Encrypted Chatrooms & VoIP Applications

Encrypted chatrooms and VoIP services, such as like WhatsApp and Telegram, are not only great for business communications, but they critically important for human rights defenders and political activists fighting around the world – especially in at risk or oppressive countries. It is important to understand that even if you are living in a country which has banned Tor, VPN’s or applications such as Telegram, and you are afraid to use/install those programs out of fear of persecution, encrypted chatrooms can be equally as easy to use and remain 100% legal to boot.

For example, even in countries like Egypt, Iran, Pakistan – et cetera – which have either outright or periodically banned VoIP services such as Telegram and Viber, other chatroom-based services like Chatbox or Slack are still free and legal to own, and can be used to protect private communications all the same. In fact, political activists in countries such as Ethiopia and Egypt are known to have used encrypted chat services to safely coordinate communications, rallies and protests in times of great civil unrest, such as during the Oromo protests and Rabba Massacre. I know this because I was there on the front-lines helping to set up their accounts.

It’s usually free to sign up for these services, and all you need is a verified email address or phone number to login. Then, once enrolled, you can encrypt your chatroom by setting up a custom name/URL for it and requiring password authentication for entry. This assures that only the people you give the URL address to will be able to find it, and only those who know the password to it will be able to enter. Additionally, once set up, you can even set up individual channels within the chatroom itself for a duel level of security/encryption. This includes setting custom rules for different channels, such as requiring Administrator approval for access. This assures that if even someone is able to brute-force their way into your chatroom itself, there are still protocols in place to protect individual communications and information within the chatroom itself.

Additionally, especially if you are doing activism or human rights work, or feel that your life/security could be in danger for the work you do, it is always recommended to never use your real life identity or personal email accounts to set up an encrypted chatroom or channel. Instead, you should always create an online alias and use it to register a new account within an encrypted email service provider, such as ProtonMail or Tutanota. Obviously, this advice need not apply for those of you who are using these services for business purposes. Lastly, some chatroom services actually offer built in video chats, allowing for a third means to make secure voice connections outside of standard phone calls or VoIP services.

For more information on how to keep a safe, private and Anonymous identity online, please read the following tutorial: https://anonhq.com/anonymous-security-guide-2-0/

For more information on different encrypted email service providers and how you can make the switch, please read the following link: https://roguemedia.co/2019/11/02/making-the-switch-to-encrypted-emails-2/

Best/Top Chatroom Service Providers:

Voice Over Internet Protocol (VoIP):

While VoIP services are not necessarily essential for everyday phone use, they do offer critical protections for political activists, journalists, researchers and citizens living under oppressive regimes all around the world. VoIP stands for Voice over Internet Protocol, which is just a fancy way of saying they transport all calls and messages over established internet connections, rather than routing them through your telecommunications or phone service provider – such as AT&T or Verizon.

In areas like the United States and European Union, VoIP services are important to own because they prevent your data from being intercepted, recorded or stolen by telecommunications companies and other interested 3rd parties, such as Governments, thus protecting any information you send across the wires. VoIP services also offer the ability to encrypt messages or calls between like users, further protecting customer privacy. By comparison, both of these options are unavailable on standard text messages or phone calls straight from your phone provider. In politically oppressive countries around the world, VoIP services are even more important because they offer a critical means to bypass Government imposed restrictions or blockades on national telecommunications on a local level, while also allowing users to make international calls entirely for free.

While this might sound a bit complex or advanced, once installed, operating a VoIP connection/application is no more different or complicated than making a regular phone call or sending traditional text messages. Instead of using your normal texts messages or phone App, you simply download a VoIP App and log into that to make/receive calls and texts – it’s literally that easy. Lastly, VoIP connections offer a secondary means to reach your contacts, should your phone lose service, go out of cell tower range or come under blackout. Rather than relying on the signal strength of your network service provider of choice, all you need is an active internet connection to utilize a VoIP services.

The Best/Top VoIP Service Providers:

 

Criteria To Consider When Purchasing A VPN

I read somewhere recently that there are over 500 VPN companies world-wide in 2019, but what really separates one from the other? How can you be sure which company is best? Well, yesterday I came across this list from Comparitech Privacy Advocate and Raul Bischoff, which is think constitutes the best explanation I have seen to date – which is why I am republishing it here today.

Please note that VPN’s are not a tool for criminals, they are tool through which you can protect your own fundamental rights to freedom and privacy – rights which Governments all around the world are slowly but surely trying to take away from us. So, when you read about Anonymous forms of payment below, this doesn’t mean researchers are trying to show you something dark or illegal, but are rather pointing out which companies are willing to go the furthest to protect your data, identity and privacy – ideals which should be at the heart of any/every VPN specific company. After-all, this is literally the only purpose a VPN serves.

