SlideShare a Scribd company logo
1 of 17
Download to read offline
SecureWV 11
A Hillbilly's Guide
to Staying
Anonymous Online
(A Hillbilly Storytime Production)
November 7, 2020
• Who Am I?
• Simple Answer:
• Father/Husband/Son/Brother
• Programmer/Pentester/Researcher
• Hillbilly
• Who do I work for?
• TrustedSec
Adam Compton
Why did I decide on this topic?
Down Thar Over Yonder
What is OSINT (short version)?
OSINT = Open Source INTelligence
It is the collection and analysis of data obtained from publicly
accessible sources.
Common sources:
• Social Media
• Blog Posts/Forums
• Document Metadata
• Data Leaks (Pastebin)
• Whois/DNS
• Shodan
• (and many many more)
What is Anti-OSINT?
In short, it is the process by which one attempts to prevent gathering accurate
OSINT about a person or thing.
Typically though of as the domain of:
• Spies/Governments
• Hermits/Off Grid
• Conspiracy Theorists
Why is online privacy important?
• "Good people" can use it to perform security validation attacks against you and
your company. (Social Engineering)
• Companies may search for you on the internet and base their opinion of you on
what they find.
• Companies can make a LOT of money off of you and your information. There
is no such thing as a free service. You are the product.
• "Bad people" can use it to do bad things to you or in your name.
Do you need online privacy?
• Do you have sensitive data? (financials? medical? SSN? DoB? Mother's Maiden Name?)
• Does your employer monitor your social media presence?
• Did you do things in your past you would like hidden?
• Do you live under a repressive or tyrannical government?
• Are you in witness relocation?
• Do you have someone(s) who would harm you if they knew who/where you were?
• … basically, everyone!
All my info is already online!
1st accept you can never get rid of all of it.
2nd remove as much as you can…. But first, change it to be meaningless.
• Use services like:
• https://namechk.com/
• https://checkusernames.com/
• For each known online account:
• Change your data
• Delete the account
• Search for more sites (google, bing, etc…)
• Request they delete your data
Maintain your privacy.
Periodically check for new information pertaining to you online and removing it.
Freeze your credit at all credit agencies:
• Equifax, Trans Union, Experian, Innovis
Learn to lie…. Or not…I am not a lawyer!!!
When filling out a form/application/etc, only fill out as much as required.
For the other items question why they are needed.
Even then, if you can get away with providing incomplete/inaccurate data, …
Be cautious what you tell people. Does that person you met at <insert place here> really need to
know where you work?
Maintain your privacy.
Ask friends and family to not post/share info about you.
If you really need to, get a new SSN. https://faq.ssa.gov/en-US/Topic/article/KA-02220
If you decide to switch doctors, ask for your old medical records and request that they destroy any
copies they have.
Setup a P.O. box (or other service) instead of always providing home address.
Use a virtual phone number service and provide that number as needed.
Let's make a new identity.
Sockpuppet = an alternate online identity used to hide/obscure the identity of a person
Items usually needed:
• Name
• Pick a believable name
• Email
• Use a separate email account (ideally one that is encrypted such as Proton Mail)
• Money
• Cash is best
• Prepaid gift/debit card (Visa/MasterCard/etc…)
• Phone
• Set up a burner phone with its own number. Prepaid phones work well. Remember to pay
with cash.
• Address
• USPS P.O. Box, UPS Store
Let's make a new identity.
• Browser
• Incognito mode
• Tor
• AdBlock
• Passwords
• Maintain separate passwords for all accounts.
• VPN
• Use a trusted VPN for online activity.
Extra thoughts:
• Social Media
• Facebook, LinkedIn, Twitter, etc..
• Be willing to destroy the account if needed!!!
Is this illegal?
I AM NOT A LAWYER!!!!!
Do these things at your own discretion!!!!
Personally, when I perform any of these activities, I do so with the intent of protecting my identity,
not to defraud or harm someone else.
Helpful resources.
Find Social Media Accounts: https://namechk.com/ and https://checkusernames.com/
Get a new SSN: https://faq.ssa.gov/en-US/Topic/article/KA-02220
Get a UPS Store Address: https://www.theupsstore.com/mailboxes/personal-mailboxes
Freeze your credit:
• https://www.equifax.com/personal/credit-report-services/
• https://www.experian.com/freeze/center.html
• https://www.transunion.com/credit-freeze
• https://www.innovis.com/securityFreeze/index
Reduce spam phone calls: https://www.donotcall.gov/
Check if your email against breaches: https://haveibeenpwned.com/
Parting Thoughts
It is not for everyone.
You do not have to do everything if you do not wish to.
Protecting your privacy/data is a never-ending process.
Your privacy and data are valuable, do not give it away for free.
It can be very difficult to maintain separate identities.
This presentation was just an overview and intro to online privacy.
You can deep dive into it much more than we have covered here.
Parting Thoughts (videos)
Several videos out there:
Tim Vetter - "Winning and Quitting the Privacy Game: What it *REALLY* takes to have True
Privacy in the 21st Century"
https://www.youtube.com/watch?v=bxQSu06yuZc
Scott M - "Anti-OSINT…or hiding from The Man"
https://www.youtube.com/watch?v=EqtF-fuVI9w
Michael James - "ANTI OSINT AF: How to become untouchable"
https://www.youtube.com/watch?v=WFIGP8MRSJI
Contact Me!
Adam L. Compton
@tatanus
www.hillbillystorytime.com
www.youtube.com/hillbillstorytime
adam.comptom@gmail.com
adam.compton@trustedsec.com

