Best products from r/privacy

Hey everyone. Apologies for the blatant plug but seeing as we are talking about security Precautions for non-profits and journalists, it's probably relevant.

We built a tool specifically to help non-profits and journalists learn about and manage their digital and physical security. It's called Umbrella App. It's free, open source, on Android and contains tons of lessons on privacy related issues like digital and physical security. Umbrella has everything from how to do basic stuff like communicate with basic tools like Signal to sending a secure email with PGP. However, the unique bit is we also have stuff on the physical side, like how to plan travel, cross borders, set-up a secure physical meeting, deal with detecting surveillance, covering a protest, respond to a kidnapping etc. Basically we have tried to make it a bit of a one-stop-shop for security for regular people, activists, refugees and journalists. We also pull security feeds from places like the UN, Centres for Disease Control etc - which is obviously very important to folks in places like Syria or affected by Zika/Ebola.

There’s tons of really relevant stuff in it, especially for those now mobilising for the first time on some issues. Loads of people are writing guides that solve small parts of the puzzle but we have tried to provide the whole picture in the one place.

Google Play Store:
https://play.google.com/store/apps/details?id=org.secfirst.umbrella

Amazon App Store:
https://www.amazon.com/Security-First-Umbrella-made-easy/dp/B01AKN9M1Y

F-Droid Repo:
https://secfirst.org/fdroid/repo

Github Repo:
https://github.com/securityfirst

Code Audit:
https://secfirst.org/blog.html

Hope some folks here find it useful/interesting!

First, this sounds paranoid and ill and I would think seriously whether I would want to work there. This reeks of a toxic level of control.

Firing somebody after reading through personal emails would be illegal in most countries and you could consult somebody knowledgeable in labor laws. In general, it is a personal matter what somebody does outside of work. At the workplace, they can require about anything with reasons of data security. But given this, it does not make sense to forbid encryption - it should be encouraged.

What I would do is a very strict separation of personal and work matter including never bringing anything personal to work. This is also the professional thing to do as you do not want to expose patient data to any risk from your leisure activities. That said, encrypting anything that is remotely linked to highly personal medical data and could be lost is a pretty professional attitude and I congratulate you for that. Most health professionals do not take into account how damaging a leak of medical information can be for their patients.

Further, the "Advice" on encryption is mostly bullshit. If you use LUKS, you have a pretty standard way which any major Linux distribution can access. You need, of course, backups, but you can use tar and encrypt them safely by piping them through GnuPG. Also, current file managers such as for Ubuntu or Gnome can open encrypted folders without any effort, you simply have to type your password into a dialog window. All in all, the issues described there are mostly FUD. One issue is that usually, the boot loader as well as the kernel and the initial ramdisk in /boot are usually /not/ encrypted, you would need hard disk encryption to secure their integrity. I think the best source there is to read the Arch Linux wiki but you can be quite confident that today, distributions like Ubuntu or Debian get it right.

If you need to use the same machine for work and personal stuff, I'd suggest to use an encrypted removable hard disk (such as Lenovo Ultrabay) to store your private /home, and leave it, well, at home.

Regarding the cheap laptop, I wouldn't use it. There exist commercial BIOS firmware modifications which are marketed as anti-theft software. They are basically backdoors. Something like that:

http://blog.coresecurity.com/2009/08/11/the-bios-embedded-anti-theft-persistant-agent-that-couldnt-response-handling-the-ostrich-defense/

A PC BIOS today can make a network connection without using the OS, and it can install malware into a Windows or Linux file system. You could never be sure that you really control the PC. Of course you can install an open source BIOS if you think this is the best option, but chances are that you can use your time better.

Also, the price you cite is much lower than normal. You can get something like a used Thinkpad for around $200 and it will have good Linux support. If you are really short on money, you could ask people from a local Linux User Group if they can sell or donate an old company notebook. Many companies replace business equipment within a couple of years. Many sysadmins have dozens of unused old computers lying around and would be happy to give them to a smart student.