1.) Traffic logging policy: Traffic logs refer to records of user activity and the content they viewed while using the VPN. A VPN provider should have no traffic logs of any sort whatsoever.

2.) Metadata logging policy: This refers to logs that contain the source IP of users. Not considering bandwidth or timestamp logs, which contain no identifying information.

3.) VPN protocol: Must use a secure VPN protocol such as OpenVPN, L2TP, SSTP, or IKEv2.

4.) Channel encryption: Must use the AES 128-bit algorithm or higher.

5.) Authentication protocol: Must be SHA256 or better. SHA1 has vulnerabilities, but HMAC SHA1 is arguably still safe and doesn’t suffer from collisions, so points are not deducted for HMAC SHA1.

6.) Key exchange: RSA and DH keys must be 2,048-bit or higher.

7.) Perfect forward secrecy: Session keys cannot be compromised even if the private key of the server is compromised.

8.) DNS leak protection: DNS leak protection must be built into the provider’s apps.

9.) WebRTC leak prevention: WebRTC leak prevention must be built into the provider’s apps.

10.) IPv6 leak prevention: IPv6 leak prevention must be built into the provider’s apps.

11.) Kill switch: VPNs should have a kill switch that halts traffic when the VPN connection drops is a must.

12.) Private DNS servers: The provider must operate its own DNS servers and not route DNS requests through the default ISP or a public provider such as OpenDNS or Google DNS.

13.) Servers: Physical server are preferred.

14.) Anonymous payment methods: Accepting Bitcoin as payment earns the point, but also take note of those who accept gift vouchers and other cryptocurrencies.

15.) Torrenting policy: Downloading via BitTorrent must be allowed.

16.) Country of incorporation: Special consideration if a VPN is incorporated outside of the 14 Eyes: Australia, Canada, New Zealand, the United Kingdom, United States, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.

Learn More – Data Servers v Country of Origin: https://roguemedia.co/wp-content/uploads/2019/10/Data_v_Country.pdf

Read Full Doc:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/10/Data_v_Country.pdf”]

** If you cant navigate the document, hover your mouse over the pdf (above) and notice the up and down arrows at the bottom left. These will help you flip through the pages **

 

Online Tutorial: Building & Selecting Safer Web Browsers

As I was going about re-configuring my website and domains earlier this week I noticed something very interesting, while my SSL Certificate was in the process of being authenticated I was able to access my unsecured website on every web browser except for one; Mozilla Firefox – which would not allow me to connect to the web page in order to keep me protected.

Just so you understand what I am talking about here, browsers like Microsoft Edge, Google Chrome and Apple Safari will all freely allow you to access a web page which has the potential to compromise your security – including websites which do not have an authenticated or verified SSL Certificates. This is because these web browsers are configured to be “convenient” and easy to use, security is either nonexistent or an afterthought on these particular browsers. With that said, there are a number of web browsers out there specifically designed around security, which also happen to be equally as easy to use/operate. Here are some of those browsers, along with some other helpful information to help you make more informed security choices online in the future.

Mozilla Firefox

Mozilla Firefox is considered by some to be the world’s most secure web browser. I say “some” specifically because many people would argue that Tor is actually the most secure browser out there. However, without Mozilla Firefox the Tor browser wouldn’t even exist. This is because Tor uses the source code of Firefox as the foundation to build their browser. As for why I personally consider Firefox more secure than Tor, this is because the DarkNet is inherently a much more dangerous place than the ClearNet, and you can’t access the DarkNet or Deep Web on Mozilla Firefox alone. Browsing through and interacting with the Deep Web, even while using Tor, naturally puts you and your security at a much higher risk.

What makes Firefox particularly unique is that much like WordPress.com, the browser allows you to install various Add-Ons, extensions or plugins that can help you maximize your security. For the purposes of this article, if you are going to use Mozilla Firefox, I highly recommend that you install NoScript, HTTPS Everywhere, Ad Blocker Ultimate and Disable WebRTC connections. There are more plugins than I could possibly mention here, those are just some of the most important ones you can install specifically in terms of online security.

WebRTC is a little talked about “glitch” that allows third parties to circumvent your security and compromise your systems, even when you are using a VPN or Proxy service. As of today, Mozilla is the only web platform I am aware of that allows you to disable all WebRTC connections entirely. By comparison, other browsers like Google Chrome literally ban people from disabling WebRTC connections through their browser, as to allow US “authorities” like the NSA and FBI to more easily hack and track users online if need be. However, non-Government hackers exploit WebRTC all the same as Federal hackers, and for all the same reasons.

Download Firefox Here: https://www.mozilla.org/en-US/firefox/download/

Tor

I understand that the Tor Browser has gone on to develop a slightly negative reputation in today’s society but, believe it or not, the Tor Project was first developed by and still receives a majority of its funding from the United States Department of Defense. It is important to understand that even though some people use Tor to do some pretty bad or illegal things, just like anything else in life, the browser is only what you make of it.

