The Privacy, Security, & OSINT Show – Episode 181

This week I discuss considerations for contact management, along with several ways your stored contacts are abused, a privacy concern with Wickr and other apps which use third-party crash reporting and analytics, plus an interesting OSINT tip which could partially identify a target’s iPhone serial number and confirm their Apple ID.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/180-contact-management-crash-reporting-concerns

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at: RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

Casio Data-Cal DC-10

CONTACT MANAGEMENT:

The Problems
Things to Avoid
Better Options
Extreme Options
Importing from Contacts Apps
Considerations

CRASH REPORTING CONCERNS:

Wickr incident

OSINT:

https://www.smartphoneperformancesettlement.com/submit-claim.php

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon: https://amzn.to/2B5svbH

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 180

The Privacy, Security, & OSINT Show – Episode 179

Posted on July 17th, 2020

EPISODE 179-While We Were Away

This week I dive into all of the Privacy, Security, and OSINT topics which I missed while completing the first Privacy Crash Course. There are many important topics to discuss.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/179-while-we-were-away

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at: RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

De-funding Cyber Crimes Units

WHILE WE WERE AWAY:

Cash being refused at stores
US Bank concerns (again)
Listening devices snooping when accidentally triggered
Spycloud public criticisms
Spycloud malware notification
Yahoo employee avoids jail for snooping through your email
Avoiding email scanning services
LinkedIn monitoring your iOS clipboard
Mozilla’s new VPN
Firefox Containers new feature

OSINT:

https://leakix.net

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon: https://amzn.to/2B5svbH

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 179

The Privacy, Security, & OSINT Show – Episode 178

Posted on July 10th, 2020

EPISODE 178-Privacy Crash Course 05: Listener Questions

This week I tackle 50 listener submitted questions about the Privacy Crash Course episodes.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/178-privacy-crash-course-05-listener-questions

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

Listener Question Report

PRIVACY CRASH COURSE 05: LISTENER QUESTIONS:

What Little-Snitch like software do you recommend for Linux?

Do you have any alternatives to MySudo? Twilio often lacks any SMS functionality for virtual numbers, and in some countries charges 14-50$ per number.

What VeraCrypt Encryption option should I use? (AES, Serpent, Twofish, ect.)

we want to download photos from our phones (which as of now are in a faraday bag when they are at or near our house) and we aren’t sure how we will do this. Do we make an exception and turn the phone on in airplane mode at our home so that we can connect a wire to our computer purchased for this purpose? Or do we need to take that new computer to a different location outside of the house everyone time we want to download photos?

It seems that using both ProtonVPN and NetGuard on my Android phone is mutually exclusive (there can be only one VPN app at a given time). Is it so? and if it is, what is the more important app.

What is/are the best method(s) for purchasing a phone as anonymously as possible?

Does Apple have a way of tracking from where I download my OS X iso ? The IP address from where I downloaded it, and from which account? If so, how would you go about obtaining a copy that will not be traced back to you.

Thoughts on Keeper?

What are your recommondation/considerations in regard to FileVault2 keys being retained in memory while the MAC is in the “Sleep” mode? How vulnarable is the MAC in such a situation?
(sudo pmset ‘hibernatemode’ 25)
(sudo pmset destroyfvkeyonstandby 1)

Can you explain the difference between ‘encryption’ when it comes to privacy friendly platforms such as Signal & Wire VS more commonly adopted platforms such as iMessage & WhatsApp?

On your most recent show, you stressed the importance of full disk encryption. I have read on various forums that due to the design and function of SSD, the encryption task should be done first. What should be the proper procedure of encryption for SSD vs HDD?

how would you approach adopting a 2nd android device as a media player/web browser device that will use wifi often and bluetooth occasionally?

I wanted to see your thoughts about: Syncthing / NextCloud / Brew

You’ve said that your iPhone stays in a faraday bag and doesn’t enter your home. At home you use an iPod Touch (I think) via wifi. I’m curious how you utilize the same communication apps on both devices without sharing an Apple ID. For example, if you have MySudo on your iPhone, how do you get the same MySudo data onto your iPod Touch? If, as you say, the devices are never in the same room together, this would prevent the use of a QR code. Wouldn’t it?

Did you go to college and if so what was your major? Also, do you make good money doing privacy stuff.

Once I’ve hardened my iMac and iPhone, how do I harden an iPad?

Were you aware that virustotal is owned by google? I was surprised to hear you recommend knockknock to send executables to virustotal in the latest show. That is a good chunk of unique data to be giving to google.

