API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 18th, 2016
2,247
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.87 KB | None | 0 0
raw download clone embed print report
  1. Table of Contents
  2. 1. Secure Operating Systems
  3. 2. Virtual Private Networks
  4. 3. TOR Related
  5. 4. Encryption
  6. 5. File/Download Security
  7. 6. Social Related
  8. 7. General Computer Security
  9.  
  10.  
  11. Preface *NOTE* Nothing will 100% secure you online, this is only meant to help.
  12. This guide is here to help the general user better understand some aspects of anonymity. I understand there are more advanced methods but I thought this content would be most suitable for the users of Exploit.in as a whole. I also plan on updating this thread when newer methods and content become available or more widely used.
  13.  
  14. Disclaimer
  15. I take no responsibility if this information or these methods do not prevent you from getting caught doing something you shouldn't have been doing to begin with.
  16.  
  17. Secure Operating Systems
  18. Aside from the normal, everyday Windows, Macintosh, or Linux distros, these are operating systems that are renowned for the security pre-built within them.
  19.  
  20. Tails
  21. Tails, also known as The Amnesic Incognito Live System, is an open-source OS designed to predominantly be ran via live disc like a CD/DVD, USB, or SD card. The main operation of Tails is aimed at keeping your privacy and anonymity safe while leaving as little trace of use as possible. Since it is an amnesiac OS, nothing is left behind every time you reboot such as save files, new software, and realistically leaves a clean slate when you need to power down. Tails default networking application is TOR (TheOnionRouter) which allows the user to stay encrypted through whatever network they are currently connected to. Many of Tails pre-installed software come pre-configured with security in mind such as the Pidgin IM client which is setup up with OTR for Off-the-Record Messaging or the TOR Browser with all the necessary plugins already added into it. There are many more features to this amazing OS found on their website.
  22. Tails Link: https://tails.boum.org/
  23.  
  24. Whonix
  25. Whonix is another operating system which is aimed on your privacy, security, and anonymity. It is based on three things: The TOR network, Debian Linux, and security by isolation. The creator's of Whonix stand by the fact that DNS leaks are not possible and malware with root privileges can not find out the user's real IP according to their website. There are two different parts to Whonix itself: Whonix-Gateway & Whonix-Workstation which is on a completely isolated network with TOR as its only connection possibilities. The Whonix-Gateway is exactly as it sounds, the gateway to the internet and all TOR connections. The Whonix-Workstation is the actual desktop environment you as a user will interact with during daily usage. The two parts of Whonix sync with each other to make sure the connection is secure as possible while also making sure the two are coinciding correctly. This OS is mainly used within Virtual Machines but can be applied in many different ways. ADD-IN WHONIX PIC SPOILER.
  26. Whonix Link: https://www.whonix.org/
  27.  
  28. user posted image
  29.  
  30. Virtual Machine Software
  31. VMware Link: https://my.vmware.com/web/vmware/downloads
  32. VirtualBox Link: https://www.virtualbox.org/wiki/Downloads
  33.  
  34. USB Live Disc Software
  35. Win32 Disk Imager: http://sourceforge.net/projects/win32diskimager/
  36.  
  37. Will add more Live Disc Software.
  38.  
  39. Virtual Private Networks (VPNs)
  40. Virtual Private Networks intertwine a private network into a public network. This enables the user's computer or personal device to send and receive encrypted data as if it were connected directly to the private network. VPNs are created by making a virtual point-to-point connection through the use of dedicated connections and traffic encryption. Here is my list of the VPNs I believe to be good enough for the average user.
  41.  
  42. *Note* All VPN's listed advertise that they keep ZERO logs of what users do while accessing the VPN.
  43.  
