WEBVTT 1 00:00:00.080 --> 00:00:02.439 Welcome to the deep dive. We're here to plunge headfirst 2 00:00:02.520 --> 00:00:05.639 into complex topics, really pull out the most important insights, 3 00:00:05.639 --> 00:00:08.519 maybe some surprising facts for you. And look, it's no 4 00:00:08.599 --> 00:00:11.880 secret that real Internet privacy, well it's incredibly difficult these days, 5 00:00:11.919 --> 00:00:15.199 really tough to maintain. If you're online, your data, your habits, 6 00:00:15.240 --> 00:00:17.679 even where you are, it can all become a fair 7 00:00:17.719 --> 00:00:21.519 game tracked by well everyone from governments to hackers. It's 8 00:00:21.640 --> 00:00:25.399 just the reality. So today we're doing a deep dive 9 00:00:25.480 --> 00:00:29.199 into some serious methods ways to try and maintain anonymity 10 00:00:29.239 --> 00:00:33.079 and evade surveillance. Our main source for this is a 11 00:00:33.119 --> 00:00:36.039 really detailed book tour and the Darknet Remain Anonymous and 12 00:00:36.119 --> 00:00:39.719 Evade NSSAY Spying by James Smith. Our mission here is 13 00:00:39.719 --> 00:00:41.759 to dig through this find those crucial bits of knowledge, 14 00:00:41.799 --> 00:00:44.399 those surprising facts, to help you get truly well informed 15 00:00:44.439 --> 00:00:45.399 on digital security. 16 00:00:45.479 --> 00:00:49.200 Absolutely and you know, while hitting complete one hundred percent 17 00:00:49.280 --> 00:00:53.479 anonymity online that's a huge challenge, maybe impossible, right, it's 18 00:00:53.520 --> 00:00:56.759 constantly changing. But understanding these tools, these tactics that really 19 00:00:56.759 --> 00:00:59.759 empowers you and let's you make informed decisions about your 20 00:00:59.759 --> 00:01:02.479 digital footprint, your whole security setup and just to be 21 00:01:02.520 --> 00:01:07.439 super clear upfront, this discussion is purely about understanding the 22 00:01:07.439 --> 00:01:11.560 source material, exploring the tech, the concepts. We're not endorsing 23 00:01:11.599 --> 00:01:13.400 any specific activities mentioned of the book. 24 00:01:13.480 --> 00:01:17.000 Okay, great clarification, So let's dive in the core stuff. 25 00:01:17.040 --> 00:01:19.480 The book really sets up Tour the Onion router as 26 00:01:19.519 --> 00:01:22.040 like the foundation. If you want to protect your identity 27 00:01:22.040 --> 00:01:24.879 online for listeners who might be new to this, can 28 00:01:24.920 --> 00:01:27.159 you give us a quick rundown? How does Tour actually, 29 00:01:28.000 --> 00:01:31.079 you know, work its magic keep us synonymous? 30 00:01:31.280 --> 00:01:34.599 Sure? So, Tour works by bouncing your Internet traffic through 31 00:01:34.599 --> 00:01:37.640 this global network of volunteer servers. It encrypts your data 32 00:01:37.680 --> 00:01:40.200 in layers. That's the Onion part of the name. Your 33 00:01:40.239 --> 00:01:44.799 request goes through usually three random relays. There's an entry node, 34 00:01:45.040 --> 00:01:47.400 a middle one, the relay node, and then an exit node. 35 00:01:47.519 --> 00:01:50.159 And the key is each note only knows the IP 36 00:01:50.280 --> 00:01:52.480 address of the one immediately before it and the one 37 00:01:52.480 --> 00:01:55.680 immediately after it. It never knows your original IP and 38 00:01:55.719 --> 00:01:58.799 the final destination together. So by the time your traffic 39 00:01:58.840 --> 00:02:01.200 actually leaves that exit node and hits the website you're 40 00:02:01.200 --> 00:02:04.120 going to tracing it back to you is incredibly difficult. 41 00:02:04.239 --> 00:02:07.599 The real genius of Tour isn't just the encryption layers, though, 42 00:02:07.640 --> 00:02:10.479 That's crucial is how it turns your activity into this 43 00:02:10.560 --> 00:02:14.120 kind of digital ghost, makes tracing you back really really hard. 44 00:02:14.319 --> 00:02:16.840 A digital ghost. I like that metaphor, but even ghosts, 45 00:02:16.960 --> 00:02:19.360 they can leave fink traces if you're not careful. Right, 46 00:02:19.639 --> 00:02:21.759 why does the book say the key vulnerability is in 47 00:02:21.800 --> 00:02:22.680 this tour network? 48 00:02:23.039 --> 00:02:26.319 Exactly? Yeah, yeah, the big one, the significant vulnerability is 49 00:02:26.360 --> 00:02:29.639 at that exit node. If the data you're sending through 50 00:02:29.639 --> 00:02:32.479 tour is just plain text, meaning you know it wasn't 51 00:02:32.599 --> 00:02:35.599 encrypted before it even went into the Tour network, well, 52 00:02:35.599 --> 00:02:38.039 then that exit node operator can see it, they can 53 00:02:38.080 --> 00:02:40.719 decrypt it. And this is critical because look, anyone can 54 00:02:40.759 --> 00:02:46.120 set up an exit node, law enforcement, hackers, foreign intelligence, anyone. 