(Updated) Nerdy guide to security and hardware

Cheers Love! The IT support is here!
This series of articles should help you keep your electronic presence secure and your hardware choices optimal. I will also help you stay as anonymous as possible, together we will build a good PC/Laptop for your cam business and we will unravel the mysteries of TOR, cryptography & privacy settings on your brand new phone.


Topics we will definitely mention are:

  • Cryptography – Software and hardware based
  • E-mail phishing
  • GPS and localization
  • Phone/tablet/PC encryption
  • NFC
  • Human element
  • Cloud storage
  • Passwords
  • Hardware for entertainers
  • Exif data
  • Cookies
  • GPU computing
  • SSL Certificates

Background

My history with security is long and colorful. I’ve held many positions connected with IT security, for example last 3 years I was a head of IT in a dev company and before that I was a contractor for Lufthansa Airlines and other companies. I’ve been there, I’ve done that and I’ve seen shit.  I have created security training courses for the employees and to this day security/anonymity is my favorite topic to discuss (next to Dune, DnD, Blade Runner, porn, kittens, coffee…).

My first passion project was to create a personal OpenBSD home server made from scratch/trash. I succeeded but at the cost of formatting the wrong hard drive and losing my entire porn stash… Later, I burnt my fresh new Pentium 4 CPU. At the time it was a pretty damn expensive piece of hardware – gone in 3 seconds… These were the times 😉

Please remember tho, I`m not infallible and if you find a better solutions or a mistake in this guide feel free to correct me.

Why?

I was inspired by @Amy_taboo tweet asking for recommendations for her camming rig. Thanks, Amy 🙂 For me, the difference between i3 and i5 is clear but for someone who never had to build a workstation it can be difficult to choose a good hardware for the job. Another reason is my inner nerd who wants to share the knowledge with anyone who is willing to listen.

Without further ado…

Passwords

The primary way of securing your access is to use a strong password or even better: a passphrase. We are all guilty of using weak passwords like ‘password’, ‘123456’, a maiden name or the name of the dog. With the rapid growth of social pages, IMs and online businesses we tend to use weaker passwords (easier to remember) and even worse, one password in many places.

Think of your password as the key to your home. Of course it`s more convenient to use one key for every door you need to open but think of the consequences of such approach. If you lost the key you would have to change all the locks. Should a shady character make a duplicate key without you noticing you are in danger of having your livelihood compromised and we don’t want that. You should be careful how and where you keep and use your passwords. Sometimes even a freeze frame can expose your credentials so be aware of your surroundings when camming, posing or simply working.

Let`s break down the problem we are facing today.

Strong password/passphrase

To defeat your password hackers can use “brute force” or they can simply try to guess it if they believe they have enough information about you to do that. Basic mistake we make generating any password is to needlessly complicate it. We may think that “pu55y1990” is a good complex password but for a pass breaker it can take just 1h to crack it. You see, xkcd put it perfectly: “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.”.

So what passphrase is better? For example “Ilikeelectropoo!”. It`s uncommon, easy to remember, it has a capital letter and a special symbol. Think of a dictionary, it’s easier when you need to find a word, even very long and complex one, than to recreate the entire sentence.

Storing passwords – pass managers

First things first: sticky notes on the side of your monitor, especially in the shared space, are a big NO-NO. If you are a modern netizen you need to remember a number of passwords; for the bank, facebook, twitter, steam and so on. To help you with that, you can use the password manager or password vault. It securely stores you username and password and when a website, app or any other provider requires you to log in, the password manager can securely log you in.

Because your data is encrypted inside the password vault you don`t have to worry that someone unauthorized (e.g. a service man) will gain access to your private data (like he can when you have auto sign-in in your browser for Facebook etc.).

You may ask how to secure the vault. Master password is the answer. One password to rule them all. Make it easy to remember but difficult to guess and hack, “TwentyNakedBearsMaking69!” seems nice enough.

There are many password managers to choose from so don’t worry and just pick one.

Passwords 101

  • Never ever share your password with anyone (even if it’s your Mom, you can’t be responsible for her security habits)
  • Use passphrases, not passwords! “Whiskers99” is far less secure than “MyPussyLovesTheBooze”.
  • Use unique passwords/passphrases for different places.
  • Use password managers to store your credentials.
  • Sticky notes are a big NO-NO!
  • Have a backup plan in case you lose your password – make sure You have access to your password recovery e-mail.
  • Use two-step verification if possible (I’ll write about it in depth later).

Exif (meta)data – Images that speak

Exif (Exchangeable image file format) is a standard that specifies the formats for images, sound and ancillary tags used by digital cameras (including smartphones!), scanners and other systems handling image and sound files recorded by digital cameras.

This is our first meeting with metadata, pesky tags and things our hardware and software does “by default”. Exif is a standardized bunch of tags that help with categorizing, sorting and searching thru multimedia files. They can also be used to identify the owner or creator of the file. Beneath you can see some basic tags with corresponding data:

  • Description: DCIM\201MEDIA
  • Camera: Contour+2
  • Lens: 5 mm
  • Digital Zoom: 1.162109375× (Max aperture f/3.6) (shot wide open)
  • Exposure: Auto exposure, Program AE, 1/120 sec, f/3.6, ISO 235
  • Flash: No flash function

Not so bad, from the privacy stand point, some technical data about our camera but nothing critical. Let`s add two more tags:

  • OwnerName: Kinky Joe
  • Date/Time Original: 2013:06:13 19:52:52

Now, this starts to look uncomfortable. We have owner’s name or nick and specific date the photo was taken. With this data we can try to pinpoint the dates of the photo shoots and people involved, simple google or FB search can reveal more photos of this particular photographer or model. Now moving on to the biggest offender..

Geotagging

What exactly is Geotagging? Simply put, it`s attaching GPS data to Your images, recordings etc. While it can be great help for the professional photographer, it becomes a privacy concern for sexworkers and entertainers.

To understand how dangerous it is, let`s look at an example: You want to shoot some sexy selfies in your hotel room or home. You take your smartphone, you crop the shot to hide your face, you center the shot on your lovely boobs;

click -> share to Twitter/Friend/Whatever -> “Having fun in the bathroom” -> Upload.

You probably shared your exact location, time, model of your smartphone and possibly other data with the Internet.

To further emphasize privacy aspect of Geotagging look at this image and click on the Camera location “49° 37′ 54.53″ N, 10° 59′ 05.13″ E“, now You can see how precise it is. Now, what can we do about it?

Preparing hardware and sanitizing the output

First thing to do is to disable GPS and location services in your camera/smartphone. You might also need to disable geotagging inside your camera app. When shooting in critical locations, disable WiFi, NFC, Bluetooth, or simply go to the Airplane Mode. We basically want to blind your hardware.

Another step is to prepare your photo editing software of choice. Look for the “metadata” option while exporting or saving and always select “none”, this will increase the security and lower the chances of leaking your information to the public.

Additional step is to ensure our camera/smartphone doesn’t have auto “backup/upload” to any cloud solution. You are risking your privacy and are giving your sensitive information to a third party. Remember “The Fappening“?

Last step before uploading our photos is to sanitize them, these are just basics for now, we will add a specialized guide next week.

Exif 101

  • When shooting photos/recordings disable GPS, WiFi and any other wireless connectivity
  • Be aware of the information you are uploading to the net
  • Remember to double check the images you are sending to strangers in case you forgot to sanitize them
  • Sanitize your media files!
  • Disable auto backup/upload to the cloud solutions. Don`t give your tit photos to a third party company.