janoshik
Subscriber
EMAIL SET UP:
1. Use tutanota.com or protonmail.com (or similar well established services) as your email for the business you would like to keep private. Use it only for that.
2. Use a random username that you don't use elsewhere (something like randomguy123456 provides very little information).
3. Pick a new password. Good password is long, not complex.
Password "I like looking at horses as they fly over Mexico." or "Diane is such a stupid bitch." is easier to remember than "3523!SDF" while being MUCH safer.
4. Use 2 factor authentication where possible.
5. When logging into your email, type the url (like www.protonmail.com) yourself, or double check the URL before you input your password.
6. Turn off automatic downloading of the images (pretty much every email service provides that option, some by default).
EMAIL INTERACTION:
1. Do not click on links from anybody in email. Clicking on links from your email can be used to identify you or trick you into inputting your password to a scam site. If you absolutely positively have to see what is on the link, copy and paste it.
Even a link that looks innocent like this http://www.janoshik.com (www.thinksteroids.com) can lead literally to den of evil. Try it.
2. Always check the actual email address of the person you are replying to, not just their email "name." You can achieve this by clicking on "See More" or "Show details" etc. near their email address or name.
3. If you get email in regard to your email service provider - for example email from Tutanota that they are terminating your account unless you do something or similar, and you are not sure whether the email is legitimate, ask people before you do anything (and certainly don't click on any links).
4. No downloading attachments from people you don't know. Download only attachments from people that you know and you know what the attachment is.
Avoid attachments with these extension under all circumstances:
5. If the person you are corresponding with changes behavior suddenly, it's best to wait.
6. After you are done with some business, delete all emails in regard to it.
7. Do not send anybody any pictures unless you are 100% sure about what you are doing. There can be fingerprints visible, piece of paperwork in frame with your name on it, or start and landscape visible enough so that your location can be pinpointed. The photo might even contain your GPS coordinates. All those are not theoretical vectors of attack, they all are used. So it's best if you don't send any.
8. Do not overshare information. Simple business transactions, the less information you share the less can be used against you.
FORUM REGISTRATION OR LOGIN:
1. Use a random password for every forum (see how to choose email password).
Do not use passwords like this:
thinksteroids.com: login: JohnDoe, password: thinksteroidsdoe1!
Imagine somebody gets to see that? Even though your password on Anasci.org is different, it will, at some point occur to the attack to use anascidoe1!.
2. When logging into forum, type the url (like www.thinksteroids.com) yourself, or double check the URL before you input your password. Do not log in after clicking a live link anywhere. (try clicking the previous link).
3. When a forum goes down and gets back up on a different URL do NOT LOGIN WITH YOUR PREVIOUS PASSWORD, go through "I forgot my password, email me a new one" routine and get a new one.
FORUM INTERACTION:
1. DO NOT OVERSHARE. It's all fun and games talking with people, you transition into being a lab and use your pull with the community to get through vetting. Business is doing great. Except now everybody knows who you are. Scenario 2: you call a scammer out, ruin his business and he's mad enough for revenge.
2. DO NOT SHARE PICTURES YOU ARE NOT 100% ABOUT. Again, same thing, but stressed. Make sure you remove ANYTHING that could be used for identification from the pictures. Run them through EXIF remover, such as:
For the love of god, don't do that thing, where you pull off your Instagram pictures and just blur the face or pain it with black ink. That way you are sharing your name on a silver plate.
3. Be EXTREMELY wary of people who contact you first under the guise of helping you. They can probably very well help you out in public, so start a topic for that and redirect them.
4. PMs on any forum are NOT private, they can be read and you should always assume they indeed are being read.
ONLINE SHOPS:
1. This is advanced, so I will be brief.
2. Use TOR Browser.
3. Use throwaway account for EACH order.
4. Use crypto that can't be tied to you - preferably Monero, or something bought with cash.
5. Do not check the tracking number from unsafe device on your own internet connection - there goes plausible deniability. Use 3rd party website for tracking or use VPN or TOR (although using VPN or TOR is theorized to cause some red lights).
