The 2024 Complete Guide To Online Privacy 🤓

This 20,000+ word article is the authoritative, ultimate guide to maintaining your privacy. Covering everything from counter forensics to TAILS.

Author: Kieran A

20 Minute Read
Publication: 20/05/2023

Notice

This article is updated regularly. To receive email notifications when an update is made, please click on the button below. 

If you notice any incorrect or outdated information, or if you would like to suggest an addition, please email hi@rebelbytes.co.uk

RebelBytes takes no responsibility for any loss or damage that arises as a result of your using the information we present through our blog posts. Remember the golden rule: think before you type.

Introduction

It’s arguably never been more important to care about your privacy. But in the era of Big Brother and Big Tech, keeping yourself to yourself is becoming increasingly difficult. Every photograph you take, every word you write, and even your handwriting can be used to identify you. 

The internet never forgets. But with the proper training, anyone can take the first step towards reclaiming their privacy. 

There are several books, courses, and guides available online. However, whilst they can be incredibly useful, they offer fragments of information; leaving you to piece everything together.  In this guide, we aim to provide the most comprehensive, thorough guide on privacy that’s ever been asked. 

A tall ask? Perhaps. But we believe it’s a noble pursuit. 

We’ve spent hundreds of hours scraping through every nook and cranny of our knowledge and experience; extracting as much information as we can and presenting it in the most digestible guide possible. We’ve brought together several academic fields – ranging from stylometry to forensics – and presented it in the most digestible format we could; a challenge in it’s own right.

This guide goes far beyond maintaining your privacy online: we believe it’s the most comprehensive guide on the internet, spanning every topic from VPNs to counter forensics. Whilst this guide isn’t for the faint of heart, we believe it’s vital reading for anyone that has a genuine concern in maintaining their privacy.  It’s technical in nature, and doesn’t make for easy reading. Keep in mind that this guide isn’t designed to entertain; it’s a thorough deep dive into what it takes to achieve privacy in today’s age.  

 

"Arguing that you don't care about the right to privacy because you have nothing to hide, is no different than saying you don't care about free speech because you have nothing to say."

This guide is regularly updated, and we’d love to notify you by email whenever we release an update. You can subscribe to receive email notifications whenever we release an update. In the interests of privacy (ironic, we know) we’ve kept as much of your information secure as we possibly could. We use a popular third party mailing system to update our readers on updates, and we’d encourage you to sign up with an account you view regularly. Although, for the privacy conscious, we’d recommend that you set up a separate email account to receive these emails, then monitor it regularly. 

We’ll start by discussing our five pillars for privacy, before moving on to securing your mobile device, securing your desktop devices, and then we’ll discuss forensics – and how to counter them.

We hope you enjoy reading our guide as much as we enjoyed writing it for you. 

Caring about privacy

This chart shows how much people value privacy in several countries across the world. Despite the huge interest in privacy, it’s never been more difficult to attain genuine privacy. This guide aims to provide you with all the information you need to acquire genuine privacy. 

Source: Fipp

Section one: the five pillars of privacy

In this section, we’ll be looking at our five golden rules for privacy.  There’s no point in using VPNs and TOR if you’re going to blow your cover through poor operational security.

Our five pillars of privacy are designed to organise and structure your thinking before we move on to the more advanced privacy tools and techniques discussed in this article. 

Understand your personal threat model

Before embarking on the discussion of the various technologies that track you, it is crucial to first establish a concrete understanding of threat modelling. This is because understanding the types of threats you may face is a critical first step in determining the best strategies to counteract them.

A threat model involves a comprehensive assessment of the information that must be protected, the potential attackers, and the different ways they could exploit your vulnerabilities. Creating a well-defined model can help you to identify potential weaknesses and to prioritise your security efforts accordingly. It allows you to map out different scenarios and helps you to stay proactive in your approach to personal security.

With this approach, you can take necessary steps to ensure your privacy and to counteract different tracking technologies malicious actors might use to undermine it.

To create a threat model, you should start by thinking about who your adversaries are. Are they simple script-kiddies (unsophisticated hackers) or are they nation states, such as the UK’s GCHQ?

Practice good operational security

Operational security is a crucial aspect that should not be overlooked or neglected. With the rise of technology and advancements in communication tools, it has become increasingly important to practice strict operational security to protect valuable data and information from possible threats and risks.

This means being mindful of the ways in which we communicate, the devices we use, and the access we grant to our systems and networks. By practising sound operational security measures, such as limiting access, using strong passwords, regularly updating our software, and being vigilant against potential threats, we can create a safer and more secure environment.

This can ultimately help to ensure the integrity and privacy of sensitive information and safeguarding against breaches or vulnerabilities that could potentially harm us online.

Containerise multiple identities

It’s important to create multiple identities and to segment them appropriately. This means that if one identity is compromised, it won’t result in the compromise of all your online identities. 

For instance, you may opt to create an identity called ‘John Doe’ with a separate email address, phone number, and social media accounts for browsing the internet. If you have a high need for privacy, you may even opt to have a separate virtual machine (discussed later) to prevent contamination between identities. In extreme cases, you could even use a totally separate computer for activities related to this alias, and use it at locations not tied to your real identity. 

We recommend that you have an alias, or legend, for any general browsing activity. You may also have a separate alias for researching (OSINT), and a separate alias for high risk activities, such as using unsecured public wifi.  

Remember, think before you type. Attempting to use these identities on official government documents, for example, can carry severe sanctions and we encourage you to seek professional legal advice before taking any action.

The following tools can be used to create alias identities: 

Maintaining privacy is fluid; not static

Like many things in life, you can’t wave a magic wand and attain privacy overnight. Privacy is a journey, not a destination. As technology continues to advance, new techniques will be developed to track you and it’s vital you keep in the loop with the latest methods that can be used to deanonymise you and invade your privacy.  

The good news is that even though technology can be used to deanonymise you, some are a two-sided coin. For instance, artificial intelligence can be used in stylometry (the practice of statistically correlating a passage of text to a given author) to deanonymise you. However, the same artificial intelligence can be used to rewrite and restructure passages of text, making it almost impossible to correlate your message back to you. 

Often, it’s not what technology is used, it’s how it’s applied that makes all the difference. 

Don't forget cybersecurity

Whilst implementing a privacy strategy, it’s important that you don’t forget the fundamentals of cybersecurity. Relying on TOR to encrypt your communications is all well and good, but if the computer you use to access TOR is compromised, then your anonymity will also be compromised. 

The first step towards a more secure and private system could be installing Linux (discussed later) and using it as your daily driver. 

Whilst a complete guide to cybersecurity is outwith the scope of this guide, we encourage you to subscribe to our newsletter to receive the latest cybersecurity news, tips, and tricks. 

Which companies do consumers trust most?

Don’t be fooled by a company’s brand reputation. This chart represents what companies consumers trust the most with their data, on a scale from 1 – 10. Amazon ranked the highest, with Facebook ranking at the bottom. 

Source: Oxford Internet Institution

Section Two: Mobile Privacy

In this section, we’ll be looking at mobile privacy. As you’ll quickly realise, it’s incredibly difficult to achieve complete privacy if you depend on a smart phone. With that said, there are practical steps you can take to bolster your privacy and anonymity when using a mobile device. 

We’ll start by analysing how mobile phones can be used to track you, before providing step by step guides on how to mitigate against these attacks.

How are mobile phones tracked?

In this section, we’ll be looking at mobile privacy. As you’ll quickly realise, it’s incredibly difficult to achieve complete privacy if you depend on a smart phone. With that said, there are practical steps you can take to bolster your privacy and anonymity when using a mobile device. 

There are a few key techniques used to deanonymise mobile phone users. These include mobile phone triangulation, faults in the SS7 protocol, IMSI catchers, and local mobile phone forensics.

The goal of this section is to help you identify the vulnerabilities inherent when using a mobile phone, and what you can do to mitigate them; namely by using GrapheneOS, but even this won’t give you full protection.  We’ll start by analysing how mobile phones can be used to track you, before providing step by step guides on how to mitigate against these attacks.

Mobile phone triangulation

Cell phone triangulation is a method used to determine the location of a mobile phone by analysing its signals. Triangulation relies on the principle that when a mobile device communicates with cellular towers, the signals it emits can be detected and measured by those towers. By analysing the strength and timing of signals received from multiple towers, it is possible to estimate the approximate location of the mobile phone.

