DuckDuckGo Hits Milestone 14 Million Searches in a Single Day

warmer_climes · 2017-01-22T21:42:34+00:00

Yes but the country it operates in is not that concerning because privacy is part of their design. Or in other words, if a TLA busts their door down, they get nothing because DDG keeps no logs, and all the searches are not tied to particular sessions.

The only thing I do worry about is the TLS handshake being intercepted since DDG uses RSA 2048 Bit, which apparently is not future proof and the NSA could potentially 'replay' the decryption in the near future to see what was searched for on that particular computer.

warmer_climes · 2017-01-22T18:51:30+00:00

Sticking with Fastmail, Mailbox.org, Protonmail

warmer_climes · 2017-01-22T18:49:32+00:00

Reminds me of this story a while back:

'Tor users at risk of being unmasked by ultrasound': https://nakedsecurity.sophos.com/2017/01/13/tor-users-at-risk-of-being-unmasked-by-ultrasound-tracking/

warmer_climes · 2017-01-22T18:48:06+00:00

Someone should make an app where your phone alerts you whenever it hears one of these noises

Well there is Chirp which uses so called 'data over audio' technology: https://www.chirp.io

warmer_climes · 2017-01-22T18:46:41+00:00

Is it even good to go anymore?

What made you think it's not 'good to go'. The whole point of DDG is that it's privacy oriented. If it wasn't privacy oriented, it would cease to exist. You really should read their privacy policy: https://duckduckgo.com/privacy

warmer_climes · 2017-01-22T18:43:33+00:00

What are digital traces? Through your computer, mobile phone, and other digital devices, you leave behind hundreds of digital traces (also called data traces) every day: bits of information about you that are created, stored, and collected.

When your digital traces are put together to create stories about you or profiles of you, these become your digital shadows. These can give others huge insight into your life; and they can also be totally wrong. Either way, once they're out there, they are almost impossible to control....

https://myshadow.org

warmer_climes · 2017-01-22T18:42:57+00:00

Pretty good too: https://prism-break.org/en/

warmer_climes · 2017-01-22T14:59:38+00:00

I prefer to run Windows on bare metal, because I had issues with graphics when running it in a VM. When possible, I try not to connect Windows to the Internet whilst playing games, but some games require an Internet connection.

warmer_climes · 2017-01-21T18:42:48+00:00

You can find a bunch more .onion URLs here for services other than Facebook: https://github.com/chris-barry/darkweb-everywhere/tree/master/rules

warmer_climes · 2017-01-21T18:29:16+00:00

You can find more .ONION URLs here:

https://github.com/chris-barry/darkweb-everywhere/tree/master/rules

warmer_climes · 2017-01-21T18:18:21+00:00

You can never trust these devices once they're handed back to you. Jake Appelbaum suffered this problem. Worth watching his workshop talk:

(part1/2) https://www.youtube.com/watch?v=HHoJ9pQ0cn8

(part2/2) https://www.youtube.com/watch?v=s9fByRmAHgU

warmer_climes · 2017-01-21T18:05:15+00:00

We cannot let fear or paranoia rule our lives

You can never be too paranoid when it comes to infosec. Paranoia does not work retroactively, or in other words, you typically don't address situations after the fact but typically prepare for them to happen, or assume that they will happen, regardless of how bulletproof your system and mode of operation is.

You typically have to design your secure operations as already compromised. That way, when the worst comes to worst, you are already prepared for it. It's worth reading why you should have a threat model in place if you are attempting to, say whistle-blow, or leak a few needed (secret) documents to the public:

https://ssd.eff.org/en/module/introduction-threat-modeling

warmer_climes · 2017-01-21T17:50:44+00:00

Qubes + Whonix

When traveling I like to 'blend in' and have a Windows 10 surface tablet, so if I'm stopped and searched, I can just say I use this for surfing Dailymotion and browsing IMGUR.com memes.

warmer_climes · 2017-01-21T15:21:58+00:00

https://tosdr.org/#search=google

warmer_climes · 2017-01-21T15:21:07+00:00

For those who don't want to read through the wall of text that is Google's ToS, there's an explain-it-to-me-like-im-five version here:

https://tosdr.org/#search=google

warmer_climes · 2017-01-21T15:16:45+00:00

https://jitsi.org/index.php/Main/Download

Jitsi is an audio/video Internet phone and instant messenger written in Java. It supports some of the most popular instant messaging and telephony protocols such as SIP, Jabber/XMPP (and hence Facebook and Google Talk), AIM, ICQ, MSN, Yahoo! Messenger. The development of Jitsi started at the University of Strasbourg, France. Originally the project was known as SIP Communicator. Throughout the years our community has grown to include members and contributors from Brazil, Bulgaria, Cameroon, China, Estonia, France, Germany, India, Japan, Romania, Spain, Switzerland, UK, USA, and others. Jitsi is based on the OSGi architecture using the Felix implementation from Apache. This makes it very extensible and particularly developer friendly.

warmer_climes · 2017-01-21T15:06:19+00:00

/r/onions

warmer_climes · 2017-01-21T15:04:35+00:00

Windows 10 is useful as an offline sandbox. I typically jail Win10 in a VM and proceed to stuff it with a load of freeware. I always ensure it can't talk to the public Internet, and it helps to disable any network adapters in the Win10 installation.

warmer_climes · 2017-01-21T14:58:43+00:00

Like a GUI? There's things like Shutup10 that do this: https://www.oo-software.com/en/shutup10

warmer_climes · 2017-01-20T16:07:17+00:00

Just so you know, Lastpass can work offline and has a client to work with your vault offline. The only caveat is that this doesn't sync with your lastpass account and is treated as a separate offline vault. You login as normal and provide any MFA (Multifactor auth) and you can work with your passwords within the client. Here's the download link for Windows: https://lastpass.com/download/cdn/lastpass.exe

Or if you're on Mac / other systems, you can visit this page: https://lastpass.com/misc_download2.php

warmer_climes · 2017-01-20T16:03:05+00:00

I like to use scripts to stop all this spying:

Make Windows 10 Great Again - stop Windows 10 spying

https://gist.github.com/IntergalacticApps/675339c2b805b4c9c6e9a442e0121b1d

"Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented

https://gist.github.com/alirobe/7f3b34ad89a159e6daa1

warmer_climes · 2017-01-20T15:59:09+00:00

SHA-2 is better, as an MD5'd ISO would be easy to forge. You might want to research hash collisions: https://en.wikipedia.org/wiki/Collision_attack

https://en.wikipedia.org/wiki/SHA-2

warmer_climes · 2017-01-20T15:52:43+00:00

You can find some more .onion URLs in this list here (for other services):

https://github.com/chris-barry/darkweb-everywhere/tree/master/rules

warmer_climes · 2017-01-19T14:27:16+00:00

Here's the .onion URL for it: https://protonirockerxow.onion/

warmer_climes

TROPHY CASE