(Part 2) Best products from r/privacy

I typically just edit my local copy of the container, then manually copy/paste it out to multiple thumb drives, because I only really make updates once a year (tax time). I just plug them all into a hub, copy, then paste, paste, paste.

If I were doing it more regularly, I would use a file sync utility. Microsoft's SyncToy is free and powerful, but I'm not sure I trust MS anymore. I would look for an open source sync/backup tool if I wanted to automate it now.

As for brands, I stick with any major brand (Transcend, SanDisk, Samsung, Kingston, PNY, I'm sure there are other good ones) in the format that makes the most sense. For safe storage, something like this would be great (bought one 3 years ago, still going strong):
https://smile.amazon.com/PNY-Turbo-64GB-Flash-Drive/dp/B00FDUHDAC

If you want to keep it in your bag, car, etc., you might want something ruggedized:
https://smile.amazon.com/Corsair-Flash-Survivor-Stealth-Drive/dp/B00YHL1LN8

To keep stuck in a laptop (or in my case, windows tablet) USB port, I personally use this one:
https://smile.amazon.com/gp/product/B01BGTG2A0/

I would recomend you to read Future Crimes by Marc Goodman https://www.amazon.co.uk/Future-Crimes-Digital-Underground-Connected/dp/0552170801?SubscriptionId=AKIAILSHYYTFIVPWUY6Q&tag=duckduckgo-ffab-uk-21&linkCode=xm2&camp=2025&creative=165953&creativeASIN=0552170801 mostly deals with the non existence of electronic security though and how it is and can be exploited

Information and Corporate security is a very big subject, so it kind of depends where you intend to take your story. But you can start by reading the Wikipedia article about InfoSec https://en.wikipedia.org/wiki/Information_security and then see how each area fits into your story and work out from there.

Some realisim in how difficult it can be to track down a hacker, read The Cuckoo's Egg by Clifford Stoll
https://www.amazon.co.uk/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/ref=sr_1_1?s=books&ie=UTF8&qid=1500888747&sr=1-1&keywords=clifford+stoll very different from what you see in the media

IMHO the most interesting area in Information security is Social Engineering, it requires cunning and skill, and sometimes you can't stop admiring the talents and genius of some of these people. Read Social Engineering: The Art of Human Hacking https://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?s=books&ie=UTF8&qid=1500889212&sr=1-1&keywords=social+engineering+the+art+of+human+hacking

Each year Verizon release their data breach report http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ it is free to download (don't have to register, just click the download only button) I think that is possibly the best insight you can get into corporate security challenges in 2017

This isn't a short and sweet answer by any means, but if you're interested in understanding what it is about modern-day journalism that makes it so intrinsically difficult for honest journalism to flourish, I highly suggest you read Trust Me, I'm Lying by Ryan Holiday. I jut got done reading it a few weeks ago and found it fascinating.

It really depends on what you mean by "privacy." To wrap your head around all the different ways it's used, Dan Solove's article "A Taxonomy of Privacy" is a good read.

In general, Dan Solove's Nothing to Hide is definitely worth reading.

Robert O'Harrow's No Place to Hide is another good one.

Not books, but Peter Fleischer's blog, Bruce Schneier's blog, and Eugene Volokh's blog.

Also, privacy is kind of the flip-side of the free speech coin, so you'll want to read up on that. There are a bunch of authors that write about the privacy/free speech dichotomy, so here's a random list of various interesting things I've read recently: Eugene Volokh, Robert Larson, Anita Allen, Woodrow Hartzog, etc.

I don't know if there exist threat modeling for a single person but usually most of the materials online are at enterprise level or something to that level. Like those of certification materials Security+ and CEH v9 or other similar courses. It can somewhat give you an idea how you want to determine your threat model.

For courses, I like Nathan House's stuff from Udemy.

There are as well books that cover those topics but the pages can range around 200 to over 600 of pages. E.g. The Basics of Cyber Safety has 254 pages and Threat Modeling: Designing for Security has 624 pages.

You can check those also:

https://en.wikipedia.org/wiki/Threat_model

https://en.wikipedia.org/wiki/Threat_%28computer%29#Threat_model

Otherwise see conferences like DEF CON, Black Hat, CCC and similar topics. Here's my give away:

• https://www.youtube.com/watch?v=JsVtHqICeKE
  
• https://www.youtube.com/watch?v=9XaYdCdwiWU
  
• https://www.youtube.com/watch?v=J1q4Ir2J8P8
  
  I hope that helps.

Thanks again for the help!

I'll probably just pick up the DataAshur then and hope the price is worth it.

Just one more thing: is something like this just like what I linked in the OP? So, not worth getting?

an alternative to consider may be an actual laptop, maybe a refurb you can find cheaply, from which you physically remove the wireless NIC. if you wanted to connect to a wireless network, you could simply plug in a usb wifi adapter. there are some adapters, like this one, that boast native support for linux boxes. the advantage here is that a cheap refurb would have the horsepower to handle everything you wanted to do, as well as providing 100% certainty that it isn't transmitting any data since the adapter's physical presence in a usb port is required.

just be sure to look for a device with easy access to the nic (ymmv).

Some search terms for how the internet works: Packet switched networking, TCP, IP, SSL.

I don't think I have ever read a book about basic internet workings, the internet is really the best place to read about that stuff (hence the search terms).