Here’s how cell phone triangulation typically works:

  • Signal Detection: When a mobile phone is powered on and connected to a cellular network, it periodically sends out signals to nearby cell towers. These signals contain information about the device, such as its unique identifier (IMEI) and the strength of the signal.
  • Tower Reception: Cell towers within range receive these signals and record relevant information, such as the signal strength, time of reception, and other tower-specific data.
  • Signal Analysis: By comparing the signal strength and timing data from multiple towers, it is possible to calculate the distance between the mobile phone and each tower. This information allows for the creation of circles or arcs representing possible locations where the mobile phone might be located.
  • Triangulation: The point where these circles or arcs intersect is considered the most probable location of the mobile phone. The accuracy of the triangulation depends on factors such as the number of towers involved, signal strength, and environmental conditions.

 

It’s important to note that cell phone triangulation is typically performed by the service provider or authorised authorities for legitimate purposes, such as locating a lost or stolen device or assisting in emergency situations. Additionally, with the rise of GPS technology in modern smartphones, GPS-based location services have become the primary method for determining precise location information.

What is SS7 (Signalling system 7?)

SS7 (Signaling System 7) is a set of telephony signaling protocols that are used to control and manage the public switched telephone network (PSTN) and other telecommunication networks.

SS7 is responsible for establishing and tearing down voice and data calls, transmitting call-related information such as phone numbers, location, call status, and billing information, as well as managing call routing and authentication.

SS7 is used by network operators and service providers to deliver various services such as voice calls, text messaging, and multimedia messaging. It is also used for providing advanced features like caller ID, call forwarding, call waiting, and three-way calling.

Although SS7 has been widely used for decades, it is not without its vulnerabilities. Hackers can exploit weaknesses in the SS7 network to intercept calls, track a person’s location, and access sensitive information such as call logs and text messages. Therefore, network operators and service providers need to implement security measures to protect against SS7 attacks. Even with security measures, however, SS7 is still inherently insecure.

What are IMSI catchers and how do they work?

IMSI (International Mobile Subscriber Identity) catchers, also known as Stingrays, are devices that can be used to intercept and track mobile phone communications. They work by simulating a mobile phone tower, which causes nearby mobile devices to connect to the IMSI catcher instead of a legitimate cell tower.

Once a mobile device connects to the IMSI catcher, the device’s IMSI, which is a unique identifier that is used to identify the device on the mobile network, can be captured. This allows the person using the IMSI catcher to track the device’s location, monitor calls and text messages, and in some cases, even intercept and manipulate communications.

IMSI catchers are often used by law enforcement agencies and intelligence agencies to track the movements and communications of suspected criminals or terrorists. However, they can also be used by malicious actors, such as hackers or identity thieves, to gather sensitive information from unsuspecting victims.

The use of IMSI catchers is controversial, as they can potentially infringe on people’s privacy and civil liberties. Some countries have regulations in place to limit their use and require a warrant for their deployment by law enforcement agencies.

Mobile phone forensics

One of the most critical security and privacy vulnerabilities facing mobile phone users occurs when your adversary has direct, physical access to your mobile phone. Specialist software can forensically extract all the files and data from your phone, either by brute forcing access, mandatory key disclosure policies, or by exploiting vulnerabilities in the device’s security. This level of access grants the adversary the ability to uncover sensitive information, such as personal contacts, messages, browsing history, photos, and even encrypted data stored on the device.

When an adversary gains physical access to a mobile phone, they can employ various techniques to extract data. Specialized forensic software, often used by law enforcement agencies or intelligence services, can be employed to bypass security measures, crack encryption, and retrieve information from the device’s internal storage.

One method employed by such software is brute-forcing access to the device. This involves attempting various combinations of PINs, passwords, or patterns until the correct one is found. Weaker or easily guessable passcodes make this process quicker and more likely to succeed.

Additionally, some jurisdictions may enforce mandatory key disclosure policies, which require individuals to surrender their encryption keys or provide access to their devices upon lawful demand. Failure to comply with these policies can lead to legal consequences. In such cases, an adversary with physical access could exploit these policies to gain access to encrypted data stored on the device.

Moreover, vulnerabilities in the mobile phone’s security or operating system can be exploited by specialized software. These vulnerabilities, often referred to as zero-day exploits, are previously unknown weaknesses that can be leveraged to bypass security mechanisms, gain unauthorized access, and extract sensitive data from the device.

To mitigate the risks associated with physical access to a mobile phone, it is crucial to implement security best practices. These include using strong and unique passcodes or biometric authentication methods, regularly updating the device’s operating system and applications to patch known vulnerabilities, encrypting sensitive data, and enabling remote wipe or device tracking features.

Additionally, being cautious about lending your phone to others or keeping it unattended in public places can minimize the chances of physical access by potential adversaries. Overall, maintaining a strong security posture and staying vigilant about the physical security of your mobile phone can help protect your sensitive data and privacy.

What is GrapheneOS?

GrapheneOS is an open-source operating system based on the Android platform, focused on security and privacy. It is developed by a small team led by Daniel Micay, who is known for his contributions to Android security and privacy. GrapheneOS is designed to provide a more secure and privacy-focused alternative to standard Android distributions.

GrapheneOS includes several security and privacy features, including hardened kernel and user-space, filesystem and network traffic encryption, verified boot, and secure bootchain. The operating system also includes a number of privacy features such as fine-grained permission control, network traffic filtering, and background app restrictions.

GrapheneOS is not intended to be a user-friendly operating system for mainstream users. Instead, it is targeted at advanced users who are willing to invest the time and effort to set up and maintain a secure and private operating system. The project is funded by donations, and the source code is available on GitHub for anyone to view, modify, and contribute to.

Section Three: Anonymous Browsing

In this section, we’ll explore how you can browse the internet anonymously. We’ll look at VPNs, Proxychains, TOR, JonDonym, I2P, and the various attacks that can be used against each of these technologies.

We’ll also look at how your choice of search engine can impact your privacy, and how the likes of cookies and super cookies are used to track users as they traverse the internet. 

Is it possible to browse anonymously online?

With a variety of privacy-focused tools and techniques available, it is possible to browse the web without leaving a trace. For example, you could use a Virtual Private Network (VPN) to encrypt your internet connection and hide your IP address from prying eyes.

Alternatively, you could use the Tor browser to access the internet through an anonymous network of servers, making it virtually impossible to track your online activity. Other strategies might include using a privacy-focused search engine like DuckDuckGo, clearing your browsing history regularly, and adjusting your browser settings to block third-party cookies and trackers. By taking these steps, you can enjoy a greater degree of privacy and security while browsing the web, without having to sacrifice accessibility or convenience. 

The goal of this section of our guide is to introduce you to the key technologies that can be used as part of your privacy strategy. 

Using a VPN

What is a VPN?

A VPN is a tool that allows users to create a secure connection to the internet. It works by routing your internet connection through a server operated by the VPN provider. This connection is encrypted, which means that anyone who intercepts your internet traffic won’t be able to read or understand it.

When you use a VPN, your internet traffic appears to come from the server you’re connected to, rather than your own device. This means that your IP address is hidden, and your online activity can’t be traced back to you. VPNs are often used to access content that is restricted in certain countries, protect your privacy on public Wi-Fi, or to prevent your internet service provider (ISP) from tracking your online activity.

VPNs come in two forms: free and paid. While free VPNs are available, they often have limitations such as data caps, slower speeds, or limited server locations. Paid VPNs offer more features, including faster speeds, more server locations, and better encryption.

If your adversary is a nation state, then a VPN won’t be suitable as a standalone solution. You’ll need something more thorough, such as TOR, or better yet, WHONIX or TAILS, to hide your true IP address

Which VPN protocol is best to use?

There are several VPN protocols that you could use. PPTP is absolutely not recommended – it’s incredibly easy to decrypt the traffic in motion and in storage. The L2P2 and IPSEC protocols use fixed ports, which can make them inflexible. Furthermore, this can lead to them being blocked by firewalls. And, if you’re adversary is a nation state, it’s best to avoid -the NSA & GCHQ can break the encryption.

Some VPN vendors create their own protocols, such as NordLynx.