Tor was not developed for criminals, it was first developed by the US Government in order to keep agents, operatives and members of the Armed Forces safe and secure online. It just so happens that over time the browser and its systems were hijacked by criminals and terrorists alike, whom also need to remain hidden and secure online for many of the same reasons as Government employees.

The Tor browser works by bouncing your internet connection through thousands of individual “proxy servers” around the world on a perpetual randomized time loop. At any given moment in time your internet connection could be bouncing from Thailand to Venezuela to Canada and theoretically anywhere in between, concealing your computers identity and making your internet activity essentially impossible to trace. In addition to redirecting your internet traffic away from the eyes of your Internet Service Provider, it also conceals the IP Address of the computer you are using behind a proxy. This is particularly important/valuable for political activists and human rights defenders living in oppressive countries all around there world, where peoples online activity can get them arrested or killed. Since the browser directs all of you online activity to different countries around the world, this allows activists to remain hidden from their Governments while also granting them access to any sites banned or restricted by their respective Governments.

It is important to note that Tor is perhaps the best web browser at preventing or deflecting an active hacking attempt against your computer. However, I would never use Tor for things like credit card transactions or editing/customizing your personal website. This is because anytime you are using a proxy you are using someone else’s connection. While this may hide your internet activity from 3rd parties, it makes you internet activity available specifically to the owner of whatever proxy server you happen to be using at that time, and not every proxy server exists with honorable intentions – though “most” Tor exit node operators tend to be trusted activists.

Download Tor Here: https://www.torproject.org/download/download-easy.html.en

Opera

Opera is a little known web browser that has traditionally had a minuscule following throughout the past. However, in 2016, Opera started to gain a more main stream following, particularly with the cyber security community, after the browser started to become standard with a built in VPN. This means that the Opera browser stands in front of your computers IP Address while you browse the internet and your activity will remain hidden from your Internet Service Provider and/or 3rd parties. While the VPN is far from the strongest of safest on the market, it is still a very unique feature that has helped the browser grow in popularity over the years.

Download Opera Here: http://www.opera.com/

Epic Privacy Browser

One of the newer browsers on the market, Epic is specifically designed around online security. Each time you close the browser all of your cookies and tracking information is automatically deleted, preventing any websites from remembering or recording your previous activity. Similar to Opera, the Epic Privacy Browser also connects your computer through the companies own servers, acting as a proxy service for your device. This prevents any hackers/websites from recording the IP Address of the device you are using to browse the internet. Additionally, much like Mozilla, the browser will not allow you to connect with or access any site that does not have a recognized SSL Certificate.

Download Epic Here: https://www.epicbrowser.com/

Browser History, Cache & Cookie Management

If someone gains access to your computer for malicious reasons one of the first things they are going to want to do is check your browser history to gain access to websites and accounts that you frequent the most. Just think for a moment about all the pages you visit online, that you do not need to log into every time you visit. While this may be convenient for your personal browsing habits, it is also very convenient for hackers.

For this reason, you should always delete your browser history and clear all browser cookies on a fairly regular basis. You would be surprised to know how much information your browser stores/remembers about you, until you delete it all. Please note that some browsers offer to delete cache and cookies through the settings menu and some anti-virus programs also offer to do the same. However, if you cannot find or do not own these programs, one of the best programs to clear history, cookies, cache and everything else is known as CCleaner and it is completely free and open source for anyone to own. The “C” in CCleaner literally stands for “Crap,” because the program deletes all of the useless crap your computer happens to store about you. The program itself is entirely free to own, but it is one of the most effective programs on the market. For example, even multi-billion dollar tech companies are known to use the program on a regular basis.

Download CCleaner Here: www.ccleaner.com/download

Online Tutorial: Phone Security

1.) Encryption

Encrypt your entire Operating System (OS). Phone encryption is the first line of defense for whichever phone you happen to use, ensuring that no one can even so much as turn on your device without the proper credentials. It is important to understand that encrypting your phone and setting a screen lock for it are not the same thing. It is also important to understand that, depending on the type of phone you have and who manufactured it, screen locks can be bypassed by 3rd parties – such as hackers – as well as through different back-doors found within various software applications/programs you’ve installed on it. Encrypting your phone on the other hand encrypts your entire operating system all at once, requiring password authentication for the phone to even boot up and power on in the first place – ensuring that no App, program or file can be exploited or corrupted to gain full access to your phone.

Depending on what type of phone you have, your settings might come with a built in feature allowing to encrypt individual Apps. If not, you can install a firewall application for that – more on this later on in the article. If you are unfamiliar where to find your phones encryption options, they are available in the “security” section under the main settings menu. Please note that it can take an hour or more to fully encrypt your phone, so it’s important to always begin with a fully charged battery.