More Related Content

What's hot

What is internet !
What is internet !What is internet !
What is internet !saeedjaroor
 
Social Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn'tSocial Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn'tjordanwollman
 
Censorship essay
Censorship essayCensorship essay
Censorship essayOliviaBolt
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligattBen Rothke
 
Your Internet Safety
Your Internet SafetyYour Internet Safety
Your Internet SafetyJVGAJJAR
 
Internet safety power_point
Internet safety power_pointInternet safety power_point
Internet safety power_pointAmit Pal Singh
 
Presentation to parents
Presentation to parentsPresentation to parents
Presentation to parentssirchriss
 
Digital citizenship for Students
Digital citizenship for StudentsDigital citizenship for Students
Digital citizenship for StudentsKelgator
 
Internet safety presentation 2019
Internet safety presentation 2019Internet safety presentation 2019
Internet safety presentation 2019KanelandSvihlik
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safetyAChuppTeaches
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: UpdatedAmanda L. Goodman
 

What's hot (20)

What is internet !
What is internet !What is internet !
What is internet !
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
Social Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn'tSocial Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn't
 
Web pp
Web ppWeb pp
Web pp
 
Defamation on the Internet
Defamation on the InternetDefamation on the Internet
Defamation on the Internet
 
Censorship essay
Censorship essayCensorship essay
Censorship essay
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!
 
Internet Defamation
Internet DefamationInternet Defamation
Internet Defamation
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenship
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Your Internet Safety
Your Internet SafetyYour Internet Safety
Your Internet Safety
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
Internet safety power_point
Internet safety power_pointInternet safety power_point
Internet safety power_point
 
Presentation to parents
Presentation to parentsPresentation to parents
Presentation to parents
 
Digital citizenship for Students
Digital citizenship for StudentsDigital citizenship for Students
Digital citizenship for Students
 
Internet safety presentation 2019
Internet safety presentation 2019Internet safety presentation 2019
Internet safety presentation 2019
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safety
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: Updated
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 

Similar to A HillyBilly's Guide to Staying Anonymous Online - SecureWV

Mobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulMobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulAndrew Schwabe
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activitiesYumonomics
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1Pedro Serrano
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Donald E. Hester
 
Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security AwarenessPedro Serrano
 
Pod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself onlinePod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself onlineLane Sutton
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15Get up to Speed
 
Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15Get up to Speed
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
Cyber Safety Month summary
 Cyber Safety Month summary Cyber Safety Month summary
Cyber Safety Month summaryicts-uct
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Protecting Personal Privacy
Protecting Personal PrivacyProtecting Personal Privacy
Protecting Personal PrivacyDoubleXDS
 
Common Consumer Frauds and How to Avoid Them-03-14
Common Consumer Frauds and How to Avoid Them-03-14Common Consumer Frauds and How to Avoid Them-03-14
Common Consumer Frauds and How to Avoid Them-03-14Barbara O'Neill
 

