TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
Opsec Aka Operational Security Is The Most Important Thing To Keep In Mind When Doing Anything Online, Here Are 100 Opsec Tips From Cybertoolbank. Remember That In Most Of The Cases Extreme Privacy Plans Equal Good Opsec.
Made By Cybertoolbank With Love
1. Always respond to people saying "hi" to you with the same word they used, if they say Hi say Hi, if they say hello say hello. Some pedophile loser was caught of because he had unique way of saying hi, feds were able to link his "unique way of saying hi" from a onion forum to a clearnet forum post which got him caught.
2. Do not upload pictures of your pets online, unique pets can be directly linked to you!
3. Do not trust anything mainstream for example discord, nordvpn or protonmail shoudln't be trusted.
4. Do not use socialmedia, all data collected on socialmedia applications can be used to identify you, for example how fast you type.
5. Use a VPN you trust we recommend mullvad VPN, making your own VPN is good for some threatmodels but remember you will be identified by your browserfingerprint + ip combo if you only have one ip, and only having 1 location is bad as well, as it will be assumed its the nearest server location to you. !Disclaimer! Even tough VPNs are a good tool we still recommend using tor always when you can, check orbot for android. Do not use free VPN services!
6. It is a good idea to spoof your browserfingerprint, can be done with browserextensions, safest way to do this, is to run your browser in a virtualmachine. Check out qubes-os.
7. Use your passwordmanager only inside a isolated virtualmachine. Check out qubes-os.
8. Never reuse a password, email, profilepicure or username. Its the worst mistake you can make.
9. Overwrite deleted content, when something is deleted, it does not actually get deleted the device just forgets where its stored and frees space on the disk. This is why overwriting all deleted files is exteremly important. We recommend Bleachbit on pc and diskdigger on android.
10. Use HTTPS always when you can this is very important! For example tor exit node, which could be owned by NSA sees all your traffic in plaintext if no encryption like HTTPS is not used.
11. Do not let any software or apps run in the background!
12. We recommend the use of tor, or i2p for more anonymity.
13. Do not brag! Bragging is one of the easiest ways to get caught.
14. Do not use Bitcoin, Bitcoin is not anonymouys if you don't know how to use it correctly. We recommend only using Monero (XMR). Check cryptocurrency category.
15. Use different vms and devices for everything you can.
16. This is obivous, encrypt your ssds, hdds and mobile devices!
17. Do not use antiviruses, antiviruses waste your resources, sell your data and even possibly spy on you, they might even open new attack possibilities on you! For older people who dont understand anything about cybersecurity we recommend Malwarebytes antivirus.
18. Do not use closedsource messengers. And avoid using closed source software always if you can, if you cannot find opensource alternatives try to find clients for closed soucre software.
19. Do not give your browser on your mobile device download, microphone or camera permissions!
20. Do not use crappy operatingsystems. If you actually care about your security and privacy, we recommend using whonix or qubes-os.
21. Do not have any unused apps installed on your phone, these collect and sell your data and could be exploited!
22. Never give apps unnecessary permissions, "why does calculator need to know your location".
23. Isolate your browsers, use many browsers to avoid browserfingerprinting. Browsers inside virtualmachine are a good choice like mentoined before.
24. Turn off wifi- and bluetooth scanning on your phone, these can be used to track you and drain your battery.
25. Avoid chinese products, software and tech, its usually spyware! Other than that china is a great country and they will take over the entire world by 2050. #FuckAmerica #FuckEU #FuckAfrica
26. Never keep bluetooth or wifi enabled when not used. Bluetooth is one of the least secure things to exist!
27. Consider removing microphone and camera from your phone, need help? join our telegram by clicking here!
28. Keep your keyboard clean, any fingerprints on keycaps could be used to guess your password.
29. Do not use email for communication, if you do remember to use PGP!
30. We recommend using keepassxc passwordmanager, use it in a encrypted vm.
31. If you have to communicate using email use thunderbird emailclient and PGP encryption.
32. Never register anywhere online with your real phonenumber, use Sms-activate.ru to verify your accounts, cheap and reliable!
