Adam Compton - A Hillbilly's Guide to Staying Anonymous Online

alright hey everybody yeah sure cameras are good huge on here oh yeah I'm trying to catch up with the beard yeah I need to do something with mine trim it or something but yeah it's all good looks fine to me I appreciate it sir alright just let me know when you're ready for me to get started out yeah whenever you're ready for it aiming for if you want start QA about 40 minutes into the hour 45 minutes in the hour hour that should be plenty alright that's fine I should be able to make that alrighty then let's go and get started thanks Adam no worries Adrian alright so hopefully everybody's here for a little bit of a talk on online

security online anonymity go ahead and put this out there this is going to be a talk about staying anonymous online is staying safe online hiding who you are online sort of thing of that nature I'm not going to go into extreme detail on any particular part of this but I will give you a lot of an overview there might be a little deeper information on some aspects and others it's just it's more of a general overview and things from my perspective that I've either tried or I do on a regular basis so yes I'm let's going at this started here and for those of you who missed having a walk out song for me this time I'll just

use my standard one [Laughter] all right sorry about that I had to throw it in there and for those of you who are interested in trying to find out more about me every picture in that intro right there or that us video is actually a picture for my family back in the mountains of Eastern Kentucky there so whoa that jumped way it alright let's do this let's go ahead and get in the blink Ettore Who am I slide first of all short answer is I am Adam Compton I've been doing this for a number of years I don't know going on a couple decades at this point I've been a programmer pen tester a researcher fathered to two great little

boys son I'm a brother I'm a husband all of those ten things their current employer is a trusted SEC they make it amazing for me to be able to do this kind of talks come out and give our presentations this one isn't coming out give one but still I have to give them big thank you out there Oh what else is there about me anybody cares about right now there'll be a contact slide at the very end if anybody wants to go in a contact me a little bit offline so so don't make too why talk on this topic well there's many different reasons I guess if you're going out watching conference videos going attending conferences all

that you're gonna see the navigable intro to ascent or how to perform a Centauro scent for red teamers stuff like that at almost every conference I've given a few those myself honestly and there's also entire conferences like later 8 that is more or less dedicated to social engineering ascent things of that nature there's a other little side talks that are given at a lot of conferences for an docent tract somebody there's always a lot of that there's not as many on the same safe staying anonymous online but that's not to say they're not out there the ones I have seen that are out there typically balance around the concept of you're a red teamer how do you build out

a profile so you can use it to do your social engineering do your exploitation or it might just be a southern long deadline or another aspect of the ascent anti ascent or online security talks I've seen have been the yep time to become a hermit living out in the middle of the Yukon somewhere here's how you cut all ties to everything I didn't want to do either one of those because that's not what I've seen Muslim like my family and I talked to they need it's usually this concept that well how do I make sure that people don't steal my identity or how do I make sure that people don't I guess who I guess what my bank account

number is and jump into any number of things like that or take over my Facebook your page and all that so how do you go about being safe online how do you go on separating yourself from your internet identity and that's why I wanted to give this talk is because I don't really see too many of those out there I'm sure there are something out there and I give links to other talks at the end but they cover other aspects of this entire world of online security and taiyo set so for those of you who might be new to oh said or what have you I wanted to throw in a quick little one slide on what is

a super short version of this it stands for open source intelligence there's tons of different definitions out there but they all boil down to basically the same concept of it is the collection and analysis of data obtained from publicly accessible sources and that covers most use deserve a set up there why does somebody want to perform a set well they want to find information about someone something that they're not willing to give up themselves well you can do this because in a modern age we tend to put lots and lots of information about ourselves about what we do about everything we work with online social media everybody has a social media account out there almost you're

preparing for grandparent your cousin's your nieces nephews everybody wants to have a Facebook page a tik-tok account or whatever the case is they want to have that out there so many people wanting to do YouTube blogs and all that so people are just flooding the internet with information about themselves you when you wanna go to those you usually set up a profile you put in what your name is but what other accounts do you have what's your full name when were you born okay so where did you go to school who are your relatives there's tons and tons of information out there another great one if you're wanting to look into it is uh ancestry sites lineage sites people

