Bitcoin Forum

Other => Beginners & Help => Topic started by: KingsDen on February 06, 2022, 04:48:52 PM



Title: Identity Security: A Newbies' Priority
Post by: KingsDen on February 06, 2022, 04:48:52 PM
      Preamble:
      In many occasions I have seen people care much about the security of their bitcoin, security of their other assets, perhaps security of job. We most times ignorantly care less about the security of our personal data.
      I am therefore going to discuss this topic in the following sub headings;
      1. My identity mistake (a motivation for this thread)
      2. How your identity may be revealed through your bitcoin address
      3. How to hide your identity
      4. Why it is good to hide your identity.

      Who will benefit from this topic?
      • Newbies who have not made identity mistakes
      • Other users who have not prioritised identity security
      • Readers, for learning purposes as no knowledge is a waste

      My identity mistake (a motivation for this thread):
      If you have been in this forum for more than 3years, congratulations! You are the smartest among your peers. This forum is an embodiment of knowledge.
      Prior my arrival to this forum, I was so careless about my identity (offline and online). I was actually seeing things from a different and wrong perspective. For instance, I regarded anyone avoiding KYC as a criminal.  I believed that since I am not a criminal, releasing my data will cost me nothing because I am sure I will never turn a criminal in the future.
      I was wallowing in my ignorance till I arrived this forum.
      Few weeks in this forum, two things struck my consciousness;
      • Why was Satoshi the bitcoin creator so concerned about privacy and identity, such that he was able to successfully remain pseudonymous and anonymous even in this information and technology era.
      • Why is almost everyone against KYC that I saw as the indisputable means to fight cyber crime. Does it mean everyone in the forum is a criminal?
      My quest to quenching my thirsty thoughts handed me an ample knowledge to answering the above questions.
      But before I could arrive at this knowledge(before joining this forum), I had already fallen victim of KYC scam.
      My mistake
      I was invited to buy share of a UK company in ISO stage, KYC was optional at the initial. But KYC later became a major requirement to getting the share if it matures. I was compelled to submit my international passport and even had to sign and scan my signature in lieu of my biometrics. I am convinced my identity is no longer secured, because there is a synchrony between  my travel documents and my local documents.  Meanwhile my official email address and phone number is with them. The climax of it was the project was a scam. Before now I had already done verification with so many non reputable exchanges. I honestly wish I could reverse my identity mistakes.

      Why hide your identity:
      • Your identity is unique, once compromised, compromised for life.
      • Your personal data can be bought and sold by and to scammers.
      • If your identity is hidden, it will be difficult know the amount of bitcoin or assets you have
      • Your identity can be stollen even from reliable platforms by hackers
      • Your online identity can be linked or related to your real life identity

      How your identity may be revealed through your bitcoin address:
      • If you publish your bitcoin address along side your real name, either in your website,  offline shop or social media. Such address can be linked to your personal self.
      • Your identity can be tied to your bitcoin address when you complete KYC in exchanges with your real data. It therefore means they are housing your personal data in their database and could be compromised knowingly or unknowingly
      • By the use of Hosted Wallets: No matter how friendly or less complicated hosted wallets are, your data security is not assured.  This is because your bitcoin address and even your IP address is visible to whoever that is operating the server.  So, your data could be given out without your consent, especially when government is in need of it.

      How to hide your identity  while using bitcoin:
      • Avoid repeating bitcoin address: If you don't, your identity would be leaked through your address. Ensure you generate a new address for every transactions as recommended by Satoshi in bitcoin whitepaper (https://bitcoin.org/bitcoin.pdf)
      • Use a VPN: If you undermine this, will it interest you that with your IP address, information as zip code and your house location on map could be gotten?
      • Use a stealth address for your transactions.
      • You can consider mixing the coins if you do not trust its flow. There is more to this as some fees would be encured

      Conclusion:
      I do not intend to make this topic longer than this, that is the reason I provided few points with coincised explanations. Then, remember  your identity does not change, so protect it as much as you protect  your bitcoin. This is because, owning bitcoin and allowing yourself to be vulnerable, you might not live to enjoy your bitcoin.
      If you suspect that your password is being compromised, you can reset  your password.  But if your identity is compromised, it's compromised for life.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 06, 2022, 09:26:39 PM
      Your personal data can be bought and sold by and to scammers.
      Many people do not understand the implications of this. Having you identity stolen can ruin your life. You can end up being responsible for hundreds of thousands of dollars worth of credit or loans someone else took out in your name, or you can end up on the hook for millions in healthcare bills for someone else being treated under your identity. Fighting these things is neither simple nor cheap, and even after spending years getting them cleared (if ever), you'll have spent huge sums of money and your credit rating will be decimated. People have been bankrupted and had their belongings and houses seized to settle debts they didn't take out due to having their identity stolen.

