PIN to at least 6 digits, preferably 8. Don’t sign the back of 42 | your card, write “Ask for photo ID”. And consider investing in an RFID 43 | blocking wallet or purse to protect your information from RFID attacks. 44 | 45 | 4) Avoid signing up for rewards programs and credit cards. If you do want to 46 | open a rewards account, you don’t normally need to provide your real 47 | information. \*cough\* 48 | 49 | 5) And the final step, go into every store with a pseudo. You never know when 50 | people will ask for information, and if you’re not prepared, you’re going to 51 | give your real information. Be prepared, like Japeth. 52 | 53 | That wraps up physical stores! But what about digital shopping? Stores are being 54 | hacked left and right, phishing attacks are never-ending, and your personal 55 | information is constantly at risk. 56 | 57 | Let’s start with a popular website: 58 | Amazon. 59 | 60 | Amazon requires an email and a name, both of which don’t have to be 61 | genuine...use a pseudonym. Remember to send packages to your pseudo’s PO 62 | box or PMB, or you could ship to an Amazon Locker. Now, everything is private except payment--you have three options if 63 | you don’t want the purchase tied to you. 64 | 65 | 1) The recommended payment option is to purchase an Amazon gift card at 66 | a local store with cash. You can continue reloading your Amazon account 67 | with gift cards indefinitely. 68 | 69 | 2) The second option, if you insist on paying with a card, is seeing if your 70 | bank offers virtual expendable cards to protect your actual card. If this 71 | isn’t possible, services like privacy.com or Blur offer similar functionality. 72 | But, I would always recommend the gift card route--it is significantly more 73 | robust. 74 | 75 | 3) As we mentioned earlier, you can use prepaid non-reloadable debit cards. 76 | 77 | Congrats, you are now using Amazon privately and securely. Lucky for you, the 78 | rules are extremely similar on other sites--with one main difference. Lots of sites 79 | don’t require an account to make a purchase; if you can checkout as a guest, 80 | take that route. Rather than using Amazon gift cards though, use prepaid debit 81 | card and a pseudonym to make an account--if one is required. Don’t forget to 82 | make purchases on a hardened browser, we covered this in section 3. 83 | 84 | And that is how to shop safely. It’s important you take control of your data 85 | because the places you shop don’t have your security and privacy on their 86 | priority list. As always, thank you for watching, and I’ll see you in the next lesson: 87 | Lifestyle Changes. 88 | -------------------------------------------------------------------------------- /Scripts/Section 6/6_ Lifestyle Changes.md: -------------------------------------------------------------------------------- 1 | # Lifestyle Changes 2 | 3 | This lesson will cover general things we do in our lives that reveal sensitive 4 | information, that we might not normally think about. I can’t cover every 5 | possibility, but I’m going to give you a lot of scenarios and tips that will teach you 6 | the mindset required to change your lifestyle. 7 | 8 | Let’s start with your home. 9 | 10 | * Make sure your most sensitive valuables like wallets, passports, and 11 | electronics are in a room that isn’t easily accessible from outside, keeping 12 | the most sensitive items in a safe. Not just any safe, a good one. 13 | 14 | * Make sure your data is encrypted, and make sure to *(show external hard 15 | drives)* keep backup drives with your data inside of your safe. Always keep 16 | an off-site backup in case something happens. 17 | 18 | * You should consider investing in a security solution to fend off thieves. 19 | They can be bypassed, but it’s mostly to discourage potential burglars. I’d 20 | also recommend security cameras, especially in rooms with sensitive items; 21 | you can set up your own video storage locally to avoid companies 22 | requiring a monthly subscription. 23 | 24 | * I hope this is a given, but get rid of your smart devices. They are doing 25 | nothing but listening to everything you do. Alexa even recorded and sent a 26 | private conversation to a person’s contact; go ahead and read the privacy 27 | policy for your smart device if you need more convincing. 28 | 29 | * To finish off home tips...never, and I mean never open the door for anybody 30 | unless it’s an expected visitor or a trusted family member or friend. If it’s a 31 | stranger and it’s urgent, they’ll make sure to contact you beforehand, or 32 | leave a method of contact for a second chance. I can’t stress enough how 33 | important this is. Thieves are known to dress up as an unsuspecting 34 | person to scope out the house and people inside of it. If it looks like a good 35 | target, they’ll come back later to rob the home. 36 | 37 | * We’ve already talked about minimizing the amount of personal information 38 | your car reveals in the previous lesson, so make sure to implement those 39 | tips. To add on to that, never leave electronics or other sensitive items in 40 | your car. 41 | 42 | * Make sure not to carry your social security number, social security card, or 43 | anything else particularly sensitive in your wallet. 