Discussions
Preserving meats with salt
9
3

@Mike Juliett Kilo, Browser Extensions I’m with you on browser extensions. I severely limit how many I have (eg., HTTPS Everywhere, uBlock, PrivacyBadger, ABP [AdBlockPlus], and NoScript). Yes, many extensions to gather data and contact their “mothership”, but many extensions that respect user security and privacy provide options no turn off the “phone hom”. Trust is a fragile thing and once it’s been abused, it’s hard to ever regain. And, just as the aforementioned extensions are more or less worthy of some level of trust, it’s always important to keep an eye on any changes the developer may push out. Definitely keep browser extensions updated as they (more often than not) fix issues and vulnerabilities. VPNs This is another tough topic. Conceptually, it’s easy, you pay for a service, they protect you. Unfortunately, there are a lot of VPN services out there that have shitty encryption, that have bandwidth issues, or that utilize their own platform for advertising. TorrentFreak does an annual review of the best VPNs entitled, Which VPN Providers Really Take Anonymity Seriously in 2020? (https://torrentfreak.com/best-vpn-anonymous-no-logging/) TorrentFreak’s annual list, along with EFF’s Surveillance Self Defense, as well as Privacytool’s and Prism⚡️Break’s (https://prism-break.org/en/) lists of service providers should give the those looking into purchasing VPN services a solid foundation. What’s your favorite color? Just a reminder, you don’t have to be truthful or provide any real information when setting up accounts with required fields -or- in response to challenge questions. Instead of answering “What’s your favorite color?” with red, use the opportunity to generate a password in your password manager. Use the password manager for everything you can, even rotating your router access. /etc/hosts For those of us dead set on keeping ad networks (read spy platforms that you can’t opt-out of) at bay, you can edit your device’s hosts file to block or redirect that traffic. It’s a pretty in-depth topic, so I’ll spare everyone reading a treatise on how to do this. There are plenty of resources out there with great write-ups. Besides, my comments are long enough anyway.

@Ef, Agreed. Google Drive does a fine enough job. Its ubiquity and services are great for collaboration. [turns to the rest of the class and tips tinfoil hat] Cloud Alternatives Some preppers may not be comfortable using businesses and services that were/are complicit in mass surveillance. The fact is, many users’ sense of trust in companies like Google, Microsoft, Yahoo!, et al. was obliterated back in 2013, when PRISM and other surveillance programs were leaked to the public by one Edward Snowden. In the wake of these revelations, many a company and community have stepped up to the help provide an opportunity for users to better protect themselves, their interests, and to fortify their personal security/privacy. (Side note for anyone wondering: I write “security/privacy” because security enables privacy and they are intimately intertwined concepts). I mention all this because (a) there’s probably someone reading this thread and thinking, “Ooh. Google… No thanks!”; and (b) there are many open source/foss/floss communities out there that actively seek to help users keep their data in users’ own hands. Projects and products like ownCloud (https://owncloud.org/) and Nextcloud (https://nextcloud.com/) are options for those that do not trust Google, Amazon, etc. I’ve been watching these two for a number of years and have been really impressed with how far they’ve come in their development. Cloud/Web of Trust Here’s another interesting option. If you and someone you know (and trust!) have a product like a Synology NAS (https://www.synology.com/en-us/products/series/home), you can be each other’s cloud backup. Once my budget enables me to do so, this will be something I implement with a trusted family member.

I think this is a great question. I don’t know that this will necessarily work for you, but I’ll throw it out in case it worked/would work for others. Results may vary. I’ve found that our current pandemic has readily brought conversations about preparedness out of the darkness when it comes to talking with family, friends, neighbors, and even some former coworkers. For some, having this kind of conversation was easy. Five minutes into talking and we’re in agreement about a lot of things. For others, it’s a longer conversation -one that takes place over time, but usually starts with, “How are you doing?” then moves into a genuine, “Got everything you need?” or “Do you need anything?” (by way of “Hey, I’m headed to the store to pick up some stuff”) Sometimes, the conversation reveals an opportunity to probe a bit deeper, so, questions like “So, have your heard…?” and “What do you think about that?” are easier to raise. For me, it’s all about approach; and my personal approach is always centered around being genuine, mindful, and coming from a place of concern and cooperation. I find that this approach not only allows me to determine their level of self reliance, their resilience, their ability to adapt, but it also affords me an opportunity to better understand their socio-political standing while just coming across as being neighborly or a thoughtful, non-threatening, nice guy. Once I have all the info I need, I can decide whether or not to continue engaging with them and, eventually, inviting them into my bubble. In some cases, I’ve never even bothered to have that first conversation because I know exactly where that person stands and have already determined they’d be a liability instead of an asset. While you’re reading replies to your very good question, I’d like to offer (in case you aren’t already familiar with the concept) to start reading about “threat modeling” (https://en.wikipedia.org/wiki/Threat_model). from Wikipedia: “Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.” Conceptually, most people incorporate some form of threat modeling in their daily life and don’t even realize it. Commuters use threat modeling to consider what might go wrong during the morning drive to work and to take preemptive action to avoid possible accidents. Children engage in threat modeling when determining the best path toward an intended goal while avoiding the playground bully. In a more formal sense, threat modeling has been used to prioritize military defensive preparations since antiquity.” Although the linked article centers around IT and technology, consider how the concept of modeling can be integrated into your search for growing a prep team. Ask yourself, “What do I want and what do I need from a team member?”, “What are ways that I can safeguard myself in the event that I’ve mistrusted someone?”, etc.  