  44. Proxy.sh
  45. Proxy.sh is a well known and reputable Seychelles-based VPN with a very friendly graphical user interface. This VPN comes with truly offshore locations with the option to have discrete onshore tunneling if wanted. Besides being compatible with just about every OS and device platform out there, Proxy.sh comes alongside Safejumper, a custom OpenVPN client with many benefits. Proxy.sh is also know for having a huge array of payment options available, 80+ different options, and only requiring an email along with the payment. They offer a few varying packages to choose from but from personal experience, I'd suggest going with at least their Basic package because it starts giving you more node (location) options to choose from. Proxy.sh has 24/7 customer service and ticketing system which you may access from their control panel on the website.
  46. Proxy.sh Link: https://proxy.sh
  47.  
  48. user posted image
  49.  
  50. Private Internet Access
  51. Private Internet Access, also known as PIA, is a very common VPN used by many due to how easy it is to use and select features and options. PIA boasts about its many layers of security including IP cloaking, strong encryption, firewall, identity protection, and uncensored access anywhere. In addition to this, PIA uses PPTP, OpenVPN, IPSEC/L2TP, and SOCKS5 (proxy). One of the reasons I like this VPN is due to the options you can choose from simply through the GUI located in your active task-bar. By right clicking the GUI, you can choose your data encryption, data authentication, handshake, DNS leak protection, VPN kill switch, node locations, and many more options. PIA is another VPN that is compatible with most OS's and devices. Even with all the features this VPN comes with, it is on the cheaper side only being $6.95 a month if you pay month by month and accepts all major payment options.
  52. PIA Link: https://www.privateinternetaccess.com
  53.  
  54. ZorroVPN
  55. ZorroVPN is the lesser known of these VPNs but is just as secure if not more secure than others. Zorro's main features include AES-256 encryption, 4096-bit authentication keys, switching IP on-the-fly, VPN chains (DoubleVPN, TripleVPN, QuadroVPN), and the ability to set the VPN to "Tor" which allows you to transparently connect to the TOR network. The main downside to ZorroVPN is the limited payment options which used to only accept Bitcoin but now expanded to other options including PayPal & Credit Card with only an email being needed alongside the payment. One thing ZorroVPN states specifically is "ZorroVPN is independent service and it's out of jurisdiction of any government" which may show the thought into how much they care for your privacy and security. ZorroVPN is compatible with most common Windows, Linux, and mobile devices.
  56. ZorroVPN Link: https://zorrovpn.com/
  57.  
  58. Other Notable VPNs (for additional levels of security)
  59. CryptoStorm Link: https://cryptostorm.is/
  60.  
  61. DNS Leaking
  62. While you are on a VPN, you want all traffic coming from your computer to go through the encrypted network. If any of your traffic leaks outside this encrypted network, people can then log that information which is not good at all. The Domain Name System (DNS) translates domain names such as Exploit.in into IP addresses such as 190.93.250.145 which is required to send packets of data on the Internet. When you try to access a specific website, before you go there you computer must interact with the DNS server to request the IP address. Internet service providers (ISPs) usually use specific DNS servers which log and record specific activities you do while on the Internet. The main issue here is when you use a VPN, sometimes the OS will default to the normal DNS servers instead of the DNS servers your VPN provides. DNS leaks while using a VPN can make you feel safe while you are truly leaking data that you don't want leaked. This is a major issue which is why all VPNs I listed above have some sort of DNS Leak protection, a must have when stay anonymous. You can test to see if you are DNS leaking at the links below.
  63. IPLeak Link: https://ipleak.net/
  64. LeakTest Link: https://www.dnsleaktest.com/
  65.  
  66. user posted image
  67.  
  68. For anyone not using a VPN with DNS Leak Protection, try using one of these DNS servers:
  69. OpenDNS: 208.67.222.222 and 208.67.220.220
  70. ComodoDNS: 156.154.70.22 and 156.154.71.22
  71. UltraDNS: 156.154.70.1 and 156.154.71.1
  72. NortonDNS: 198.153.192.1 and 198.153.194.1
  73.  