SSTP is a protocol built and maintained by Windows, however, as we’ll discuss in operating system security, it’s best to avoid Windows if you’re serious about protecting your privacy. They have a history of being chummy with the American government. 

However, as these protocols are often proprietary by nature, and the source code often isn’t audited by third parties, we recommend using OpenVPN.

OpenVPN is an open source project that combines both SSL and TLS encryption. Because the project is open source, it allows for developers across the world to cross reference each other’s code, thereby reducing – in some cases, eliminating – security vulnerabilities. 

If it’s configured correctly, OpenVPN can make it difficult for your adversary to know that a VPN is being used, although take this with a grain of salt; most VPN providers will make the configuration for you. 

The biggest disadvantage is that OpenVPN is not natively supported by most operating systems – bar Linux, with several distributions shipping with a version of OpenVPN. The major advantage for privacy enthusiasts is that there is no evidence that the NSA or GCHQ have cracked the encryption as of yet. Bearing in mind that ‘no evidence’ doesn’t necessarily mean they haven’t already found a way to crack the code; intelligence agencies, by their nature, are secretive. 

A nested VPN allows you to route your traffic through one VPN, and then through another. This multihop VPN will give you considerably more privacy than a single hop VPN, at the expense of privacy.

Nested VPNs

Nested VPNs, also known as double VPNs or multihop VPNs, involve routing your internet traffic through multiple VPN servers in different locations. This adds an extra layer of security to your internet connection and makes it even more difficult for anyone to intercept your online activity.

In a nested VPN setup, your internet traffic first goes through one VPN server before being encrypted again and sent to a second VPN server. From there, your internet traffic is sent to its final destination. This process creates an extra layer of protection and adds an extra level of anonymity to your online activity.

This can be done by installing a VPN on the router, and then using a VPN client on your PC. Thereby, all traffic will be routed through the first VPN on your PC before being routed through the second VPN on your router. You can also install one VPN on a virtual machine, and one on your host machine. 

It’s important that you don’t contaminate aliases when setting up your nested VPN configuration. Never let the second VPN see your real IP address. And never pay for VPNs using anything other than cryptocurrencies. 

While nested VPNs provide additional security, they also have some weaknesses. The most significant weakness is that they can slow down your internet speed even more than a single VPN connection. This is because your internet traffic has to travel through multiple VPN servers before reaching its final destination.

In addition, nested VPNs can also be more expensive than a single VPN connection, as you’ll need to pay for multiple VPN subscriptions to set it up. However, if you’re concerned about your online security and privacy, a nested VPN setup may be worth the additional cost and slower internet speeds.

What are the weaknesses of VPNs?

While VPNs are an excellent tool for protecting your privacy and security online, they do have some weaknesses that users should be aware of. Here are the most significant weaknesses of VPNs:

Some countries, such as China and Russia, have strict internet censorship laws that prevent citizens from accessing certain websites and online services. VPNs can be blocked in these countries, which means that users won’t be able to access the internet through a VPN.

  • VPNs can be blocked. Even in countries where VPNs are legal, some online services, such as streaming services like Netflix and Hulu, have taken steps to block VPNs from accessing their content. This means that even if you’re connected to a VPN, you may not be able to access the content you want.
  • VPNs can slow down your internet speed. When you use a VPN, your internet traffic is routed through an extra server before it reaches its destination. This extra step can slow down your internet speed, especially if you’re connecting to a server that is located far away from your physical location. In addition, VPNs can also have data caps or throttle your internet speed, especially if you’re using a free VPN. This means that even if you’re connected to a VPN, you may not be able to stream high-quality video or download large files at fast speeds.

  • VPNs can leak your IP address. While VPNs are designed to hide your IP address, they can still leak your IP address under certain circumstances. For example, if your VPN connection drops unexpectedly, your internet traffic may continue to flow through your regular internet connection, exposing your IP address.

    In addition, some VPN providers may keep logs of your internet activity, which could potentially be used to identify you. It’s important to choose a VPN provider that has a strict no-logging policy and is located in a privacy-friendly jurisdiction.

  • VPNs can be vulnerable to hacking. While VPNs are designed to protect your online security and privacy, they can also be vulnerable to hacking. If a hacker gains access to the server that your VPN is connected to, they may be able to intercept your internet traffic and steal your sensitive information.

    In addition, some VPN providers may not use strong enough encryption to protect your internet traffic from being intercepted. It’s important to choose a VPN provider that uses strong encryption and has a proven track record of protecting user privacy and security.

End-to-end correlation attacks and deep packet inspection are some of the most prominent ways that nation states use to deanonymise VPN users.

What is Deep Packet Inspection (DPI)?

Deep packet inspection (DPI) is a technique used by some ISPs, governments, and other organizations to monitor internet traffic. DPI involves examining the contents of data packets that are being sent and received over the internet. This allows the organization to analyze and filter the data to identify specific types of traffic, such as video streaming or file sharing.

While DPI can be used for legitimate purposes, such as network management and security, it can also be used to invade user privacy and violate net neutrality. DPI can be used to track and monitor user online activity, including the websites they visit, the content they access, and the services they use.

One of the ways to protect against DPI is to use a VPN. When you use a VPN, your internet traffic is encrypted and routed through a VPN server. This makes it difficult for anyone to intercept and analyze your internet traffic, including organizations using DPI.

However, not all VPNs are created equal when it comes to protecting against DPI. Some VPN providers may have their servers blocked by organizations using DPI, while others may not offer strong enough encryption to prevent DPI.

It’s important to choose a VPN provider that offers strong encryption, such as AES-256, and has a strict no-logging policy. Additionally, it may be helpful to choose a VPN provider with obfuscation or stealth technologies, which can help hide the fact that you’re using a VPN and make it more difficult for organizations using DPI to block your connection.

What are end-to-end correlation attacks?

End-to-end correlation attacks are a type of attack that can be used to de-anonymize VPN users. These attacks involve analyzing the network traffic at both ends of a VPN connection to identify patterns or similarities in the traffic. By identifying these patterns, an attacker can potentially link the encrypted traffic at one end of the VPN connection to the decrypted traffic at the other end, revealing the identity of the VPN user.

One way to protect against end-to-end correlation attacks is to use a VPN provider that offers a no-logging policy. A no-logging policy means that the VPN provider does not keep any records of their users’ internet activity, including traffic logs or connection metadata. Without these logs, it becomes much more difficult for an attacker to correlate traffic on both ends of a VPN connection.

Another way to protect against end-to-end correlation attacks is to use a VPN provider that uses shared IP addresses. Shared IP addresses mean that multiple users are assigned the same IP address, making it more difficult for an attacker to correlate traffic to a specific user.

It’s also important to use a VPN provider that offers strong encryption and does not leak any user data. DNS leaks, for example, can reveal a user’s real IP address even when they are using a VPN.

In addition, it’s important to use good operational security (OPSEC) practices when using a VPN. This includes avoiding using the same VPN server for all of your internet activity, as this can make it easier for an attacker to correlate traffic. It’s also important to use a VPN provider that offers a variety of server locations, so you can switch between servers and avoid using the same one repeatedly.

VPNs and DNS leaks

Another potential security vulnerability that can occur when using a VPN called DNS leaks. DNS, short for Domain Name System, is the system that translates human-readable domain names, like google.com, into IP addresses, like 172.217.12.46, which are used by computers to identify specific websites on the internet.

When a user connects to a VPN, all of their internet traffic is encrypted and routed through the VPN server. However, if the VPN connection is not configured properly, the user’s DNS requests may not be encrypted and may be sent outside of the VPN tunnel. This means that a user’s internet service provider (ISP) or any other third party could potentially see their DNS requests and link them to their browsing activity. This is known as a DNS leak.

DNS leaks can occur for several reasons, such as misconfigured VPN software or a VPN provider that does not properly route DNS requests through the VPN tunnel. DNS leaks can reveal a user’s real IP address and allow ISPs, advertisers, or other third parties to monitor their internet activity.

There are several ways to prevent DNS leaks when using a VPN. One way is to use a VPN provider that offers DNS leak protection. This feature ensures that all DNS requests are encrypted and routed through the VPN tunnel, preventing any potential leaks. Another way is to manually configure the VPN connection to use a third-party DNS provider, such as Google DNS or OpenDNS, rather than the default DNS provider provided by the ISP.