      If you think your identity has been stolen, then you should report it to the relevant law enforcement agency in your country immediately and place a credit freeze on your details so the criminal cannot take out loans or credit in your name.

      Use a VPN: If you undermine this, will it interest you that with your IP address, information as zip code and your house location on map could be gotten?
      Using a VPN moves the point of failure from your ISP to your VPN provider, who can still see your real IP address. If you trust your VPN provider, that's maybe ok, but if you want real privacy then you should be using Tor.

      ]You can consider mixing the coins if you do not trust its flow. There is more to this as some fees would be encured
      ChipMixer works on a pay-what-you-want model, so the fee is whatever you want it to be.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: lovesmayfamilis on February 07, 2022, 08:18:21 AM
      A good guide to teach children before introducing them to the Internet.
      In fact, at the moment, any person who once spoke about himself on the network cannot be completely anonymous.
      There is a proverb - "There are no perfectly healthy people, but there are under examined." That is, as long as a person does not violate any laws, he can "hope" that he has privacy. Today they are being monitored everywhere, from Google to COVID-19 passports. Leaving your photos on the network, and later, realizing that this should not be done, the photos will still remain in the memory of the Internet, like all other data.
      That's why I'm talking about children. Our children still have the opportunity to be anonymous, talking about themselves on the Internet as a different avatar with a completely different personality, far from the real one. We, one way or another, unfortunately already have a lot of tails leading to our personality.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: KingsDen on February 07, 2022, 08:45:41 AM
      Your personal data can be bought and sold by and to scammers.
      Many people do not understand the implications of this. Having you identity stolen can ruin your life... People have been bankrupted and had their belongings and houses seized to settle debts they didn't take out due to having their identity stolen.
      This is exactly my fear. I keep visiting my mail box searching for strange mails. And also making random search on the internet to see if I can stumble on my identity clone.
      If you think your identity has been stolen, then you should report it to the relevant law enforcement agency in your country immediately and place a credit freeze on your details so the criminal cannot take out loans or credit in your name.
      Thank you very much, as simple as it may sound, I never thought of this till now.
      Use a VPN: If you undermine this, will it interest you that with your IP address, information as zip code and your house location on map could be gotten?
      Using a VPN moves the point of failure from your ISP to your VPN provider, who can still see your real IP address. If you trust your VPN provider, that's maybe ok, but if you want real privacy then you should be using Tor.
      It is true there are many non reputable VPN services available who could even do more harms more than as thought. The use of Tor browser apparently skipped my memory. Thanks for inclusion.
      You can consider mixing the coins if you do not trust its flow. There is more to this as some fees would be encured
      ChipMixer works on a pay-what-you-want model, so the fee is whatever you want it to be.
      Good to know, though I have not used their services before. But I think there should be more to the model. I say this because, I cannot chose to mix $100 worth coin and chose $10 as fee and then someone mixing a $5,000 worth coin also will chose $10 as fee.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 07, 2022, 09:57:48 AM
      A good guide to teach children before introducing them to the Internet.
      I feel very sorry for the children of today. Parents plaster them all over social media - photos, videos, embarrassing stories, etc. - all before they are old enough to understand what social media even is and definitely before they are old enough to consent to it or understand the lifelong implications. I am forever glad I grew up long before any of this was a thing. Imagine being an adult and knowing that your whole life from the day you were born is documented online for anyone to view.

      Good to know, though I have not used their services before. But I think there should be more to the model. I say this because, I cannot chose to mix $100 worth coin and chose $10 as fee and then someone mixing a $5,000 worth coin also will chose $10 as fee.
      That's exactly how it works though. You donate whatever you wish to donate. If you want to donate 10% or 0.1% of what you mix, it is your choice. Worth bearing in mind that donating an unknown amount will help your privacy since it makes it even harder to link inputs and outputs based on common values.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: _act_ on February 07, 2022, 12:59:21 PM
      Use a VPN: If you undermine this, will it interest you that with your IP address, information as zip code and your house location on map could be gotten?
      Using a VPN moves the point of failure from your ISP to your VPN provider, who can still see your real IP address. If you trust your VPN provider, that's maybe ok, but if you want real privacy then you should be using Tor.
      There has been cases of VPN providers giving government the information needed to trace someone with online illicit activities, this makes me think some bad people working with VPN companies can make use of the opportunity for illegal reasons to trace someone illegally for illicit purpose, I have read before about some paid VPN that disclose information to government about their customer, VPN is centralized and many of them are keeping logs but lying to customers that they do not keep logs.