  74. SOCKS4/SOCKS5 Servers
  75. SOCKS, which stands for Socket Secure, is an Internet Protocol that routes network packets between a client and server through a proxy server and allows you for sessions to traverse securely across firewall security. SOCKS4 & 5 are different types that do slightly different things. The main difference between the two is SOCKS4 only supports TCP application while SOCKS5 supports both TCP and UDP. With added supports, authentication methods, and domain name resolution, the main outgoing SOCKS proxy are SOCKS4 proxy. You won't be able to use UDP applications but it will be to your benefit overall. So if you are in need of a proxy instead of a VPN for a specific application, try to keep this in mind.
  76.  
  77. Tor Related
  78. What is Tor?
  79. Tor, which stands for 'The Onion Router', is a non-profit group of volunteer-operated servers that allows people to improve their privacy, privacy tools, and security on the Internet. The Tor network works by moving your traffic across various nodes through a series of virtual tunnels rather than making a direct connection, allowing anyone to share vital information without compromising one's identity. Anyone trying to trace you would see the traffic going through various Tor nodes on the network rather than directly from your computer. All that is needed to access the Tor network and .onion links (hidden service sites only accessible on Tor network) is the Tor Browser. The Tor Browser comes ready to use and routes everything you do through the Tor network without any configuration needed although I'd recommend a few steps to take which you will see later in this thread.
  80.  
  81. user posted image
  82.  
  83. Tor Benefits
  84. Tor has many benefits for all kinds of privacy issues people face in the world we live in. Many journalists, hackers, or people living in a dictatorship with a lot of censorship can use the Tor network to anonymize your traffic and access sites you may not have been able to before all while being absolutely FREE. Tor is also very useful for anyone looking to keep their online activity hidden from other people or your ISP. Tor can also be used to host sites which contain hidden services only accessible by other Tor users and sometimes needing an invitation to access for added security.
  85.  
  86. Browser Configuration
  87. Although the Tor Browser comes pre-configured and can be used right away, there are a few more steps that people should take to secure it even more. Here is a list of addons which should be used within the Tor browser:
  88.  
  89. NoScript - an open source FireFox extension which allows you to restrict JavaScript, Java, Flash, and other plugins from only being executed by trusted web sites of your choice. Tor already has this installed in its browser by default but there are a few settings which you will need to enable/change. Firstly, open up the NoScript options and go to the Embeddings tab. From here you want to make sure everything on that page is checked on. Then, we are going to go to the Advanced tab. When there, go to the Untrusted sub-tab and make sure everything is checked on. Your NoScript is now more secure than the default configuration.
  90.  
  91. Ghostery - Ghostery is a privacy based browser extension used to block specific tracking cookies along various sites. Ghostery does not come pre-installed on the Tor browser so download it from the addon page in the browser by searching it. Once installed, we have to change some things. Once installed, clicked the Ghost icon located on the browser toolbar and once the Ghostery mini-page pops up, click the gear wheel in the upper-right hand corner and go to options. Under sharing options, make sure Ghostrank is disabled. Scroll down to the bottom where you see three tabs: Trackers, Cookies, & Whitelisted Sites. Make sure your on the Trackers tab and check everything on (should be 5). After doing that, make sure to click SAVE at the bottom of the page or this will not stay configured correctly.
  92.  
  93. RefControl - RefControl is an extention for FireFox that lets you control what things gets sent as the HTTP Referer on a per-site basis. Basically, when you access a site, you may not want a webmaster to know where exactly you found the link to access their site. This mitigates that completely.
  94.  
  95. HTTPS Everywhere - HTTPS Everywhere is an open-source extension created in collaboration by the Tor Project and the Electronic Frontier Foundation. It allows you to automatically make any website which supports HTTPS, use the secure HTTPS connection instead of the normal HTTP.
  96.  
  97. Disconnect - Disconnect is an open source addon which allows you to visualize and block invisible websites that track both your search and browsing history. On top of that, this also allows your page to load faster. Just make sure all sites are blacklisted at all times.
  98.  
