The Art of Invisibility - Book Notes

"Rule number 1 about being invisible: you can't ever link your anonymous online persona with your real-world persona. You just can't."

What You'll Learn

Protect your data with good password management
Hide your true IP address from places you visit
Obscure your computer from being tracked
Defend your anonymity
Encrypt and send secure Email

Programs & Tools

Immersion - Created at MIT for email metadata analysis
Anonymous remailer - Mask email's IP address
Signal - VoIP system for mobile phone providing E2E encryption
Geo Test - Check if your browser is reporting geo-data
Panopticlick - Check if your browser is safe against tracking (built by EFF)
NoScript - Add-on blocks everything that can harm your computer/browser (for Chrome use ScriptBlock)
HTTPS Everywhere - Add-on forces HTTPS connection to encrypted if available
CanvasBlocker - Blocks canvas fingerprinting (for Chrome use CanvasFingerprintBlock)
Adblock Plus - Ad-removal plugin
FOCA [Windows] / Metagoofil [Linux] - Extract metadata from files (photos, docs)
Shodan - Web search engine exposing Internet-connected devices
KeySweeper - Intercepts signals sent from keyboard to computer
VeraCrypt - Disk encryption software
SyncStop - USB data blocker
PGP Whole Disk Encryption - From Symantec
ProxyHam / ProxyGambit - Hardware proxy devices
Google Advanced Search - For finding exposed devices and information

Key Notes

Messaging & Communication

When downloading any app for text messaging from app store, look for OTR (Off-The-Record) messaging, which is a higher-standard E2E protocol.

Private Browsing

Private browsing doesn't create temporary files, and therefore it keeps your browsing history off your laptop or mobile device.

Emulate Geolocation Coordinates

While in Chrome, press Ctrl+Shift+I on Windows or Cmd+Option+I on Mac to open the Chrome Developer Tools. The Console window will open, and you can click the three vertical dots at the top right of the Console, then select More Tools > Sensors. A sensor tab will open. This allows you to define the exact latitude and longitude you want to share.

MAC Address

To stay invisible, the MAC address should be changed each time you connect to the wireless network so your Internet sessions cannot easily be correlated to you.

Image Metadata

Certainly the metadata inside your image files can be used to locate you. EXIF data in a digital image contains:

The date and time when the picture was snapped
The make and model number of the camera
Longitude and latitude of the place

Device Tracking

Accelerometer device (chip) is responsible for determining the orientation of your device, whether you are holding it in landscape or portrait view. This can be used for fingerprinting.

Physical Surveillance

Automated License Plate Recognition (ALPR) technology is used by law enforcement to recognize vehicles.

IoT Security Risks

An attacker can use Google filters to search for "D-Link Internet cameras." The attacker can then look for the models that default to no authentication, then go to a website such as Shodan, click a link, and view the video streams at his leisure.

Useful Links

Key Takeaways

Never link your anonymous online persona with your real-world identity
Use end-to-end encryption for all communications (Signal, OTR messaging)
Remove metadata from files before sharing (EXIF data from photos)
Change your MAC address regularly when connecting to networks
Use browser extensions to block tracking (NoScript, HTTPS Everywhere, CanvasBlocker)
Be aware of IoT device vulnerabilities and default credentials
Understand that even seemingly innocuous data (accelerometer, geolocation) can be used for tracking