55 00:02:46.639 --> 00:02:50.280 So if you're sending sensitive stuff unencrypted, that exit node 56 00:02:50.400 --> 00:02:52.919 is a major potential interception point. 57 00:02:53.080 --> 00:02:55.439 Okay, so that exit node sounds pretty risky. How do 58 00:02:55.479 --> 00:02:58.319 you get around that problem? Then the book brings up 59 00:02:58.319 --> 00:03:00.719 something called hidden services. You reckon iognize them by the 60 00:03:00.759 --> 00:03:03.919 onion addresses. It calls them a clever solution. What makes 61 00:03:03.919 --> 00:03:04.520 them different? 62 00:03:04.879 --> 00:03:07.759 Right? Hidden services are different because they basically bypass that 63 00:03:07.840 --> 00:03:10.800 traditional exit node. For the last step, when you connect 64 00:03:10.800 --> 00:03:13.879 to a dot onion address, your connection stays fully encrypted 65 00:03:14.159 --> 00:03:17.800 and to end within the Tour network itself. The website 66 00:03:17.840 --> 00:03:20.879 you're visiting, the dot Onion site is the one decrypting 67 00:03:20.919 --> 00:03:24.879 your message, not some random, potentially snooping exit node. It 68 00:03:24.960 --> 00:03:27.199 means both you and the site are operating inside tour 69 00:03:27.319 --> 00:03:28.520 securing the whole chain. 70 00:03:28.439 --> 00:03:32.199 Gotcha and okay, outside of the Tour network itself. Another 71 00:03:32.240 --> 00:03:35.879 really critical layer is HTTP secure HTTPS. We see it 72 00:03:35.879 --> 00:03:38.560 all the time, that HTTPS. How does that fit into 73 00:03:38.560 --> 00:03:40.000 this whole security picture. 74 00:03:40.199 --> 00:03:44.159 Well, HTTPS encrypts the traffic directly between your browser and 75 00:03:44.199 --> 00:03:47.000 the server you're connecting to, so it stops eavesdroppers, maybe 76 00:03:47.000 --> 00:03:49.439 someone running that malicious tour exit node we talked about, 77 00:03:49.439 --> 00:03:53.039 from seeing what you're sending or even injecting malware. And 78 00:03:53.039 --> 00:03:55.360 the source makes a good point here. The strength of 79 00:03:55.360 --> 00:03:58.919 that encryption really matters. A lot of sites still use older, 80 00:03:58.960 --> 00:04:01.319 weaker keys. You really want to see at least a 81 00:04:01.360 --> 00:04:04.479 twenty forty eight bit key, ideally forty ninety six bit. 82 00:04:04.759 --> 00:04:07.400 But even with strong HTTPS, there's still a risk, right 83 00:04:07.439 --> 00:04:10.759 if the web server itself gets compromised, then your data, 84 00:04:10.919 --> 00:04:13.159 no matter how well it was encrypted, getting there could 85 00:04:13.199 --> 00:04:16.000 still be exposed. It just reminds you every single link 86 00:04:16.040 --> 00:04:17.279 in that chain has to be strong. 87 00:04:17.480 --> 00:04:20.639 That makes sense, every link. So given all these risks, 88 00:04:20.759 --> 00:04:23.800 the book then shifts to something really fundamental, almost regardless 89 00:04:23.800 --> 00:04:26.360 of the tech, it's this piece of advice, never ever 90 00:04:26.439 --> 00:04:29.639 give up identifying details about yourself online. And this leads 91 00:04:29.720 --> 00:04:32.680 us straight into a powerful tool for that. PGP encryption. 92 00:04:32.920 --> 00:04:36.519 Pretty good privacy, right, PGP The core idea there is 93 00:04:36.600 --> 00:04:39.439 public and private keys. Think of it maybe like this. 94 00:04:40.800 --> 00:04:43.279 Your public key is like an open padlock. You can 95 00:04:43.319 --> 00:04:45.240 give that pablock out to anyone. They can use it 96 00:04:45.240 --> 00:04:47.360 to lock a box, encrypt a message, a file just 97 00:04:47.399 --> 00:04:50.240 for you, but only you have the matching private key 98 00:04:50.279 --> 00:04:53.800 that can unlock that specific box, nobody else, not even 99 00:04:53.839 --> 00:04:55.800 the person who locked it. And you can use this 100 00:04:55.879 --> 00:04:59.720 for encrypting, decrypting, even digitally signing messages or files to 101 00:04:59.759 --> 00:05:02.040 prove it came from you. You can encrypt whole disc 102 00:05:02.120 --> 00:05:05.800 partitions with it. The really crucial thing to grasp with PGP, though, 103 00:05:06.079 --> 00:05:09.600 is it gives you total control but also total responsibility. 