33. Use DOH, never use google or cloudflare DOH! (DNS over HTTPS) this makes it impossible for your ISP to see the websites you visit, we recommend blahdns. But remember that your DOH provider could be spying on you, well this leaves us with tor and tor only.
34. Do not click ANY links always open new links in disposable vms, for example NSO pegasus is spread by links sent in sms!
35. Discord is full of skids that get caught every fucking day, do not ever install discord on your device only use it inside a browser you that trust! Discord can see all your messages and does not have E2EE (end to end encryption), and its FBI's honeypot!
36. Never save passwords in your browser or any other autofill information, these can be stolen by simple exploits.
37. Never install cracked software or cheats, they contain malware in most of the cases.
38. Epicgames is one of the biggest spyware, like most of the gamelaunchers, stay away from them!
39. We recommend signal.org for normal SMS use and call use. Only LTE communication is encrypted, and goverments can still spy on it, so do not talk about secretive things in your calls or sms!
40. Disable WebRTC, WebRTC can leak your local ips even if using a VPN.
41. Format all your devices once a year and wipe them using gutmann35 algoritim!
42. Never resell your ssds or hdds, the data on them could be recovered!
43. Do not store anything personal like your pictures on your pc, always store them offline, not even in your phone gallery, if you have to store images on your phone store them encrypted away from other apps, we recommend, photolok from f-droid. We recommend buying external ssd / hdd / hard drive for your photos and important files and always having it unplugged from your pc when not in use.
44. Do not take a DNA test, the companies will sell your data. Feds find this data very useful and many people have been caught because of this, for example the Golden State Killer!
45. Do not renew your passport, just vanish bro.
46. Try not to give the police your fingerprint, good way to do this is by removing them by burning them.
47. Never use your fingerprint or face to unlock your phone, very fucking easy to crack, the feds love this. Also make your phone autoreboot to avoid AFU exploits!(Police uses this to get into your device without your password)
48. Do not have teeth
.
49. Make a survival kit, have a backpack with all survival gear ready to go, be ready to leave your house in 10 minutes if needed.
50. Get your post/mail instantly after it arrives don't let it sit!
51. Turn on 2FA everywhere where it is possible. We recommend Freeotp+, we do not recommend google authenticator.
52. Use a privacy friendly phone, your phone knows the most about you, we recommend nexus 5 with linux distro or google pixel with graphene or calyx os (ironic but true). But remember if your phone has a simcard and it connects to the internet, it can still be tracked and hacked by the goverment!
53. Always keep your microphone hardware muted if not used, you could build your self a microphone hardware mute button if your microphone does not have a button for it.
54. Block all your cameras with tape if you couldn't remove them! (tip number 27)
55. Never buy any IoT devices. If you do, seperate them in their own network away from other devices.
56. Smart = spyware, avoid alexa or any other smart devices like a samsung smartfridge, more digital you go, more vulnerable you will be!
57. Remove all metadata from photos before sending them anywhere online, we recommend scrambled exif app for android. Exif data can be used to get your exact location and for example discord saves this kind of data for ever.
58. Only use de-googled android devices, we recommend graphene os.
59. Remember that your voice is very easy way to identify you. Never use your real voice anywhere online, we recommend using voicechangers! Your voice can be turned into something called voicefingerprint which is unique hash generated from your voice. It is known that feds use this technology.
60. Stay away from unencrypted communication services like discord, xkeyscore has access to all of this! (NSA project)
61. Never have your default user with UAC or SUDO (admin) perms, you are very vulnerable if you do! Windows default user has UAC access, this is why you should create admin user on windows and normal user which you use for daily use, admin user should not be touched, you will have to put its password when using UAC perms (installing apps for example).
62. Use a good and strong firewall like UFW on linux.(simplifies iptables)
63. Use google alternatives, google collects too much data that could be used to identify you based on other data that connects you to your google data, for example aurora store instead of google play store, (uses google play store API "anonymouysly"), and newpipe instead of youtube!
64. Learn to alternate your writing style, write different everywhere on the internet, your writing style can be used to identify you!
