Becoming Virtually Untraceable (Eps2.0_!nt3rm3d14t3_T3chn1qu3s.pdf)

*Note: This article was originally published on August 28, 2018. This article is also available in Spanish here.

The quintessential “Hacker” in a hoodie image (Hint: Hackers don’t always look like this)

In part 2 of this series, I delve deeper underground and cover a few more techniques that you can do that are a slight bit more advanced. Before proceeding though, ensure that you have a solid grasp of the initial concepts discussed in Part 1 of this series. Bear in mind that becoming digitally invisible is more of a mentality than anything else. Of course, there are many physical and technical “hacks” you can do in your life to make yourself more invisible, but it is more about fortifying your mind more than anything. If you are able to achieve that, then you will be leagues ahead of the masses.

Conceptually Speaking…

“Доверяй, но проверяй; Doveryai, no proveryai” is a Russian proverb that translates as “Trust, but verify.”

While I have zero compassion for Russia, I do like that proverb as it was frequently used by former late President Ronald Reagan. Simplified further, we can modify the Russian proverb to suit our own purposes as a statement of absolutes, “Zero Trust, Always Verify.” You may recognize this slogan from the company Centrify who have built their product line around a zero-trust security model. While I am not in the business of promoting Centrify products or services, I am a strong supporter of this concept. Typically I try to stay away from absolutes because they are usually foolish and unrealistic. However, with cybersecurity, at least, it is a very technical field of study and the act of striving to achieve and maintain those absolutes will land you closer to the real thing than by not doing so. If you’re truly serious about becoming virtually untraceable, then this 4-word statement of absolutes is your new motto or principle, if you will, that you can strive to achieve and live by from here forth. Zero trust and always verify being, in my humble opinion, the only true way to remain secure and safe in the 21st century whether in the physical or cyber realms. In a zero-trust security environment, every function and action must be confirmed and re-authenticated prior to proceeding to prevent an attacker from gaining unauthorized access somewhere along the way. You must train your mind to think in this way, trust no one or no thing, and always verify everything that comes into your life. Thinking like this is a way of life, it’s not for the casual privacy enthusiast as it requires a lot of work and effort to achieve and maintain. It’s not natural, you have to go against the grain because society has made it so that your personal information is everywhere and accessible by just about anyone. This is unsatisfactory, unacceptable, and must be rectified. If Congress and/or State legislators won’t fix it then we have to do it ourselves to the greatest extent possible. So let’s get to work…

Scenario 1

Pretend that you’re on the phone with a service provider company and a customer service representative [stranger] is on the opposite end and asks you, “Can you please give me your social security number [over the phone] so that I can use it to verify who I am speaking with today?” Your response should always be, “No, I am sorry but I don’t feel comfortable providing that information, is there another method that you can use to verify my identity that doesn’t involve giving you my social security number over an insecure phone line?” Perhaps you can verify yourself by your physical address or better yet, a secret code word that has no attachment to you. If their response is “No,” only the SSN will work then I would suggest closing your account and stopping services right then and there on the spot. Who knows, you may have just inadvertently avoided a social engineering attack by a man-in-the-middle, especially if the “company” representative called you and not the other way around.

Scenario 2

Another fictitious scenario modeled after real-life instances involves a Compact Disc (CD) that mysteriously shows up in your mailbox with a letter allegedly from your home computer/laptop manufacturing company (e.g., HP, Mac, Alienware, Lenovo, or Huawei) containing instructions stating that you need to install the software on the CD that contains specific drivers to update your system. The suspicious letter states something to the effect that the vendor company failed to load the drivers on your computer prior to shipping it to you or the retail store you bought it from. Your “spidey” senses start tingling and instead you decide to chuck the CD in the trash after nuking it in an old microwave that you no longer use for exactly 5 seconds and Google the company online. You come to find out that this particular technique is a known cyber scam used by foreign cybercriminals to gain access to your computer system that tricks unwitting victims to load the CD into their computer and install a remote access Trojan type of malware that allows the attacker to remotely access a victim’s computer and steal sensitive personal data such as your banking information, personal photos, files, passwords that are stored in your browser or password manager. It could even be legitimate software but with invisible malware being installed in the background or from a remote server. It’s bad ju-ju whatever the case. Don’t fall for these types of scams. It’s security 101.