44 | 45 | * If you’re going to a protest or rally, be aware that law enforcement is known 46 | to use a tool called StingRay, an IMSI catcher. This allows law enforcement 47 | to identify people at rallies by capturing their phone traffic. If you’re going 48 | to these events, it’s advised to leave your phone on airplane mode. 49 | 50 | * Even if you follow every tip throughout the course, it’s extremely difficult to 51 | make yourself private in public, especially with the rise in facial technology. 52 | If interested, there is a pair of eyeglasses that sell for $240 designed to 53 | throw off facial recognition technology, and masks are currently a decent 54 | prevention method. 55 | 56 | Alright, so that covers tips for your home and your travels, but there are a few 57 | more tips for the real world you should know about... 58 | 59 | * Shred anything with sensitive information. Anything with your name, 60 | address, or other identifiable information should be shredded, this 61 | includes receipts. 62 | 63 | * Don’t forget you can opt out of junk mail on the FTC website. 64 | 65 | * When sending sensitive letters, use bankers’ envelopes, double up on 66 | tape everywhere, and dab some superglue on the envelope to avoid 67 | tampering. Try to disguise the nature of the letter. And if your threat model 68 | is higher, you can use a felt-tipped pen or fountain pen to address letters; 69 | this way if chemicals are used to tamper with the letter, it will make the ink 70 | run. You can also wrap letters in carbon paper to make the carbon run. 71 | Some people even wrap letters in aluminum foil, so if chemicals make the 72 | envelope transparent, the snooper still can’t view the letter. 73 | 74 | That wraps up some real world examples, but what about the digital world? 75 | 76 | * First, never post publicly that you’re traveling. There’s nothing better for a 77 | criminal than alerting them that your house is deserted for weeks. Take 78 | pictures of your vacation while you’re there, and post them once you’re 79 | back home. 80 | 81 | * Speaking of traveling, never constantly share your location. This increases 82 | the odds of stalking and tracking from people who may or may not have 83 | your best interest. Remember that 7/10 acts of sexual violence are 84 | committed by someone known to the victim. Ensure Find my Friends is 85 | disabled, Snapchat’s location tracking, as well as any other similar form of 86 | these services. While you’re at it, I’d advise disabling traces of personal 87 | data on social media, or deleting it altogether. If you want a balance, never 88 | post pictures of yourself, and if you do, obfuscate the triangle formation 89 | made by your eyes and mouth, since this is how our brains are able to 90 | quickly distinguish faces as well as lots of facial recognition and AI. 91 | 92 | * The last digital tip involves your social security number. Make sure to go to 93 | ssa.gov/myaccount and create an account with your social security 94 | number. There are settings in there that will make it extremely difficult for 95 | anyone but you to do anything with your social. Not many people know 96 | about this, and it’ll significantly lower your chances of identity theft. 97 | And that finishes off different examples of how you should be thinking about the 98 | privacy and security of your daily lives. If you have kids, family, or friends, make 99 | sure to educate them. It’s very important for them to understand why they should 100 | or shouldn’t do certain things when they’re around you, and why they should 101 | implement certain things into their lives as well. 102 | 103 | I hope this lesson was a wakeup call, or at least made you rethink some of the 104 | things you do every day. There are many more tips and tricks out there, but the 105 | most important thing you need is the mindset, which is what this lesson gave. I’ll 106 | see you in the next lesson discussing the some out of the box services and products 107 | that you can buy that honor your privacy and security. 