Edit: Maybe this one could suit you. These things are a few years old but they are business-class devices which have a very good durability and can be repaired very well by normal people:

http://www.amazon.com/Lenovo-ThinkPad-T61-7658-Notebook/dp/B000UDISEW/ref=sr_1_2?ie=UTF8&qid=1422233843&sr=8-2&keywords=Thinkpad+T61

And of course there are other vendors and fabricants which have equivalent options - this is just the first one which comes to my mind.

I spend a LOT of time reading reviews and looking at TCO/parts/build quality/features. My previous projector had died and I wanted to upgrade to 1080 for my 7.1 home theater setup. THis one kept popping in reviews so I took a closer look.

I wound up buying this Viewsonic for a few reasons. Cost me ~600 bucks. Coming from a 2004ish Dell MP4100 it is a massive, massive upgrade.

Pros -

Bulbs are cheap - like 70 bucks, And have a long life that can be extended with economy modes.

Projector itself was very inexpensive for feature set.

Picture and bulb cost were biggest drivers of choice/price. I have a Draper 120" screen and the picture quality is superb at 120", about 12' worth of throw.

Unit is really feature rich and has a lot of business and consumer class features mashed up together

Unit comes with a remote which seems to work from every angle despite being IR

Build quality, fit and finish are spectacular, and viewsonic is known for having EXCELLENT hardware

Takes a cheap 12$ ceiling mount with ease

Warm-up is pretty quick, full light within 2-3 mins, cool-down is just as quick.

Has multiple HDMI ports including a streaming stick hideaway, also has VGA and RCA and does include 10watt internal speakers (though I don't use them I have heard reports they are tolerable)

Lots of different color modes/settings will fine-tune to your setup

Comes with a rear ass-plate so if you're a cable-management lunatic like I am, you will be pleased, really tidies the unit up if you're into seamless mounts

optics are great, and don't lose much tolerance to changes in heat (some projectors are very prone to this and are only in focus once hot), it's there but very negligible. this one also has optical zoom which makes setup a lot easier

Seriously this thing is loaded with features, you have to spend another grand to get the same featureset in a laser or LED, or to get to a reasonable 4k with lesser features

good warranty (it was 3 years I think?)

Cons-

HDMI Hideaway isn't really great for a cable-feed HDMI unless you don't care about aesthetics

No horizontal keystone means you have to mount center of screen (does have vert keystone)

No case included (not really necessary for a permanent fixture)

Short story, I would absolutely recommend this to anyone. Features for price is almost unmatched, bulbs are cheap, picture is excellent and bright. I have zero complaints for mine and I'm super picky when it comes to quality hardware. No picture jitter or page tearing either. Very smooth. I would expect it to handle gaming with no issues as well.

You might check out books by former intelligence operatives, as well as declassified/leaked intelligence field manuals.

But true OPSEC is really a state-of-mind ... just like the foot soldier must regularly engage in physical training to keep in shape for battle, so must the OPSEC practitioner engage in continual mindset training to keep himself in the right frame of mind. For this, I recommend a steady diet of broader interest reading, things like Sun Tzu, Clausewitz, Hart's Strategy, Clancy novels (or whatever military fiction you prefer), etc. Watch all the DEFCON lectures, especially lectures on things like bump keys, safe-cracking, social engineering attacks, and so on. Regularly read Schneier on Security. Read a good book on classic ciphers, e.g. Gaines' Cryptanalysis (you can do a book on modern ciphers if you're a math nerd). This will keep your state-of-mind sharp and "in the zone" at all times, where it needs to be.

Do you have an Android smart phone or tablet?
If so, DL the Wiggle wifi app.

With it running, you can walk around the property and better triangulate various signals.

If you have a macbook, you can do the same thing pretty much with Kismac. I use WiFiFoFum to do it with an iPhone, but it requires jailbreaking.