have signed up for those in well if you want to find out who's really related to who and what their birthdays are those have lots of great information but that's not what this talk is about just talking about the kind of information that is out there if I'm gonna be looking at posting on somebody I'm gonna be looking through forums and blog posts they might have written maybe there's something awesome in there that I can glean information from data leaks from going after a company I might look at what's been uploaded to paceman or paceman like sites on data leaks looking for passwords going through document metadata looking for user names the list just goes on and on and on there's a

criminal history lookups you can look up on people there's a who owns what property how much they pay for their taxes all of this stuff is online in most states and most cities counties they do it for free just to put it out there because it's open information now some of that you can do something about it's time you can't but so but the thing is there's all this information about you out there and people can do stuff with it well we've talked about OSHA what is anti Oh cent or online security whatever you want to refer to it as well in short as a says there I came up with this little one or I might have been

influenced by some article I read I don't know but regardless the little quote I'm going with here is in short it is the process which by which someone or one attempts to prevent the gathering of accurate upset about a person or thing we'll come back to that accurate part in a moment but when I I render this whole concept by my family and all that just to see what they thought about me doing a talk about this and one of the things as well why are you concerned about it don't you have anything to hide and all this and they're like well let the stuff that that sounds if you're gonna go into the realm of doing all this stuff that

you're talking about in the let the stuff like what spies do or those are like the Unabomber and Hermits we live off the grid somewhere or conspiracy theorist all that stuff I'm like well true those kind of individuals or organizations do this kind of anti Oh set obviously in many time it's in many cases but it's not just for them it's for a lot of other people too doesn't matter who you are or where you come from there's gonna be some reason well then again why is online privacy important well there's any number of reasons you can read through these I'll touch on some of them but for example if you're gonna go and apply for a new job

odds are that the someone on that decision board on that interview board hire you board whatever just want to do a little bit of Oh set against you they're gonna go out online see if they can find have you done anything coding waz and uploaded it to github have you done any videos on YouTube can they find excuse me references to you on various conference sites but in the process they're also gonna look for social media accounts and things of that nature this is probably before they've ever even met you they've just got your resume and the reading are in there you want to go out and look about you so this is helping build their

first impression of you maybe they find something in there of you doing questionable activities or you've posted some questionable photos so I'm not saying that any decision they make should be based on what they see but we are humans this is what you're presenting to the world as your first impression to many people so it is going to possibly bias what they think of you also a lot of companies when we get into this in a moment but they do monitor your and your social media account my wife was a teacher for a number of years and when she signed on there she had to agree that they are gonna monitor there's her social media account to make

sure that everything that she's supposedly out there reflect reflect properly back on the school district personally I don't agree with that but that is what they're the requirement their rule was so in that point privacy is very important what else is there Oh companies in general if you're signed up for a free surface I service or if you're signed up for a free an email account or using something that is you're not paying for well hate to break it to you but very very few those things are truly free what you're paying with is your information your browsing habits your purchasing habits your search habits they're presenting you with ads that you may or may not click on which

gives some revenue back all kind of information like that you are the product at that point Wow they might even do it for royalty accounts like if you go to your local big chain grocery store you're probably gonna get a little get an offer for a loyalty card well if you use that loyalty card you get discounts well well they're doing is they're taking that purchasing information information you provide on the application as well as who and point on but what you bout there and they're gonna use that for market research for targeted advertising this toward you they might even sell that data to someone else that's going to aggregate it with other made and I

helped build a better profile of the people who buy a certain product or the people who shop in a certain chain of stores or even possibly about you personally so if you don't want to be profiled in that way or have that kind of information try to avoid that kind of interaction that don't sign up for the loyalty cards if you don't want to or do what we talk about later and sign up for it under a different name therefore it's getting information they're still getting their information but it's not directly tied back to you things of that nature also just from a pentesters perspective when we do social engineering attacks one thing that we do

is we go out and search for people who work for certain companies because like Facebook will ask you who do you work for there's other social media accounts that allow for this tube and then you get search for show me everybody who works for this certain company LinkedIn is great for that as well they're not gonna build it a list of names of people who work there and then target them for phishing exercises stuff like that this is all of purely oh said things that we can gather from online and all these things aren't some of them are not always bad some of them are not always good but it's all using information that you're providing to the world also

