How To Secure and Anonymize Your Online Activity

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

your personal data is very valuable it is no wonder that hackers governments and corporations are trying to collect and catalog everything about you your search queries your entertainment choices web history online chats and posts all paint a very detailed picture about who you are most people wouldn't even share their internet history with the closest people to them in their lives so why would you want to share it with people that actually have an incentive to exploit all of your personal data and have access to it there is a solution to stopping the tracking though and that is to take matters into your own hands and start protecting your data by changing habits and using the correct technology to enhance your privacy and anonymity now right off the bat i will tell you that these steps are going to add a bit of a challenge to your computer and browsing habits the web is designed in such a way to not be private and combine that with a life of people being conditioned to trade off their privacy for convenience well i'm going to show you will enhance your privacy and your security but it's going to make things a bit more complicated the first step is to decentralize your online accounts most people are using a single non-privacy respecting email to sign up for everything from netflix to spotify grubhub uber etc and what's worse is they will oftentimes use the same password across all of these accounts including the email and there is so much of your information that is going to be concentrated within that single email address especially if you're also using it as your primary email for correspondence and if you're reusing passwords well if any one of the services that are connected to it has a data breach that releases that password your email and password will become available to that hacker and then they have access to everything and vice versa if the email service itself has a breach then all of the accounts that are connected to it become vulnerable to hacking the simplest way to prevent this issue is to use a password manager along with multiple different email addresses this is this way your accounts they can't get hacked and your services cannot be personally linked to one another for securing your passwords i recommend using keepassxc or gnu pass you should really avoid any password manager solution that asks you to pay money or does an online registration and syncing of your data to their cloud as that would compromise the anonymity of it unless you use tor and a burner email to sign up for it then it's going to be a little bit safer than just using clearnet and an email that is connected to your identity but again i just suggest using an offline password manager and that brings me to the next subject which is creating your email accounts so there's two kinds of email services that we'll be using here there are permanent email addresses and burner emails permanent emails are ones that you are going to be using indefinitely you'll want to use these either for sending and receiving email for the foreseeable future or doing any kind of email correspondence using it for things like job hunting and so on and so forth uh or if you need to get alerts for accounts that are created using this email so the services that i would recommend for using this is 2d noda mail fence and protonmail these services they should be signed up for over the tor network and it's also advisable to request a new identity on the torn network meaning you get a different ip address before creating each one or if you're going to create multiple emails using the same provider and that way none of those different email addresses can be linked to one another in any way and for temporary email you should be using tempmail.org tempmailow.com or gorilla mail and these are mostly helpful for creating what you would call throwaway accounts so these are going to be accounts that you either don't really care about or something that you're just going to be using for a short period of time like to redeem some type of coupon or something like that now one important thing to keep in mind when you're going to be securing your online activity is to create a threat model so this is going to be who and what you are actually going to be securing from if your threat model includes law enforcement then you should take the additional step of not using any biometrics to secure any of your data or devices because fingerprints face scans and ira scans they can be forcefully taken from you to unlock your data and unlock your devices by governments well passwords cannot unless of course you willingly give them up which could likely happen if you are subjugated to enhanced interrogation techniques so in addition to not using biometrics a government threat model should include a two-factor authentication with a hardware security key like a ub key for example and the thing about using a hardware security key is that if this key were to become lost or damaged all of your accounts that are requiring it would become inaccessible so this would be a last stitch a good last stitch effort if the glow boys come knocking you can just destroy your ub key and then all of those accounts would be inaccessible now we're going to talk about real-time communication for that there are a few options but this is where some additional work needs to be done for messaging you want to avoid sms at all cost green bubbles on an iphone would be an example of an sms conversation these communications are not encrypted at all meaning that they can be intercepted in plain text by cellular carriers governments or any hackers that are snooping on the conversation so in order to avoid sms being used both parties have to use the same kind of service that supports end-to-end encryption and that's where the tough part is going to come in because obviously you're going to need to get your friends family whoever you want to communicate with to use one of these services that they've probably never heard of you know these services generally aren't advertised very much so it's going to be a little bit tough to get normies to use them but they're not terribly difficult to use the easiest one for noobs is going to be signal so it's an open source messenger that features end-to-end encryption it also supports a voice as well as video calling so this is pretty easy to use but there is a disadvantage to using something like signal which is that it's still a centralized service which means that it's going to be more susceptible to backdoor access by any governments the ownership of the service could also very easily change into the hands of someone who doesn't really care so much about the end user's privacy so if this is more of a concern to you then i recommend that you use and convince your friend to use a federated service like element or use a peer-to-peer solution such as briar or yami next we want to secure the