Salute to all, dear friends!
It is obvious that the screws are being tightened even more... You can be held accountable for a harmless like or repost. I think there is no point in me telling you once again about what is happening in the Russian Federation and some other CIS countries at the moment. There are Telegram news channels for this, and you are not stupid, you understand everything yourself.
Today I will tell you about tools that will be useful to each of you in case of blocking of most of the Internet and surveillance by the government and other dubious individuals.
Contents of the article:
1. How to bypass Roskomnadzor blocking
1.1 Free method
1.2 Paid, but more reliable (recommended)
2. How to use TOR correctly
3. How to encrypt your computer
4. How to communicate safely on the Internet
4.1 Correct use of Telegram
4.2 Session - the recommended option
5. How to share files safely
6. How to choose a secure email, my recommendation
7. How to choose a browser that won't track you
7.1 For a computer
7.2 For a smartphone
8. How to keep your passwords safe
9. How to Automatically Reset Your Android Smartphone. Red Button
10. How to protect your router from hacking
I suggest you prepare for this scenario in advance, so that you don't end up crying over a broken trough. Any blocking can be bypassed! I have prepared 2 ways to do this for you:
GoodbyeDPI is a program that works as a network driver, changing your network packets on the fly so that DPIs cannot detect the presence of blocked domains in your traffic.
GoodbyeDPI can block packets with redirects from passive DPI, replace Host with hoSt, remove the space between the colon and the host value in the Host header, "fragment" HTTP and HTTPS packets (set TCP Window Size), and add an extra space between the HTTP method and path. The advantage of this bypass method is that it is completely autonomous: there are no external servers that can block.
By default, options aimed at maximum compatibility with providers are activated, but not at operating speed.
1.1.2 Program for bypassing IP blocking
In the case of IP address blocking, providers filter only outgoing requests to IP addresses from the registry, but not incoming packets from these addresses.
The ReQrypt program works as an effective proxy server: outgoing packets from the client are sent to the ReQrypt server in encrypted form, the ReQrypt server forwards them to the destination server with the outgoing IP address replaced with the client's, the destination server responds to the client directly, bypassing ReQrypt.
If our computer is behind NAT, we cannot simply send a request to the ReQrypt server and wait for a response from the site. The response will not arrive, because the NAT table does not have a record for this IP address.
To "punch through" NAT, ReQrypt sends the first packet in a TCP connection directly to the site, but with TTL = 3. It adds an entry to the router's NAT table, but does not reach the destination site.
Do you need complete freedom of action and flexibility of settings? Do you need a proxy that is guaranteed not to keep logs? If your answer is YES, then this is exactly what you need!
First, we need to decide on a hosting provider from which we will purchase a server in order to set up a personal VPN on it.
I will show all further actions using the example of the hosting provider Inferno Solutions ( this is not an advertisement for the service, you can try to find any other reliable service yourself. However, my students and I use Inferno Solutions, no complaints)
Whonix is a Debian-based Linux distribution that is designed to provide enhanced security and privacy. High anonymity is achieved through VirtualBox and Tor.
Whonix reduces the threat of common attack vectors while maintaining ease of use. It provides a significant level of protection against malware and IP leaks.
I have prepared a lecture for you in which you will learn how to create virtual machines, the traffic from which will go entirely through the TOR network, and also hide the fact of using the TOR network from providers.
This type of encryption is good as a first line of defense. If someone steals your laptop or removes a drive from one of your servers, they will need to crack the encryption on your hard drive to gain access to the device. With a complex password, this could take tens, if not hundreds, of years.
There is an alternative – the VeraCrypt program, which does not have such disadvantages:
VeraCrypt is a free and open source (FOSS) program. Without getting into the “open source vs. closed source” debate, in our opinion, FOSS software is generally considered more secure. Plus, it’s free. Once you install VeraCrypt, you’ll just need to enter your password every time you start your computer.
This application, along with Wire, has long been firmly established in the mobile devices of corrupt officials, tax officials and security forces, and these hatchlings know exactly what can be hacked and what cannot.
Well, how are we any worse? Let's tell the wiretap - F*CK and switch to Session, just like the cops and FSB guys have already done.
All users of the messenger remain completely anonymous. So much so that it will be impossible to find out the IP address of any of them.
When registering, there is no need to provide a phone number, as is usually the case with competing messengers.
Session is available for PC, under the following operating systems:
You can also install Session on mobile devices with the following operating systems:
I would like to introduce you to a great service: Wormhole is a simple and convenient file sharing service that uses end-to- end encryption.