@Rich, thanks for elaborating. And, at the risk of looping feedback, here comes my next volley… I’m totally digging your virgin (never SIM connected) tablet idea(s). RE: OSM. Yes! I completely overlooked mentioning OSM’s device-specific apps (OsmAnd on Android) and $whateverelse for iOS. So, do that, people. 😉 [Thanks, Rich.] RE: Tor. Correct, ISPs can see you’re using Tor (if you’re barebacking the interwebs — that is, sans VPN or connecting directly via your home network). And while I’m here, I want to take quick sec to emphasize something to those not familiar: Utilizing Tor isn’t illegal. There’s a lot of FUD (fear, uncertainty, and doubt) sown around out there and you’re going to get the clearest info about Tor from Tor’s project page. With regard to Tor use being observed (by ISPs): as the saying goes, “Attribution is hard”. To wit, just because someone uses Tor isn’t, in itself, evidence of illegal or nefarious activity. And you’re right, the more people use it for mundane purposes, the better (as it were). To the outside observer, the situation changes from searching for a needle in a haystack of finding a specific needle in a needle stack. On the other hand, Tor is especially critical for journalists and dissidents who might otherwise face targeting, so, the argument could be made that the rest of us looking for mundane things (or nefarious things) could be contributing to inaccessibility for those that truly need it. IOW, use Tor for comms and internet to bolster OPSEC. Want porn? There’s the clear net for that. Another means of controlling data flow and bolstering OPSEC is to restrict app access to the internet by way of firewall (eg, that Gallery app/Survival Manual app doesn’t need to connect to cell, wifi, or bluetooth, so lock it up) and ad blocking. On mobile devices, these are achieved by rooting the device. There are, as with most things in life, tradeoffs to rooting. XDA-Developers is my goto source for this kind of info. I won’t link it here simply because those that are going to commit to it, will search it out. Be well. Be safe. Be healthy.


Load more...
Preserving meats with salt
9
3
Mental health preps
10
15

@Mike Juliett Kilo, Browser Extensions I’m with you on browser extensions. I severely limit how many I have (eg., HTTPS Everywhere, uBlock, PrivacyBadger, ABP [AdBlockPlus], and NoScript). Yes, many extensions to gather data and contact their “mothership”, but many extensions that respect user security and privacy provide options no turn off the “phone hom”. Trust is a fragile thing and once it’s been abused, it’s hard to ever regain. And, just as the aforementioned extensions are more or less worthy of some level of trust, it’s always important to keep an eye on any changes the developer may push out. Definitely keep browser extensions updated as they (more often than not) fix issues and vulnerabilities. VPNs This is another tough topic. Conceptually, it’s easy, you pay for a service, they protect you. Unfortunately, there are a lot of VPN services out there that have shitty encryption, that have bandwidth issues, or that utilize their own platform for advertising. TorrentFreak does an annual review of the best VPNs entitled, Which VPN Providers Really Take Anonymity Seriously in 2020? (https://torrentfreak.com/best-vpn-anonymous-no-logging/) TorrentFreak’s annual list, along with EFF’s Surveillance Self Defense, as well as Privacytool’s and Prism⚡️Break’s (https://prism-break.org/en/) lists of service providers should give the those looking into purchasing VPN services a solid foundation. What’s your favorite color? Just a reminder, you don’t have to be truthful or provide any real information when setting up accounts with required fields -or- in response to challenge questions. Instead of answering “What’s your favorite color?” with red, use the opportunity to generate a password in your password manager. Use the password manager for everything you can, even rotating your router access. /etc/hosts For those of us dead set on keeping ad networks (read spy platforms that you can’t opt-out of) at bay, you can edit your device’s hosts file to block or redirect that traffic. It’s a pretty in-depth topic, so I’ll spare everyone reading a treatise on how to do this. There are plenty of resources out there with great write-ups. Besides, my comments are long enough anyway.

