In the late 90’s my brother, who worked in the area of digital security, told me that anything I did over a network, he could find and publicize in a matter of minutes. He said there were really only 3 choices. You can unplug and not engage, you can try to hide, or you can go through life accepting that what you do is not private. I chose the third option. I know others may have excellent reasons for choosing otherwise, but for me, this was the right path.
Likewise. Privacy has been an illusion for quite a while now for almost all of us.
I use some basic safe hex to reduce my exposure to a drive-by, & mostly assume that whatever I do is trackable by anyone determined to do so.
This article has well known info with some new details. And well enough written that hopefully some of my younger friends will take in the info within it.
I like Pop OS! personally but that's just my personal preference. Pretty much any flavor of 'Nix is going to give you way better, granular control over your system but if you are coming from Windows, I'd suggest Mint or Pop.
I installed Debian on my LG Gram, which was designed to be used with Windows. I have not yet experienced any issues related to drivers or hardware that were not simple to resolve with a few Internet searches.
I guess. 2-3 decades in IT deskside support, including teaching it for 7 years. I mostly work in software now in an entirely Microsoft environment, so my tech skills have been getting a little rusty.
I just bought this new ai-centric mini ‘supercomputer’ to replace my 10 year old xeon workstation with a tesla p40 data center gpu that i have been using for ai experiments the last few years. 15 years ago, this system would have cost me 25,000. I got it for 1000 bucks used on ebay and after some heavy tinkering got it running some fairly large local LLM systems but I am at the point now where I needed to upgrade to something more robust because I am teaching myself how to vibe code since all my developer friends that know half a dozen languages are telling me ‘code is dead’ and that if you don’t know how to vibe code, you are not going to be able to work fast enough to compete so it was basically do or die at this point. i think i made the right choice. the thing was pricey but not TOO bad considering it has 96GB of unified ram shared between the cpu and gpu and I can run MASSIVE 70 billion parameter models on this thing at speeds comparable to what I have been paying 20 bucks an hour to use on the cloud. This tech is going to change everything and people that are not on top of it are going to end up left in the stone ages.
I switched from Win11 to Debian a few months ago. Debian was recommended over any Ubuntu-like flavour by a friend with more IT Sec knowledge than I possess because fewer Snaps make security a bit simpler to implement.
I tried the Wayland GUI, but found it to be a bit buggy.
I am finding the KDE XFCE GUI more stable & much closer to my Win expectations.
My prior linux experience has mostly been on CLI only Ubuntu servers, so there is still a fair bit if a learning curve. But this is definitely a preferable experience with so much less intrusiveness.
Win11 seems to be designed for corporate use in a Microsoft network environment. And it does work well for that purpose. My experience has been that Win11 is not a good choice for personal use.
Just imagine these are things that had to be learned by a mother after her son was kidnapped and trafficked into black market adoption by the Luciferian bloodline hierarchy.
Stargate? Looking glass?
So we say, “we know you [boogeyman] are watching while we ask “Where is Jonah Rief?”
Fantastic overview, I used to be a cybersecurity strategist and still learned some things from this. As you say, it's an ongoing process and we're talking about risk mitigation, not risk prevention.
As a defender you need to be better than your attackers, because one mistake means access, while they can keep probing. State level attacks are impossible to defend against alone. It truly is best to assume that you can't live a private life, if you use current day technology. If I really wanted to disappear, I would use the myriad of devices that already exist. Preferably of a stranger, since internet cafes and hotels are highly surveilled.
That said, you point out risk tolerance which I think is the critical thing here. The basics of security throughout history from castles to cybersecurity has been the onion model. By setting up enough layers, you buy yourself time to respond, rather than react or getting overwhelmed immediately.
So it really depends how deep your security needs to be. And... Security is always just an idea. Creative individuals will always find flaws to exploit. It's why state actors cannot keep their information secure either, without falling back on airgapping digital storage with rigid access protocols.
Yet even that security will fail due to human error and intrigue. In the end, security really just comes down to economics. If you're too expensive to hurt, they'll leave you alone.
