How to Use Public Restrooms

We assume you know how to use the restroom in the usual sense so were gonna cover how to use it in the tradecraft sense.

Public Restrooms offer you many opportunities in an operational environment to further your personal preparedness, security and situational awareness.

Check out S2 Underground and their videos on LBRY for more quick tradecraft tips.

After you are seated make a trip to the rest room. This gives you a reasonable explanation for walking around the restaurant and getting the lay of the land.

Along your way this allows you to scope the other people in the restaurant as well as the layout, alternate exits, blindspots etc. All while having a reasonable explanation for your actions if you are being watched.

In most cases the rest rooms are usually in the back near employee only locations. In restaurants this means back of the house like kitchens and so forth. By taking a peak in there on your way to the rest room you can get a glimpse of what the back of house staff uniforms look like which furthers your situational awareness.

You will know if someone coming out of there may or may not belong and whether you need to pay attention to them or not.

Another benefit to consider especially if you are being surveilled is that the rest rooms are usually one of the few places in a city that is not under cctv surveillance. Most people don’t think twice about someone changing clothes in the bathroom.

Wear Ambiguous Colors

Wear Ambiguous colors

The general pallet of colors that exist today is gigantic. Just go to your local hardware store and take a look at the paint isle to see how many different blues there are.

With that the average person will usually label colors with as little effort as possible usually lumping them together in either red blue green yellow etc. giving no mind to the shades in between unless they work in a profession that deals with colors to that degree. At most the average person may toss a dark, or light in front of it too narrow it down slightly.

To aide in blending in, or maybe a better way to describe this would be make you harder to identify, is rather easy in theory. Now in practices it is going to depend on where you are going to be operating/traveling and what the color pallet of the area is. No mater how ambiguous your gray shirt may be if everyone around you is wearing brown. It’s not going to work.

Start out by doing your research and see what the general look of the area is. Figure out the type of clothing first then play with the colors. Are they generally wearing jeans? Khakis? Gym shorts? Sports jerseys? T-shirts? what colors? Brands, Logos, and patterns will all play a part here as well.

Figure out the type/style of clothing and then play with the colors. If you’re in a business area you will likely see more suits, khakis and polos, and likely in blacks, grays, whites, and maybe some blues.

In this example you would likely want to wear a suit or at least business casual clothing and choose colors that can be mistaken for multiple others. In this instance lets say you need to wear a suit you would most likely find your self looking for something that is either black (if thats the dominate color) or a color some where in between gray and blue if there is more of a mix.

By doing this your either blending in with the crowd by wearing black or if their is more of a mix of colors your wearing a color that can be mistaken for another color by either the person identifying you to someone or the person who you are being identified to.

Say you are being followed by hostile surveillance and your tail is handing you off to another tail. If he describes you as wearing gray, but the new tail looks at you and thinks you are wearing blue he may pass you by or think someone near by wearing gray is his actual target.

That was a highly simplistic explanation of it but you get the idea (I hope). The more ambiguous the color, providing it blends in with the general pallet of the area, the higher likelihood that anyone describing you may confuse anyone they are talking to due to personal color bias of the describer and the listener.

Quick Change Disguises

Some basic disguise techniques is a good skill to know and very well could save your life.

Now I am not talking the synthetic face, mission impossible type disguises as that is out of financial possibility for most people as well as unnecessary in most cases.

The level of disguise that some one would need to escape from a pursuer. This level of disguise is the art of the quick change. This is the ability to change your appearance in a relatively discrete manner in a short amount of time.

As with most other escape and evasion techniques the first step is to break out of your pursuers line of sight, and then make your move.

In this case you add to, subtract from, or change your outfit in a way to change your appearance while out of sight and then blend in to the crowd and avoid drawing attention to your self as you make your way out of the area and away from your pursuers. Changing your direction once out of site can also aide in your escape.

You can plan a head and plan your clothing in a way that you can perform a quick change or in an emergency you can improvise in the field.

