/bootbg/ - Break Out Of The Botnet General

>>59431080
oops, forgot to add
>What should I use instead of Google Drive/OneDrive/Dropbox?
Owncloud or Nextcloud if you want cloud storage, Syncthing if you just want to share files between devices

>>59431080
Bump

>>59431080
What about chromium?

>>59431167
Don't forget rsync or or sftp. The default raspbian install includes the latter, so anyone can burn an image to a microsd card and plug in a gard drive to set up their own file server.

>>59431641
I'm pretty sure stock Chromium still communicates with Google servers, though ungoogled-chromium should be as good as Iridium

>>59431651
Yes, excellent points. I will add those in to the next OP as well.

>>59431080
I'm planning ti buy motherboard and processor. What should I buy? I'd like to have possibility to install libreboot and disable intel ME.
This threads are very nice idea, we should make some guide for escaping botnet with all details covered.

File: Theodore_Kaczynski.jpg (139KB, 555x414px) Image search: [Google]

139KB, 555x414px

>using a computer connected to the internet

how's it feel to be part of the global communications botnet?

Just build a shed and move inna woods like the Unabomber you fucking loon

>>59431712
https://libreboot.org/docs/hcl/ should be a good start, I don't know much about libreboot though so can't help more than that

>This threads are very nice idea, we should make some guide for escaping botnet with all details covered.
Thanks, I'm glad you think so. And that's a good idea, something like:

Use these OSes
Tape up your webcam and mic/here's how you disable them
Use these browsers
Use these search engines
Use these office suites

Use these cell phones

what else?

>>59431778
This man was right about everything.

>>59431080

i have nothing to hide

>>59431778
The internet is a prerequisite for participating in a lot of aspects of society such as work, so yes even though you can't completely break out of the botnet while using it you can take steps to mitigate it.

>>59431853
As the OP says (which is just one example of a counter-argument), https://www.aclu.org/blog/you-may-have-nothing-hide-you-still-have-something-fear

>>59431787
>what else?
Possibly guides about selinux, running suspicious software in VM / chroot / docker, liberating router and mobile phone, firefox addons and about:config setup.

Are there any good VPN addons for Firefox?

>>59431712
This company is working towards security-focused Linux laptops. They have coreboot running and successfully disabled Intel ME on their 13" Laptop

https://puri.sm/

I haven't bought from them, because I bought a new computer too recently, so I can't actually speak to their quality, but I've been keeping an eye on them, and I think they look good.

>>59431930
>you can take steps to mitigate it.
The CIA can hack anything. If it has code on it, you're fucked.

>>59431965
Great suggestions. So far we got:

OS (including OS tweaks like SELinux)
Browser/browser tweaks
Search Engines
Office Suites
Running suspicious software in VM/chroot/docker

Routers/router tweaking

TVs/TV tweaking (how to stop your SmartTV from spying on you so much)

Phones/phone tweaking


>>59432037
doesn't mean you have to make it easier on them.

>>59432133
>doesn't mean you have to make it easier on them.
>implying NSA-developed software like SELinux doesn't have backdoors
>implying $randomsupersekritsearchengine matters, when all your traffic gets logged at the IX level anyway
>implying office suites matter
>implying the Linux kernel is not backdoored

Get a load of this freeturd.

>>59432037
>The CIA can hack anything. If it has code on it, you're fucked.
It was discussed for million times. Having or not having code does not affect hackingness. But if code is open, it will be audited by people who want to fix exploits, not hack. Binary will be audited only with bad intensions, so free software is more secure.
>it is hard so don't even try
You are retarded heavily if you think so

>>59432202
Nice try, bronie

>>59432206
>But if code is open, it will be audited by people who want to fix exploits
Yeah, just like "press backspace 28 times to get root" was discovered so easily... after years! lmao

>>59432206
Nice fallacy right there. "Only good people look at open source code"

Custom ROM's for Android phones, line Copperhead

>>59431697
Ungoogled won't let me install add ons like ublock. It is hard coded not to do certain Google things.