Instead I will list some books which look at how we define security and why secure systems fail:

Secrets and Lies is a good primer discussing trust / networks / cryptography and a few other things at a high enough level to be interesting to a lay reader: http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_4?ie=UTF8&qid=1419753343&sr=8-4

Art of Intrusion is packed full of stories about how systems (computers or otherwise) fail and become insecure: http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_1?ie=UTF8&qid=1419753466&sr=8-1 the sister book Art of Deception (stories about Social Engineering) is also pretty good.

The Code Book, mostly history, but provides a great introduction to cryptographic concepts. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323/ref=pd_rhf_se_s_cp_7_RTJS?ie=UTF8&refRID=1RRWWY0RNX7G8HRYPFFS

>Hopefully some people will find it useful.

I know I would.

A lot of folks would also be interested in finding out what is the best open-source anti-keylogger.

Another interesting idea: use a Raspberry Pi and a clear fold up keyboard as a difficult-to-add-a-keylogger-to system.

Get some cheap camera cover sliders. They easily fit over both front and back smartphone cameras and they are good for laptop cameras as well.

https://www.amazon.com/gp/aw/d/B077ZT29P2/ref=psdcmw_172511_t2_B0769D5RLV

PS. I don’t endorse Amazon. If you can find them locally at a store, buy from there instead.

Thieves Emporium is an EXCELLENT "instructional" thriller illustrating the very real challenges and successes of using TAILS and Tor (the "badlands") to survive economically in an American police state.

In one plot element, the Feds use the double-blind anonymity of the dark web to partner with the Russian mafia to set up a false flag bombing operation of TSA roadblocks using spare tire fertilizer bombs. The resultant public outcry enables .gov to get all the laws and police state tactics that they want approved. Just like 9/11 did with the Patriot Act and the Gladio-like mass shooting attempts from 2012-2016.

Fiat monetary system is a core plot element.

Lots of tips on how to stay anonymous. NSA has compromised Windows and Mac but not Linux in the book and in real life. Very useful Appendixes.

It's absolutely possible. Diaspora was a decentralized social network almost a decade ago. And end to end encrypted photo messaging services exist too, all over the place: signal, ichat, WhatsApp... Hell, even bittorrent is encrypted now.

NAT doesn't make this hard since the advent of upnp several years ago.

We have the technology. The issue is the market and legal situations. Problems like

• the US and UK governments hacking into Internet infrastructure to record every byte sent or received... With legal backing.
  
• the US government actively inserting backdoors into encryption methods and products.
  
• EU governments requiring companies to scrub information from the Internet, as if that was even possible.
  
• legal frameworks that allow your information to be collected, combined, and resold without your involvement. Data brokerage is one of the fastest growing industries in the world right now, and you've never heard of any of the main players (Rubicon project, AdSonar, Quantcast...) . These are companies who know every website you've ever visited (thanks ISP for selling that info), every search you've ever tried (thanks google), every product you've bought from every store (thanks credit card company) , every location you've ever been (thanks phone vendor), your entire address book and friends list (thanks phone apps). They sell your information as a part of lists like "new parents", "recently broken up," "behind on payments", and "gullible seniors." And you're not within shouting distance of even knowing about this. The only things that are off limits are the ones with legal protections: financial and medical information.
  
• 90% of users do not understand or care about the difference between encrypted and not encrypted products.
  
• 90% of users don't understand when their data is being read at all - they think Facebook private messages are private, and email is private, and SMS is private...
  
  If you're interested in the subject I highly recommend Bruce Schneier's book, Data and Goliath. An eye opening book from one of the most important people in the industry.

I have that exact same pouch and it definitely does the job. I put my phone in, and within a minute or so, I'll unvelcro it, look and my signal is gone. I will also try calling it while it's in the pouch and it does not ring.

Here's a new spin on being extra private as well. Put one of these in a large tupperware storage container, with the lid open/closed your preference. Then place your phone inside the container. The phone will only be able to pick up white noise, and the container keeps from hearing any outside conversations. I've been doing this lately because it makes me feel more comfortable that my conversations aren't always on record via my phone. You can also keep your ringer on loud so you can see whether or not you get notifcations as well.

The first thing I'd do is a network audit.

Open up your router admin page and do an audit of your network where you account for each and every device on the network. Do a 1 to 1 comparison where you look at each and every device associated with your network and account for that device by knowing what it is.

Cable boxes, TVs, thermostats, computers, phones, tablets, washers and dryers, door locks, Apple watches, Sonos speakers, sex toys, cameras, doorbells, cars, drone/quadcopters, video game consoles, etc etc.

The list can easily grow to 20, 30, 40, or even more devices on your network.

If you find devices you don't recognize, I'd recommend resetting your router to factory specs and changing the log-in credentials. Then, as you reconnect devices to the network, make a list that you keep track of.

If and when new devices show up, you can search the first 3 octets of the MAC address for manufacturer information. Assuming it's not a custom device and running macchanger, you should be able to track it down.

If he's got something installed locally that isn't connected to a WiFi network, you could search for RF transmissions with a device like this: https://www.amazon.com/gp/offer-listing/B07B49T23N/ref=dp_olp_0?ie=UTF8&condition=all

Happy hunting and good luck.

Here's a faraday case for your phone. Works great!

Quite a few options on amazon, I got this one and plan on getting larger bags when I have the budget.

Depending on how much you want to spend, you can get a tablet case, briefcase, or dufflebag. Don't get the flimsy mylar-looking bags, the won't pass the phone call test.

There's also a book https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998