It is relatively easy to build quick change ability into your EDC. You can wear a reversible jacket or throw one in your bag to take with, bring or wear a hat, there are many options.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Online Infosec Basics

You are the commodity! You’ve probably heard the saying “there is no such thing as a free lunch” well this truer than ever now. Your online personal Infosec is just as important as it is in your in person interactions and passive situations.

.

With only a few exceptions if a product, or service is free to you this means that the organization putting it out is working on an alternative business model. They are not getting money from their product users so you have to ask where they are getting their money from.

.

This usually means they are harvesting info from you. This can be addresses, name, phone number or any other personal info. How big a threat to your personal infosec will depend on where on the scale these companies and organizations fall.

.

On the low end of the scale they are asking for an email to send you a news letter where they will up sell you on paid content or that companies products. This’s is where most small businesses and entrepreneurs is operating including ourselves. They won’t sell your info, they are just trying to conduct their own businesses. The main threat in these instances are data leaks and hacks of either their own systems or any third party service they use to conduct their business.

.

On the other end you have organizations that will take any and all info they get and sell it. The more info they require the more likely this is the case. This info is likely then, not only used by them but sold to people search sites and other services. This is by larger organizations because they are getting a volume of info that people search sites are willing to pay for. Now not all companies do this and this does happen at everywhere on the spectrum. Do your due diligence and ask your self is what I’m getting worth it if they sell my info.

.

Now luckily the way to protect your self from both data leaks/breaches and the company them selves selling the information is the same. It’s called one time use information.

.

This is most easily done with emails as there are multiple services that offer one time use forwarding address. This allows you to create an email address that you will use for only one website or organization that forwards any email sent to it to your actual email address. By doing this you are able to protect your actual email address and if your one time address gets sold, leaked or hacked you are able to shut it off and stop receiving any spam you might be getting and if the information is hacked or leaked, it doesn’t matter because that email is only used for that site and doesn’t connect to any of your other accounts.

.

This tactic should be used for any newsletter, website, or organization you sign up for or give your information out to. That being said never use these services for anything that involves sensitive information. These services will be able to see any email that is sent to

you so it should not be used for financial, medical, or anything else you consider sensitive. For these instances you should just create a dedicated email for those purposes. We recommend proton mail for a email provider you can find them HERE.

You can either set up a separate account or you can set up a paid account and have multiple addresses that feed into one inbox.

Personal Infosec

A lie is a false statement made by one, to another who is entitled to hear and know the truth and which false statement tends toward injury to the other.

~JJ.lune

.

Whether to Lie or not, with only a few exceptions, is a moral issue. This means everyone has to make their own decision on when it is acceptable to lie. Of course with the few exceptions, when telling a lie is in fact illegal.

.

This applies to protecting your personal information when in person and on the internet and in this day and age your personal infosec is also your physical security.

.

Does the random person on the subway that started talking to you need to know where you were born, how old you are, where you live, or where you work?

.

Is this person just a friendly commuter looking for conversation? are they a corporate spy looking for info on a project at your work? or maybe they are a criminal deciding if you are a worthy target or not. The point is you can’t always tell a persons intentions from a single meeting

.

I am not saying lie to every one who strikes up conversation with you but take precautions and be more vague in your answers until you get to the know the person. Trust but verify.

.

JJ Luna gives an example of his personal guide lines that he follows in his book How to be invisible.

.

1. If no harm will be done, and no oath is sworn he gives false information.

2. If an oath is sworn or to be sworn he does not lie.

3. He MAY withhold or not volunteer info to government representatives unless specifically asked depending on the situation but he will not lie.

4.Under no condition whatsoever will he file a false tax return.

.

This covers most in person interactions but your infosec also applies to more passive situations where you’re not being directly interacted with but simply leave info laying around.

Few people realize how much information about themselves they leave lying around.

This is the bumper stickers, Parking permits on your windshield, the Stickers on your laptop, food wrappers on your floorboards, trash in garbage cans, and info on your face book (not just your profile but in your captions and comments).

.

From just a persons car you could glean where someone works or lives, where they like to eat, where their kids go to school, political affiliations just to name a few.