>>59431080
How about you post this, manchild:
https://libreboot.org/amd-libre/

Recently in the Libreboot project, we've been informed about the new Ryzen platforms being released and sold by AMD. They are currently taking input from the community. Here are ways you can contact AMD to tell them that you demand libre hardware:

https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_creators_of_athlon_radeon_and_other/def5h1b/
https://community.amd.com/places?filterID=all%7Eobjecttype%7Espace
https://www.amd.com/en-us/who-we-are/contact (has contact links for multiple countries)
AMD's CEO, Lisa Su, can be contacted directly via email. Tell her that you demand libre hardware: [email protected]

File: 1487417094378.png (767KB, 700x700px) Image search: [Google]

767KB, 700x700px

>>59431080
How to escape android botnet?
Is it possible to have android without botnet?
If no, what alternatives there are?

I'm gonna setup GPU passthrough so windows is not longer my main OS. Where do I go once OSs are good?

>>59432435
Install GNU operating system on your device instead. But you still have proprietary kernel modules and drivers tho.

>>59431080
firefox comes with lots of crap settings out of the box, it also uses safebrowsing (which contacts google), though this all can be turned off in about:config
I recommend icecat, which is basically ff with all this stuff turned off

>>59432593
haasn made a list of these settings, seems a bit outdated, but have a look https://gist.github.com/haasn/69e19fc2fe0e25f3cff5

>>59432424
Fair point, I will include this in the next OP.

>>59432593
That's true, I will clarify that you have to do some tweaking in the next OP. Also thanks for letting me know that about IceCat, I thought it was literally just firefox with 100% free images

Along with ublock and umatrix this toy here should also be on the list of essencial Firefox addons https://addons.mozilla.org/en-us/firefox/addon/decentraleyes/

>>59432631
guess you confused icecat with iceweasel, which is/was actually just a renamed firefox on debian doe to license issues

>>59432647
fuck off pablo

>>59431080
>Search engine
searx.me
>source code on github
>can host your own

Uselful addons for FF
uBlock Origin
Privacy badger
HTTPSEverywhere
HTTP by default
No resource URI leak
Canvas Blocker
Decentraleyes
Certificate Patrol

Things to do
Stop posting on 4chins or teh webz in general since most sites relay on Google for captchas and analytics and go back to IRC. That's where the cool kids are.

>>59431080
Hardened browser is better than a dedicated security browser

>Hosts File
>Add all google analytics shit and friends
>Add all this shit
https://github.com/StevenBlack/hosts
>Chromium with no google sync shit
>Add u matrix
>Add u block
>Add self destructing cookies equivalent

Done

>>59432692
Forgot to add, Harden Firefox by using a better config file

https://github.com/pyllyukko/user.js/

>>59432647
also this: https://addons.mozilla.org/en-Us/firefox/addon/canvasblocker/
because of this: https://browserleaks.com/canvas

SOMEONE POST THE TINFOIL HAT BINGO!
thanks

>>59432618
see >>59432723

>>59432692
searx is actually nice, beginners should be reminded to change the default engines to their likings (remove endgines they dont need), to speed up the whole thing

>>59432744
>97.56% (4318 of 176794 user agents have the same signature)

What does this mean?

What's the most up to date guide on GPU passthrough? All the ones I find involve the kernel messing with, and that's not needed anymore

>>59431080
>posting on 4chan which uses Google recaptcha and uses Google analytics
>breaking out of the botnet

inb4 use a 4chan pass
That doesn't stop Google analytics and Chinkmoot as well as PayPal have your payment information.

>>59432744
https://en.wikipedia.org/wiki/Canvas_fingerprinting
That's some evil shit.

>>59432845
>just give up guys
>follow my example
>here is my butt
>just push it in
>everyone is welcome

>>59432865
That's not what I'm saying.
I'm saying in order to start, you'd have to ditch 4chan as well.

>>59431697
Ungoogled chromium contains all the iridium patchsets, plus the debian ones, plus the inox ones, plus their own custom patchsets.

>>59432374
Read the FAQ dumbass. It explains exactly how to install extensions from the chrome webstore.

>>59432845
So because 4chan is bad when it comes to privacy we should give up our privacy for the whole world wide web?

>>59432845
I paid for my pass with anonymous bitcoins.
And I block GA with uBlock

>>59432915
>And I block GA with uBlock
lmao, google still gets your ip with the captcha, retard

File: 14646376717400.png (157KB, 942x296px) Image search: [Google]

157KB, 942x296px

>>59431080
/tread

>>59432929
I don't have a captcha, and I made sure its iframe is blocked anyway. Also I use a VPN.