Very solid, very comprehensive. This is gold. « sufficiently motivated adversary will still find you »: worse, everyday the bar is lowered regarding the motivation needed, as new publicly accessible and often free tools emerges. I’m not even talking about state actors, of course. Landing in a « person of interest » list is usually game over for most of us. The threat to random people is getting targeted in real life by criminals for what goods or means they expose online. And what most people ignore, as you’ve clearly demonstrated, is that any decent level of anonymity online requires lots of efforts, sacrifices convenience, must be carried out for long periods of time without a single slip up ever, and strongly limit what is possible to do. Most people are not ready for this (I know I am not ready for this!).
Absolutely top notch article. Already knew a bunch of it, BUT have never seen anyone put so many of the key elements and challenges of personal cybersecurity together in a single article better. And I certainly did learn a bunch from it. Thanks for writing and posting it. I have just restacked it and would love to take you up on your offer of a year subscription if possible, as I cannot possibly subscribe to many very valuable accounts here without seeing all of my own Substack income immediately disappear to others accounts. Again, many many thanks for this.
In a free and open society one would not have to worry about bullshit exposed in this article, accept that we do not live in a free, open, and tolerant society, and that were just slaves.
Thank you for this amazing article. It’s utterly disgusting that people are being arrested in England under Britain’s Communications Act for their online posting. I don’t want to be “Margaret”. Do you think that scenario could happen in the US?
I live in America, and am about ready to just shut it all down. I don’t do much but it’s just gotten to the point where everything you read is a fucking lie, so why bother? If I didn’t gave a sick wife,I wouldn’t own a fucking phone.
You said: "And even Tor is not perfect. / Intelligence agencies have demonstrated the ability to deanonymize Tor users through traffic analysis, timing attacks, and compromised exit nodes. The FBI took down an entire dark web hosting provider by exploiting a vulnerability in the Tor Browser. Nothing is bulletproof. The question is always about your threat model and how motivated your adversary is."
Yes. But also, how easy would it be for allied intel agencies to run the vast majority of TOR nodes in much or most of the world and therefore be able in X% of cases to see back to the home IP of any given user?
About the FBI taking down a guy who ran an online marketplace some years ago: That could have been explained by intel or somesuch running the nodes as mentioned above, with the authorities using parallel construction to pretend they had to work hard to get around the onion, so as to protect the reputation of TOR as truly useful instead of being a nearly full-owned honeypot.
I'm not an insider. I don't know these things. Could be wrong. But running TOR nodes around the world should be a desire of intel agencies -- perhaps mil intel also, and others -- and it would be trivially easy for them to do so.
Way over my head. I’ve saved this article for reference that since they already have everything on me, why bother. It’s really difficult for me to grasp bc I thought my VPN would be enough. Looks like I need to review this when I’m not so tired. Thanks for sharing. I’m sure it will benefit ppl who have the ability to grasp the technical details in hopes of privacy that was stolen long ago!
Oh geez… every time I start gathering the courage to speak up more loudly an article such as this one pops up on my feed… wonderfully written and thanks for the heads up. I would never be able to do what’s required, so I guess I’ll just figure out a way to speak in code. Is that something that works, at least somewhat?
Haven’t crawled out of the financial abyss I dug myself into, but will become a paid sub as soon as I can. I appreciate the depth of your articles.
I’m sorry I cannot pay for your valuable insights at this time. I promise to read your articles & share them liberally. Thank you so much for this one.
In the late 90’s my brother, who worked in the area of digital security, told me that anything I did over a network, he could find and publicize in a matter of minutes. He said there were really only 3 choices. You can unplug and not engage, you can try to hide, or you can go through life accepting that what you do is not private. I chose the third option. I know others may have excellent reasons for choosing otherwise, but for me, this was the right path.
Likewise. Privacy has been an illusion for quite a while now for almost all of us.
I use some basic safe hex to reduce my exposure to a drive-by, & mostly assume that whatever I do is trackable by anyone determined to do so.
This article has well known info with some new details. And well enough written that hopefully some of my younger friends will take in the info within it.