.

These details can all be used to decide whether or not to target you or develop a plan to target you or your family if they have already made the decision to do so.

.

Most people will say there is no reason to target me or some other form of it will never happen to me. Which statistically may be true, but if something happens and you end up on the wrong side of those stats and you haven’t taken precautions then it’s already too late.

.

You witness a crime, you cut off the wrong person in traffic, someone begins stalking you or simply being a wealthier than average individual. All are situations that the average person can find them selves in and have led to people being targeted for one crime or another. So make sure to make it as hard as possible for people to get the information about you.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

How to set up a basic secure Browser

 

As we all should know most websites track or try to track just about everything you do. Some browsers make this easier, some make it harder and some just track you themselves. There are a couple good options to combat this threat. You have the easy ok option for the less tech savvy and the more hands on better option of setting up their own browser for those who are a little more tech savvy. (honestly you type words into a bar and click a button)

The out of the box easy option is called brave browser. It is a free and open-source web browser developed by Brave Software. Brave is based on the Chromium web browser and it blocks ads and trackers. This is good for anyone who doesnt want to mess around in the settings for a little bit and just download and go. However it is not the best set up.

The better set up involves Firefox which a lot of people use already and all you have to do is go tweak a few settings and edit the config file. This involves going down a list and entering text into a search bar and then changing the proper setting that by either entering text or clicking a button. It is really not that difficult provided you have a moderate attention to detail. You will also need to install some additional add ons to make this setup complete but we will cover those in the near future.

Both of these options are not complete and total solutions if you are looking to regain your privacy but they are a good step in the right direction to dam the flood of information that pours out of our systems that everyone it seems is trying to track.

DISCLAIMER: Anything you do with the information in this post is at your own risk, I am not responsible for anything that happens to your computer or browser. As you increase your privacy you also increase the need for your own personal responsibility. I have personally done this multiple times with no issue so as long as you stick to the directions, make sure your changing the right settings and dont mess with anything else you should be fine but again you do this at your own risk. Now that that is out of the way Lets get on with it,

Preparation:

(If you have not downloaded it yet download and install Firefox.)

You will start with the basic settings by going to the preferences section, and changing some or all of the following settings depending on your comfort level, and desire for privacy.

  1. In the general tab scroll down to the browsing section and make sure to UNCHECK Recommend extensions as you browseand recommend features as you browse
  2. In the home options change you home page and new windows and new tabs to blank pagein the drop down menus.
  3. Now in the search options change your default search engine to either duckduckgo or startpage and then remove the others from the options. Then UNCHECK provide search suggestions
  4. Next under the privacy and security options select the strictunder content blocking.
    1. CHECK delete cookies and site data when Firefox is closed
    2. UNCHECK ask to save logins and passwords for websites
    3. Change history settings to Firefox will use custom settings for history
      1. UNCHECK Remember browsing and download history
      2. CHECK Clear history when Firefox closes
      3. DO NOT CHECK the box always use private browsing mode(This will break Firefox containers which we will cover in an article on add ons)
    4. In the Address bar section UNCHECK Browsing History
    5. In the permissions section you will need to click Settingsnext to Location, Camera, Microphone, and Notifications. Inside each you will need to CHECK block new requests
    6. Make sure all boxes under Firefox Data Collection and Useare UNCHECKED.
    7. Under Deceptive Content and Dangerous Software ProtectionUNCHECK all options.
      1. DISCLAIMER: This will leave you more exposed to undesired software attacksbut this stops Firefox from sending your browsing history to third party organizations. This is where another instance where personal responsibility plays a roll. You have to decide what you are comfortable with.

Once that is done you can either stop there of continue on for further privacy and security enhancements.

 

If you wish to continue

  1. Enter “about:config” in the Firefox address bar and press enter. (remove the quotes)
  2. Press the button “Accept the risk and continue”
  3. Follow the instructions below… (keep in mind some may be on the correct setting already but it is good to check each one)

It is not required that you change all of these settings if your particular situation requires any of these settings but the more you change the more secure your browser will be.