An interesting solution is the ability to choose the link's validity period (from 60 minutes to 24 hours), as well as its automatic deletion after a certain number of downloads (from 1 to 100)
This way you can maintain your privacy and be sure that your materials will not be spread all over the web and will not remain here forever.
The basic account is free (it's quite enough), but you can buy more space and extended technical support.
The service donates 15% of its profits to support the Electronic Frontier Foundation and the European Digital Rights Foundation.
Some of you may have the service blocked by the government, which can be considered a sign of quality today
Therefore, if you cannot access the MailFence website, use the tools from point 1 of this article.
I'm sure experienced computer users will agree with me that Firefox is one of the best browsers for computers. However, many users are wary of the telemetry services built into the Mozilla product.
The vast majority of people prefer to have their default browser set to maximum privacy and security.
LibreWolf solves this problem. The browser is free of Firefox's distracting features and focuses on maximum privacy "straight out of the box".
This is what I recommend you use on your computer. LibreWolf is available for the following OS:
You can download it from the official website by simply clicking here
You can download it from the official website by simply clicking here
To prevent this from happening, you need to follow two simple rules when choosing passwords:
I will teach you how to set up emergency deletion of all information on your phone. And one good program will help us with this.
On different versions, the encryption option is located in different places, usually in "Settings" -> "Security" -> Data encryption, Data protection, Screen lock, Encrypt device.
Encryption is necessary to ensure that there is no possibility of recovering files after deleting them using the method we described.
2. Next, download the "AutoWipe" program to your Android smartphone.
You can download it: From this link
To install, enable the "Installing applications from unknown sources" option in the settings.
After installation is complete, open the application, activate "admin" and confirm in the settings.
This useful software does not stop at just one function. Next comes an equally useful item:
2. Deleting files via SMS. That is, the program will delete everything from the phone if the smartphone receives an SMS message with a certain code word
This feature will be useful to everyone without exception.
Next comes a simple, but no less useful option for the "especially cunning" comrades in uniform:
3. Deleting data when the Subscriber ID changes, for example, the SIM card in the phone is removed or replaced.
4. Well, and finally, we will need to protect the "AutoWipe" application itself and, of course, do not forget to enable the option to delete data from the SD card.
I used a TP-LINK router. Depending on the company and model, the admin panel may differ. There is a lot of information on the Internet for each model. Setting it up will not take you much time.
Using one of the scanning programs as an example, 73 successful routers were obtained in 40 minutes of work. Considering that on average 3-4 devices use a router, this is quite a large number of users:
As a rule, login and password admin/admin or a similar standard combination are used to log in. Thus, the first thing to do is to change the address of the admin panel, login and password. This will protect us from mass scanning tools, such as Router Scan.
In our case, you can specify the MAC addresses of computers that will have access to the admin panel. This method can be used for open networks with a large number of participants.
TP-Link routers allow you to create a list of wanted and unwanted devices for your network. This method has advantages with large networks.
Ideally, it is better to disable the remote control function altogether. It is enough to specify the IP address 0.0.0.0. Then this function will be disabled by default.
In TP-Link routers, this can be done in the main menu (Wireless settings).
This program allows you to control all network devices. If a new device appears, the software can send a message to the mail, write a log to the journal or display this information in the program interface. Additionally, the program can send a message to the connected device with a label that it is being closely monitored.
Thus, we were able to secure our router as much as possible. Of course, we should not forget about two things. Firstly, almost all modems have a reset button. Therefore, it is better to place the router in a place where there is no physical access for other users. Secondly, if you download a file with an exploit/virus and run it on your computer, then there is no point in protection. Since the hacker will get access to all your data. Therefore, it is worth carefully checking the data that you download and open.
Steps to ensure your safety and anonymity online in a world of global surveillance
️
It is obvious that the screws are being tightened even more... You can be held accountable for a harmless like or repost. I think there is no point in me telling you once again about what is happening in the Russian Federation and some other CIS countries at the moment. There are Telegram news channels for this, and you are not stupid, you understand everything yourself.
Today I will tell you about tools that will be useful to each of you in case of blocking of most of the Internet and surveillance by the government and other dubious individuals.
Contents of the article:
1. How to bypass Roskomnadzor blocking
1.1 Free method
1.2 Paid, but more reliable (recommended)
2. How to use TOR correctly
3. How to encrypt your computer
4. How to communicate safely on the Internet
4.1 Correct use of Telegram
4.2 Session - the recommended option
5. How to share files safely
6. How to choose a secure email, my recommendation
7. How to choose a browser that won't track you
7.1 For a computer
7.2 For a smartphone
8. How to keep your passwords safe
9. How to Automatically Reset Your Android Smartphone. Red Button
10. How to protect your router from hacking
1. How to bypass Roskomnadzor blockings
As of today, Roskompozor has blocked more than 30 thousand sites. You must admit that with such prerequisites, it is just a stone's throw to blocking the majority of the Internet.I suggest you prepare for this scenario in advance, so that you don't end up crying over a broken trough. Any blocking can be bypassed! I have prepared 2 ways to do this for you:
- The first one will be completely free, but it will not work for all platforms and will require minimal technical skills.
