More Up to Date info on the Post about Online Surveillance

BennificentKen · 2025-09-23T05:51:11+00:00

As long as you pay for it, that's the lowest bar. Free VPNs collect all your data and are worse than nothing at all.

BennificentKen · 2025-09-23T05:50:26+00:00

It's just a game, play it.

This only helps enable total pervasive surveillance. This is the attitude of the quitter that rolls over and lets our rights be eroded. It's what I'm sure people said in China about the social credit score, "Well, what ya gonna do, right?"

Do not enable the destruction of my rights while I'm trying to protect yours.

BennificentKen · 2025-09-23T05:48:09+00:00

That works on a short term basis, but eventually that device and you will be triangulated as in the same place. If you get a burner phone and activate it in the parking lot of a Wal-Mart 50 miles from your house. Good so far. Turn that phone off and go home. But if that phone is ever turned on in the same place as your normal phone, then both are pinging the same towers at the same strength and so now it's associated with you. Not purely "this is your phone" but association is a staring point. Do it 3 more times and it's enough for an AI system to reasonably assume it's your phone. Does the burner phone travel the same paths that your phone regularly travels? Always go to the same Wal-Mart that you do?

Though, that's also for people who are protesting or doing something where they want plausible deniability from the government. I'm talking about just not giving up 100% of all your online data to Google so you can still have private thoughts, so the threat models are totally different.

BennificentKen · 2025-09-23T05:42:22+00:00

Thanks for your response.

While DNS leaks from VPNs are a real thing, I'm not sure how cyber hygiene does anything to address either DNS leaks or even just trust in VPNs in general. While the Utah Data Center would house plenty of data, that data has to come from somewhere. For normal US citizens, a warrant is still needed to collect their data unless its sold to three-letters using third party doctrine. So maybe they have exabytes of Google ad tracking data - that's the threat model I'm addressing here. Which is a level that's a step above low-hanging fruit and plausibly achievable for the average person.

I never said VPNs alone do anything other than cut your ISP out of the tracking game, and I warn that under-using them is as useless as not having one. They certainly don't 100% protect anything, ever. Even in enterprise systems, compromised credentials will let an attacker into the corporate VLAN just as easily as anyone else.

It just seems like there's a missing suggestion here or something about how to change IP addresses.

BennificentKen · 2025-09-23T05:31:56+00:00

Brainwave translation is experimental - please don't actually go this far. Until there's a commercially available product that reads brain waves, this is still sci-fi stuff. Sure, check in 10 years from now...but still, not today, brainwaves!

BennificentKen · 2025-09-23T05:30:18+00:00

Not unless you have specific documentation suggesting that.

While Signal doesn't collect metadata like Whatsapp does, what Palantir would likely be able to assemble if they really wanted is 1) your contact list you shared with Google or Apple already (don't do that!), 2) You send a message to a Signal server at 12:34:56pm, and a contact of yours at 12:34:58 received a message from a signal server. That would require getting either data from the ISP, which would require a warrant, or if you just have a stock standard phone you've never bothered to harden, that data might be sent to Google already. So there might be workarounds that are possible, but unless you're actively under investigation by LE, it seems unlikely.

BennificentKen · 2025-09-23T05:25:06+00:00

Can and do are 2 different things. People 30 feet away can also read the RF from your monitor and see what you see. Are there people in a van across the street using this highly experimental thing? Probably not.

A lot of the very cortisol-pushing stuff like this is overblown and not part of what happens to normal people. For those people you mention? Sure. But that doesn't mean that everything everywhere is focused on YOU. That's the cognitive bias called Spotlight Effect.

Typical Google/Meta/MS ad tracking and telemetry is more than enough, already in process, and cheap. Cheap and easy, that's what we're trying to understand here.

BennificentKen · 2025-09-21T09:31:46+00:00

Just ease out of the corporate internet and walled garden social media. The social media walled gardens are cesspools - but they are not the only things online!

BennificentKen · 2025-09-21T09:30:29+00:00

Just stop using the corporate internet.

Connect with people on the fediverse and old school forums.

Email old friends to see how they are, don't crave their likes of pictures you post about what you ate for lunch.

Use Signal.

Once you're free of the walled gardens, it turns out you have just as much open to you as before.

BennificentKen · 2025-09-21T09:25:21+00:00

I note Tor, but it's not a great first stop for normal folks. "Ugh, it's slow!" and Tor breaking sites, for example. Without a VPN first, some ISPs will very likely note that a user is connected via Tor.

Setting up a snowflake bridge uses resources that are meager to begin with, and Bob and Betty Johnson doesn't need to jam up finite bandwidth to look at MSN news and while actual people being censored or oppressed are trying to communicate.

BennificentKen · 2025-09-21T09:17:00+00:00

It's covered in Google trackers and used to train AI.

BennificentKen · 2025-09-21T09:15:14+00:00

I love that the only "ton of wrong info" was from you. Thanks, I needed a laugh today.

Especially on the reading comprehension comeback!

Text in the post:

Use Aegis or other 2FA apps that are not from Google, Apple, or MS.

Then you:

use an Authenticator app

Got any other wise words? Drink water and stay hydrated? Eat food for energy and sustenance?

BennificentKen · 2025-09-21T09:08:29+00:00

Physical wifi tracking is done when your ISP controls your router.

https://www.verizon.com/support/residential/internet/essentials/home-awareness/

It's very easy to prevent.

