In a world of 24 hour activity literally being streamed in real time across the globe and beyond at a rate of trillions of bytes per second at the speed of light, the biggest question in privacy is how to achieve anonymity in a world where almost nothing is secret. There is still a way to go 99%. It's simpler than you think, but an effort nonetheless.
Some background. Everything we do in digital form is cataloged and stored in a vast array of databases and servers across an amazing amount of touch points, which is then synchronized across a thousand other servers for redundancy and caching, which is then backed up to dozens of other servers, with their own redundant backups. Anything you put online...any application you use...any "terms of service" you agree to...any text or media you post...remains online forever. With the right tools and search terms, anything can be searched for, or spyed on, or downloaded in an instant. It's been this way for decades, and will continue to be that way for centuries to come, especially with as connected as the planet is and as long as there is electricity.
Some discussion. Cyber attacks are a constant thing. Increasingly, we should take as a starting point that cybersecurity compromises are the third certainty in life. The cyber world is constantly at war with itself. Governments hacking governments. Corporations hacking corporations. Governments hacking corporations. Hackers hacking governments and corporations. Hackers hacking hackers. Governments and corporations hacking hackers. And then there's everyone else. Generally oblivious. Privacy is a luxury, which we give up willingly every single second of every day. The emergence of intelligent systems, artifical neural networks, and deep thinking algorithms only proliferate this further. They take, store, and learn from every bit of data we leave as breadcrumbs. Artificial intelligence is here, and it is learning. From us. And we're letting it. Give it enough processing power, and it becomes self aware. Quantum computers will make that very real, very soon.
Some perspective. Having lived through the evolution of modern computing, including the Internet, all of this is absolutely fucking amazing, and a geek's ultimate wet dream. A demonstration of true humanz genius, ingenuity, and progress (not as far as we should be, but progress nonetheless). Highly impressive in the vastness of its brilliance and simple complexity. I Iove using It, and learning about It, and protecting It. All of it, if I am completely honest, scares the living shit out of me. There is too much. It has become frightening. AI is now making decisions and inferences faster than humans, and has even been seen generating its own programming code. So, the concept of air gapping entered my mind as a way to keep safer than I already am. Most cannot see the signs, or do not want to admit they exist, however I am of the firm belief that World War III has been well underway, and we need to protect ourselves, especially our digital lives as I feel they are the most vulnerable to compromise. Stay with me, it's all relevant.
It has been discussed for decades that the next major global war would be fought half online, and half in the real world. The evidence is all there, and I do not believe it to be simple coincidence. Global newz outlets, small town newz papers, radio ztations, and zocial media have been propagating images of this war. Pick a topic...WMD's, genocide, terrorism, ransomware, deep web market hackz and seizures, arrests of crackers and phreakz, data breaches, RFID implants, cyber surveillance initiatives, counter cyber terrorism, weapons trafficking, the unavailability of bullets to the public, gun control politics, powerful botnetz, election hacks, political hackz, hardened/weaponized computer systems...I hope you get the point.
Back full circle. Traditionally, air gapping a system means it doesn't have any network interface cards, or external drives with which to access or extract the data contained within said system. You can not get close enough to implant a listening device that reads vibrations or thermal changes being given off by the system's internal hardware to convert that into bits representing the data being actively accessed (such as login credentials, encryption/decryption key exchanges, data manipulations, etc.). The only way to extract the data contained within is by sitting at the console and physically removing the locked and encrypted drives, if there is no SD port. Then, if you can pull the impossible off (which includes getting the data off campus), you would need supercomputer power to decrypt the contents of the drive, which would still take 1,000 years to break (if and unless you are lucky). There is still the idea that once you decrypt the data, it could transmit its location to its owner, meaning you too would need an air gapped system to exfilitrate the data. Then comes what you do with said data. Yet another catch 22. The NSA, CIA, FBI, DEA, DHS, militaries, every government, and super corporations maintain their most secret data on air gapped systems. Physical access to these systems is extremely limited and highly controlled. It's considered the safest digital platform because the system isn't connected to anything but a power cable, and thus, in theory, cannot be hacked. A true digital safe, as it were. We know anything can be hacked, it just takes time. As a hacker, we count on human error and complacency, making even air gapping a 99% solution, and the best we've got. Now, take this concept and apply it to a human life. It's far simpler, and also 99%. The anomaly, is human nature.
