Difference between revisions of "Digital Discipline"
| Line 174: | Line 174: | ||
** [https://www.virustotal.com/ VirusTotal] | ** [https://www.virustotal.com/ VirusTotal] | ||
** [https://checkshorturl.com/ CheckShortURL] | ** [https://checkshorturl.com/ CheckShortURL] | ||
| + | |||
| + | == Internet Browsing == | ||
| + | |||
| + | Your browser is one of the biggest privacy and security liabilities you have. It's where tracking, fingerprinting, data harvesting, and identity leaks most often happen. | ||
| + | |||
| + | Using Chrome, Edge, or even regular Firefox is a bad idea. These browsers are: | ||
| + | * Integrated with Google/Microsoft telemetry. | ||
| + | * Constantly leaking metadata and user behavior. | ||
| + | * Designed to “personalize” your experience, which means collecting data on you. | ||
| + | |||
| + | === Recommended Browser === | ||
| + | |||
| + | Use [https://librewolf.net/ LibreWolf] — a hardened, de-Googled fork of Firefox focused on privacy, security, and user control. It disables telemetry, removes pocket/sync features, and comes pre-configured with better defaults. | ||
| + | |||
| + | If you can't use LibreWolf for some reason, Brave is okay — but remember, it's still run by a company, has crypto stuff baked in, and you’re better off with Chromium manually hardened. | ||
| + | |||
| + | === Recommended Extensions (For OPSEC) === | ||
| + | |||
| + | Here are the browser extensions I use, and why: | ||
| + | |||
| + | * '''Chameleon''' 🛡️ – Spoofs your browser profile (User-Agent, timezone, screen resolution, etc.). This helps fight fingerprinting scripts that try to identify you by the uniqueness of your setup. | ||
| + | |||
| + | * '''Mullvad Browser Extension''' 🛡️ – Ensures that your browser uses Mullvad's custom DNS settings and enforces tighter IP handling rules. It works alongside the Mullvad VPN app and helps ensure better isolation between tabs and sessions. | ||
| + | |||
| + | * '''Privacy Badger''' 🐾 – Developed by the EFF, this extension automatically learns and blocks invisible trackers as you browse. Unlike uBlock which relies on lists, Privacy Badger blocks based on behavior. | ||
| + | |||
| + | * '''uBlock Origin''' 🚫 – The best ad and tracker blocker available. Lightweight, actively maintained, and incredibly effective. Blocks ads, malicious domains, and 3rd-party scripts. | ||
| + | |||
| + | (🛡️ = Improves anonymity or reduces fingerprinting) | ||
| + | |||
| + | === Optional Extensions (Not for OPSEC, but still nice) === | ||
| + | |||
| + | * '''Dark Reader''' 🌙 – Just a dark mode extension. Helpful for eye strain, but it slightly modifies page rendering and may interfere with fingerprint obfuscation. Safe to use, but disable it when doing OPSEC-heavy tasks. | ||
| + | |||
| + | === Final Browser Tips === | ||
| + | |||
| + | * Disable WebRTC (this leaks your IP even with a VPN). | ||
| + | * Disable JavaScript when not needed — or use a site-based whitelist. | ||
| + | * Use a fresh browser session for each persona — cookies and sessions can leak cross-context data. | ||
| + | * Never log into a real identity account (e.g. Gmail) from your OPSEC browser. | ||
| + | * Consider using containers or multiple browser profiles for different activities. | ||
| + | |||
| + | ''Your browser is your biggest fingerprint. Treat it like a loaded weapon — always pointed at you unless you take control.'' | ||
| + | |||
| + | === Browser Hardening Settings === | ||
| + | |||
| + | Even privacy-respecting browsers like LibreWolf benefit from some manual tuning. Here are key settings you should change or double-check: | ||
| + | |||
| + | ==== General Settings ==== | ||
| + | |||
| + | * '''Search Engine:''' | ||
| + | Change your default search engine to something that doesn't track you: | ||
| + | **Recommended:** | ||
| + | * [https://www.startpage.com/ Startpage] – Google results, no tracking. | ||
| + | * [https://www.metager.org/ MetaGer] – German-based, privacy-first. | ||
| + | * [https://searx.space/ Searx] – Open-source metasearch engine (choose a trusted instance). | ||
| + | |||
| + | * '''Home Page:''' | ||
| + | Set your homepage to `about:blank` or a custom offline HTML dashboard. No callouts, no leaks. | ||
| + | |||
| + | * '''Do Not Track:''' | ||
