Opsec Aka Operational Security Is The Most Important Thing To Keep In Mind When Doing Anything On The Internet, Here is 100 Opsec Tips From Cybertoolbank Staff. Remember That In Most Of The Cases Extreme Privacy Plans Equal Good Opsec.
1. Do not use your realname anywhere online!
2. Do not send pictures of your pets to anyone online, unique pets can be directly linked to you!
3. Do not trust anything mainstream for example discord, nordvpn and protonmail shoudln't be trusted.
4. Do not use socialmedias, all data collected on socialmedias can be used to identify you, for example how fast you type.
5. Use a VPN you trust we recommend mullvad VPN, making your own VPN is good for some threatmodels but remember you will be identified by your browserfingerprint + ip combo if you only have one ip, and only having 1 location is bad as well, as it will be assumed its the nearest server location to you and will be blacklisted on some places.
6. Spoof your browserfingerprint, can be done with browserextensions for example, best way to do this is to run your browser in a vm that is never fullscreen.
7. Use your passwordmanager only inside a vm.
8. Never reuse a password!
9. Never reuse a email!
10. Never reuse a username!
11. Stay away from discord!!!
12. Use tor, or i2p.
13. Do not brag! Bragging is one of the easiest ways to get caught, "kirk" for example.
14. Do not think that something is anonymouys what is not, for example Bitcoin is not anonymouys if you don't know how to use it correctly. We recommend converting your Bitcoins to Monero and back, and storing them on a cold wallet or Electrum bitcoin wallet, more on cryptocurrencies on cryptocurrency category.
15. Use different vms and devices for everything you can.
16. This is obivous, encrypt your hard disks!
17. Do not use an antivirus, antiviruses waste your resources and sell your data!
18. Do not trust anything closedsource!
19. Do not give your browser download, microphone or camera permissions!
20. Do not use crappy operatingsystems if you actually care about your security and privacy, we do not recommend windows, we recommend whonix, qubes-os and tails.
21. Never ever have any unused apps on your phone, these collect and sell your data and can be exploited!
22. Never give apps unused permissions, why does calculator need to know your location?!
23. Isolate your browsers aka use many browsers to avoid browserfingerprinting. Browsers inside virtualmachine are a good choice like mentoined before.
24. Turn off wifi- and bluetooth scanning on your phone, also do not let apps run in background!
25. Avoid chinese products, software and tech, aka spyware!
26. Never keep bluetooth or wifi enabled when not used!
27. Remove microphone and camera from your phone, need help? join our telegram by clicking here!
28. Never use proxies, VPN is always your better choice for personal use!
29. Never use email to communicate!
30. Use keepassxc passwordmanager inside a virtualmachine / vm.
31. How ever if you have to communicate using email use thunderbird emailclient.
32. Never register anywhere online with your real phonenumber, use smspva.com to verify your accounts, cheap and reliable!
33. Use DOH, never use google or cloudflare DOH! (DNS over HTTPS) this makes it impossible for your ISP to see websites you visit, we recommend blahdns.
34. Do not buy intels hardware, NSA has backdoored all of it!
35. Discord is full of skids that get caught everyday, do not ever use discord outside of a vm that runs trought tor! Discord has 0 encryption and is FBI:s honeypot!
36. Never save passwords in your browser or any other autofill information, those can be stolen by simple scripts.
37. Never install cracked apps or cheats, they contain malware.
38. Epicgames is one of the biggest spyware, if you want to be a hacker but you are a gamer, forget it.
39. We recommend signal.org for normal SMS use.
40. Disable WebRTC or use torbrowser, WebRTC can leak your local ips even if using a VPN.
41. Format all your devices using guttman35 algoritim once a year!
42. Never resell your hard drives!
43. Do not store anything personal like your pictures on your pc, always store them away from the internet, these can be used to blackmail or dox you!
44. Do not take a DNA test!
45. Do not renew your passport!
46. Try to not give police your fingerprint, good way to do this is to remove your fingerprints with simple laser surgery.
47. Never use your fingerprint or face to unlock your phone!
48. Do not have teeth.
49. Spoof your mac address.
50. Get your mail instantly after it arrives don't let it sit!
51. Turn on 2FA everywhere where you can, we recommend Freeotp+, we do not recommend google authenticator.
52. Use a privacyfriendly phone, your phone knows the most about you, we recommend nexus 5 with linux distro or google pixel with graphene or calyx os (ironic but true).