When creating accounts that require text verification and doesn’t accept VoIP, do you recommend using a paid text verification service

My idea is to buy a crappy, basic phone that just calls and texts, and buy a new SIM card that is in no way identified with my current cell plan. Then, I’ll use that new number, which will NEVER be given out or used for anything else, as the phone number/SMS 2FA for those accounts. I use Google Auth or Yubikey where available, but for example my crypto accounts trace back to a proton mail which cannot be 2FA protected.

You suggest using simple login to avoid having to use your main email address. I have a paid protonmail account. Can I achieve the same thing by creating multiple email addresses in protonmail and using them instead of simple login?

I plan on moving from Android to iPhone. What is the best way to start clean and private? Also what should I do if I plan on purchasing some apps through the app store as well.

is CripText mail a good alternative for ProtonMail.

What is the least stupid way to log into a Google account to both keep it active or do limited things? Email/text forwarding works to get messages from it, but I learned the hard way if you don’t log into the account after a period of time, google will take back your phone number.
IMAP

My daily driver is a Windows 10 home laptop, I can’t replace my Windows OS with Ubuntu at the moment but I do have Ubuntu set up inside of a virtual machine in Windows 10. Does that set-up provide me with any amount of security or does Windows see everything I do inside of VM Ubuntu and send all that data back to Microsoft?

Where to get a Windows LTSC License? Would you recommend it to install on device or in a vm?
(https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise)

You’ve spoken quite a bit about controlling inflow / outflow of data to various telemetry collectors from Microsoft, Apple, etc. I have found using a service like NextDNS.io, or a Pi-hole, or a Winston privacy devie can accomplish the same without needing to configuration individual machines – they simply block DNS resolution to undesirable sites. Thoughts on the two approaches (individual machine config vs. a DNS blocker)?

You recommend Protonmail but admit you use fastmail for your business. What gives? Why don’t you trust PM for your business?

If I want to put Music on my iPhone, I have to import the music into iTunes first, then send to the phone. I also can’t copy music onto multiple phones. There must be a better way?

I recently heard you talk about your Apple laptops. What happened to using Linux? WTF?

You said to be wary of Tutanota since they are in a 14 eyed country but then said not to worry about wire being in the US. WTF?

In episode 177 you indicated that OneDrive was not a good product for those who are privacy conscious. What cloud storage product, if any, would you recommend instead of OneDrive?

SIMPLELOGIN: Is it zero knowledge i.e. if subjected to a court order could they reveal the protonmail forwarding email and all the aliases?

Are you certain (and how) you can trust people that are building LibeageOS or GrapheneOS to not put backdoors in them?

does having multiple separate gmail (or icloud) accounts, including, for example, one dedicated to each important financial account, materially increase security?

If I do Full Disk Encryption for my current Mac computer, all files get wiped out?

What do you think about syncing Keepass’ db with Dropbox on different devices?

Phone numbers that are used in mySudo app– are those vulnerable to SIM swap attacks?

What are your thoughts about the recent negative reviews of Signal due to cloud storage of the PIN protected profile?

How do you configure your uBlock Origin?

You mentioned several mail providers in the email and messengers crash course, but I noticed you never really discuss using MySudo. Is there a reason you don’t really mention using the MySudo email address and instead opt for recommending Anonaddy and Simple Login?

What are your thoughts on sophisticated fingerprinting techniques?

What is best practice for using ones real name in an email address? Should anyone ever consider creating an email address that contains ones real name?

Is there anything in Extreme Privacy that you would not recommend to someone with a security clearance?

How do you pay for mysudo on android when they only accept payment from google play? Also, any way to DL to LineageOS?

Recommendation for Linux laptop?

Recommended email Client if you are in a Windows Environment and want to POP or IMAP your email.

Can you explain the benefit of keeping your files in a Veracrypt container when the computer is already encrypted? Is this just to mitigate your exposure if someone has access to your computer when it is unlocked?

In India we cannot buy a sim card without providing some form of ID card, what to do?

If you use Firefox, but you still Google services (youtube or Maps), how would you recommend to block Google from gathering your info? You brought up a way to “fence in” sites in Firefox, is that the only thing? Would you recommend something else?

Do you recommend the Librem or Pinephone at this point?

Since only one laptop, POP over IMAP? Workaround for lack of POP support with ProtonMail bridge?

BOOK:

Extreme Privacy 2nd Edition: https://inteltechniques.com/book7.html

NEXT WEEK:

Next week I dive into all of the Privacy, Security, and OSINT topics which I missed while completing the first Privacy Crash Course.