| + | Enable “Send websites a ‘Do Not Track’ request.” It doesn’t guarantee anything, but it’s better than nothing. | ||
| + | |||
| + | * '''Prevent Accessibility Services from accessing your browser.''' | ||
| + | This helps prevent outside processes from reading browser content. | ||
| + | |||
| + | ==== Privacy & Security Settings ==== | ||
| + | |||
| + | * '''Cookies and Site Data:''' | ||
| + | * Block third-party cookies. | ||
| + | * Enable "Delete cookies and site data when Firefox is closed." | ||
| + | |||
| + | * '''HTTPS-Only Mode:''' | ||
| + | Set to “Always use HTTPS.” | ||
| + | |||
| + | * '''Permissions:''' | ||
| + | Disable camera, microphone, location, and notifications globally unless you absolutely need them. | ||
| + | |||
| + | ==== LibreWolf-Specific Tweaks ==== | ||
| + | |||
| + | LibreWolf disables telemetry and studies by default, but double-check these in `about:config`: | ||
| + | |||
| + | * `media.peerconnection.enabled` → `false` | ||
| + | Disables WebRTC (prevents IP leaks even behind VPN). | ||
| + | |||
| + | * `geo.enabled` → `false` | ||
| + | Disables geolocation entirely. | ||
| + | |||
| + | * `privacy.resistFingerprinting` → `true` | ||
| + | Makes your browser present a generic fingerprint to tracking scripts. | ||
| + | |||
| + | * `privacy.firstparty.isolate` → `true` | ||
| + | Isolates cookies and cache to each domain — prevents cross-site tracking. | ||
| + | |||
| + | * `extensions.pocket.enabled` → `false` | ||
| + | (If not using LibreWolf) – disables the Pocket integration. | ||
| + | |||
| + | ==== Anti-Fingerprint Pro Tips ==== | ||
| + | |||
| + | * Don’t install too many extensions — ironically, they increase uniqueness. | ||
| + | * Don’t maximize your window — keep it in a non-standard size (fingerprinting includes screen resolution). | ||
| + | * Consider using Tor Browser for extreme cases — but never mix Tor with real identity. | ||
| + | |||
| + | ''Browser hardening isn't a one-click solution — it's an ongoing process. Test regularly, stay minimal, and isolate everything.'' | ||
Revision as of 10:33, 21 April 2025
Digital Discipline
Introduction
Digital discipline means forming smart, cautious habits when navigating the internet. This isn’t just about being "tech-savvy" — it’s about self-defense. Bad OPSEC gets people doxed, stalked, hacked, and profiled.
If you post online, engage in activism, participate in drama-heavy communities, or even just want basic privacy — you need to get this stuff right. What you reveal online builds a profile, and once it's out, you can't pull it back in.
⚠️ Common OPSEC Mistakes That Get People Doxed
- Reusing the same username on multiple sites.
- Signing up for anonymous accounts with your main email or phone number.
- Using weak or reused passwords across platforms.
- Posting real photos or personal details (pets, tattoos, car plates, etc.).
- Forgetting that your friends or followers might leak your info.
- Logging into private accounts while connected to your real IP address.
- Keeping metadata in photos (EXIF can reveal GPS location).
- Talking too much — your habits, timezone, slang, and grammar can all identify you.
Digital discipline isn't just tools — it's behavior. Practice silence and separation.
Why This Matters
Your name, IP address, emails, reused usernames, even slight password reuse — all of it becomes breadcrumbs. Doxing doesn't require "hacking", it just takes sloppy digital hygiene.
Governments, companies, trolls, stalkers, and bots all rely on people giving too much away without realizing it. Digital discipline keeps your personal identity disconnected from your online presence.
Email Hygiene
Trusted Providers
Not all email providers are created equal. Most free services (Gmail, Outlook, Yahoo, etc.) scan your messages, sell metadata, and are integrated with surveillance-heavy ecosystems.
There are a few privacy-first providers worth trusting:
- ProtonMail – Swiss-based, open-source, encrypted, supports aliasing, and has a good mobile app.
- Tuta Mail – German-based, zero ads, open-source, and doesn't rely on third-party trackers.
Tips
- Don’t use your real name when signing up.
- Use different email addresses for different tasks (banking, forums, backups).
- Don’t add a recovery phone number tied to your real identity.
- Turn on 2FA (two-factor authentication) using a TOTP app like Aegis or andOTP.