104 00:05:09.839 --> 00:05:12.360 If you lose your private key, there's no password reset, 105 00:05:12.399 --> 00:05:15.439 there's no recovery that data is locked away forever. 106 00:05:15.639 --> 00:05:18.480 That padlock analogy is great. Really makes the public private 107 00:05:18.519 --> 00:05:21.279 key thing click. You're building this digital fortress and you 108 00:05:21.319 --> 00:05:24.079 hold the only key. Really drives home how vital protecting 109 00:05:24.199 --> 00:05:26.759 that private key is so? Okay? How do you actually 110 00:05:26.839 --> 00:05:29.879 use something like PGP without it being super complex for 111 00:05:29.920 --> 00:05:33.360 the average person? The book points to TAILS, this live 112 00:05:33.399 --> 00:05:36.360 operating system as a practical way to make using PGP 113 00:05:36.519 --> 00:05:38.519 and boosting anonymity much easier. 114 00:05:38.720 --> 00:05:42.519 Yeah, TAILS is, it's a fantastic tool. It's designed specifically 115 00:05:42.519 --> 00:05:45.319 for anonymity and privacy right from the start. It's a 116 00:05:45.360 --> 00:05:47.560 live OS, which means you run it straight from a 117 00:05:47.600 --> 00:05:51.240 DVD or more commonly now a USB drive. You don't 118 00:05:51.279 --> 00:05:54.920 install it on your computer's main hard drive. For Windows users, 119 00:05:54.959 --> 00:05:57.560 you can also run it inside something called a virtual box, 120 00:05:57.680 --> 00:06:00.199 which is like running a computer within your computer on 121 00:06:00.240 --> 00:06:02.839 top of your normal Windows. But the real beauty of 122 00:06:02.920 --> 00:06:06.160 running TAILS from external media like that USB stick it 123 00:06:06.279 --> 00:06:09.439 seriously reduces the risk. It isolates you from potential malware 124 00:06:09.560 --> 00:06:12.399 keyloggers that might be hiding on your main Window system 125 00:06:12.480 --> 00:06:13.879 exploding vulnerabilities there. 126 00:06:14.120 --> 00:06:18.040 Right, so using the USB sounds much safer. What's the risk. 127 00:06:18.079 --> 00:06:20.839 Then if you do run it using virtual box directly 128 00:06:20.879 --> 00:06:21.560 on your hard drive. 129 00:06:21.839 --> 00:06:24.759 Well, running virtual box and TAILS directly off your hard drive, 130 00:06:25.079 --> 00:06:27.720 that carries a pretty big danger. Even if you delete 131 00:06:27.759 --> 00:06:31.000 files within TAILS. Running that way, temporary files can often 132 00:06:31.040 --> 00:06:34.040 get left behind on the host machine's hard drive, and 133 00:06:34.079 --> 00:06:37.399 those temporary files can sometimes be recovered later using forensic tools, 134 00:06:37.600 --> 00:06:41.360 potentially revealing stuff you thought was totally private. The source 135 00:06:41.439 --> 00:06:44.439 really advises against this setup. It pushes hard for running 136 00:06:44.439 --> 00:06:47.160 everything off a USB. In fact, it even suggests using 137 00:06:47.160 --> 00:06:50.399 a separate USB drive just for storing your PGP private 138 00:06:50.480 --> 00:06:53.720 keys and other super sensitive data. Keep it totally separate 139 00:06:53.759 --> 00:06:56.399 from your main hard drive. Create more layers. Wow. 140 00:06:56.439 --> 00:07:01.959 Okay, that's some serious compartmentalization, keeping things physical separate. Speaking 141 00:07:02.000 --> 00:07:04.920 of encrypting data, the book also talks about full disc 142 00:07:05.079 --> 00:07:09.079 encryption FDE. This seems to take the PGP idea beyond 143 00:07:09.079 --> 00:07:11.920 just files and basically lock down your entire device. How 144 00:07:11.959 --> 00:07:13.240 does that work FDE? 145 00:07:13.480 --> 00:07:17.199 Yeah, it protects the whole drive by encrypting the entire filesystem, 146 00:07:17.680 --> 00:07:21.240 all the data on it becomes inaccessible without the right passphrase. 147 00:07:21.959 --> 00:07:24.040 Kal's actually has a built in feature for this, which 148 00:07:24.079 --> 00:07:27.120 is another reason it's often recommended. It makes encrypting the 149 00:07:27.120 --> 00:07:31.480 persistent storage on your tail's USB pretty straightforward. But just 150 00:07:31.519 --> 00:07:34.480 like PGP private keys, the critical thing here's that passphrase. 151 00:07:34.879 --> 00:07:38.319 If you lose your FDE passphrase, there's no getting back in, 152 00:07:38.480 --> 00:07:41.160 no recovery option. Your only choice is to wipe the 153 00:07:41.199 --> 00:07:44.360 drive completely and start over. So pick a strong one 154 00:07:44.560 --> 00:07:45.439 and don't forget it. 155 00:07:45.399 --> 00:07:48.319 Right another, don't lose the key situation and building on 156 00:07:48.360 --> 00:07:51.120 that data protection, the book really hammers home the importance 157 00:07:51.120 --> 00:07:53.519 of file shredding. Why isn't just hitting delete good enough? 