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon (Extreme Privacy Book): https://amzn.to/2B5svbH

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 178

The Privacy, Security, & OSINT Show – Episode 177

Posted on July 3rd, 2020

EPISODE 177-Privacy Crash Course 04: Computer Configuration

This week we wrap up the first Privacy Crash Course with a conversation about operating system settings and configurations.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/177a

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

My First PC

UPDATES:

Listener questions episode next week

PRIVACY CRASH COURSE 04: COMPUTER CONFIGURATION:

OOSU10 (Free): https://www.oo-software.com/en/shutup10
Glasswire (Free): https://www.glasswire.com
Patch My PC (Free): https://patchmypc.com/home-updater-download
KnockKnock (Free): https://objective-see.com/products/knockknock.html
Little Snitch ($): https://obdev.at/products/littlesnitch/index.html
Lulu (Free): https://objective-see.com/products/lulu.html
MacUpdater ($): https://www.corecode.io/macupdater/
BleachBit (Free): https://www.bleachbit.org/
Veracrypt (Free): https://www.veracrypt.fr/en/Introduction.html

BOOK:

Extreme Privacy 2nd Edition: https://inteltechniques.com/book7.html

NEXT WEEK:

Privacy Crash Course Q & A

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon (Extreme Privacy Book): https://amzn.to/2B5svbH

Filed under Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 177

The Privacy, Security, & OSINT Show – Episode 176

Posted on June 26th, 2020

EPISODE 176-Privacy Crash Course 03: Mobile Devices

This week I continue the privacy crash course with a detailed discussion about mobile devices. If you apply only one privacy strategy from this entire show toward your own daily habits, this should be it.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/176-privacy-crash-course-03-mobile-devices

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

Mobile Device Scenario

PRIVACY CRASH COURSE 03: MOBILE DEVICES

Concerns

Hardware
Apple: iPhone SE (New version)
Android: Pixel 3a (https://amzn.to/31eRnc0)
LineageOS: https://lineageos.org/
GrapheneOS: https://grapheneos.org/

Apple/Google Accounts

Service
Mint: https://amzn.to/3fZBB91

Settings

Apps
Lockdown Firewall: https://lockdownhq.com/
NetGuard Firewall: https://www.netguard.me/
Firefox Focus: https://support.mozilla.org/en-US/kb/focus

Camera Stickers: https://amzn.to/2NqaW98
Mic Blocker (3.5mm): https://amzn.to/385fDyP
Mic Blocker (Lightening): https://amzn.to/3i1SSQK

VOIP
MySudo: https://mysudo.com/
Linphone: https://www.linphone.org/
Twilio: www.twilio.com/referral/9FGpxr

Faraday Bags: https://amzn.to/2B6XSTJ

Challenges

Extreme Privacy 2nd Edition: https://inteltechniques.com/book7.html

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon (Extreme Privacy Book): https://amzn.to/2B5svbH

Filed under Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 176

The Privacy, Security, & OSINT Show – Episode 175

Posted on June 19th, 2020

EPISODE 175-Privacy Crash Course 02: Email & Messengers

This week I continue the Privacy Crash Course and we tackle truly secure email and instant messenger services.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/175-privacy-crash-course-02-email-messengers

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

Privacy Crash Course Introduction

PRIVACY CRASH COURSE 02: EMAIL & MESSENGERS

Protonmail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
Tutanota: https://tutanota.com/
Anonaddy: https://anonaddy.com/
Simple Login: https://simplelogin.io/
CheckTLS: https://www.checktls.com/
Signal: https://signal.org
Wickr: https://wickr.com/
Wire: https://wire.com/en/download/
MySudo: https://mysudo.com/
Session: https://getsession.org/
Book: Extreme Privacy-Second Edition

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon (Extreme Privacy Book): https://amzn.to/2B5svbH

Filed under Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 175

The Privacy, Security, & OSINT Show – Episode 174

Posted on June 12th, 2020

EPISODE 174-Privacy Crash Course 01: Passwords & 2FA

This week I begin the Privacy Crash Course with a conversation around passwords and 2FA. Afterward, I have some thoughts about the recent concerns regarding Apple IDs and the Brave Browser.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/174-privacy-crash-course-01-passwords-2fa

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

Privacy Crash Course Introduction

PRIVACY CRASH COURSE 01: PASSWORDS & 2FA

BitWarden: https://bitwarden.com/
KeePassXC: https://keepassxc.org/
KeePassXC Browser: https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/
Yubikey: https://amzn.to/2HZlT0Z
OnlyKey: https://amzn.to/2CVUF7l
Authy: https://authy.com/