criminals can use it for identity theft setting up accounts in your name buying stuff in your name doing illegal things in your name if they can steal your identity through this let's go ahead and move on well do you need online privacy short answer yes everybody needs to be aware of their online footprint their information they're providing out there the kind of privacy that they're giving up in many times because everybody has something they want to hide or they want to obscure some of the things I've already talked about others are sensitive data like your financials your social security number date of birth mother's maiden name I think that could be possible used to steal your identity

doing pen test doing online Oh said all that I've come across any number of documents people have posted or shared out that have this information in it just post it to the world out there not obscure not restricted either they don't know it or they don't care but either way this is critical information about who you are how you recommend you protect that as I said before memorials might try to monitor your online presence if you've done some questionable things in your past that you're not a very keen of people knowing anymore maybe you don't want to have that posted out there maybe you shouldn't well for example when the some of the news I saw not too long ago if

you go and rob a bank or robbed an armored car maybe you don't want to post videos of you doing that or counting the money afterwards and bragging about it not saying I condone the oligo activities but maybe if you if they had a little more online privacy thing would have gone Carl doing the bad things they were doing just saying also if you live under a repressive or tyrannical government or something like that the activities you do online if they can be traced back to you you could face prisons or fines prison sentences possibly death depending on what it was you're doing having a way to separate yourself from that activity or that data

that you're providing it's gonna be critical to these people if you're in witless relocation or you just have someone you're trying to avoid whether it's an ex-coworker it's a previous significant other or if it's just some online stalker anything in that ramp you're not gonna want to give them any ammunition as to you how to find you how to contact you where you live I thought that so keeping that information offline goes a long ways toward that as well like I said basically everybody has information that they want to protect or information that is critical to their safety that's why this is super important all right fine fine I've tried to scare you enough into trying to be

aware of your online security and all that now what can you do about it especially for those of you like me or many others I know who all right you've presented so much information to the Internet I've got a gmail account I've got YouTube channels I've got a Facebook account I got a LinkedIn account I've got all this data out there and about myself already well what can I do if I wanted to restrict some of that data well first of all I said that you can't get rid of all of it you can do a great job about it and try to limit it but you're not ever gonna be able to get rid of all of it next

is to try to figure out how to remove as much of it as you can some of it you're not gonna be able to remove as I said before some of it your being able to change but you won't be able to remove that goes back to that entire sense thing when I had a several slots Bank that said trying to prevent them from gathering accurate Oh said about you well if they gather data but that David is incorrect it's not going to do them any good so if you can change it that's gonna be a go along less I for example if you go to delete an account and it says that oh I'm sorry you can't delete

this account but you can change your data well change what your email address is change what your home address is change your birthday to January 1st 1970 or whatever unless that is your birthday you want to pick something else but just change it to nonsensical data and then save it then then whenever your data gets aggregated with a bunch of others for market research or there's a data breach or some I hacked into your account they're not gonna see the real data in there because you've changed it well if you can delete your account I still recommend you to change it because just because you flagged it for deletion and you can't log into it anymore

doesn't mean it's removed from their servers removed from their databases it might still be in there and may be able to be accessed through some other mechanism or through a data breach or through market dump stuff like that so there again change it before you delete it so ok how do you go about doing this well first thing I would say is try to build a list of all the accounts that you know that you have you have a Facebook Gmail MySpace whatever it is whatever accounts you have make a list of those any that you don't want your name on you're gonna go in and try to change your data and delete it there's other services like name check

check usernames and several others as well where you if you have a standard username that you use and go put that in there and they'll tell you all the places that you've created a count or somebody using that name has an account in the past I've done this on myself and I'm like wow I forgot to actually create an account over there because it's like for some free service that's like oh I needed that one I created an account use my standard username for it or my online handle for it and then forgot about it so this helps me keep track of what I've done I go back and flag those for deletion later on for each Mountain online