158 00:07:53.839 --> 00:07:56.480 Because when you delete a file, normally you're mostly just 159 00:07:56.519 --> 00:07:58.920 telling the operating system, hey, the space's file used is 160 00:07:58.959 --> 00:08:02.399 now available for something else. The actual data often just 161 00:08:02.399 --> 00:08:04.079 sit there on the hard drive until it happens to 162 00:08:04.120 --> 00:08:06.519 get overwritten by new data, which means it is often 163 00:08:06.560 --> 00:08:10.519 easily recoverable with forensic software. Fileshredding actually overwrites the file's 164 00:08:10.560 --> 00:08:14.560 location with random data, usually multiple times, to make recovery 165 00:08:14.600 --> 00:08:19.199 practically impossible. The book mentions different standards NSA recommending three passes, 166 00:08:19.560 --> 00:08:22.759 DoD seven, Gutman method thirty five, and even you know 167 00:08:22.800 --> 00:08:25.160 three to seven passes is generally seen as pretty solid 168 00:08:25.160 --> 00:08:27.839 for most people, and not doing this can have real consequences. 169 00:08:27.879 --> 00:08:31.800 It mentions topiary from Leusek, who was actually banned from 170 00:08:31.920 --> 00:08:34.840 using file shredders as part of his sentence, specifically so 171 00:08:34.919 --> 00:08:38.039 the FBI could monitor his drive contents. So yeah, tools 172 00:08:38.039 --> 00:08:40.879 like deband file shredder, even seacleaner has a shredding option, 173 00:08:41.039 --> 00:08:41.679 they're important. 174 00:08:41.759 --> 00:08:44.840 Okay, that makes sense. Deleting isn't really deleting. So let's 175 00:08:44.879 --> 00:08:47.279 pull some of this together. What's the big takeaway here? 176 00:08:47.840 --> 00:08:51.320 Our online actions they leave these digital breadcrumbs, and sometimes 177 00:08:51.360 --> 00:08:54.480 those crumbs aren't just cookies or history. The book gets 178 00:08:54.480 --> 00:08:58.240 into JavaScript vulnerabilities and it mentions the tour mailbust back 179 00:08:58.279 --> 00:09:00.480 in mid twenty thirteen. What actually happen in there? 180 00:09:00.639 --> 00:09:02.480 Right? That was a big one. In that case, federal 181 00:09:02.519 --> 00:09:05.840 agents managed to inject some malicious JavaScript onto servers hosting 182 00:09:05.879 --> 00:09:09.039 certain hidden services, including what was supposed to be a 183 00:09:09.039 --> 00:09:13.000 secure email platform. So when users visited those sites, this 184 00:09:13.120 --> 00:09:17.120 nasty code would run inside their own browser, and it 185 00:09:17.200 --> 00:09:20.639 basically forced the browser to reveal their real IP address 186 00:09:20.679 --> 00:09:25.399 and other identifying info completely bypassing tours protection for those users. 187 00:09:26.039 --> 00:09:28.399 The key insight, right, is that even if you're using tour, 188 00:09:28.679 --> 00:09:31.120 malicious code running in your browser can still unmask you. 189 00:09:31.559 --> 00:09:34.440 It's a stark reminder way you might seriously consider disabling 190 00:09:34.519 --> 00:09:38.519 JavaScript in browsers like Ice, Weasel or Firefox. You can 191 00:09:38.559 --> 00:09:40.840 do that in the about dot config settings. Just got 192 00:09:40.879 --> 00:09:43.000 to remember if you're using TAILS, that resets each time, 193 00:09:43.159 --> 00:09:45.240 so you have to redisable JavaScript every time you boot 194 00:09:45.279 --> 00:09:46.559 up TAILS. If that's your strategy. 195 00:09:46.679 --> 00:09:48.960 Wow, okay, So the browser itself can betray you, and 196 00:09:49.000 --> 00:09:53.440 it's not just code, right, metadata, particularly this EXIF data 197 00:09:53.480 --> 00:09:55.919 hidden in photos. That's another silent betrayer. 198 00:09:56.039 --> 00:09:59.039 Oh. Absolutely. The insight there is that even your innocent 199 00:09:59.080 --> 00:10:02.039 looking photos can carry hidden data like GPS coordinates, the 200 00:10:02.039 --> 00:10:04.480 type of camera use, sometimes even the date and time. 201 00:10:04.559 --> 00:10:07.279 There's that infamous case of the hacker rumor. He apparently 202 00:10:07.320 --> 00:10:10.279 posted pictures of his girlfriend online and embedded in the 203 00:10:10.320 --> 00:10:14.440 EXIF data where iPhone GPS coordinates that led the authorities 204 00:10:14.519 --> 00:10:17.559 right to his location. And another big example was John 205 00:10:17.600 --> 00:10:21.360 McAfee's arrest in Guatemala. A photo published by Vice magazine 206 00:10:21.399 --> 00:10:25.399 supposedly contained EXIF data that pinpointed where he was hiding. 