InfoSec

Technology is evolving, along with tools to terminology, hackers and malicious actors are also evolving their methods. Information Security will help with the basic needed security in plain laments terms to help educate on the security.

Always research the terminology and tools presented here. This website only contains the stripped down version of some well known tools and methods. It is your responsibility to find the tool or method to your personal liking.

Just like people, each tool and security harden methods have their own personality, opinions and characteristics. You do not need to know everything about them, just the simple basics will be more than enough to prevent attacks and protect your privacy.

Encrypted DNS

Encrypted DNS is your first stop on protection. This is basically a Domain Name Server that holds information regarding the Internet Service Provide renders on their server. When your device connects to the internet, the device obtains an IP address and DNS of the ISP. Nowadays, metadata is collected and shared at a cost to other organizations, Corporations and Government for analytics and data gathering. Your traffic is logged, monitored and collected to be shared without consent – this is where encrypted DNS comes into play.

Dnscrypt is the first line of defense between your device and the internet, even before connecting to a VPN, the DNS is encrypted and depending on the DNS protocol, your metadata is safe and secure.

dnscrypt.info/

Now this is important because issues can result if there is issues with using default DNS address’s. Also DNS-over-HTTP (DOH ) and DNS-over-TLS (DOT ) maybe confusing to most, it is important because Google and other giants uses DOH which can still result in “man in the middle attacks” and the ISP along with tech giants can see your meta data – stay away from DOH!

If the DNSCRYPT does not work on your device, you can simply use this DNSCRYPT public resolve to grab and DNS and set it on your device – dnscrypt.info/public-servers

Personally; Research the list and resolvers before choosing. Test out the servers and test your device. I was able to go with NEXTDNS because the service is highly customizable, contains blocklists and shows logs for any IT security researcher would love.
Once you found the one you like, you can set the DNS on your device ( or software ) which can be done by going into settings of the internet protocol your using and switch automatic to manual DNS and set up your preferred server.

Adblock

www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous

As a former hacker which fought with Anonymous, state sponsored hackers and script kiddies, I was able to perform a new type of drive-by distribution of a botnet into Google Adsense, and this would have affected millions of devices. Before I realized what was going on, I halted the project and wrote a tutorial back in 2005 on how easy it was to create a legitment advertisement, linked to any domain ( including personal domains which hosts virus’s ) and can infect any device at any time. This research was brought to light on the community and shared, which made its way to various agencies; including Google which automatically blacklisted me from using their services forever. Various intelligence agencies picked up on the research and was able to perfect “malvertisement”. If the Government can use the research for spying on enemies and gather intel, they can and use it on its own citizens without the average user knowing they been infected.

This leads us to the importance of Adblocking. It not only blocks advertisements that may contain a virus, it blocks them from stealing your metadata as well. There are many different types of advertisements and some actually are good for the company, but they are bad for the average user without the knowledge of what they might contain.

www.imperva.com/learn/application-security/malvertising/

The issue with adblocking is, mostly on the mobile side, or the entire network. Once before, Editing a device “host” file and adding the domains to block was the best way for an individual to block domains or IP’s. On mobile devices it is even more frustrating to know that your mobile device needs to be rooted, or jailbroken to even access the host file. This is where your research will get interesting because, depending on the encrypted DNS or VPN you paid for, the service might include adblocking! Only way to check is visit your service settings of the provider and check to see if they have adblocking, or domain blocking. Some are enabled by default, some are disabled. Simply enable and sit back or enable the feature and ad more domains.

If the service does not feature domain blocking, You might have to research an adblocking service that fits your needs.

ublockorigin.com/

adguard.com/en/welcome.html

On PC, most browsers supports addons, or plugins that can support Adblocking extensions. Most adblockers on the internet assumes this is good enough however, it is only a bandaid ontop of a bandage on a scrape. Your mobile device contains data that are sent to developers, manufactures, Google, Apple; not including the apps and software that also sends data from various servers which alot of them are advertisement domains!

arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/

Modern problems calls for modern solutions. There are mobile apps now that help with adblocking without modified host files. They set up a DNS profile with a list from the servers on what is blocked or whitelisted. This is a good idea but fall short since your VPN must need to be activated as well as the adblocking. This is where your choice of Either VPN or adblocking comes into play and you can not have both – but can now be circumvented and goes back to your previous security; Encrypted dns and vpn. Nextdns does not touch the vpn but adds a DNS to the mobile device, a small configuration file that only changes your device’s DNS. This new approach is going to be standard for security on the public sector soon. Apple is notorious for restrictions, but with their own MDM/profile function, it is now widely known that Apple has kept a secret from the public to where adblocking domains can be added to a “deny list” and set on your Apple device until the profile is removed.