Additionally, try to verify the authenticity of any files you download to your computer by performing what is known as a file hash (e.g., MD5, SHA-256, or SHA-512) and comparing the hash value to the vendor website which may have it posted online for reference. A thorough explanation of what file hashing is and how it works is beyond the scope of this article, but I encourage you to learn about it and use it. If the two file hashes are the same, then it is likely that the file is authentic and safe to install. There have been exceptions (Avast CCleaner), but generally, that is the case. You still need to question the overall motive and need, however, for the software update, since typically these types of actions are performed by downloading the software from the vendor site online and not from a CD that you received in the mail. Never put a CD, DVD, USB drive, or any external media that you found or that someone gave you into your computer. If you have the means to do so, connect it to a spare computer that isn’t connected to the Internet but that is loaded with current anti-virus software definitions that you can easily re-image if it becomes infected with malware.

Image of how file hashing works courtesy of HowToGeek.com

The security-conscious individual never sends personally identifiable information (PII) over insecure channels without some type of cryptographic protection such as using a password or passphrase to protect the file (e.g., password-protected MS Word, Excel, or Adobe Acrobat .pdf file). Occasionally, this could even mean driving to the company’s store to handle business in-person instead of providing sensitive personal information over insecure phone lines.

Silly Rabbit, Browser Cookies Aren’t for Eating

Internet browser cookies are necessary to log in to many sites, but there are some measures that you can take to defeat or at least reduce the number of cookies residing on your computer’s Web browser. First, you need to check if your Web browser has the option to automatically delete your browser history and cookies every time you exit the browser. If not, it’s time to find a new Web browser. Google Chrome and Mozilla Firefox both have that option and are excellent choices if you don’t feel comfortable using Tor or one of the other anonymous (Dark Web) browsers. Microsoft’s Internet Explorer (IE) is a legacy Web browser that you can still use, but that is no longer supported. No longer supported means that you won’t receive any new software patches for new vulnerabilities that have been discovered with the software because Microsoft is not investing any more time and effort in patching the software. Many people will affirm that IE was never good for security, to begin with, but the fact that it is no longer supported or updated hasn’t stopped Microsoft from shipping it with every new version of Windows 10. My recommendation is to stay away from IE, it’s risky to use. Microsoft also makes the Edge browser which replaced IE. So far it hasn’t lived up to the hype, definitely not on the same security level as Chrome or Firefox who obviously care more about security “out-of-the-box” than Microsoft. Apparently, when you’re the largest software company in the world, all you care about is user functionality and your bottom line. Under the settings option within your browser, select the option to delete your browser history, cookies, download history, passwords, and cached images and files every time you exit the browser. Yes, it is pain in the a$$ to have to re-enter your login credentials every time you re-open your browser, but it is safer and third-party cookies won’t be able to track you as easily this way. You’ll have to enable some cookies to visit certain sites, but they’ll be deleted once you close your browser. As mentioned in Part 1, using a browser plug-in such as Privacy Badger will help tremendously.

Password managers are awesome because they allow users to easily create and store sophisticated and lengthy passwords and better yet passphrases. However, browser-based password manager plug-ins such as OnePass or LastPass are potentially vulnerable to being hacked and could allow an attacker to get hold of your master password and access your entire password list for every site you store passwords for. Do not select the option to have your browser save your passwords automatically. It doesn’t take a genius to know that’s not a good thing. To prevent this type of risk against your browser-based password manager, you should activate two-factor authentication that is tied to your email or smartphone so the attacker is not able to access your password manager. If you want to be even safer though, use a locally-stored password manager such as KeePass. KeePass is a free open-source password management application for Windows, macOS, or Linux operating systems that store your passwords locally on your computer’s encrypted hard drive in an encrypted folder that is only decrypted with the corresponding master password key stored on the local system. KeePass has its own password generator, supports 2FA, has a secure desktop mode, and was developed with the added benefit of being able to import password databases from over 30 different commonly-used password managers (just sayin’). This is a better system for password management than storing your passwords in your Web browser or a Cloud password manager service, but if you must have portability of your password database then at least use a very strong passphrase as your master password for services such as OnePass and LastPass and 2FA.