It’s also important to regularly test for DNS leaks to ensure that your VPN connection is properly configured. There are several online tools that can be used to test for DNS leaks, such as dnsleaktest.com and ipleak.net.

VPN providers

Here are some of the most popular VPN providers on the market:

Using The Onion Router (TOR)

What is TOR?

Tor, short for The Onion Router, is a free and open-source software that allows users to browse the internet anonymously. It was first developed in the mid-1990s by the United States Navy Research Laboratory as a way for government agents to communicate anonymously. In 2002, the Tor Project was established as a non-profit organization to develop and maintain the Tor software.

How does TOR work?

Tor, short for The Onion Router, is a free and open-source software that allows users to browse the internet anonymously. It was first developed in the mid-1990s by the United States Navy Research Laboratory as a way for government agents to communicate anonymously. In 2002, the Tor Project was established as a non-profit organization to develop and maintain the Tor software.

Tor uses a system of relays and encryption to ensure that internet traffic is anonymous and untraceable. When a user connects to Tor, their internet traffic is encrypted and routed through a series of relays, each of which only knows the IP address of the relay before and after it. This creates multiple layers of encryption, like the layers of an onion, which makes it extremely difficult for anyone to trace the user’s internet activity back to their physical location.

One of the key features of Tor is that it allows users to access the dark web, a part of the internet that is not indexed by traditional search engines and is only accessible through the use of specialized software like Tor. The dark web includes websites that offer illegal goods and services, such as drugs, weapons, and hacking tools, as well as websites that promote free speech and anonymity, such as whistleblower sites and online forums.

While Tor provides a high level of anonymity, it is not foolproof. For example, if a user logs into a personal account, such as an email or social media account, while using Tor, their identity may be revealed. In addition, Tor does not provide end-to-end encryption, which means that the user’s internet traffic is only encrypted between the user’s device and the final relay, not all the way to the destination server.

Another potential weakness of Tor is that it relies on a network of volunteer relays, which can be compromised by malicious actors. If a relay is compromised, it may be possible for an attacker to trace a user’s internet activity back to their physical location. However, the Tor Project takes steps to prevent this from happening, such as monitoring the network for unusual activity and removing compromised relays.

TOR works by routing your traffic through multiple hops, and obfuscating

The weaknesses of TOR

While Tor provides a high level of anonymity, it is not foolproof. For example, if a user logs into a personal account, such as an email or social media account, while using Tor, their identity may be revealed. In addition, Tor does not provide end-to-end encryption, which means that the user’s internet traffic is only encrypted between the user’s device and the final relay, not all the way to the destination server.

Another potential weakness of Tor is that it relies on a network of volunteer relays, which can be compromised by malicious actors. If a relay is compromised, it may be possible for an attacker to trace a user’s internet activity back to their physical location. However, the Tor Project takes steps to prevent this from happening, such as monitoring the network for unusual activity and removing compromised relays.

In recent years, Tor has been the subject of controversy due to its association with criminal activity on the dark web. While Tor does provide a way for users to access illegal goods and services, it also provides a way for individuals to access information and communicate anonymously in countries with oppressive governments or where free speech is restricted.

End to end correlation attacks

If your adversary is a nation state with sufficient resources, it’s possible to perform an end-to-end correlation attack to attribute TOR traffic to your network.

An end-to-end correlation attack attempts to break this anonymity provided by TOR by monitoring the traffic at both ends of the communication, i.e., at the entry node (guard node) and the exit node. By controlling both ends of the connection, an attacker can analyze the timing and volume of the traffic, as well as examine other identifying features, to try to link the incoming and outgoing traffic.

The attack works by using various techniques, such as traffic confirmation attacks or statistical analysis, to identify patterns in the traffic flows. These patterns can reveal information about the user’s activities and potentially link their Tor traffic to their actual IP address or other identifying information.

There have been research papers and demonstrations that illustrate the feasibility of such attacks under certain conditions. However, it is important to note that Tor developers are constantly working to improve the network’s security and resilience against such attacks. Additionally, implementing good operational security practices, such as avoiding known vulnerable software and keeping Tor software up to date, can help mitigate the risk of end-to-end correlation attacks.

Javascript vulnerabilities

Finally, if you are using the TOR browser, it’s best practice to enable the ‘safest’ option in your browser security settings. This mitigates the risks posed by Javascript: a client-side scripting language that can determine your battery usage, screen resolution, and even your location.

In the past, there have been instances where malicious JavaScript code has been used to exploit vulnerabilities in the Tor browser. These exploits targeted security flaws in the browser’s JavaScript engine or used JavaScript to bypass certain security measures. The Tor Project and the browser developers actively work to address these vulnerabilities and release patches to protect users.

Enabling JavaScript in the Tor browser can potentially introduce security risks. JavaScript is a powerful scripting language that, if executed, could be used to reveal identifying information or compromise the user’s anonymity. For this reason, the Tor browser disables JavaScript by default to minimise such risks. Enabling JavaScript in Tor is generally discouraged, as it can undermine the privacy and security protections provided by the network.

It’s important to note that vulnerabilities and security risks are an ongoing concern for any software, including the Tor browser. The Tor Project and the broader security community are actively engaged in identifying and addressing vulnerabilities to enhance the security and privacy of the Tor network. It’s always recommended to keep the Tor browser up to date with the latest versions and follow best practices suggested by the Tor Project to maintain a secure and anonymous browsing experience.

JonDonym

JonDonym is a privacy-oriented service that provides anonymous internet communication. It is designed to protect user privacy and security by obscuring their online activities and making it more difficult for third parties to track and monitor their online behavior.

JonDonym works by routing internet traffic through a network of servers called “mixes.” When a user connects to JonDonym, their internet traffic is encrypted and sent through a series of mixes before reaching its final destination. Each mix removes a layer of encryption, making it more difficult for anyone to trace the user’s activities back to their original location.

In addition to its mix network, JonDonym also provides other privacy-enhancing features, such as IP address cloaking, encrypted email, and secure file storage. These features are designed to provide users with a comprehensive suite of tools for protecting their online privacy and security.

One of the key benefits of JonDonym is its ability to provide anonymous internet communication. By obscuring a user’s online activities, JonDonym makes it more difficult for third parties to track and monitor their behavior. This can be particularly important for people who live in countries with restrictive internet policies or who engage in activities that may be considered controversial or illegal.

JonDonym also offers strong encryption and security features to protect user data. All traffic sent through the JonDonym network is encrypted using advanced encryption algorithms, making it difficult for anyone to intercept or eavesdrop on the user’s communications. Additionally, JonDonym does not store any user data, so there is no risk of a data breach or privacy violation.

Another benefit of JonDonym is its ease of use. The service is designed to be user-friendly and intuitive, even for people with limited technical expertise. Users can simply download and install the JonDonym software, and then connect to the service with a few clicks of a button.

However, there are some potential drawbacks to using JonDonym. One concern is that the service can be slow and may result in decreased internet speeds. Additionally, JonDonym may not be compatible with all websites or online services, particularly those that require location information or other personal details.

Another potential issue with JonDonym is that it may not provide complete anonymity. While the service does a good job of obscuring a user’s online activities, it is still possible for a determined adversary to track and monitor their behavior. Additionally, JonDonym does not provide protection against all forms of online tracking, such as browser fingerprinting or device identification.

Despite these limitations, JonDonym remains a popular choice for people who value their online privacy and security. The service offers a comprehensive suite of tools for protecting user privacy, and its mix network provides strong protection against many forms of online tracking and surveillance. Whether you are a journalist, activist, or just a concerned citizen, JonDonym can provide an important layer of protection for your online activities.

I2P (The Invisible Internet Project)

I2P, short for Invisible Internet Project, is an anonymous network designed to protect user privacy and security online. It operates similarly to the Tor network, but with a focus on providing better anonymity and security features. I2P achieves this by routing internet traffic through a network of encrypted tunnels, making it difficult for third parties to track and monitor user behavior.

I2P was developed by the I2P Project, which is a community of developers and volunteers dedicated to providing a secure and anonymous network for people around the world. The network is free to use and open-source, meaning that anyone can access and contribute to its development.