account that you identify or that you know of like I said change your data delete the account for other ones that may not show up under name check or check user names or ones that you already know just search for them being Google I don't go any service like that if you're trying to prevent renewed from being online I probably wouldn't use Google or Bing or something like that let go or one of the other morale security-conscious search engines might be a better use for your time there but search for your username search for your email address so I'm gonna basically duo sent on yourself see what you're finding out there anything that you find fits on

a website like a blog post or in a forum or wherever it is and you don't want it there try to first see if you can delete it yourself to see if they have a way to contact them for data removal whether that's through some form or application or just an email or whatever the case is sometimes it's possible if it's showing up in search engine results like on Google or Bing you can contact them as well to have it flagged for deletion there's ways to limit this as I said before you're never gonna be able to get rid of all of it it's just at this point trying to manage how much of information

is still out there all right so you've went through you're aware of why you need to watch your online security you've tried to go back and minimize your footprint to the Internet you've done everything that you can on that so you're got a pretty good foothold of it now now how do you maintain that well first I would say go back every I don't know whatever is convenient to you I do it about every three to six months depending on how busy I am and do a periodic check on that information again see where it's out there see what's going on just as you go in at least once a year maybe twice a year to your credit

agencies Equifax TransUnion all those to do a credit check on yourself or credit history check to see if you need new accounts have been open in your name I would recommend you doing the same thing for your online security as well where else has my name been used where else has has information on me just hope I can periodically do that another thing I would highly recommend you do is freeze all your credit freeze your credit all credit agencies Equifax TransUnion it's very on notice there's any number of reasons for that first and foremost is so that if ma does a credit check on you or tries to open an account in your name or anything dealing with your credit

you're gonna be alerted to it ran it in order to be alerted to it they have to have your email and phone number and name but it's a trade off on what are you trying to protect they're more than the others so just be aware of that now this is I'm never gonna repeat multiple times throughout the rest of these slides is that I am NOT a lawyer I do not have legal background I do not have legal training if you do something I mention here or talk about and you get in trouble for it that's on you I'm not trying to advocate doing anything illegal anyplace along here but depending on where you live what state you live in

what the laws over your particular little district things of that nature just be aware not a house either there you go very good so it's fallen down to a lot of us grow up being taught tell the truth tell the truth I always tell the truth well I'm here to tell you that sometimes you can lie especially when filling out forms applications things of that as previously when I say go ahead and change your data to random nonsensical data before you delete it same thing here when you go to fill out some application form questionnaire whatever it is many times there's all those questions on there or fill in the blanks are not necessary they're not

critical some of them are some of them aren't so the ones that are not necessary or are optional leave them blank ones that are required if you're doing this in person with somebody or you have the ability to talk to a person about it ask them is it really required what kind of information do you need about me something like that and if there's anything in there that isn't absolutely critical see if you can get around filling that in or filling in some other random information I don't know how many times when I'm filling something out that it asks me for my home address and I just give them like the White House address or which is

probably not a great idea or you give them like Times Square or something like I just give them a random address or you give them an address from your favorite TV show whatever the case is so that it's not directly tying back to you um also if somebody isn't if you walk up and talk to somebody you you're still if you're like me well I like to talk anyway but if you're like me or you intend or somebody like me and you're waiting in line at the grocery store you waiting in line to get onto your favorite theme park ride whatever the case is you must strike up conversations with people you meet somebody at a

company get-together or at a conference or aren't that you're just talking to them unless it's like you're trying to recruit them for your company or you're trying to talk to them telling them where you work isn't always necessary trying to tell them where you live for your full-name stuff like that you don't have to tell them the real truth they're also going back to the filling out forms application I'll do that if I'm filling out a form for let's say a garbage service a new garbage service to come to my house to pick up garbage do they need to know who my employer is not really so you can put something else in there if

you need to whatever the case is just trying to limit how much information of yours is out there also to maintain your privacy is if you're like most people you're gonna have friends family someone out there who knows you and is also on the internet they're probably going to try to share pictures of you or information about you online you can ask them not to do that as I'm not to tag you in pictures as I'm not to associate your name with those pictures or those events or whatever you're gonna get some strange looks but usually in my experience they're gonna understand to some degree think you're that odd person in the family and just