  99. Search Engine - Although many people use Google as their main search engine for normal web browsing, Google shows a lack of care for users privacy in general. Also, Google is notorious for tracking clicks on result pages that you search with alongside sometimes having you log into GMail to access certain things. To prevent that here are a few search engines you can set to default instead.
  100. DuckDuckGo.com
  101. Ixquick.com
  102. Etools.ch
  103. WebRTC Fix - This fixes a big security hole that can reveal you IP address to websites through WebRTC. Regardless if you're on Tor or on a VPN, if your browser doesn't prevent this, someone can still grab your real IP behind all that security. To fix this issue, open up your Tor Browser and type "about:config" into the URL bar. After doing that, in the search bar, search for "media.peerconnection.enabled" and make sure it is set to FALSE. You will then be set.
  104.  
  105. Another suggested extension but not needed is AdblockPlus.
  106.  
  107. Exit Node Security Warning
  108. One thing I need to talk about is how other entities may be able to see your traffic over the Tor network. On Tor, instead of taking a direct route from your computer to the destination, the Tor network routes a random path through many Tor relays to encrypt and hide your data. Once your at the last relay of the path, this is called the exit node. The exit node is the one that actually makes the connection to the destination server. Tor, by design, cannot encrypt data between the exit node and destination server so whoever may be in control of the exit node has the ability to capture the traffic passing through it. The best way to combat this is to use End-to-End encryption which I will explain more about in the Encryption section later on in this thread.
  109.  
  110. Invisible Internet Project (I2P)
  111. I wasn't sure about adding this in but I think it needs to be explained and talked about a little bit. I2P is a decentralized anonymizing network built on similar principles to Tor except was designed to be a self-contained darknet. Users still connect using P2P encrypted tunnels but there are still many differences.
  112. Distributed peer-to-peer model.
  113. Garlic routing (encrypts multiple messages together, harder traffic analysis).
  114. Uni-directional tunnels so incoming and outgoing traffic are seperate.
  115. Uses packet switching instead of circuit switching.
  116. Uses its own API rather than SOCKS like Tor. This makes it technically more secure than Tor.
  117. Aside from being very secure, it will also be much faster than Tor overall. The best way to explain I2P is as a internet within an internet. One thing to mention is I2P does not hide the fact you are using the service at all. If you don't like Tor for some reason, this is another option to check out.
  118. I2P Link: https://geti2p.net/en/
  119.  
  120.  
  121. Tor through VPN vs. VPN through Tor
  122. Many people aren't aware that by using these in different orders really alters your privacy/anonymity quite a bit. Here I'll talk about the pros and cons of each side along with my final thought on the matter.
  123.  
  124. Tor through VPN - This is the method most people use because of it's convenience. The connection for this way of doing things is: Your Computer -> VPN -> Tor -> Internet. This is what it looks like when you connect to Tor while already on a VPN, since most people always have a VPN turned on already. One of the main advantages to this is that you can keep Tor hidden from your ISP, but your ISP will instead see you using a VPN which in most cases is much better. Also, if you're going through a bad Tor exit node, if you're using a good VPN, they will not keep logs yet still keep your data encrypted as well. The main disadvantage to this method is that a malicious Tor exit node can still monitor your traffic and trace it back to the VPN provider. This will be okay so long as your VPN provider keeps no logs or IP addresses of clients. The only other downside is that a lot of exit nodes on Tor will be blocked while using a VPN in this manner. This method mainly rides on how much you trust your VPN provider, otherwise is a very safe option.
  125.  
  126. VPN through Tor - This is a less used method but still used by many. The connection using this method looks like this: Your Computer -> encrypt with VPN -> Tor -> VPN -> Internet. The only way for this method is to use a VPN client which works directly with Tor and only two known VPNs work with Tor in this way: AirVPN and BolehVPN. This method really doesn't have any cons to it, only pros. The first pro being that because you are connecting to the VPN server through Tor, even the VPN provider will have no idea what your real IP address is. If you were to pay with BTC and use this method, there would be absolutely no way for the VPN provider to identify you in anyway. This method bypasses all blocks on Tor exit nodes as well as making all traffic through the Tor exit nodes completely encrypted. Finally, this method allows for geo-spoofing (Geo-Location) since you can choose the server location.