65. Use simple aliases like the names of colors, red or blue for example. More complicated your alias is easier it is to track your doings on the internet, and as said do not reuse aliases. Grinding online ego on a alias is one the easiest ways to be a skid and get caught. We also recommend changing your alias very frequently, more you change it harder its to track your doings in the internet.
66. Check pictures trought very carefully before sending them anywhere online even a random car-register-plate in a picture that is not related to you in anyway could be used to identify you, based on the cars movements comparing the time you sent the picture!
67. Do not let anyone online gain your trust!
68. Learn how to safely use your cryptocurrencies, a twitter hacker skid got caught because he didn't know how to. More on cryptocurrencies in the cryptocurrencies gategory!
69. Do not install random github projects because they are opensource, learn to check the code, check that it doesnt connect to random ips or urls for example.
70. Never order anything using your real address or name, use PO boxes!
71. Use a facemask and sunglasses in public places to avoid facial-recognition.
72. Encrypt your important messages with PGP.
73. Make sure your phone is encrypted and uses a strong PASSWORD! Not a pincode or anything else clowny, there is a company based in israel called cellebrite they crack phones, its even used by the Mossad and FBI, and most likely your local police. Cellebrites software Ufed is widely used by goverments and police across the world. But even they are powerless against strong passwords (while phone in BFU), make your phone format it self after 15 failed login tries!
74. Do not let anyone save you by your real name in their contactbook (contact tracing), their apps fetch and sell this info! This data can be then used to track who you talk to.
75. Use burner phonenumbers- and emails, smspva.com, temp-mail.org, be aware temp-mail.org probably saves all your messages so only use it for confirming accounts!
76. Remember to verify software signatures, in targeted attacks towards you its important that you check them to prevent getting attacked!
77. Use a trustworthy browser, we recommend the tor browser.
78. Do not download anything using the tor browser! Downloaded apps can be used to deanonymize you.
79. Do not use the tor browser on your phone, if you do, disable javascript (strictest security settings)!
80. Do not ever fullscreen your browsers! Your screensize can be used to identify you.
81. Do not use your actual timezone on your phone or pc use a mechanic clock!
82. Do not use your real keyboardlayout on your phone or pc, google which layout is similar to yours and use that.
83. If you have to pay for your data getting removed like a dox or a db entry, just do it you wont regret. However deleting db entries might be useless as someone probably has your db entry data copied somewhere else. Dehashed lets you delete data on you for free, but it only gets deleted from public search not from the actual db, you fuckers...
84. Never share internet using bluetooth! extremely insecure!
85. Use privacyscreens to prevent people and cameras behind or next to you from seeing what you are doing on your device!
86. Check if your details are breached in database breaches, check at haveibeenpwned.com.
87. Do not have your address publicly listed.
88. It is important that you know, if you are targeted by goverment entity the best thing to do is just to destroy all your devices storage units. Dont ever underestimate them, this is why its better to stay lowkey online, we cannot encourage you enough to not brag about things you have done, also do not link your doings to an alias.
89. If you use windows, debloat it with scripts, oosu10 is a good and reliable program to do this.
90. Lie about your self online, when it comes to opsec disinformation is your bestfriend!
91. Distract people after you, fake dox your self, "accidently" leak disinformation like your "address", but do not make it obivious.
92. Always choose wired over wireless!
93. Remember to check for cc skimmers before paying offline and domains when paying on the internet!
94. Be aware of the cameras around you!
95. Do not do things considered as secret in public places, for example do not chat in your hacking telegram group if you are in your school! Cameras are always watching!
96. Check if your browserfingerprint is unique at amiunique.org to plan your threat model. If it's unique, bad for you, if it's not unique, good for you However its very likely that your browserfingerprint is unique, to defeat this use Tor Browser or disable javascript and make whitelist of websites which you want to allow javascript on. Javascript is one of the most dangerous things on the internet, be aware of that even when using the Tor Browser you could be deanonymized by javascript. We recommend the use of noscript and umatrix with strict rules. Tor Browser strictest settings disable javascript, be aware it will break many websites.
97. Use trustworthy browserextensions like umatrix and ublock origin.
98. Generate and use fake identities online.
99. Type everything on notepad and paste where ever you need to, this way your typing speed cannot be traced by your browser or the websites you visit. When a trashy browser called yandex was reverse engineered was found that it sends a request every time you type a letter.