207 00:10:25.600 --> 00:10:28.440 So the advice is generally maybe used PNG images instead 208 00:10:28.440 --> 00:10:32.759 of JPEGs as PNGs usually don't store exif, and always 209 00:10:32.879 --> 00:10:36.279 always check your images with an online tool like viexfdata 210 00:10:36.320 --> 00:10:38.559 dot com before you upload them anywhere sensitive. 211 00:10:38.240 --> 00:10:41.840 Good tip check your photos. Okay, beyond deliberate exploits like 212 00:10:41.919 --> 00:10:45.279 JavaScript or hidden data like exif, what about just plan 213 00:10:45.360 --> 00:10:48.159 old tracking cookies. The book talks about how companies like 214 00:10:48.200 --> 00:10:51.200 Google use these to build up detailed profiles of our browsing. 215 00:10:51.360 --> 00:10:53.799 What's the danger there for someone trying to stay anonymous? 216 00:10:54.120 --> 00:10:57.720 The danger the implication is that even if you're using 217 00:10:57.759 --> 00:11:01.919 tour to hide your IP, goverment agencies or others can 218 00:11:01.960 --> 00:11:06.000 potentially leverage these tracking profiles. They can correlate your activity. 219 00:11:06.600 --> 00:11:09.519 If you use tour for some let's say freedom fighting activity, 220 00:11:09.840 --> 00:11:11.759 and then in the same tour session you log into 221 00:11:11.799 --> 00:11:14.759 your personal Facebook or Google something specific to your local area. 222 00:11:15.200 --> 00:11:18.480 While those patterns create connections, they link those different activities 223 00:11:18.519 --> 00:11:22.480 back to potentially one person. That's why the book strongly 224 00:11:22.559 --> 00:11:25.960 warns against mixing your online identities or activities within the 225 00:11:25.960 --> 00:11:26.840 same tour session. 226 00:11:26.960 --> 00:11:29.279 Keep things separate, right, don't cross the streams and the tracking. 227 00:11:29.320 --> 00:11:31.519 It goes beyond just standard cookies, doesn't it. There are 228 00:11:31.559 --> 00:11:34.679 things like flash cookies, local stored objects, and DOM storage. 229 00:11:34.840 --> 00:11:37.919 Yeah, those are like super cookies. They can be much 230 00:11:37.960 --> 00:11:41.000 more persistent and harder to clear than regular browser cookies. 231 00:11:41.279 --> 00:11:44.120 They can also track your activity across different websites, often 232 00:11:44.240 --> 00:11:46.960 quite aggressively. Now you can usually manage or disable these. 233 00:11:46.960 --> 00:11:50.039 There are settings in Adobe Flash player itself and in 234 00:11:50.159 --> 00:11:53.519 firefoxes about dot canfig You can toggle dom dot storage 235 00:11:53.559 --> 00:11:56.519 dot enable to falls. But it's worth noting one of 236 00:11:56.519 --> 00:11:59.039 the nice things about tails is that it automatically clears 237 00:11:59.200 --> 00:12:02.480 standard cookies every session. And importantly, it doesn't even come 238 00:12:02.519 --> 00:12:05.279 with Flash installed by default, so that offers some built 239 00:12:05.320 --> 00:12:07.559 in protection against those specific tracking methods. 240 00:12:07.799 --> 00:12:10.519 Okay, so tails helps there. But all these little data 241 00:12:10.519 --> 00:12:14.360 points cookies exif JavaScript settings, they can apparently add up 242 00:12:14.360 --> 00:12:18.600 to something even more insidious, browser fingerprinting. What exactly is 243 00:12:18.600 --> 00:12:20.159 that and why should we worry about it? 244 00:12:20.399 --> 00:12:24.799 Browser fingerprinting is basically creating a unique digital signature, a 245 00:12:24.799 --> 00:12:28.320 fingerprint for your specific browser setup. It collects a whole 246 00:12:28.360 --> 00:12:31.039 bunch of data points, things like which browser plugins you 247 00:12:31.080 --> 00:12:35.039 have installed, your screen resolution, your system fonts, your time zone, 248 00:12:35.200 --> 00:12:38.679 the exact browser version or user agent, and the combination 249 00:12:38.759 --> 00:12:41.559 of all these things can often be surprisingly unique to you. 250 00:12:42.159 --> 00:12:44.559 So even if you're using tour or VPN to hide 251 00:12:44.600 --> 00:12:48.000 your IP address, this unique fingerprint might remain consistent across 252 00:12:48.039 --> 00:12:51.360 different sessions or websites. That makes it easier