@Ef, Agreed. Google Drive does a fine enough job. Its ubiquity and services are great for collaboration. [turns to the rest of the class and tips tinfoil hat] Cloud Alternatives Some preppers may not be comfortable using businesses and services that were/are complicit in mass surveillance. The fact is, many users’ sense of trust in companies like Google, Microsoft, Yahoo!, et al. was obliterated back in 2013, when PRISM and other surveillance programs were leaked to the public by one Edward Snowden. In the wake of these revelations, many a company and community have stepped up to the help provide an opportunity for users to better protect themselves, their interests, and to fortify their personal security/privacy. (Side note for anyone wondering: I write “security/privacy” because security enables privacy and they are intimately intertwined concepts). I mention all this because (a) there’s probably someone reading this thread and thinking, “Ooh. Google… No thanks!”; and (b) there are many open source/foss/floss communities out there that actively seek to help users keep their data in users’ own hands. Projects and products like ownCloud (https://owncloud.org/) and Nextcloud (https://nextcloud.com/) are options for those that do not trust Google, Amazon, etc. I’ve been watching these two for a number of years and have been really impressed with how far they’ve come in their development. Cloud/Web of Trust Here’s another interesting option. If you and someone you know (and trust!) have a product like a Synology NAS (https://www.synology.com/en-us/products/series/home), you can be each other’s cloud backup. Once my budget enables me to do so, this will be something I implement with a trusted family member.

I think this is a great question. I don’t know that this will necessarily work for you, but I’ll throw it out in case it worked/would work for others. Results may vary. I’ve found that our current pandemic has readily brought conversations about preparedness out of the darkness when it comes to talking with family, friends, neighbors, and even some former coworkers. For some, having this kind of conversation was easy. Five minutes into talking and we’re in agreement about a lot of things. For others, it’s a longer conversation -one that takes place over time, but usually starts with, “How are you doing?” then moves into a genuine, “Got everything you need?” or “Do you need anything?” (by way of “Hey, I’m headed to the store to pick up some stuff”) Sometimes, the conversation reveals an opportunity to probe a bit deeper, so, questions like “So, have your heard…?” and “What do you think about that?” are easier to raise. For me, it’s all about approach; and my personal approach is always centered around being genuine, mindful, and coming from a place of concern and cooperation. I find that this approach not only allows me to determine their level of self reliance, their resilience, their ability to adapt, but it also affords me an opportunity to better understand their socio-political standing while just coming across as being neighborly or a thoughtful, non-threatening, nice guy. Once I have all the info I need, I can decide whether or not to continue engaging with them and, eventually, inviting them into my bubble. In some cases, I’ve never even bothered to have that first conversation because I know exactly where that person stands and have already determined they’d be a liability instead of an asset. While you’re reading replies to your very good question, I’d like to offer (in case you aren’t already familiar with the concept) to start reading about “threat modeling” (https://en.wikipedia.org/wiki/Threat_model). from Wikipedia: “Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like “Where am I most vulnerable to attack?”, “What are the most relevant threats?”, and “What do I need to do to safeguard against these threats?”.” Conceptually, most people incorporate some form of threat modeling in their daily life and don’t even realize it. Commuters use threat modeling to consider what might go wrong during the morning drive to work and to take preemptive action to avoid possible accidents. Children engage in threat modeling when determining the best path toward an intended goal while avoiding the playground bully. In a more formal sense, threat modeling has been used to prioritize military defensive preparations since antiquity.” Although the linked article centers around IT and technology, consider how the concept of modeling can be integrated into your search for growing a prep team. Ask yourself, “What do I want and what do I need from a team member?”, “What are ways that I can safeguard myself in the event that I’ve mistrusted someone?”, etc.  