Great article ! Is there a linux that you would recommend ?
I like Pop OS! personally but that's just my personal preference. Pretty much any flavor of 'Nix is going to give you way better, granular control over your system but if you are coming from Windows, I'd suggest Mint or Pop.
Thanks. I have been planning for some time to get a linux laptop.
I installed Debian on my LG Gram, which was designed to be used with Windows. I have not yet experienced any issues related to drivers or hardware that were not simple to resolve with a few Internet searches.
You must have some degree of talent then. Debian isn’t exactly the easiest distro to use.
I guess. 2-3 decades in IT deskside support, including teaching it for 7 years. I mostly work in software now in an entirely Microsoft environment, so my tech skills have been getting a little rusty.
I just bought this new ai-centric mini ‘supercomputer’ to replace my 10 year old xeon workstation with a tesla p40 data center gpu that i have been using for ai experiments the last few years. 15 years ago, this system would have cost me 25,000. I got it for 1000 bucks used on ebay and after some heavy tinkering got it running some fairly large local LLM systems but I am at the point now where I needed to upgrade to something more robust because I am teaching myself how to vibe code since all my developer friends that know half a dozen languages are telling me ‘code is dead’ and that if you don’t know how to vibe code, you are not going to be able to work fast enough to compete so it was basically do or die at this point. i think i made the right choice. the thing was pricey but not TOO bad considering it has 96GB of unified ram shared between the cpu and gpu and I can run MASSIVE 70 billion parameter models on this thing at speeds comparable to what I have been paying 20 bucks an hour to use on the cloud. This tech is going to change everything and people that are not on top of it are going to end up left in the stone ages.
I switched from Win11 to Debian a few months ago. Debian was recommended over any Ubuntu-like flavour by a friend with more IT Sec knowledge than I possess because fewer Snaps make security a bit simpler to implement.
I tried the Wayland GUI, but found it to be a bit buggy.
I am finding the KDE XFCE GUI more stable & much closer to my Win expectations.
My prior linux experience has mostly been on CLI only Ubuntu servers, so there is still a fair bit if a learning curve. But this is definitely a preferable experience with so much less intrusiveness.
Win11 seems to be designed for corporate use in a Microsoft network environment. And it does work well for that purpose. My experience has been that Win11 is not a good choice for personal use.
AWESOME information!
Just imagine these are things that had to be learned by a mother after her son was kidnapped and trafficked into black market adoption by the Luciferian bloodline hierarchy.
Stargate? Looking glass?
So we say, “we know you [boogeyman] are watching while we ask “Where is Jonah Rief?”
https://whereisjonahrief.com
Very few can grasp how deep and wide SRA goes. I tend to think you (would) get it.
this was very well organized and well written. i subscribed. Lily, no OF 😂🫶🏻♥️
Fantastic overview, I used to be a cybersecurity strategist and still learned some things from this. As you say, it's an ongoing process and we're talking about risk mitigation, not risk prevention.
As a defender you need to be better than your attackers, because one mistake means access, while they can keep probing. State level attacks are impossible to defend against alone. It truly is best to assume that you can't live a private life, if you use current day technology. If I really wanted to disappear, I would use the myriad of devices that already exist. Preferably of a stranger, since internet cafes and hotels are highly surveilled.
That said, you point out risk tolerance which I think is the critical thing here. The basics of security throughout history from castles to cybersecurity has been the onion model. By setting up enough layers, you buy yourself time to respond, rather than react or getting overwhelmed immediately.
So it really depends how deep your security needs to be. And... Security is always just an idea. Creative individuals will always find flaws to exploit. It's why state actors cannot keep their information secure either, without falling back on airgapping digital storage with rigid access protocols.
Yet even that security will fail due to human error and intrigue. In the end, security really just comes down to economics. If you're too expensive to hurt, they'll leave you alone.
