mics (machine identification code) are nearly invisible marks most printers add to anything they print, as a means of tracking where each peice of printed material was printed from - down to the exact printer. not model, the individual printer
it's allegedly to curb counterfeit money, but obviously it can be used to connect material you print for, say, activism or political stuff down to the exact printer you used. if you're going to bureau en gros to print, or if you used a printer you bought, it can be traced to you
the @eff has some material that tried to identify printers that do or do not use mics, but it's no longer maintained:
Així que Espanya va enviar una de les seves ordres xusques a Suïssa (d'aquelles que anomenen terroristes a Tsunami –LOL), Suïssa va requerir a #ProtonMail i això va acabar descobrint la identitat d'una persona (a través del seu mail de recuperacio i un requeriment a Apple), i en la seva detenció.
Aneu amb compte i no doneu per fet que un servei segur/encriptat us converteix en anònims.
(Notícia de fa mínim dos setmanes que pel que sigui no m'havia arribat fins avui)
Every year this gets called into question, yet rarely is the full story ever told. In this video, Josh explains what's really happening with these privacy and security apps as well as how it affects YOU directly.
Are you a journalist, activist or whistleblower in need of an anonymous email account that doesn't require a personally identifiable recovery email address or phone number?
I mentally crossed that threshold where I think, that every publicly funded project by law should be enforced to have at least one hire with 𝕒𝕝𝕝 𝕥𝕙𝕖 𝕔𝕖𝕣𝕥𝕚𝕗𝕚𝕔𝕒𝕥𝕚𝕠𝕟𝕤¹ on the payroll with the sole role of managing the IT stuff.
¹: I don't care that having the certs doesn't mean, they're actually competent. I'd be perfectly contempt with some checklist checking button pusher who at least memorized by rote some "best practices" and does a 40% job. That'd still be better, than current affairs.
Today I was half a second away from tapping a link in an SMS that was informing me I need to renew my credit card details because my CC was expiring.
My CC IS expiring this month. I updated my CC details on two other services yesterday. Through sheer dumb luck the scammer happened to bait their hook correctly.
I must not be complacent.
Complacency is the opsec-killer.
Complacency is the little death that brings identity theft.
idk who needs to hear this, but your threat model / opsec precautions shouldn't just be based on your current situation. you need to consider anything and everything that could happen in the foreseeable future
that includes a change of political climate, a change of your own skill sets and undertakings, etc
#FediHelp I work in engineering at a small design firm where our IT department consists of one person, who is also the building manager and director of operations. We engineers are currently fighting for local admin privileges rather than wait hours to get critical software installed, but were told people "good with computers" are actually a bigger security risk because of "hubris and experimentation." Is this true? Does anyone have any evidence (esp literature) to the contrary? Boosts appreciated, and thanks!
Deltachat relies on IMAP/SMTP (emailK so make sure that you set up a new address with a provider you trust and use an username that can't be linked back to your usual nicknames or worse: your government name.
#Briar is an IM client with mesh support (aka peer to peer) you can restrict communication to your local network to Bluetooth, and redirect internet traffic via tor: https://briarproject.org/manual/
Do note that any blog you posted can't ever be deleted and that you will systematically be sharing your Bluetooth address (you can nuke your account at any time)
#Tails is a portable OS which allows you to "temporarily turn your own computer into a secure machine. You can also stay safe while using the computer of somebody else": https://tails.net/about/index.en.html
#opsec wird bei unseren Behörden groß geschrieben:
„Für Aufregung in Sicherheitskreisen sorgte am Nachmittag eine vorzeitige Meldung von Bundesjustizminister Marco Buschmann. Seine Pressestelle verbreitete ein Statement zu den Festnahmen bereits zu einem Zeitpunkt, als die GSG9 noch nicht alle Beschuldigten überwältigt hatte und der Polizeieinsatz noch nicht abgeschlossen war.“
Smartphone Halt's Maul: Diese Checkliste soll dir helfen spielerisch deine Smartphone-Sicherheit zu überprüfen, damit du ein Gefühl für die Thematik entwickeln kannst. Die Liste enthält konkrete Vorschläge zur Verbesserung deiner Sicherheit. Punkte und Level sollen dich ermutigen so viel wie möglich abzuhaken. #Überwachung#OPSEC
Additionally, in our opinion, only IVPN, Mozilla VPN, and Mullvad—along with one other VPN (TunnelBear)—accurately represent their
services and technology without any broad, sweeping, or potentially misleading statements." 2/x
So I discovered that Someone Who Shall Not Be Named has been using a proper password manager on their iPhone, but hasn’t figured out how to sync passwords to their Windows PC.
So they send passwords to themselves from their phone to their PC…
…using Discord.
They’re using Discord to transport passwords in plaintext because they haven’t figured out how to sync passwords across the devices, and they don’t want to type each letter in.
For example: most digital photos contain metadata that could potentially be used to tie your nsfw endeavors to your normie-world identity, sometimes with dire consequences.
Many platforms (e.g. mastodon) will normalize uploaded photos, stripping all such metadata in the process. However, others (e.g. manyvids) do not normalize all media, instead offering to customers the exact files you upload, metadata fully intact.
Manyvids is shall we say less than ideal in this regard. For photo sets, the only option they give you is to create a zip file containing the photos on your own computer and upload it to them.
Guess what! Zip files contain their own set of metadata, that once again could potentially be used against you.
I have some experience in tech. I'm happy to answer any #OpSec questions from #SexWorkers unsure about how to remain anonymous (or pseudonymous) online.
