1626 words
@personalopsec

Difference between privacy and anonymity

I've been a fan of the privacy, osint, security scene for some time. I regularly see people getting confused about being private and being anonymous. These are two different animals.

To be anonymous you have nothing linking back to you. It's not your name, your real email, picture, anything really. It's all fake or not even mentioned. You are more of a ghost. This is very useful if you are a criminal, investigating criminals, or living somewhere it wasn't safe for you to be yourself in a public sphere. Speaking out against your government for example.

Privacy doesn't have to mean people can't identify you, it's more about them knowing you. I don't mind if you know my name, but do I want you to get access to my phone number or address? I may not want the world to know my kids or other family members details either. So I don't share it. But my social profile still has a real picture of me and my real name. This is being private.

Privacy is the common solution. Most people you encounter on places like twitter may want to be recognized. They are possibly building a brand, seeking recognition, or networking for a job. To do this doesn't mean you have to tell the world everything about you.

I would say anonymity actually hurts a little in online communities. Imagine you have been on twitter for a couple of years. You've helped some opensource projects or non profits as your anonymous self throughout the years. Suddenly you need to find some work. Will you be able to reference that past work? Even if your not afraid to out yourself, could people trust it was you?

So you pick what works for you. Again, for most people to stay safe online you need to exercise privacy. Anonymity is for more extreme situations in my perspective.

Be sure to let me know what you think..you can send me a tweet.

privacy

A 'private as can be' Windows Install

So I am not the strictest privacy zealot out there, but I'm making strides. Most every privacy enthusiasts choice in machine would be something running Linux, then maybe a Mac, and at the bottom of the barrel is a Windows machine. So my dilema is that my favorite machine I have is a Surface Laptop 3. I really love the thing and it doesn't run Linux, well at least without some heavy kernel tweaking. So I'm going to reload the thing and be as privacy conscious as I can be while still maintaining as many of the bells and whistles of normal userdom I can.

First thing to tackle is the fact that a Windows machine loses quite a bit of functionality if you don't have a Microsoft account. Biggest thing is the use of their store. The next biggest loss is if you wanted to use any of the insider stuff. So I'm tackling this doing the following.

  • I created a fresh Microsoft account with it's own non-Microsoft email. (You could create a completely anonymous one with a sock-puppet if you want to really go down the rabbit hole.)
  • A lot of time you need some sort of payment option set up. So I made a Privacy.com card specifically for this account.

I still have my other account which I use for Family Safety controls for my kids. I also occasionally need Office. So my plan is to put a Windows VM in place specifically for these tasks. I guess that setup would be a post of it's own. Either way, this will put me at a level of dealing with Microsoft that I can be comfortable with.

So now that that is done I will use the freshly created Microsoft account to setup my laptop. I know Microsoft will still get some telemetry from me, but it will be minimal and tied to a separate account that isn't used for anything other than logging into that one device and using the Windows store.

Next I uninstall all the programs that come with Windows by default that I can, like games, Office365 trials, etc..

Once this is done we need to open Edge so we can download a different browser. I suggest Firefox so we can use container tabs. If you don't want to go that far we can do Brave also. I may have a future post on how I setup my browsers.

Now we need to open our browser of choice and install O&O ShutUp10. This is going to turn off as much Windows telemetry and spywarish settings as it can. It will also disable Onedrive if you choose (I do recommend this). I choose the 'Recommended and somewhat recommended settings'. Again, besides that you have to find the turn off Onedrive setting and manually check it if you want to kill Onedrive.

At this time I would install my VPN also to give me some more protection before I continue. My personal recomendation is Mullvad. I like them because it makes it easy for me to have Wireguard setup on all my devices and they are as anonymous as it gets. They don't have your name, email, phone.. nothing.

Next we need to install Virtualbox. With this installed you can install Windows or Linux machines for whatever usecase you need. Again, detailed use would be another post. But the main thing at this time we will use it for is another Windows VM to do all those Microsofty things we need without having to dirty up our main machine. You can get a free Windows VM to use from Microsoft themselves by following this LINK

If you read the fine print below you get 90 days. So set it up how you want then take a snapshot. When it expires just load the snapshot again and your back in business. This isn't meant to be persistent. It's just so you can use office or anything else from other Microsoft accounts.

All that is really left is to install any other VMs I may use. I have a few I keep.

  • The Trace Labs OSINT VM
  • A Kali Linux VM
  • A vanilla Linux VM (Distro just depends on how i'm feeling, they come and go)
  • The above mentioned WIndows VM

Then I install whatever othe software I want on the host, which for me is:

I hope this all made sense for you. I will go into more details on some of the finer things in other posts. This will get you pretty far though.

Cheers.

Welcome

Hello there,

I see you found me. I am a developer and security/osint afficianado. This blog is where I am going to share anything I learn, thoughts, ideas, and anything else techy. So if that's your thing, read along.

Cheers!

All Hail Standardnotes!

Today I want to share an app with everyone. I'm sure many people have heard of it or tried it. But then again I am sure many haven't. I have been a Standardnotes user for a couple of years now and absolutely love it. I really don't think there is an app that compares.

Directly from there site,

Standard Notes is a safe place for your notes, thoughts, and life's work.
A free, open-source, and completely encrypted notes app.

But Standardnotes is really so much more. Let's start with security.
The free version includes:

  • AES-256 encryption.
  • Easy to use, open-source apps on Mac, Windows, iOS, Android, and Linux
  • Automatic sync with no limit on data capacity
  • Unlimited devices
  • Web access
  • Offline access

If you get the paid version which goes from $10 a month to $2.50 a month if you do the 5yr plan, which is where I'm at. It adds..

  • Encrypted attachments for your notes stored directly in your Dropbox or Google Drive.
  • Unlimited access to powerful extensions, editors, and themes.
  • Note version history (up to 100 years)
  • Automated backups of your data to your Email, Dropbox, OneDrive, and Google Drive
  • Two-factor authentication (this I think should be on the free version as well)

Of course then there are the extensions which make it even better you can get..

  • A blog such as this one with listed blogging platform, get it with your own domain if on the extended(paid) plan.
  • Token Vault allows you to use Standardnotes as an Authenticator app
  • Task Editor lets you use it for todo lists.
  • You can do spreadsheets within it.
  • Multiple Markdown editors
  • A vim editor
  • Filesafe - Attach files to your notes and have them automatically encrypted and uploaded to your Dropbox, Google Drive, WebDAV server, or AWS S3.
  • Encrypted backups to Dropbox, Google Drive, or Onedrive
  • Get emailed backups
  • Encrypted file sharing with FileSend
  • Multiple themes and other addons beyond the above.

Standardnotes is just crazy useful while at the same time keeping all your data safe. I really can't say enough about it. Oh, did I mention it's all opensource?

If you are looking for that Evernote or Onenote replacement and are privacy minded. This may be for you. I really couldn't live without it at this time. Give it a go..

Cheers!