One of the key benefits of I2P is its ability to provide users with strong anonymity and privacy features. When a user connects to I2P, their internet traffic is encrypted and sent through a series of tunnels before reaching its final destination. Each tunnel removes a layer of encryption, making it more difficult for anyone to trace the user’s activities back to their original location.

In addition to its tunneling system, I2P also offers other privacy-enhancing features, such as anonymous browsing and messaging. These features are designed to protect user privacy and security by obscuring their online activities and making it more difficult for third parties to track and monitor their behavior.

Another benefit of I2P is its focus on security. The network uses advanced encryption algorithms to protect user data and prevent eavesdropping or interception. Additionally, I2P offers features like integrated firewall protection and automatic router updates to help ensure that users stay safe and secure while using the network.

One unique aspect of I2P is its focus on supporting decentralized applications and services. The network provides a platform for developers to create and distribute decentralized applications and services, which can be accessed and used anonymously by anyone connected to the network. This allows for a wide range of innovative applications and services that would not be possible on traditional, centralized networks.

However, there are some potential drawbacks to using I2P. One concern is that the network can be slower than traditional internet connections, due to the additional layers of encryption and tunneling. Additionally, I2P may not be compatible with all websites or online services, particularly those that require location information or other personal details.

Another potential issue with I2P is that it may not provide complete anonymity. While the network does a good job of obscuring a user’s online activities, it is still possible for a determined adversary to track and monitor their behavior. Additionally, I2P does not provide protection against all forms of online tracking, such as browser fingerprinting or device identification.

Despite these limitations, I2P remains a popular choice for people who value their online privacy and security. The network offers a comprehensive suite of tools for protecting user privacy, and its focus on supporting decentralized applications and services makes it an important platform for innovation and development in the online world. Whether you are a journalist, activist, or just a concerned citizen, I2P can provide an important layer of protection for your online activities.

Web-based proxies

There exists a method whereby web users can anonymise their traffic through online browser-based proxies. The best example of this technology is hide.me, which allows you to proxy your traffic through a server of your choice. This may cause some website functionality to break, however.

Proxychains

What are proxy chains?

Proxychains is an open-source software that enables users to run any application through a proxy server. The software is designed to provide enhanced privacy and anonymity by routing all network traffic through the specified proxy server, making it difficult for third parties to track and monitor user activity online.

Proxychains works by intercepting network requests made by applications running on the user’s computer and forwarding them to the specified proxy server. The software is compatible with a wide range of proxy server types, including HTTP, SOCKS4, and SOCKS5, giving users a lot of flexibility when it comes to choosing a proxy server.

Should I use proxy chains?

One of the key benefits of using Proxychains is its ability to help users bypass network restrictions and censorship. By routing network traffic through a proxy server, users can access websites and online services that may be blocked or restricted in their location. This can be particularly useful for people living in countries with strict online censorship laws, or for people who want to access region-restricted content.

Another benefit of Proxychains is its ability to enhance user privacy and anonymity. By using a proxy server to route network traffic, users can mask their IP address and other identifying information from third parties. This can help protect user privacy and make it more difficult for hackers, governments, and other malicious actors to track and monitor user activity online.

Proxychains can also be useful for security purposes. By routing network traffic through a proxy server, users can add an extra layer of protection to their online activities, making it more difficult for attackers to intercept or manipulate network traffic.

However, it’s important to note that while Proxychains can be a useful tool for enhancing privacy and security online, it is not a silver bullet. The software is not foolproof, and there are still ways for attackers to track and monitor user activity online.

One potential weakness of Proxychains is its reliance on the proxy server. If the proxy server is compromised or controlled by a malicious actor, it can potentially be used to track and monitor user activity online. Additionally, Proxychains does not provide protection against all forms of online tracking, such as browser fingerprinting or device identification.

Another potential issue with Proxychains is its impact on network performance. Because all network traffic is routed through the proxy server, it can sometimes result in slower network speeds and increased latency. Additionally, Proxychains may not be compatible with all applications or online services, particularly those that require location information or other personal details.

Despite these potential drawbacks, Proxychains remains a popular choice for people who want to enhance their online privacy and security. The software is free to use and open-source, meaning that anyone can access and contribute to its development. Additionally, Proxychains is compatible with a wide range of operating systems and applications, making it a versatile tool for protecting user privacy and security online.

Choosing a search engine

What you search for can say a lot about you. There are several search engines available on the web; some are considerably more private than others. 

Google, by default, relies on capturing information about users and their intent for the purposes of running targeted advertisements and for matching your search intent with relevant results. Google is arguably the best search engine on the market for finding relevant information quickly, however the data it gathers to that end makes it undesirable if you plan on attaining privacy online. 

DuckDuckGo and Brave’s search feature gather significantly less data than the likes of Google and Bing. 

Browser fingerprinting

What is browser fingerprinting?

Browser fingerprinting is a technique used to track internet users based on the unique characteristics of their web browser and computer system. It involves collecting information about a user’s browser configuration, including their operating system, browser version, installed fonts, screen resolution, language preference, and other system settings.

The information collected is then used to create a unique identifier, or “fingerprint,” for that user’s browser. This fingerprint can be used to track the user’s online activity across different websites, even if they use different IP addresses or clear their cookies.

Browser fingerprinting is often used by advertisers, data brokers, and other online entities to gather information about users without their knowledge or consent. It is a controversial practice that raises concerns about privacy and online tracking. Some web browsers and privacy tools have built-in features to block or obscure fingerprinting attempts, but it remains a difficult problem to fully mitigate.

Choosing a web browser

Creating a unique user agent

Cookies

Cookies are small files that are created by websites and stored on your device. These files contain information about your browsing habits and preferences, which allows websites to provide a more personalised browsing experience.

Cookies are designed to make browsing more efficient and enjoyable, as they save your login details, remember your settings, and keep track of your shopping cart. With cookies, you can easily pick up where you left off when you return to a website.

There are two types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are deleted once you close your browser, while persistent cookies remain on your device until they expire or are deleted. While cookies can be beneficial for improving your browsing experience, they can also pose a privacy risk if they contain sensitive information, hence why they have been included within this guide. 

As you can imagine, cookies can be used to track and correlate your identity. It’s therefore important that you use private, or incognito, browsing wherever possible. Most modern browsers allow this feature, and it’ll stop most cookies from being stored on your device.

Super cookies

Countering stylometry

What is stylometry?

Stylometry is the study of writing styles and how they can be used to identify authors or groups of authors. It can be used for various purposes, including forensic investigations, plagiarism detection, and marketing analysis. However, stylometry can also be used for nefarious purposes, such as identifying anonymous authors or tracking the activities of dissidents or whistleblowers.

How does stylometry work?

Stylometry works by analyzing various linguistic features of a piece of writing, such as word choice, sentence structure, and punctuation. These features can be used to create a “linguistic fingerprint” that is unique to each author or group of authors. For example, one author might tend to use longer sentences with complex structures, while another author might use shorter sentences with simpler structures. By analyzing these features, stylometry algorithms can identify patterns that are characteristic of a particular author or group of authors.

Stylometry algorithms can be trained on large corpora of text, such as books, articles, or social media posts, to identify common patterns and features. These algorithms can then be applied to new texts to identify the likely author or authors. Stylometry can also be used to detect changes in an author’s style over time, which can be useful in forensic investigations or detecting plagiarism.

How to counter stylometry

While stylometry can be a powerful tool, it is not foolproof. There are several ways to counter stylometry and protect your privacy and anonymity online.

  • Use a Pseudonym or Multiple Identities. One way to counter stylometry is to use a pseudonym or multiple identities when writing online. By using different writing styles and linguistic features for each identity, it becomes more difficult for stylometry algorithms to identify a common pattern or fingerprint. This can help protect your privacy and anonymity online, especially if you are engaged in activities that could attract unwanted attention.
  • Vary Your Writing Style. Another way to counter stylometry is to vary your writing style as much as possible. This can include using different sentence structures, varying the length of your sentences, and using different vocabulary and punctuation. By using a wide range of writing styles and features, it becomes more difficult for stylometry algorithms to identify a consistent pattern or fingerprint. Even writing a paragraph of text, and then running it through ChatGPT is a great way to reword your  work and thus contribute to reducing your stylometric profile. 
  • Use Stylometry Tools to Test Your Writing. There are several stylometry tools available online that you can use to test your writing and identify potential patterns or fingerprints. By using these tools, you can identify areas where you may be inadvertently revealing your writing style or linguistic features, and take steps to vary your style accordingly. Even running your text through ChatGPT and rewording it can be useful for countering stylometry. 
  • Use Encryption and Anonymity Tools. Finally, it’s important to use encryption and anonymity tools to protect your online activities from surveillance and monitoring. This can include using a virtual private network (VPN) to encrypt your internet traffic, using the Tor network to anonymize your internet activity, and using encrypted messaging apps to communicate securely.