Cryptographic Erasure & Self-Encrypting Devices

The National Institute of Standards and Technology (NIST) Special Publication 800–88 explains how sanitizing the encryption key for your personal data, a technique called cryptographic erasure, can be used to prevent read-access of your deleted data and effectively erase it forever without the possibility of it ever being recovered. Cryptographic erasure works by deleting the encryption key that is used to unlock or decrypt the encrypted data. This way, even if someone were somehow able to access your encrypted files, all they would see is ciphertext without a decryption key to decipher it. Cryptographic erasure is a good practice to use in general, but especially if you store encrypted personal data in the Cloud, where you don’t own the IT infrastructure equipment that your personal data is hosted on. Even if your Cloud Service Provider (C-SP) is legally compelled to cough up your data, it will be an unreadable ciphertext. Cryptographic erasure works best when you encrypt your files locally on your device before uploading or copying them to any type of media to include the Cloud. Once you save unprotected files to media, it is often possible to easily recover those files using data carving techniques and specialized digital forensic software. Just make a habit of encrypting every file you own using techniques outlined in Part 1 of this series (see EFS).

A steadfast principle of computer security is security automation because the surface area is so wide that there is much to protect. Therefore, the goal is to minimize any attack surface to the smallest degree possible and automate where and whenever possible. You can purchase Self-Encrypting Drives (SEDs) that will auto-encrypt your personal data and protect it against willful or inadvertent discovery. Fry’s currently sells a portable 500GB Samsung T5 Solid State Drive (SSD) for $130. So, they’re not too expensive that you can’t afford one. SSDs are much faster than your typical disk-platter HDD because there aren’t any moving parts, instead, the data is stored in microchips. Power users know to load their C:\ operating systems (OS) on their SSD so that it screams with speed for boot-up and processing. Ideally, for optimal processing speed, both your OS and your data are stored on a self-encrypting SSD. You could also use encryption software to encrypt the HDD or SSD, but why not buy a SED that performs that task for you? The SEDs perform encryption and decryption of data using a dedicated cryptographic processor chip that is part of the drive controller, which is better than storing the encryption key on the OS memory.

Like any security control or tool, SEDs are not perfect, however. Much like an encrypted smartphone, once it is unlocked (or decrypted) for use, it will remain in an unlocked state until it is powered down and re-encrypted. This presents some notable security vulnerabilities even when coupled with Microsoft Windows BitLocker and the Trusted Platform Module (TPM). SEDs are, however, effective against basic criminals, snoopers, or someone who comes upon your personal computer that does not possess advanced hacking skills.

Foreign Travel

Generally speaking, if an attacker should get physical access to your electronic device then there is a high probability that they will be able to defeat its security if they have the resources and skills needed. If you’ve worked around computers for any length of time, you know this to be a fact. Physical access = compromise. So, to best protect your data, you have to plan for that possibility up front. If you plan to travel to a foreign country like China, Russia, Iran, or North Korea, you already know these are not U.S.-friendly allies and you should fully expect that any electronic device that you have with you will be compromised in some measure, especially if it is left behind in your hotel room when you’re not present. This is proven and has happened on numerous occasions. Google it. I’ve even heard of U.S. Intelligence agencies requesting the company or government laptop HDD be turned over for analysis following foreign trips to learn what techniques and spyware were used by adversaries. U.S. Constitutional Fourth Amendment search and seizure protections are not afforded to Americans who travel outside of U.S. territories. You.are.on.your.own. They could ask you to unlock your device, and if you refuse they can seize the device and then throw you in jail for an unspecified amount of time.