for sophisticated 253 00:12:51.399 --> 00:12:54.559 trackers to correlate your activity. They might not know who 254 00:12:54.600 --> 00:12:56.759 you are, but they know it's the same browsers showing 255 00:12:56.799 --> 00:12:59.840 up again and again. The core insight here is yeah, 256 00:13:00.000 --> 00:13:03.720 even without cookies, you might still be uniquely identifiable just 257 00:13:03.720 --> 00:13:06.559 by how your browser looks to a website. That's another 258 00:13:06.600 --> 00:13:09.480 reason the book recommends using TAILS and disabling JavaScript. Tails 259 00:13:09.720 --> 00:13:12.840 tries to standardize many of these fingerprinting characteristics to make 260 00:13:12.919 --> 00:13:13.879 users look more alike. 261 00:13:14.039 --> 00:13:17.600 Okay, wow, that's a lot. On the technical side. We've 262 00:13:17.639 --> 00:13:22.639 covered tour encryption, file shredding, JavaScript metadata fingerprinting, but the 263 00:13:22.639 --> 00:13:26.159 book makes a really crucial point. The best tech setup 264 00:13:26.159 --> 00:13:29.679 in the world can be completely undermined by simple human error. 265 00:13:30.200 --> 00:13:32.120 This brings us to the human factor in all this. 266 00:13:32.840 --> 00:13:35.559 What are some of the general precautions the book advises 267 00:13:35.600 --> 00:13:37.799 when posting or interacting online? 268 00:13:38.039 --> 00:13:41.080 Right, the human element, It's huge. The book really pushes 269 00:13:41.080 --> 00:13:44.879 for using multiple online identities compartmentalization. Maybe you have one 270 00:13:44.919 --> 00:13:47.840 persona for buying things, a totally separate one for selling, 271 00:13:48.039 --> 00:13:50.759 another one just for posting on forums. This makes it 272 00:13:50.879 --> 00:13:53.399 much much harder for anyone watching to link all your 273 00:13:53.440 --> 00:13:57.240 different activities together and to manage all the different, complex, 274 00:13:57.440 --> 00:14:00.159 unique passwords you absolutely should be using. For you to 275 00:14:00.200 --> 00:14:03.840 these identities, a password manager is key. The book suggests 276 00:14:03.919 --> 00:14:06.759 key pass x, which is conveniently included in TAILS. The 277 00:14:06.799 --> 00:14:09.399 insight is really that consistency using the same user name, 278 00:14:09.440 --> 00:14:12.360 same password, same style across different platforms. That can be 279 00:14:12.399 --> 00:14:14.159 your biggest vulnerability. Mix it up. 280 00:14:14.200 --> 00:14:17.519 That makes total sense, separate identities, but it's fascinating. It's 281 00:14:17.559 --> 00:14:21.720 not just technical consistency, right. The book talks about behavioral 282 00:14:21.720 --> 00:14:23.159 patterns being identifiers too. 283 00:14:23.240 --> 00:14:27.639 Oh, absolutely, this is critical. Things like unique grammar mistakes 284 00:14:27.639 --> 00:14:31.600 you always make, consistent spelling errors, using specific slang terms, 285 00:14:31.639 --> 00:14:35.159 even the times a day you're predictably online. All of 286 00:14:35.159 --> 00:14:38.320 these can be used to build a profile and potentially 287 00:14:38.320 --> 00:14:41.600 identify you, even across different user names. The source really 288 00:14:41.600 --> 00:14:45.399 emphasizes look, law enforcement assumes they're reading everything they expect to. 289 00:14:45.679 --> 00:14:48.000 They have people whose job it is to sit there 290 00:14:48.159 --> 00:14:51.960 sift through forum posts chat logs, everything, actively looking for 291 00:14:52.000 --> 00:14:55.600 these correlations, these little behavioral tics that link an anonymous 292 00:14:55.600 --> 00:14:58.759 persona back to a real person. They don't underestimate your 293 00:14:58.799 --> 00:15:01.279 online persona, so you shouldn't to estimate their dedication to 294 00:15:01.320 --> 00:15:04.559 finding those links. Your unique digital voice can give you away. 295 00:15:04.720 --> 00:15:08.240 That's sobering. They're actively looking for your quirks, which raises 296 00:15:08.279 --> 00:15:11.639 a big question just how far law enforcement go to 297 00:15:11.759 --> 00:15:14.759 catch someone online. The Sorts gives some pretty eye opening 298 00:15:14.879 --> 00:15:16.000 real world examples. 299 00:15:16.159 --> 00:15:21.080 Yeah, they will go to frankly incredible lengths. The book 300 00:15:21.240 --> 00:15:24.480 cites the DEA's sting in the Silk Road case, an 301 00:15:24.600 --> 00:15:29.120 undercover agent literally shipped a kilogram of cocaine to Curtis 302 00:15:29.159 --> 00:15:32.279 Green his online name was Flush, basically setting him up 303 00:15:32.279 --> 00:15:35.399 for a major bust. Then there was Operation Open Market. 