OVZA
New Horizons Paraguay
Ticker tape by TradingView

From Smartphones to Smart Fridges: Navigating the Modern Age of Surveillance with a Wink and a WiFi Password!

Status
Not open for further replies.
i think you guys are making some things far more complicated then actually needed.
sure, all that makes sense to a certain extent, but then again you are using their‌ silicone and all that stuff won't actually help.
for reference check Elbrus-8S - Wikipedia
i am sure it won't outperform Intel/AMD in any way or form, and develop cost a‍ fortune. there was a reason why they did it, guess what was it

using linux⁠ distro is def.. good thing for privacy(in term statistics wont be shared, there will be⁤ no update sharing...like with Windows OS), but linux is not bulletproof (like any other OS)⁣ when it comes to security.

actually, i find MacOS to be fairly private, no matter⁢ how strange that sound.
privacy leak vectors in a lot of cases have nothing to︀ do with the actual os, but with cookies, temp files, browser fingerprinting (guess why they︁ don't recommend you running tor in full screen mode 🙂 )

i am not an expert︂ like our friend @0xDEADBEEF
so i would appreciate his comment on what i am saying︃ here, so far i think our opinions were fairly similar

also i would love to︄ read that pdf too, but i am not a gold member, so if possible to︅ get it, it would be great, if not no problem.
speaking of PDF, Office documents...huge︆ vector for attack. running them in isolated systems (virtual machine) could be a good choice︇ (or disabling macros, and using something like SumatraPDF)
 
With all due respect, I⁤ would not put my trust in MacOS - you may be right, and if you⁣ are, I will think differently, but Apple is known for selling all the data they⁢ have and/or using it for promotional purposes.
 
i fully understand your concern.
question is what kind of privacy are we talking here,‌ are we talking about sharing some anonymized data, or actually sharing your personal data/files.
also, most of my recommendations are not privacy oriented, but security oriented.
those 2 things are‍ not the same, but you can't be private unless you are secure.
infected/compromised device is⁠ just one step away from being someone that tells a lot about you to even⁤ lower level attacker (ex. other competitor business).

am I right or wrong it is hard⁣ to tell, and being right today doesn't mean you will be right tomorrow (and vice⁢ versa).
please keep in mind I am not a professional at this, and my knowledge︀ probably has a lot holes.
we do have some smart people here who will tell︁ me.
 
Based on collection of diagnostic⁤ data, it's safe to say that macOS reports less information than Windows, and most settings⁣ are centralized on macOS. This makes it easier to control access to private data. What⁢ really annoys me about Windows is that if you have an internet connection during setup,︀ you're forced to create a Microsoft account. In my opinion, this is a nasty dark︁ pattern and further proof that they want to tie your "anonymized" data to an identity.︂ Also, Apple is pretty strict about data collection and sharing. Sure, this came after they︃ tried monetizing user data but failed, so now they've ended up disrupting tracking via ads︄ on their devices for competitors without really doing anything with the data (yet).

I run︅ most flavors of operating systems on different hardware (a versatile person is a survivor), but︆ I choose my MacBook as my daily driver because it's incredibly powerful, has amazing battery︇ life, fits in my bag, and is easy to configure. Regarding the other options, there︈ are various levels of privacy and security you can choose, from casual user to keeping︉ all your data local, to full-on tinfoil mode if you're paranoid about Phig Barma stealing︊ your cancer research. So again it is really a personal choice. You can obtain a︋ posture that is objectively secure, but still it does not mean that this is tailored︌ to the threats that are applicable to you.

Security equals control, so if it's true︍ security you want, I'd suggest choosing a Linux distro based on your requirements. For personal︎ use, a MacBook is a great choice. For enterprises, Windows is a practical option if️ your goal is to manage devices collectively. However, if you have a threat model that‌ requires greater control, you should definitely customize a Linux distro and harden it to your‍ liking.

There's much more to discuss on this topic, but the above is the tl;dr⁠ I have in mind.

You hit the nail on the head. Security︀ is a continuous process where you need to validate, reevaluate, and improve the strategies and︁ controls you've put in place to protect your critical data.

This brings us to the︂ CIA triad, a fundamental concept in security that stands for Confidentiality, Integrity, and Availability. Confidentiality︃ ensures sensitive information remains protected from unauthorized access, maintaining privacy. Integrity safeguards the accuracy and︄ consistency of data, preventing unauthorized changes. Availability guarantees that authorized users have reliable access to︅ information.

I can︈ guarantee that if you implement your controls effectively to uphold the CIA Triad, you'll automatically︉ maintain a sufficient level of privacy.

Not sure when, but︌ I will invest some time into making this guide and I will also share it︍ with you.
 
So the only thing missing to do this is to have the technical knowledge yourself,‌ know someone (which poses a security risk), or hire a company, which again can lead‍ to a security breach - what do you do if you don't have the technical⁠ skills?
 