The point is, the laws are different overseas and in some cases, they appear to just make them up as they go. So, rather than go through all of that nonsense, the best defense against this very real and valid threat is to only bring “burner” devices that contain absolutely no personal data on them or at least only that which you can live with being compromised. This way you if you have to cough up your PIN, password, or biometric authentication, then you will appear to be cooperative because you already know there is nothing of value on your device anyway. Additionally, whatever data you do happen to generate while in the foreign country, you can either email it to yourself, upload it to a secure Cloud service, or wipe the HDD before exiting the country and when re-entering the U.S. where Customs and Border Patrol (CBP) is legally authorized to conduct warrantless searches and detain U.S. citizens for up to 36 hours should you refuse to unlock your device for inspection. I’ve heard different reports on this, and it doesn’t always occur. It is mostly done by people crossing the border on foot as the car lines to cross are lengthy and there’s less time. So try to drive across the border, but whether it’s an airport, foot crossing, seaport, or auto port of entry, CBP can search you and your devices. Be prepared for that in advance. If your device is equipped with whole HDD encryption, as it should be (remember Part 1), then ensure the device is turned off so that it requires your PIN or key to unlock it.

Eccentricity is the enemy of being virtually untraceable. You are not looking to be noticed, so you want to blend in as much as possible. This means wearing plain, nondescript clothing and having similar types of ordinary-looking luggage. So it is probably best to leave your sticker-covered laptop from all of the security conferences you’ve been to at home. The stickers will make you stand out like a sore thumb and could single you out for secondary inspection or as someone of interest by foreign intelligence authorities. Got lots of tattoos? No problem, wear a long-sleeve shirt while traveling through airports at least or any other place you think you’ll have a high probability of being monitored. TSA is using facial recognition systems now if you haven’t heard and in 2020 everyone will be required to upgrade their driver’s licenses to a REAL ID in order to be able to board an aircraft.

Map of compliant States courtesy of DHS.gov

Self-Destructing Email & Signal SMS

You can also send self-deleting or self-destructing emails that expire after a certain amount of time that you can set prior to sending it. This is a capability provided by a small number of email service providers such as Google (i.e., Gmail) and ProtonMail. Gizmodo has published some other options for auto-deleting messaging also. The capability is not necessarily new, but it was only recently that Google added the feature to Gmail. Many people aren’t aware that this capability even exists. Test it out, give it a try. It’s not perfect, of course, but then again neither is any other security measure. Know that copies of every email you ever sent likely still reside on the email service provider’s servers or could be screenshot saved or saved as a .pdf file by your email’s recipients.

Signal is a privacy-focused text or short message service (SMS) that provides end-to-end encryption for text messaging. Like Tor and VPNs, governments hate it. Enough said. Use it. Have your family and friends use it.

Untraceable Forms of Payment

Despite all of the hype currently surrounding cryptocurrencies or “altcoins” such as BitCoin, Ethereum, or Monero, they are not created equally when it comes to anonymity or untraceability. In fact, cryptocurrencies are heavily used for illicit activities by cybercriminals to launder dirty money, extort money from online victims such as with the prevalence of ransomware attacks, and buy or sell illegal goods on the Dark Web. Unless you’re technologically savvy and well-versed in how cryptocurrencies work, I would not advise using them to make “untraceable” online financial transactions. They are very unstable at the moment. Give it more time. This is not a Blockchain infomercial, so I won’t get into what that is all about other than to say that is a decentralized digitally-based ledger system of sorts.

A lot of people make online credit card purchases on websites such as Amazon.com or Target.com and they’re totally oblivious as to how their personal credit information is being transmitted or protected while transiting across the Internet and that every online purchase you make is a beacon for law enforcement or intelligence analysts to track you just the same as your cell phone can be used to track you using GPS triangulation off cell phone tower pings. Before making an online purchase, ensure that the website is using HTTPS which stands for “Hypertext Transfer Protocol Secure” and employs Transport Layer Security (TLS) to encrypt communications from one end to another. This is a big deal because if the website is not using HTTPS, then you’re essentially sending your information across the Internet in plaintext which means anyone with the right skills and packet sniffing tools can intercept and read it.

