Our valued sponsor

From Smartphones to Smart Fridges: Navigating the Modern Age of Surveillance with a Wink and a WiFi Password!

AlicaFunk

Mentor Group Gold Premium
Jul 15, 2013
161
116
43
54
People living in a cave

I would like to hear from our fellow members here on OffshoreCorpTalk about how they deal with all the new technology surrounding us!

How do you cope with today's cars packed with computers and GPS trackers, smartphones and smartwatches that all keep an eye on you as an individual and sell your data to the highest bidder, be it a company or government?

What do you do in your homes, with intelligent refrigerators, locks, and heating devices controlled by an app?

Are you all living in a cave with cash buried beneath you, only emerging in the darkness?
 
Last edited:
haha - I believe @JohnnyDoe is one of the guys on the picture :D

I think you just have to get used to being monitored and then do the things you don't want others to know about when you are naked and standing under the shower with the lights off and no devices near you.
 
Personally, I have settled in a country where I can be indifferent, but I must admit that before I moved away, I had total paranoia about all the surveillance that takes place in some countries.
 
To tackle new technology and maintain control over my data, I prioritize keeping as much of it on my own hardware. Some smart devices, like Sonos speakers, are incredibly useful and I haven't found replacements that match their quality. For such devices, I've made peace with the trade-offs.

To ensure secure segmentation at home, I have two different ISPs: one for family and friends, and another exclusively for my work. OPNsense sits at the edge of my network with VPN enabled, and for accessing my network remotely, I rely on WireGuard.

My home setup includes a couple of servers running multiple workloads and tools, virtualized on bare-metal machines. Backups are stored on a local NAS and also sent off-site to an object storage provider. I encrypt everything beforehand for security. While I'm currently using Backblaze B2 for off-site storage, I'm considering a switch to Cloudflare R2.

For businesses, I always recommend a combination of tools like XDR/EDR/NDR for comprehensive monitoring. Cloud-based solutions are often suitable, but for my personal use, I prefer not sharing telemetry with big companies like Microsoft or CrowdStrike. Instead, I run local agents forwarding data to a local SIEM, built on an open-source ELK stack that also collects firewall data. This helps me monitor my network for any signs of intruders.

When it comes to minimizing tracking, I recognize it's impossible to eliminate your digital footprint entirely. The level of risk depends on the threats you're facing. Personally, I don't mind intelligence agencies tracking me, so my car has GPS, and I carry two phones everywhere. I also use smartwatches strictly for exercise, so they're usually just charging at home.

However, in situations where I don't want anyone tracking me, I use a combination of physical and digital precautions to make it more challenging for potential adversaries to follow my trail. These occasions are rare but crucial.

If anyone is interested, I'm happy to write a guide on the first steps to gaining more visibility and control over your digital life. While my current setup is pretty technical and sometimes a pain to maintain, there are plenty of easier-to-use tools available for improving security.

I have settled in a country where I can be indifferent
I second this as well, your tools can definitely be used to spy on you, but you still need to wake adversaries up in order for them to take an interest in you.
 
Last edited:
Just keep in mind the old Italian saying “anche i muri hanno le orecchie” (“walls have ears”). It’s from a time when the internet didn’t exist. Don’t ever do or say anything that can be used against you. Whenever you really have to, do that outdoors, which is also good for your health.

I have also learnt from experience that being completely spotless can be counterproductive, as it will lead to suspects that you are hiding something, and therefore that you are a big criminal. So it can be wise to create a small criminal background, just enough to be considered a loser and not worth investigative efforts.
 
I have also learnt from experience that being completely spotless can be counterproductive, as it will lead to suspects that you are hiding something, and therefore that you are a big criminal. So it can be wise to create a small criminal background, just enough to be considered a loser and not worth investigative efforts.
very well explained and makes very good sense.
 
It's so funny when you google the SMART part of SMART HOME, and the results that google gives you are all wrong.
The term "smart" in "smart home" is an abbreviation for "Self-Monitoring Analysis and Reporting Technology", AKA Surveillance.

Power: There are few ways you can fight it, but if you got a smart meter in your house you can only make it malfunction so many times before they catch on, and no, they wont give you that analog power meter back. But you could solve it with solar or wind turbines.