Similar to A HillyBilly's Guide to Staying Anonymous Online - SecureWV (20)

Mobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulMobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech Mogul
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activities
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides Orlando
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014
 
Identity thefts
Identity theftsIdentity thefts
Identity thefts
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness
 
Pod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself onlinePod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself online
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15
 
Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
Cyber Safety Month summary
 Cyber Safety Month summary Cyber Safety Month summary
Cyber Safety Month summary
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Protecting Personal Privacy
Protecting Personal PrivacyProtecting Personal Privacy
Protecting Personal Privacy
 
Doxing
 Doxing Doxing
Doxing
 
Common Consumer Frauds and How to Avoid Them-03-14
Common Consumer Frauds and How to Avoid Them-03-14Common Consumer Frauds and How to Avoid Them-03-14
Common Consumer Frauds and How to Avoid Them-03-14
 

More from Adam Compton

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a PentesterAdam Compton
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatAdam Compton
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest FailsAdam Compton
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest FailsAdam Compton
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsAdam Compton
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFailsAdam Compton
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsAdam Compton
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFailsAdam Compton
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsAdam Compton
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2Adam Compton
 

More from Adam Compton (15)

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a Pentester
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White Meat
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest Fails
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFails
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFails
 
HackCon - SPF
HackCon - SPFHackCon - SPF
HackCon - SPF
 
DerbyCon - Legion
DerbyCon - LegionDerbyCon - Legion
DerbyCon - Legion
 
DerbyCon - APT2
DerbyCon - APT2DerbyCon - APT2
DerbyCon - APT2
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFails
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFails
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2
 

Recently uploaded

overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of VirtualizationRajan yadav
 
Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxlibertyuae uae
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxJustineGarcia32
 
Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Eric Johnson
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?krc0yvm5
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondContinuent
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...hasimatwork
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technologysoufianbouktaib1
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfMaria Adalfio
 

Recently uploaded (10)

overview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualizationoverview of Virtualization, concept of Virtualization
overview of Virtualization, concept of Virtualization
 
Benefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptxBenefits of Fiber Internet vs. Traditional Internet.pptx
Benefits of Fiber Internet vs. Traditional Internet.pptx
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptx
 
Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019Mary Meeker Internet Trends Report for 2019
Mary Meeker Internet Trends Report for 2019
 
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?如何办理朴茨茅斯大学毕业证书学位证书成绩单?
如何办理朴茨茅斯大学毕业证书学位证书成绩单?
 
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and BeyondTungsten Webinar: v6 & v7 Release Recap, and Beyond
Tungsten Webinar: v6 & v7 Release Recap, and Beyond
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
Section 3 - Technical Sales Foundations for IBM QRadar for Cloud (QRoC)V1 P10...
 
Generalities about NFT , as a new technology
Generalities about NFT , as a new technologyGeneralities about NFT , as a new technology
Generalities about NFT , as a new technology
 
Google-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdfGoogle-Next-Madrid-BBVA-Research inv.pdf
Google-Next-Madrid-BBVA-Research inv.pdf
 

