Operating Systems (OS)
Ultimately, no action performed on a given piece of software can be truly considered safe if its code cannot be audited. There have been hardware security issues (see the
exploit on Intel CPUs, for example) as well, but most people would not go to the length of
buying a fully open-source computer.
The most commonly used operating systems are Windows, OS X, and GNU/Linux. Since Windows and OS X have backdoors (secret methods of bypassing authentication/encryption) and are not open-source, they are inherently unsafe to those who are concerned about adversaries who can potentially gain to backdoors and other exploits (such as Microsoft/Apple employees, governments, advanced hackers, etc).
A Czech journalist discovered that
everything typed on a computer using Windows 10 is sent to Microsoft every 30 minutes. As shocking as this may be, this practice was in use as far back as Windows XP, although it was then stored locally rather than being sent directly to Microsoft.
You should consider using one of the many distributions (distros) of Linux available. For a user new to Linux, I would suggest using
Linux Mint or
Ubuntu. For those more technologically savvy or security-minded, I would recommend
Debian,
Fedora, or
Qubes, but there are countless distros available for use as well. Another bonus for using Linux over Windows is that the chance of being infected with a virus is reduced to nearly zero, since you have to authorize any software being installed with your administrator’s password. Most malware is written to target Windows computers.
If you are forced to use Windows due to software compatibility issues – many games and some programs are not optimized for Linux – I cannot stress enough that
Microsoft is more than willing to work with the NSA and shouldn’t be trusted. Consider having a separate computer solely for gaming if your financial situation permits (and if you can afford that, you can afford to be a member or supporter to the National Alliance).
Web Browsers
Firefox
Firefox is free software developed by Mozilla. When
configured properly it is a secure web browser, however when vanilla (unaltered), Firefox can be considered to be spyware – whenever vanilla Firefox is started, and whenever you access a website, it pings ("phones home") back to their servers, for example. Otherwise, Firefox is considered by many to be the best web browser.
GNU IceCat
GNU IceCat is a fork of Firefox that is more private and secure than Firefox and it contains several privacy-protecting features. IceCat makes no unsolicited connections when you run it. Only available on GNU/Linux.
Tor Browser
Tor Browser is a privacy focused web browser that is used to access the internet through the Tor Network. Connections through the Tor network are much more private than normal connections as you do not have an IP address that is associated with you. While spyware services can tell that you are connecting from the Tor network, their ability to identify and profile you is greatly reduced. However, it is important to note that all exit internet traffic is definitely being monitored, so do not use for internet use that is directly linked to your true identity (banking, social media under your real name, etc) on websites that do not have
at least 2048-bit HTTPS encryption.
Otter Browser
Otter Browser is a free, open-source web browser that aims to recreate the best aspects of the classic Opera (12.x) UI using Qt5. Otter Browser makes no unsolicited requests at all. It is fully open source.
Avoid:
Internet Explorer, Microsoft Edge, Google Chrome, Opera, and Yandex Browser.
Web Search
Startpage
Startpage is a search engine hosted in the USA and the Netherlands that provides you with anonymous Google search and image results through a free proxy.
DuckDuckGo
DuckDuckGo is a search engine hosted around the world that provides you with anonymous search results from various sources. There is also a
DuckDuckGo hidden service available for Tor users. Be advised that this was created by entrepreneur (((Gabriel Weinberg))).
Avoid:
Google, Microsoft Bing, Yahoo, Yandex
Voice-Over-IP (VOIP) Clients
No, Skype and Google Voice are not safe at all.
Mumble
Mumble is an open source, low-latency, high quality voice chat software primarily intended for use while gaming. Uses
PGP authentication by default.
Jitsi
Jitsi – "A real Skype alternative using standards compliant FLOSS." Supports text encryption with OTR and audio/video encryption with ZRTP. Downside is being bulky Java.
Tox
"Tox is easy-to-use software that connects you with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is completely free and comes without advertising – forever." It's still in beta and has some bugs but works overall.
Jami
Designed for the general public as well as the industry, Jami aims to provide all of its users a universal communication tool, free, secure and built on a distributed architecture requiring no authority nor central server to operate.
Riot
"Riot is for everyone, from casual chat to high powered collaboration." It is a secure conference room that allows users to chat, share files, and make video/voice calls.
Avoid:
Discord, Facebook, Skype, TeamSpeak, Ventrilo
Email
Unencrypted email should be considered as private as a postcard.
When you send an email, it is sent to your email server (called a SMTP relay server). By default, the transmission of data is not encrypted. Once it has arrived at the your server, it has to be stored. There is no assurance that it will be encrypted here. It then gets sent to the recipient’s email server, and then waits there until the recipient is ready to pick it up. At each step of the email process, there is no certainty that the data will be safeguarded.
You can
run your own mail server, but using a
privacy-conscious email provider while utilizing PGP encryption (more on this later) is enough for most threat models.
One alternative to emails is
Bitmessage, which is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers. Bitmessage encrypts each user's message inbox using public-key cryptography and replicates it inside its P2P network, mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and allow the network to operate in a decentralized manner.