Running your text or code through a tool such as ChatGPT can throw off stylometric analysis - just be careful not to include any sensitive information in your text!

Resources for countering-sylometry

There are resources available to help you counter the emerging threats posed by stylometry. They are:

Total fines distributed for GDPR violations, 2020

GDPR was the EU’s flagship law aiming to help European and British consumers defend their right to privacy. This chart showcases the total fines incurred by organisations within Germany, Italy, France, and the UK.

Source: PartnerVine

Total fines distributed for GDPR violations

Section Four: Endpoint Privacy

In this section, we’ll be looking at endpoint privacy. An endpoint is a term used to describe any computing device (such as a laptop, personal computer, or mobile phone) that is connected to the internet. 

We’ll start by looking at how your choice of operating system determines how much privacy you’ll be entitled to when using your computer. Operating systems such as Windows and MacOS trade-off privacy for user-friendliness, so Linux is our recommended option. 

We’ll then explore how encryption can be used to secure your computer from forensic examination, and how other techniques, such as BIOS passwords, can help you counteract forensic attacks against your devices. 

Choosing an operating system

Before we discuss why your choice of operating system is crucial to your privacy, it’s important to understand what an operating systems is and it’s purpose.

An Operating System (or OS) is an integral part of any computer or mobile device, as it serves as the platform for running all other software and applications. Essentially, it is the interface between the hardware and software components of your device. It manages and coordinates the resources of the computer, such as memory and processing power, to ensure that all tasks and processes are run efficiently and effectively.

Furthermore, the operating system provides a means for users to interact with their device, through features such as the graphical user interface (GUI) or command-line interface (CLI). As such, the choice of operating system can have a significant impact on your user experience, security, and privacy. Therefore, it is important to carefully consider the advantages and disadvantages of different operating systems, and choose one that aligns with your needs and preferences.

The most popular operating systems on the market are developed by Mircrosoft, and include Windows 7, Windows 10, and Windows 11. Apple has developed MacOS for it’s range of computers, and a third family of operating systems, Linux, can be installed on almost any computer and has significant advantages over both Windows and MacOS in relation to user privacy. 

There are several operating systems that are within scope of this guide. We’ll start by discussing Windows and MacOS before moving on to the various Linux distributions that are designed around privacy. 

Windows & Privacy

If you are using Windows as your primary operating system, it would suggest that you have only low to moderate privacy needs. I say this because Windows takes advantage of telemetry – the broadcasting of usage data back to Microsoft for analysis, and presumably

improvement purposes. While this telemetry can help Microsoft identify and fix software issues, it also raises concerns about user privacy.

When you use Windows as your primary operating system, you are likely accepting the trade-off between convenience and a certain level of privacy. By default, Windows collects various types of telemetry data, including information about your device, usage patterns, software and hardware configurations, and even user-generated content. This data is then transmitted to Microsoft servers for analysis.

The purpose of telemetry is to provide Microsoft with insights into how their software is used, identify potential problems or bugs, and improve the user experience. It allows them to gather valuable information to make informed decisions regarding software updates, feature enhancements, and security fixes.

However, the extent of data collection and the potential privacy implications can be a concern for users who prioritize their privacy. While Microsoft has made efforts to provide options for users to control telemetry settings, there have been debates regarding the transparency and granularity of these settings.

For users with low to moderate privacy needs, the default telemetry settings in Windows might not raise significant concerns. They may see the benefits of telemetry in terms of improved system stability, performance, and security. The convenience and compatibility of Windows with a wide range of software and hardware also make it a popular choice for many users.

However, for individuals or organizations with higher privacy requirements, such as those dealing with sensitive or confidential information, there may be a need to consider alternative operating systems or implement additional privacy-enhancing measures. This could include configuring Windows telemetry settings to a more restrictive level, using third-party tools to monitor and control network traffic, or exploring privacy-focused distributions of operating systems.

Ultimately, the decision to use Windows as your primary operating system should be based on your individual privacy needs and the level of control you wish to have over your data. It’s essential to understand the privacy implications of the telemetry features and make informed choices to align with your privacy preferences.

MacOS & Privacy

macOS, the operating system developed by Apple, includes certain privacy features and mechanisms to protect user data. However, like Windows there are still considerations to be aware of regarding privacy and the collection of user information.

By default, macOS collects certain types of data for various purposes, such as improving user experience, diagnosing issues, and providing personalized services. The information collected can include diagnostic and usage data, crash reports, location data (with user consent), and some metadata associated with Apple services and apps. Additionally, Apple incorporates privacy-focused technologies like differential privacy to aggregate and anonymize data when used for analytics.

To configure macOS to enhance privacy, you can consider the following steps:

  • System Preferences: Open the System Preferences on your Mac and review the privacy settings. You can find options to control location services, camera and microphone access, contacts, calendar, and more. Adjust these settings according to your preferences, granting access only to the apps and services that genuinely require it.
  • App Permissions: Be mindful of the permissions you grant to applications. When an app requests access to sensitive data or features, macOS prompts you to allow or deny permission. Take the time to review these requests and consider the necessity and trustworthiness of the app before granting access.
  • Safari Privacy Settings: Safari, the default web browser on macOS, offers several privacy-related settings. In Safari Preferences, navigate to the Privacy tab to manage cookie settings, configure website tracking prevention, enable the “Ask websites not to track me” option, and more. These settings can enhance your browsing privacy.
  • Apple ID and iCloud: Manage your Apple ID and iCloud settings to control data synchronization across devices, manage app-specific iCloud data, and selectively enable/disable iCloud features based on your privacy preferences. Review the information shared with iCloud and consider turning off features that you do not require or deem unnecessary.
  • Gatekeeper and App Store: macOS includes security features like Gatekeeper, which helps protect your Mac by allowing apps from identified developers or the App Store. Adjust the Gatekeeper settings in System Preferences to choose the level of security you desire for installing applications.
  • Firewall and Security Settings: macOS includes a built-in firewall to help protect against unauthorized network access. Enable the firewall in System Preferences > Security & Privacy > Firewall to add an extra layer of protection.
  • Software Updates: Regularly update macOS and your installed applications. Software updates often include security patches that address known vulnerabilities and enhance privacy protections.
  • Additionally, consider using a virtual private network (VPN) to encrypt your internet traffic and mask your IP address. Be cautious when downloading and installing third-party apps from untrusted sources, as they might compromise your privacy and security.

 

Keep in mind that while these steps can enhance your privacy on macOS, they are not foolproof. It’s important to stay informed about privacy-related news, follow best practices, and exercise discretion when sharing personal information or using online services.

Linux Operating Systems

When it comes to privacy focused operating systems, Linux is the gold-standard. Being open-source, Linux is audited by security professionals around the world who work together to ensure its privacy and security. The collaborative nature of the Linux community promotes transparency, allowing users to scrutinize the source code, identify vulnerabilities, and contribute to its improvement. This collective effort helps build a robust and privacy-focused ecosystem.

One of the key advantages of Linux is the availability of privacy-oriented distributions. These distributions, such as Tails, Whonix, and Parrot Security OS, are specifically designed with privacy and security in mind. They come preconfigured with privacy-enhancing tools and hardened security measures to protect user data and maintain anonymity.

Linux provides users with granular control over their system’s privacy settings. You can fine-tune various aspects of privacy, such as system-wide and application-specific permissions, file and folder access, network connections, and firewall configurations. With Linux, you have the power to customize your privacy settings according to your preferences and needs.

Furthermore, Linux distributions prioritize encryption. Full disk encryption (FDE) options are typically available during installation, allowing users to encrypt their entire hard drive or partitions. This ensures that even if your device falls into the wrong hands, your data remains protected and inaccessible.