  127.  
  128. Overall, both methods of connection are going to be more secure then only using one. My suggesting would be to use the first method since it is convenient but only if you really trust your VPN provider. If you don't and want added security, use the second method which ensures that none of your privacy or anonymity will be compromised.
  129.  
  130. Tor Bridges
  131. Tor Bridges (Bridge Relays) are Tor Relays that aren't listed on the main Tor directory. The main reason to use Tor Bridges is if you think your Tor connection is being blocked by something such as your ISP because even if they were to filter all the connections of known Tor relays, all bridges will not be blocked. I'm not going to go in-depth into this but I will leave a few links to find out where to get Bridge Relay IPs and how to install/configure them correctly.
  132. Configuration Link: https://www.torproject.org/docs/bridges.html.en
  133. Bridge Relays: https://bridges.torproject.org/
  134.  
  135. Proxychains with Tor
  136. Proxychains is a tool that takes all TCP connections made by an application and pulls them through a proxy like Tor or SOCKS4/5 proxies. The cool thing about proxychains is you can have a random order and as many proxies as you want. It works with all applications but in this case, we'll be talking about it directly interacting with Tor. Most people use Proxychains on Linux OS's but you can use a program like Proxifier to do the same on Windows. By using Proxychains alongside Tor, it allows you to have an extra hop after the exit node before getting to the destination. This way, it doesn't look sketchy if you are leaving a French exit node and going to a US destination because with Proxychains, you can come from the French exit node, to a US proxy, then to the US destination making it much smoother overall. Here is are a few links to install/configure Proxychains, proxy lists, and how to check blacklists.
  137. Proxychains Guide: http://null-byte.wonderhowto.com/how-to/ha...chains-0154619/
  138. Socks Providers: Vip72 & WinSocks
  139. Blacklists: IP-Score & Whoer
  140.  
  141. Tortilla
  142. Tortilla is an open source tool which users can use to transparently and securely route all TCP/IP and DNS traffic through Tor, regardless of client software, and without relying on VPNs or additional hardware or virtual machines. When this first came out, the creator pointed out two very undeniable facts about this tool. One, that it fixes "the Firefox problem" which is that FireFox has a ton of new vulnerabilities being discovered throughout each year which is a big security flaw. Two, being able to untangle the SOCKS server issue which wasn't allowing users to use TCP proxying via SOCKS. Tortilla solves these issues and allows Tor to be used with virtual machines which is why this tool works so well with TailsOS and can allow you to connect to Tor over top of Tor. This is software I haven't fully tested yet and will update with more if needed.
  143. Tortilla Link: http://www.crowdstrike.com/community-tools/
  144. Tortilla Github: https://github.com/CrowdStrike/Tortilla
  145. Tor over the top of Tor: https://www.deepdotweb.com/jolly-rogers-sec...ver-top-of-tor/
  146.  
  147. Encryption
  148. Encryption is a vital part of computer security when it comes to important documents, personal data, or internet traffic. It allows you to securely protect data that you don't want anyone else to see or have access to. When it comes to privacy and anonymity, encryption plays one of the most important roles possible for securing data being transferred over the internet. Here are just a few types of encryption which everyone should be using.
  149.  
  150. PGP Encryption
  151. PGP, Pretty Good Privacy, is a program used for the encryption/decryption of email over the Internet but also serves as a way to authenticate messages with digital signatures and encrypted stored files. PGP uses a variant on the public key system. It starts with each user having an encryption key that is publicly known and a private key only that user has. Each person sends a message, encrypting it with their public key. Then when the message is received, the message is decrypted using the user's private key. To make this the encryption process much faster, PGP uses an algorithm which encrypts the message, then uses the public key to encrypt the shorter key. There are two versions of PGP available: RSA & Diffie-Hellman. Both of these have different algorithms for encryption but as just as secure as the other. Sending digital signatures is a similar process but creates a hash using the user's name and other signature information. The hash is encrypted with the user's private key. They recipient uses the sender's public key to decrypt the hash code. If it matches, the recipient knows that this is an authentic file.