let it go and try not to associate as much but you can try to limit that kind of information as well if you're concerned about people knowing where your home at where you live and you've done a good job about proving that already well you can always set up another physical address or another Dropbox location to receive your mail to receive packages I do stuff like this for certain online companies or if I'm ordering it to them off of Etsy or something like that I don't always haven't come to the house you can set up p.o box if you want or you can set up a service through like the UPS Store or mailbox comm or any of

these other services melba ok the post office is a good one and then it's almost everywhere but they don't to my knowledge they don't accept deliveries from Mike UPS FedEx stuff like that and in order to sign up to it you have to provide them some information and it is tight and it is a federal organization there is it is a government organization there so if you want to avoid that that's fine something like at the UPS Store which I use is actually really good because they do accept FedEx deliveries they accept all kind of deliveries that way it is a private company it's not a federal company I should say not a government company so

some of the amounts of information that they require is optional so you can get around a lot of issues with that and just give that address out anytime we want something delivered or they ask you watch your addresses just give them that a UPS store address it's even better if it's not in your local town but it's in like another town nearby that you can get to easily that way it's another step away who want to give out a phone number to somebody or website requires it you could either use something like Google Voice or something like that to get an alternate phone number or you could go and get a burner phone don't get a prepaid phone from

like Walmart or wherever and just use that phone number wow there's ways to separate yourself and of course absolutely case if you feel that you've been the victim of like identity theft or there's some other issue this is Social Security number you can go to Social Security Administration and get a new security number assigned to you um personally I don't do that I feel that in my case I'd be a horrible headache I've going back and taking care of passports and all that but if that is something that you need you can always do that as well all right that's great that's great but um you can take it a step further if you want and actually make a full

additional identity for yourself that you use for online purchases that you use for a lot of your online I did a online interaction and stuff like that I know several people who do something like this and depending on your threat model or your your ability to accept certain levels of risk you might do some of this you might do all of this you might do way more than this but I'm just giving you a little feel for it right here the standard ein and concept for it right now is called a sock puppet disposal there's also negative connotations to it that people you suck puppet identities to troll people online but that's not what I'm recommending

here yes you could use this technique to do that but that's not what I'm advocating a sock puppet was just an alternate online identity used to hide or obscure the identity of a person or a group of people possibly if you want to share it among them the kind of thing that you're usually gonna need is you'll need a name for one of that sock puppet is you can use your own if you want you can create a fake one completely random one it could be nonsense of call it could be just your favorite celebrity whatever I don't recommend you try to completely impersonate a real or fictional or or not facial a real living

or dead person because that's called identity theft and I don't advocate identity theft but if you want to just pick a let's say like a combination of you and your brother's name or use your middle name or instead of your last name use your grandmother's maiden name or something like that just so that it's something that you will still remember easily but it isn't you and it's probably not easily to be tracked back to you like for example I wanted to use a captain for my last name instead of Compton that's an easy typo easy transcription error I see a lot of that happening all the time or people call me Alan all the time instead of

Adam so I might just use Alan Campton or something like that it's close enough to Who I am but it's not really me and it's usually not gonna be associated with me so something like that you could use email you're going to need a way to communicate with the Internet so email is a great way to do that you can create a separate email account keep in mind if you just wanted to go really touching your toe into the waters of this keep in mind that most email services allow you to just to put a plus sign at the end of your email address so long so like my gmail is adam compton at gmail.com

so I can do Adam duck Compton plus Netflix at gmail.com and give that to my netflix account so anytime I receive an e-mail from Netflix it goes in there and I can filter on that now yes that is still tied to my real email account but it's a way for me then to set up filters to know what comes from one and at some point I could block and just delete everything that comes from that email address so that's one way you could do it you could set up another gmail account or Outlook account something like that those you do have to provide more information they do require some level of authentication or you go with

something like protonmail or other secure encrypted email accounts that they don't ask too many questions they don't maintain or they do consider your privacy and try not to keep too much data on you they do encrypt all the emails all that it's a great one for if you want to maintain some level of security and anonymity out there at some point you're probably gonna want to buy something if you can do it in cash great cash isn't really an option part to doing prepaid gift cards prepaid gift cards are probably the way to go with that your cards are most online services allow that you could even possibly fund like a PayPal account with a debit card if you wanted I think