53. Always keep your microphone hardwaremuted if possible!
54. Block all your cameras with tape, if you couldn't remove them! (tip number 27)
55. Never buy any IOT devices.
56. Smart = spyware, avoid alexa or any other smart devices like a samsung smart fridge, more digital you go, more vulnerable you are!
57. Remove all metadata from photos before sending them anywhere online, we recommend scrambled exif. Exif data can be used to get your exact location and for example Discord saves this kind of data into their database!
58. Only use de-googled devices, we recommend graphene os.
59. Remember that your voice is very easy way to identify you. Never use your real voice anywhere online, we recommend using voicechangers!
60. Stay away from unencrypted communication services, xkeyscore has acces to all of this! (NSA:s project)
61. Never have your default user with UAC or SUDO perms, you are very vulnerable if you do!
62. Use a good and strong firewall like UFW on linux.(simplifies iptables)
63. Use google alternatives, google collects too much data that could be used to identify you from other data, for example aurora store instead of google play store, (uses google play store API anonymouysly). Or newpipe instead of youtube!
64. Learn to alternate your writing styles, write different everywhere on the internet, your writing style can be used to identify you!
65. Use simple aliases like the name of colors, red or blue for example. More complicated your alias is easier it is to track your doings on the internet, and as said do not reuse aliases. Grinding online ego on a alias is the easiest way to be a skid, after using discord. We also recommend changing your alias very frequently, more you change it harder its to track you, never register on any kind of forums with your real alias.
66. Check pictures trought very carefully before sending them anywhere online even a random car-register-plate in a picture that is not related to you in anyway could be used to identify you, based on the cars movements comparing the time you sent the picture!
67. Do not let anyone online gain your trust!
68. Learn how to safely use your cryptocurrencies, a twitter hacker skid got caught because he didn't know how to. More on this in cryptocurrencies gategory!
69. Use opensource and FOSS software only!
70. Never order anything using your real address or name, use PO boxes!
71. Use facemask and sunglasses in public places to avoid facial-recognition.
72. Encrypt your important messages with PGP.
73. Make sure your phone is encrypted and uses a strong PASSWORD! not a pincode or anything else clowny, there is a company based in israel called cellebrite they crack phones, its even used but the Mossad and FBI, but even they are powerless against strong passwords, make your phone selfdestruct after 15 failed tries!
74. Do not let anyone save you by your realname in their contactbook, their apps fetch and sell this info!
75. Use burner phonenumbers- and emails, smspva.com, temp-mail.org, be aware temp-mail.org probably saves all your messags so only use it for confirming accounts!
76. Remember to check software signatures and hashes! can be automated with virustotal.com.
77. Use a trustworthy browser, we recommend the tor browser.
78. Do not download anything using the tor browser!
79. Do not use tor browser on your phone!
80. Do not ever fullscreen your browsers!
81. Do not use your actual timezone on your phone or pc use a mechanic clock!
82. Do not use your real keyboardlayout on your phone or pc, google wich layout is similar to yours and use that.
83. Use old hardware to avoid backdooring, new = "smart" = spyware!
84. Never share internet using bluetooth! extremely insecure!
85. Use privacyscreens to prevent people and cameras behind or next to you from seeing what you are doing on your device!
86. Check if your details are breached in database breaches, check at haveibeenpwned.com.
87. Do not have your address publicly listed.
88. Spoof everything you can, check out sphere browser.
89. If you are stupid enough to use a windows or a gamer, debloat it with scripts, oosu10 is a good and reliable program to do this.
90. Lie about your self online, when it comes to opsec disinformation is your bestfriend!
91. Distract people after you, fake dox your self, "accidently" leak disinformation like your "address".
92. Always choose wired over wireless!
93. Remember check for cc skimmers before paying offline and domains when paying on the internet!
94. Be aware of the cameras around you!
95. Do not do things considered as secret in public places, for example do not chat in your hacking telegram group if you are at your school!
96. Check if your browserfingerprint is unique at amiunique.org to plan your threat model. If it's unique bad for you, if it's not unique good for you :)
97. Use trustworthy browserextensions like umatrix and ublock origin.
98. Generate and use fake identities online.
99. Type everything on notepad and paste where ever you need to, this way your typing speed cannot be traced by your browser and the websites you visit. When a trashy browser called yandex was reverse engineered was found that it sends a request everytime you type a letter.