Phone: Old Nokia for $10 or a degoogled Pixel6a. I know it's hilarious to buy a google phone to remove the google software, but it's the easiest option.

VPN: Don't touch that 'free' VPNs from China or US, they are free for a reason. Go for MULLVAD if you want to be safe.

Browser: If you are too stingy for a VPN, at least use Brave.

PC: There is only one way for privacy, it's to keep it off the net. Have a notebook that you never connect to the net. And if you are running any windows after version 7, then I don't know what to tell you. Get a nice linux instead, at least on the second computer.

WIFI: Use LAN cables instead. Even I can wreak havoc and steal your data with KALI LINUX and an external antenna. If you still use WIFI, at least be conscious about the danger (and I am not thinking about radiation here).

https://www.pcmag.com/news/sit-up-straight-wi-fi-signals-can-be-used-to-detect-your-body-position
Lots of issues you can solve buy buying appliances and cars that were made before they bugged everything.

Nowadays you can't trust even the chips inside anymore, your Intel chip is numbered and has backdoors, as has all communication equipment. Your cleaning robot is sending data to China, as does my headset, and all the security cameras.
 
i agree LAN is a lot safer (in case of no physical access), but still saying it's that easy to sniff wifi...well...true.
but what are you sniffing? you are sniffing encrypted data.
connection between wifi router and wifi device (ex. phone) is encrypted with one set of encryption
connection between wifi device (phone in this case) and internet website is encrypted with SSL (AES enc).
if your device trusted certificates are not compromised even if the encryption between wifi router and phone gets compromised (decrypted) no valuable data will be shown

@0xDEADBEEF would you agree with my statement?
 
i agree LAN is a lot safer (in case of no physical access), but still saying it's that easy to sniff wifi...well...true.
but what are you sniffing? you are sniffing encrypted data.
connection between wifi router and wifi device (ex. phone) is encrypted with one set of encryption
connection between wifi device (phone in this case) and internet website is encrypted with SSL (AES enc).
if your device trusted certificates are not compromised even if the encryption between wifi router and phone gets compromised (decrypted) no valuable data will be shown

@0xDEADBEEF would you agree with my statement?
Disabling WiFi and only using LAN has some security benefits, but it's mostly about privacy. If you implement it right, you can use WPA2 Enterprise or go for WPA3, but some devices don't play nice with them and fall back to less secure protocols. In that case, your best bet is network segmentation: put those devices in a dedicated subnet and monitor traffic to only allow the communication they need to function.

You're spot on about the certs, most traffic will be secured by TLS, so sniffing it is pretty much pointless. Plus, to even sniff your traffic, the network would have to be compromised already. But once they are in your network, the contents of the traffic is easily revealed, think stuff like DNS-data. If someone is doing deep packet inspection through SSL termination, then you've got much bigger problems. That would mean that they were able to compromise your device(s), install a trusted certificate and also tamper with the gateway to have control over your network. It can be all done remotely, but I doubt that most people will ever encounter this kind of threat.
 
If anyone is interested, I'm happy to write a guide on the first steps to gaining more visibility and control over your digital life. While my current setup is pretty technical and sometimes a pain to maintain, there are plenty of easier-to-use tools available for improving security.

I will pay good money for a book on those topics.

Disabling WiFi and only using LAN has some security benefits, but it's mostly about privacy.

I did that. Wifi (via Fiber) offered by condo building. The speed is very tempting, but I didn't want that exposure, so I set up a private LAN using Ethernet cable (wire) connection. Thank you, @0xDEADBEEF, for confirming my decision to do that.
 
Last edited:
also what i could recommend is using DNS over HTTPS, a lot of modern browsers have that option
Standard DNS is not encrypted, which can be an issue, but then again if your certificates are OK, still pointless.