100. If you don't pay for it you are the product!
Made By Cybertoolbank With Love
1. Always respond to people saying "hi" to you with the same word they used, if they say Hi say Hi, if they say hello say hello. Some pedophile loser was caught of because he had unique way of saying hi, feds were able to link his "unique way of saying hi" from a onion forum to a clearnet forum post which got him caught.
2. Do not upload pictures of your pets online, unique pets can be directly linked to you!
3. Do not trust anything mainstream for example discord, nordvpn or protonmail shoudln't be trusted.
4. Do not use socialmedia, all data collected on socialmedia applications can be used to identify you, for example how fast you type.
5. Use a VPN you trust we recommend mullvad VPN, making your own VPN is good for some threatmodels but remember you will be identified by your browserfingerprint + ip combo if you only have one ip, and only having 1 location is bad as well, as it will be assumed its the nearest server location to you. !Disclaimer! Even tough VPNs are a good tool we still recommend using tor always when you can, check orbot for android. Do not use free VPN services!
6. It is a good idea to spoof your browserfingerprint, can be done with browserextensions, safest way to do this, is to run your browser in a virtualmachine. Check out qubes-os.
7. Use your passwordmanager only inside a isolated virtualmachine. Check out qubes-os.
8. Never reuse a password, email, profilepicure or username. Its the worst mistake you can make.
9. Overwrite deleted content, when something is deleted, it does not actually get deleted the device just forgets where its stored and frees space on the disk. This is why overwriting all deleted files is exteremly important. We recommend Bleachbit on pc and diskdigger on android.
10. Use HTTPS always when you can this is very important! For example tor exit node, which could be owned by NSA sees all your traffic in plaintext if no encryption like HTTPS is not used.
11. Do not let any software or apps run in the background!
12. We recommend the use of tor, or i2p for more anonymity.
13. Do not brag! Bragging is one of the easiest ways to get caught.
14. Do not use Bitcoin, Bitcoin is not anonymouys if you don't know how to use it correctly. We recommend only using Monero (XMR). Check cryptocurrency category.
15. Use different vms and devices for everything you can.
16. This is obivous, encrypt your ssds, hdds and mobile devices!
17. Do not use antiviruses, antiviruses waste your resources, sell your data and even possibly spy on you, they might even open new attack possibilities on you! For older people who dont understand anything about cybersecurity we recommend Malwarebytes antivirus.
18. Do not use closedsource messengers. And avoid using closed source software always if you can, if you cannot find opensource alternatives try to find clients for closed soucre software.
19. Do not give your browser on your mobile device download, microphone or camera permissions!
20. Do not use crappy operatingsystems. If you actually care about your security and privacy, we recommend using whonix or qubes-os.
21. Do not have any unused apps installed on your phone, these collect and sell your data and could be exploited!
22. Never give apps unnecessary permissions, "why does calculator need to know your location".
23. Isolate your browsers, use many browsers to avoid browserfingerprinting. Browsers inside virtualmachine are a good choice like mentoined before.
24. Turn off wifi- and bluetooth scanning on your phone, these can be used to track you and drain your battery.
25. Avoid chinese products, software and tech, its usually spyware! Other than that china is a great country and they will take over the entire world by 2050. #FuckAmerica #FuckEU #FuckAfrica
26. Never keep bluetooth or wifi enabled when not used. Bluetooth is one of the least secure things to exist!
27. Consider removing microphone and camera from your phone, need help? join our telegram by clicking here!
28. Keep your keyboard clean, any fingerprints on keycaps could be used to guess your password.
29. Do not use email for communication, if you do remember to use PGP!
30. We recommend using keepassxc passwordmanager, use it in a encrypted vm.
31. If you have to communicate using email use thunderbird emailclient and PGP encryption.
32. Never register anywhere online with your real phonenumber, use Sms-activate.ru to verify your accounts, cheap and reliable!
33. Use DOH, never use google or cloudflare DOH! (DNS over HTTPS) this makes it impossible for your ISP to see the websites you visit, we recommend blahdns. But remember that your DOH provider could be spying on you, well this leaves us with tor and tor only.