From the moment you press the “Submit” button on that online purchase transaction, you’ve just signaled that 1) You’re alive or someone is using your card, 2) We know what you bought, 3) We know where you bought it from, 4) We know how much you paid, and 5) If they’re savvy they may even know where and when it will be delivered to you. You don’t have to necessarily be a law enforcement or an Intelligence agency analyst to have access to this type of information either. The cybercriminal could get most, if not all, of this info from your hacked email account (Hello 3 billion Yahoo accounts!). Sometimes cyber criminals place malware on Point-of-Sale (POS) systems like Target store cash registers or credit card swipe machines to get credit card information and PINs. Now, what else do I need to track you down or set up the perfect man-in-the-middle physical attack? You may be having flashbacks of the Jennifer Lopez movie “Enough” in which her ex-husband has a private investigator and police contacts using their special skills, methods, and tools to track her down wherever she uses a credit/debit card or has her mail forwarded to. It’s scary, but it is not out of the realm of possibilities.

Cash still reigns supreme when it comes to being untraceable. Why do you think so many workers get paid “under-the-table” in cash? It is illegal, but getting paid in cash allows the employee to avoid paying income tax to the State and IRS. You likely are compensated by your employer via Electronic Funds Transfer (EFT) into a bank account, and from there you either withdraw cash from the ATM, use a debit/credit card, or write checks. This is how most people spend money. Some of the more tech-savvy individuals pay with Apple, Samsung, or Google Pay applications. Using only cash is risky though, because if you’re mugged or burglarized then you could lose everything. That’s why if you’re a cash-only person, then you should definitely think about diversifying your portfolio so-to-speak, and spread your cash stockpiles out in different places that no one would think to look. Maybe you keep some in your wallet or purse, some in your sock or bra, in between book pages, hollowed-out books, inside a false floorboard or wall space, some in the car, some in the house/apartment, some at a safe place or family/friend’s house, some in a very heavy safe. Notice I never once mentioned stashing cash in your mattress. That will be the first place a burglar looks, then they will begin dumping drawers and overturning stuff you have in your home. You have to be smarter and more creative than criminals are, and that is tough to do because they’ve likely had a lot of time to plan and think about robbing you. You can always make more money though, so don’t make the mistake of refusing to hand over your cash to a robber. It could cost you your life.

The Disinformation Campaign

Spreading disinformation about yourself may seem far-fetched, but it is actually a really smart technique to increase your anonymity. Create fake profiles of yourself online with fake addresses, phone numbers, and photos to throw off anyone trying to track you down online. Enter your name or other identifying information slightly incorrectly, insert an extra vowel at the end of your first name or give yourself a different middle name. Sign up for a cheap magazine with a fake address. This will make it harder to find you when someone searches your name on Internet lookup sites. These websites and people databases are not configured to handle 20 different addresses for the same person or similarly spelled names. Typically they might list 2 or 3 previously known addresses. If you start barraging the Internet with fake name deviations and new (false) addresses such as changing to a new PO Box every month, then it will overwrite your real address with all of these fake addresses. You need to be careful though if you decide to do this because this false information could also end up reflecting on your credit report and affect your credit “worthiness.” The same disinformation strategy can be applied to the actual websites that collect your personal information. Often, you can take ownership of your profile by simply creating a free account on their website and then updating all of your personally identifiable information, or as much of it as they’ll let you change to false information. This obviously won’t work for government offices that you actually want to have your correct address and information.

DNA Ancestry

If you’re trying to become virtually untraceable, it is not advisable to submit your DNA to companies like 23-and-Me or Ancestry.com to determine your ancestry. These companies maintain databases with customer DNA information that can be obtained by law enforcement agencies with a warrant. There have even been cases where cops have “acquired” DNA from a suspect’s restaurant coffee cup or plastic soda cup, and sent it into the crime lab for DNA analysis. Then, if the results didn’t link to a known person in their national database, they submit the DNA sample to a DNA ancestry company to have them check if they are able to match it to someone. Pretty crafty, I must say. That is similar to what happened in a serial murderer cold case in California.

