Category: Podcast

The Privacy, Security, & OSINT Show – Episode 229

EPISODE 229-Special: Apple neuralMatch

This is a special episode in which I attempt a rational explanation of both sides of the latest Apple child protection features.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Tim Conway Jr.

UPDATES:

None

APPLE NEURALMATCH:

Discussion

OSINT:

None

FRIDAY: Personal Data Removal Revisited


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J


The Privacy, Security, & OSINT Show – Episode 228

EPISODE 228-New Privacy & OSINT Strategies

This week I present two new privacy strategies, including a new opt-out platform and macOS telemetry minimization, plus the latest privacy news and a new OSINT tip about government database downloads.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

IngramSpark

UPDATES:

GrapheneOS Pages
MySudo Short Code Support

NEW PRIVACY STRATEGIES:

site:privacyportal.onetrust.com intitle:"privacy web form"
site:privacyportal.onetrust.com intitle:"privacy web form" thomson reuters
https://privacyportal.onetrust.com/webform/dbf5ae8a-0a6a-4f4b-b527-7f94d0de6bbc/5dc91c0f-f1b7-4b6e-9d42-76043adaf72d
site:privacyportal.onetrust.com intitle:"privacy web form" "marriott"
https://privacyportal.onetrust.com/webform/0894cd2c-85ba-4d0b-8ec1-e18f3735e0e0/e4eef8ab-3071-4679-a374-5847fbe290de
site:privacyportal.onetrust.com intitle:"privacy web form" "onetrust privacy webform"
https://privacyportal.onetrust.com/webform/37bcc497-a196-48f1-a08b-e897b5a77859/08a01c64-41fd-4b4e-9d42-cde44371a422

MINIMIZING MACOS TELEMETRY:

https://inteltechniques.com/blog/2021/08/03/minimizing-macos-telemetry/

OSINT:

NPI: National Provider Identifier
https://npiregistry.cms.hhs.gov/
https://download.cms.gov/nppes/NPPES_Data_Dissemination_July_2021.zip
https://download.cms.gov/nppes/NPPES_Data_Dissemination_July_2015.zip

NEXT WEEK:

Personal Data Removal Revisited


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J


Minimizing macOS Telemetry

Both Apple and Microsoft collect hundreds of user metrics when we use macOS and Windows operating systems. They receive constant data about the apps we open, our location, any network configurations, connected devices, and our overall behaviors. This is why I never associate an AppleID with my Macbook Pro. I install software through Brew and have no need for the App Store. This prevents Apple from storing telemetry from my computer within an Apple account which eliminates much of the privacy invasion. However, this does not prevent Apple from collecting data from my machine during every minute of usage. For that we need a network firewall such as Little Snitch or Lulu.

I have explained Little Snitch in my books and on my show. It is a premium ($) product which I have used for many years. Lulu is a free option which may also suffice for most users. For this demonstration, I explain my actions through Little Snitch, but you could probably replicate with Lulu. Never install both Little Snitch and Lulu! Pick only one.

Little Snitch allows us to block network connection within specific applications. I have previously explained how I block Microsoft Office and Adobe products from sending out any data during usage. This prevent Microsoft and Adobe from knowing the names of files I am creating, my IP address, and other sensitive data. This is the traditional purpose for apps such as Little Snitch. However, we can use these apps to minimize much of Apple's invassive telemetry if we are willing to push the balance of privacy versus functionality.

First, I modified Little Snitch's default system setting within the "Rules" menu. You cannot delete the rules which allow basic macOS and iCloud functionality, but you can disable them by unchecking the options as seen below. This will immediately prevent iCloud and online Apple services from functioning properly, but I don't mind. Since I do not have an Apple ID associated with my machine, I am not using iCloud anyway.

You will likely now begin receiving popup messages from Little Snitch asking if you want to allow specific connections, such as "itunescloudd" attempting to connect to icloud.com. Even if you never use iTunes, iCloud, or Apple Music, your Mac computer is constantly sending data to Apple servers about your online activities. I believe this should be blocked. Below are the various Apple services which I blocked. While I could have blocked "All" outgoing connections for these apps, I usually choose to only block the domain which is trying to be accessed. This way, I can be alerted if a new domain is trying to be reached. In the following screen captures, you can see that I am blocking data from being transmitted from the App Store, Find My App, Music, News, Notes, Podcasts, and Stocks. Obviously, you would not want to do this if you use any of these apps. I do not. Furthermore, I am blocking data from being transmitted by underlying services such as calendar, commerce, cloud, games, and parsce-fbf (Siri).

There were a few settings which I did not disable, such as trustd (confirms security certificates for apps), timed (synchronizes time), softwareupdated (updates operating system), and a few others. I also had a lot of connection problems when I completely blocked mDNSResponder. Therefore, I allowed my DNS (1.1.1.1) but blocked everything else, as seen below. This prevents Apple servers from receiving data sent from software but allows those applications to connect to the internet.

This does not prevent 100% of Apple telemetry, but it eliminates much of it. I do not claim that these settings are optimal or appropriate for everyone. I only share the Apple telemetry which I blocked without limiting any daily functionality for my usage. Expect several annoyances as you find your perfect settings. I plan to continue further manual blocks until I begin breaking things again. More details on my show this Friday.