Getting started:

  1. privacy.firstparty.isolate = true
    1. isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don’t do this if you are using the Firefox Addon “Cookie AutoDelete”
  2. privacy.resistFingerprinting = true
    1. This preference makes Firefox more resistant to browser fingerprinting.
  3. privacy.trackingprotection.enabled = true
    1. This is Mozillas new built in tracking protection.
  4. browser.cache.offline.enable = false
    1. Disables offline cache.
  5. browser.safebrowsing.malware.enabled = false
    1. Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
  6. browser.safebrowsing.phishing.enabled = false
    1. Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
  7. browser.send_pings = false
    1. The attribute would be useful for letting websites track visitorsclicks.
  8. browser.sessionstore.max_tabs_undo = 0
    1. Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs. The number is how many tabs it temporarily stores Set this at your own discretion.
  9. browser.urlbar.speculativeConnect.enabled = false
    1. Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect too.
  10. dom.battery.enabled = false
    1. Website owners can track the battery status of your device.
  11. dom.event.clipboardevents.enabled = false
    1. Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
  12. geo.enabled = false
    1. Disables geolocation (in browser only)
  13. media.navigator.enabled = false
    1. Websites can track the microphone and camera status of your device.
  14. network.cookie.cookieBehavior = 1
    1. Disable cookies

0 = Accept all cookies by default

1 = Only accept from the originating site (block third party cookies)

2 = Block all cookies by default

  1. network.cookie.lifetimePolicy = 2
    1. cookies are deleted at the end of the session

0 = Accept cookies normally

1 = Prompt for each cookie

2 = Accept for current session only

3 = Accept for N days

  1. network.http.referer.trimmingPolicy = 2
    1. Send only the scheme, host, and port in the Referrer header

0 = Send the full URL in the Referrer header

1 = Send the URL without its query string in the Referrer header

2 = Send only the scheme, host, and port in the Referrer header

  1. network.http.referer.XOriginPolicy = 2
    1. Only send Referrer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)

0 = Send Referrer in all cases

1 = Send Referrer to same eTLD sites

2 = Send Referrer only when the full hostnames match

  1. webgl.disabled = true
    1. WebGL is a potential security risk.
  2. browser.sessionstore.privacy_level = 2
    1. This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. more information

0 = Store extra session data for any site. (Default starting with Firefox 4.)

1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.)

2 = Never store extra session data.

  1. network.IDN_show_punycode = true
    1. Not rendering IDNs as their punycode equivalent leaves you open to phishing attacks that can be very difficult to notice.
  2. Network.trr.mode = 2
    1. This will be used with encrypted DNS
  3. network.security.esni.enabled = True
    1. also for encrypted DNS
  4. extensions.pocket.enabled = False
    1. This disables the proprietary pocket service.

These all have to do with limiting the risk of leaking your IP address

  1. Media.peerconnection.enabled = False
  2. Media.peerconnection.turn.disable = True
  3. Media.peerconnection.use_document_iceservers = False
  4. Media.peerconnection.video.enabled = False

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get  a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

 

 

To Tell a Lie

A lie is a false statement made by one, to another who is entitled to hear and know the truth and which false statement tends toward injury to the other.

~JJ.lune

Whether to Lie or not, with only a few exceptions, is a moral issue. This means everyone has to make their own decision on when it is acceptable to lie. Of course with the few exceptions, when telling a lie is in fact illegal.

This mainly applies to your personal information security which in this day and age can also be your physical security. Does the random person on the subway that started talking to you need to know where you were born, how old you are, where you live, where you work, how many kids you have and that you were just promoted to a new project at work?

Is this person just a friendly commuter looking for conversation? or are they a corporate spy looking for info on this new project that they can exploit or maybe they saw your suit and nice watch and want to know where to you live to steal your stuff.

The point is you can’t always tell a persons intentions from a single meeting and I get it most people naturally want to open up and after generations of cultural pressure feel un comfortable lying or even not telling the full story. This can be used to your advantage if you are the one gathering the information but be careful if you are on the revealing end.