@Rich, thanks for elaborating. And, at the risk of looping feedback, here comes my next volley… I’m totally digging your virgin (never SIM connected) tablet idea(s). RE: OSM. Yes! I completely overlooked mentioning OSM’s device-specific apps (OsmAnd on Android) and $whateverelse for iOS. So, do that, people. 😉 [Thanks, Rich.] RE: Tor. Correct, ISPs can see you’re using Tor (if you’re barebacking the interwebs — that is, sans VPN or connecting directly via your home network). And while I’m here, I want to take quick sec to emphasize something to those not familiar: Utilizing Tor isn’t illegal. There’s a lot of FUD (fear, uncertainty, and doubt) sown around out there and you’re going to get the clearest info about Tor from Tor’s project page. With regard to Tor use being observed (by ISPs): as the saying goes, “Attribution is hard”. To wit, just because someone uses Tor isn’t, in itself, evidence of illegal or nefarious activity. And you’re right, the more people use it for mundane purposes, the better (as it were). To the outside observer, the situation changes from searching for a needle in a haystack of finding a specific needle in a needle stack. On the other hand, Tor is especially critical for journalists and dissidents who might otherwise face targeting, so, the argument could be made that the rest of us looking for mundane things (or nefarious things) could be contributing to inaccessibility for those that truly need it. IOW, use Tor for comms and internet to bolster OPSEC. Want porn? There’s the clear net for that. Another means of controlling data flow and bolstering OPSEC is to restrict app access to the internet by way of firewall (eg, that Gallery app/Survival Manual app doesn’t need to connect to cell, wifi, or bluetooth, so lock it up) and ad blocking. On mobile devices, these are achieved by rooting the device. There are, as with most things in life, tradeoffs to rooting. XDA-Developers is my goto source for this kind of info. I won’t link it here simply because those that are going to commit to it, will search it out. Be well. Be safe. Be healthy.

@Rich, I’m with you on a lot of your comments. I have a few additional thoughts, some of which overlap with yours. An older cellphone/mobile can definitely be a valuable asset. For starters, it’s decent for storing backups of documents, equipment manuals, schematics, accessing offline maps, and other reference materials. Just make sure the device is encrypted. Although there’s no active SIM in my GO device -and because operating silently (or as quietly as possible) is a priority- I keep the battery pulled until it’s needed. When it’s booted and operational, it’s in airplane mode. I also do periodic battery checks and power top-offs, as well as app updates, just to keep things ready. – If the grid is up and you’re in a bad way, you can still utilize 911, even without a SIM -if that fits your use-case. – Since most modern cellphones have their own GPS capability, having access to offline maps can help keep you below the radar, too. Check out OSM OpenStreetMap (https://www.openstreetmap.org/) which supports offline navigation. – I’ve created a number of personalized maps for offline use. These include things like asset locations, hospitals, medical supplies, manually created paths, etc. Once created, export your map to .KML format and import it into OSM OpenStreetMap (offline maps). As you create POIs (points of interest), consider using language only you will understand. I made a map of “quiet, peaceful places” that included things like “Mom’s house”, “$friend’s place”, “the bike path we rode when I proposed” -which, of course, have a totally different meaning for me. Although this is merely obfuscation, it draws less attention than “BUG OUT HERE” or “WEAPONS CACHE HERE”. – Consider Tor as another tool for your toolbox. (https://www.torproject.org/). While it doesn’t guarantee absolute anonymity, it does bolster your ability to not be surveilled when your laptop or mobile are online. – Always use a password manager. I highly recommend Password Safe (https://pwsafe.org/) – Use Signal for end-to-end encrypted text and messaging. (https://signal.org) Moxie Marlinspike and team have created something amazing (their double-ratchet schema is mind-boggling and clever), plus its code has reviewed and lauded by many well-known, top-of-their-game cryptographers. RE: Unlocking devices for police/authorities. EFF (Electronic Frontier Foundation), a legal action advocacy organization centered on privacy and security rights, has an excellent series of write-ups entitled “Know Your Rights”. It explains your rights when the police want search your device and what you can/can’t do, etc. There’s also an explainer for border crossings. (https://www.eff.org/issues/know-your-rights) While I’m here, I’d like to share that reliable digital security consists of 3 things: Something you are, something you have, and something you own. These are the “holy trinity” of modern device security. Something you are: fingerprint, faceprint, iris Something you have: Yubikey, 2FA, dongle Something you know: password/passcode/passphrase KILLSWITCHES Killswitches are a viable option for the security/privacy conscious. Some devices have software or hardware killswitches. These vary in implementation. SOFTWARE KiLLSWITCHES Some (eg, Garmin smartwatches) have a sw killswitch that, when enabled, wipes the device. Other devices, such as my current mobile (https://www.oneplus.com/) has a software option to “Lockdown” the device. Once initiated, face and fingerprint recognition do not work and the decryption password must be entered to access the device. Pretty handy because you cannot legally be forced to reveal your passcode (something you know) to authorities whereas authorities and bad actors holding your mobile to your face or fingerprint get immediate access. (And, yes, before someone comments, I’m familiar with the possibility of “rubber hose password cracking” method – physical violence, torture), but the idea should work reasonably well for many situations. HARDWARE KILLSWITCHES Other devices, such as those made by Purism (https://puri.sm/) have physical hardware killswitches to cut power and disable radios like wifi, bluetooth, or SD card access. This has been a boon for the security and privacy conscious. Their laptops are impressive yet expensive and they’re in the process of developing a mobile with the physical hw killswitches. FOR THE TRULY SECURITY CONSCIOUS/PARANOID: PrivacyTools (https://www.privacytools.io) providers, browsers, software, operating systems, & services. EFF’s Surveillance Self Defence (https://ssd.eff.org) 7 steps to digital security, security modeling/planning, attending protests, defending against social networks, strong passwords, Tor (https://www.torproject.org/) defend against tracking & surveillance. Circumvent censorship. Tails (https://tails.boum.org/) is a portable operating system to avoid censorship. Look into Tripwire.

