Category: Security

The Privacy, Security, & OSINT Show – Episode 244

EPISODE 244-2021 Show Review & Updates

This week I revisit all show topics from 2021 and offer updates.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

A Modern Dating Horror Story

NEWS & UPDATES:

Last show of 2021

2021 SHOW REVIEW & UPDATES:

200-Stalking, Doxing, and Online Harassment
201-New OSINT Online Investigation Techniques
202-Parler
203-Lessons in Redundancy
204-Radio Frequency Monitoring
205-Five Shows In One
206-Website Analytics Concerns & Solutions
207-VPN Routers Revisited
208-Amazon Privacy & VOIP Updates
209-New OSINT Tactics
210-Lessons in Online Purchases & Domain Expiration
211-Privacy Security & OSINT Potpourri
212-Vital Privacy, Security, & OSINT Updates
213-Hashes 101
214-Offense/Defense: The Capitol Siege
215-When OSINT Is Abused
216-The Consequences of Extreme Privacy
217-Extreme Privacy 3 & New VOIP Strategies
218-Rebate Tracking (Privacy & OSINT)
219-Tracking (Or Getting Tracked) with AirTags
220-Privacy, Security, & OSINT Potluck
221-Anonymous Mobile Devices
222-Spoiler: We all die
223-Secure Messaging Woes (and Solutions)
224-Employment Privacy & Security
225-Lessons Learned This Week
226-Personal Ransomware Exposure
227-Eleven Topics
228-New Privacy & OSINT Strategies
229-Special: Apple neuralMatch
230-Personal Data Removal Revisited
231-This Week In Privacy, Security, & OSINT
232-Anonymous Phone Update Part I
233-Anonymous Phone Update Parts II & III
234-Privacy, Security, & OSINT Updates
235-iOS 15 Privacy Guide
236-Three Topics in 14 Minutes
237-The Huge OSINT Show
238-Tying Up Loose Ends
239-Health Portals, Vulnerability Reports, and Voice Cloning
240-Privacy, Security, & OSINT Updates
241-Listener Questions
242-Privacy News & Updates
243-Emergency Bags


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket Bags & Wallets: https://slnt.com/discount/IntelTechniques
Privacy.com: https://privacy.com/join/ADK9W


The Privacy, Security, & OSINT Show – Episode 243

EPISODE 243-Emergency Bags

This week Jason returns to help me discuss the importance of emergency bags.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Royal Tenenbaums

NEWS & UPDATES:

Privacy.com changes

EMERGENCY BAGS:

Reasons
Vehicle Bag
Home Bag
Empty Bag

First Aid: https://amzn.to/3EFu7ov
Tourniquet: https://amzn.to/3IHZDVw
Trauma Dressing: https://amzn.to/3lLHKLs
Full Trauma Kit: https://amzn.to/308u9WZ
Light Sleeping Bag: https://amzn.to/3oBhbur
Tarp: https://amzn.to/31LjUsg
Duct Tape: https://amzn.to/3DyTrLz
Nylon Ties: https://amzn.to/31D5Uko
Water Filter: https://amzn.to/31JLtSS
Pepper Spray (Large): https://amzn.to/3GphMp1
Pepper Spray (Small): https://amzn.to/3EORR9G
Headlamp: https://amzn.to/3dvLr3B
2TB External SSD: https://amzn.to/3oC5zat


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket Bags & Wallets: https://slnt.com/discount/IntelTechniques
Privacy.com: https://privacy.com/join/ADK9W


The Privacy, Security, & OSINT Show – Episode 242

EPISODE 242-Privacy News & Updates

This week I present privacy-related news and updates.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

None

UPDATES:

Stealer Logs
Masked Card Declines
Video training increase

NEWS:

Blokada Change
Bitwarden Outage
Github Outage
Godaddy Breach
Potential Acxiom Leak
https://privacy.sexy/
Software Refund Phishing


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket Bags & Wallets: https://slnt.com/discount/IntelTechniques


The Privacy, Security, & OSINT Show – Episode 241

EPISODE 241-Listener Questions

This week Jason and I tackle your listener questions.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Mythic Quest

UPDATES:

OSINT 9

LISTENER QUESTIONS:

More and more places are requiring proof of vaccination to dine in, work out, etc. Assuming the person is already fully vaccinated, what do you recommend showing to the establishment without revealing true name, DOB, and other sensitive info?

How do I set a series of "traps" online so I can tell if anyone is trying to research me?

When using a normal (non-VPN) connection, and querying DuckDuckGo.com, my ISP obviously logs that I visited DuckDuckGo.com -- but do they have a log of what my query was?