that's still possible either way those are things that aren't traced back to you and you can provide whatever information when you're signing out for that debit card we want it to be Auto refillable usually you have to tie to a bank account or something of that nature so that's a fuel to do that phones as I said before burner phones are great you can usually get those with little to no information needed from you to set them up pay for them with cash or with a prepaid debit card that way there's no tracing back to you addresses I've already talked about that UPS store as a given on that browsers your again depending on how deep into the rabbit

hole you want to go you could use a browser to use this incognito mode use a tor enabled browser use ad blocker - all these things are just layers upon layers of things you can do to help prevent websites prevent companies from gathering information about you a huge one that doesn't even need to be in a new identity it's just a online security in general is passwords maintain separate passwords for our accounts especially for financials or anything that has any bit of critical information to you in it why is this important data leaks companies get breach data gets leaked out there and if they can associate your email address with that password and then they can use something

like name check or something like that to find where else you have an account or guess that because you live in a certain town it's very likely your bank is XYZ or you've mentioned it somewhere they might be able to log into your account with that password that it was stolen from some other website I if you don't have you if you do not reuse the same password that's not going to be a concern so just be aware of that there's great password managers out there applications both cloud-based as well as you can put it on a thumb drive do it on your laptop whatever there's great applications out there additionally VPNs use a VPN I recommend

this for everybody as well if possible especially if you're trying to make some level of obscurity between the internet and yourself the one that you trust they're all not created equal some of them are a little more spy than others meaning that they try to make they track your activity a lot better than others and I try to avoid those find ones that you trust they're always changing there's new things new VPNs coming out all the time just keep abreast of that and find one that you like additional thoughts if you're wanting to do this I'm building a full an identity for red teaming all that you might want to try to create at least token social media pages for it if

you're wanting it to be believable that's beyond the scope of my talk about here but those are just kind of things you need to be aware of and if for some reason an account gets compromised too much information gets known about it people do start tying it back to you be willing to destroy that count if needed that's why you don't do anything critical with that account everything is tied to that alternate identity and you delete it and then you go through the process of creating a new one and then you start over excuse me it's just what these things that if you make this socket count or a sock puppet account your real identity and you do so

much with it then you're not really separating it from you you have to maintain some of what alternate identity it is a roll your plane it is a alternate identity you use for interacting on gaming websites you use it for interacting with conferences whatever the case is and then you separate that from your real identity so the only way this is gonna work is if you maintain enough separation there that you're able to destroy that alternate identity if the taste comes up as I said before is this illegal I don't know depending on how far down the path you go and some of this possibly depending on where you live possibly you're an adult use common

sense on this use my best judgment I let this research the laws that wherever you live and operate if it's a viable or not and then do as you see fit with that the things I'm recommending or not to be used to identity of a particular person or something on that order from on or harming somebody but these things that you might want to aware of but still try not to cause harm with this and if you do get in trouble not my fault just let me know these are the kinda things you can do to help restrict your internet presence a little my slides will be posted up on now what did you call it

scared okay we posted up on the website after a while I also posted up on I'll put a link out on my Twitter account later on as well if you want to find my slides as well as these reference resources for examples are kind of fine it's all the things I've talked about already it's how to find your social media accounts get a new social freezer crate and all that kind of stuff no good one down there to maintain eye out for his um have I been pound it's a good one just to see for my email address for my sock puppet email address has it been involved in a data breach somewhere along the line a few parting thoughts

here what I said before said during this presentation this may not be for everyone um you may just want to touch your toe in the water on a little bit you may want to jump in headfirst and go far beyond anything I've talked about on here that's all on you and whatever your level of tolerance is for your online privacy as well as how much pain you want to go through doing this because everything I've talked about there is a little bit of inconvenience with it because you have to go through and pay for everything with cash or get their cards to pay for it or things like that there is inconvenience for that but if