@0xDEADBEEF you are correct TLS, not SSL (outdated protocol), but it is the same purpose.

overall I remember a post of @0xDEADBEEF where he said that you should used a device with newest update/patch installed, and you will usually be good.
using a MacBook with M series chip (any) is pretty safe thing for remote attack.
are there any attacks possible, probably yes, but lets be honest no one doesn't know that.
true, there are some exploits for TPM, and even for M chip...but they all require physical presence.

what i could recommend is using virtual machines (easiest one is windows SandBox, not sure on Mac peer).
again threats can escape virtualisation, but that is not too often (more like in theory).
using a virtual machine for surfing is def.something that is smart.

alternative for more secure surfing is disabling JS, and allowing it only for trusted web sites.
this will pretty much prevent drive by attacks (think of popups that just won't work due to the fact that they are loading a website which is not allowed to use JS)

TLDR: consdier using MacBook, DNS over HTTPS, and virtual machines for surfing
 
also what i could recommend is using DNS over HTTPS, a lot of modern browsers have that option
This is an excellent recommendation that will improve your privacy. Enabling DoH in modern browsers prevents your ISP or other intermediaries from seeing your DNS queries, adding an extra layer of privacy.

what i could recommend is using virtual machines (easiest one is windows SandBox, not sure on Mac peer).
For MacOS, I recommend VMware Fusion, UTM, or Parallels if you're looking for easy Windows virtualization.

alternative for more secure surfing is disabling JS, and allowing it only for trusted web sites.
this will pretty much prevent drive by attacks (think of popups that just won't work due to the fact that they are loading a website which is not allowed to use JS)
For this, you can use What is it? - NoScript: Own Your Browser!. Alternatively in Firefox, you can head to about:config, search for javascript.enabled, and set it to false. On MacOS, enabling Lockdown Mode in Safari achieves a similar effect by limiting website features and blocking JavaScript execution on non-trusted sites.

The easiest thing I can recommend to anyone is using either Little Snitch or Safing. I've used Little Snitch for as long as I've had a Mac: Little Snitch.

For Windows/Linux check out Safing, which offers cross-platform network privacy and control: Safing. Both applications can be purchased using Monero through ProxyStore.

@0xDEADBEEF you are correct TLS, not SSL (outdated protocol), but it is the same purpose.
I use both terms synonymously too, but yeah, TLS is the secure one.
 
If anyone is interested, I'm happy to write a guide on the first steps to gaining more visibility and control over your digital life. While my current setup is pretty technical and sometimes a pain to maintain, there are plenty of easier-to-use tools available for improving security.
please, post inside mentor group if it is something usable, we don't want it saturated or explored by authorities.
 
  • Like
Reactions: jafo and 0xDEADBEEF
please, post inside mentor group if it is something usable, we don't want it saturated or explored by authorities.

Compliments to @boomy for thinking about Operational Security like that, but I am convinced that the "mentor group" is already infiltrated by "authorities".

I'd prefer to send money directly to @0xDEADBEEF, and then receive a PDF document by private email.

[Some will wonder how can I be convinced if I am NOT a member of the Mentor Group.
Easy: take "back bearings" on public posts of those with Mentor Group badges.
Or, to paraphrase @JohnnyDoe, "Mentor Group badges can have ears".]
 
I heard that google pixel smartphone with graphene os software is good for privacy

No, @12345 you didn't "hear" that ...
When people write "I heard that..." what they mean is they merely read it on some Internet forum, but they want to seem as if they have special information.
Not any personal attack, just my up-vote for clear and honest conversation.
Myself, I don't trust Internet forums on topics like surveillance.

In order to navigate the "brave new world" of surveillance, I bought a DE-Googled phone.
Using it since one year.

Is it good for privacy??
Nah! Not much good.
It still gives up location coordinates and allows traffic analysis -- two major factors of privacy.
The only benefit I've noticed is not so much annoying advertising.
I didn't "hear" that ... I actually experienced it myself.
 
  • Like
Reactions: 12345
OS: any actively mantained linux distro will do, encrypt with LUKS2
Browsing: Tor browser with safest settings, Whonix+KVM if you want to go the extra mile
Messenger: Signal (registered with a burner sim is a plus)

As far as "smart" devices go I just don't use them, I'm guilty of owning an iPhone though.
 
I'd prefer to send money directly to @0xDEADBEEF, and then receive a PDF document by private email.
I appreciate this, but if I were to publish this information, I would make it accessible to all Mentor Group Gold members and share it with you directly. This community has done a lot in shaping the way I approach structuring my business, accepting payments, and planning my (financial) future. I never joined this forum intending to profit directly from it but would love to give back.

