Category: Online Privacy

Posted on

How To Make Sure Your Photos Are Not Giving Out Your Homes Location

Not many people know how much information is attached to the photos that they take and put online. This is called exif data. Depending on the device taking the photo this can range from the device model to the name of the owner and the GPS location the photo was taken.

If you enjoy this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get  a small commission that helps support the site.

Most social media sites scrub this data before you photo is attached to your profiles or posted but you should not depend on them to do it or count on it to to work. In addition you are still submitting this information to them to do with as they please or sell to whoever they please.

Recently we came across a post craigslist when searching the cars for sale for a client. We saved a picture to send them and when we went into our photos app the photo was organized by location. This is because the camera/phone that took the picture had GPS location turned on and embedded the data into the picture file. A criminal could take this information and potentially use it to find the location of the car or where the owner lives in order to steel the car or otherwise target the owner.

Make sure you scrub this information from your pictures before you put them online or send them to anyone (you don’t know what they are going to do with it after you send it to them.) There are may methods that you can use to do this but the most reliable is a dedicated app. There are both mobile and desk top apps made specifically for this purpose.

OTHER METHODS

Screen Shot Method: Open the picture full screen on your device and take a screen shot. This essentially duplicates the picture and none of the original exif data is present. You still however may have some exif data attached but it will almost always be less.

Messenger Method: Some secure messengers will wipe data from files that you send to others. You can then re-download the file from the message thread and the exif data will be gone. Test your messenger with a thread to someone you trust to make sure the data is removed before relying on this method.

New apple IOS Spoofing: Newer apple devices and some that have received recent updates, now allow you to manually change or add certain exif data that is attached to images on the device. This is intended to organization and data base use for individuals who take a lot of photos and video but can just as easily be used to spoof certain data for security and disinformation purposes.

Desktop/Mobile Apps: Dedicated apps can be found on all platforms mobile and desktop for the specific purpose of removing exif data but just like with the messengers, test and verify before you rely on anything.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get  a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram

Posted on

Phone locations can be tracked without GPS

The location of your phone can be tracked even If your GPS is turned off, and used to track your location. This is done by a method triangulating the phone using cell towers and the signal from them in called Radio Direction Finding.

Quick defense tactic to counter this tracking is a faraday bag, get yours here and support our site in the process

When your phone connects to a cell tower the cell tower generally can tell what general direction your phone is from that tower based on the strength of the connection in different directions. This is the same concept of how wildlife tracking collars have used for decades and how the FCC tracks down pirate radio stations, this is because “cell service” is really just a radio signal sent out from the tower, same as any radio station, or hand held radio just on a different frequency.

The result of this is a general direction/heading from that tower that your phone could be found. With typical cell phones now the signal sent out by the cell tower is a wide beam
that spreads out and gets weaker over distance, imagine a cone with the wide end extending out from the tower.

Now if your phone can connect to multiple towers this gives multiple directions/headings that if laid over a map would create a cross point, al be it a wide one where theoretically your phone would be located. Now the more towers your phone can connect to the more accurate the location will be because the
the area within that cross point where your phone can connect to all the towers theoretically gets smaller the more towers there are. Now in most areas your phone will connect to 1 or maybe 2 towers with the exception of larger major cities where you may connect to more.

This method can also be used to track location via Bluetooth connection. It was announced a few years ago that the UK was using Bluetooth hotspots in trashcans and other city fixtures to track “traffic patterns” by connecting to peoples phones that walk near them.

Any device that uses cell service or any radio frequency, can be tracked in this fashion, Tablet, Car, laptops, smart watches, ham radio, etc. If it has cell service or uses radio frequencies, it can be tracked by radio direction finding.

S2_Underground has a great video on Radio direction finding on their #lbry channel.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

 

Posted on

Stop Getting Deliveries at Your Home

For the security conscious, or if you are a targeted Individual(LEO,Govt., SOF, Celebrity, etc. a habit that you should break is having things delivered directly to your home(especially in your own name). For one this links your physical address to your name.  This information is then easily accessible in people search databases who get this data from the shipping companies.

Now if you have ever had anything delivered to your home address its already out there but you can stem the damage by not taking further deliveries until you can remedy the situation later. Your name and address are still out there to find but if stuff is not coming to your house any more the possibility that someone legit would be just dropping by is much less allowing you to respond more quickly with out having to figure out if they should actually be there.

The biggest step you can take to further your home and personal security is to separate your name from your physical address, with that said this is much easier said than done and can take much more work than be covered here but the information is out there for those that want to pursue this. We will also cover this in more length in our telegram and Matrix rooms.