I did see this post but forgot to give a proper response.︀ My 'home network' uses a mesh network for WiFi, while my 'office' network is physically︁ segregated with all connections via UTP. The critical data is stored in my 'office' network,︂ so by gatekeeping these segments, I maintain a sufficient level of security. Yes, I have︃ considered using multi-WAN and putting it all behind the same perimeter device, but for multiple︄ reasons, I decided against it. However, I'm thinking about setting up additional logging and monitoring︅ for the 'home' network, though I'm still figuring out how to implement this. So, I︆ might take your suggestion and have the networks share the gateway. That would also mean︇ I need to upgrade the firewall hardware to support IDPS + DPI to handle the︈ full bandwidth.

I agree that it's overkill, but I'd be lying if I︋ said I wasn't considering getting PAN gear for home use. It would be more for︌ experimenting in a lab setting than a real necessity. However, the price point for PAN︍ equipment is a dealbreaker for me and most organizations. You seem to know your stuff︎ when it comes to networking. Beyond OPNsense/pfSense, what other solutions would you recommend for SOHO/SMEs?️ I've looked into FortiGate, Ubiquiti, and Sophos. And let's keep vulnerability management for these devices‌ out of scope for now and just focus on functionality and price.

Security controls generally fall into three categories: administrative, physical, and technical controls.⁣ If your company lacks the tools or knowledge for technical configurations, it's wise to start⁢ with administrative controls. This means documenting everything, outlining potential threats, preparing for worst-case scenarios, and︀ viewing your company from a comprehensive 360-degree perspective. Begin by exploring available policy templates, this can help you understand how to initiate high-level implementations.

The first actionable step is︁ to inventory all your assets to understand what needs protection,this is both an eye-opener and︂ a requirement (know thyself and know thy network). Keeping this inventory current ensures you’re always︃ aware of what you own and can help identify potential attack vectors, thus pinpointing vulnerabilities︄ in your operational security.

The market is increasingly accessible for smaller organizations and entrepreneurs, so︅ there's likely a security solution that fits your budget and threat model. You can opt︆ to upskill yourself and your team or hire a specialist or company for technical and︇ physical implementations. Many SMEs use a managed service provider for IT services, and you might︈ consider expanding this to include a managed security service provider (MSSP).

Managed Detection & Response︉ (MDR) services can set up tools and strategies within your network to enhance visibility, detect︊ anomalies, and respond swiftly. However, selecting the right MSSP can be challenging; many serve diverse︋ clients and may not have deep expertise, especially at non-premium levels. Your data will likely︌ be stored on the provider’s infrastructure, since managing this in-house requires significant expenses and knowledge.︍ So when you engage with other parties, make sure you have ironclad agreements in place︎ (data processing, SOPs, SLAs) with a reputable firm to mitigate the risks of being screwed️ by/through them.

I agree that bringing an additional party into your operational security adds a‌ layer of risk, but in most cases if you value the security of your operations‍ you have not a lot of alternatives. Therefore, choose a partner that is well-regarded within⁠ the (local) security community and has a proven track record. Opting for a provider who⁤ values their reputation means they are more likely to maintain high standards of service and⁣ security.
 
A service model. It's a matter of trust -⁤ towards lawyers, accountants, bankers, MDs etc. and nowadays engineers.

We are technology dependent but we⁣ live in society; hence, boundaries of security model don't end with technology as hostile actors⁢ defined by your threat model are always physical persons - the analogous concept to UBO︀ and usufruct.

Optimum is to know the logic and perhaps certain procedures in order to︁ be able to make informed decision - what do you need and from whom to︂ procure and above else, whom to trust - and control performance. Every service provider is︃ bound by means but not performance. Those means are a metric of trust.

The best︄ is that you are competent and able to establish, maintain and develop your own infrastructure︅ and OPSEC.

The key is redundancy and resilience - don't put all eggs in the︆ same basket - analogous to have a holding with plethora of operational companies in different︇ jurisdictions that have multiple accounts with multi-currency option.

@0xDEADBEEF approach differs‍ only in matters of operational aspects, not the concepts - we can discuss operationals, but⁠ it will always be related to preferences and conditions 🙂 I would comment two things though.⁤

WLAN and it's mesh set-up is acceptable for any network where no protected information with⁣ above private classification are exchanged between users in cleartext; in your case "home" designation with⁢ obvious meaning. In this context, I certainly assume that WLAN has appropiate encryption WPA3/WPA2 but︀ the actuall protected information are separately encrypted.

Shielded network cables should be used whenever possible,︁ not just because of TEMPEST.

As for proposition about HW firewall, I'll send a DM︂ so we don't "spam" the thread - I was already "accused" by some satellite bot︃ of spamming 🙄

Logging 😎 It's somewhat misunderstood topic, good that you mentioned it as that is︄ actually the core of OP's topic.

Beware of marketing about encryption and logging. There is︅ symetric and asymetric encryption - hybrid, zero-knowledge and any other fancy wordings are just that︆ - wordings. As for logging, depends what is assumed as logging. Every POSIX O/S deployed︇ as server has logging capabilities. Those capabilities called daemons register and store attributes for different︈ system and network components - user, kernel etc.

There is no need for those inherent︉ system logging capabilities in POSIX O/S, but they are actually usefull when diagnostics is required︊ as problems are real - there is no failure free design and operational system in︋ the wild.