I am not saying lie to every one who strikes up conversation with you but maybe be more vague in your answers until you get to the know the person. Trust but verify.

If you are having moral hesitations ask yourself these questions and it light put you at more ease. is there a benefit or a risk to revealing this information and does telling them make you safer or less so?

JJ Luna gives an example of his personal guide lines that he follows in his book How to be invisible.

1. If no harm will be done, and no oath is sworn he gives false information.

2. If an oath is sworn or to be sworn he does not lie.

3. He MAY withhold or not volunteer info to government representatives unless specifically asked depending on the situation but he will not lie.

4.Under no condition whatsoever will he file a false tax return.

These are easily applied in person and can be used for your digital life as well. I have however modified these rules as these days its not so much about giving false info as it is about giving varied info, having sets of information for different purposes and making sure these sets don’t cross over with one another( thats the hardest part) I will cover this in more detail in a future post.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

End to end encrypted messengers

If you want to make sure your communication is private(which shouldn’t even been an if) you need to use encrypted platforms that are zero knowledge. With that ideally this platform would also be open source and decentralized but there are none worth mentioning to my knowledge at this point.

End to end encryption means the out side world cant eavesdrop on your communications zero knowledge end to end encryption means the company or organization running them cant see what you’re saying either. Most companies and organizations encryption are protecting your communications from out side eavesdropping but they leave them selves access so they can still eavesdrop for moderation or marketing research. This also leave the door open for the rouge employee to eavesdrop on conversations for personal gain. In some extreme cases for espionage when the platform is funded by a foreign intelligence service or a rival company.

I recommend wire messenger primarily, I personally have had the best experience with them and a lot of professionals that I trust and have researched the code, and company it self a lot harder than I am able to have checked them out and recommend them as well.

The down sides to wire can easily be overcome. For instance the fact that you need to use an email or phone number to sign up. While this could be a sticking point for some but for most it’s not a big deal and for those seeking more privacy there are ways around it using a more full coverage privacy plan.

An alternative that I recommend and also keep on my devices as a back up is signal messenger. (this is also required to use the haven security app) Signal does requires a phone number.

Below you will find a link to a comparison table of the different “Secure” messengers on the market and how they rate on different important topics. As you will see there is no perfect platform yet and you will have to look at the best options and choose based on where you are willing to make your concessions.

Weaknesses

Full Disclosure: No App or platform is full proof, I have seen a few articles today about flaws in signals programing that allow outsiders to intercept messages as well some shadiness of its initial start up funding and developers. While I cannot personally confirm or refute this information about funding we have to take this information into consideration as well as the possibilities of it being misinformation/corporate espionage (to drive away users) as well.

Now as far as the Flaw goes, there is a New York firearms trafficking case where they appear to show signal messages from the suspects. The articles about this flaw are written in a click baity tone that implies the messages are being intercepted (wirelessly). From my understanding this is false.

Not only does the FBI appear to be in possession of the Phones in which case all bets are off any way, this appears to be a flaw in phones security that allows them to crack the phones encryption and unlock it and therefore they can access signal through the phone owners account.

This is not just the FBI there are many private individuals and obviously companies with the know how and tech to do this as well if they physically posses your phone. Keep this in mind if you are a targeted individual such as an investigator, operator, company executive, head of security, celebrity or just a wealthier than most individual.

The best counter to this threat is to ensure physical security of your device, if they allow an app pin or pass word turn it on, and make sure the self deleting messages is turned on in which ever app you use. It would have saved tiger woods and it can save you too. All jokes a side self deleting messages will limit the amount of messages and information that can be gathered by anyone who posses your phone and manages to get it unlock.

We are currently developing our free email course and hope to have it live soon. Email content will simultaneously posted into a messenger group(along with some group only content that we are starting as well. We are currently testing multiple platforms to see which will work best but as we recommend people use it, we are planning for it to be on wire. So stay tuned for the launch notification post that will explain it in detail.