browser because this is another tool that is often used by corporations to collect information from people so it's important to use one with good security settings out of the gate as well as to go through any configuration options to further harden it and it's also a good idea to not use a browser like google chrome that is created by a company that profits from tracking because obviously there's going to be incentive in there to have the default settings to not be privacy respecting as well as to put hidden settings in there that are still going to track you that the user either can't easily delete or cannot disable at all so a good option for a spyware free browser that meets all these requirements right out of the box is going to be gnu ice cap now you will have limited options for viewing sites that heavily rely on javascript though one very commonly used example would be youtube so you can see in gnu icecat when you try to load a youtube video it doesn't really play it kind of plays like one frame at a time if you hit the play button sometimes you can refresh it and it will sort of start playing the video at first for a few seconds but then as you can see it stops now there are some ways to get around something like this um you'll want to download mpv and use that to be able to view youtube videos uh whenever you come across one in gnu ice cad so all that you have to do is copy the url we'll get rid of this bit here so copy the url and then open up a terminal and then you just type mpv and then paste in the video url okay i had to pause and update my youtube dl you can still update it by the way there's tons of forks of it available on github you might not be able to just do it through your package manager so all you have to do because mpv to do this particular function utilizes youtube dl is just download it from github the updated one and install it and then it should automatically plug into mpv but anyway as i was trying to show you before you could just type mpv followed by the url of the video that you're trying to watch and in ice cat it's going to be right before this and disable polymer equals true and hit enter and there's actually some pretty handful things that you can do in here like for example you can step through frame by frame so this is something that not even youtube itself supports now obviously you're not going to be able to comment or leave a like or anything like that within mpv so if you really need to do that if you need to actually interact with it via your youtube account you're going to want to sign into youtube probably from a different browser profile or a different browser altogether because again with good new ice cat the javascript limitations make a lot of those features not really work so well and then you can do uh whatever you need to do with your youtube account uh also by the way using mpv to view youtube videos is a way that you can bypass age restricted videos so mpv it's not going to ask you to verify your age youtube of course if you click on an age restricted video it's going to ask you hey sign in to verify that you're over 18 or whatever you can just do exactly what i showed you here copy that url and paste it into the mpv command and you're good to go it's also worth noting that this is usually lighter on your system resources than just watching a youtube video in your browser directly and it's not actually downloading the video to be saved it's just streaming it so there's not going to be any privacy concerns or storage space concerns there either for an easier to use browser that still has good security settings i would recommend using firefox however you're going to want to change some of your security settings um certain things like you don't want to store cookies you want to just delete those after firefox is closed you don't really want to autofill addresses or credit cards and in your address bar you probably don't want it saving browser history browsing history bookmarks uh anything else like that and you'll also want to install the ghax user.js to automatically import the most secure browser settings that disable things like webrtc uh geolocation and unique fingerprinting and you're also going to want to install an ad blocker like u-block origin that way you can selectively disable javascript on sites because basically all of the ads that are displayed to you those are all driven by javascript as we saw with gnu icecat it just disables all of them so you're not going to see any javascript at all but that breaks websites using ublock origin you can go into the advanced user settings and also disable javascript here and then what that does is it basically shows you individual scripts that are getting loaded on a webpage usually i would globally disable third-party scripts and you could just lock that so that's automatically going to do it on every new page but then whenever you load another site then it's going to show other domains that you want to block scripts from obviously two denoted they don't have a whole lot of ads showing here but if you're on a site that is heavy in ads this is going to be really really long and you can go through uh blacklisting as many sites as possible or as many domains as possible that are showing scripts until you get the site to a point where it's still functional but it's just not showing anything additional that isn't necessary for the site to actually work and you'll also want to use the decentralize add-on for local content delivery network emulation so this is going to block unnecessary connections to cdns like cloudflare and google and it can also speed up the loading time of some pages by loading the relevant web libraries locally on the user's machine now while we're still in the browser you should also avoid using search engines that are built to track you this means that google and bing they should not be used for your search queries moving forward at least not within the same privacy browsing profile instead you should use services like duckduckgo or start page to emulate google results in a more private way what i would recommend most though is sir x as it is the most open source uh well not open source but most open and transparent search engine that is currently available on the web and finally you're going to want to implement the use of multiple profiles within the browser for different use cases this is useful for situations where you might want to use youtube to leave comments on your favorite creators page uh or maybe even upload a youtube video if you're a content creator yourself but if you just want to view other random things that you know you aren't going to need a youtube profile for to interact with it's best to just browse to those pages from another browser profile altogether where you aren't signed into your social media accounts and that's going to prevent those companies from tracking your watch history within the accounts themselves because of course they ultimately control the account they let you have