Select an appropriate screen lock. Screen locks are a different form of encryption in a sense, ensuring that no one can use/operate your phone when you lose it, are away from it or leave it out in public. As far as how you set it up, there are 4 different options to choose from – each one having its pro’s and cons.

  • Password Lock. Users will be required to enter a unique password consisting of letters, numbers and symbols to unlock your device. Personally, I believe password protection to be by far the most secure of all options. However, for the same reason, it could be considered the most “inconvenient, because it requires the most amount of time/attention to enter every time you wish to unlock your device.
  • Pin Lock. Pin locks work exactly like password protections, only they exclude letters and symbols. Meaning that users will be required to enter a pass-code of random numbers in order to unlock your phone. For the very reason that pins exclude letters and symbols, they are a little less secure than passwords, exponentially decreasing the theoretical number of guesses it would take to crack/unlock your device.
  • Pattern Lock. I am finding that this is becoming the most “trendy” screen lock these days, simply requiring users to use their fingers to “connect the dots” and draw a unique pattern on the front of their screen before it unlocks. However, I find pattern locks to be less secure than some of the other options, because there is a much higher probability of successfully drawing a random pattern to unlock a device than their is guessing an advanced password or pin.
  • Biometrics. The newest “craze” is security is using your own fingerprints, eyes, face or facial expressions to unlock different devices. However, while these options may be the most convenient and fastest, they are also by far the least secure. I say this because multiple studies have proven how easy it is to trick biometric security measures, and often times the pictures off your own social media accounts are enough to bypass them.

Password/Pin protect your SIMor SSID card. It is important to understand that encrypting your operating system and setting a screen lock will do nothing to protect your data cards or memory chips, securing those is an entirely separate matter. So lastly, you are going to want to encrypt/password protect your SIM and/or SSID card. To do this simply enter into the security options within your phones main settings menu, find/select your memory chips and create a unique pin lock for them. This ensures that no matter where your memory chip goes or whatever phone/device it’s plugged into, no one will be allowed to access your contacts, photos, videos, messages, files or data without entering the correct pin code first.

If you would like help learning how to build strong and easy to remember passwords to encrypt your accounts/devices, please read more in the tutorial provided below.

How To Write Un-Hackable Passwords: https://roguesec.co/how-to-write-un-hackable-passwords/

2.) Firewalls

Some phones come pre-installed with various firewall options, but if yours does not then there is a sizeable number of firewall Apps to choose from. Firewalls are critically important to security because they allow users to seal off or block different Apps, limiting the possible points of entry for hackers or other 3rd parties. Depending on the type of firewall you select, you may also have the option to encrypt individual Apps on your phone, adding a 4th layer of encryption to your device while ensuring that even if someone is able to unlock it, they will not be allowed to use selected Apps without further permissions. This is particularly important/helpful if you utilize different types of chatrooms, group chats for work or VoIP services.

Perhaps most importantly, firewalls severely limit potential abuses of your phone. You can select different options to completely seal off individual Apps altogether, or seal off different settings/areas of your phone from outside sources.Not only does this prevent hackers from using selected Apps to compromise your phone, but at the same time it prevents App owners themselves and other 3rd parties from gaining access to your phone all the same. Firewalls also protect against unwarranted data collection of your phone, including call/text history and general phone usage. More importantly, building a strong firewall and sealing off selected Apps can free up memory space/data usage, both speeding up your phone and saving battery life. If there are Apps on your phone that you’ve never used a single day in your life, or you feel may be spying on you/invading your privacy, simply use your firewall to disable them altogether with the click of a button.

On a similar but side note, never blindly give every App different permissions just because they ask for them. For example, when first navigating a new phone you might find that you are regularly asked to allow different Apps to do random things, such as collect data or record audio/video. It might seem harmless, but think about it for a second. What the hell does the Google Chrome web browser possibly need to record audio for? The simple answer is it doesn’t, you are only being set up to have your phone hacked by authorities and/or law enforcement officials at a later date in time – should they ever feel the need. By checking these options and blindly granting permission to different Apps, your are secretly granting 3rd parties the permission to ‘flip the switch‘ so to speak and turn your phone into a spy/recording device whenever they want. So, don’t fall for it. There is literally no need to give different developers that much permission over your phone.

3.) Manage Security Certificates

Similarly, you should seriously check out the security certificates or “Trusted Credentials” list which came pre-installed on your phone. On my Android ZTE for example, my phone was handed to me with over 100 different security certificates installed on it, some of which grant different Government agencies/offices direct root access to my phone without requiring legal documents or warrants of any kind – no exaggeration. You might not have been told about this when you bought your phone, buy they are there. Just a short list of some of the organizations which have direct root access to my phone; China Financial Certification Authority, CyberTrust, Deutsche Telekom, Hellenic Academic Research Institute, HongKong Post, Japanese Government, VISA, TurkTrust,Wells Fargo, as well as countless other organizations operating under different Government umbrellas.