Cave Man Style: Why Going Low-Tech Isn’t All-Bad

I realize a lot of people are going to be instantly turned off at even the mere mention of going low-tech because it is contrary to everything you’ve been taught in modern society about bigger, better, badder! Those same readers were probably put off by the Part 1 piece that talked about ditching cell phones. Look, if you’re not serious about becoming virtually untraceable then, by all means, keep living the status quo life. There’s no pressure to radically change into a super-secret spy villain or underground hacker. These are just practical tips that you could try out to improve your privacy, to see if you like them. You might not adopt any of them or only a couple. It is doubtful that anyone would adopt all of them because of the difficulty required to live such a life. To be honest, the topic of going low-tech really deserves its own article or book altogether.

The more high-tech, the better right? Not always, sometimes high tech can work against you, at least in certain situations where you may want to remain untraceable or hard to find. For instance, are you running away from someone or a bad situation in your life? Are you a battered spouse/partner in an abusive relationship? Perhaps you are a human trafficking victim trying to escape your captors? Perhaps you are a runaway teen trying to escape abusive parents? There is a multitude of reasons why you may at some point in your life have to cut and run. They are not all bad reasons either. Whatever your personal reasons are, you don’t have to share them with anyone. That is your personal business, but know that running away seldom yields the desired result you want. It’s usually better to face your problems head-on, but if that’s too dangerous or foolish for whatever reason then here we are. Alternatives, right?

Now, it’s important that you continue to think in terms of going off-grid or underground when attempting to become virtually untraceable. These two concepts are interrelated and inseparable to a certain extent. There are some relatively simple things that you can do to make your trail harder to follow. For instance, you might only access the Internet from public places such as an Internet cafe or public library while trying to consciously remain out of sight of any CCTV cameras. The main goal of digital forensics investigations is to be able to put the criminal behind the keyboard at the time of the crime so they can prosecute. Investigators will attempt to do this by accessing what is known as system event logs on the computer and if they have recorded video of you using the public computer at a particular time and place that matches a system log-in event then you’ve been nailed, my friend. That would be what is called an “Un-Losable Case” in court. But “if you did not sit, then you must acquit!” Seriously, though, it’s going to be much more difficult to prove a case if you’re logging into websites from different IP addresses and/or physical locations each time. Now you’re creating a lot more work for an investigator and it becomes less likely that they will have the time, resources, or inclination to complete the entire investigation.

“Let’s Get Physical, Physical”

Next on the going low-tech approach, you may consider getting a Post Office Box address that you can give out to whoever you need to. It’s very simple to do. This way no one really knows your home address, except for the authorities who can easily find that information out based on who registered the PO Box. Unless you inform everyone of your new PO Box address though, you’re still going to receive mail at your old address. It should go without saying also, that unless you move to a new address that everyone will still know your old address. So this technique is best done when you move to a new address. Establish a PO Box address immediately and give that out to everyone instead of your actual address. Remember that providing false information on government documents or licenses is a punishable offense under the law. PO Boxes require two forms of identification, at least one of which needs to have a home address listed on it. Now, that home address on your driver’s license might be an old address or it might be current. How does the Post Office know that? This is not to say that people don’t submit false information on government documents, it happens all of the time. If you’re caught though, don’t say you weren’t warned. Don’t have magazine or newspaper subscriptions, especially when you can read most articles online for free. What you gain in convenience you lose in privacy and spam mail.

One Person’s Trash is Another Person’s Treasure

Think for a minute about what you throw away in the garbage on a daily or even weekly basis (let alone in an entire year). Now think about what someone who dug through your garbage could find out about you if they were to do so. It’s a disgusting thought, I realize that. It doesn’t mean that it doesn’t happen though. Again, I have defaulted back to how large the homeless population is growing in the U.S. Is it a bit unnerving? I think so. Does it make you a little paranoid and make you want to invest in a good shredder or perhaps burn all papers with your name on them? If it doesn’t, I don’t what else will. Perhaps you need to experience what it is like to become an identity theft victim?