Very solid, very comprehensive. This is gold. « sufficiently motivated adversary will still find you »: worse, everyday the bar is lowered regarding the motivation needed, as new publicly accessible and often free tools emerges. I’m not even talking about state actors, of course. Landing in a « person of interest » list is usually game over for most of us. The threat to random people is getting targeted in real life by criminals for what goods or means they expose online. And what most people ignore, as you’ve clearly demonstrated, is that any decent level of anonymity online requires lots of efforts, sacrifices convenience, must be carried out for long periods of time without a single slip up ever, and strongly limit what is possible to do. Most people are not ready for this (I know I am not ready for this!).
Recommendation; do not interact with any communication you didn't initiate.
Ignore them all.
In other-words if you did not initiate the communication - IGNORE IT.
A simple contract if formed by simply answering an unrecognized phone call from a i.e. debt collector.
Answering your phone is agreement which satisfies the 'means test' for a 'meeting of the minds' and becomes an enforceable contract in most courts.
Completely bypassing the 'discovery' requirement in the 'Rules of the Court' required in any court case.
Court are adversarial in nature and represent debt collectors.
Absolutely top notch article. Already knew a bunch of it, BUT have never seen anyone put so many of the key elements and challenges of personal cybersecurity together in a single article better. And I certainly did learn a bunch from it. Thanks for writing and posting it. I have just restacked it and would love to take you up on your offer of a year subscription if possible, as I cannot possibly subscribe to many very valuable accounts here without seeing all of my own Substack income immediately disappear to others accounts. Again, many many thanks for this.
send me your email via PM
In a free and open society one would not have to worry about bullshit exposed in this article, accept that we do not live in a free, open, and tolerant society, and that were just slaves.
Thank you for this amazing article. It’s utterly disgusting that people are being arrested in England under Britain’s Communications Act for their online posting. I don’t want to be “Margaret”. Do you think that scenario could happen in the US?
Always assumed this to be the case. It is sobering to hear it though.
I live in America, and am about ready to just shut it all down. I don’t do much but it’s just gotten to the point where everything you read is a fucking lie, so why bother? If I didn’t gave a sick wife,I wouldn’t own a fucking phone.
Such an excellent article. Saved and bookmarked.
ABOUT TOR POSSIBLY/PROBABLY BEING COMPROMISED:
You said: "And even Tor is not perfect. / Intelligence agencies have demonstrated the ability to deanonymize Tor users through traffic analysis, timing attacks, and compromised exit nodes. The FBI took down an entire dark web hosting provider by exploiting a vulnerability in the Tor Browser. Nothing is bulletproof. The question is always about your threat model and how motivated your adversary is."
Yes. But also, how easy would it be for allied intel agencies to run the vast majority of TOR nodes in much or most of the world and therefore be able in X% of cases to see back to the home IP of any given user?
About the FBI taking down a guy who ran an online marketplace some years ago: That could have been explained by intel or somesuch running the nodes as mentioned above, with the authorities using parallel construction to pretend they had to work hard to get around the onion, so as to protect the reputation of TOR as truly useful instead of being a nearly full-owned honeypot.
I'm not an insider. I don't know these things. Could be wrong. But running TOR nodes around the world should be a desire of intel agencies -- perhaps mil intel also, and others -- and it would be trivially easy for them to do so.
Way over my head. I’ve saved this article for reference that since they already have everything on me, why bother. It’s really difficult for me to grasp bc I thought my VPN would be enough. Looks like I need to review this when I’m not so tired. Thanks for sharing. I’m sure it will benefit ppl who have the ability to grasp the technical details in hopes of privacy that was stolen long ago!
Mine too.
Oh geez… every time I start gathering the courage to speak up more loudly an article such as this one pops up on my feed… wonderfully written and thanks for the heads up. I would never be able to do what’s required, so I guess I’ll just figure out a way to speak in code. Is that something that works, at least somewhat?
Haven’t crawled out of the financial abyss I dug myself into, but will become a paid sub as soon as I can. I appreciate the depth of your articles.
That’s it, I’m moving to the jungle.
I'm with you on that. I'd love to get out of here.
I’m sorry I cannot pay for your valuable insights at this time. I promise to read your articles & share them liberally. Thank you so much for this one.