The information I intend to share will help members make informed trade-offs between security, privacy, and usability. While it's not groundbreaking and could be considered standard best practices, most adversaries are already aware of these precautions. They also understand it's nearly impossible to outmaneuver them when breaking into systems, so adopting these measures will enhance our collective resilience.
 
OP's question was about coping with surveilance but OPSEC plays important part of those coping mechanisms.

What you want in terms of safety is defined by your threat model.

The safety though doesn't come without costs and discomfort.

My approach is to identify for which data-sets data, information and intelligence can be gathered and thru which vectors. Whether disruption or distortion is applied entirely depends upon assumed threat model.

We should not forget that majority of compromising data is gathered when we are spontanious :rolleyes:

To tackle new technology and maintain control over my data, I prioritize keeping as much of it on my own hardware. Some smart devices, like Sonos speakers, are incredibly useful and I haven't found replacements that match their quality. For such devices, I've made peace with the trade-offs.

To ensure secure segmentation at home, I have two different ISPs: one for family and friends, and another exclusively for my work. OPNsense sits at the edge of my network with VPN enabled, and for accessing my network remotely, I rely on WireGuard.

My home setup includes a couple of servers running multiple workloads and tools, virtualized on bare-metal machines. Backups are stored on a local NAS and also sent off-site to an object storage provider. I encrypt everything beforehand for security. While I'm currently using Backblaze B2 for off-site storage, I'm considering a switch to Cloudflare R2.

For businesses, I always recommend a combination of tools like XDR/EDR/NDR for comprehensive monitoring. Cloud-based solutions are often suitable, but for my personal use, I prefer not sharing telemetry with big companies like Microsoft or CrowdStrike. Instead, I run local agents forwarding data to a local SIEM, built on an open-source ELK stack that also collects firewall data. This helps me monitor my network for any signs of intruders.

When it comes to minimizing tracking, I recognize it's impossible to eliminate your digital footprint entirely. The level of risk depends on the threats you're facing. Personally, I don't mind intelligence agencies tracking me, so my car has GPS, and I carry two phones everywhere. I also use smartwatches strictly for exercise, so they're usually just charging at home.

However, in situations where I don't want anyone tracking me, I use a combination of physical and digital precautions to make it more challenging for potential adversaries to follow my trail. These occasions are rare but crucial.

If anyone is interested, I'm happy to write a guide on the first steps to gaining more visibility and control over your digital life. While my current setup is pretty technical and sometimes a pain to maintain, there are plenty of easier-to-use tools available for improving security.


I second this as well, your tools can definitely be used to spy on you, but you still need to wake adversaries up in order for them to take an interest in you.

Owning - controlling :cool: infrastructure is a key for everything else.

Segmented networks are quite good. I assume that @0xDEADBEEF set-up complete physical isolation without bandwidht sharing. In SOHO set-up I would recommend slightly different option - WAN fail-over with VLAN segment isolation and edge VPN (Wireguard is decent; the optimal is with PSK). That would achieve network redundancy. In DC or corporate set-up we use multi-homed network with at least 3 different peers (IP transit providers so you must have your own ASN) - could be SOHO (for home and office) option as well, depending on provider's resources.

Hardware - not cloud - firewall is mandatory where OPNSense will suffice with pfSense as alternative. Corporate options such as Palo Alto products are over-kill in SOHO.

Quoted backup strategy is quite okay; I wouldn't use any Cloudflare service though. Corporate and personal preference is that backup is performed with rsync via ssh towards dedicated location - we use RAID6+0 with ZFS and btrfs for storage.

Just keep in mind the old Italian saying “anche i muri hanno le orecchie” (“walls have ears”). It’s from a time when the internet didn’t exist. Don’t ever do or say anything that can be used against you. Whenever you really have to, do that outdoors, which is also good for your health.

I have also learnt from experience that being completely spotless can be counterproductive, as it will lead to suspects that you are hiding something, and therefore that you are a big criminal. So it can be wise to create a small criminal background, just enough to be considered a loser and not worth investigative efforts.