  152.  
  153. user posted image
  154.  
  155. Here are some links to PGP software and guides.
  156. Guide on PGP: http://www.bitcoinnotbombs.com/beginners-guide-to-pgp/
  157. GNU Privacy Guard (alternative): https://www.gnupg.org/
  158. GPG for Windows: http://www.gpg4win.org/
  159. GPG for USB: http://www.gpg4usb.org/
  160.  
  161. Another good site but is currently invite only is Keybase.io which allows you to confirm someone else's PGP key, fingerprint, BTC address, social media accounts, etc.
  162. Keybase: https://keybase.io/
  163.  
  164. Whole Disk Encryption
  165. Disk encryption is software which protects your information by turning it into unreadable code which can't be cracked easily by unwanted users. Disk encryption uses specific software or hardware to encrypt all data that goes on a disk or a disk volume. Whole disk encryption is when everything on the disk is encrypted as well as all the programs that can encrypt bootable OS partitions. One thing to note is computers using Master Boot Record (MBR) will NOT have that part of the disk encrypted. Whole disk encryption has many benefits to it. Number one is ALL parts of the disk are encrypted, even the swap space and temporary files which may contain sensitive information. By using full disk encryption, you don't have the chance of accidentally not encrypting a file since everything is indeed encrypted regardless. Lastly, by destroying the cryptography keys, it will render the data completely useless. It's not needed on everybody's computers since everyone has different need, but definitely recommended. Most people have used software called TrueCrypt in the past but that software is no longer being developed. Instead, new software called VeraCrypt has taken is placed and is a very useful encryption tool.
  166. VeraCrypt Link: https://veracrypt.codeplex.com/
  167.  
  168. Another good piece of encryption software is DiskCryptor which has similiar functions to VeraCrypt.
  169. Diskcryptor Link: https://diskcryptor.net/wiki/Downloads
  170.  
  171. Disk Encryption Wiki Info: https://wiki.archlinux.org/index.php/Disk_encryption
  172.  
  173. *Warning* Please make sure to backup your entire system before attempting to do whole disk encryption in the case of a failure during the process.
  174.  
  175. File Encryption
  176. File encryption follows the same procedure as whole disk encryption but instead of the whole disk, you are specifically encrypted an individual file or a whole folder. File encryption is a much simpler process that whole disk encryption and can be done with the same software, VeraCrypt. One thing to note is that with VeraCrypt, you can make a much larger encrypted volume (basically extra storage) to put files in and encrypt it as a whole. For instance, I have an external hard-drive which I made a 200GB encrypted volume for so once I type the password for that volume, I can drop anything in and close it. It will now be encrypted until I unlock that volume at another point in time. Here is a guide on how to use it with another VeraCrypt download link.
  177. VeraCrypt Link: https://veracrypt.codeplex.com/
  178. VeraCrypt Guide: https://veracrypt.codeplex.com/wikipage?tit...%27s%20Tutorial
  179.  
  180. Encrypted Backups
  181. I won't be saying much about backups but I suggest everyone to keep backs and then encrypt them with this software for added security and to have that safety of being able to restore your system if something were to go wrong.
  182.  
  183. File/Download Security
  184. File and download security is not something the average user thinks about which is why I wanted to write this section to explain a little bit about it. Hopefully after reading this section you'll understand more about why file and download security should be a higher priority than most since it's something the average user will use most.
  185.  
