Direct Link to this post: http://g66ol3eb5ujdckzqqfmjsbpdjufmjd5nsgdipvxmsh7rckzlhywlzlqd.onion/post/04c094b1aa6253f9e97e
The donation address at the bottom of the post is NOT my address, it is that of the creator of this post. Screenshots at the bottom of the post.
mason's OpSec-Guide Part 2!
[<---Part 1]⚠️ [<---Part 2]⚠️
Sorry fort the wait! This Guide of mine is split into multiple parts. This is part 3, the last. Don't wonder, I've teased parts of it with this account as well as /u/thenarrator (I don't use that account anymore though). Have a nice read! Donations are welcome, as this was a bit of work, look at the bottom of each post for my XMR address.
Section 3 - Stylometry
In this section we will talk about Stylometry/forensic linguistics.
What is stylometry?
As you may have noticed in e.g. your SMS inbox,
Person X has a different style of texting than Person Y. This makes it possible
to determine who a text is from, at least to a certain degree. If I showed you two texts
from your SMS inbox you would likely be able to tell me which one is from your girlfriend
and which one is from your dad.
This can be used to fingerprint you and even lead back to you IRL in the worst case scenario.
Within the LEA-Offices they call this writeprint. They try to match a text
to an author, or gain information about the authors ethnicity, age and so on.
They look out for grammatical errors, formatting/structure, your word choice
and the general characteristics of your text.
What can you do to defend against this method?
Think about which style of writing in your texts stand out, for example try to eliminate
differences between UK and US english OR use such to your advantage through misinformation.
Think about the structure/format of your text and try to change it compared to e.g. clear-net
excerpts written by you.
Think about using a plugin you trust to correct any grammatical or spelling errors.
Think about who you imagine as the author of your text, for example: If you are rather
young IRL you could try to impersonate the writing style of someone 20 years older.
Think about reducing the amount of text accesible to compare to, if you were
to work for a newspaper IRL that creates the problem of offering the LE endless excerpts to
compare your (e.g.) forum posts on the DN to.
A further Idea you could come back to is translating your text multiple times.
Section 4 - Online Personas
What factors play into choosing a well-picked username etc?
Many of you probably heard of Ross Ulbricht AKA Dread Pirate Roberts.
In my eyes his username was very well chosen, it derives from a movie
called "The Princess Bride". There is a character named, well Dread Pirate Roberts
and in the movie there are multiple pirates who have passed down the title, ship etc.
to the following, so they could retire. In conclusion this may lead to LE thinking the
account is shared by multiple people or could be a nice resort in court, although
Ross was still caught as we know. (Obviously) it is also a good idea to choose
a username that doesn't connect you to your reallife identity, so for example
nothing containing your profession. Often used are movie characters or random
verbs/nouns just anything that can be remembered without leading back to you.
I encourage you to take some time and think about a really good one as if you
want to build reputation you will probably want to keep it HOWEVER if your just a
buyer on some DNMs than I wouldn't choose the same one on each market as there is
simply no reason to.
Neither should you publish ANY information that could help in identifying you,
speaking nationality, gender, profession, etc. just literally anything. Either spread
misinformation to build up a character or don't disclose any info:
There are multiple strategys you could use,
On one hand you post nothing to not much on forums,
Feds and potential threat actors have less to work with, on the other hand
if you are posting already, why not try to intimate a person from a different time zone
than your real one. For this think about when school ends or when 9to5 days end and post in like
a three hour time frame after that.
Section 5 - Offline-OpSec
Of course Online-OpSec is important, I don't want to question that.
Still not all of your life takes place digitally so you still have endless
possibilities to fuck something up in real life. In this section we will go over
some basic practices to take your "physical" OpSec one Level further.
Your device should always be in your reach. If you potray cases like
Ross Ulbricht or Alexandre Cazes it's almost funny how they got caught.
Both left their Laptop open and logged into their accounts.
Mistakes like these really make me question their psyche, did they think
they are unbeatable? I think you just become dull over time, many vendors on
/d/murderhomelesspeople have also said this...
Like I already mentioned while talking about FDE, as soon as
you step away from your Laptop shut it down! Many Laptops also have the option
to pretty easily unscrew their case/backplate. You could go as far as unplugging
the cable that conects to your internal microphone, and also think about covering your camera.
If you are a high level target I would even consider to never let your Laptop out of your sight,
maybe you are on Vacation and want to go out of your Hotel room to visit the city, in cases like these
I would definetly put my device in a backpack and take it with me to prevent a raid in the hotel room
where they could find the device and compromise it without me knowing. Situations like these should be a
real concern of yours and generally speaking, the more paranoid individuals last longer in freedom most of
the time. It is even advisable to leave the lights in your place on when you are away, so that LE might think
that someone is still at home.
Although practices like these don't ensure that e.g. a raid won't happen, I like
to think that factors like these reduce the likeliness of one happening. There are many basic rules of thumb
like this. For example you should also act low-profile. Don't go out in all designer with cash falling
out of your pockets, do shit like this in your four walls if you feel the need to do so.
Also prepare for "normal" questions asked by new friends so you don't have to think 40 seconds about what your profession is,
prepare a whole alias persona!
Shit like this should really be the norm, at least for people in possesion of a triple digit IQ. To identify more
potential risks think about what you would do to catch yourself and if you come across any weakpoints within
your OpSec practices eliminate them.
If you were to get caught with your Laptop (and also in other cases relating to crimes like many commit
on here, and not a parking ticket :D) don't try to defend yourself vocally. Say that you are going to remain silent
and are demanding an attorney, this way you won't incriminate yourself. In general it is advisable to stay calm,
in the heat of the moment many OpSec mistakes can happen and did (again e.g. Alexandre Cazes).
Or for example if you are a Vendor on a market and it is being attacked, take a deep breath, take a break
and relax! After regaining logical, rational thinking you can try to fix any given problem.
You've reached the current end!
If I have helped you in any way, or if you'd like to see more in-depth newbie friendly tutorials on important subjects in our community, any XMR contribution you can spare would be much appreciated :)
8BF2qMuVi19Mri8pvp8QJdRufDMFWWac9XAjD9fMaz8bg6AHjJmnPczGNqTMLHhZzbZKbmmDGqZKkQgWTBSmwZAgEapPjJB
