How to Protect your Privacy -- Personal, Financial, Digital

Thanks! I would never think of that. :smile:

Protonmail, a popular privacy focused and paid email service, is not quite as privacy focused as a few of its users would like after they’re caught providing logs to the police.

3 Likes

As far as personal privacy, that’s probably very relevant. Unless you’re a high-profile personality, not being the low-lying fruit is probably good enough for most people. If they need a quantum computer to crack your encryption, you’ll likely be fine for a good while longer. When social engineering is much cheaper, faster, and simpler to get results with, it’d be like bringing nukes to a butter knife fight.

2 Likes

As far as I understood, it seemed like they only started logging IP and device info after Swiss authorities received Europol request. Maybe the suspects should have used a VPN and Tor network to setup and access their protonmail account but it shows that even in jurisdictions that are usually less easy get surveillance in, there’s still a way for some authorities to do so and that should not be a reason to suspend your other privacy measures.

2 Likes

My understanding is that TOR isn’t fully anonymous (exit nodes can and have been compromised, and apparently there’s a way to unmask the source even though TOR is supposed to go through multiple nodes such that the third node doesn’t know anything about the first).

And the trick with VPN is similar, you have to find one based somewhere where they can’t be forced to log IPs.

In other words, only sufficiently sophisticated and careful criminals can get away with crime.

4 Likes

Sure Tor node IPs are public so one could tell when they are accessed. And some nodes can be compromised or malicious. And obviously, you’d want a VPN that does not log IP traffic and keep your metadata.

But it seems to me that it’s still better than nothing for non-criminal privacy purposes (accessing regular domains, not .onion ones). Following the bread crumbs through the Tor + logless VPN layers sounds to me like something that would not be done easily or casually. What’s a better alternative otherwise?

1 Like

I suppose VPN+Tor is easy if you know how (sufficiently sophisticated) and remember to do it every single time you need it (careful). You’re right that getting back to the source may be impossible (again assuming truly logless and not subject to the laws of your home country or any of its close (spying) allies), but all it takes is one slip up to lose the protections these services provide.

I can’t think of too many non-criminal privacy purposes. Anonymous activism / whistle-blowing is probably most important. Preventing your ISP from tracking your browsing can be done with either VPN, Tor, or another simple proxy, you don’t need a combination.

1 Like

I think the whole privacy thing is way overblown. But if I were to worry, my worry would be that should I be falsely accused of something, my internet activity may inadvertantly serve as circumstantial evidence.

2 Likes

There are lots of non-criminal reasons to want to keep your information private.

I think you’re including “internet activity” under “your information”. Private from whom? If you want it to be so private as if it never existed, you’ll need to take more steps than just vpn/tor/proxy.

I was only responding to your statement.

You did not specify “internet activity”. Nor did it specify a particular internet activity. If you’re an alphabet golden doodle who is thinking of having a transexual (or whatever the proper/pc term is) operation, you probably want your internet activity researching the subject to be private.

The online mob who might dislike some silly joke you tweeted or offhand comment about pronouns you made 10 years ago and try to track you down and get you fired. There are sadly lots of examples of this, just for having reasonable but currently unfashionable opinions.

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

3 Likes

We were talking about using services like TOR & VPN to hide your internet activity from prying eyes.

I think thit is a slightly different conversation. If you posted your opinions anonymously in the first place (i.e., using a screen name that could never be associated with your real identity), then it would be pretty much impossible for someone to associate it with your real identity, especially years in the future. There’s no need to hide your IP address in this case, because the only entity that may have your IP address is the website where the opinion was posted, and it’s not likely to just give it away so it’d have to be hacked. Your ISP isn’t likely to keep the logs that long (and you might have a different ISP so many years apart), and they won’t just release it without a warrant even if they have it.

As far as the “lots of examples”, I’m only aware of examples where the people never tried (or didn’t try hard enough) to post anonymously in the first place. If you have other examples, I’m all ears (eyes).

Be careful - don’t paint yourself into to tight of a corner. :smile:

If you had several social media accounts for different purposes, you’d probably want your IP to be masked if you’re switching between them. Traffic for different accounts from the same IP address could be all that’s needed to connect the dots to your personal information.

Especially if you hold opinions that you think may be controversial to your employer or local community, or simply detrimental to your business, and don’t want risking getting doxed for them, I think it’d be prudent to assume the worst (say hacked website or ISP). At worst, you’ll be doing all this persona masking for nothing. Personally, I’d rather plan for the worst and be pleasantly surprised when the worst never materializes, than assume everything will be fine and be proven wrong.

But then again that’s through the lens of someone who’s lived under a very invasive surveillance state so I cannot say I’m not too cautious about it.

4 Likes

Sure. I meant to cover that when I wrote:

since posting from the same IP address creates an association.

One way to protect your accounts – don’t fall for new tricks:

2 Likes

Shouldn’t that raise alarm bells? Paypal never calls you, at least never called me.

And if you’re answering the call why would they ask you for a code that they just sent to that same device? If you answered the call, you obviously have the phone in hand. If it’s not you answering the call, the person answering the call can still give them the code, thus not proving anything. If you forwarded the call to another phone, you don’t have the phone they sent the code to with you so you won’t be able to give them the code. In all these cases, asking for a code is moot as far as 2FA because the sender of the code is also the one initiating the call. Why would you fall for such an obviously stupid scam?

Why would anyone pay the IRS with ITunes gift cards? Do you really need to ask why? :slight_smile:

4 Likes

Thanks for the laugh about the paying the IRS with iTunes cards. :rofl:

I’m just constantly surprised by how stupid some people can be. You could literally put a button on a webpage called Ransomware scam 4tw saying “Press me to install ransomware on your device” and you’d have people clicking it like clock work before complaining how they got taken advantage of.

2 Likes