Linux is also known for its emphasis on decentralized and open-source software. By using open-source applications and avoiding proprietary alternatives, users can reduce the risks associated with closed-source software that might include hidden tracking or privacy-invasive features. Open-source alternatives, such as LibreOffice for productivity, GIMP for image editing, and Firefox for web browsing, offer transparency and control over the software you use.

In addition, Linux benefits from a wide range of privacy-focused applications and tools available through package managers. These tools provide features like encrypted messaging, secure email clients, VPN clients, password managers, and anonymity networks like Tor. Users can leverage these applications to strengthen their privacy and protect their sensitive information.

Linux also promotes a culture of privacy-consciousness and encourages users to educate themselves about privacy best practices. The Linux community actively shares information and resources regarding privacy, security, and data protection, allowing users to stay informed and make informed decisions to safeguard their privacy.

Qubes OS

Qubes OS is a free and open-source operating system that is designed to provide a highly secure and flexible computing environment. Qubes OS is based on the Xen hypervisor and is designed to run multiple virtual machines (VMs) simultaneously, each with its own operating system and applications.

One of the main features of Qubes OS is its use of compartmentalization. Qubes OS is designed to isolate different applications and activities within separate VMs, which helps to protect against malware and other security threats. For example, users can create separate VMs for browsing the web, checking email, and running other applications, and can configure each VM to have its own set of security settings and permissions.

Another key feature of Qubes OS is its use of a “trusted computing base” (TCB). The TCB is a small set of critical components that are trusted to operate correctly and securely. By keeping the TCB small and tightly controlled, Qubes OS is able to minimize the risk of security vulnerabilities and reduce the attack surface of the system.

Qubes OS also includes several other advanced security features, such as:

  • Memory isolation: Qubes OS uses a technology called “Xen Security Modules” to isolate the memory of each VM from the others, which helps to prevent malware from spreading between VMs.
  • Secure boot: Qubes OS supports secure boot, which ensures that the system only boots from trusted and verified software.
  • Hardware security: Qubes OS is designed to work with hardware-based security features, such as Trusted Platform Modules (TPMs), which provide an additional layer of security.
  • Integrated security tools: Qubes OS includes several security-focused tools, such as the “qvm-firewall” and “qubes-update” tools, which help users to manage and secure their system.

WHONIX

WHONIX is a privacy-focused operating system designed to provide users with a secure and anonymous computing environment. WHONIX is based on the Debian GNU/Linux operating system and is designed to run inside a virtual machine. The system consists of two virtual machines: one is called the “Gateway” and the other is called the “Workstation.” The Gateway is responsible for routing all network traffic through the TOR network, while the Workstation is used for running applications and browsing the internet.

WHONIX is designed to provide users with a high level of anonymity and privacy by using a number of advanced security features. One of the main features of WHONIX is its use of the TOR network, which is a decentralized network that anonymizes internet traffic by routing it through a series of relays. By routing all internet traffic through the TOR network, WHONIX helps to protect users from surveillance and tracking by government agencies, advertisers, and other malicious actors.

In addition to its use of the TOR network, WHONIX also includes a number of other security features to help protect users’ privacy and anonymity. For example, WHONIX uses strict firewall rules to prevent unauthorized network traffic, and it includes several security-focused tools, such as the “Stream Isolation” feature, which ensures that different streams of data are isolated from each other, preventing attackers from linking them together to identify a user’s activities.

Another key feature of WHONIX is its use of virtualization technology. By running the system inside a virtual machine, WHONIX is able to isolate the operating system and its applications from the underlying hardware, providing an additional layer of security. This also allows users to easily create multiple instances of the system, each with its own set of applications and settings, which can be used for different purposes.

TAILS OS

TAILS, which stands for “The Amnesic Incognito Live System,” is a privacy-focused operating system designed to provide users with a secure and anonymous computing environment. TAILS is based on the Debian GNU/Linux operating system and is designed to run from a USB stick or DVD, without requiring any installation on the host computer.

One of the main features of TAILS is its focus on privacy and anonymity. TAILS includes the TOR network, which is a decentralized network that anonymizes internet traffic by routing it through a series of relays. By routing all internet traffic through the TOR network, TAILS helps to protect users from surveillance and tracking by government agencies, advertisers, and other malicious actors.

In addition to its use of the TOR network, TAILS also includes several other security features to help protect users’ privacy and anonymity. For example, TAILS includes the “Persistence” feature, which allows users to save their data and settings to an encrypted volume on their USB stick, without leaving any trace on the host computer. TAILS also includes several security-focused tools, such as the “KeePassX” password manager and the “Tor Browser” web browser, which are designed to provide additional layers of security and privacy.

Another key feature of TAILS is its focus on usability. TAILS is designed to be easy to use, even for users with little or no technical expertise. The system includes a user-friendly interface, and many of its security features are pre-configured, making it easy for users to start using the system right away.

Using virtual machines

A virtual machine (VM) is a software emulation of a physical computer system that enables multiple operating systems (OS) or software applications to run on a single physical machine. In other words, a virtual machine allows you to create and run a “virtual” computer within your existing computer.

Here’s how a virtual machine typically works:

  • Hypervisor: A virtual machine relies on a piece of software called a hypervisor, which acts as a layer between the physical hardware and the virtual machines. The hypervisor manages the virtualised hardware resources and allows multiple virtual machines to share the physical resources efficiently.
  • Operating System: Each virtual machine runs its own operating system, just like a physical computer. The operating system installed on the virtual machine can be different from the host operating system running on the physical machine. This allows you to run multiple operating systems simultaneously on a single computer.
  • Isolation: Each virtual machine is isolated from the others, providing a secure and independent environment. This means that any changes made within one virtual machine do not affect the others, and each virtual machine operates as if it were running on its own dedicated hardware.
  • Resource Allocation: The hypervisor allocates the physical resources of the host machine, such as CPU, memory, storage, and network bandwidth, among the virtual machines. Each virtual machine is typically assigned a specific amount of these resources based on its requirements.

 

Virtual machines are widely used for various purposes, including:

  • Software development and testing: Developers can create virtual machines to test applications on different operating systems or to replicate specific environments without needing separate physical machines.
  • Server consolidation: Virtualisation allows multiple virtual servers to run on a single physical server, optimising resource utilisation and reducing hardware costs.
  • Legacy application support: Virtual machines enable running older or incompatible software that may require specific operating systems or hardware configurations.
  • Sandboxing and security: Virtual machines can be used to isolate potentially malicious software or untrusted applications, providing a secure testing or browsing environment.

 

Popular virtualisation platforms include VMware, VirtualBox, and Hyper-V, among others. These platforms provide tools and features to create, manage, and run virtual machines on a host computer.

For detailed instructions on how to install a virtual machine, read our handy guide here. 

Endpoint Security

Full disk encryption

Full disk encryption (FDE) is a security technology that is used to protect the data on a storage device, such as a hard drive, solid-state drive, or USB drive. FDE encrypts all data on the storage device, including the operating system and any applications or files stored on it, so that it cannot be accessed without the correct decryption key or password.

FDE works by using encryption algorithms to scramble the data on the storage device, making it unreadable without the correct decryption key. When the device is unlocked with the correct key or password, the encryption is removed, and the data becomes accessible.

FDE provides several benefits for data security, such as preventing unauthorized access to sensitive information if a device is lost or stolen. It also protects against data breaches caused by malware or other malicious software, as encrypted data is more difficult to extract and read.

There are several software solutions available for implementing FDE, including built-in encryption features in modern operating systems like Windows and macOS, as well as third-party encryption software. Hardware-based encryption solutions, such as self-encrypting drives (SEDs), are also available and can provide even stronger security.

FDE is an important security measure for anyone who stores sensitive or confidential information on their devices, such as personal or financial data, trade secrets, or confidential business information. It can help protect against data breaches, theft, or other forms of unauthorized access, and it provides a crucial layer of security for protecting valuable digital assets.

Container encryption

Using the likes of VeraCrypt, it is possible to create encrypted containers within your operating system.

These encrypted containers, also known as encrypted volumes or virtual encrypted disks, offer an additional layer of privacy and security for sensitive data within your operating system. Tools like VeraCrypt allow users to create these encrypted containers, which function as encrypted file systems or virtual disks.