>>59432938
I don't speak russian.

File: 14647136942370.png (697KB, 900x600px) Image search: [Google]

697KB, 900x600px

>>59432947
/thread

>>59432929
>implying I do all my browsing from this IP

It's a worthwhile gain to wall off what you can from Google even if you can't hide everything. Don't fall into the trap of thinking that if you can't plug every single leak in the world, then you shouldn't bother doing anything at all. That is false.

>>59432943
proxies are against the rules anon

>>59432966
Not if you have a pass. You get an exception from that rule.

>>59432995
use tor.

I don't know, most of the methods in this thread shield you primarily from advertising companies. If that's the goal, go right ahead.

Should you be *directly* be targeted by a state sponsored actor, you're pretty much fucked unless you turn to the most extreme methods (such as dropping off the grid entirely), using stolen identities etc.

I'm already pretty extremist when it comes to my personal data, I do not exist to google or any social network. There are no pictures of myself (as far as I am able to tell) on the web either.
But that's mostly due to not even once using my real name on the web, with all it's drawbacks.

>>59433336
>>Should you be *directly* be targeted by a state sponsored actor, you're pretty much fucked
Well its also the case that targeted surveillance is more difficult and expensive for three-letter agencies by orders of magnitude. That makes defending yourself and others against easy, cheap, dragnet mass-surveillance a worthwhile endeavor. And a lot of what you need to do to do that is the kind of stuff you want to do to defend against ad companies anyway.

>>59431853
Then leave the thread

>>59431080
How is iridium safe? I thought not even chromium is debotneted.

The sticky has everything you need

>>59433570
Ungoogled chromium contains the iridium patches so use it instead see >>59432893

Anyway, its safer because it removes all known telemetry and tracking methods currently integrated into chromium. It applies patches to skip over that code and make the browser believe it was successful in uploading the information.

The Protonmail app doesn't send notifications without Google Services on your phone, but you can read and send mail, FYI.

Not gnu/linux but rather any OSS OS.

>>59432435
Linage os, replicant

It cant be done you dumb nigger, Intel ME and AMD PSP have put the botnet into the hardware layer, any pc past 2006 ish is hardcucked.

>>59435126
It can be completely disabled in some PCs up to about 2009, and badly crippled in one or two newer i-series chipsets.

So, not all computers, but it is pretty bleak.

The only thing I need help doing to break out of the bother is convincing my friends to use apps like telegram or signal instead of Hangouts.

>>59432037
If the CIA cares enough to be looking into your activities then yes, you're fucked. If they're not then all you're really preventing is megacorps from having your information.

>>59435126
>>59435538
Not getting your shit tracked is worthwhile even if you're not worried about the CIA. Stuff gets hacked sometimes. How do you know some Russian douchebag isn't going to hack Google and leak your shit to the public?

>>59436091
Like anyone cares that you jerk it to cartoon dogs fucking lolis

>>59431080
Modern firefox is literally turbobotnet. Meanwhile palemoon explicitly removes botnet features from firefox on top of hardening it and responding to firefox CVEs much faster than mozilla does (by months!).

Additionally, you should use firejail to isolate everything. This prevents the botnet from knowing specifics about your environment (though of course your hardware can still clue the botnet in).

>>59431080
I'm currently using Tor for everything except /g/ and I have Debian. Have I escaped?

>>59432692
Add LibreJS and html5 everywhere.

>>59437181
No because both tor and debian are botnet.

>>59437371
Source? Tor is listed in the leaked NSA documents (Snowden) and the New CIA documents (Vault 7) as a "Catastrophic threat" and debian has been audited a bunch of times.

>>59437570
>debian
>audited
HAHAHHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHHAHAHAA MY FUCKING SIDES!

>>59431787
Use coreboot. Libreboot is sjw

>>59437570
Tor exit nodes aren't safe. Tor browsing of clearnet is pointless. Tor browsing onions is fine as long as you stay out of 14eyes.

Safer to use a vps in Switzerland and ssh tunnel.