Exquisitely good point. If you are not visible then you are quite visible - particularly in modern era when plethora of data sets can be fetched, cross compared and analyzed faster then you can call your barister - with IBM i2 Analyst for instance. What happens when some duty officer sees that you exist yet there is no associated data sets o_O

The old Latins - Romans had a proverb "Silentium est aureum". Today's world require you have a script for any possible situation so you don't became suspicious.

It's so funny when you google the SMART part of SMART HOME, and the results that google gives you are all wrong.
The term "smart" in "smart home" is an abbreviation for "Self-Monitoring Analysis and Reporting Technology", AKA Surveillance.

Power: There are few ways you can fight it, but if you got a smart meter in your house you can only make it malfunction so many times before they catch on, and no, they wont give you that analog power meter back. But you could solve it with solar or wind turbines.

Phone: Old Nokia for $10 or a degoogled Pixel6a. I know it's hilarious to buy a google phone to remove the google software, but it's the easiest option.

VPN: Don't touch that 'free' VPNs from China or US, they are free for a reason. Go for MULLVAD if you want to be safe.

Browser: If you are too stingy for a VPN, at least use Brave.

PC: There is only one way for privacy, it's to keep it off the net. Have a notebook that you never connect to the net. And if you are running any windows after version 7, then I don't know what to tell you. Get a nice linux instead, at least on the second computer.

WIFI: Use LAN cables instead. Even I can wreak havoc and steal your data with KALI LINUX and an external antenna. If you still use WIFI, at least be conscious about the danger (and I am not thinking about radiation here).

https://www.pcmag.com/news/sit-up-straight-wi-fi-signals-can-be-used-to-detect-your-body-position
Lots of issues you can solve buy buying appliances and cars that were made before they bugged everything.

Nowadays you can't trust even the chips inside anymore, your Intel chip is numbered and has backdoors, as has all communication equipment. Your cleaning robot is sending data to China, as does my headset, and all the security cameras.

Depending on a threat model, LAN cables - copper wires could be more jeopardizing then WLAN with WEP ;) due to TEMPEST. Also, electric connectivity is susceptible to interference, no matter what shielding it has.

We use almost exclusively optical connectivity but it adds a requirement for media conversion in SOHO. (Un)Fortunatelly, we must use CAT6 and above standard cables for terminal part in SOHO.

But, under threat model of a person not involved in international terrorism, sanctions violation and espionage, shielded copper network cables will be more than sufficient ;)

This is an excellent recommendation that will improve your privacy. Enabling DoH in modern browsers prevents your ISP or other intermediaries from seeing your DNS queries, adding an extra layer of privacy.


For MacOS, I recommend VMware Fusion, UTM, or Parallels if you're looking for easy Windows virtualization.


For this, you can use What is it? - NoScript: Own Your Browser!. Alternatively in Firefox, you can head to about:config, search for javascript.enabled, and set it to false. On MacOS, enabling Lockdown Mode in Safari achieves a similar effect by limiting website features and blocking JavaScript execution on non-trusted sites.

The easiest thing I can recommend to anyone is using either Little Snitch or Safing. I've used Little Snitch for as long as I've had a Mac: Little Snitch.

For Windows/Linux check out Safing, which offers cross-platform network privacy and control: Safing. Both applications can be purchased using Monero through ProxyStore.


I use both terms synonymously too, but yeah, TLS is the secure one.

Whatever DNS solution that isn't in cleartext should be used as a lack of it could easily destroy whole security model.

Whenever you can, you should have your own VPN server backend - preferably with blend of different upstream network providers and LAG - with fail-over in different locations. Wireguard tunnels traffic thru UDP which may be blocked so an agnostic backup VPN server backend should be available - OpenVPN.

For utmost redundancy and reliability, different L2 and L3 VPN agnostic (to downstream network set-up) server backends with their fail-overs should be established.

I always disable everything what is considered factory and try to use tailored made and solution controlled by me. That's especialy for items that function as CAM, MIC and for positioning.

Isolation thru different virtual instances with separated networking and VPN credentials is a way to protect yourself from cyber threats and possibly even highly qualified threat actors.
 
Last edited: