SlideShare a Scribd company logo
1 of 17
Download to read offline
SecureWV 11
A Hillbilly's Guide
to Staying
Anonymous Online
(A Hillbilly Storytime Production)
November 7, 2020
• Who Am I?
• Simple Answer:
• Father/Husband/Son/Brother
• Programmer/Pentester/Researcher
• Hillbilly
• Who do I work for?
• TrustedSec
Adam Compton
Why did I decide on this topic?
Down Thar Over Yonder
What is OSINT (short version)?
OSINT = Open Source INTelligence
It is the collection and analysis of data obtained from publicly
accessible sources.
Common sources:
• Social Media
• Blog Posts/Forums
• Document Metadata
• Data Leaks (Pastebin)
• Whois/DNS
• Shodan
• (and many many more)
What is Anti-OSINT?
In short, it is the process by which one attempts to prevent gathering accurate
OSINT about a person or thing.
Typically though of as the domain of:
• Spies/Governments
• Hermits/Off Grid
• Conspiracy Theorists
Why is online privacy important?
• "Good people" can use it to perform security validation attacks against you and
your company. (Social Engineering)
• Companies may search for you on the internet and base their opinion of you on
what they find.
• Companies can make a LOT of money off of you and your information. There
is no such thing as a free service. You are the product.
• "Bad people" can use it to do bad things to you or in your name.
Do you need online privacy?
• Do you have sensitive data? (financials? medical? SSN? DoB? Mother's Maiden Name?)
• Does your employer monitor your social media presence?
• Did you do things in your past you would like hidden?
• Do you live under a repressive or tyrannical government?
• Are you in witness relocation?
• Do you have someone(s) who would harm you if they knew who/where you were?
• … basically, everyone!
All my info is already online!
1st accept you can never get rid of all of it.
2nd remove as much as you can…. But first, change it to be meaningless.
• Use services like:
• https://namechk.com/
• https://checkusernames.com/
• For each known online account:
• Change your data
• Delete the account
• Search for more sites (google, bing, etc…)
• Request they delete your data
Maintain your privacy.
Periodically check for new information pertaining to you online and removing it.
Freeze your credit at all credit agencies:
• Equifax, Trans Union, Experian, Innovis
Learn to lie…. Or not…I am not a lawyer!!!
When filling out a form/application/etc, only fill out as much as required.
For the other items question why they are needed.
Even then, if you can get away with providing incomplete/inaccurate data, …
Be cautious what you tell people. Does that person you met at <insert place here> really need to
know where you work?
Maintain your privacy.
Ask friends and family to not post/share info about you.
If you really need to, get a new SSN. https://faq.ssa.gov/en-US/Topic/article/KA-02220
If you decide to switch doctors, ask for your old medical records and request that they destroy any
copies they have.
Setup a P.O. box (or other service) instead of always providing home address.
Use a virtual phone number service and provide that number as needed.
Let's make a new identity.
Sockpuppet = an alternate online identity used to hide/obscure the identity of a person
Items usually needed:
• Name
• Pick a believable name
• Email
• Use a separate email account (ideally one that is encrypted such as Proton Mail)
• Money
• Cash is best
• Prepaid gift/debit card (Visa/MasterCard/etc…)
• Phone
• Set up a burner phone with its own number. Prepaid phones work well. Remember to pay
with cash.
• Address
• USPS P.O. Box, UPS Store
Let's make a new identity.
• Browser
• Incognito mode
• Tor
• AdBlock
• Passwords
• Maintain separate passwords for all accounts.
• VPN
• Use a trusted VPN for online activity.
Extra thoughts:
• Social Media
• Facebook, LinkedIn, Twitter, etc..
• Be willing to destroy the account if needed!!!
Is this illegal?
I AM NOT A LAWYER!!!!!
Do these things at your own discretion!!!!
Personally, when I perform any of these activities, I do so with the intent of protecting my identity,
not to defraud or harm someone else.
Helpful resources.
Find Social Media Accounts: https://namechk.com/ and https://checkusernames.com/
Get a new SSN: https://faq.ssa.gov/en-US/Topic/article/KA-02220
Get a UPS Store Address: https://www.theupsstore.com/mailboxes/personal-mailboxes
Freeze your credit:
• https://www.equifax.com/personal/credit-report-services/
• https://www.experian.com/freeze/center.html
• https://www.transunion.com/credit-freeze
• https://www.innovis.com/securityFreeze/index
Reduce spam phone calls: https://www.donotcall.gov/
Check if your email against breaches: https://haveibeenpwned.com/
Parting Thoughts
It is not for everyone.
You do not have to do everything if you do not wish to.
Protecting your privacy/data is a never-ending process.
Your privacy and data are valuable, do not give it away for free.
It can be very difficult to maintain separate identities.
This presentation was just an overview and intro to online privacy.
You can deep dive into it much more than we have covered here.
Parting Thoughts (videos)
Several videos out there:
Tim Vetter - "Winning and Quitting the Privacy Game: What it *REALLY* takes to have True
Privacy in the 21st Century"
https://www.youtube.com/watch?v=bxQSu06yuZc
Scott M - "Anti-OSINT…or hiding from The Man"
https://www.youtube.com/watch?v=EqtF-fuVI9w
Michael James - "ANTI OSINT AF: How to become untouchable"
https://www.youtube.com/watch?v=WFIGP8MRSJI
Contact Me!
Adam L. Compton
@tatanus
www.hillbillystorytime.com
www.youtube.com/hillbillstorytime
adam.comptom@gmail.com
adam.compton@trustedsec.com

More Related Content

What's hot

What is internet !
What is internet !What is internet !
What is internet !saeedjaroor
 
Social Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn'tSocial Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn'tjordanwollman
 
Censorship essay
Censorship essayCensorship essay
Censorship essayOliviaBolt
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligattBen Rothke
 
Your Internet Safety
Your Internet SafetyYour Internet Safety
Your Internet SafetyJVGAJJAR
 
Internet safety power_point
Internet safety power_pointInternet safety power_point
Internet safety power_pointAmit Pal Singh
 
Presentation to parents
Presentation to parentsPresentation to parents
Presentation to parentssirchriss
 
Digital citizenship for Students
Digital citizenship for StudentsDigital citizenship for Students
Digital citizenship for StudentsKelgator
 
Internet safety presentation 2019
Internet safety presentation 2019Internet safety presentation 2019
Internet safety presentation 2019KanelandSvihlik
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safetyAChuppTeaches
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: UpdatedAmanda L. Goodman
 

What's hot (20)

What is internet !
What is internet !What is internet !
What is internet !
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
Social Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn'tSocial Media is Okay - Jeopardizing Security Isn't
Social Media is Okay - Jeopardizing Security Isn't
 
Web pp
Web ppWeb pp
Web pp
 
Defamation on the Internet
Defamation on the InternetDefamation on the Internet
Defamation on the Internet
 
Censorship essay
Censorship essayCensorship essay
Censorship essay
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!
 
Internet Defamation
Internet DefamationInternet Defamation
Internet Defamation
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenship
 
Lessons from ligatt
Lessons from ligattLessons from ligatt
Lessons from ligatt
 
Your Internet Safety
Your Internet SafetyYour Internet Safety
Your Internet Safety
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
Internet safety power_point
Internet safety power_pointInternet safety power_point
Internet safety power_point
 
Presentation to parents
Presentation to parentsPresentation to parents
Presentation to parents
 
Digital citizenship for Students
Digital citizenship for StudentsDigital citizenship for Students
Digital citizenship for Students
 
Internet safety presentation 2019
Internet safety presentation 2019Internet safety presentation 2019
Internet safety presentation 2019
 
Copyright and internet_safety
Copyright and internet_safetyCopyright and internet_safety
Copyright and internet_safety
 
Online Security & Privacy: Updated
Online Security & Privacy: UpdatedOnline Security & Privacy: Updated
Online Security & Privacy: Updated
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 

Similar to A HillyBilly's Guide to Staying Anonymous Online - SecureWV

Mobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulMobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulAndrew Schwabe
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activitiesYumonomics
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1Pedro Serrano
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides OrlandoSamuel Greenfeld
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Donald E. Hester
 
Identity thefts
Identity theftsIdentity thefts
Identity theftsHHSome
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security AwarenessPedro Serrano
 
Pod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself onlinePod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself onlineLane Sutton
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15Get up to Speed
 
Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15Get up to Speed
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technicalStephen Cobb
 
Cyber Safety Month summary
 Cyber Safety Month summary Cyber Safety Month summary
Cyber Safety Month summaryicts-uct
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Protecting Personal Privacy
Protecting Personal PrivacyProtecting Personal Privacy
Protecting Personal PrivacyDoubleXDS
 

Similar to A HillyBilly's Guide to Staying Anonymous Online - SecureWV (20)

Mobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech MogulMobile Security for the Modern Tech Mogul
Mobile Security for the Modern Tech Mogul
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activities
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1ISSA - Security Awareness 2016-1
ISSA - Security Awareness 2016-1
 
Dox Yourself BSides Orlando
Dox Yourself BSides OrlandoDox Yourself BSides Orlando
Dox Yourself BSides Orlando
 
Cyber Security Awareness October 2014
Cyber Security Awareness October 2014Cyber Security Awareness October 2014
Cyber Security Awareness October 2014
 
Identity thefts
Identity theftsIdentity thefts
Identity thefts
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness2016 Secure World Expo - Security Awareness
2016 Secure World Expo - Security Awareness
 
Pod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself onlinePod camp boston 2011 locking up yourself online
Pod camp boston 2011 locking up yourself online
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15Beginners guide to the internet 26.10.15
Beginners guide to the internet 26.10.15
 
Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15Beginners guide to the internet 26.10.15 & 30.10.15
Beginners guide to the internet 26.10.15 & 30.10.15
 
Cybersecurity for the non-technical
Cybersecurity for the non-technicalCybersecurity for the non-technical
Cybersecurity for the non-technical
 
Cyber Safety Month summary
 Cyber Safety Month summary Cyber Safety Month summary
Cyber Safety Month summary
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Protecting Personal Privacy
Protecting Personal PrivacyProtecting Personal Privacy
Protecting Personal Privacy
 
Doxing
 Doxing Doxing
Doxing
 

More from Adam Compton

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a PentesterAdam Compton
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatAdam Compton
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest FailsAdam Compton
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest FailsAdam Compton
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsAdam Compton
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFailsAdam Compton
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsAdam Compton
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFailsAdam Compton
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINTAdam Compton
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsAdam Compton
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2Adam Compton
 

More from Adam Compton (15)

Becoming a Pentester
Becoming a PentesterBecoming a Pentester
Becoming a Pentester
 
BSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White MeatBSidesKnoxville 2019 - Unix: The Other White Meat
BSidesKnoxville 2019 - Unix: The Other White Meat
 
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails2018 DerbyCon - Hillbilly Storytime - Pentest Fails
2018 DerbyCon - Hillbilly Storytime - Pentest Fails
 
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails2018 HackerHalted - Hillbilly Storytime - Pentest Fails
2018 HackerHalted - Hillbilly Storytime - Pentest Fails
 
Bsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest FailsBsides LV - Hillbilly Storytime - Pentest Fails
Bsides LV - Hillbilly Storytime - Pentest Fails
 
SecureWV - PentestFails
SecureWV - PentestFailsSecureWV - PentestFails
SecureWV - PentestFails
 
SecureWV - APT2
SecureWV - APT2SecureWV - APT2
SecureWV - APT2
 
Infosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFailsInfosec Europe 17 - PentestFails
Infosec Europe 17 - PentestFails
 
HackCon - SPF
HackCon - SPFHackCon - SPF
HackCon - SPF
 
DerbyCon - Legion
DerbyCon - LegionDerbyCon - Legion
DerbyCon - Legion
 
DerbyCon - APT2
DerbyCon - APT2DerbyCon - APT2
DerbyCon - APT2
 
Bsides Nashville - PentestFails
Bsides Nashville - PentestFailsBsides Nashville - PentestFails
Bsides Nashville - PentestFails
 
Bsides Knoxville - OSINT
Bsides Knoxville - OSINTBsides Knoxville - OSINT
Bsides Knoxville - OSINT
 
Bsides Knoxville - PentestFails
Bsides Knoxville - PentestFailsBsides Knoxville - PentestFails
Bsides Knoxville - PentestFails
 
Bsides Knoxville - APT2
Bsides Knoxville - APT2Bsides Knoxville - APT2
Bsides Knoxville - APT2
 

Recently uploaded

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)ICT Watch - Indonesia
 
Tari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T ShirtsTari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T Shirtsrahman018755
 
Power of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdfPower of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdfrajats19920
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...ICT Watch - Indonesia
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...vmzoxnx5
 

Recently uploaded (6)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)Summary  IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
 
Tari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T ShirtsTari Eason Warriors Come Out To Play T Shirts
Tari Eason Warriors Come Out To Play T Shirts
 
Power of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdfPower of Social Media for E-commerce.pdf
Power of Social Media for E-commerce.pdf
 
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...Summary  ID-IGF 2016 National Dialogue  - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
 