Thankfully though, you do have the ability to revoke these certificates/permissions if you like. Simply find where these certificates are under your settings menu and disable whichever ones you desire. Just note that disabling some of the most fundamental ones, such as those issues by your telecommunications provider, may break access to different areas of your phone – but this is always reversible.

4.) Internet Security & Antivirus

Most people are always surprised to learn that the same measures used to secure your computer can often times be transferred directly to your phone, this includes things like VPN’s and antivirus. For the purposes of this section of the article, I would like to discuss different measures you can install to help protect your phone and keep your data that much more private/secured.

  • VPN’s: I am not going to get into a breakdown of what VPN’s are and how they work, it is just important to understand that you can install and utilize a VPN connection on your phone all the same as a computer. If you already own a paid VPN account, simply install the service providers App on your phone and establish a new connection through it. Your IP Address and internet connection will be secured all the same, just note that the internet speed of your phone will be effected a little more significantly than a computer, simply because a phone can not process as much information as fast as a computer can.
  • Proxy’s: It is another common misconception that you can’t utilize proxy connections or the Tor network on your phone, this is simply untrue. You can either hide your IP address and internet activity by installing the Tor App directly, or you can install something known as Orbot – developed by The Tor Project. Orbot transfers all data/network activity from your phone across various tor relays, essentially turning the Tor network itself into a giant VPN connection/encryption setting for all of your data and every last thing you do on your phone. Unlike Tor, Orbot doesn’t just simply protect internet activity – even the Apps developers profess itself to be a “full phone VPN.
  • Re-Route DNS: Another way to protect against data spying, 3rd party abuses or intrusive hackers is to re-route your DNS through different service providers. For example, I personally route all of my network activity through Cloudflare DNS servers for added privacy and security. IBM’s Quad 9 DNS service is another good option, blocking you from gaining access to known malicious websites while preventing your device from ever becoming part of or wrapped up in a botnet. You can do your own research to find other options which may be more suitable, but another popular option is Google’s public DNS service.
  • Install Different Browsers: Just as with computers, you can choose a whole host of different browser options, many of which are far more secure and private than Google Chrome or the built in web browser found on your phone. If you would like to learn more about browsers, as well as the different/added benefits of each, please utilize the following link: https://roguesec.co/building-selecting-safer-web-browsers/
  • Antivirus: Phone antivirus programs essentially work the same as computer antivirus’, only they are far simpler and much cheaper. A good antivirus program for your phone should cost anywhere from $2-5$ per month, and will protect your phone against malicious hyperlinks, scan all downloads for viruses, as well as prevent all of the most common/basic forms of cyber attack. Some phone based antivirus service providers, such as Kaspersky Lab, also come with built in VPN connections to secure your internet activity at the same time.

5.) VoIP Services

While VoIP services are not necessarily essential for everyday phone use, they do offer critical protections for political activists, journalists, researchers and citizens living under oppressive regimes all around the world. VoIP stands for “Voice over Internet Protocol,” which is just a fancy way of saying they transport all calls and messages over established internet connections, rather than routing them through your telecommunications or phone service provider – such as AT&T or Verizon. For this reason, VoIp services prevent your data from being intercepted, recorded or stolen by telecommunications companies and other 3rd parties, such as Governments, thus protecting any information you send across them. VoIP services also offer the ability to encrypt messages or calls between like users, further protecting your privacy. By comparison, both of these options are not available on standard text messages or phone calls. In politically oppressive countries, VoIp services offer a critical means to bypass Government imposed restrictions or blockades on national telecommunications. VoIP services also let you make international calls for free.

While this might sound a bit complex or advanced, once installed, operating a VoIP connection/application is no more different or complicated than making a regular phone call or sending traditional text messages. Lastly, VoIP connections also offer a secondary means to reach contacts, should your phone lose service, go out of range or come under blackout. Rather than relying on the signal strength of your network service provider, all you need to use VoIP services is an active internet connection.

The Best/Top VoIP Service Providers:

International Internet Censorship Care Package

For those of you who might be unaware, last month Egyptian voters allegedly passed new Constitutional Amendments that will allow Egyptian President Adbel Fattah al-Sisi to remain in power, unchecked, until at least 2030 – when the next round of national elections will take place. However, what has largely gone under reported is the fact that those same constitutional amendments also allow al-Sisi to block Egyptian based Internet Service Providers (ISP’s) from allowing access to over 34,000 websites – adding to countless other cyber/internet crackdowns enacted by the President over recent years.