  186. Metadata
  187. Metadata is data that describes other data. Now that may sound confusing but think about it from a files perspective. Author, date created, date modified, and file size are simple examples of metadata that almost all documents carry. On top of that, images, videos, Excel sheets, and web pages all carry their own personalized metadata. Metadata is something which could easily give away personal information that you wouldn't even realize is there. The biggest one that people don't realize is simple pictures taken on your cellphone camera. Here is an example of EXIF (exchangeable image file format) data which shows exactly some of the metadata you'd find within a picture taken on a cellphone:
  188.  
  189.  
  190. user posted image
  191.  
  192. There is a lot more information where that came from. Depending on if you have location on or not, metadata can even give GPS coordinates of where the picture was taken. All files contains this sensitive information within them and most people don't even realize it exists. Thankfully, there are tools out there which can be used to find and delete that information from files. This software is called MAT: Metadata Anonymization Toolkit and will help aid in the removal of metadata from the files that you want to clean.
  193. MAT Link: https://mat.boum.org/
  194.  
  195. Deleting Files/Information Correctly
  196. I feel like there are many users currently out there who think that by simply deleting a file, it's magically gone from your computer. This is NOT true! When you delete something from your computer, the only thing you are doing is deleting where it was located on the drive. It's still within the drive but the location data is no longer there. This is the reason why file recovery software exists, to grab those files you "deleted" and get them back. The correct way to delete something (file shredding) is by overwriting the data. One thing you must understand is that by overwriting previous data/files, this doesn't remove a files location but instead makes it unrecoverable. For the average user, overwriting a file once should be enough although the NSA recommends 3 times, while the DoD recommends 7 times. It all comes down to preference but some people believe that when you only go over a file once, you miss some of the data so by going over it many times, you get rid of the data that is left over. Here are some of the tools many people use for correct file cleaning and deletion.
  197. Darik's Boot and Nuke: http://www.dban.org/
  198. File Shredder: http://www.fileshredder.org/
  199. CCleaner: https://www.piriform.com/ccleaner
  200.  
  201. For people who want an extra step to stay safe, every time you empty your recycling bin, you should shred all files within it.
  202.  
  203. MD5/SHA-1 Checksums
  204. Before learning what a checksum is, you first need to know what MD5 & SHA-1 are first. MD5 & SHA-1 are common cryptographic hash functions with MD5 being a 128-bit (16-byte) hash value while SHA-1 is a 160-bit (20-byte) hash value. With these two hash type, we can use them to verify data integrity of a file/download. After downloading a file or software is when you are able to check the checksum of the file. The checksum is where the contents of the file get thrown into a mathematical algorithm and output a specific MD5/SHA-1 string. This method of verifying downloads/files is not as good as PGP + signature file but if you cannot use that method, this is a good second. Almost all Linux distros have the commands sha1sum and md5sum built into it. All you do is run these commands against the file in question and it will output the checksum string for you. Once you do this, all you do is compare that to what the download should of been and you should be able to verify if the download was authentic or not. For most users who use Windows, I will leave a link for you to Microsoft's own checksum integrity verifier.
  205. Windows Checksum Link: https://www.microsoft.com/en-ca/download/de...s.aspx?id=11533
  206. MD5/SHA-1 Hash Verification Software: https://www.raymond.cc/blog/7-tools-verify-...d5-sha1-hashes/
  207.  
  208. One thing to note is that MD5 has known collisions. With enough force, this allows MD5 to be broken into.
  209.  
  210.  
  211. Social Related
  212. Within this section I will be talking about everything related to interacting with people socially via messaging of some sorts. This section is my opinion on what should be used and may differ from person to person. This will give you a general idea of what you want to be doing while using social related messaging services.
  213.  
  214. XMPP
  215. XMPP stands for Extensible Messaging and Presence Protocol and is used for communications for message-oriented middleware based on the Extensible Markup Language (XML). Many more people are starting to use this as a main way of communication using programs such as Pidgin to accomplish this. Pidgin is an open-source multi-platform IM client which most people will recommend for XMPP. The main reason is because Pidgin has a simple plugin which you can download that allows you to incorporate Off-the-Record (OTR) messaging into it. OTR allows you to have private conversations over XMPP by using encryption, authentication, and the fact that messages you send do not have digital signatures that a third party can check for. This is a must use plugin/step you need when using any type of XMPP client.