OS Alpine Linux
Devuan
Slackware
Freebsd
Openbsd

>>59438193
freebsd and openbsd (openbsd: by design, freebsd: by incompetence) are hypercompromised. Install Hardened Gentoo.

Ungoogled chromium with
Ublock origin
Https everywhere or kb ssl enforcer
Disable Java by default

There's some good roms for android getting around. Nano rom for s6 is one of the best with microg

S4 and s5 have a balance between hardware and community support.

>>59435296
Conversations on self hosted xmpp is the current champion of im

>>59435126
Still need the firmware to communicate with the hardware backdoor. If you're packet sniffing, software and hardware firewall, ip tables are strong and your system is encrypted to stop cia niggers then you're good

>>59438193
nigger do you even have any idea how tor works?
it doesn't matter if the exit node isn't save, because you're still behind 9001 proxies

tor is save, all the "hacks" and "compromize" meme crap is related to other stuff that may expose identity like running flash or javascript when using tor

>>59438085
>coreboot
this is a thread against botnet, not pro-botnet

>>59438302
Just let the exit node see everything you're doing, right. You're a joke. That's why they say don't log on to your Facebook through tor. Tor is only useful for the 'deep web' onion sites.

>>59435126
>using post 2006 hardware
your problem

>>59438323
Explain. Libreboot is deranged, the devs are out of touch with reality. Coreboot doesn't have backdoors or work for government entities

>>59438334
>everything
yeah right, like the 2-3 things til the next exit node cycle, you have no idea

>>59438355
It is a vulnerability. Tor nodes work through proximity too so it can be exploited

>>59431080
>Break Out Of The Botnet General
Pretty easy. Don't use proprietary software.

>>59431080
chromebook = usb encryption "tokens" with private/public key exchange + read-only frimware (physical screw)

also Windows 10 if u create secure domain for it

aslo Linux had one of the largest botnet few years back, cuz nobody suspected it would have any

>>59438428
>>>/b/

>>59438428
I laugh in your general direction

>>59435296
I had a similar issue trying to get my friends off of Facebook. I was able to convince them by showing them how shit messenger was feature wise compared to telegram. Not sure if Hangouts is any good in that respect tho

How do I purchase online without being tracked? What are some good online markets that take Bitcoin? I'm also too pleb to use anything other than coinbase, how do I get anonymous Bitcoin?

>>59438606
Hardware wallet or local wallet. Trade your btc for eth or monero

>>59432832
Bump

>>59431080
>What search engine should I use instead of Google?
>Startpage

How does everyone feel about DuckDuckGo?

>>59438772
its founder ran an eerily botnet-adjacent site prior to founding DDG and its servers are supposedly owned by Amazon, along with some other things so some people are leery of it. I'd recommend on top of startpage either ixquick or searx

>>59438350
It has binary blobs, and it supports the Intel ME.

>>59438606
An easy way to avoid your debit/credit card being tracked is just buying prepaid debit cards at your bank and buying stuff online with those. My dad does this for all his online shopping.

>>59438396
They can see what your doing but they don't know who you are. So don't log into clearnet shit and your good.

>>59432832
Someone answer please

>>59440959
They're all shit and wrong. Don't use -multifunction, it's irrelevant. Don't use -vga, it's for bios-mode passthrough. Use vfio. Don't add anything vfio-related to the kernel, you don't need to. Enable IOMMU, blacklist your driver, load vfio and you're good to go.

>>59432744
whats best free opensource iridium extension to stop canvasing

>>59439842
localbitcoin.com is good for anon bitcoin.

[page 10 bump]

Tried and failed to dual boot Arch last night. Managed to get a bootloader going but as soon as it launched Arch some error happened and unreadable text happened.

Guess I'm trying again tonight.

Look into setting up a pi-hole and have it go through dnscrypt, make sure if you're using DHCP at home that it gives out your pi-hole server as DNS; block DNS outbound from every IP other than your pi-hole.
Use that to also apply any other hosts lists you might want blocked.
If you use wireless networking, reduce the power on it to try and contain it within the area you require it in.
Doesn't actually help a great deal against someone very persistent, but it's something.

If you're up for it, look into installing and configuring OSSEC on anything that can take it - set up alerts for when relevant files change at all.

Get rid of your shitty consumer router if you still have one.

privacytools.io

>>59445916
https://archive.fo/1N5IL
What's going on with this invaluable site lately?