Learn More – NetBlock Report of Egyptian Internet Censorship May 2019: https://netblocks.org/reports/egypt-filters-34000-domains-in-bid-to-block-opposition-campaign-platform-7eA1blBp

In response to these new amendments, and in addition to several other crackdowns against internet freedoms and freedoms of the press/information in and around Egypt, I’ve decided to release an internet based “Care Package” to the people of Egypt to better help them learn how to circumvent internet restrictions imposed by their President. Please share.

Egyptian Care Package Links/Tutorials:

Download Tor Browser: https://www.torproject.org/download/

Building & Selecting Safer Web Browsers: https://roguesecuritylabs.ltd/building-selecting-safer-web-browsers

Download Spybot Anti-Beacon: https://www.techspot.com/downloads/6747-spybot-anti-beacon.html

Top Free & Paid VPN Service Providers: https://www.cnet.com/best-vpn-services-directory/

16 Factors To Consider When Selecting A VPN Service Provider: https://roguesecuritylabs.ltd/criteria-to-consider-when-purchasing-a-vpn/

How & Why To Re-Route DNS Through Your Computer and/or Phone: https://roguesecuritylabs.ltd/how-why-to-re-route-dns-through-your-computer-and-or-phone/

CgAn Internet Censorship Care Package: https://www.cyberguerrilla.org/blog/anti-censorship-carepackage/

Encrypted Chatrooms & VoIP Apps: https://roguesecuritylabs.ltd/encrypted-chatrooms-voip-apps

Making The Switch To Encrypted Emails: https://roguesecuritylabs.ltd/making-the-switch-to-encrypted-emails/

Download ProtonVPN – Endorsed by Amnesty International: https://protonvpn.com/

Phone Security: https://roguesecuritylabs.ltd/phone-security

Operation Security by UnknownPress: https://iamanonymous.com/dont-be-burnt-toast-unknown-guide-to-operation-security/

How To Keep An Anonymous Identity Online: https://anonhq.com/anonymous-security-guide-2-0/

Investigative Report: How Mass Surveillance Works Inside China

(HRW) – Chinese authorities are using a mobile app to carry out illegal mass surveillance and arbitrary detention of Muslims in China’s western Xinjiang region. The Human Rights Watch report, “China’s Algorithms of Repression’: Reverse Engineering a Xinjiang Police Mass Surveillance App,” presents new evidence about the surveillance state in Xinjiang, where the government has subjected 13 million Turkic Muslims to heightened repression as part of its “Strike Hard Campaign against Violent Terrorism.

Between January 2018 and February 2019, Human Rights Watch was able to reverse engineer the mobile app that officials use to connect to the Integrated Joint Operations Platform (IJOP), the Xinjiang policing program that aggregates data about people and flags those deemed potentially threatening. By examining the design of the app, which at the time was publicly available, Human Rights Watch revealed specifically the kinds of behaviors and people this mass surveillance system targets.

Download Full Report: https://www.hrw.org/sites/default/files/report_pdf/china0519_web3.pdf

Our research shows, for the first time, that Xinjiang police are using illegally gathered information about people’s completely lawful behavior – and using it against them,” said Maya Wang, senior China researcher at Human Rights Watch. “The Chinese government is monitoring every aspect of people’s lives in Xinjiang, picking out those it mistrusts, and subjecting them to extra scrutiny.

Human Rights Watch published screenshots from the IJOP app, in the original Chinese and translated into English. The app’s source code also reveals that the police platform targets 36 types of people for data collection. Those include people who have stopped using smart phones, those who fail to “socialize with neighbors,” and those who “collected money or materials for mosques with enthusiasm.

The IJOP platform tracks everyone in Xinjiang. It monitors people’s movements by tracing their phones, vehicles, and ID cards. It keeps track of people’s use of electricity and gas stations. Human Rights Watch found that the system and some of the region’s checkpoints work together to form a series of invisible or virtual fences. People’s freedom of movement is restricted to varying degrees depending on the level of threat authorities perceive they pose, determined by factors programmed into the system.

A former Xinjiang resident told Human Rights Watch a week after he was released from arbitrary detention: “I was entering a mall, and an orange alarm went off.” The police came and took him to a police station. “I said to them, ‘I was in a detention center and you guys released me because I was innocent.’… The police told me, ‘Just don’t go to any public places.’… I said, ‘What do I do now? Just stay home?’ He said, ‘Yes, that’s better than this, right?

The authorities have programmed the IJOP so that it treats many ordinary and lawful activities as indicators of suspicious behavior. Some of the investigations involve checking people’s phones for any one of the 51 internet tools that are considered suspicious, including WhatsApp, Viber, Telegram, and Virtual Private Networks (VPNs), Human Rights Watch found. The IJOP system also monitors people’s relationships, identifying as suspicious traveling with anyone on a police watch list, for example, or anyone related to someone who has recently obtained a new phone number.