you're willing to do that great if you're not well maybe you want to try something else then to always just keep in mind that your privacy and your data are available valuable to not just you but to other people and if you can prevent giving it away for free great if you can't give me away at all even better but there again accepting how much tolerance you have for your information being out there yeah this infestations just an overview into the online you can go way deeper on any of the topics I've talked about including setting up sock puppet accounts doing Oh sent any of that it's all out there a few other videos that

were out there winning and quitting the proxy game anti OSA that the typo right there I should say anti Oh said AF all these four ones that I've watched that aren't great resources as well they are going to touch on different aspects of what I talked on they not gonna be a complete overlap that first from up there Tim better his is a very interesting one as he kind of went full hermit almost with it uh getting his family involved in all that where they don't tell anybody about anything and if you see a car behind you as you're driving home drive past the the mailbox into you that are no longer than and then come home they went for not letting

anybody be able to find where they are sore think it's a great video I definitely recommend you watching it all these have great things about them in there finally my info I can be reached at a Twitter at at Titanes I have a blog out on Hillary story time YouTube videos out on hillbilly storytime at YouTube as well my personal and my work email address they're from trusted safe okay I think that's covers everything got it in here around about ten forty three ish if there's any questions that come up I'll be around right now and afterwards I'll be on discord as well if people have any questions there so there are questions Adam there's a very healthy amount of

chat in the discord of this track a and GoToWebinar but but I was gonna say never go full hermit yeah it's hard to come back it's hard to come back it's just I don't know for it depends on what kind of person you are you know some person some people are fine with that but that seems stressful to me but I was never retire I think I might go full harm it out in the middle of Montana somewhere but that's actually resumes from people that have pretty much scrubbed the internet of any information I'm so used to so used to using the Internet LinkedIn stuff like that to kind of fill in the gaps on the resume you know like

I want to see some examples of them interacting with other humans like is this a human I would want to interact with on a daily basis when nothing out there about them you know it's it's it's a little tough you know it's kind of become a norm to at least find some information about somebody professionally online if not personally right so to a few questions about what VPN to choose you know there's so many options out there it's such it just exploded you know and surely some of them are are run by the Venezuelan and Russian government's right so I will refrain from recommending any VPN for the sole purpose that as soon as I say

it I can almost guarantee you it has been hacked or somebody's found an issue with it yeah I switch I switch VPNs probably about twice a year honestly just because I found out something about my particular VPN provider that I don't like so I switched to another one or somebody's running a really good deal like oh I've read great reviews of it but they're up and coming they're like hey I've got six like you can get a 50% discount on your yearly membership water okay I'll check it out but um I try to find ones that are good to me at that moment um there's always been some great ones I can go back and see what I have on my

list of possibly good ones and I can post that in this court in a moment I don't have that readily available right in front of me but right now a lot of like anything I do for my business through a trusted SEC I can to their corporate VPN I just go out through one of their portals and let it be handled there but for my personal information if it's going to my bank that I use I don't necessarily use a VPN for that if I'm going online I might use the VPN and it depends on what I'm using it a lot of times sometimes I'll just rely just on tour for a lot of it just

be aware that if somebody is monitoring the endpoint they can do some heuristics to find out who you are but I will try to get that information over onto this court in a moment yeah so I also if you're not in the discord I highly recommend that it's I'm sure you'll get some VPN recommendations in there if you don't from from us people will be happy to someone yes yeah I personally use tunnel bear and I know a lot of people don't like to acquire him but but they were one of the only ones I could find that did multiple third party audits on their software their infrastructure all that which I respected that they did

that that's what I you know I use tunnel bear on my phone so do you managing multiple identities get good at compartmentalization honestly um I spent you know I can look at my LinkedIn all that I spent a good 10 years of my life working for federal government and it was at a place where what you do at work stays at work what you do at home stays at home so I've got trained early on on trying to separate two identities for myself my work identity and my own identity and that's just carried over but basically you can get notebooks write down keep a separate notebook for each identity if you want in one it's

going to be fairly safe to do that as long as you're not concerned about somebody breaking into your house to find out your alternate identity but yeah you take a notebook you write down all the information about that identity in there its name its address that you assign to it all that stuff and maintain it that way if you want to do the electronically that's great just do it in an encrypted container something like that and a note voters something like that I tend to go old-school with that and not try to keep that kind of information even associated with my other accounts on my computer so I run it down in notebook stuff like

