Avoid the Hack! :donor:
10 hours ago

ICYMI: T-Mobile #app glitch let users see other people's account info

Just T-Mobile things - but not a breach! (Wow!)

Customers could see other peoples' account information.

Exposed information included:

- Customer name
- Phone numbers
- Addresses
- Account balances
- Partial credit card details

#bugs #technology #opsec #security

12 hours ago

@securingdev it may be easier because they have segmented their networks properly, school from private yes opsec so they can leak without having to cross the streams...

#opsec 😂

(or more likely because their phone is now a fully integrated extra appendage probably use it to open beer bottles too)

Larus Argentatus
2 days ago

Currently trying to build a Threat Intelligence compilation from diferent resources for Activists and Journalist (RSS feeds).

Right Now:
- Counter-Surveillance Resource Center (
- Freedom of the Press Foundation (
- Lucy Parson Labs (
- Privacy International (
- The Citizen Lab (

I am trying to compile specially around: legislation, surveillance, police tactics against opositors

Does anyone have other suggestions add?

#threatintel #activism #journalism #opsec #security

Sooraj Sathyanarayanan
3 days ago

Check out @GrapheneOS, DivestOS, @LineageOS, @iode, @e_mydata comparison chart by Sandbag6736 from Techlore forum. Personal preferences play a big role. 🔍📱 #AndroidROMs #privacy #opsec #cybersecurityawareness

Feel free to comment if there’s any inaccuracies.

PKPs Powerfromspace1
3 days ago

@noelreports silence 🤫 is golden #opsec

Serge Courrier
4 days ago

[#OPSEC|#VPN] [Mullvad] have successfully completed our migration to RAM-only VPN infrastructure - Blog | Mullvad VPN

5 days ago

@c0dec0dec0de @Computer
"Please enter your full name to complete registration" on another xyz social network.
#opsec #fail #dark #pattern #darkpattern

5 days ago

If you ever want to feel depressed about humanity, just do a search for things like #newbadge on your social media platform of choice. I found this one on #Facebook. This guy works for a bank.

Don't be this guy. He could be impersonated, or this picture could be used as a template to forge a fake ID complete with a valid barcode to gain access to bank facilities or infrastructure.

I censored the bar code and ID#, they were visible in the original.

#OPSEC #OSINT #Privacy #Security

A photo of an ID badge for an employee of USAA bank.  The photo has been censored, but you can tell that the badge is a clear, close-up shot including a profile picture, name, employee number and barcode.
🦋 Benjamin West - 🐒🌻
5 days ago

"Canada Post breaking law by gathering info from envelopes and parcels, privacy watchdog says"

And also breaking my Canadian heart. 🍁💔

#Canada #privacy #infosec #opsec

Avoid the Hack! :donor:
5 days ago

Inside #ShadowDragon, The Tool That Lets ICE Monitor Pregnancy Tracking Sites and Fortnite Players

What a piece by @404mediaco

ShadowDragon: Feeding the mass surveillance machine by tracking people who play Fortnite (and probably, I guess, other popular online games), scraping images from BabyCenter (a site for expectant parents), and social media sites for the Black community, the bodybuilding community, and others.

ShadowDragon also has the capability to monitor/scrape information from hundreds of social media sites/games/websites. Who plays a game and expects to end up in an ICE database?

This is insane.

You are being watched.

#privacy #privacymatters #opsec

Gianmarco :archlinux: :kde:
5 days ago

#Telegram strikes again with documents from Dutch authorities saying that they can request hidden phone numbers and IP addresses at any time. Again, Telegram still claims on their homepage that they never gave up any data when that's not true at all, also for past requests like the one from the German police a while back.

#Security #Privacy #OpSec #FreeSoftware #OpenSource

Sooraj Sathyanarayanan
6 days ago

Looking for a reliable TOTP Authenticator app? I've been using @ente auth for a while now.