Based on these broad and dubious criteria, the system generates lists of people to be evaluated by officials for detention. Official documents state individuals “who ought to be taken, should be taken,” suggesting the goal is to maximize detentions for people found to be “untrustworthy.” Those people are then interrogated without basic protections. They have no right to legal counsel, and some are tortured or otherwise mistreated, for which they have no effective redress.

The IJOP system was developed by China Electronics Technology Group Corporation (CETC), a major state-owned military contractor in China. The IJOP app was developed by Hebei Far East Communication System Engineering Company (HBFEC), a company that, at the time of the app’s development, was fully owned by CETC.

Under the Strike Hard Campaign, Xinjiang authorities have also collected biometrics, including DNA samples, fingerprints, iris scans, and blood types of all residents in the region ages 12 to 65. The authorities require residents to give voice samples when they apply for passports. All of this data is being entered into centralized, searchable government databases. While Xinjiang’s systems are particularly intrusive, their basic designs are similar to those the police are planning and implementing throughout China.

The Chinese government should immediately shut down the IJOP platform and delete all the data that it has collected from individuals in Xinjiang, Human Rights Watch said. Concerned foreign governments should impose targeted sanctions, such as under the US Global Magnitsky Act, including visa bans and asset freezes, against the Xinjiang Party Secretary, Chen Quanguo, and other senior officials linked to abuses in the Strike Hard Campaign. They should also impose appropriate export control mechanisms to prevent the Chinese government from obtaining technologies used to violate basic rights. United Nations member countries should push for an international fact-finding mission to assess the situation in Xinjiang and report to the UN Human Rights Council.

Full 78 Page Research Presentation:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/05/china0519_web3.pdf”]


This article was originally published by Human Rights Watch on May 2nd 2019. It was republished, with permission, using a Creative Commons BY-NC-ND 3.0 US License, in accordance with the Terms & Conditions of Human Rights Watch | Formatting edits, Teets, Videos and pdf added/embedded by Rogue Media Labs

Online Activists Begin Spreading Around #OpFrance Care Package 2018

In response to the recent wave of protestors taking to the streets in participation with the #YellowVest movement and in support for those partaking in #GiletesJaunes online, similar in nature to the #OpISIS care package of 2016, online activists working in coordination with Anonymous have begun circulating an #OpFrance care package throughout the course of this week. Found below, the care package instructs internet users how to keep a safe, secure and private identity online, along with instructions on how to go about doing so.

The care package itself is rather straight forward in nature, but in its spirit I too will release some more information on how to secure yourself online.

OpFrance Care Package: https://pastebin.com/hrTA8UKK
How To Keep an Anonymous Identity Online: https://anonhq.com/anonymous-security-guide-2-0/
Cyber Security Tutorials: https://roguesecuritylabs.ltd/online-tutorials/

https://twitter.com/yellowvestanons/status/1072798051914403840?s=19

370 NordVPN Accounts Hacked/Leaked Online

Rogue Security Labs has managed to uncover the email addresses and login passwords to approximately 370 paid/premium accounts allegedly attached to the NordVPN service. The hacked accounts were compiled from a string of 4 different leaks, from 3 different hackers across Syria, Japan, and Denmark over the course of October 26th to November 6th 2018. In addition to releasing customer login information, hackers also released a new ‘hack’ used to exploit different functions of PayPal through faked email addresses in order to trick companies like Nord into providing them with free VPN service. To uncover more about the incident, as well as how/where the hackers got the information the first place, Rogue Security Labs has attempted to make contact with each of the parties responsible for the leaks, but all parties have declined comment. Upon further investigation however, there appears to be no known ties behind each individual involved.

As of November 8th 2018, NordVPN has been notified of the leaks and in a statement to Rogue Security Labs made it clear that their company and service has “never been breached” and that “any accounts available online are not leaked from our servers, but matched from other databases available online.” Research into the breach is still ongoing. If you are worried that your account might have been compromised, you are advised to reach out to NordVPN customer support for more information. The problem can also be mitigated by simply changing the login password to your account itself as well. Additionally, if you use the same root password for your Nord account as you do your email or any other service, you are advised to change this as well.

** Due to the number of civilian customers/accounts involved, Rogue Security Labs has declined to share the original leaks with the general public. **

 

 

 

CPU/Internet Security While Traveling Abroad

Make no mistake, if you do not utilize a VPN when using public internet or a foreign Wi-Fi connection, while you might not be hacked every time, you are certainly rolling the dice with your personal security. This is because once you are on a shared network your computer becomes visible to anyone else using that network. Shared network connections also make it exponentially easier for hackers to find, hack and even remotely access any devices shared by that network. The more open the network, the more people that use it and the more public the place, the greater your risks are.