- The second one will cost you $5 per month, but will be as simple, convenient and reliable as possible.
1.1 Free way
1.1.1 Program for bypassing passive and active DPIGoodbyeDPI is a program that works as a network driver, changing your network packets on the fly so that DPIs cannot detect the presence of blocked domains in your traffic.
- It is open source which you can view here and supports Windows 7, 8 and 10.
- We don’t need the source code, we need the finished program, which is available for download here.
GoodbyeDPI can block packets with redirects from passive DPI, replace Host with hoSt, remove the space between the colon and the host value in the Host header, "fragment" HTTP and HTTPS packets (set TCP Window Size), and add an extra space between the HTTP method and path. The advantage of this bypass method is that it is completely autonomous: there are no external servers that can block.
By default, options aimed at maximum compatibility with providers are activated, but not at operating speed.
- Run the program as follows:
- If blocked sites start opening, then your provider's DPI can be bypassed.
- Next, try running the program with the -2 parameter and visiting the blocked HTTPS site. If everything continues to work, try mode -3 and -4 (the fastest).
- Some providers, such as Megafon and Yota, do not allow fragmented packets over HTTP, and sites stop opening at all. With such providers, use the -3 -a option
1.1.2 Program for bypassing IP blocking
In the case of IP address blocking, providers filter only outgoing requests to IP addresses from the registry, but not incoming packets from these addresses.
The ReQrypt program works as an effective proxy server: outgoing packets from the client are sent to the ReQrypt server in encrypted form, the ReQrypt server forwards them to the destination server with the outgoing IP address replaced with the client's, the destination server responds to the client directly, bypassing ReQrypt.
If our computer is behind NAT, we cannot simply send a request to the ReQrypt server and wait for a response from the site. The response will not arrive, because the NAT table does not have a record for this IP address.
To "punch through" NAT, ReQrypt sends the first packet in a TCP connection directly to the site, but with TTL = 3. It adds an entry to the router's NAT table, but does not reach the destination site.
1.2 Method, costing $5 per month. Raise a personal private proxy Amnezia, which will not allow surveillance of you and will definitely not be blocked.
- Here are some reasons in favor of this decision:
Do you need complete freedom of action and flexibility of settings? Do you need a proxy that is guaranteed not to keep logs? If your answer is YES, then this is exactly what you need!
- Important: in the Russian Federation I recommend using the Cloak or AmneziaWG protocols, they are guaranteed not to be blocked.
- TO WORK:
First, we need to decide on a hosting provider from which we will purchase a server in order to set up a personal VPN on it.
I will show all further actions using the example of the hosting provider Inferno Solutions ( this is not an advertisement for the service, you can try to find any other reliable service yourself. However, my students and I use Inferno Solutions, no complaints)
- So, let's go to the Inferno Solutions website (clickable) and select the item I highlighted in red:
- Scroll down and see "Amnezia proxy - personal private proxy", click next:
- Now we select the payment cycle (for how long you want to pay for the server):
- Let's choose a country (I'll use Estonia, you can do it too):
- As a result, we will have the following picture (other parameters, except for the payment cycle and country, do not need to be touched):
- Click on the "Update cart" button (circled in red on the screenshot above) and proceed to payment:
- Click "Proceed to payment" (circled in red on the screenshot above):
- Now fill in all the necessary data (it is better to indicate not your own, but a random person, you can use an online personality generator. However, if you do not plan to do anything black, then you can enter real data)
- After payment, you can proceed to the direct configuration of your VPN on the devices you will use. There is nothing difficult here, below you will find detailed instructions and applications for all platforms:
- Setup instructions
- Download applications
- Once configured, your personal proxy will be ready to work!
2. How to use TOR correctly
If you want to use Tor, I strongly advise against doing so by simply installing the Tor browser on your PC. In this case, especially if configured incorrectly, you risk exposing your real IP address, which can lead to your complete deanonymization. Do you need it?- So what to do?, you ask.
- There is a solution!
Whonix is a Debian-based Linux distribution that is designed to provide enhanced security and privacy. High anonymity is achieved through VirtualBox and Tor.