🔓 #OpenSource - Check out their code at
🔐 End-to-End Encrypted Backups
📱 Multi-Device Support
🌐 Offline Mode
💻 Cross-Platform

Go to to access your codes on your desktop. Make the switch to ente auth and take back control! 🛡️

#CyberSecurity #enteauth #TOTP #MultiFactorAuthentication #TechTips #cybersecurityawareness #privacy #opsec

Avoid the Hack! :donor:
6 days ago

APT36 state hackers infect #Android devices using #YouTube app clones

The fake YouTube apps want some interesting permissions...

... because they're remote access trojans (RATs), of course.

Be extra cautious of apps from third-party sites. Also, as an aside, remember that everything found in any kind of App store is not 100% safe!

#cybersecurity #security #opsec

Mario Breskic
6 days ago

Here I would talk about an interesting thing about our security measures, but I won’t because of #opsec.

And you would reply with ‘huh’ to the thing.

🦋 Benjamin West - 🐒🌻
1 week ago

Feeling like moving to a cabin in the woods with no internet...

Revealed: Israeli Cyber Firms Have Developed an 'Insane' New Spyware Tool. No Defense Exists

"A Haaretz investigation reveals that Israeli cyber companies developed technology that exploits the advertising system at the heart of the online economy to monitor civilians, hack into their phones and computers, and spy on them. This terrifying capability, against which no defense currently exists, has already been sold to a nondemocratic country"

#cybersecurity #opsec #exploit #spyware

1 week ago

I have some experience in tech. I'm happy to answer any #OpSec questions from #SexWorkers unsure about how to remain anonymous (or pseudonymous) online.

Stay safe out there!


*edit: please boost

1 week ago

It is fucking *hard* to have good #OpSec as a #SexWorker.

For example: most digital photos contain metadata that could potentially be used to tie your nsfw endeavors to your normie-world identity, sometimes with dire consequences.

Many platforms (e.g. mastodon) will normalize uploaded photos, stripping all such metadata in the process. However, others (e.g. manyvids) do *not* normalize media, instead offering to customers the exact files you upload, metadata fully intact.

Sooraj Sathyanarayanan
1 week ago

⚠️ Alert: Voice deepfakes are revolutionizing banking scams! Cutting-edge AI lets fraudsters impersonate voices to fool even the experts.

💡Tip: ALWAYS double-check before major transactions & stay in the loop on #cybersecurity trends. #VoiceDeepfakes
#cybersecurityawareness #privacy #opsec

PKPs Powerfromspace1
2 weeks ago

Remember #opsec people! 🤫

Love how he leans into the image of him we adore so much 😅 #budanov 💪🇺🇦

#longwar #LongWayToGo but Ukraine will win, sorry Elon & Co.

Yonei :marisa_dance:
2 weeks ago

Got a question to all you #infosec folks.
I just setup an encrypted USB drive with VeraCrypt (exFAT file system) and i was wondering if there are other cross-platform volume/drive encryption solutions.
For personal use on Linux I’m fine with just using LUKS, but i need something to work on Linux and Windows (that’s why exFAT filesystem choice) to store stuff like private keys and backups. An alternative would be nice since VeraCrypt is not entirely FOSS
Any recommendations?

#encryption #privacy #linux #cybersecurity #security #opsec

Just a quick reminder that you should assume all of your electronic communications are being collected. You cannot assume #privacy if you are carrying electronics or near a phone or other networked device such an automobile, security camera. I also wouldn’t bet too much on #encryption. Security is not a yes/no thing. It depends on how careful you are and the resources of those who want to spy on you. #infosec #opsec #spyware

Free article:

Avoid the Hack! :donor:
2 weeks ago

Revealed: The Country that Secretly Wiretapped the World for the FBI


#privacy #cybersecurity #opsec

Avoid the Hack! :donor:
2 weeks ago

'Evil Telegram' #Android apps on Google Play infected 60K with #spyware

The trojanized Telegram apps to steal user data, collecting information such as user ID, phone numbers, and contacts.

Same thing has happened with #Signal and other messaging apps.

Be cautious of what applications you are installing on your device - whether it is from an official app store or when sideloading. While many forks of well-known #opensource apps exist, there are also malicious ones.