When you create an encrypted container with VeraCrypt, you can define its size, location, and encryption algorithm. The container is essentially a file that appears like any other file in your operating system, but its contents are securely encrypted. You can choose a strong passphrase or keyfile to unlock and access the container’s contents.

Once the encrypted container is created and mounted, it behaves like a regular disk or folder within your operating system. You can save files, create directories, and work with your sensitive data as if it were stored in an unencrypted manner. However, behind the scenes, the data is transparently encrypted and decrypted on-the-fly as you read from or write to the container.

The advantage of using encrypted containers is that they provide a convenient and flexible way to secure specific files or folders. You can store confidential documents, financial records, personal information, or any other sensitive data within the container, ensuring that it remains protected even if your operating system is compromised or accessed by unauthorized individuals.

Furthermore, encrypted containers offer portability. You can move or copy the container file to different locations or devices, and as long as you have the necessary passphrase or keyfile, you can access the data within it. This makes it convenient for securely transferring sensitive files or maintaining encrypted backups.

VeraCrypt and similar encryption tools use robust cryptographic algorithms and adhere to industry-standard practices to ensure the confidentiality and integrity of your data. The encryption keys and algorithms used in the process make it computationally infeasible for an attacker to decrypt the data without the correct passphrase or keyfile.

It is important to choose a strong passphrase or use a combination of passphrase and keyfile to secure the encrypted container adequately. Additionally, it is recommended to regularly back up the container file to prevent data loss in case of system failures or accidents.

By utilising encrypted containers within your operating system, you can add an extra layer of protection to your sensitive data, safeguarding it from unauthorised access and maintaining your privacy.

BIOS password

BIOS stands for Basic Input/Output System. It is a firmware that is built into the motherboard of a computer and is responsible for initializing and testing hardware components during the startup process.

The BIOS is the first piece of software that runs when a computer is turned on, and it performs a variety of essential functions, such as detecting and initializing hardware components like the hard drive, memory, and CPU. It also checks for any errors or issues that may be present in the hardware or firmware, and it provides a basic interface for configuring some system settings.

The BIOS is a critical component of a computer’s system and is responsible for ensuring that the hardware is functioning correctly and that the system can boot up properly. It is also responsible for managing power settings, performing system updates, and configuring the boot order of devices like the hard drive and CD-ROM drive.

As computer technology has advanced, the traditional BIOS has largely been replaced by a newer firmware called UEFI (Unified Extensible Firmware Interface), which provides more advanced features and improved security. However, the basic function of both the BIOS and UEFI is to initialize and configure the hardware components of a computer system.

As the BIOS is so important, you should set a BIOS password. This can be done by pressing the BIOS entry key on your computer upon startup, which is usually F2 or F10. The keyboard entry will depend entirely on what manufacturer produced your computer. Refer to the resources for a handy guide on creating a BIOS password. 

Using steganography

What is steganography?

Steganography is the practice of hiding information or data within another file or medium, such as an image or audio file, in a way that is not apparent to the human eye or ear. Steganography has been used for centuries as a way to transmit secret messages, and it remains an effective tool for espionage, cybercrime, and terrorism.

How does steganograpy work?

Steganography works by embedding a message or data within a cover file, such as an image or audio file, in a way that is not easily detectable. The hidden message can be encrypted to provide an additional layer of security, and the cover file can be modified in various ways to make the hidden message even more difficult to detect.

One common technique used in steganography is to modify the least significant bits of a pixel or sample in an image or audio file. Because these bits have little impact on the overall appearance or sound of the file, they can be changed without being noticed by the human eye or ear. By modifying these bits in a specific way, a hidden message can be encoded within the file.

Another technique used in steganography is to use file formats that support multiple layers, such as Photoshop files or MPEG video files. By embedding a hidden message within one or more of these layers, the message can be hidden within the file without affecting the overall appearance or quality of the file.

 

How steganography can be detected

While steganography can be an effective way to hide information and data, it is not foolproof. There are several ways to counter steganography and detect hidden messages.

  • Visual Inspection. One way to counter steganography is to visually inspect the cover file for any anomalies or irregularities. This can include looking for differences in file size, color or sound quality, or any other differences that may indicate the presence of a hidden message. While this method is not foolproof, it can be effective in detecting certain types of steganography.
  • Use Steganalysis Tools. Another way to counter steganography is to use steganalysis tools, which are software programs designed to detect the presence of hidden messages within files. These tools use various algorithms to analyze the file and identify any patterns or irregularities that may indicate the presence of a hidden message. While steganalysis tools are not always effective, they can be a valuable tool in detecting certain types of steganography.
  • Check Metadata. Metadata is information that is embedded within a file that describes various attributes of the file, such as the date and time it was created, the software used to create it, and other information. In some cases, hidden messages can be embedded within this metadata, so it is important to check the metadata of a file for any irregularities or inconsistencies.
  • Use Encryption. Finally, one of the best ways to counter steganography is to use encryption to protect your sensitive information and data. By encrypting your messages and data, you can prevent them from being intercepted or accessed by unauthorized users, even if they are hidden within a cover file using steganography techniques. Encryption can be used in combination with other security measures, such as firewalls, antivirus software, and intrusion detection systems, to provide comprehensive protection for your data and information.

Steganography resorces:

Here are some useful steganography tools:

Sensory camera noise identification

Sensory camera noise identification is a technique used to identify a camera’s unique noise pattern, which can be used to determine if an image or video was captured by a particular camera.

Every camera produces some degree of noise in its images or videos, which is caused by variations in the camera’s sensor and electronics. This noise is typically random and difficult to predict, but it can be measured and used to identify the camera that captured a particular image or video.

Sensory camera noise identification works by analyzing the noise pattern in a series of images or videos captured by a particular camera. The analysis is typically performed using specialized software that is designed to identify the unique noise pattern produced by a specific camera.

Once the noise pattern has been identified, it can be compared to the noise pattern in other images or videos to determine if they were captured by the same camera. This technique is often used in forensic investigations to determine the source of an image or video, and it can be used to verify the authenticity of digital evidence.

There are some limitations to sensory camera noise identification, however. For example, the technique relies on the camera producing a consistent and identifiable noise pattern, which may not always be the case. Additionally, the technique may be less effective for images or videos captured using low-quality cameras or in low-light conditions, where the noise pattern may be more difficult to identify.

Image and file meta data

Image and file metadata are pieces of information that are stored within digital images and files, respectively. This metadata can include a variety of information, such as the date and time the image or file was created, the type of camera or device that was used to capture it, and the location where the image or file was taken or created.

Image metadata can also include information about the image’s resolution, color space, and compression format, as well as any post-processing adjustments that were made to the image, such as cropping or adjusting the brightness and contrast.

File metadata, on the other hand, can include information about the file type, size, and format, as well as any permissions or access restrictions that have been applied to the file.

Metadata is typically stored in a standardised format, such as EXIF (Exchangeable Image File Format) for image metadata or IPTC (International Press Telecommunications Council) for image and file metadata. This standardisation allows metadata to be easily read and interpreted by software applications and operating systems.

Metadata can be useful for a variety of purposes, such as organising and categorising images and files, providing additional context and information about the content of the image or file, and tracking the usage and distribution of the content. However, metadata can also pose a privacy risk, as it can reveal information about the location, device, and user who created the image or file.

In some cases, metadata can also be altered or manipulated, either intentionally or unintentionally. For example, metadata can be stripped or modified during the process of sharing or uploading an image or file, which can make it difficult to verify the authenticity or source of the content. Additionally, metadata can be intentionally altered or falsified in order to deceive or mislead others.

Conclusion: are we heading towards a world without privacy?

In this insights article, we’ve explored a comprehensive list of the technologies that are used to track people online – and more importantly, what you can do to mitigate the risks they pose. In today’s world, it seems like attaining true privacy has never been more important, yet more difficult. 

With that said, this guide aims to provide you with the most comprehensive guide to privacy on the internet. It’s up to the reader whether or not we’ve attained that goal. 

In any event, we encourage you not just to read the content, but absorb it; and then practice it. Security isn’t a passive act – it takes persistent effort to achieve genuine privacy, however we believe that the effort is worth the reward. 

If you’d like to suggest any additions or amends, please contact the editor by emailing: editor@clickheresecurity.com

Fifteen Steps to maximising firefox privacy 🔒✅

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity. 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me 😇

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties 😇