Thread

Today, after a long discussion about best OpSec practices I thought it will be nice to share with the Nostr community, and read what others have to say about it, There are many here in #Nostr that are #privacy advocates and believe they know enough, they use what they believe is a secure OpSec: 1. No corporate social networks, that includes LinkedIn or not sufficient decentralized ones (whatever that means for them). 2. No Messenger Chat app that requires a mobile phone number. 3. Linux of course; so they say; although the majority keep using iOS or Microsoft as their default OS... (I am guessing of course, but I am quite positive it is a good guess ... ). 4. A Pixel 7 or higher rooted with the right OS. 5. A VPN, one of the few that do not log (so they say) and you can pay cash or LN BTC or XMR. Most do this wrong BTW... 6. The right Private DNS, never a corporate one... 7. A private email address, so most will use Proton or Tuta... Odd how there are only few options with no KYC, if it is a niche, the fact that there are no more options is suspect, two companies only... they become a honeypot. 8. They use FOSS as much as possible for all their work and location apps. 9. GPS OFF as a norm. OpSec matters here, most people do this wrong. 10. A nonKYC eSIM with only data, few providers, silentlink being one of the favorites. 11. A powerful router with firewall and Pihole or adguard, plus built in support for VPN (most do this wrong) 12. Self hosted cloud, no commercial cloud never (most don't do this, they rely on the usual privacy oriented, the ones very well known, there are about 3...) Are you paying attention? 13. Their own BTC Node 14. A privacy oriented browser, there are not that many, Mullvad Browser, hardened with extension Firefox (requires work), hardened with extensions Brave. Most use the same extensions, for they are the recommend ones, Have you wondered why they are not built in already in the browsers? 14 Tor Browser for research, specially those that are devs or white hats... (no black or grey hats here, right...) 16. Keeping all your software and OS for all devices up to date, which is recurrent workload, failing to do that could lead to exploits and exposure to cybercrime. And more, but this is a simple summary. Now the best part: All of the above, makes you, in a way, a target, for your digital footprint is of a minority, easy to identify, you are decently informed and therefore you follow the same rules and use the same tools as the rest of a small tribe, a very distinct one, not that hard to identify with the right tools that constantly analyze metadata. Is there a better way? In my opinion, yes. 1. If you keep your current OpSec, study and do it right, most do it wrong and generally due to lack of discipline and endurance of the annoyance of cyber security, which is very inconvenient, end up being not only known targets but vulnerable high end targets. 2. To be part of the large noise made by the clueless normies is the optimal play but that is an OpSec very few will have the discipline, time and knowledge to do correctly. Won't discuss the know how here. Hire a #cybersecurity expert if you want this and don't know how is done. What are your thoughts? #asknostr