108 | -------------------------------------------------------------------------------- /Scripts/Section 6/7_ Pre-configured Hardware _ Software.md: -------------------------------------------------------------------------------- 1 | # Pre-configured Hardware & Software 2 | 3 | Throughout this course, we’ve had to take insecure and/or unprivate pieces of 4 | software and hardware, and modify them to our benefit. But, are there any 5 | options out there that do this work for us? Luckily, at the time of making this 6 | course, there are some projects and products I wanted to share with you that aim 7 | to offer security, privacy, or both out of the box. It’s important for us to support 8 | companies and projects that take this stuff seriously, and leave behind other 9 | companies that don’t care. 10 | 11 | Let’s start with software: 12 | 13 | - Tor is preconfigured to boost your anonymity. It’s offered for free, and the 14 | setup is extremely simple. Don’t forget about TailsOS and Whonix. 15 | 16 | - Mozilla doesn’t have the world’s cleanest history, but Firefox and other 17 | variants of Firefox deserve a huge shoutout. 18 | 19 | - Brave has its share of problems, but attempting to bring privacy and 20 | security to the masses is very admirable. 21 | 22 | - The EFF is a wonderful organization who develops amazing software like 23 | HTTPS Everywhere and Privacy Badger, as well as great advocacy. Check 24 | their site for meetups so you can take action. 25 | 26 | - Proton gives you a private and secure email, VPN, and more products with 27 | a great track record. 28 | 29 | - Searx.me, Startpage, and DuckDuckgo are all fantastic search engines. 30 | 31 | - Veracrypt makes file and drive encryption easy and free. 32 | 33 | - Most linux distributions are private and secure out of the box, emphasis on 34 | most. 35 | 36 | - GrapheneOS, and CalyxOS are excellent ROMs for android 37 | devices. 38 | 39 | - VirtualBox and KVM allow you to create virtual machines quickly and 40 | easily. 41 | 42 | - Libreboot and coreboot offers a FOSS bootloader for your machines. 43 | 44 | - OpenWRT and PFsense both give you FOSS protection on your home 45 | routers. 46 | 47 | - And cryptocurrency projects like Monero offer private ways to 48 | send payments to anyone around the world. 49 | 50 | Those are just a few of many amazing projects out there. Moving to hardware: 51 | 52 | - Purism, Pine, and System76 make private computers built from the ground 53 | up with you in mind, as well as some phone options. 54 | 55 | - The Ministry of Freedom pre-installs Libreboot and Linux on laptops, 56 | making it easy for consumers to switch to Linux and Libreboot. 57 | 58 | - The Ledger Nano is a cryptocurrency wallet allowing you to securely store 59 | your coins, something we should be encouraging more often. 60 | 61 | - The final and more unexpected devices that have your security in mind are 62 | iPads and Chromebooks. We’ve discussed using these in the past for high 63 | security, and low privacy activities; this includes personal banking, 64 | personal email, and anything else that is inherently unprivate, but requires 65 | a degree of security. 66 | 67 | - Outside of these larger products and services, we have some smaller items you can buy 68 | that we covered on our YouTube channel that we consider small boosts to your privacy and security 69 | for very little money, like privacy screen protectors. 70 | 71 | And that’s it! My hope is that some of you watching this course have some 72 | programming, engineering, or development experience. If so, I encourage you to 73 | make a difference. This list was awesome, but it would be even better if it was 74 | twice the size. If you have an idea or project that you need help with, make sure to 75 | reach out to me because I would love to help you out in any way I can. Thank you 76 | for watching, and I’ll see you in the next lesson: Downsides to Safety. 77 | -------------------------------------------------------------------------------- /Scripts/Section 6/8_ Downsides to Safety.md: -------------------------------------------------------------------------------- 1 | # Downsides to Safety 2 | 3 | Like most things in life, there is commonly a downside. This course has been 4 | created to improve your privacy and security. The benefits are clear: you get 5 | protection from people, companies, and governments who unjustifiably want 6 | your information; not to mention the benefits from fraud, identity theft, and other 7 | criminal activities. These are amazing pros! But, there are problems that are 8 | difficult to avoid, and this lesson will prepare you for the most common ones. 9 | 10 | The first and most obvious issue is your convenience will go down the drain. We 11 | talked about this in the very first section of the course; the more private and 12 | secure you get, the more inconvenient your life becomes. This is why I introduced 13 | all of you to the convenience line, an imaginary line to help you establish your 14 | limits. 15 | 16 | Another downside is you may come across as suspicious to employers and other 17 | people if they aren’t able to find information about you online. Social media’s a 18 | valuable tool when you post positive things you do, since it’s a public way for 19 | people to learn more about you, and it doesn’t limit you to a piece of paper and a 20 | 10 minute interview. Obviously, this is terrible for your privacy, but be aware that 21 | some employers won’t be thrilled when they can’t conduct research under the 22 | table. 