So what can you do to protect yourself from dumpster diving attacks? Easy, beginning today make a habit of consciously blacking out, shredding, or burning any piece of paper with your name on it. Never throw out computer electronics without first sanitizing the memory. If the device contains any sort of digital memory, then I recommend smashing it smithereens before trashing it in the appropriate method your city requires. The last thing you want is for someone to get hold of your old laptop or computer HDD, and then run file recovery software on it and retrieve all of your personal files from it. The same goes for old cell phones and other electronics like tablets, sticks of RAM, fitness watches/devices, etc. Either keep them forever or smash, burn, pulverize or disintegrate them into oblivion before discarding them. I have my own collection of the Internet of Things (IoT) to tinker around with but that I keep due to my personal data having at one been stored on them. Many I have already sanitized, but they are just fun to test on or give to the kids to play with.

Additional Resources

Read up, there are tons of good resources published that you can use to become more knowledgeable about becoming virtually untraceable. Hollywood movies while fun to watch contain a good deal of stuff that relates to untraceability and anonymity that is largely unrealistic and which doesn’t actually work at all. So, be careful. Test your privacy hacks before “going live stream” with them.

Also, check out the Electronic Frontier Foundation (EFF). They have many great resources and smart folks who are equally concerned about privacy.

In Closing

While complete anonymity and untraceability may never be fully attainable, you can achieve at least some modicum of both if you work at it. At least make them work for it, that’s the least you can do right? The worst thing you can do is nothing, continuing on with the status quo lifestyle, giving up your personal information freedom, and wondering if your home assistant (e.g., Siri, Alexa, Google Home, Cortana) and smart TV are listening to every word you say when that oddly timed advertisement about bird feed appears in your newsfeed after talking on the phone with your mom about Sammy the parrot. So it is with criminals, just because you’ve paid all of this money to install a home alarm system, it doesn’t mean you’ll never get burglarized. It only lessens the odds, and now there may be some nasty consequences (hopefully) for the stupid criminal who decides to break into your house if it is alarmed. Think layered defense, alarm system; big, voracious-looking dog; a cell phone call to 9–1–1 while you get out the baseball bat with nails hammered out each side; announce that you have a gun; and then finally if you have to use the gun as an absolute last resort. In most places, shooting in self-defense is justified if you feared for your life. By making yourself a harder target in life in general, you’re telling cyber and other types of criminals or those Big Brother types that you’re not an easy target or a sheep. You’re a wolf and you will not be easily tracked or traced because your personal privacy is important! Your employer should only know what they absolutely must know about you and no more. Our Constitutional rights will continue to be watered down and eroded to essentially nothing if we sit back and do nothing. I leave you with this thought: If you don’t look out for and protect yourself from privacy invasions and senseless mass surveillance, who will do so on your behalf?

Additional Privacy Resources

z3r0trust Privacy Newsletters: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, #4–20, #5–20, #6–20, #32–20, #33–20, #8–20, #9–20, 16, 17, 45–20, 46–20, 47–20, 48–20, #1–21, #2–21, #3–21, #6–21

*Privacy-related articles also published by the author can be found here.

Other helpful privacy info: EFFector | Atlas of Surveillance | Privacy Tools | IAPP | ACLU | PogoWasRight.org | DataBreaches.net

tech privacy, hacking, dfir, security research, & outdoors enthusiast, you savvy?

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Upwards (Bouncing Ball) Hack Free Resources Generator

Dominate Insider Threats With These 9 Answered Questions.

Top 10 WordPress Security Tips We Should Definitely Know About

ccie 350–401 exam How to prevent IPv6 VPN breakthrough?

{UPDATE} Mr. Archer - King Stickman Hack Free Resources Generator

{UPDATE} Multirotor Quadcopter-RC Drone Hack Free Resources Generator

Keep3rV1 (KP3R) Gets Listed on KuCoin!

{UPDATE} MemoryCardsGame Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
꧁𓊈𒆜🆉3🆁🅾🆃🆁🆄🆂🆃𒆜𓊉꧂

꧁𓊈𒆜🆉3🆁🅾🆃🆁🆄🆂🆃𒆜𓊉꧂

tech privacy, hacking, dfir, security research, & outdoors enthusiast, you savvy?

More from Medium

When thinking of phishing, you might think of ‘Winning the Nigeran lottery’ or ‘Paying a small…

DO YOU CARE ABOUT YOUR OPSEC DURING THE OSINT INVESTIGATION

InfoSecSherpa’s News Round Up for Thursday, December 30, 2021