Try to correlate any information on the app + developer descriptiona nd any other known resources. Be aware of the permissions the "fork" asks for. There are some really convincing fakes out there.

#cybersecurity #security #opsec

Sooraj Sathyanarayanan
2 weeks ago

Concerned about #PegasusSpyware? It can access your data and calls without your knowledge. 🚨 To protect yourself, always keep your devices updated, be cautious of suspicious links & consider using #e2ee apps. Stay vigilant, stay safe. 🔒 #CyberSecurityAwareness #opsec #privacy #spyware

Avoid the Hack! :donor:
2 weeks ago

IVPN TunnelCrack #vulnerability assessment

@ivpn completes review/assessment of its apps for vulnerabilities unveiled by TunnelCrack research paper.

IVPN did not receive vulnerability disclosure, but good on them for sharing this!

#privacy #vpn #tunnelcrack #security #opsec

Disaster Autist
2 weeks ago

Are there trustworthy browser plugins to counter fingerprinting (by randomizing reported screen size, time zone, languages, fonts, …)

#opsec #infosec #anonymity #hacking

@Pabamiti @Natanox @nomain @netzpolitik_feed
Wäre #ITsc, #OnfoSec, #OpSec & #ComSec mit "Installier' / nutz' #Signal / Threema / ... !) abgeharkt wären sehr viele Leute arbeitslos und OK-Elemente sürden nicht gebusted werden!

2 weeks ago

I'm still laughing 👀
"just change your password, it's okay" - FBI #opsec

Serge Courrier
2 weeks ago

[#PRIVACY] Extreme Privacy: VPNs & Firewalls

"Today, we published our fourth digital guide in the Extreme Privacy series. This time, it is all about VPNs and firewalls. 9 chapters | 34,000 words | 87 pages | $10. This digital (PDF) supplement to Extreme Privacy continues a new approach to our tutorials. It is not a replacement for the printed book, but a much more thorough guide about VPNs and firewalls."

#osint #opsec

runarcn (golang arc)
3 weeks ago

Any of you masto wizards that know of good account to follow to learn more about #cybersecurity, #infosec, #opsec etc? I'd follow the tags, but I've often found that following big tags drowns my entire feed in one topic

Disaster Autist
3 weeks ago

Lockdown mode works fine, but without JIT, the browser is slower. You can also just disable iMessage. I did. This blocks all NSO group #exploits we have seen to date, and nobody uses it anyway, as they never released an android version.

#opsec #infosec #netsec #vulnerabilities #exploit

Avoid the Hack! :donor:
3 weeks ago

Detecting & Removing #Stalkerware

From @Lockdownyourlife

Stalkerware comes in many different packages (was that a pun?)

#opsec #privacy #security

Mícheál Ó Máille
3 weeks ago

@skykiss Listed as a 'Private Owner' so nothing to see here! 😜 #DemocraciesVsAutocracies 🇹🇼 #OPSEC

Innocently whistling GIF
3 weeks ago
Avoid the Hack! :donor:
3 weeks ago

Okta: #Hackers target #IT help desks to gain Super Admin, disable #MFA

Threat actors apparently targeting IT service desk staff at US-based customers. The goal is to get MFA reset for high-privileged users.

Social engineering help desk staff has been a thing for a while, but IMO it seems to be a not-talked-about-enough subject. A lot of info help desk are told to use for authentication for resets over the phone can be found in leaked information (like a #databreach)

#cybersecurity #infosec #security #opsec

Taka rada #OpSec ode mnie kochani.
Tak, jak wrzucanie fotę to ona jest zestripowana z EXIF.
*Ale* wasz admin dostaje fotę z EXIF, więc jak nie wyczyściliście przed Uploadem to admin wie, gdzie mieszkacie, geolokacje.
Ten admin może się zmienić.
Ten admin może być kraftowy i mieć dziurawy serwer, gdzie zdalnie inni sobie podejrzą.
Ten admin może zostać odwiedzony przez ABW kolegi zazdrosnego kochanka.
Stripujecie foty *przed* wgraniem na cudzy serwer jak chcecie minimalizować ww. sprawy.

the grugq
3 weeks ago

If you’re interested in OPSEC you’ll find this talk extremely informative. Lots of important information on how to operate safely.