1. Use tutanota.com or protonmail.com (or similar well established services) as your email for the business you would like to keep private. Use it only for that.
2. Use a random username that you don't use elsewhere (something like randomguy123456 provides very little information).
3. Pick a new password. Good password is long, not complex.
Password "I like looking at horses as they fly over Mexico." or "Diane is such a stupid bitch." is easier to remember than "3523!SDF" while being MUCH safer.
4. Use 2 factor authentication where possible.
5. When logging into your email, type the url (like www.protonmail.com) yourself, or double check the URL before you input your password.
6. Turn off automatic downloading of the images (pretty much every email service provides that option, some by default).
EMAIL INTERACTION:
1. Do not click on links from anybody in email. Clicking on links from your email can be used to identify you or trick you into inputting your password to a scam site. If you absolutely positively have to see what is on the link, copy and paste it.
Even a link that looks innocent like this http://www.janoshik.com (www.thinksteroids.com) can lead literally to den of evil. Try it.
2. Always check the actual email address of the person you are replying to, not just their email "name." You can achieve this by clicking on "See More" or "Show details" etc. near their email address or name.
3. If you get email in regard to your email service provider - for example email from Tutanota that they are terminating your account unless you do something or similar, and you are not sure whether the email is legitimate, ask people before you do anything (and certainly don't click on any links).
4. No downloading attachments from people you don't know. Download only attachments from people that you know and you know what the attachment is.
Avoid attachments with these extension under all circumstances:
Code:
https://support.symantec.com/us/en/article.info3768.html5. If the person you are corresponding with changes behavior suddenly, it's best to wait.
6. After you are done with some business, delete all emails in regard to it.
7. Do not send anybody any pictures unless you are 100% sure about what you are doing. There can be fingerprints visible, piece of paperwork in frame with your name on it, or start and landscape visible enough so that your location can be pinpointed. The photo might even contain your GPS coordinates. All those are not theoretical vectors of attack, they all are used. So it's best if you don't send any.
8. Do not overshare information. Simple business transactions, the less information you share the less can be used against you.
FORUM REGISTRATION OR LOGIN:
1. Use a random password for every forum (see how to choose email password).
Do not use passwords like this:
thinksteroids.com: login: JohnDoe, password: thinksteroidsdoe1!
Imagine somebody gets to see that? Even though your password on Anasci.org is different, it will, at some point occur to the attack to use anascidoe1!.
2. When logging into forum, type the url (like www.thinksteroids.com) yourself, or double check the URL before you input your password. Do not log in after clicking a live link anywhere. (try clicking the previous link).
3. When a forum goes down and gets back up on a different URL do NOT LOGIN WITH YOUR PREVIOUS PASSWORD, go through "I forgot my password, email me a new one" routine and get a new one.
FORUM INTERACTION:
1. DO NOT OVERSHARE. It's all fun and games talking with people, you transition into being a lab and use your pull with the community to get through vetting. Business is doing great. Except now everybody knows who you are. Scenario 2: you call a scammer out, ruin his business and he's mad enough for revenge.
2. DO NOT SHARE PICTURES YOU ARE NOT 100% ABOUT. Again, same thing, but stressed. Make sure you remove ANYTHING that could be used for identification from the pictures. Run them through EXIF remover, such as:
Code:
http://www.exifpurge.com/For the love of god, don't do that thing, where you pull off your Instagram pictures and just blur the face or pain it with black ink. That way you are sharing your name on a silver plate.
3. Be EXTREMELY wary of people who contact you first under the guise of helping you. They can probably very well help you out in public, so start a topic for that and redirect them.
4. PMs on any forum are NOT private, they can be read and you should always assume they indeed are being read.
ONLINE SHOPS:
1. This is advanced, so I will be brief.
2. Use TOR Browser.
3. Use throwaway account for EACH order.
4. Use crypto that can't be tied to you - preferably Monero, or something bought with cash.
5. Do not check the tracking number from unsafe device on your own internet connection - there goes plausible deniability. Use 3rd party website for tracking or use VPN or TOR (although using VPN or TOR is theorized to cause some red lights).