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
 

A HillyBilly's Guide to Staying Anonymous Online - SecureWV

  • 1. SecureWV 11 A Hillbilly's Guide to Staying Anonymous Online (A Hillbilly Storytime Production) November 7, 2020
  • 2. • Who Am I? • Simple Answer: • Father/Husband/Son/Brother • Programmer/Pentester/Researcher • Hillbilly • Who do I work for? • TrustedSec Adam Compton
  • 3. Why did I decide on this topic? Down Thar Over Yonder
  • 4. What is OSINT (short version)? OSINT = Open Source INTelligence It is the collection and analysis of data obtained from publicly accessible sources. Common sources: • Social Media • Blog Posts/Forums • Document Metadata • Data Leaks (Pastebin) • Whois/DNS • Shodan • (and many many more)
  • 5. What is Anti-OSINT? In short, it is the process by which one attempts to prevent gathering accurate OSINT about a person or thing. Typically though of as the domain of: • Spies/Governments • Hermits/Off Grid • Conspiracy Theorists
  • 6. Why is online privacy important? • "Good people" can use it to perform security validation attacks against you and your company. (Social Engineering) • Companies may search for you on the internet and base their opinion of you on what they find. • Companies can make a LOT of money off of you and your information. There is no such thing as a free service. You are the product. • "Bad people" can use it to do bad things to you or in your name.
  • 7. Do you need online privacy? • Do you have sensitive data? (financials? medical? SSN? DoB? Mother's Maiden Name?) • Does your employer monitor your social media presence? • Did you do things in your past you would like hidden? • Do you live under a repressive or tyrannical government? • Are you in witness relocation? • Do you have someone(s) who would harm you if they knew who/where you were? • … basically, everyone!
  • 8. All my info is already online! 1st accept you can never get rid of all of it. 2nd remove as much as you can…. But first, change it to be meaningless. • Use services like: • https://namechk.com/ • https://checkusernames.com/ • For each known online account: • Change your data • Delete the account • Search for more sites (google, bing, etc…) • Request they delete your data
  • 9. Maintain your privacy. Periodically check for new information pertaining to you online and removing it. Freeze your credit at all credit agencies: • Equifax, Trans Union, Experian, Innovis Learn to lie…. Or not…I am not a lawyer!!! When filling out a form/application/etc, only fill out as much as required. For the other items question why they are needed. Even then, if you can get away with providing incomplete/inaccurate data, … Be cautious what you tell people. Does that person you met at <insert place here> really need to know where you work?
  • 10. Maintain your privacy. Ask friends and family to not post/share info about you. If you really need to, get a new SSN. https://faq.ssa.gov/en-US/Topic/article/KA-02220 If you decide to switch doctors, ask for your old medical records and request that they destroy any copies they have. Setup a P.O. box (or other service) instead of always providing home address. Use a virtual phone number service and provide that number as needed.
  • 11. Let's make a new identity. Sockpuppet = an alternate online identity used to hide/obscure the identity of a person Items usually needed: • Name • Pick a believable name • Email • Use a separate email account (ideally one that is encrypted such as Proton Mail) • Money • Cash is best • Prepaid gift/debit card (Visa/MasterCard/etc…) • Phone • Set up a burner phone with its own number. Prepaid phones work well. Remember to pay with cash. • Address • USPS P.O. Box, UPS Store
  • 12. Let's make a new identity. • Browser • Incognito mode • Tor • AdBlock • Passwords • Maintain separate passwords for all accounts. • VPN • Use a trusted VPN for online activity. Extra thoughts: • Social Media • Facebook, LinkedIn, Twitter, etc.. • Be willing to destroy the account if needed!!!
  • 13. Is this illegal? I AM NOT A LAWYER!!!!! Do these things at your own discretion!!!! Personally, when I perform any of these activities, I do so with the intent of protecting my identity, not to defraud or harm someone else.
  • 14. Helpful resources. Find Social Media Accounts: https://namechk.com/ and https://checkusernames.com/ Get a new SSN: https://faq.ssa.gov/en-US/Topic/article/KA-02220 Get a UPS Store Address: https://www.theupsstore.com/mailboxes/personal-mailboxes Freeze your credit: • https://www.equifax.com/personal/credit-report-services/ • https://www.experian.com/freeze/center.html • https://www.transunion.com/credit-freeze • https://www.innovis.com/securityFreeze/index Reduce spam phone calls: https://www.donotcall.gov/ Check if your email against breaches: https://haveibeenpwned.com/
  • 15. Parting Thoughts It is not for everyone. You do not have to do everything if you do not wish to. Protecting your privacy/data is a never-ending process. Your privacy and data are valuable, do not give it away for free. It can be very difficult to maintain separate identities. This presentation was just an overview and intro to online privacy. You can deep dive into it much more than we have covered here.
  • 16. Parting Thoughts (videos) Several videos out there: Tim Vetter - "Winning and Quitting the Privacy Game: What it *REALLY* takes to have True Privacy in the 21st Century" https://www.youtube.com/watch?v=bxQSu06yuZc Scott M - "Anti-OSINT…or hiding from The Man" https://www.youtube.com/watch?v=EqtF-fuVI9w Michael James - "ANTI OSINT AF: How to become untouchable" https://www.youtube.com/watch?v=WFIGP8MRSJI
  • 17. Contact Me! Adam L. Compton @tatanus www.hillbillystorytime.com www.youtube.com/hillbillstorytime adam.comptom@gmail.com adam.compton@trustedsec.com