>>59431167
Is there a way to set up owncloud or Nextcloud on Windows 8?

I stay on windows 8 simply because I game and I don't want to change OS's until I upgrade next, where I'll be setting it up with some variant of linux because fuck 10.

>>59432893
>>59434013
does it get security updates in a timely fashion? github says it hasn't been updated since january 22

>>59441195
Wait does that mean I can't use VGA as a connector for my monitor?

>>59447273
Check the develop branch. Its actively being worked on.

A new version is taking longer this time because buildlib is being deprecated in favor of a new build system.

By far my favorite general
OMEMO / OTR (Pref. OMEMO) for IM on xmpp. Support includes ChatSecure for iOS, Conversations for Android, Gajim for desktop (pidgin supports OTR).

Signal for voice and SMS

Wire or Matrix for voIP / visual.

PGP for email

GnuPG / Veracrypt for general encryption (There's a GNU/Linux competitor but I don't use it- help me out).

I will be posting a list of OS's for security, privacy, and anonymity in a little while xoxo

File: STOP.jpg (19KB, 307x202px) Image search: [Google]

19KB, 307x202px

>>59432962
>>59432938
Are you mentally challenged?

>>59449966
Great contributions anon, glad you like the new general.

>>I have a AMD Radeon graphics card which may be not supported by Ubuntu 16.04.
What should I do? Will upgrading to Ubuntu 16.10 or downgrading to 14.04 solve the issue? If yes, will it work as good as the graphics card works on Windows? Also will have to configure my computer or will the system work perfectly after upgrading or downgrading?

Am I damaging my computer by not using a OS supporting the graphics card?
Also my laptop takes like ~50 seconds to boot? Is that because of the incompatible graphics card?

File: mempo-system-layers.png (286KB, 987x946px) Image search: [Google]

286KB, 987x946px

>>59449966
>>59449966

CopperheadOS is a hardened free and open-source operating system based on the Android mobile platform (limited to Nexus).

SELinux precaution: The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA). -NSA relation warned earlier in this thread by other anon.

Hardened Gentoo - ProPolice (buffer overflow protection) protected executable base, Uses same package tree as Gentoo, executable space handled by PaX (application privilege manager).

Mempo - see pic related

Qubes OS - Security by isolation. Qubes utilizes the xen hypervisor for grouping programs into a number of isolated virtual machines. Their network connection can be routed through other special virtual machines (i.e. a possible machine running tor).

Subgraph OS - Aims to minimize attack surface and utilizes deterministic compilation. Subgraph OS features a kernel hardened with the Grsecurity and PaX patchset, Linux namespaces, and Xpra for application containment, mandatory file system encryption using LUKS, resistance to cold boot attacks, and is configured by default to isolate network communications for installed applications to independent circuits on the Tor anonymity network.

TAILS OS - Amnesic live boot (medium being usb or {recommended} CD) that routes all traffic through tor. First world users also strongly recommended to use outside of home connection (as for any of these ...).

Tin Hat - Hardened Gentoo that lives in your RAM.

Whonix - https://www.whonix.org/ Use whonix with an everyday use VPN (to hide suspicion) and tor guards and it becomes a SOLID system.

IprediaOS - All connections routed through I2P. Focused, but not limited to, bittorrent use. A bit out dated.

Security onion - Ubuntu based network intrusion detection OS jam packed with tools. Next, next, next, finish type installation.

Liberte Linux - gentoo based live CD abandoned back in 2012.

are there any arm v8 chips that are ready for a linux desktop? Maybe that could be a viable workround for the intel ME issue some day.

>>59438299
I guess that is a good point, has anyone discovered evidence of fuckery at the hardware level by doing said packet sniffing?

>>59450983
>>59449966
I would like to propose an idea that applies peer pressure. For waaay too long privacy and security enthusiasts have given in to peer pressure of use of messenger of skype, just because the crowd uses it. Next time you all are invited to a group chat, decline and offer wire.com , the worse that can happen is a no.
Contact me @ [email protected] (over the xmp protocol- NOT EMAIL!)
Hopefully that forces someone into OTR/OMEMO, possibly causing a future influence :^)

>>59451167
given into peer pressure through the use of facebook messenger and skype**