that if I have to but other than that that's that's my general recommendation for that and just get good at compartmentalization so personally I use my password manager to manage that kind of stuff the details you know if I have other identities that I use like I actually created an identity just to see if I could create a fake company to win security vendor security awards and and I had to build that whole personality he had his own LinkedIn and everything and what I did in chrome at least I think you can do this in other browsers as well like Firefox has some way of compartmentalizing on different things where cookies are stored in a different

location you know there's no way one identity is gonna leak to the other but chrome like the little circle with your avatar if you click that you can create other person's and it makes it super easy to switch to that other profile like when I view sales demos for think'st I have a sales demo one so like when I'm typing a domain you know it doesn't pull something from my history from my my personal stuff into the sales demo and you see that autocomplete for a moment as I'm typing a URL stuff like that can be handy well then I would recommend also is something I do is I have a bunch of VMs I have one VM for my

anything I do financially is done on that VM anything I do that is a development base for with my coding environment I do on another VM that way anything I do for my work laptop itself is for work related I switch over to one of the VMs to do my other work it helps keep another level of a separation and stuff like that out if I'm wanting to spin up a new sock puppet account sorry I'll fire off another VM and then I'll go in and set everything up in there I'll set up a password manager in there I'll set up Chrome or Firefox whatever and therefore that account so yeah do you use separate password managers as a

question that we got yes well I use the same password manager different instances of it one for each account so it sounds like you always the same one just yeah pipeline or clears it like a cloud sync password manager um I use what is it here I don't remember which one I'm using offhand you keep in there something like that it's either keypads for LastPass I have it all flying under a thumb drive as well but I also have it associated with whichever VMI man at the time as well so yes so there's a mother you can always go into them say generate a random password it generates 14 characters 20 characters with random up case or case I just do

that it's easier for them to remember it yeah so so there's a few questions I'm gonna I'm gonna pass on but if you have time after this Adam if you just want to stand through the the track one channel there's some really good question but at this point it's it's too many for me to read them all out no no no no worries no worries I'll jump on there and answer what I can okay stop showing yes so last question here that I'm gonna read out is any ideas for not providing biometric data for multi-factor apps I guess some apps like on the phone ask for fingerprint I'm not sure um does it allow for other options

on there use a different finger I don't know uh get your sister to come in there and put her finger down out and I don't know yeah walk up to ask your mailman every time they stopped by yeah I need your finger a minute come here I mean unless you're willing to go to that level of separation you're good your biometrics are tied to you good you could score up your finger if you want I don't recommend bodily harm you can I've known people who were secretaries for years and their fingerprints wear off which makes biometrics really aren't for them at that time um but it's not not it's good into your genetics it's really hard to change a biometric sorry

yeah so apparently the person asked a question there there's an app that only gives you face ID or fingerprint it's your only option for unlocking that multi-factor app which kind of sucks like most I've seen will at least let you set a pin instead of using biometrics so my suggestion would be do you have to use that multi-factor app you know because I know a lot if you use in one time they said dog pop I don't know if yeah I was wondering if like your elbow you know something else would with register as a finger part so the body can be used I'll leave it there but yeah I was gonna say do I have yes if

you're just doing one time password something like that you don't have to use the Google Authenticator app you know maybe you don't have to use duo like if you can actually register the multi-factor authentication app yourself like I use of--they for some one-time passwords I use one password actually supports doing those codes so there's actually maybe there's a chance you can use a different app this is the only ID I have and the other option is is whatever is requiring you to use that do you have to use that if it is if it's your company mandating you have to use it maybe there's not another option but talk to that D manager see if

they have a alternate way for you to do it or something like that or if it's an application that's requiring that um is there another application that doesn't have that requirement that's just as good I don't know I mean it's you always have the option of just saying no and going elsewhere possibly I guess but yeah right yeah all right so I think that's I think that's about it sounds great I'm gonna jump over to discord and see what else is saying over there and try to answer what I can so awesome thank you very much Adam Thank You Adrian thank you for all of the besides like sort of proved there and thanks for

everybody coming in