UPDATES:

https://inteltechniques.com/blog/2020/06/08/apple-id-creation-update/
https://www.coindesk.com/brave-browsers-affiliate-link-controversy-explained

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

Affiliate Links (products we use):
VPN Considerations: https://inteltechniques.com/vpn.html
ProtonMail: http://proton.go2cloud.org/aff_c?offer_id=15&aff_id=1519
ProtonVPN: https://proton.go2cloud.org/aff_c?offer_id=6&aff_id=1519
PIA VPN: https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Fastmail: https://ref.fm/u14547153
Amazon (Extreme Privacy Book): https://amzn.to/2B5svbH

Filed under Podcast, Privacy, Security | Comments Off on The Privacy, Security, & OSINT Show – Episode 174

Apple ID Creation Update

Posted on June 8th, 2020

In my latest book, Extreme Privacy: Second Edition, I explained how I used the web version of the Apple ID creation process through a Safari browser in order to avoid providing a true cellular number. A few readers report that Apple is now demanding a cellular telephone number during any registration process. I have confirmed this once, but it does not always seem to be the case. They appear to accept a landline number but no VOIP options. I have modified page 19 of the new book with the following:

“I create new Apple accounts from within each phone through the prompts presented after initial boot. You can typically delay the Apple ID requirement during the first setup screen, but an account is required in order to download any apps. I provide a generic name, forwarding email account, hotel address, and secure password generated by my password manager (more details on all of this later). If forced to provide a telephone number, I supply the number assigned through the carrier to the device. This may seem reckless, but Apple collects this data from the device regardless. In a moment, I explain my preferred pre-paid cellular provider (Mint Mobile), which can be purchased without providing a true name. The SIM can be activated online if you are unable to install the app due to the lack of an Apple ID account. You will need internet access via Wi-Fi during both processes. I prefer to use public Wi-Fi without a VPN in order to avoid fraud triggers. Conducting all of the setup processes while connected to open Wi-Fi at an Apple store parking lot is ideal. If you plan to purchase apps, obtain a prepaid iTunes gift card with cash from a grocery store. This is usually not necessary because you should possess minimal applications and only those absolutely required.”

Summary (iPhones): I now provide the cell number associated with the device to the Apple ID account, and allow it to be used for Apple’s 2FA. It will be collected and attached to the Apple profile anyway. This is why an anonymous cell plan is so important. I never create an Apple ID for any Apple laptop/desktop computers. An account is not required unless you want to use the App Store, which I never recommend.

The following text was modified on page 50 in regard to Apple ID for non-phones:

“When you create an Apple ID through traditional methods such as the MacOS installation screen, Apple is very likely to demand a cellular telephone number as part of the process. They will also send a verification text to that number which must be entered to complete the registration. When registering online through their website, Apple usually offers an option to enter a landline number in lieu of a cell. This could be a direct line at a hotel, library, or other public building. A public number should only be used for an Apple laptop, desktop, or iPod Touch, and should never be used as part of Apple’s two-factor authentication. You should only use this method when you will never need to access to the number after the initial verification. I do not like that Apple is demanding telephone numbers in order to use their products, but it is the reality in which we live.”

Summary (macOS): I encourage clients to avoid creating an Apple ID for any computer unless it is absolutely necessary in order to use a specific software application.

Filed under Podcast, Privacy, Security | Comments Off on Apple ID Creation Update

The Privacy, Security, & OSINT Show – Episode 173

Posted on June 5th, 2020

EPISODE 173-Extreme Privacy II, Email Updates, & Account Hijacking

This week I discuss the tactics in my new book, Extreme Privacy (2nd Edition), dive into the latest offerings within email masking services, and explain a recent email hijacking threat I witnessed.

Support for this show comes directly from my new book Extreme Privacy-Second Edition. More details can be found at https://inteltechniques.com/books.html.

Listen to THIS episode at https://soundcloud.com/user-98066669/173-extreme-privacy-ii-email-updates-account-hijacking

Listen to ALL episodes at https://inteltechniques.com/podcast.html

or Subscribe at:

RSS / iTunes / Stitcher / Spotify

SHOW NOTES:

INTRO:

Email Account Hijacking

PRIVACY UPDATES:

Simple Login: https://simplelogin.io/

EXTREME PRIVACY-SECOND EDITION

https://inteltechniques.com/book7.html