3 weeks ago

This is the proper way to secure physical access to your network router.

#OpSec #Network #NetworkSecurity #LordOfTheRings #Tolkein #JRRTolkein

In the forefront of the image is a TP-Link brand ER-605v2 router with three flat 1 foot Cat6 patch cables running underneath it.

Behind it is a 3 gang junction box being used as a patch panel. The left gang has one 8P8C jack, the right gang has two 8P8C jacks, and in the gang space between them is a Christmas Ornament of Frodo Baggins with his sword drawn.
3 weeks ago

@campuscodi @cloudguy good #opsec is harder to maintain than most folks imagine

Avoid the Hack! :donor:
3 weeks ago

#Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook

Still want those backdoors in encryption now?

#cybersecurity #security #opsec

Avoid the Hack! :donor:
3 weeks ago

Your #VPN provider won't go to jail for you for 5 dollars

@ivpn explains how competent service providers can avoid sharing sensitive information about users...

Hint: It involves not collecting/storing that information in the first place. Unfortunately, most VPN providers are not worthy of trust.

(IVPN is pretty great and highly recommended in the privacy community, though.)

#privacy #secuity #opsec

@geist Sorry, aber dass Microsoft nicht wegen illegaler Agententätigkeit für einen ausländischen Geheimdienst zwangsweise geschlossen und des Landes verwiesen wurde sagt doch alles über die lachhafte #ITsec, #InfoSec, #OpSec & #ComSec der Bundesregierungen aus...

Disaster Autist
4 weeks ago

#hacking #protip: You want to see if your #tor / #vpn / #proxychains setup is working? You want to geolocate your exit IP without solving captchas?

Briefly disable your adblocker. At the top right of your screen it should say: “Hot women from [YOUR EXIT NODE] want to meet you!”

#opsec #infosec #netsec #cne

@threatresearch #BlackHat as a #conference has been a #SntichFest for decades.

The sheer fact that they choose to host their event in a location that would literally murder me for existing [and I'm just a white heterocisbinary dude] disqualifies said conference from being anything but a #shitshow that'll make it trivial for the islamofacist regime to earmark anyone with any #ITsec, #InfoSec, #OpSec and #ComSec skills for #surveillance with #Govware like #Pegasus as well as #harrassment...

1 month ago

Something happened and i want to ask the #mastodon #community about it:

1 hour ago, i wanted to get a chocolate bar and a lemonade, so i went to the fancy grocery store…

As i was standing in the aisle picking a chocolate bar, a man down the way faced me and took several phone pictures of me. #safety #security #women #infosec #opsec #scary

Why did he?
Please answer below or in comments.

@enigmatico At least #Microsoft works hard to increase #AttackVectors for #Azure / #Office365 / #OfficeOnline...

But hey, whoever uses that shit has basically given up on #ITsec, #InfoSec, #OpSec & #ComSec anyway and naively believes that jst because "everydoy else does it too" it won't bite them in the ass once @noybeu is done with the #GAFAMs...

Ben Rosengart
1 month ago

@Jaden2 don’t post pictures of crimes on social #opsec

Was lernen wir daraus?

1. Sei kein ekelhaftes Arschloch (also #JulianReichelt)!

2. Wer #Anonymität um jeden Preis will, sollte #InfoSec, #OpSec, #ComSec & #ITsec praktizieren.

3. #Medien können nur dann die eigenen #Quellen (zwangsweise) offenlegen wenn diese identifizierende Informationen hat.

4. #Quellenschutz muss trotzdem gestärkt werden!

Avoid the Hack! :donor:
1 month ago

The Importance of Using Messaging Apps With End-to-End #Encryption, Which Ones to Use and Why

From @Em0nM4stodon

Comparing Threema, Signal, WhatsApp, and iMessage so users can make informed choices for themselves.

#privacy #security #privacymatters #opsec

Avoid the Hack! :donor:
1 month ago

Response to "TunnelCrack" #vulnerability disclosure

From Mullvad @mullvadnet

"TLDR: On Windows, Linux, macOS and Android we are not vulnerable to the LocalNet attack. We never leak traffic to public IPs outside the VPN tunnel. However, on iOS we are affected by this attack vector."

TunnelCrack - tricks the #VPN client into using an attacker controlled IP address in place of the actual VPN server IP + also leaking traffic outside the VPN tunnel.

#cybersecurity #infosec #security #opsec

@sec_yote_agenda yeah, that's very sad and I sincerely hope this doesn't happen to anyone - whether they just wasted time waiting or even took money and ran...

Granted I'm more used in #IT and espechally #ITsec, #InfoSec, #OpSec and #ComSec where a minor fuckup will ruin decades of reputation-building in seconds and it's more or less impossible to recover from that...

So it's quite the opposite...

So #Escrow seems more than reasonable to enshure people ain't paying and/or working for nothing.

Avoid the Hack! :donor:
1 month ago

Guide to Mojeek @Mojeek Operators

Using search operators in the independent and private search alternative, Mojeek.

#privacy #privacymatters #opsec

From Embers
1 month ago

📣 New episode

We spoke with our #fediverse correspondent about the #Kolektiva breach and what anarchists might learn from it, Mastodon #OPSEC, and the growing disillusionment with corporate social media platforms.

Avoid the Hack! :donor:
2 months ago

#Microsoft Visual Studio Code flaw lets extensions steal #passwords

Secrets can be extracted. PoC available. Microsoft won’t be patching because “extensions aren’t expected to be sandboxed in VS.”

#cybersecurity #security #opsec

Avoid the Hack! :donor:
2 months ago

Innocent pregnant woman jailed amid faulty facial recognition trend

Headline says it all.

Not a lawyer but something tells me "My software recognizes your face" shouldn't be the basis for an arrest...

#security #opsec #technology

Avoid the Hack! :donor:
2 months ago

#Zoom revises service terms so it could train AI on user data

Zoom already had #privacy issues, but this is crazy. Zoom wants the right to use potentially confidential/proprietary information to train its #AI model. No opt-out.

#privacymatters #opsec #security #machinelearning

2 months ago

OooOk Fediverse,

what's the best way to follow
#defcon from afar if you don't have a Twitter account. Who to follow on Fediverse. Is there great blogs? Perhaps livestreams on YouTube or twitch?

Please boost

#askfedi #askfedivers #askmsatodon #infosec #opsec #itsec #redteam #blueteam

Avoid the Hack! :donor:
2 months ago

#Mastodon + the #fediverse, which messenger do you primarily use?

Edit: added multiple choice since a lot of us have different messengers for different things. :D

#privacy #cybersecurity #opsec

Avoid the Hack! :donor:
2 months ago

Brave Search removes last remnant of #Bing from search results page

After shedding fallback mixing dependency on Bing/#Google for image/media search, @brave is now claiming to be a 100% independent alternative to “Big Tech search.”

So, now when searching using Brave Search, users should receive results only from Brave’s index.

@Mojeek has competition?!

#privacy #privacymatters #opsec

Avoid the Hack! :donor:
2 months ago

How Malicious #Android Apps Slip Into Disguise

Bug in most Android versions that allows malware to corrupt components of an app, evading detection from scanning tools and being seen as legitimate by the operating system.

(Seems like it’s similar to DLL injection into malicious #windows processes to me.)

Apparently this is commonly used for banking trojans, but other #malware could also exploit this bug to evade detection.


#cybersecurity #infosec #security #opsec

2 months ago

We had a speaker come to school this week to talk about Cyber Safety.

It was essentially #OpSec for teenagers, and it was awesome.

It also contained the phrase "stop sending dick pics, nobody wants to see that" - and lead to the next point: most sextortion cases these days involve teenage boys, cause they're more than happy to send a picture of their penis to strangers on the internet, which makes sextortion so much easier for malicious parties.

Avoid the Hack! :donor:
2 months ago

After talking to #security expert, I deleted all #Chrome extensions: they see everything

User beware. Extensions often have privileged access to your browser, able to see (and potentially phone home) your browsing history or even modify pages visisted. It doesn't help that the Chrome Web Store is rife with #malware and suspicious extensions.

Good advice is to keep installed extensions to a minimum. The only extension I always advocate for is uBlock Origin. :D

#cybersecurity #privacy #opsec

Avoid the Hack! :donor:
2 months ago

In light of the California probe into connected cars and user #privacy, there’s a tool by “Privacy4Cars” which gives “privacy facts” of your make/models. Requires you to know/have the VIN number.

Odds are your new(er) car is something like a #smartphone on wheels.

#opsec #connectedcars #privacymatters

Avoid the Hack! :donor:
2 months ago

Canon warns of Wi-Fi #security risks when discarding inkjet printers

Many many models and submodels of Canon printers retain Wi-Fi settings, which contains data such as:

- IP address assigned
- SSID name (Wi-Fi name)
- Wi-Fi #password
- Network type
- Network profile

This information could allow a threat actor access to a user's Wi-Fi network.

Canon recommends wiping the Wi-Fi settings of the printer prior to letting a third-party access it - such as for repairs, when selling, trading in, warranty RMA, etc.

#cybersecurity #opsec #privacy

Avoid the Hack! :donor:
2 months ago

Hi, (and hi again #mastodon + the rest of the #fediverse )

I have successfully infiltrated your server and will load subsequent toots here for the foreseeable future.

(( DETECTED: #introduction ))

I am the same Avoid The Hack from #birdsite and run the website

Most of this feed is related to #cybersecurity and #privacy - generally for the individuals, families, and the super small organizations out there. I often focus on the intersection between the two.

Sometimes I post advice. Sometimes I share tools. Sometimes I share articles I have written. Sometimes I share articles featuring Avoid the Hack. Sometimes there is humor and memes.

Stay safe out there.

#security #privacymatters #infosec #opsec

@Joseph I've to disagree with @deviantollam on that part solely because #Cyberfacism at the U.S. border necessitates said #ITsec, #InfoSec, #OpSec and #ComSec...

Like even if I wanted to enter the #USA [which I don't considering the fact that more and more states try to criminalize the very existance of several of my mutuals and don't get any repercussions for doing so!] I'd certainly not bring any device with me with any data on it!

Hrefna (DHC)
3 months ago

* Are you sharing a shitposting group with said group of friends? You may only share minecraft memes there, but the mere fact that you have it together links you together.

* Did you all take time off from work the day after planning your op? That information could be put together with information about your meeting to give a strong signal who your planning committee is.

* Did your spouse say on social media about going on vacation?

* Did you share something w/ "72 hours remaining"?


Hrefna (DHC)
3 months ago

It seems timely to talk about what #OpSec is rather than just what it isn't.

OPSEC is about preventing leaks of _metadata_ or _auxiliary data_ in order to prevent revealing your underlying secret. OPSEC is about preventing an adversary from determining your actions from things that are not information about the operation itself.

OPSEC is a process, not a plugin.

For example, if you are worried about plans around an action leaking out, OPSEC asks about elements such as:

Avoid The Hack!
3 months ago

SMS Phishers Harvested Phone Numbers, Shipment Data from UPS Tracking Tool

Benign (and "good") tools can be used to carry out phishing campaigns, such as this #smishing campaign targeting Canadian users who've placed legitimate orders with legitimate retailers.

#privacy #cybersecurity #privacymatters #opsec


Avoid The Hack!
3 months ago

Avoidthehack updates mobile browser recommendations.

Tried to simplify recommendations for #ios and #android, removing some previously recommended #browsers.



#privacy #security #opsec #privacymatters

@SwiftOnSecurity I thought you were using iOS? #opsec ;)

Avoid The Hack!
5 months ago

Getting Started: Basic Personal Cybersecurity for Everyone (3 Easy Tips)

Happy to (finally) something out for people really looking for where to start.