304 00:15:35.679 --> 00:15:38.240 This was the secret service running a fake online ID 305 00:15:38.480 --> 00:15:42.200 vendor site for five years. They posed as criminals selling 306 00:15:42.279 --> 00:15:46.039 fake IDs, ship them out, gathered evidence, and eventually brought 307 00:15:46.039 --> 00:15:50.000 down fifty five different defendants using Ricodact charges. That's the 308 00:15:50.039 --> 00:15:52.240 kind of law I usually used against the mob. Shows 309 00:15:52.279 --> 00:15:54.440 how seriously they take this stuff, and it's not just 310 00:15:54.480 --> 00:15:57.000 for huge cases. It even mentions a local police department 311 00:15:57.080 --> 00:15:59.840 running a fake sweepstakes like something out of The Simpsons, 312 00:15:59.840 --> 00:16:03.360 just to lure in people with outstanding warrants by promising prizes. 313 00:16:03.600 --> 00:16:05.159 They arrested quite a few people that way. 314 00:16:05.279 --> 00:16:08.919 Wow, a fake sweepstakes. That's incredible commitment or maybe deception, 315 00:16:09.080 --> 00:16:10.919 depending on how you look at it. It really shows the 316 00:16:10.919 --> 00:16:14.519 resources they'll deploy. What were the actual consequences for people 317 00:16:14.559 --> 00:16:17.399 caught in operations like the Silk Road sting or Operation 318 00:16:17.480 --> 00:16:18.480 Open Market. 319 00:16:18.320 --> 00:16:21.559 Well, they're incredibly severe. Curtis Green, the guy who received 320 00:16:21.559 --> 00:16:24.559 the cocaine shipment, he was reportedly facing up to forty 321 00:16:24.639 --> 00:16:27.399 years in prison, and those fifty five people charged under 322 00:16:27.399 --> 00:16:30.559 the IICO Act and Operation Open Market, they were potentially 323 00:16:30.600 --> 00:16:33.559 looking at twenty years each. The clear takeaway, the insight 324 00:16:33.600 --> 00:16:35.559 the book drives home is that it really only takes 325 00:16:35.559 --> 00:16:38.759 one mistake, one slip up, and once law enforcement is 326 00:16:38.799 --> 00:16:42.559 on to you, they will pursue you relentlessly. Often the 327 00:16:42.600 --> 00:16:45.159 resources you just can't match. The consequences are very real. 328 00:16:45.120 --> 00:16:48.480 Very heavy, definitely a sobering reality check. So learning from 329 00:16:48.559 --> 00:16:51.600 other's mistakes becomes absolutely crucial. The case of Sabu, the 330 00:16:51.679 --> 00:16:54.320 leader of LOSK, is a really stark example he had 331 00:16:54.320 --> 00:16:58.039 this invincibility mindset, but it crumbled. What were his key mistakes? 332 00:16:58.399 --> 00:17:02.960 Sabu, Yeah, hector. Despite his online persona, he made at 333 00:17:03.039 --> 00:17:06.839 least two critical errors that ultimately exposed him. First, apparently, 334 00:17:06.880 --> 00:17:10.160 he once logged into an IRC chat that's Internet Relay Chat, 335 00:17:10.519 --> 00:17:13.400 an older chat system, using his real home IP address. 336 00:17:13.720 --> 00:17:16.599 He forgot to connect through his usual anonymizing proxy first. 337 00:17:17.119 --> 00:17:19.799 That single log in was reportedly enough for federal agents 338 00:17:19.839 --> 00:17:23.720 to Pinpoor in his location. One mistake. But even before that, 339 00:17:23.920 --> 00:17:27.160 another hacking group had apparently dosed him released his personal 340 00:17:27.160 --> 00:17:30.039 info because of an error with his domain registration. His 341 00:17:30.119 --> 00:17:33.119 proxy service used for the registration expired and the domain 342 00:17:33.160 --> 00:17:36.160 registrar GoDaddy apparently used his real name and address when 343 00:17:36.160 --> 00:17:39.880 it renewed. Another slip up. The insight here is just 344 00:17:39.960 --> 00:17:43.480 how fragile anonymity can be. One moment of carelessness, what 345 00:17:43.559 --> 00:17:47.759 expired service, one configuration error, and years of effort can unravel. 346 00:17:47.799 --> 00:17:50.279 And how did the FBI end up leveraging Zabou once 347 00:17:50.319 --> 00:17:53.119 they had him. That must have been an intense situation, yet, yeah, 348 00:17:53.160 --> 00:17:53.599 intense is. 349 00:17:53.559 --> 00:17:57.480 Probably an understatement. They used the human element again, his children. 