34. Do not click ANY links always open new links in disposable vms, for example NSO pegasus is spread by links sent in sms!
35. Discord is full of skids that get caught every fucking day, do not ever install discord on your device only use it inside a browser you that trust! Discord can see all your messages and does not have E2EE (end to end encryption), and its FBI's honeypot!
36. Never save passwords in your browser or any other autofill information, these can be stolen by simple exploits.
37. Never install cracked software or cheats, they contain malware in most of the cases.
38. Epicgames is one of the biggest spyware, like most of the gamelaunchers, stay away from them!
39. We recommend signal.org for normal SMS use and call use. Only LTE communication is encrypted, and goverments can still spy on it, so do not talk about secretive things in your calls or sms!
40. Disable WebRTC, WebRTC can leak your local ips even if using a VPN.
41. Format all your devices once a year and wipe them using gutmann35 algoritim!
42. Never resell your ssds or hdds, the data on them could be recovered!
43. Do not store anything personal like your pictures on your pc, always store them offline, not even in your phone gallery, if you have to store images on your phone store them encrypted away from other apps, we recommend, photolok from f-droid. We recommend buying external ssd / hdd / hard drive for your photos and important files and always having it unplugged from your pc when not in use.
44. Do not take a DNA test, the companies will sell your data. Feds find this data very useful and many people have been caught because of this, for example the Golden State Killer!
45. Do not renew your passport, just vanish bro.
46. Try not to give the police your fingerprint, good way to do this is by removing them by burning them.
47. Never use your fingerprint or face to unlock your phone, very fucking easy to crack, the feds love this. Also make your phone autoreboot to avoid AFU exploits!(Police uses this to get into your device without your password)
48. Do not have teeth
.49. Make a survival kit, have a backpack with all survival gear ready to go, be ready to leave your house in 10 minutes if needed.
50. Get your post/mail instantly after it arrives don't let it sit!
51. Turn on 2FA everywhere where it is possible. We recommend Freeotp+, we do not recommend google authenticator.
52. Use a privacy friendly phone, your phone knows the most about you, we recommend nexus 5 with linux distro or google pixel with graphene or calyx os (ironic but true). But remember if your phone has a simcard and it connects to the internet, it can still be tracked and hacked by the goverment!
53. Always keep your microphone hardware muted if not used, you could build your self a microphone hardware mute button if your microphone does not have a button for it.
54. Block all your cameras with tape if you couldn't remove them! (tip number 27)
55. Never buy any IoT devices. If you do, seperate them in their own network away from other devices.
56. Smart = spyware, avoid alexa or any other smart devices like a samsung smartfridge, more digital you go, more vulnerable you will be!
57. Remove all metadata from photos before sending them anywhere online, we recommend scrambled exif app for android. Exif data can be used to get your exact location and for example discord saves this kind of data for ever.
58. Only use de-googled android devices, we recommend graphene os.
59. Remember that your voice is very easy way to identify you. Never use your real voice anywhere online, we recommend using voicechangers! Your voice can be turned into something called voicefingerprint which is unique hash generated from your voice. It is known that feds use this technology.
60. Stay away from unencrypted communication services like discord, xkeyscore has access to all of this! (NSA project)
61. Never have your default user with UAC or SUDO (admin) perms, you are very vulnerable if you do! Windows default user has UAC access, this is why you should create admin user on windows and normal user which you use for daily use, admin user should not be touched, you will have to put its password when using UAC perms (installing apps for example).
62. Use a good and strong firewall like UFW on linux.(simplifies iptables)
63. Use google alternatives, google collects too much data that could be used to identify you based on other data that connects you to your google data, for example aurora store instead of google play store, (uses google play store API "anonymouysly"), and newpipe instead of youtube!
64. Learn to alternate your writing style, write different everywhere on the internet, your writing style can be used to identify you!
65. Use simple aliases like the names of colors, red or blue for example. More complicated your alias is easier it is to track your doings on the internet, and as said do not reuse aliases. Grinding online ego on a alias is one the easiest ways to be a skid and get caught. We also recommend changing your alias very frequently, more you change it harder its to track your doings in the internet.