Subnet Insight is an absolutely amazing app for iPhone for taking keeping track of your local network and keeping it safe. It's $5, and the only non-free software I'm linking.

If you have an external wireless adapter, or are willing to spend $15-$30 on a specialized one, I can walk you through putting it in monitor mode and really getting the the bottom of the issue.

Here's a simple tp-link USB wifi adapter you can use to monitor all transmissions over B/G/N wifi, [for only $11 amazon prime.] (http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-External/dp/B002SZEOLG). Here's a very high quality (and foolproof) directional antenna you can use to make it much more effective for less than $30.


^Also ^a ^lot ^of ^the ^advice ^you've ^gotten ^so ^far ^is ^pretty ^badummmmm, ^or ^too ^complicated ^w/out ^better ^context.
But don't be discouraged. Network internals & also wifi/radio signals are complex topics, but the basics are accessible enough to pick up quickly in your situation.

I typically just edit my local copy of the container, then manually copy/paste it out to multiple thumb drives, because I only really make updates once a year (tax time). I just plug them all into a hub, copy, then paste, paste, paste.

If I were doing it more regularly, I would use a file sync utility. Microsoft's SyncToy is free and powerful, but I'm not sure I trust MS anymore. I would look for an open source sync/backup tool if I wanted to automate it now.

As for brands, I stick with any major brand (Transcend, SanDisk, Samsung, Kingston, PNY, I'm sure there are other good ones) in the format that makes the most sense. For safe storage, something like this would be great (bought one 3 years ago, still going strong):
https://smile.amazon.com/PNY-Turbo-64GB-Flash-Drive/dp/B00FDUHDAC

If you want to keep it in your bag, car, etc., you might want something ruggedized:
https://smile.amazon.com/Corsair-Flash-Survivor-Stealth-Drive/dp/B00YHL1LN8

To keep stuck in a laptop (or in my case, windows tablet) USB port, I personally use this one:
https://smile.amazon.com/gp/product/B01BGTG2A0/

A basic step, if you're concerned, is to get a power-only USB or Lighting cable; or a "USB condom".

https://www.amazon.com/Plugable-Universal-Charge-Only-Adapter-Android/dp/B00FA9GXKM/

I think it's pretty unlikely that mass-produced battery packs include tracking/location/wireless tech - it would add to the cost of the device, reduce the power available, and provide very little information, most of the time (because cell phones are already tiny always-on location/wireless devices we carry with us all over the place).

On the other hand, intelligence agencies are known to interdict hardware ordered by parties of interest and install surveillance tech in just that specific device:

https://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy

If you're concerned about that, buy your device in person with cash - or have someone even less interesting than you buy it for you.

You could also look for one that's easy to disassemble, then open it up and see if there's any circuits that don't seem relevant to charging/discharging the battery.

>I am ok with a software solution but it would be really ideal if I could use the storage without needing to install additional software.

That's going to be difficult. You see stuff like this https://www.amazon.com/dp/B0061DBZ2C/ref=sspa_dk_hqp_detail_aax_0?psc=1 or https://www.amazon.com/Apricorn-Hardware-Encrypted-Portable-A25-3PL256-1000/dp/B007JGB0EI

but do you really want to trust a relatively unknown hardware producer?

Veracrypt seems like the obvious choice if you can waive the software requirement. Just partition your drive and add the veracrypt install utility on the unencrypted partition.

Meet in a "Publicly accessible private place".

An example would be to book a hotel room in a hotel with at least 4 floors and more than 50+ rooms. Check into the room as normal and tell the other party, preferably in a secure manor like an encrypted e-mail, the room number. That other party can go directly to your room and meet you there. You now have control over who goes into the room and what happens in there.

You can sweep the room prior to the other party arriving for surveillance devices if you wish with devices like this & this and when they arrive you can have them put any mobile devices into a faraday bag.

It really depends on what you mean by "privacy." To wrap your head around all the different ways it's used, Dan Solove's article "A Taxonomy of Privacy" is a good read.

