Online Security & Privacy

From RLSH Wiki

This is a WIP guide on keeping your secret identity a secret online, hiding it completely, and how to prevent yourself from being doxxed.

Basics

There are many, many ways a person can reveal personal information about themselves and even more ways to do so without even realizing it. This makes it all too easy for an attacker to piece together bits of information about you, pulling them all together to find out your name, where you live, work, go on vacation... Things you do not want out there in this line of work, especially if you have angered the government with political activism (like if you live in Hong Kong and have been protesting), or angered a few too many gang members with your reporting their activities to the police.

So let us begin.

Social Media

Your secret identity should preferably not have a social media presence at all. Social media like Facebook is one of the prime places someone investigating you would look for your information. Facebook is a biggie, as it can be more difficult for those who aren't familiar with the ever-changing privacy settings to hide their details. So if you want to hide, avoid having your secret identity on Facebook or any other social media. "But, I want to talk with folks about video games or my cat without using my persona! How can I do that?" Well, you could use a fake name or internet handle that has nothing to do with your RL information or your persona. For better privacy, use a different one for each service. Don't link them.

Don't use your Facebook or Gmail account to login to things. Yes, it's convenient, but it's also invasive.

What if you already have social media under that name? Well, you should quite frankly delete them. Not deactivate, completely delete. See if you can use GDPR to your advantage.

And if you still want to keep the social media up? Do not add yourself on your persona's account! Do not let them mix, no common friends, any of that! That would be one of the worst things you could ever do.

IP Addresses

First off, always use a VPN. You can get them for free and even on your mobile devices. This will not only hide your IP address but secure your connection if you hook up to public WiFi hotspots. Make sure that it is running at all times. Set it to start running on boot, and if your laptop is set to put apps to sleep in Sleep Mode, be sure to check and be 100% sure it's on and connected before opening a browser window. Do not neglect your mobile device here.

ProtonVPN - This is the best VPN hands-down. Don't bother paying a subscription unless you plan to use P2P like torrenting things, but in that case, you can use the Split Tunneling option in Settings to exclude the torrenting app. Split Tunneling is also good for excluding programs that croak on a VPN connection, but be extremely careful with this.

Never use Skype under any circumstances. It is way too easy to get a person's IP address from just the username.

Unhackable

Okay, so you can't be 100% unhackable, but you can sure as hell make it extremely difficult. You have many options to choose from here, and I'll be listing them below.

Password Manager

Using a password manager can help you big-time. Having a complex and unique password for every online account makes it so that it's A) Hard to guess your password or brute-force it, and B) If one account is breached, they can't get into anything else.

LassPass - Free. Has security check-ups that let you know if you're using a weak password or if you have the same one on multiple websites. Has apps on iOS and Android.

2 Factor Authentication

This is a must. Not every service has this, but where available, use it. This way even if your password is leaked, someone can't get in the account without passing that check.[1] Stick with apps or a physical key rather than using a phone number, as phone numbers can be SIM swapped.[2]

Addresses

This one is more tricky. In order to hide your address, you may need to move entirely. Do not tell anyone this address. Do not have mail sent to this address. Use a Mail Drop. This is more secure than a P.O. box because if done right, it cannot be traced back to your name or location.

Never tell anyone your address or the area where you live. A city is fine but a city should be the only thing people know and it isn't mandatory, and depending on your casework, not preferred.

Never send packages to anyone in the mail. This should be obvious.

Phone Numbers

Never give out your real phone number and always call the police with a fake phone number.[3] If you can access a voice changer, always use one in calls you feel you may be recorded in. If you have the option then turn off your caller ID.[4]

Personal Interactions

  • Don't tell your friends and family what you do unless they're in on the operation. They don't deserve to know because what they know will make them a target.
  • Keep your life separate from your work. Associate with different people and never mix the two under any circumstances.
  • Trust absolutely no one with anything you feel could endanger your identity regardless of how trustworthy you feel they could be.
  • Keep your circle small.
  • If you are part of any fandoms, don't mention them as your persona.
  • All the information you give has to be on a need-to-know basis. That includes things ranging from what car you drive to your favorite breakfast cereal. You can't be manipulated into giving more personal data if they can't find a way in. And they will try to find a way in.

Miscellaneous Tips

  • Always use fake names.
  • If you've ever used your real name online and people know it then you already aren't safe.
  • Never send emails with Gmail, Yahoo, or other social/mainstream email addresses. Always use ProtonMail or other services like it.
  • Never click on any links regardless of how official or real they look. Google or otherwise search for the results yourself.
  • Always report anonymously.[5]
  • Avoid news coverage.
  • Avoid getting into trouble with the police. If the police are investigating you while you present them with a tip or during an investigation, cut them off completely. That's why fake phone numbers are so important. You might have to change your phone number.
  • Never download any files from anyone.
  • Never have anything in any pictures you take that can be used to identify anything about you or where you live. Always check, double-check, and triple-check photos before posting or sharing them anywhere.
  • Always process your pictures through other things before uploading them to get rid of the EXIF data.[6][7] This means send them to yourself on Facebook Messenger or Discord or use a program to scrape away the data that could be used to track you.

More Reading

https://ssd.eff.org/

https://www.fastcompany.com/90316917/the-paranoid-persons-guide-to-online-privacy

https://www.theverge.com/2019/9/6/20802082/online-privacy-security-protection-guide-how-to-data-identity-theft-harassment-apple-google-facebook

https://open.nytimes.com/how-to-dox-yourself-on-the-internet-d2892b4c5954

References