23 | 24 | Tying to that last point, you’re not going to (as easily) be able to share your life 25 | with people you know. We always want people to see or react to major things we 26 | accomplish, part of the reason we accomplish things is so that we can share our 27 | accomplishments. If you don’t have social media, sharing your life events and 28 | accomplishments are much more difficult to do. 29 | 30 | The last downside is the possibility of obsession and/or phobia. It’s not 31 | uncommon for everything we’ve discussed in the course to shock some people. As 32 | big as the problems we discussed in the course are, be grateful for the positives 33 | technology can bring into our lives. Being able to navigate anywhere with Google Maps, 34 | instantly messaging people around the world, sharing moments with anybody 35 | instantly--is awesome! There is a hidden dark side to it, but don’t forget to enjoy 36 | the positives. 37 | 38 | I hope this has shed some light on the downsides to living a more private and 39 | secure life, but I also hope it doesn’t discourage you from implementing a good 40 | amount of everything we’ve talked about. The benefits you’ll get greatly outweigh 41 | the downsides, and there’s always a middle ground; where do you draw your line? 42 | 43 | Make sure to stick around for the next lesson, which is the last informational 44 | lesson of the course, and it’s the most important. It talks about activism, 45 | advocacy, and things you can do to make an impact around you, hopefully 46 | convincing others to join the privacy and security movement. I’ll see you then, 47 | thanks for watching. 48 | -------------------------------------------------------------------------------- /Scripts/Section 6/9_ Becoming an Activist.md: -------------------------------------------------------------------------------- 1 | # Becoming an Activist 2 | 3 | Like I said in the last lesson, this is THE MOST important part of the course: 4 | spreading the message and good information to the people around you. The 5 | more people who take their privacy and security seriously, the more companies 6 | and governments will need to cater to the public opinion. 7 | 8 | Let’s start with companies! *(Play Facebook Cares Snippet)* *(Play recording 9 | through Timeline of privacy issues)* Facebook doesn’t care about your privacy, 10 | because there’s no pressure for them to care. There are no regulations and not 11 | enough people making a negative impact on the company. If they lose 50% of 12 | their customers, and all of them left for privacy concerns, Facebook would start 13 | to take their privacy more seriously. The same idea applies to security concerns. 14 | My old bank, one of the largest banks in the United States, doesn’t offer proper 2 15 | factor authentication. If more people left the service because of security 16 | concerns like I did, they would change their ways. Donate money and use products that 17 | are built to protect you. This is pretty self-explanatory, so let’s move on to making 18 | an impact on the people around you. 19 | 20 | The best thing you can do is to tell people why you do what you do. Trust me, they 21 | notice the precautions you take, and if they know you’re not some weirdo, they’re 22 | going to want to hear what you have to say. I constantly get questions about why 23 | I do what I do. Why do I use a password manager, a VPN, *(show screen)* why is my 24 | screen always off from their point of view. The goal here is to give an answer that 25 | makes the other person rethink privacy and security. Tell them you use a privacy 26 | screen protector because shoulder attacks are a common way people get their 27 | passwords stolen, and password managers allow you to make an infinite amount 28 | of secure passwords--something like that. Lastly, make sure to bring out the 29 | positives in services, it’s easy for us to point out the bad things: 30 | 31 | - VPNs slow down your speeds 32 | - DuckDuckGo isn’t as good as Google 33 | - Linux isn’t as easy to use as Windows, etc. 34 | 35 | Instead of bringing out the negatives, bring out the positives. VPNs encrypt your 36 | traffic on a public wifi network and give you freedom from your ISP, DuckDuckGo 37 | allows you to use a huge number of search engines all from one location, and 38 | Linux runs from a flash drive that can be booted from any computer--not to 39 | mention it being free. 40 | 41 | On the topic of people, don’t forget to join communities. There’s the subreddit 42 | privacy, there’s my channel where we’re all about that, and we have a Matrix room 43 | discord server, and Telegram group. Join communities in person as well, the EFF 44 | has meetups you can attend, and take a look at summits and events like Defcon. 