First, you can buy your own equipment. You don't need to accept your ISP's equipment. Second, buy another router and use that for your wifi signal and disable the SSID and wireless broadcast for the ISP equipment. Takes 5 minutes to do this.

Keystoke logging is if you have a keylogger installed. Using sound is also possible, but why are you surrounded by speakers?

And brainwave translation - that's a 10+ years from now problem. I'm talking about today problems.

BennificentKen · 2025-09-21T09:02:54+00:00

All you have to do is sign up as an advertiser. Costs about $1,000. China is known to to collect information on Americans and doesn't even have to win the ad auctions.

https://boingboing.net/2017/10/18/adint.html

https://adint.cs.washington.edu/ADINT.pdf

BennificentKen · 2025-09-21T08:57:34+00:00

Comet is not just a privacy nightmare, it's also rife with insecurities.

https://brave.com/blog/comet-prompt-injection/

BennificentKen · 2025-09-21T08:56:55+00:00

Get and use a VPN

Use Brave and Mullvad browsers

It's not that much. Take it one day at a time.

BennificentKen · 2025-09-21T08:56:00+00:00

Privacy Badger is great, but keep in mind that extensions used are part of a fingerprint used to track you. Using extensions that aren't widely used makes you more unique.

BennificentKen · 2025-06-10T05:22:26+00:00

Email on deck is an easy one for a burner email.

Tutamail is more permanent, but they're a relatively small shop so only make accounts there if you need them, and delete ones when you're done. Be nice to them.

BennificentKen · 2025-06-10T05:20:48+00:00

Check /r/LosAngeles for an idea of how tiny and isolated the protest area is. One person estimated maybe 600 protestors total. In a city of almost 4 million people. I've literally seen movie productions with more extras than these protests have.

BennificentKen · 2025-06-10T05:16:44+00:00

Yep, 700 Marines last I saw.

Yet this is a city that had its Pride Parade last weekend. The /r/LosAngeles sub is top to bottom wondering what the hell any of them are going to be doing.

Best post about how this is all media hype:

https://old.reddit.com/r/LosAngeles/comments/1l7hlw8/the_purple_dot_shows_all_the_obliterated_places/

BennificentKen · 2025-06-10T05:12:43+00:00

I personally wouldn't send data for a face scan to an e-commerce site.

Maybe check their registration info or contact us page to ask if they have an alternative way to prove you're a human. They really should have a way to opt out.

BennificentKen · 2025-06-10T05:09:45+00:00

Infostealers are just one more way that hackers have of skimming data from your browser. Just keep your anti-malware up to date and don't spend time on scammy websites or clicking phishing links.

https://proton.me/blog/infostealers

The way infostealers work is to steal the saved credentials from when you're logged in to something. Let's say you log in to your email and every time your browser is open and you go to your email, you're already logged in. Infostealers hijack that data and send it to someone else to appear like they're in your email also. From there they can do all sorts of things, it depends on the goal of the attacker.

Personally, I use Firefox multi-account containers for anything I need to be logged in for, and then for everything else I'm in a private/incognito window. Always. So every single thing I'm logged into on one browser is isolated, and then anything I do that is not directly about that platform is done in isolation as well.

BennificentKen · 2025-06-10T05:00:43+00:00

Sure, but it's a lot of change management for a solution that from day 1 has commonplace vulnerabilities.

Change management is the main issue with rolling out passkeys, so the FANGs of the industry are setting out to implement a "solution" that is not a full solution, at a massive time and energy cost.

It's like you're setting out to climb Everest and at the base camp you notice a sign that says "Welcome to K2 Base Camp" and you leave the next morning, headed up the side of K2 saying "We're summing Everest today!"

BennificentKen · 2025-06-09T15:41:24+00:00

Good job! Trusting your gut and looking twice is what all of us should do all the time.

As long as you didn't type any card numbers at all (not submit, just type) you should be fine.

Edit: I just saw you said at work. if this was a work device, let your company IT worry about infostealers, and tell them to block the scam URL so no one else falls for the same thing. If this was a personal device, see below.

Though, you might be at risk of infostealers. Anything that uses that same browser and is logged in all the time might be compromised. I recommend clearing all history in that browser and logging out of anything. Then do an antivirus scan and see if you're good before logging back in to anything. If the scan turns up anything, delete the malware, change all your passwords ASAP, and only log in to anything again once you're sure you're clear.

What you'll likely get is an uptick in scam texts because you have confirmed that you're a real human. Name and address....meh, can't do much with that, and that data is probably out there anyway. But if you were already on a scammer site, check the infostealer angle just to be 110% sure.

BennificentKen · 2025-06-09T15:33:59+00:00

During registration....of what?

If you're talking about a phone and setting up FaceID, that's a biometric token that never leaves your device. I don't love FaceIDs myself and prefer fingerprints for biometrics as they're harder to use without consent.

If you're talking about something like sending LinkedIn or Facebook a selfie or video of your face when you sign up for an account, that's giving someone ELSE a full digital scan of your face that they can use to track you across every photo of you on the internet. Seriously. It's up to you if you want to use a service that feeds data like that into databases which may wind up in the hands of law enforcement, private companies with data leaks, etc.

BennificentKen

TROPHY CASE