Example Email Compartmentalization
Personally, I split my emails like this:
- 1 for professional/work – used with real name, tied to employment and banking.
- 1 for named social media – like Instagram or LinkedIn, with some identity attached.
- 1 for named gaming accounts – Steam, Xbox, etc.
- 1 for each anonymous persona – each alias gets a separate inbox (no cross-contamination).
- Several throwaways – for random signups, one-time use, or shady services.
This compartmentalization means a breach or dox of one address doesn’t expose the rest of your digital life.
Usernames
One of the easiest ways to get doxed is by using the same username on every platform. Even a variation of your handle can be enough to link accounts.
Do:
- Use random, unique usernames for each platform.
- Avoid anything tied to your real name, nickname, or birth year.
- Use tools like Namecheckr to check if a handle is used elsewhere.
Don’t:
- Use the same handle on Discord, Twitter, Telegram, Reddit, and forums.
- Leave breadcrumbs by linking accounts together via bio links, reposts, or shared avatars.
Passwords
Bad passwords will get you owned. Reused passwords will get you cross-compromised. Even "unique" ones can sometimes be used to fingerprint you if they’ve been seen in a breach.
Bad Examples
123456james2002hunter2
Better Examples
ScorpionEgg!2951$whiteToad
Best Practice
- Use a password manager to generate long, random, and unique passwords for every site.
Recommended Password Managers
- Bitwarden – Cloud-synced, open-source, works across devices, and allows encrypted sharing.
- KeePassXC – Fully offline, stores data locally, ideal for air-gapped or privacy-heavy setups.
Bitwarden Strengths
- Syncs between devices.
- Browser extension and autofill.
- Easier for beginners.
KeePassXC Strengths
- Fully offline, no cloud syncing.
- You control where your vault lives.
- Supports YubiKey, TOTP, and custom field types.
Use what suits your risk model — Bitwarden is more convenient, KeePassXC gives you full control.
Bonus Tip: Generate passwords with 20–40 characters. Include symbols, numbers, uppercase, and lowercase. Store recovery codes securely. Back up your vault encrypted.
VPNs and Clicking Links
Link Safety
Clicking random links online is one of the fastest ways to get yourself compromised — especially if you're not behind a VPN. Tracking links, IP loggers, malicious redirects, shortened URLs — all of these can reveal your real IP, location, or even deliver malware.
Never click unknown links from strangers, Discord servers, sketchy forums, or unverified emails without precautions.
Why Use a VPN
Your real IP address is a direct line to your rough location and ISP. Every site you visit logs it. Without a VPN, you're exposing yourself — even if you're using Tor, even if you're using incognito.
Use a VPN at all times. Turn it on when your computer starts. Treat it like pants: if you're online without it, you're basically naked.
VPNs:
- Mask your real IP address.
- Encrypt your traffic from your ISP.
- Help bypass geo-blocks and censorship.
- Make tracking and fingerprinting harder.
Recommended VPNs
Most VPNs are trash. They lie about "no logs", they sell your traffic, and they're based in countries that will fold the moment they're pressured.
Use One of These:
- Mullvad – No email required. Pay with Monero, Bitcoin, or cash. Doesn't log. Based in Sweden. Deletes payment history after a short window.
- ProtonVPN – Swiss-based. Transparent. Tied to the same people who made ProtonMail. Also supports anonymous payments.
Avoid These:
- NordVPN, Surfshark, ExpressVPN – They're owned by sketchy parent companies, based in 5-eyes jurisdictions, and likely to log or hand over data under pressure.
Payment & Privacy
You can (and should) pay anonymously where possible:
- Use Monero or Bitcoin via a mixing service.
- Mullvad allows literal cash in an envelope with just your account number.
- ProtonVPN supports crypto and doesn’t require real details.
Server Location Strategy
Where you connect to matters.
- Chile, Iceland, Switzerland – Countries with strong privacy laws and no real alliances with 5-Eyes. Great for keeping your identity safe.
- US, UK, Australia – 5-Eyes countries. Data from these servers can and will be handed over to intelligence agencies if requested.
- Close-by servers – If your only option is a server in your own country, it's still better than no VPN at all. At least it hides your ISP and stops most trackers.
Best practice? Choose a server in a neutral or privacy-friendly country — but close enough to not ruin your speed.
Final Tips
- Turn your VPN on before opening your browser, Discord, or any apps.
- Never log into a personal account from the same IP you use for an anonymous identity.