45 | Get involved! If nothing out there seems to be exactly what you’re looking for, 46 | create your own community and have fun with it. 47 | 48 | The very last thing I want to talk about is normalizing privacy. In our society, we 49 | associate privacy with criminality. We discussed why privacy is important in 50 | lesson 1.2. There are a few things we can do to improve this problem. First, 51 | implement and use the tools we’ve discussed throughout the course. That way 52 | people around you, who know you’re not a bad person, realize it’s not that weird 53 | to value your data. You should also keep them noticeable, leave Tor and other 54 | tools in your toolbar or desktop so people can see you use them. *(show your 55 | swag)* You can take this to the next level by donating to these projects for 56 | merchandise. The Tor project, the EFF, the FSF, and this course all offer 57 | merchandise like shirts and stickers to help you spread the message. This helps 58 | people in public realize these services are nothing to be ashamed of. Normalize 59 | privacy; if there’s two words you should take home from this entire course, it’s 60 | those. 61 | 62 | Normalize privacy! 63 | 64 | To summarize, if you begin to take your privacy seriously, then you might find 65 | others will do the same. At first you may only have an impact on your circle of 66 | friends. If more and more begin to care, then politicians and businesses will find 67 | that they have to start paying attention. A small number can lead to big changes. 68 | Thank you for watching, and I’ll see you in the section 6 finale. 69 | -------------------------------------------------------------------------------- /Scripts/Section 7/1_ Course Summary.md: -------------------------------------------------------------------------------- 1 | # Course Summary 2 | 3 | Welcome to section 7, this lesson will summarize everything we’ve learned, and 4 | the next video will be our final goodbyes. 5 | 6 | Section 1 covered basic terms and information needed to get started: explaining 7 | what is privacy and security, why we should care, FOSS, metadata, and the 8 | convenience line. Section 2 was dedicated to getting you a clean slate through 9 | minimalism and other techniques locally, and online. Section 3 taught how to 10 | keep your clean slate clean...by keeping things up to date, checking permissions, 11 | using strong passwords, implementing 2 factor authentication, hardening your 12 | browser, proxies and VPNs, antiviruses, proper file deletion, proper storage 13 | habits, and safe communication. 14 | 15 | Section 4 expanded on section 3, by teaching proper browsing habits, comparing 16 | operating systems, using Tor, cryptocurrencies, and performing auditing. Section 17 | 5 was dedicated towards protecting your hardware, we discussed basic physical 18 | security, changing your MAC address, properly securing your routers, radios, and 19 | proper device separation. 20 | 21 | Section 6 taught how to live the lifestyle. This meant discussing who you can trust, 22 | minimizing access to your data, anonymization and pseudonymization, shopping 23 | safely, lifestyle changes, downsides to being private and secure, and tips on 24 | becoming an activist. 25 | 26 | Holy crap, it has been one hell of a journey, but I really hope you’ve learned a lot 27 | through the entire process, and you have or will begin to implement things from 28 | this course. 29 | 30 | Now what did this course not include? In general, it didn’t include in-depth 31 | instructions on how to customize specific things. For example, I didn’t cover all of 32 | the settings you can use inside a VPN. There are plenty of guides on this online, 33 | including on my channel, same goes with software like Veracrypt. If there’s 34 | something you want me to expand on, contact me and let me know. Outside of 35 | that, I genuinely think this course is one of the most extensive guides on the 36 | internet teaching how to live a private and secure life. There are hundreds of 37 | sources, and this has all been peer edited and reviewed by several people over 38 | the course of 4 months. I really really hope that it’s been useful and you use this 39 | information wisely. 40 | 41 | Thank you all so much for watching; remember to normalize privacy, we have a 42 | right to it, which is looking more and more grim everyday. If you made it all the 43 | way through this course, I highly recommend sharing it with your friends and 44 | family, since we need to educate the people around us. Thank you so much for 45 | watching, and I’ll see you in the next video for our final goodbyes. 46 | -------------------------------------------------------------------------------- /Scripts/Section 7/2_ Congratulations!.md: -------------------------------------------------------------------------------- 1 | # Congratulations! 