Add-ons
The following list of addons is what I would recommend, and is based on the implication that the individual is using Firefox. Other browsers may not be compatible.
uBlock Origin
Currently the best add-on for hiding ads online. Make sure you choose this one over uBlock Plus or any other varient, as many other ad-block addons have an advertisment “whitelist” – which are ads that are considered “non-intrusive” (ie, have been paid off by advertisers to keep their ads from being hidden).
AdNauseum
A more aggressive anti-advertisement add-on, AdNauseum goes a step further and clicks on every ad detected before hiding it. This means that you not only hide eye-sore advertisements and pop-ups, and protect yourself from potential malware in malicious advertisements, you also end up costing the advertising company money (as they typically charge per click). There is also an “ad vault” setting that shows which ads have been blocked at which time and how much money you have cost advertisers. Since February of this year, for example, I have silently charged advertisers just over $2100 in ads that I never even saw.
- AdNauseum stats over the past 7 months
- AdNauseum.jpeg (49.68 KiB) Viewed 3657 times
Using both adblock add-ons together has blocked virtually every ad I would have ordinarily seen online.
Cookie Auto Delete
This add-on automatically deletes your cookies x seconds after closing a tab (can be specified in the settings). This is important, as cookies contain important identifiable information such as logins and passwords. Many cookies are also used to track your internet history without your consent or knowledge, so this is effective at stopping some trackers.
Smart HTTPS
Websites without https encryption protocols send all information entered onto the website in cleartext, which permits any eavesdropping adversary to view and tamper with any and all content – including passwords, credit card information, mailing addresses, etc. This add-on will check if the website you are accessing has such encryption, and if so, will automatically enable it. Note that while the TLS/SSL encryption used to change http to http
s is generally effective against most threats, the NSA and other highly skilled adversaries have been known to crack it fairly easily – SSL in particular.
Privacy Badger
Automatically blocks invisible trackers hidden on websites. Ever wonder why a web search for a particular vehicle, or
BF Goodrich tires will cause related ads to pop up for you? Trackers that lay hidden on most websites are datamining you. For example, on
Cloudflare’s website, Privacy Badger reveals 6 hidden trackers including
Adroll,
Bing,
Bizible,
Google, and
Heap Analytics. These aforementioned trackers are just a few of countless spy companies out there that create profiles of you and your browsing history, and sell it to whoever will buy it – namely, advertisers and government agencies. You can decide in Privacy Badger’s settings whether or not to allow or block any given tracker.
- Privacy Badger addon on Cloudflare's website
- cloudflare privacy badger.png (20.93 KiB) Viewed 3657 times
NoScript
NoScript blocks Java, JavaScript, Flash, and other plugins unless given the “OK” by you. JavaScript is notoriously awful from a security standpoint, as it is not difficult for adversaries to exploit a user through Cross Site Scripting (XSS), SQL/NoSQL injections, access control issues, session management issues, unsafe use of cryptography, error handling/logging issues, keystroke logging, etc. Unfortunately,
over 95% of all websites use JavaScript, including Google, YouTube, Wikipedia, Amazon, and yes, even National Vanguard and White Biocentrism. As such, blocking JavaScript altogether would make most websites look broken, and would make many unusable. Therefore NoScript has a steep learning curve in order to whitelist trustworthy websites (such as your bank and National Vanguard), while blacklisting untrustworthy websites (such as Google and Moat.com). It is also possible to temporarily allow JavaScript to run on a given website.
- NoScript addon on the National Vanguard website
- national vanguard noscript.png (39.52 KiB) Viewed 3657 times
Canvas Blocker
Websites can fingerprint your browser’s unique settings and add-ons using JavaScript. Canvas Blocker tries to prevent this from happening, making it more difficult to be tracked online. You can check out how uniquely identifable your browser is
here. Note that fully disabling JavaScript makes this add-on pointless.
Decentraleyes
"Websites have increasingly begun to rely much more on large third-parties for content delivery. Canceling requests for ads or trackers is usually without issue, however blocking actual content, not unexpectedly, breaks pages. The aim of this add-on is to cut out the middleman by providing lightning speed delivery of local (bundled) files to improve online privacy."
Tails Verification
Used to verify that you downloaded an unaltered copy of
Tails. The best way to prove your copy is original and hasn’t been tampered with is to verify the PGP signature yourself, but as most people are unfamiliar or uncomfortable doing so, this add-on does the next best thing. Obviously not useful if you do not use Tails.
Startpage
Adds the option to use the privacy-conscious search engine Startpage instead of the standard Google choice when typing in a search in the address bar.
Virtual Private Networks (VPNs)
VPNs are used to hide internet traffic from your Internet Service Provider (ISP) and to spoof your location. VPNs are a very important step in staying anonymous and to avoid tracking by certain adversaries. Some important things to consider are whether they admit to keeping logs on its user’s internet usage, and if it is being hosted within one of the
14 eyes – an alliance of countries that freely exchange intelligence among one another. I would personally suggest using
NordVPN or
ExpressVPN.
Tune in next time for tips on software encryption and password management.