Seems like you’re making progress (on all fronts) to ticking another box on your list. Congrats! If it’s any consolation, at least you’re not in NY. New York requires 4 (or was it 5?) references, fingerprinting, $50 background, and a 4 month lead time. So there’s that, fwiw. I’m not really surprised by the backlog. I think the pandemic, protests, riots, and not-so-subtle threats everyone has lobbing across political lines has made people very tense. It doesn’t help that people have been holed-up and feeling uncertain and un- (or under-) prepared. I think it’s been an inevitability that there would be a surge. Never mind and election coming up in November. At the risk of toeing the line for these forums (mods, please let me know. I don’t think I’m crossing), I’d like to throw by hat back into the conversation when it comes to 2A in response to Frank: When I think of the Second Amendment (2A), I can’t help but think about how its purpose is often misunderstood and misinterpreted because of our modern perspective. Now, there’s a caveat in here, so, please hear me out. (In other words, don’t jump the gun. Yes, pun intended.) Amendment II A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. When I read the 2A, I realize its role in the securing and formation of the US. It’s also important to consider the context of what was happening at the time the Founders began framing the Constitution, specifically the 2A (because that’s what we’re discussing at the moment). What was happening? Short version: the British were a hostile, occupying force hell-bent on keeping what would later become the United States under the rule of the monarchy (King George). When the Founders began framing the Constitution, specifically the 2A, they acknowledged that they needed a way to defend a fledgling nation from hostile forces like the British. And because we didn’t have a formal military at the time, they needed a way- a militia, to defend this new republic from British tyranny (or other hostile entities) attempting to lay claim to the colonies at the time. That was then, this is now. Nowadays, and many will knee-jerk at citing historical context or bristle at the idea of, “Well, we have a well-established militia now -it’s called The Army, The Navy, The Marines, and The Air Force”. And if one would grant this as true, [rhetorical:] does that negate that the ownership of firearms by you, me, and millions of others? That’s the paradox of looking at the 2A. In its historical context (a country with no way to defend itself but the colonists living here and working its lands), we needed to bear arms because of the British occupation; and now, we are a sovereign nation with a means of defending itself (all branches of the US military). Does the 2A even apply? None of this is to say or suggest that we shouldn’t prepare ourselves, purchase arms, etc. However, when we modern Americans lay claim to our 2A, we also bear the responsibility of understanding its original context (even if we struggle with interpreting the Founder’s long-term intent, from the modern interpretation); and, by abiding by the requirements for responsible gun ownership. Anyone that knows me in meat space (real life), knows that I’m fond of saying, “There will always be tradeoffs”. It’s just a fact of life. Yes, Frank, background checks are a hassle but one could argue that it’s a necessary tradeoff in order to prevent convicted felons, criminals, etc. from [legally] accessing firearms. Bluntly, neither the police nor owner of the gun store you’re looking to purchase from know if you have a violent, criminal history. -And YES, convicted felons could (and do!) have an easier time of getting a firearms by illegal means (read blackmarket). The difference is legitimacy, legal ownership that is in alignment with the 2A, no matter how we interpret it. At the end of the day, if you have a firearm in your possession (or will soon have one), your right hasn’t been denied -even if it meant that you had to have a background check first, wait for clearance, or wait for your local gun store to restock.


Load more...