2 | 3 | This is it. I’m sad to be here saying goodbye, and it’s kind of crazy this entire 4 | project has led to this point, it felt like it was never-ending. I honestly don’t have 5 | much more to say. I want to thank you the viewer for being here today. Just 6 | knowing that whoever is watching has been active in my community in some way, 7 | shape, or form means a lot to me, it really does. Once again, don’t forget to 8 | support the course, it’s completely free and public because of those of you who 9 | are willing to give back, thank you to the supporters. I’m grateful everyday to be 10 | able to do this for a living, and it’s something I hope to continue to do, and you’re 11 | the people making that happen, so thank you. 12 | 13 | I hope you’ve learned more than just a few things, I hope your life has completely 14 | changed; if it did, please share your story with me because I’d love to hear it. That 15 | is all I have to say, thank you for being a part of the course and the Techlore 16 | community, and go out there and normalize privacy. 17 | -------------------------------------------------------------------------------- /changes.md: -------------------------------------------------------------------------------- 1 | # Go Incognito Changelog 2 | 3 | **(Updated Jun 7, 2023)** 4 | 5 | Thank you for watching Go Incognito! This document includes any necessary changes or updates to the course to ensure all information stays relevant. 6 | 7 | ### General Updates 8 | 9 | - Many users have asked or mentioned GDPR. Unfortunately, GDPR was passed after scripting for Go 10 | Incognito was complete. It would have required a massive amount of re-writing and delays to 11 | include GDPR throughout the course. Anyone affected by GDPR should research what it means for 12 | them, and keep this in mind as they watch Go Incognito—as some steps will be irrelevant with GDPR 13 | goggles. 14 | - Production in Sections 1 and 2 are subpar compared to Section 3 and beyond. Production for premium 15 | version(s) of Go Incognito Section 1-2 WILL be improved...although still not quite as good as Section 16 | 3 and beyond, as raw recordings issues can only be fixed so much. Long story short, expect to see 17 | some improvements in production in the premium course. 18 | - **While the general philosophies and instructions of Go Incognito are still massively helpful, it's beginning to show its age regarding individual recommendations. For example, Go Incognito predates Mullvad Browser, Lockdown Mode on iOS/iPadOS/MacOS, Passkeys, etc. Additionally, some services that were previously recommended are no longer suggested. Because of this, we are currently [in the process](https://dispatch.techlore.tech/i/116795784/go-incognito-v) of planning & producing a V2 to the project. A free variant will remain, and all current premium students will be auto-enrolled in future iterations for life. [To view more information and to leave us feedback on what to improve, visit here.](https://discuss.techlore.tech/t/go-incognito-fans-we-need-your-feedback-for-a-v2/1830)** 19 | 20 | ## Section 1 21 | 22 | **Why Should You Care? | Lesson 2:** 23 | 24 | - At https://youtu.be/M6_ZlkBYrxI?t=3m22s (3 minutes, 22 seconds) I say: 25 | ``` 26 | Any opposition to this is greeted by the response that if a person is doing anything wrong, they should have nothing to hide. 27 | ``` 28 | - What I meant to say was: 29 | ``` 30 | Any opposition to this is greeted by the response that if a person is doing nothing wrong, they should have nothing to hide. 31 | ``` 32 | 33 | **FOSS | Lesson 4:** 34 | 35 | - Something I regret not mentioning about FOSS relates to the code and control 36 | companies/governments have over proprietary software. Just as mountains are natural 37 | architectural limitations found in nature, software and code have architectural limitations on what 38 | a user can/can’t do. With proprietary software, the user doesn’t know what these limitations are, 39 | but FOSS allows the community to understand what the software can and can’t do. Sure, Tesla’s 40 | have semi-automatic driving utilizing cameras around the car, but how do we know those cameras 41 | aren’t constantly collecting identifiable information about other cars around us? It is unlikely, but 42 | there’s no way to disprove the claim. With FOSS, we can disprove it. With FOSS, we know we aren’t 43 | being limited. With FOSS, we can’t be oppressed unknowingly. 44 | 45 | ## Section 2 46 | 47 | **Erasing Your Local Identity | Lesson 3:** 48 | 49 | - As important as making a lesson geared towards beginners can be, I have made the fatal mistake 50 | of failing to mention those of you already using Linux. This entire lesson, as well as the previous 51 | lesson (2.2) apply to Linux. BleachBit offers Linux support, just as it does for Windows. 