this post was submitted on 06 Feb 2025
18 points (95.0% liked)

Privacy

671 readers
743 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

~PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!~

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote proprietary software.
  5. No crypto, blockchain, etc.
  6. No Xitter links. (only allowed when can't fact check any other way, use xcancel)
  7. If you post news exclusive to a country please name it. ~(This isn't a bannable rule, just a recommendation!)~
  8. If in doubt, read rule 1

Related communities:

founded 3 months ago
MODERATORS
fxomt@lemm.ee
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
18
A Practical opsec guide – looking for feedback & suggestions (whos-zycher.github.io)
submitted 1 day ago by Blaze@lemmy.zip to c/privacy@lemmy.dbzer0.com
12 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.ml/post/25679666

I recently put together a detailed opsec guide that covers practical steps for reducing your digital footprint, securing communications, and avoiding common pitfalls people make when trying to stay private online.

The goal was to create something that's actually useful and not just the usual "use a vpn and tor" advice. I tried to break down realistic methods that can help both beginners and people already familiar with opsec.

Id love to get some feedback from the community - what's missing, what could be improved, and if there's anything you disagree with.

top 12 comments
sorted by: hot top controversial new old
[–] Tiger@sh.itjust.works 1 points 8 hours ago* (last edited 8 hours ago) (1 children)

I think it’s good you tell people to check their threat model, but then on the other hand some of the advice comes across for those in an extreme category of the spectrum, which most people aren’t.

For example, most people aren’t whistleblowers or political dissidents sharing news online and needing to hide from state governments - they’re regular working folks who need to be more worried about falling prey to the everyday phishing and social engineering attacks aiming for their bank accounts and credit cards.

It’s cool to know the extreme parameters for top security, but it’s important to get the daily, small stuff right, too. Like using password managers, MFA, being vigilant looking out for all chances of scams, not using shady websites, services or pirated software, leaving software and devices unpatched, etc.

[–] whoszycher@lemmy.ml 1 points 44 minutes ago* (last edited 44 minutes ago)

Hey, thanks for feedback! I will rewrite it a bit - expand the threat model and maybe will add some security "level" thing.

[–] LinuxEnjoyer@lemmy.world 3 points 13 hours ago (1 children)

Searx is unmaintaned, there is a fork called SearXNG.

[–] whoszycher@lemmy.ml 1 points 47 minutes ago

good catch! Will change it.

[–] psyklax@lemmy.dbzer0.com 5 points 1 day ago (2 children)

I skimmed it really quick. Looks like a really good writeup! You talk about stylometry, you might be as paranoid as I am.

I don't even try to hide my speech patterns, but I should.

Will try to give it a slow read when I have time. I like your work so far!

[–] whoszycher@lemmy.ml 2 points 1 day ago (1 children)

Thanks! Take your time and share your opinion after reading.

[–] psyklax@lemmy.dbzer0.com 3 points 13 hours ago (1 children)

I've read it more slowly now. I think it could use a few edit passes to get things condensed into fewer categories. I felt I was reading the same advice in multiple contexts.

The amount of bullshit was near zero, I really think you know what's up. Sometimes, you left out basic "everybody knows" details, and I had to process for a moment to decide if it was because you were unaware or just for brevity. I concluded that you just wanted to write about the important stuff and not rehash old tips. That's a good thing.

Be safe out there.

[–] whoszycher@lemmy.ml 1 points 5 hours ago

Hi thanks again! Can you expand what you mean by "it could use a few edit passes to get things condensed into fewer categories" and "I felt I was reading the same advice in multiple contexts". Would love to fix it.

[–] Telorand@reddthat.com 2 points 1 day ago (1 children)

A table of contents with links to headers would be good to include, so people can easily jump to sections that interest them.

An additional subheading for each category that covers negative consequences of using whatever method might be good, especially since this is a guide for neophytes as well as more experienced people, and the (often) inverse relationship between security and useability isn't always understood.

[–] whoszycher@lemmy.ml 2 points 1 day ago

thanks for the feedback! I will add these things, appreciate it bro.

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 1 points 1 day ago* (last edited 1 day ago)

Okay I'm not sure if this is offtopic but, I feel like this kinda fit here:

About Cellular triangulation...

There is a way to sort of communicate "off grid"

AFIAK, portable Ham Radio / Two-Way radios don't have a "IMEI", while their signals can be tracked, its more difficult than cell triangulation, since there's no IMEI.

So... you just don't transmit from home, and find a different place to transmit from every time (and avoid getting recorded by CCTV while you are traveling / transmitting.

So here's an Encrypted Communication method that's "Off Grid":

Rattlegram is an app on iOS/Android that alllows converting a string of text to audio and play it over your phone’s speaker

Secure Space Encryptor (SSE) (known as Paranoia Text Encryption on iOS) is an Open Source app that can encrypt text.

  1. Use SSE to encrypt text (both the sender and receipient need to share a password over a secure channel beforehand)
  2. Copy-Paste the Ciphertext to Rattlegram (Rattlegram will convert the ciphertext into an audio)
  3. Play the audio over the radio
  4. On the other end, use Rattlegram to turn the audio back to the ciphertext
  5. Use SSE to decrypt.

Or replace SSE with OpenPGP, but the problem with PGP messages, is that they are much longer and you need to send multiple Rattlegram transmissions to send the entire ciphertext, basically its more time consuming. You want to finish your transmissions as soon as possible.

You probably want an airgapped device that have the aforementioned apps pre-installed.

Voila! Off-Grid Encrypted communications.

(Encryption is illegal over Ham Radio in many jurisdictions btw. I will neither confirm nor deny that I have tested sending an encrypted transmission 😏)