Regardless if you are using your own internet connection or you’re in a foreign country, a good anti-virus software and strong firewall rules should detect and/or block any file changes to your systems, preventing an attack from infecting and spreading on your device. Therefore, purchasing good anti-virus software is the simplest thing you can do to protect your computer, especially when traveling abroad or foreign/un-trusted connections. A good anti-virus should only cost you around $40 a year, well worth the price for the protection it provides. As for your computer’s firewalls, you can freely adjust these settings by simply typing “firewall” into your computers search menu – more on that later on.

VPN’s

It is important to note that an anti-virus program will only prevent an attack from spreading on your device. When it comes to preventing an attack from finding your device in the first place, this is where a “Virtual Private Network,” commonly referred to as a “VPN,” comes into play. For those of you whom might be unfamiliar, VPN’s work by redirecting all of your “internet traffic” through a “proxy server” – allowing you to access the internet from an end-point you desire/trust.

While this might sound like incredibly complicated “computer lingo,” it is actually quite simple to understand. Say you make your home in New Hampshire, but you are traveling to Egypt. A VPN will allow you to connect to the internet in Egypt, then use that connection to find and connect to your home’s Wi-Fi router – transferring everything you do online through it, rather than through some random router in the middle of Egypt. Once connected, the location of your computers “IP Address” and your internet activity will remain hidden/encrypted behind your home router; aka your VPN.

To put it another way, even when you use a Wi-Fi connection in Egypt, or anywhere else in the world for that matter, your computer will only be physically accessing “the Internet” from New Hampshire. So, even when you are using the internet on the ground in Egypt, it will be as if you were on your computer back at home – because you will literally be using the same network connection in either instance.

Still Following?

There are two different ways you can go about setting up a safe and secure VPN or Proxy Server for your computer. The first will cost you money, but is far simpler. The second is completely free, but it is rather “involved” and you will have to put in a lot of time and effort to do the research for yourself.

Before I go any further, I could not advise strongly enough against free VPN services; you should NEVER install a free VPN program or App on your devices. With that said, there are a number of established and trusted VPN Service Providers out there. A good service will cost you anywhere from $40 – $120 a year to use and a simple Google search return will direct you to some of the industry’s biggest names. While researching paid VPN providers, you should always look for companies that either do not record or regularly delete user logs. Country of origin is another critical factor when selecting a service. VPN service providers operating out of countries like the United States, Russia, Egypt – et cetera – are not to be trusted because the laws in these countries allow for their governments to compromise VPN servers fairly easily. On the other hand, VPN’s operating out of countries like Switzerland and Belgium tend to be trusted because laws in these European countries protect customer privacy and business confidentiality, and require their Governments to go in front of courts and present valid legal arguments for companies to hand over their data – if any such data is ever recorder or logged in the first place.

The second option, learning how to build and install a VPN on your own device, gets a bit “technical” at times, but setting up your own VPN connection does make your computer far more secure than any service you could possibly purchase – no exaggeration. For the purposes of this article I will not explain how to install a VPN or use your home’s Wi-Fi router as a proxy server, instead I would direct you to YouTube or Google, where you can find a number of good tutorials on these subjects.

Getting ‘Into The Weeds’ A Bit Now…

The existence and use of VPN’s has become somewhat controversial over recent years. For example, countries like the United Arab Emirates, China and Russia have made VPN ownership illegal. Other countries including Saudi Arabia and the United States have even made VPN ownership alone grounds for criminal investigation in certain cases. Meaning that you wont necessarily be arrested just for buying or using a VPN service, but you may be investigated over what you were using it for. Once again, the old “Federal Saying” on these matters hold true – “if you have nothing to hide, then you have nothing to fear.

However, there is a simple way to avoid all of this. Learning how to build you own VPN connection is 100% legal and considering that you would be doing everything for yourself, on a computer and router you already own, no one would ever know or need to know that you are using a VPN in the first place.

There is also a slight difference in the fact that purchasing a VPN will hide all of your internet activity from your internet service provider, whereas if you create your own VPN connection and use your home router all of your online activity remains visible. The only drawback to creating your own connection is that your personal IP Address will remain visible and out in front of all your network activity, whereas a purchased VPN will use the companies private servers, thus concealing your IP Address behind theirs – acting as an extra layer of security.

With that said, earlier I stated that building your own VPN is far more secure than anything you can purchase. This is because a VPN you build will simultaneously protect all of the files on your computer, something a purchased one does not. A purchased VPN will only conceal the location of your computer, it literally does nothing to prevent, stop or fix a cyber-attack against it.

It is also important to understand that VPN’s are not just for computers; they are available on all devices – even phones. Put another way, VPN’s are available on any device you can use to access the internet.