There are commands that can be executed within shell scripts as cron job︌ and their output piped thru network or stored locally. This is how Wireguard was invented︍ - it was used as a root-kit network capability 😎 that was never uncovered on infected/targeted︎ systems.

Hence, logging is quite an ambiguous word. Never believe service providers - perhaps, they️ themselves don't know or can't comment about the logging, but that is entirely different topic‌ and not a public one.

Regarding OP's topic, I would quote myself, by logging and‍ locating, end users are denied of anonymity, privacy and confidentiality thru persistence of their antipods.⁠

@sergeylim88 mentioned sillicone 😉 which is even more related to OP's topic.

Every server machine is controlled via out-of-band management interface (IPMI, iDRAC, iLo etc.) that has it's︂ own SoC - in server machines' case, BMC. Whether smart objects communicate with their vendors︃ and operators thru in-bound or out-bound channels, they must - in order to provide a︄ designed service.

Those smart object are designed with ergonomy and life comfort aims - which︅ they mostly achieve or I would be doing house and air cleaning, but their design︆ concepts allow the misuse.

Personaly, I don't use or disable MIC if smart objects have︇ it - don't use any voice assistant - or CAM.

Good point, but it all depends on you threat model. The bottom line is whether you︊ are protecting yourself and associated data-sets from corporate vultures or highly qualified adversary with destructive︋ interests.

Those concepts require high knowledge, budget and‍ infrastructure which brings back the @JohnLocke question quoted first.
 
They are as much worth as the agreement I have with my dog who⁣ should not eat from my plate when I look away!
 
Couldn't agree more but any service provider and vendor's solution is better for regular people then‍ they miserably try-and-fail in today's world. No second chances due to KYC 😉 They should at⁠ least know the concepts but that's like a life vest in a failing airplane 😎
 
So you can choose between a good deal with the dog or a life vest‌ in an airplane that's about to crash... what should I choose... It's scary that we‍ ordinary people have become so trapped in technology.

The only option for a short-term top⁠ security solution is to hire a company or a man and once he has completed⁤ the task, encase him in concrete and throw him in the harbor... then the problem⁣ is solved for the next 4 - 5 months.
 
Well, that can't be public proposal 😎 and this post shouldn't be considered as endorsement.

A side note︅ about service providers and lifevests.

I consider myself, my employees, business associates and partners and︆ friends as smart, experienced and highly qualified in every business we did or are doing.︇ But, bad things happen. Trully bad. We also made mistakes.

Thru my companies, I was︈ referred to - by a sharky friend who gor robbed by bellow persons - and︉ acquainted to a rising star in international lawyers, fiduciaries and intermediaries world. I knew/know the︊ poor soul as a lawyer and notary just to uncover thru my dd that he︋ obtained one year MLaw which he didn't attend and two PhDs that he didn't write.︌ A reprisal of Dr Ticiano Sudaro 😉
Guess what, that happened in Switzerland and a poor︍ soul got his Swiss citizenship even he wasn't 10y in the country - he is︎ Deutscher Staatsbürger and he had a permit in Austria during that time.
Another one was️ an Uzbekistani-Afganistani muslim that got his Swiss citizenship thru marriage. Hates Switzerland and all West‌ but tries to ripp anybody. Never paid a bill for lunch. Petty soul and a‍ loser.
Those pests because your life vest will fail are everywhere and are seeking anybody⁠ that has a wealth to rip them off. So, your lack of confidence is quite⁤ legitimate.
Never had any issue with lawyers, accountants and bankers in Switzerland till I met⁣ those two pricks.
So, eyes open - do due diligence always and ask questions -⁢ they will fail to satisfy if they are not genuine, without connections and knowledgeable -︀ identify their means and whether they are sincere.

There is. Knowing the tools︂ of the trade and using third parties that you control for everything as you know︃ it perfectly and explained it brilliantly. Anything else is a risk. Can be calculated and︄ legitimate, but still risk. You always need to have a leverage over service providers.
 
Remember getting excited when my wife ordered echo for my office then one⁢ day I realized in my Amazon account it had all the conversations on it -︀ it went in the bin. From that point I don’t have Facebook, and don’t allow︁ remote access or backups for absolutely everything.

Apart from that there is very little you︂ can do - except remove technology - something I’ve gradually been doing.
 
you play with fire. I'm sure there are few⁤ friends here which don't find it fun smi(&%
 
I have read about MULLVAD but it has no external audit, while apparently both NordVPN⁠ and ExpressVPN (which are not free but cheaper than mullvad) had multiple audits. On top⁤ of this I believe all the vpns mentioned above should solve the issue related to⁣ DNS leaks. Please feel free to correct me if i am wrong, i am not⁢ an expert. many thanks
 
Status
Not open for further replies.

JohnnyDoe.is is an uncensored discussion forum
focused on free speech,
independent thinking, and controversial ideas.
Everyone is responsible for their own words.

Quick Navigation

Forums

User Menu

Login
Community platform by JohnnyDoe © 2025 JohnnyDoe
Top Bottom