In general, Dan Solove's Nothing to Hide is definitely worth reading.

Robert O'Harrow's No Place to Hide is another good one.

Not books, but Peter Fleischer's blog, Bruce Schneier's blog, and Eugene Volokh's blog.

Also, privacy is kind of the flip-side of the free speech coin, so you'll want to read up on that. There are a bunch of authors that write about the privacy/free speech dichotomy, so here's a random list of various interesting things I've read recently: Eugene Volokh, Robert Larson, Anita Allen, Woodrow Hartzog, etc.

This is the most comprehensive online guide I've found.
> http://billstclair.com/matrix/

Also good reads..
> How to Be Invisible by JJ Luna

> How to Disappear by Frank M. Ahearn

probably OK, but if you're worried you can pick up something like this, which are often referred to as "usb condoms". they actually manually strip the data connection part and force it to be truly charge-only. (usb's have 4 pins, two for data two for charging, and this just doesn't connect the two data pins)

Right--I've never had a problem installing Linux on any device. Don't let that drive your decision. I'm looking for a laptop right now and have my eyes on a Lenovo. I might go with a cheap Acer. Let me encourage you though to spend a bit more than $200 if you can. 4GB of ram is going to be slow if you intend to dual boot with Windows. And that 64GB eMMC storage is inferior flash storage. And you can't really upgrade it. My basic requirements even for a cheap-o laptop are always 1) at least 6 GB ram (probably 8); 2) Actual 2.5" storage drive that can be taken out and replaced (I always put in an SSD if it doesn't have one)

Here's a good example of one I have owned and recommended to many. Definitely replace the HDD with an SSD right from the start.

https://www.amazon.com/Acer-Aspire-i3-8130U-Memory-E5-576-392H/dp/B079TGL2BZ/

Laptops with real replaceable 2.5" drives are slightly thinker and heavier, but it's worth it.

Saw your edit.

Seems like things such as this or this may be the best options given I want portability.

Would you say they might be better options? Their price is much higher, but I'm considering the first one I linked.

Try this one: http://www.amazon.com/Nothing-Hide-Tradeoff-between-Security/dp/0300172338

It's not about any particular technology, but it helps debunk one of the most baseless but infuriatingly-prevalent misconceptions about privacy: that being that "If you've done nothing wrong, you have nothing to hide."

I've read several privacy books and this one is the best by far https://www.amazon.com/Extreme-Privacy-Takes-Disappear-America/dp/1093757620

This guy is regarded as the expert. I haven't bought it yet, and likely will never be up to his level - still instructive:

https://www.amazon.com/dp/1093757620/ref=as_li_ss_tl?ie=UTF8&linkCode=sl1&tag=hookaround-20&linkId=7882161bc8183001fe35c288262e9573&language=en_US#customerReviews

He's ex-FBI. Clearly he believes citizens now have a problem.

Wish I could find that article where a writer describes how her father torments TSA people when she travels. He was a gunner on the USS Missouri in WWII. His hearing is not so great....but his humor is still intact and vicious.

Some of the chapters from this and this might be useful to you

An easy read is Kevin Mitnicks "The art of Invisibility". It goes into some shallow concepts of privacy and what you can do to stay private in an ever snooping world.

https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother/dp/0316380504

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother/dp/0316380504

I'd also recommend JJ Luna's book called Hiding from the Internet.

https://www.amazon.com/How-Disappear-Digital-Footprint-without/dp/1599219778

Read this book (preferably get it from a public library so that you don’t have an obvious purchase record for it.) It’s written by a former skiptracer and should give you enough of an idea of what it means to disappear along with actual instructions on what to do. It’s also the book that got me interested in the topic of privacy, so there’s that...

You can check this book : How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life. This book has full guides how to be anonymously for our physical and digital. There's one reviewer say that this book takes you too extremist about privacy in life, but I think you can choose the method of this book offer where you like to try or useless.