Back to the topic at hand, when you have things delivered to your home directly you open the door for people to have a justified reason to be on your property. This can be anything from Take out to UPS to appliance deliveries We mean everything, This means that when someone drops by unannounced, you have to then figure out if they belong there or not and if the situation is suspicious or the person poses a threat. Keep in mind that just because they are wearing a uniform of some kind does not mean they are legit.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get  a small commission that helps support the

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

Posted on

How AirTags are a Potential Threat to privacy

A new property tracking product turns the entire IOS network into a location tracking mesh network that could easily be used by stalkers and criminals to target their victims.

Apples AirTags are compact have wide spread coverage, and are affordable. These devices are designed to be used for tracking your belongings but potentially can track anything. Airtags are registered to the owners ICloud account so they can be found using the Find My app or simply by connect to blue tooth for near by locating.

This is done without GPS (allowing them to be much smaller) by turning every IOS/MacOS device into a mesh network. The AirTag sends out a secure Bluetooth signal that can be detected by nearby apple devices that have the bluetooth turned on and that device sends the location of your AirTag to iCloud for you to find in the Find My app.

These devices being small and lightweight means they could easily be concealed on someones person or in their possessions in order to track them without their permission/knowledge presenting a huge problem specifically for someone who is being harassed or stalked.

There is an attempted countermeasure to this use case but it is unclear at this point how effective it will be especially since it would seem it requires you own an IOS device in order for it to protect you. Apple states

“If someone else’s AirTag finds its way into your stuff, your iPhone will notice it’s traveling with you and send you an alert. After a while, if you still haven’t found it, the AirTag will start playing a sound to let you know it’s there.”

This “protection” requires if you have an IOS/MacOS device that you leave your bluetooth turned on otherwise your device cannot pick up the signal from the AirTag to know that it is there. This is unadvised as it leaves your phone vulnerable to host of other attacks and issues.

With Only 13.25% of computers in the United states being Mac and roughly 30% of mobile devices (tablets and phones) running IOS. Means that the majority of people are not protected by Apples safeguard against being tracked without consent while still having enough devices out there around a person to create a viable mesh network for someone to rather effortlessly track someone with out them ever knowing.

While compact tracking tech is not a new thing, The wide coverage, low cost, and small package due to no need for GPS makes this a serious potential threat to watch out specifically by targeted individuals, those who are victims of stalking, and criminal investigators in future cases.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

Posted on

Digital GoBag

With todays tech flash drives are an amazing and under utilized tool. You can use them to store an entire media library incase of emergency or install a whole operating system and carry a “computer” on your key ring. For those interested for more information on this look into linux live drives there is way better info out there than I could ever put out.

Live drives afford many possibilities when it comes to privacy and security especially when traveling, you’re in a situation where you can’t or don’t want to carry a computer or in extreme situations you need to have a secure/concealable system to store sensitive data.

This is often the case with politically persecuted people, people in countries that heavily censor their people. This also applies to investigative journalist that cover sensitive topics that could put a target on their back.

The main way I advocate using them for the every day person is using them to set up an emergency electronic #gobag of sorts.

Using an OS called TAILS you can set up an encrypted drive that you can store important documents such as passport images, birth certificates, visas and so forth within encrypted files as well as the flash drive being encrypted. You can also set up crypto currency wallets for emergency funds if you so desire.

Once this drive is set up properly you can carry or conceal it on your person and plug it into any computer if you need to and access the information you’ve stored, the internet, you’r crypto, what ever you need it for at the time.

The drives OS and anything you do will be isolated from the main system on the computer and leaves no trace of use as it wasn’t using the main systems memory (only its flash memory which wipes on shutdown)

This makes it so that anything you do, your passwords, your information and documents etc all are safe because no tracking software that may be on the main system or the next user can access your info or data because the.

To set this up in the manner that I mentioned above you will need to set up the drive with encrypted persistence.

To do so you will need two drives as you need one drive running TAILS to set up another with encrypted persistence.

SET UP INSTRUCTIONS

ENCRYPTED PERSISTENCE INFO

Once that is done your good to go. Just about everything you should need for a basic privacy set up is on there with the OS.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Get the most out of our posts by subscribing to our telegram or Matrix/element rooms ​

Trusted Resources

Posted on

ProtonMail and Encrypted Email

A secure and encrypted email address is the backbone of even the most basic online privacy plan. This is the first thing that just about any other tool, account or service that you will need such as email forwarders, cell phone accounts, and so one is going to ask for.

I recommend having multiple addresses for different aspects of your plan/life. I have mentioned this before in other posts and I will cover this in more depth in the future as well as how to benifit most from Protonmail for the privacy minded.

The email service that I highly recommend is ProtonMail. I use it personally, as well my clients, and many people I know use it as their business email structure as well because you can link your web addresses to it so that you can have email addresses using your url.

They offer some of the best security and privacy protections in the business and have a grown a trusted reputation in the privacy sector as well as among people whoes life may very well depend on their privacy and security holding up, such as reporters, the politically and just generally persecuted and so one.

ProtonMail is a Switzerland-based secure/encrypted email service that was created in 2014. They also offer VPN service and are constantly adding features to their platform including cloud storage, contacts, and encrypted calendar(BETA). ProtonMail’s mission in their words is “to make secure and private email communication easily accessible to all.”

The following information is facts directly from Protonmail.

ProtonMail is owned by Proton Technologies, which has a long history and ​strong reputation in the privacy world.

The company maintains some of the world’s most widely used open source encryption libraries and has a long history of working towards promoting Internet privacy.

ProtonMail uses end-to-end, zero-access encryption so that no one even the company can access users’ messages, drives, calendar details and so on. There are no special or overly technical steps to follow, and all encryption happens automatically and by default.

To achieve this high level of security, in their words “ProtonMail assumes that all mail servers may eventually be compromised. Thus, ProtonMail uses end-to-end encryption and zero-access encryption to protect user data. If a server only contains encrypted messages, users have a much higher level of security in the event of a security breach. The use of encryption also prevents ProtonMail from being able to decrypt and share user emails with third parties.”

As well as their security precautions that keep them from being able to analyze user data they also have no incentive to
spy on or sell its users’ data as they have no advertising inside their apps.

The security of their platforms extends beyond just strong encryption and includes features designed to mitigate human vulnerabilities and physical threats.

End-to-end encryption
Which means that messages cannot be intercepted in transit and decrypted by any third party as they are encrypted on the senders device and can only be decrypted by the recipient.

Zero-access encryption
Even if a user’s contacts are not using ProtonMail, All emails sent to/from a ProtonMail account (even if the other side is not using ProtonMail) are stored with zero-access encryption. So that the messages are encrypted, they can only be decrypted by the account owner. (Keep in mind any copy on the other persons email account may not be stored encrypted.)

Additionally, ProtonMail users can also send end-to-end encrypted emails to non-ProtonMail users with the ​”encrypt to outside” feature​. Which sends the email encrypted to the recipient and you can give them a way to decrypt the email without them needing a ProtonMail account.

Open source cryptography
ProtonMail uses only secure implementations of AES, RSA, and adheres to the open source OpenPGP standard. By using open source libraries, users have greater assurance that the encryption algorithms do not have built-in back doors. ProtonMail’s open source software has also been vetted by security experts from around the world to ensure the highest levels of protection.

Hardware-level security
ProtonMail has invested heavily in owning and controlling its server hardware and doing so within Switzerland, so data never goes to a third party cloud. This ensures that all user data is protected by Swiss privacy laws and on a system level, ProtonMail servers utilize fully encrypted hard disks, which protects user data from physical hardware seizures.

Authentication
ProtonMail uses the Secure Remote Password protocol to ensure that neither ProtonMail nor an attacker with network access can obtain users’ passwords. ProtonMail also offers two-factor authentication via 2FA apps.

Address Verification

To mitigate man-in-the-middle attacks​ ProtonMail uses Address Verification which leverages ProtonMail’s ​Encrypted Contacts​ feature. This unique feature ensures secure communications cannot be intercepted by an attacker tampering with encryption keys.

This additional enhanced level of security, and it’s one of the reasons it is the preferred email provider for journalists and other individuals with the highest security and privacy needs.

Self-destructing emails
ProtonMail allows users to send messages that will automatically delete themselves after a user-selected period of time.

Plans and pricing
All of the company’s revenue comes from subscriptions to premium plans and donations from the user community and does not show ads or make money by abusing users’ privacy.

ProtonMail has apps for IOS and Android as well as web access that can be used on any OS with an internet browser. In addition ProtonMail offers other useful apps such as The ProtonMail Bridge, which is a desktop application for paid users that encrypts and decrypts mail as it is sent or received by the user using a program that supports IMAP and SMTP, such as Microsoft Outlook, Mozilla Thunderbird etc.

They also offer an Import-Export application (beta) which is a application currently available to users on paid plans that lets them transfer emails easily to and from their ProtonMail account. This allows users to import their mailbox from another email account, such as Gmail or upload email files stored on their computer into their ProtonMail encrypted Inbox. It can also be used to export emails from their ProtonMail account to their hard drive for secure local backups.

ProtonMail believes everyone in the world should have access to secure and private online communication, regardless of their ability to pay. Which is why they offer a free plans as well as paid plans for those who need more storage, more features, or just want to support the project so that they can continue to offer the service to those who need it and cannot afford it.