The Privacy, Security, & OSINT Show – Episode 227

EPISODE 227-Eleven Topics

This week I present Eleven assorted topics surrounding privacy, security, and OSINT including a Pegasus recap, ID.Me challenges, more Airtag concerns, the Protonmail audit, results from a ProtonMail search warrant, new uBlock Origin features, another email masking option, upcoming Google Voice changes, GrapheneOS updates, Librem 5 phone refunds, and a new NextDoor OSINT tip.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Mark Herring

UPDATES:

Online Video Training Price Increase
Ransomware Breach Update
"Watermarked" IDs

ELEVEN TOPICS:

Pegasus
https://inteltechniques.com/blog/2021/07/22/diy-pegasus-spyware-scan/

ID.me

AirTags: https://lukaszkrol.net/airtags_stationary/

Protonmail Audit: https://protonmail.com/blog/security-audit/

ProtonMail Search Warrant

uBlock Origin Updates

DDG Email Forwarding

Google Voice SMS Forwarding

GrapheneOS Sandboxed Google Play

Librem 5 Refunds

OSINT:

NextDoor
Settings > Neighborhoods > Explore Neighborhoods


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J


Personal Ransomware Exposure

Note: This post is a supplement to the podcast episode with the same title located at https://soundcloud.com/user-98066669/226-personal-ransomware-exposure.

When we think about ransomware victims, I suspect most of us think about companies having their data encrypted and being extorted for Bitcoin payments in order to obtain the decryption tool which will unlock their documents. With more companies possessing proper backups due to the awareness of this criminal activity, we are now seeing ransomware groups focus more on exposure of data instead of decryption. This presents a new problem for all of us. It is now OUR data which is often exposed to the world when companies refuse to pay the ransom.

To be clear, I never support or encourage ransomware payments. However, I do support resistance when companies and government institutions demand our information and then store it insecurely. On my show, I talk a lot about my methods to sanitize my personal information when requested because I know it is likely to appear online due to poor privacy policies or accidental exposure. Let's take a look at some recent ransomware data dumps which are now publicly available and may be leaking YOUR personal details.

Accountants often demand to store copies of IDs and tax forms on your behalf. My account/attorney rolls his eyes when I insist on storage within encrypted containers and transmission only via encrypted email. I believe this is all justified. Clients of a California law firm now have all of their data exposed within a ransomware dump made public last week by a group called "Clop".

This includes tax forms displaying names, DOBs, and SSN, as seen below.

This is the main reason I insist that my attorney either store data within a secure encrypted container or allow me to be responsible for storage of my own docs.

Employers demand tax forms from us to legally pay us, but then store them with the same security as the rest of their daily documents. The following is one of many employee tax forms collected by a nutritional foods company which was hit with ransomware this year by a group called "Clop" which is now publicly available.

This is one of the many reasons I conduct all business in the name of an LLC and only provide EINs issued by the IRS for all transactions.

Universities and colleges demand our personal details and then include them within documents stored insecurely. The following Miami university breached document publicly discloses full name, address, DOB, ethnicity, phone, cell, email, and relatives. I suspect people search websites will soon start including ransomware dumps within their infrastructure.

A Colorado school went further by releasing class schedules and grades after they were hit with ransomware.

Digging into the files further identifies every student's overall GPA which allows the public to now monitor his progress as a student.

I have no secure options for this problem. We have no control over school storage of our data.

All of the forms your doctor or dentist makes you sign are rarely securely stored. The following redacted partial form was released after a dentist office refused to pay a ransom to a group called "Conti" and terabytes of data were exposed online.

This is the reason I always resist signing unnecessary paperwork and scrutinize HIPAA release forms. We cannot refuse everything, but we can minimize our exposure.

The apartment or home you have leased includes numerous contracts. When the property management company, in this case a business in Canada, gets hit with ransomware and ignores the extortion demands, all documents get released publicly.

This is one of many reasons I title any home ownership or lease within the name of a trust or LLC.

Physicians, surgeons, and dentists often capture digital photographs of various conditions. A hospital suffered a ransomware breach by a group called "Vice Society" and did not pay the criminals. As a result, all of their stolen data was published to the internet, including images of their patients' illnesses, including the following redacted image.

This is one reason I SOMETIMES ask doctors to either avoid unnecessary images or delete them after any procedure is complete.

If the images present within the data dump were not enough, a Word file titled "Login and Passwords" is included for access to third party services. I may or may not have confirmed that all of the passwords still work. This is why I never recommend storing passwords locally in an unprotected document, and only recommend locally-stored secure password managers with encrypted data.

Since my company often assists clients with ransomware attacks, I find the chat logs between businesses and the criminals especially valuable. Many of these logs are stored within the victim computers and become part of the data dump through the offender's website. The following is a partial display of a chat between a dermatologist office and the criminals who attacked their network. These can be a great source of education before engaging with ransomware criminals.

Many ransomware data leaks contain full Outlook PST files which include every incoming and outgoing email associated with a specific email address. The following is a partial list of these files, each several gigabytes in size, downloaded from a ransomware publication after a city refused to pay the extortion. The content of these files is incredibly sensitive.

This is why I consider every email I send to be public information. I never send anything I would worry about becoming publicly available. I reserve sensitive conversations for E2EE ephemeral messaging.

The next time a business demands your personal data or a copy of your ID, consider this post. When they ignore your resistance to provide personal details which are not required for the business being conducted, explain your concern through these examples. When your friends and family call you paranoid or difficult for wanting to keep your information private, know that you are not alone. If you would like much more information about the ways I protect the privacy and security of my clients, please check out my book Extreme Privacy.