66. Check pictures trought very carefully before sending them anywhere online even a random car-register-plate in a picture that is not related to you in anyway could be used to identify you, based on the cars movements comparing the time you sent the picture!
67. Do not let anyone online gain your trust!
68. Learn how to safely use your cryptocurrencies, a twitter hacker skid got caught because he didn't know how to. More on cryptocurrencies in the cryptocurrencies gategory!
69. Do not install random github projects because they are opensource, learn to check the code, check that it doesnt connect to random ips or urls for example.
70. Never order anything using your real address or name, use PO boxes!
71. Use a facemask and sunglasses in public places to avoid facial-recognition.
72. Encrypt your important messages with PGP.
73. Make sure your phone is encrypted and uses a strong PASSWORD! Not a pincode or anything else clowny, there is a company based in israel called cellebrite they crack phones, its even used by the Mossad and FBI, and most likely your local police. Cellebrites software Ufed is widely used by goverments and police across the world. But even they are powerless against strong passwords (while phone in BFU), make your phone format it self after 15 failed login tries!
74. Do not let anyone save you by your real name in their contactbook (contact tracing), their apps fetch and sell this info! This data can be then used to track who you talk to.
75. Use burner phonenumbers- and emails, smspva.com, temp-mail.org, be aware temp-mail.org probably saves all your messages so only use it for confirming accounts!
76. Remember to verify software signatures, in targeted attacks towards you its important that you check them to prevent getting attacked!
77. Use a trustworthy browser, we recommend the tor browser.
78. Do not download anything using the tor browser! Downloaded apps can be used to deanonymize you.
79. Do not use the tor browser on your phone, if you do, disable javascript (strictest security settings)!
80. Do not ever fullscreen your browsers! Your screensize can be used to identify you.
81. Do not use your actual timezone on your phone or pc use a mechanic clock!
82. Do not use your real keyboardlayout on your phone or pc, google which layout is similar to yours and use that.
83. If you have to pay for your data getting removed like a dox or a db entry, just do it you wont regret. However deleting db entries might be useless as someone probably has your db entry data copied somewhere else. Dehashed lets you delete data on you for free, but it only gets deleted from public search not from the actual db, you fuckers...
84. Never share internet using bluetooth! extremely insecure!
85. Use privacyscreens to prevent people and cameras behind or next to you from seeing what you are doing on your device!
86. Check if your details are breached in database breaches, check at haveibeenpwned.com.
87. Do not have your address publicly listed.
88. It is important that you know, if you are targeted by goverment entity the best thing to do is just to destroy all your devices storage units. Dont ever underestimate them, this is why its better to stay lowkey online, we cannot encourage you enough to not brag about things you have done, also do not link your doings to an alias.
89. If you use windows, debloat it with scripts, oosu10 is a good and reliable program to do this.
90. Lie about your self online, when it comes to opsec disinformation is your bestfriend!
91. Distract people after you, fake dox your self, "accidently" leak disinformation like your "address", but do not make it obivious.
92. Always choose wired over wireless!
93. Remember to check for cc skimmers before paying offline and domains when paying on the internet!
94. Be aware of the cameras around you!
95. Do not do things considered as secret in public places, for example do not chat in your hacking telegram group if you are in your school! Cameras are always watching!
96. Check if your browserfingerprint is unique at amiunique.org to plan your threat model. If it's unique, bad for you, if it's not unique, good for you
However its very likely that your browserfingerprint is unique, to defeat this use Tor Browser or disable javascript and make whitelist of websites which you want to allow javascript on. Javascript is one of the most dangerous things on the internet, be aware of that even when using the Tor Browser you could be deanonymized by javascript. We recommend the use of noscript and umatrix with strict rules. Tor Browser strictest settings disable javascript, be aware it will break many websites.97. Use trustworthy browserextensions like umatrix and ublock origin.
98. Generate and use fake identities online.
99. Type everything on notepad and paste where ever you need to, this way your typing speed cannot be traced by your browser or the websites you visit. When a trashy browser called yandex was reverse engineered was found that it sends a request every time you type a letter.
100. If you don't pay for it you are the product!