it for free but anytime there's a service where something is free chances are you are the product so this is going to reduce the amount of information that they're able to harvest from you by not using it when you don't need it and if you do happen to stumble upon a video that you want to comment on or do something else that requires an account you know just keep in mind age restriction doesn't require an account to bypass you can use mpv for this but if you do need to interact with it you can just copy the url of whatever page you're on and then go to about profiles launch whichever profile you're going to use and you can name these however you want and open that up and then you can interact with that page using your signed in profile and you can take this a step further by purchasing a vpn and using specific servers with specific browser profiles uh for specific purposes and this would even prevent your isp from being able to link all of your different activities to your ip address that they give you and same goes for any government agencies that could subpoena your isp for the browsing records now keep in mind a vpn does not anonymize you all it does is shift the burden of privacy from your internet service provider to the vpn provider of your choice and for this reason it is very important to pick a vpn provider that is as secure and anonymous as possible and with these requirements your vpn of choice should be mulvad as far as i know they are the only one that is a log free vpn provider meaning that they don't really store any history of what you're doing on their service uh they don't have a history of selling user data and they also have a pay-by-cash option as well as the ability to create an account without giving up any user details um so you have to be very mindful though if you're going to go to this extreme not to mix your clearnet accounts meaning accounts that you created on your own ip address that your isp gives you and your vpn accounts uh for example if you created an account from your real ip address and then logged into it with your vpn when it's connected then those login details are going to be collected by the owner of whatever service the account belongs to you know take facebook as an example the time of day and the ip is going to be collected and now your real ip address and personal information that is connected to that account can then be connected to this vpn and all it takes is one server because uh like mulvade they offer you i think 600 different servers and they're all going to have different ip addresses but you can figure out who an ip address belongs to fairly easily you know you can even tell uh what isps somebody is using you can tell whether it belongs to a vpn you know this is how uh online services or online websites they're able to ban entire ip ranges like if somebody is just abusing their platform over and over again then they'll ban the entire range of whatever vpn service they're using or isp they're using but the same thing can go for tracking you down and identifying you it just takes one slip up one server that gets connected to an account made with your real ip address and then the whole thing is essentially compromised they can say hey you know we know that john smith here he also uses mulvad we know that for a fact even though he paid in cash and he created it in an anonymous way without giving up any of his user details but as long as you avoid that and you create the vpn account in an anonymous way meaning that you do it over tor and you mail in a cash payment option for your account then you're going to be good now for situations where you truly need to browse anonymously you should resort to using tor but again just because you're using tor doesn't make you completely anonymous you should also block javascript as this can be used to reach through the three proxy hops of the tor network and grab your real ip address as well as hardware info about the computer that you're using which could uniquely identify you you also shouldn't use any accounts that are created on your public ip address especially the ones with your personal identifiable information because you've got the same problem as using it with your vpn those accounts they can easily link your personal information to the tor ip address that's in use at the time and then track all of the activity back to you um even things that go outside of that particular network like say you signed into your gmail over tor and then you go do a bunch of other stuff with that same ip address you're the only person in the world that is probably using that ip address at that specific time right like it can be it can really be narrowed down to you especially because there's not that many tor users out there that which is another thing you could do by the way to increase the effectiveness of the tor network itself is to spread this information let other people know about it because the more people that are actually using the tor network the more difficult it is for any one person to be identified on it and finally you should really just avoid online services that try to track you in the first place google facebook twitter they're all designed to track you every social media is purposefully designed to track you so it's very difficult to actually create and use these accounts especially when they require a phone number just to verify the account during sign up obviously your personal phone number is going to be out of the question for a private social media account but if you all are interested in finding out how to create these accounts anonymously that require phone verification let me know as the process to do so is a little convoluted to really do it correctly and it's likely going to require another video on its own there's also much more to be taken into account to really protect your online security like securing your home wi-fi securing your computers your smartphones and also how to just surf the internet without really revealing your identity so i've done brief coverage of these subjects already on my youtube channel but if you're interested in a deep dive into all of those subjects let me know and i'll make another longer video like this covering those different subjects but that's it for this one really glad you stayed to the end hope you enjoyed peace out

Info

Channel: Mental Outlaw

Views: 432,743

Rating: undefined out of 5

Keywords: Mental Outlaw, mental, outlaw, how to secure your online activity, how to anonymize your online activity, How to be anonymous on the web, Online anonymity tutorial, how to be anonymous, how to be anonymous online, anonymous online, online anonymity, how to become anonymous, anonymity tutorial, guide to online anonymity, tor, dark net, anonymous tor, tor browser tutorial, how to be anonymous on the internet, duckduckgo, signal, disroot, tutanota, protonmail, mullvad, go anonymous, vpn

Id: 8ZvkaOV82tc

Channel Id: undefined

Length: 25min 10sec (1510 seconds)

Published: Fri Nov 06 2020