  216. Pidgin Link: https://pidgin.im/
  217. Pidgin Secure Messaging Guide: https://securityinabox.org/en/guide/pidgin/windows
  218.  
  219. Good XMPP Servers
  220. riseup.net
  221. xmpp.ninja
  222. darkness.su
  223. captio.ch
  224. thedark.army
  225. IRC
  226. IRC, which stands for Internet Relay Chat, is an application layer protocol that facilitates the transfer of messages in the form of text. IRC has been around for a very long time but is still widely used by people all over. Most IRCs consist of a community or group of people with a specific goal/topic in mind. To connect to a specific IRC, you need two main things: the IP to the server and the channel (which has a # infront of it like #channel). There are plenty of public IRCs but most will be private depending on the topic of conversation. When it comes to security and IRC, there are more steps that need to be taken that with XMPP, so I will link a good guide to follow when setting up IRC and explain some good IRC clients to use.
  227.  
  228. IRC Clients
  229. X-chat
  230. mIRC
  231. HexChat
  232. irssi (Linux cli)
  233. IRC Anonymity Guide: https://encrypteverything.ca/IRC_Anonymity_Guide
  234.  
  235. Skype
  236. Skype is an application that specializes in video chat and voice calls from pretty much any device out there and also allows for text IM as well. Skype is by far the most insecure IM method but since people tend to use this a majority of time, I figured I'd give you a few examples of what you should do. The main issue I see people having is having there skype resolved giving someone your IP. The first thing that should be done is changing a single setting on the Skype client itself. Once in the client, go to Tools -> Options -> Advanced Tab -> Connection, then within the Connection section, make sure to check mark the box that says, "Allow direct connections to your contacts only." This will help against most online resolvers but not ones which have a DB of old IP entries. To make sure you even more safe with Skype, one thing I recommend is blacklisting your Skype account on the main Skype resolvers people use. Yes it will cost a little bit of money but in the end will benefit you completely. Another thing to note you should never go on Skype unless you are currently on a VPN or have Skype setup with SOCKS5 proxies.
  237.  
  238. Sites to Blacklist Skype From
  239. Skypegrab
  240. ResolveItPLZ
  241. GoResolver
  242. Secure Email Providers
  243. There is no such thing as a 100% secure email although there are email providers out there that take security much more seriously than others. Many of which have much more encryption, multiple authentication types, secure servers, etc. Here is the list of email providers which I believe are more secure than the average email provider such as Gmail or Hotmail. Also, if you need to send an email but don't want to create a new one, there are such things as throw away emails which you can use that automatically are destroyed after sending a message or a certain amount of time.
  244.  
  245. Email Providers
  246. protonmail.ch
  247. mail.riseup.net
  248. cryptoheaven.com
  249. GnuPG - for any email service
  250. General Computer Security
  251. This is a section I just wanted to throw in to have my opinion on security related applications for both Windows and Linux. This doesn't have to do with anonymity but will help users who aren't sure what type of applications they should use when browsing the web and making sure they don't get infected as much as they may have using crappy software.
  252.  
  253. Anti-Virus
  254. Comodo Internet Security Pro (recommended)
  255. Bitdefender Total Security
  256. ESET Nod32 Smart Security
  257. Active Applications
  258. Hitman.Pro Alert (a must have)
  259. KeyScrambler Pro
  260. Malwarebytes Anti-Exploit
  261. Other Applications to Have
  262. CCleaner
  263. Malwarebytes Anti-Malware
  264. RogueKillerX64
  265. Spybot-S&D
  266. Linux Applications
  267. Lynis
  268. ClamAV
  269. rkhunter
  270.  
  271.  
  272. I will constantly be upgrading this thread whenever possible. If you feel as though you think something should be added, please feel free to PM me.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!