350 00:17:57.680 --> 00:17:59.640 He was facing something like one hundred and twelve years 351 00:17:59.680 --> 00:18:03.160 in prison. The FBI reportedly used his desire to stay 352 00:18:03.160 --> 00:18:06.240 with his kids his biggest vulnerability to turn him. He 353 00:18:06.279 --> 00:18:09.319 became an informant, working against his former associates, people he 354 00:18:09.400 --> 00:18:12.559 called friends, like Jeremy Hammond, and the FBI's investigation into 355 00:18:12.640 --> 00:18:16.319 Hammond is detailed in the source, was just meticulous. It 356 00:18:16.359 --> 00:18:20.599 shows their persistence. They connected his different online aliases subdigging 357 00:18:20.640 --> 00:18:23.359 and archaos to his real life. They found links to 358 00:18:23.400 --> 00:18:26.200 protests he attended, like one in Saint Louis, his arrest 359 00:18:26.200 --> 00:18:29.119 at the two thousand and four RNC, even minor details 360 00:18:29.160 --> 00:18:31.640 like marijuana arrests or a comment he made about being 361 00:18:31.680 --> 00:18:34.839 a freaking goddess related to dumpster diving. They even tracked 362 00:18:34.839 --> 00:18:37.759 his specific MacBooks m Mooxya address, connecting to tour notes 363 00:18:37.880 --> 00:18:40.039 and correlated times he left his house with his activity 364 00:18:40.039 --> 00:18:43.039 on irc. It's a really chilling illustration of how deep 365 00:18:43.079 --> 00:18:46.519 these investigations go. They connect every tiny digital breadcrumb to 366 00:18:46.559 --> 00:18:47.880 physical world actions. 367 00:18:48.079 --> 00:18:51.640 That is chilling and a powerful reminder of the pressure involved, 368 00:18:51.680 --> 00:18:54.799 the human cost. It really underscores that idea we touched 369 00:18:54.839 --> 00:18:58.039 on nobody goes to jail for you, so knowing that 370 00:18:58.160 --> 00:19:01.200 level of pressure exists. The book offers advice if you 371 00:19:01.279 --> 00:19:05.359 do find yourself facing an interrogation, what's the recommended protocol? 372 00:19:05.559 --> 00:19:09.720 Right if the worst happens first and absolutely foremost, retain 373 00:19:09.759 --> 00:19:12.680 a lawyer beforehand, get one on retainer. The source even 374 00:19:12.720 --> 00:19:16.440 suggests a figure around fifty thousand dollars, because the logic is, 375 00:19:16.519 --> 00:19:20.119 if you're arrested, the authorities might seize all your assets immediately. 376 00:19:20.400 --> 00:19:22.720 If your money is frozen, you might not be able 377 00:19:22.720 --> 00:19:24.559 to hire a lawyer when you need one. Most a 378 00:19:24.599 --> 00:19:28.359 prepaid retainer avoids that. Then during questioning, keep your mouth 379 00:19:28.400 --> 00:19:31.319 shut immediately and clearly demand a lawyer. And the book 380 00:19:31.359 --> 00:19:35.720 advice is dropping any kind of attitude or denial, act scared, anxious, confused, 381 00:19:35.720 --> 00:19:39.039 maybe not defiant, and truly speak honestly only with your lawyer. 382 00:19:39.319 --> 00:19:42.720 That conversation is protected by attorney client privilege. Anything you 383 00:19:42.720 --> 00:19:45.400 say to law enforcement is fair game. The core insight 384 00:19:45.480 --> 00:19:48.519 is simple. Silence and legal counsel are your strongest shield 385 00:19:48.559 --> 00:19:49.359 in that situation. 386 00:19:49.599 --> 00:19:53.480 Get a lawyer, keep quiet. Got it? This invincibility mindset 387 00:19:53.519 --> 00:19:56.960 you mentioned with Sabu, it's clearly dangerous when facing government 388 00:19:57.000 --> 00:19:59.559 power and what the book calls their bullying tactics. And 389 00:19:59.599 --> 00:20:02.200 it's not just this individual's rate. Companies get forced to 390 00:20:02.240 --> 00:20:02.839 comply too. 391 00:20:03.119 --> 00:20:07.400 Oh. Absolutely, companies, even ones that champion privacy, often find 392 00:20:07.440 --> 00:20:11.160 themselves compelled by court orders. There's no real choice sometimes. 393 00:20:11.559 --> 00:20:13.920 Hush Mail is a famous example. They were forced to 394 00:20:13.920 --> 00:20:16.759 hand over something like twelve CDs worth of emails from 395 00:20:16.839 --> 00:20:20.200 three accounts under court order, laugh of them. The email 396 00:20:20.240 --> 00:20:23.119 service Edward Snowden Use is another one. The owner tried 397 00:20:23.160 --> 00:20:25.519 to resist a court order demanding his encryption keys. He 398 00:20:25.599 --> 00:20:28.400 was fined five thousand dollars a day until he finally 399 00:20:28.440 --> 00:20:30.680 gave them up, which ultimately led him to shut down 400 00:20:30.680 --> 00:20:33.599 the entire service rather than compromise all his users. It 401 00:20:33.640 --> 00:20:36.839