52 | 53 | **Erasing Your Online Identity | Lesson 4:** 54 | 55 | - Albine is a service shown in the lesson to automatically remove your information from people-searching websites. Please be aware this is NOT the only product that offers this service. For example, https://www.privacyduck.com offers this functionality as well. 56 | 57 | ## Section 3 58 | 59 | **Permissions and Settings | Lesson 3:** 60 | 61 | - Tesla is mentioned to have a form where you opt-in to cellular communication with the vehicle. Please be aware their process has updated, and opting out MAY involve voiding your vehicle’s 62 | warranty and many other major concerns. The Techlore channel has covered this topic here: https://www.youtube.com/watch?v=Qjkt3X2WLrw and will be covering this more in the future. 63 | 64 | - Uber gets picked on A LOT in this lesson, which sparks the question: **What about Lyft?** They are a 65 | smaller company, but this doesn’t protect everything from getting out. Lyft has also come under 66 | some fire, as seen in this article: https://techcrunch.com/2018/01/25/lyft-god-view/ 67 | 68 | **Passwords | Lesson 4:** 69 | 70 | - The disclaimer text at https://youtu.be/jZr4u5nEZP4?t=730 (12 minutes, 10 seconds) should say 71 | “Overestimate” instead of “Underestimate”. 72 | - Some password tips were a bit outdated in this video, for a much more thorough analysis on password security, refer to this resource: https://pages.nist.gov/800-63-3/sp800-63b.html 73 | 74 | **Two-Factor Authentication | Lesson 5:** 75 | 76 | - Authy is NOT FOSS. An empty GitHub isn’t open-sourcing your software, and it’s a shame this 77 | was mentioned as a FOSS service when it isn’t. (https://github.com/authy) 78 | - Biggest mistake of Go Incognito so far: No mention to BACK UP YOUR 2FA CODES! I repeat...BACK 79 | UP 2FA CODES. This is a major headache in the event you lose the device holding your 2FA keys. 80 | Have you backed up your codes yet? 81 | - For an updated guide on TOTP for 2FA, check out this [video](https://youtu.be/iXSyxm9jmmo) on the Techlore channel. 82 | 83 | **Search Engines | Lesson 6:** 84 | 85 | - Please note this lesson isn’t covering the ONLY search engines to use—it’s simply giving three 86 | commonly-recommended options. There are several other great privacy search engines, and more 87 | advanced users can make an educated decision on which one they trust most. The Techlore 88 | channel will cover other search engines more in-depth in the future. [Update, here.](https://youtu.be/ma2qDOkvaJo) 89 | - A beautiful thing about searx.me is they allow you to self-host it yourself. Underrated feature I 90 | failed to bring up. 91 | 92 | **What's the BEST browser | Lesson 7:** 93 | 94 | - There was a study showing Brave phones home the least out of the box: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf 95 | - Firefox incorporates some heavy telemetry by default, specifically including Google into their mobile applications. This can all be opted out of, though you should know of its existence. 96 | - There have been many major updates to browsers, including LibreWolf, Arkenfox, Bromite, and much more. We recommend visiting our [website's resources](https://techlore.tech/resources) for the latest recommendations. 97 | 98 | **Hardening Your Browser | Lesson 8:** 99 | 100 | ***This the most out-of-date Go Incognito lesson!*** We strongly recommend using our newest Firefox hardening guide [here.](https://youtu.be/F7-bW2y6lcI) We also recommend referring to [PrivacyGuides](https://www.privacyguides.org/browsers/#firefox) for the newest recommendations. 101 | 102 | 103 | **Antiviruses & Malware | Lesson 12:** 104 | 105 | - Using mutiple real-time antiviruses is never recommended, 106 | though having a backup scanning-only tool is fine. 107 | 108 | **Section 3 Finale | Lesson 16:** 109 | 110 | - There is a missing audio effect in the introduction. This will be fixed in the premium version of Go Incognito 111 | 112 | ## Section 4 113 | 114 | **Cryptocurrencies | Lesson 6** 115 | 116 | - This lesson recommends LocalBitcoin, which several users have expressed now require identification. It's recommended to strictly use [Bisq](https://bisq.network/), [LocalMonero](https://localmonero.co/), or another [KYC-free exchange.](https://kycnot.me/) 117 | 118 | ## Section 5 119 | 120 | **MAC | Lesson 3** 121 | 122 | - Windows 10 has now introduced MAC Address randomization which may negate the need for some of the referenced tools in this lesson. 123 | - iOS 14 re-introduces MAC Address randomization 124 | - Newer versions of Android also include MAC address randomization 125 | 126 | ## Section 6 127 | 128 | **Shopping Safely | Lesson 5** 129 | - A user has mentioned that both MasterCard & VISA offer privacy opt-outs on their websites. This is another step users can take to shop a bit safer. 130 | --------------------------------------------------------------------------------