Going through my online presence and trying to remove my stuff from google. How can you get rid of a Facebook page from google? I’ve delisted the page and can verify the link is no longer available. However, google after months still has not delisted it. Tried googles removal tool but it says the site page still exists which is true, and then rejects my request. What can I do?

For removing content from the list you provide should I ever create an account?

How can I remove myself from this site? www.selfie.systems (many questions like this with other services)

Is it possible to remove your information from FCC websites? I deal with radio. I have tried in the past and always get told that it is public data and that they will not remove the information.

Should I ever use the names of previous tenants of my home for package deliveries? It seems like that would work since the post office has a history of them there.

Are their any privacy concerns using my previous residential address that I no longer live at as the home address on file with a bank while using a PMB as the mailing address in order to comply with the bank's KYC restrictions on PMBs?

Do you know how people that have their PMB address on their driver's license handle the situation when inquired by the police where they live when they get pulled over for a traffic violation? Have you heard of situations when having a PMB address became complicated concerning law enforcement?

In an earlier episode, he stated that nomad residency (for example, obtaining residency in South Dakota using a PMB from America’s Mailbox) as a government employee won’t work. Can he clarify and explain some of the reasons why not?

You advise against buying second hand devices. What’s your advice on selling devices?

I have always had mixed results when trying to activate Mint Mobile 3-month pre-paid sim cards & successfully obtain a working number. Hours of attempts later, what worked several months ago doesn't work the next time. Can you please share specific steps that have proven to work reliably for you?

Is the Librem 5 telephone by Purism worth it? I have a choice of declining the telephone and receiving a refund, or getting the telephone.

I’m having issues getting the camera to trigger on Haven – what sensitivity setting do you use?

Is there a work around to getting privacy cards on graphene if the web link keeps taking you to the google play store?

You mentioned on the show that you see battery drain on the latest GrapehenOS. Mine is terrible. Did you figure anything out?

Recently I uprgaded to Graphene OS 12 on a Pixel 4a, and in the app permission controls a new item appeared: Nearby devices. I can’t disable this for all of the apps. Is there any way to disable this feature? Is there a chance that the device is scanning for other devices beyond the user’s control?

If you dont use iOS any more, what device do you use in your home? -AND- To what extent would a GrapheneOS phone with anonymous service be compromised by connecting to home wifi (with pfsense firewall and VPN) AND using it outside the home? Also what is your opinion on preloaded GrapheneOS phones that try to appeal to privacy customers?

Google Voice is not available for me in the UK, could you suggest any alternatives?

I am using the VOIP Suite application which works fine. For some reason I cannot receive calls on my other VOIP apps any more. What can I do?

VoIP service JMP.chat looks pretty promising, but how does this service compare to the Twilio and Telnyx in terms of user privacy? -AND- Why did you decide to create your own open source SMS/calling solution instead of using the open source SMS/calling jmp.chat which has been under active development for 4 years?

You promote the use of VOIP numbers for privacy, but aren't you now just trusting them instead of your phone provider? I don't get the difference.

How do you talk your friends/family into using secure comms, especially when they are not tech savvy

How does one safely date in today's world, while being privacy conscious and safe? How do you bring up your personal privacy and security to a potential partner?

When it comes to data surveillance, what are your thoughts on (a neighbors) security camera usage capturing & collecting data from private citizens without their permission? Is there anything that we can do to prevent this from happening on private property?

My underage child is on a soccer team and oftentimes parents film their child playing with their phones. I wasn't really that concerned as I assumed the footage probably didn't leave their phones until I found out one of the parents from our team was filming the entire games and uploading each game publicly on YouTube without speaking to the other parents. I'm going to speak to this parent but, before I do, I'm wondering how you would handle that conversation. What's the best way to handle this situation?

I am looking at getting a Protectli Vault and installing PfSense. I use ProtonVPN consistently but notice from time to time certain servers go down for maintenance. If this occurs when using a server that goes down it would seem to be a pain to make changes for the firewall. That said, I have two questions. Is it possible for you to make a change in the settings you've provided to allow for a second or third server option if the primary goes down? -AND- I’m running Pfsense on a Protectli vault with protonVPN and killswitch. How often you see your connection drop?

Should I connect IoT devices to the guest ISP network or guest network behind the firewall?

Whilst you reccomend Proton VPN, is it possible to follow your Protectli / PF Sense approach using PIA or Mullvad? Can you scripts be tweaked or are we on our own?

Do manufacturers design backdoors into their products? For instance, should anyone purchasing a phone that is "made in China" be concerned about unknown eavesdropping methods through hardware exploits?

Does using Twilio Authy 2FA for multiple accounts allow Twilio to join up these accounts into one user?

My bank offers the below 2FA methods, and you can only choose one:
Which do you believe is more secure?