These new techniques are the new layers of security that many institutions and Government agencies have used for a long time, but the public knowledge is almost non-existent.

Telemetry

Now this is newer type security that will be used constantly, and consistently; and there is not enough knowledge or education on this.

www.zdnet.com/article/windows-10-telemetry-secrets/

Every Device from Windows PC to IPhones, to smart appliances to automobiles, have implemented Telemetry on the device your using and shares the data to the manufacture. The data is then sold to data miners for data collection while the manufacturers are paid for sharing. Most telemetry is useless, which the end results in a major privacy concern since it collects data and sends to the end points for profit. Modern applications have also implemented this for diagnostics, and applications do have a data disclaimer which 99% of us do not read but blindly accept the terms of agreement.

To further conflict with privacy, there are tools and applications available to turn of telemetry but the manufacturer flag these applications as “malware” and “scares” the consumers into believing the software/applications are fake – this is not true! Telemetry data is sold to where the manufacture of the device is profited. Turning off telemetry, the entity is losing out of that profit. As mentioned at the beginning/ontop of the page, it is up to you to research and find alternatives. As consumers, who paid for the device to be used, telemetry should not be an option and therefore even on the devices we paid for, is spying.

wethegeek.com/how-to-disable-telemetry-and-data-collection-in-windows-10/

oneplus.gadgethacks.com/how-to/remove-background-telemetry-services-your-oneplus-stop-unnecessary-data-collection-0342288/

android.gadgethacks.com/how-to/5-ways-keep-google-from-collecting-data-your-android-phone-0181002/

www.kaspersky.com/blog/ios-tracking-setup-part-1/12625/

techrrival.com/top-iphone-privacy-settings/

As a user of both IPhone and Android, personal opinion is using a phone that does not connect to services at all. Smart Phones, or Smart appliances will always send data to hosting servers. Best way is to use encrypted dns and block these domains. Another alternative is using Linux. Today there is thousands of different types of Linux distributions on the internet.  Each one designed not only to be freeware and open source, but also with the user in mind. For Android based phones, there are a few Linux OS available for them. There is also pre-installed phones that can be purchased such as Pinecone or Purism. Linux is more security and privacy oriented and most of them does not have telemetry on them.

GPS Spoofing

GPS Spoofing

All Mobile device that are compatible with applications will result in location tracking for better convenience and more accurate data. This alone is what gives a smart device its intelligence. System apps ( the apps built into the core foundation ) usually will not ask for your permission on your location. The assumptions is dangerous and consumers need to be aware that if ANY applications that can track you, while using the app or always, there is always a chance that a malicious employee, coder, hacker or even Government agencies, can request the data to know your whereabouts. This leads to criminal and illegal activities that can damage your digital identity and affect your physical well being as well. Your bank accounts hacked is the number one reported hacking, the second report is stalking. If the entities knows your location, hacking into your account would be easy since most services uses your location to doxx your information.

www.techsafety.org/location-tracking

Applications such as weather, finding a lost phone, location on navigation applications are co-dependent on the tracking feature of the smart phone. Many researchers will argue that total privacy is achieved only by turning off the tracking, and not allowing the apps to your GPS location. However, This is partially true and a better newer solution is “GPS spoofing”. This beneficial security will be needed to avoid being tracked and during the Fourth Industrial Revolution, more research and tools will be available.

www.mcafee.com/blogs/internet-security/what-is-gps-spoofing/

There are downsides to fake your GPS location. Tools or applications are not widely available, and on Apple IDevices, the spoof can not be easily done without being jailbroken. Also if your dependent on accurate weather information, or the location of your ride share, you might have to turn off the spoofing – which will result in your location being exposed. Use the tools to your discretion!

play.google.com/store/apps/details?id=com.lexa.fakegps&hl=en_US&gl=US

geekflare.com/best-gps-location-changer-app/

www.lifewire.com/fake-gps-location-4165524

For Windows, Linux and Mac PC’s, a vpn is good enough protection to where your location remains hidden. In my research, telemetry and WEBRTC can easily bypass VPN and reveal your true IP and location. There is a few applications that can spoof locations however they are not tested and therefore you should proceed with caution. Best practice is to remove the option for location on your PC and do not allow applications to request your location. For additional information, including mobile devices, you can also search your location by address or zip code. This is also an effective way for the device not to reveal your location.

Most of us is ready to browse the internet as soon as we are ready but security helps give us the peace of mind in preventative attacks.

  • Extra few minutes protects against long term attacks.
  • secure your privacy and avoid being hacked.
  • You are not alone.