Based on my research, here is what I have learned about how to go 99% off grid digitally. While I do not yet practice everything I note here, I am closer than even those who know me best are even aware.
1) Get off the internet, period. No social media, no surfing the clearnet, no online purchases, no clearnet email accounts. If it becomes absolutely necessary to access the Internet for a specific purpose, there are completely anonymous ways to do these tasks, on secure systems like Tails over TOR, for example, using cryptocurrency, and ghost mailboxes. Avoid Google at all costs. Use TOR browser, responsibly (www.torproject.org). But generally, just leave it all. Stop posting immediately, delete your accounts, and never go back.
2) Get rid of your smartphones, tablets, Windows and Apple computers, smart devices (TV's and refrigerators included), iRobots, etc. Need a cell phone? Buy a prepaid flip phone, and change it (and the number) every month (aka burners). Every phone can eventually be traced and tracked. Still need a computer? Learn Linux, how to secure it, and practice way smarter browsing habits (use TOR browser), if you browse at all. Keep in touch with world events, anonymously, and continuously hone your skills.
3) Always use cash or cryptocurrency, for everything. If you have to make an online purchase, use cryptocurrency, the deep web (local markets only, don't buy overseas, and be very careful), and have it shipped somewhere that is not your home, like a post office box, a business, or an associate's location, under a false name. By the way, there are ATM's now that you can convert cash to BTC, and visa versa. Look it up using Duckduckgo.com (a safe search engine).
4) Drive an older car that does not have a computer in it, or at least has all analog systems. Yes, cars are also being hacked, remotely. Keep it clean and running well though, you don't want to draw undue attention. Walk or take public transportation when you can, avoiding direct face contact with cameras. When you do go places, change your entry/exit routes regularly...avoid habitual patterns, unless necessary to remain hidden in plain site (like going to work, or getting groceries).
5) If you must, have an immaculate and purposeful digital/public footprint. Which means a clean record, and a "normal" looking life, so as to not draw undue attention. Keep it super minimal and protected, even fake some details if you wish, but it has to be believable. Your outward personality must seem conforming, friendly, and genuine. When people search for you online, they need to find only what you want them to find. Purposeful is the key word here. To keep your accounts secure, use a dice word list to generate passphrases with an entropy of 7 to 10 or more words (as the host allows), and rotate passwords on a schedule.
6) Second most important after getting offline, and the best to mention as the final advice, would be live simple and minimalistic. Only get what you literally need to live comfortably, and look "normal". The trick about hiding in plain site is being distant enough that people respect your privacy, but involved enough that they believe you to be a "normal, nice guy/gal". Avoid run-ins with the law and reporters. Do not have public arguments. Remain intelligent, articulate, empathetic, determined, and most of all inquisitive. Question anything, be aware of everything.
If you can literally get out of dodge and move to the mountains in the middle of nowhere, or something like that, the closer to 99% you get. If you are not online, there is nothing to take/attack. Here again, human nature is the anomaly.
You can be connected, yet a ghost. You can see the world, without a face. You can reach out, without being reachable. The less connected you can maintain, the better. I am committed. How far are you willing to go?
This blog is only to express the opinions of the creator. Inline tags above link to external sites to further your understanding of current methods and/or technologies in use, or to clarify meaning of certain technical terms. Any copyrighted or trademarked terms or abbreviations are used for educational purposes and remain the sole property of their respective owners.
brought to you by http://geekofthehouse.blogspot.com