If you enjoyed this post take a look at our TRUSTED RESOURCES page. If you decide to use any of the links and purchase anything we may get a small commission that helps support the site.

Sign up for our email list and you will receive exclusive content that adds to the articles we post here.

Why You Should Arrive Before Dark

Did your parents tell you that nothing good ever happens after midnight? Well when traveling the same holds true for when you arrive after dark. Depending on where you’re traveling to and where your accommodations are arranged will determine if arriving after dark is only a minor inconvenience or a complete disaster.

This can range from having to call a number and deal with a disgruntled night manager that you just woke up, on up to being stuck out side until business hours with no place to stay.

Now for those of us with experience out side in the dark, this may not sound like a complete disaster, however for someone who has never spent time out side in the dark in addition to the anxiety and adrenaline of being in a new place, not knowing how safe you are, being locked out of where your supposed to be and out of a perceived place of security, as well as most peoples inherent fear of the dark. It’s a very frightening situation and can lead to state of panic, more so if you are alone.

The general concern for most people in just about any destination is as the days turn to night less people are on the streets if you need help and the few that are you may not want to interact with. While this can be true, It could be argued that you are just as likely to be made a victim during the day because the criminals and predators have more opportunities to choose from because there is more people on the streets.

In less developed countries or if your destination is a smaller city/town/village, The Hotels and hostels may or may not allow you to check in after hours or even let you in the building. This is usually done in an attempt to prevent crime against the hotel or its employees and patrons.

These are policies that you should find out about and know before departing so that you can either arrange an exception to their policy or make alternative arrangements for the first night to allow you to arrive at your final destination during the day light hours.

Airport Safety

There are a few considerations to make when traveling through any airport that not only will make it a smoother experience but also improve your safety as much as possible.

Start out by giving yourself some extra time to get through all the stops and get to your gate. This will not only ease your stress a bit, but when you rush you don’t pay attention to your surroundings as much as you should which leaves you more vulnerable to potential threats.

Another way to smooth the process is to print your boarding pass ahead of time. Depending on the country, airport and what airline your flying this may or may not be possible but it is good to take advantage of it when it is available.

Only take a carry on sized bag unless absolutely necessary. (keep in mind you also can carry a personal item on most carriers “backpack/purse”)

By only taking a carry on or not checking bags, you not only make yourself more mobile, and gets you into the secured area faster, but depending on where your are flying you might not be on a large jet airliner. Most people don’t think about it but small planes have weight limits which can throw a hitch in your travel plans if you brought your whole bedroom with you and now have to decide whether to leave luggage or not get on the flight.

Those two actions will allow you to bypass the check in counter, go straight to security and not have to stand around in the unsecured area of the airport. This also means that you shouldn’t stop for anything until you get past the security check point. This means avoid stopping for food, drinks, gift shops etc. unless absolutely necessary, They usually will have more beyond the security check point.

If something is going happen at an airport that poses a threat to you, whether its theft, robbery or terrorist attack it is likely gonna happen or at least kick off outside of the secured area of the airport.

Once you are through security you can breath a little easier but your not quite done yet, your first stop should be to find your gate. Once that is done survey the area, its good to know where the closest exits are at a minimum. Also good to know is where you might be able to find an improvised weapon should the need arise.

As a general rule of thumb when traveling whether in an airport or not is avoid crowds, terrorists target crowds. Most terrorist organizations will target crowds or areas where crowds tend to congregate. Crowded areas are target rich environments for terrorist allowing them to cause the most carnage and casualties in the shortest amount of time.

If terrorism is a concern in the region your traveling or just a personal concern of yours it is best to avoid crowds. both in the airport as well as once you have arrived at your destination.

Besides terrorism, crowds and crowded areas are hunting grounds for all sorts of crime. pick pockets and other thieves of opportunity take advantage of the sensory overload and distraction of the people that are inside the crowd. This keeps them unaware of their presence and allows the thieves to escape before they notice they have taken anything as well as offering them a chaotic area to escape into or through.