- Don’t click suspicious links without first checking them via tools like:
Internet Browsing
Your browser is one of the biggest privacy and security liabilities you have. It's where tracking, fingerprinting, data harvesting, and identity leaks most often happen.
Using Chrome, Edge, or even regular Firefox is a bad idea. These browsers are:
- Integrated with Google/Microsoft telemetry.
- Constantly leaking metadata and user behavior.
- Designed to “personalize” your experience, which means collecting data on you.
Recommended Browser
Use LibreWolf — a hardened, de-Googled fork of Firefox focused on privacy, security, and user control. It disables telemetry, removes pocket/sync features, and comes pre-configured with better defaults.
If you can't use LibreWolf for some reason, Brave is okay — but remember, it's still run by a company, has crypto stuff baked in, and you’re better off with Chromium manually hardened.
Recommended Extensions (For OPSEC)
Here are the browser extensions I use, and why:
- Chameleon 🛡️ – Spoofs your browser profile (User-Agent, timezone, screen resolution, etc.). This helps fight fingerprinting scripts that try to identify you by the uniqueness of your setup.
- Mullvad Browser Extension 🛡️ – Ensures that your browser uses Mullvad's custom DNS settings and enforces tighter IP handling rules. It works alongside the Mullvad VPN app and helps ensure better isolation between tabs and sessions.
- Privacy Badger 🐾 – Developed by the EFF, this extension automatically learns and blocks invisible trackers as you browse. Unlike uBlock which relies on lists, Privacy Badger blocks based on behavior.
- uBlock Origin 🚫 – The best ad and tracker blocker available. Lightweight, actively maintained, and incredibly effective. Blocks ads, malicious domains, and 3rd-party scripts.
(🛡️ = Improves anonymity or reduces fingerprinting)
Optional Extensions (Not for OPSEC, but still nice)
- Dark Reader 🌙 – Just a dark mode extension. Helpful for eye strain, but it slightly modifies page rendering and may interfere with fingerprint obfuscation. Safe to use, but disable it when doing OPSEC-heavy tasks.
Final Browser Tips
- Disable WebRTC (this leaks your IP even with a VPN).
- Disable JavaScript when not needed — or use a site-based whitelist.
- Use a fresh browser session for each persona — cookies and sessions can leak cross-context data.
- Never log into a real identity account (e.g. Gmail) from your OPSEC browser.
- Consider using containers or multiple browser profiles for different activities.
Your browser is your biggest fingerprint. Treat it like a loaded weapon — always pointed at you unless you take control.
Browser Hardening Settings
Even privacy-respecting browsers like LibreWolf benefit from some manual tuning. Here are key settings you should change or double-check:
General Settings
- Search Engine:
Change your default search engine to something that doesn't track you: **Recommended:** * Startpage – Google results, no tracking. * MetaGer – German-based, privacy-first. * Searx – Open-source metasearch engine (choose a trusted instance).
- Home Page:
Set your homepage to `about:blank` or a custom offline HTML dashboard. No callouts, no leaks.
- Do Not Track:
Enable “Send websites a ‘Do Not Track’ request.” It doesn’t guarantee anything, but it’s better than nothing.
- Prevent Accessibility Services from accessing your browser.
This helps prevent outside processes from reading browser content.
Privacy & Security Settings
- Cookies and Site Data:
* Block third-party cookies. * Enable "Delete cookies and site data when Firefox is closed."
- HTTPS-Only Mode:
Set to “Always use HTTPS.”
- Permissions:
Disable camera, microphone, location, and notifications globally unless you absolutely need them.
LibreWolf-Specific Tweaks
LibreWolf disables telemetry and studies by default, but double-check these in `about:config`:
- `media.peerconnection.enabled` → `false`
Disables WebRTC (prevents IP leaks even behind VPN).
- `geo.enabled` → `false`
Disables geolocation entirely.
- `privacy.resistFingerprinting` → `true`
Makes your browser present a generic fingerprint to tracking scripts.
- `privacy.firstparty.isolate` → `true`
Isolates cookies and cache to each domain — prevents cross-site tracking.
- `extensions.pocket.enabled` → `false`
(If not using LibreWolf) – disables the Pocket integration.
Anti-Fingerprint Pro Tips
- Don’t install too many extensions — ironically, they increase uniqueness.
- Don’t maximize your window — keep it in a non-standard size (fingerprinting includes screen resolution).
- Consider using Tor Browser for extreme cases — but never mix Tor with real identity.
Browser hardening isn't a one-click solution — it's an ongoing process. Test regularly, stay minimal, and isolate everything.