None of these actionable steps for upping your #cybersecurity posture include threat modeling; threat modeling is to be done after taking steps outlined here.

Use #MFA, strong and unique #passwords, and keep your devices/software updated.

Share with your friends!

#infosec #informationsecurity #security #opsec

Gersande La Flèche
5 months ago

Who has written the guide for ensuring your online presence is not used to feed AI?

Qui a écrit le guide pour assurer que ta présence en ligne n'est pas utilisée pour alimenter les IA?

#privacy #ViePrivée #OpSec

Mike Flynn
5 months ago

If you get a sales call about your information security stack, you really don't have to answer their questions about what you are using today.

I bet if I cold-called 100 companies I would have solid information about to attack 75% of them by just pretending to sell them a fake product and asking them what they are using currently and why.

#infosec #cto #security #hacking #osint #opsec

Autonomie und Solidarität
5 months ago

Strategies for Countering Police Access to #DNA Data (Chapter 10)

"#OPSEC is military and intelligence jargon for "operational security" and refers to techniques designed to prevent their people being caught during or after an "operation".
The fact that we have to talk about such things at all when it comes to issues like exercising the fundamental right to freedom of assembly or small acts of civil disobedience is a clear indication of how far the state's mania for security and collection has already developed. It is generally better to invest resources on pushing back the security apparatus than in a technical arms race with state agencies!"

Download: PDF (read, A4 booklet, letter booklet) • TEXT

View Online

#Data #Police #Activism #directAction #Surveillance #antireport

Strategies for Countering Police Access to DNA Data (Chapter 10)

by Gen-ethisches Netzwerk


darunter aufnahme in einem Labor. Teil einer Hand mit Latexhandschuh bei der LAborarbeit

Pretty good security advice for activists on the latest Renegade Cut video. Some of it may feel “paranoid” to the average person but it does make sense to take these steps as an activist who runs a high risk of clashing with law enforcement.

Some of it isn’t realistically possible in some countries, e.g. you can’t get a SIM card from a store without formal identification. A lot of these precautions are also pretty expensive, although some have DIY alternatives.

I’d add one thing he doesn’t mention: don’t carry your burner phone and your everyday phone together while both are active. It’s easy to correlate the two devices when they share enough of a movement profile. Turn your burner phone off (fully disconnected like described in the video) far enough away from your home and workplace so it’s not correlated to where you live.

#security #activism #opsec #surveillance

🆘Bill Cole 🇺🇦
5 months ago

The #Teixeira affair is most unsettling to me in how spectacularly weak the #OpSec was of a dude who was supposed to be a trained military expert. Right behind that is how long it went on with #FBI and #DoD apparently not noticing and/or not taking it seriously enough to nail him before @Bellingcat, @washingtonpost , and #NYT hung him out in public.

Butt Pat Coach
6 months ago

I'm taking my smartphone from the US to the UK. I'm planning on leaving most apps logged in, but removing Nextcloud as that has access to my password safe and other things.

What other #OpSec precautions should a reasonably cautious hacker take?

I don't really have anything to hide, but it would be a huge pain to reset everything just because some TSA minion tried cloning my phone.

@mcc @esther @edaross yeah, that's a general issue in terms of #ITsec, #InfoSec, #ComSec and #OpSec.

That's why one should not manage sensitive stuff on publicly accessible servers.

In fact, every employer I worked for put their repos internally on their own servers and restricted access to only devs within corporate network/VPN to reduce the issue.

Avoid The Hack!
6 months ago

How to stop email trackers from invading your #privacy

@protonmail gives tips for improving your privacy while using email.

#privacymatters #privatebydefault #opsec

Patrick Trocki
6 months ago

Just switched to @protonmail & using it in combination with @simplelogin. While I was at it I also bought a subscription for @mullvadnet & created a mastodon account. I think I made some good decisions this month <3

Also using @bitwarden in combination with a Yubikey.

Any recommendations on #opsec #privacy without sacrificing convenience are welcome :)