Whonix reduces the threat of common attack vectors while maintaining ease of use. It provides a significant level of protection against malware and IP leaks.
I have prepared a lecture for you in which you will learn how to create virtual machines, the traffic from which will go entirely through the TOR network, and also hide the fact of using the TOR network from providers.
3. How to encrypt your computer
The Windows operating system cannot 100% guarantee that if there is a password, strangers will not gain access to the laptop. The account password can be found out and changed using special tools without having access to the OS itself. Therefore, there is a need to encrypt data on the hard drive. This allows you not to worry about unauthorized access if the owner locks the computer before leaving it unattended.This type of encryption is good as a first line of defense. If someone steals your laptop or removes a drive from one of your servers, they will need to crack the encryption on your hard drive to gain access to the device. With a complex password, this could take tens, if not hundreds, of years.
Disk encryption
BitLocker Device Encryption is Microsoft's full-disk encryption tool, built into Windows 10 Pro and Enterprise. However, BitLocker has a few drawbacks:- If BitLocker Device Encryption was not pre-installed on your computer, installation and setup may be difficult. Microsoft has a list of devices with pre-installed Bitlocker;
- Bitlocker functionality may vary on different devices, depending on your motherboard;
- As mentioned earlier, BitLocker only works with Windows 10 Professional and Enterprise.
There is an alternative – the VeraCrypt program, which does not have such disadvantages:
- VeraCrypt is much easier to install than BitLocker;
- VeraCrypt is independent of your computer's components;
- VeraCrypt works on any version of Windows 10.
VeraCrypt is a free and open source (FOSS) program. Without getting into the “open source vs. closed source” debate, in our opinion, FOSS software is generally considered more secure. Plus, it’s free. Once you install VeraCrypt, you’ll just need to enter your password every time you start your computer.
- For your convenience, I have placed a detailed step-by-step instruction on encryption in a separate manual:
4. How to communicate safely on the Internet
4.1 Proper use of Telegram
Telegram is an incredibly convenient thing. However, in terms of anonymity, everything is not as smooth as many people think. I have prepared a separate article for you, in which I told you how to act so that communication in Telegram is as safe and private as possible.4.2 Session - recommended option
In fact, the best option was and remains Jabber with OTR, configured on your own server. However, xmpp mobile applications are poor, buggy and, in addition, also with closed code.- However, there is a way out!
- And this output is Session.
This application, along with Wire, has long been firmly established in the mobile devices of corrupt officials, tax officials and security forces, and these hatchlings know exactly what can be hacked and what cannot.
Well, how are we any worse? Let's tell the wiretap - F*CK and switch to Session, just like the cops and FSB guys have already done.
All users of the messenger remain completely anonymous. So much so that it will be impossible to find out the IP address of any of them.
When registering, there is no need to provide a phone number, as is usually the case with competing messengers.
- Session keeps your communications private, secure and anonymous:
Session is available for PC, under the following operating systems:
- Windows
- Mac OS
- Linux
You can also install Session on mobile devices with the following operating systems:
5. How to share files safely
I would like to introduce you to a great service: Wormhole is a simple and convenient file sharing service that uses end-to- end encryption.
An interesting solution is the ability to choose the link's validity period (from 60 minutes to 24 hours), as well as its automatic deletion after a certain number of downloads (from 1 to 100)
This way you can maintain your privacy and be sure that your materials will not be spread all over the web and will not remain here forever.
6. How to choose secure mail
Here I would recommend taking a closer look at MailFence, a Belgian secure email service with no tracking or ads (almost). It supports GnuPrivacy Guard (GPG) encryption and does not give out user data to third parties.The basic account is free (it's quite enough), but you can buy more space and extended technical support.
The service donates 15% of its profits to support the Electronic Frontier Foundation and the European Digital Rights Foundation.
Some of you may have the service blocked by the government, which can be considered a sign of quality today
Therefore, if you cannot access the MailFence website, use the tools from point 1 of this article.7. How to choose a browser that won't track you
7.1 For computer
I'm sure experienced computer users will agree with me that Firefox is one of the best browsers for computers. However, many users are wary of the telemetry services built into the Mozilla product.
The vast majority of people prefer to have their default browser set to maximum privacy and security.
LibreWolf solves this problem. The browser is free of Firefox's distracting features and focuses on maximum privacy "straight out of the box".
This is what I recommend you use on your computer. LibreWolf is available for the following OS:
You can download it from the official website by simply clicking here7.2 For smartphone
As a good solution for a smartphone, I can recommend DuckDuckGo Privacy Browser – a browser for Android and iOS, focused on anonymous Internet search and safe visits to Internet sites, without the risk of leaking confidential data. It is completely sufficient for the needs of an ordinary user.