I've been using KeepassXC on windows and linux for a quite a while now based on your recommendations. I've noticed that the update frequency has slowed quite a bit. The last version (2.6.6) was released Jun 12th, 2021. Should we be concerned? -AND- Is it safe enough to use KeePassXC to store 2FA backup codes? If so, why not use it for 2FA TOTP instead of Authy?

I use 100+ character passwords where I can. Will this future proof likely technology advances including quantum computing?

I have been trying to regain access to my Facebook and Twitter account which are linked to a Gmail account which I can no longer access. If I could regain access to the gmail account then I will be able to regain access to my Facebook and Twitter account. Any thoughts and or ideas on the steps I can take to regain access to these accounts?

I have multiple free protonmail email accounts. How could they detect this and are they likely to care?

If I use an email forwarding service, like Blur or SimpleLogin, can my true email address get exposed by clicking on "click tracking" links in these forwarded messages?

Is Fastmail masked email a good alternative for Simplelogin?

Whats your finance/banking privacy strategy?

Do you still use a Chase credit card in an alias name for in-person purchases, or should I just withdraw majority of my money from the bank and only use cash? - AND - Hi, What personal details do retailers see at the back end when we buy something online or in a store with a standard credit card?

Any steps one should take with the new robinhood breach potentially exposing bank account information?

What are some dangers in using someone else as trustee for an interest generating savings account? Additionally, what happens to the savings account when the trustee dies?

Do ios or linux devices send home information about neigboring apartment wifi points that they can ‘see’ (even if they don’t connect) and therefore compromise the location?
-bigger concern is collecting data locally from beacons

What kind of information can iOS apps collect about you and your device even after you deny app permissions such as location access, contacts, microphone, camera, etc.?

I'm considering buying a new iPhone sometime in the future. It's not ideal and since Apple will eventually drop the TouchID button altogether, the only secure method to unlock my phone in public areas (ex. airport) is with FaceID. Do you trust that Apple is storing biometric faces locally on the iPhone and NOT uploading them to their database? Or should I avoid FaceID altogether?

How risky is running an older version of the mac operating system when checking email and doing online banking? I have an older Apple computer that I have not upgraded because I have legacy software.

Does synchronising a Signal account across my iphone and ipod allow Apple to join up the two Apple accounts?

What's your opinion about Signal not being 100% open source anymore?

Do you think TAILS is secure and anonymous?

How do you both feel about the EFF’s decision to deprecate HTTPS Everywhere? -AND-
Is there a reason you no longer mention/recommend the Firefox browser extension HTTPS everywhere in your latest book?

Earlier this year you said you wanted to push out Extreme Privacy V3 early because it was mostly ready and that you had a big project planned for this fall? Did that fall through or is that still in the works?

Do you think privacy for the individual will be better or worse in 10 years time? - AND - What are the emerging technological and social changes that you think will affect your privacy threat model (or that of your clients) over the next couple of years?

How do you personally store your personal pictures, music, movies, home videos and such?

What is your favorite podcast?

You follow only one account on Twitter. Anonymous Content. What is your relationship to them?

Is the 4TB stealer logs still online? AND What specific search terms and/or search locations would yield the best results for locating Stealer Logs to enrich our breach collections?

Would you share some best practices regarding the storage and access to post-filtered breach data? Do you export and convert the output to a different format for use with a database like MariaDB or MySQL? To keep from getting any viruses that may have been in the downloaded files, do you only access the post-filtered data via computers running virtual machines?

I have a two questions for you, would you ever create a data breach search engine project, and would you ever show us your methodology for finding breached data, and open databases?

how many terabytes your server in your office is with all of these breach databases and your work files

What does ur 5-min OSINT workflow look like for quickly looking up someone ur about to meet or talking to. (Specific resources, etc)

How should an OSINT researcher prepare to testify about their findings at trial?

Do you ever find osint tricks that you keep in house? Do you really show all your cards? Can you share one?

Be honest. do you use your OSINT skills on people in your personal life?


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket Bags & Wallets: https://slnt.com/discount/IntelTechniques


The Privacy, Security, & OSINT Show – Episode 240

EPISODE 240-Privacy, Security, & OSINT Updates

This week I present numerous privacy, security, & OSINT updates including OSINT VM updates, Android 12 issues, website security, and stealer log combo files.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

None

UPDATES:

Linux VM Steps

Mac Zenity

GrapheneOS Android 12

Wire Mac
find /Applications/Wire.app -name "*" -execdir sudo codesign --force --deep --sign - {} \;

Website Security
https://github.com/wpscanteam/wpscan
https://hackertarget.com/wordpress-security-scan/
https://gf.dev/wordpress-security-scanner

Stealer Logs Combo Files


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket Bags & Wallets: https://slnt.com/discount/IntelTechniques