A HillyBilly's Guide to Staying Anonymous Online - SecureWV

  • 1. SecureWV 11 A Hillbilly's Guide to Staying Anonymous Online (A Hillbilly Storytime Production) November 7, 2020
  • 2. • Who Am I? • Simple Answer: • Father/Husband/Son/Brother • Programmer/Pentester/Researcher • Hillbilly • Who do I work for? • TrustedSec Adam Compton
  • 3. Why did I decide on this topic? Down Thar Over Yonder
  • 4. What is OSINT (short version)? OSINT = Open Source INTelligence It is the collection and analysis of data obtained from publicly accessible sources. Common sources: • Social Media • Blog Posts/Forums • Document Metadata • Data Leaks (Pastebin) • Whois/DNS • Shodan • (and many many more)
  • 5. What is Anti-OSINT? In short, it is the process by which one attempts to prevent gathering accurate OSINT about a person or thing. Typically though of as the domain of: • Spies/Governments • Hermits/Off Grid • Conspiracy Theorists
  • 6. Why is online privacy important? • "Good people" can use it to perform security validation attacks against you and your company. (Social Engineering) • Companies may search for you on the internet and base their opinion of you on what they find. • Companies can make a LOT of money off of you and your information. There is no such thing as a free service. You are the product. • "Bad people" can use it to do bad things to you or in your name.
  • 7. Do you need online privacy? • Do you have sensitive data? (financials? medical? SSN? DoB? Mother's Maiden Name?) • Does your employer monitor your social media presence? • Did you do things in your past you would like hidden? • Do you live under a repressive or tyrannical government? • Are you in witness relocation? • Do you have someone(s) who would harm you if they knew who/where you were? • … basically, everyone!
  • 8. All my info is already online! 1st accept you can never get rid of all of it. 2nd remove as much as you can…. But first, change it to be meaningless. • Use services like: • https://namechk.com/ • https://checkusernames.com/ • For each known online account: • Change your data • Delete the account • Search for more sites (google, bing, etc…) • Request they delete your data
  • 9. Maintain your privacy. Periodically check for new information pertaining to you online and removing it. Freeze your credit at all credit agencies: • Equifax, Trans Union, Experian, Innovis Learn to lie…. Or not…I am not a lawyer!!! When filling out a form/application/etc, only fill out as much as required. For the other items question why they are needed. Even then, if you can get away with providing incomplete/inaccurate data, … Be cautious what you tell people. Does that person you met at <insert place here> really need to know where you work?
  • 10. Maintain your privacy. Ask friends and family to not post/share info about you. If you really need to, get a new SSN. https://faq.ssa.gov/en-US/Topic/article/KA-02220 If you decide to switch doctors, ask for your old medical records and request that they destroy any copies they have. Setup a P.O. box (or other service) instead of always providing home address. Use a virtual phone number service and provide that number as needed.
  • 11. Let's make a new identity. Sockpuppet = an alternate online identity used to hide/obscure the identity of a person Items usually needed: • Name • Pick a believable name • Email • Use a separate email account (ideally one that is encrypted such as Proton Mail) • Money • Cash is best • Prepaid gift/debit card (Visa/MasterCard/etc…) • Phone • Set up a burner phone with its own number. Prepaid phones work well. Remember to pay with cash. • Address • USPS P.O. Box, UPS Store
  • 12. Let's make a new identity. • Browser • Incognito mode • Tor • AdBlock • Passwords • Maintain separate passwords for all accounts. • VPN • Use a trusted VPN for online activity. Extra thoughts: • Social Media • Facebook, LinkedIn, Twitter, etc.. • Be willing to destroy the account if needed!!!
  • 13. Is this illegal? I AM NOT A LAWYER!!!!! Do these things at your own discretion!!!! Personally, when I perform any of these activities, I do so with the intent of protecting my identity, not to defraud or harm someone else.
  • 14. Helpful resources. Find Social Media Accounts: https://namechk.com/ and https://checkusernames.com/ Get a new SSN: https://faq.ssa.gov/en-US/Topic/article/KA-02220 Get a UPS Store Address: https://www.theupsstore.com/mailboxes/personal-mailboxes Freeze your credit: • https://www.equifax.com/personal/credit-report-services/ • https://www.experian.com/freeze/center.html • https://www.transunion.com/credit-freeze • https://www.innovis.com/securityFreeze/index Reduce spam phone calls: https://www.donotcall.gov/ Check if your email against breaches: https://haveibeenpwned.com/
  • 15. Parting Thoughts It is not for everyone. You do not have to do everything if you do not wish to. Protecting your privacy/data is a never-ending process. Your privacy and data are valuable, do not give it away for free. It can be very difficult to maintain separate identities. This presentation was just an overview and intro to online privacy. You can deep dive into it much more than we have covered here.
  • 16. Parting Thoughts (videos) Several videos out there: Tim Vetter - "Winning and Quitting the Privacy Game: What it *REALLY* takes to have True Privacy in the 21st Century" https://www.youtube.com/watch?v=bxQSu06yuZc Scott M - "Anti-OSINT…or hiding from The Man" https://www.youtube.com/watch?v=EqtF-fuVI9w Michael James - "ANTI OSINT AF: How to become untouchable" https://www.youtube.com/watch?v=WFIGP8MRSJI
  • 17. Contact Me! Adam L. Compton @tatanus www.hillbillystorytime.com www.youtube.com/hillbillstorytime adam.comptom@gmail.com adam.compton@trustedsec.com