You can download it from the official website by simply clicking here8. How to keep your passwords safe
Every person who uses the Internet has many passwords. And hardly any of you will be happy if these same passwords leak into the hands of intruders.To prevent this from happening, you need to follow two simple rules when choosing passwords:
- They have to be complex.
- They should be different on different sites, services, programs.
Introducing KeePassXC - the #1 password manager
- In the manual below I have covered in great detail the installation and use of this password manager:
9. How to Automatically Reset Your Android Smartphone. Red Button
Another trick, thanks to which your local police officer will remain without a bonus this month, and you will be free.I will teach you how to set up emergency deletion of all information on your phone. And one good program will help us with this.
How to delete all data on your smartphone:
1. First, we need to enable the data encryption function on the smartphone.On different versions, the encryption option is located in different places, usually in "Settings" -> "Security" -> Data encryption, Data protection, Screen lock, Encrypt device.
Encryption is necessary to ensure that there is no possibility of recovering files after deleting them using the method we described.
2. Next, download the "AutoWipe" program to your Android smartphone.
You can download it: From this linkTo install, enable the "Installing applications from unknown sources" option in the settings.
After installation is complete, open the application, activate "admin" and confirm in the settings.
The AutoWipe settings themselves.
1. In the first place, we find that very useful setting - Deleting files when entering the screen lock password unsuccessfully.This useful software does not stop at just one function. Next comes an equally useful item:
2. Deleting files via SMS. That is, the program will delete everything from the phone if the smartphone receives an SMS message with a certain code word
This feature will be useful to everyone without exception.
Next comes a simple, but no less useful option for the "especially cunning" comrades in uniform:
3. Deleting data when the Subscriber ID changes, for example, the SIM card in the phone is removed or replaced.
4. Well, and finally, we will need to protect the "AutoWipe" application itself and, of course, do not forget to enable the option to delete data from the SD card.
Ready
After violating the established restrictions, the phone will turn off and begin the process of data reset (zeroing), and the encryption configured at the very beginning will not allow this data to be restored.10. How to protect your router from hacking
It is very important to use secure routing devices or routers. With the help of these devices, packets are exchanged between network devices and the provider based on rules and routing tables. By accessing the router, you can get various information that can be used for different purposes. For example, this can be information about devices, visited sites, settings, etc.I used a TP-LINK router. Depending on the company and model, the admin panel may differ. There is a lot of information on the Internet for each model. Setting it up will not take you much time.
How can I access the router?
Hackers use automatic scanners on specific networks. Routing device scanners scan ports that are traditionally occupied by routers. Scanning is done to find standard ports with specific login data. If your router has standard settings, then there is a very high probability that a hacker will be able to access your data.Using one of the scanning programs as an example, 73 successful routers were obtained in 40 minutes of work. Considering that on average 3-4 devices use a router, this is quite a large number of users:
How to reduce the chances of hacking to zero?
In order to reduce the chances and minimize the risk of hacking, you need to complete a short list of actions.- Changing the default IP address for local management
As a rule, login and password admin/admin or a similar standard combination are used to log in. Thus, the first thing to do is to change the address of the admin panel, login and password. This will protect us from mass scanning tools, such as Router Scan.
- Changes to login credentials
- Limiting the list of computers for local management
In our case, you can specify the MAC addresses of computers that will have access to the admin panel. This method can be used for open networks with a large number of participants.
- MAC address filtering
TP-Link routers allow you to create a list of wanted and unwanted devices for your network. This method has advantages with large networks.
- Changes to the remote control port
Ideally, it is better to disable the remote control function altogether. It is enough to specify the IP address 0.0.0.0. Then this function will be disabled by default.
- Disabling DHCP Server
- Binding MAC address and IP
- Hidden SSID
In TP-Link routers, this can be done in the main menu (Wireless settings).
- Disable WPS connection
- Network Monitoring with AirSnare
This program allows you to control all network devices. If a new device appears, the software can send a message to the mail, write a log to the journal or display this information in the program interface. Additionally, the program can send a message to the connected device with a label that it is being closely monitored.
Thus, we were able to secure our router as much as possible. Of course, we should not forget about two things. Firstly, almost all modems have a reset button. Therefore, it is better to place the router in a place where there is no physical access for other users. Secondly, if you download a file with an exploit/virus and run it on your computer, then there is no point in protection. Since the hacker will get access to all your data. Therefore, it is worth carefully checking the data that you download and open.
Steps to ensure your safety and anonymity online in a world of global surveillance
️