      I will prefer Tor, Orbit or any other app developed by the Tor project which are providing routing in a decentralized way. I do not know much about Tor but I know anyone that is using it, its connection will be routed to like three different nodes before finally routing the connection to the person's destination, this is far most better than any centralized VPN. Tor is even free.

      Also the worst part of it are people that are using free VPN that display ads which can be malicious and make security not to be possible.

      I have a question which I noticed people do not like to mention on this forum, it is about DPN (decentralized-virtual private network), do not let me mention any name yet that are providing DPV service. But are they recommendable?

      But presently, I have only preferred Tor projects.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: KingsDen on February 07, 2022, 01:36:53 PM
      That's why I'm talking about children. Our children still have the opportunity to be anonymous, talking about themselves on the Internet as a different avatar with a completely different personality, far from the real one. We, one way or another, unfortunately already have a lot of tails leading to our personality.
      The irony of the whole matter is that before the children will grow to handle their identity personality by themselves, their identity had already been ruined by parents who do nothing off the social media.
      I feel very sorry for the children of today. Parents plaster them all over social media - photos, videos, embarrassing stories, etc. - all before they are old enough to understand what social media even is and definitely before they are old enough to consent to it or understand the lifelong implications
      Exactly. In years to come I forsee a media war, this war will be the company, organisation or persons that has the highest number of online persona. It could be that without someone's consent, his identity would be among an individual's community.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 07, 2022, 02:20:46 PM
      Also the worst part of it are people that are using free VPN that display ads which can be malicious and make security not to be possible.
      Free VPNs are almost always a scam. They make their profits by spying on you and selling your data. A free VPN usually makes your privacy worse, not better. The only free VPN I would ever consider touching would be ProtonVPN, since they have a solid track record and their free service is subsidized by their paying customers rather than making money from your data.

      I have a question which I noticed people do not like to mention on this forum, it is about DPN (decentralized-virtual private network), do not let me mention any name yet that are providing DPV service. But are they recommendable?
      The technology is still too early and too experimental to be seriously trusted. I also don't see how it improves things over a standard VPN. Sure, you might not be connecting to a node owned by a specific company, but you are still connecting to a node owned by someone. What's stopping that person from spying on your traffic?


      Title: Re: Identity Security: A Newbies' Priority
      Post by: BITCOIN4X on February 07, 2022, 07:33:26 PM
      Free VPNs are almost always a scam. They make their profits by spying on you and selling your data. A free VPN usually makes your privacy worse, not better.
      What if we never give any app permission to access the data on the device, can we really prevent it and make it safe?

      I've been using free VPNs so far on my phone, but never gave them any permissions including storage. Maybe the app gets permission to access full network, view network connections and receive data from internet. But as long as they don't access or manage storage data, I think it's safe to use them.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 07, 2022, 08:04:39 PM
      What if we never give any app permission to access the data on the device, can we really prevent it and make it safe?
      Doesn't matter. The whole concept of a VPN is that all your internet traffic is routed through a server belonging to the VPN company. It make no difference what permissions the app on your device has - all your traffic still passes through their servers. They have to pay for the bandwidth of these servers somehow. If you aren't paying to use their bandwidth, then they are making their money in some other way. This is almost always by monetizing you, monitoring your traffic, spying on your behavior, and then selling all that data to third parties.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: KingsDen on February 08, 2022, 09:27:05 AM
      What if we never give any app permission to access the data on the device, can we really prevent it and make it safe?
      Doesn't matter. The whole concept of a VPN is that all your internet traffic is routed through a server belonging to the VPN company. It make no difference what permissions the app on your device has - all your traffic still passes through their servers. They have to pay for the bandwidth of these servers somehow. If you aren't paying to use their bandwidth, then they are making their money in some other way. This is almost always by monetizing you, monitoring your traffic, spying on your behavior, and then selling all that data to third parties.
      It is almost a general knowledge that nothing is free. So, anyone giving a free service is gaining in one way or the other except in rear cases of charity services. But is it not possible to also see a paid VPN spying on the user's activities and then selling their data?
      I ask so that we may not see it as, free VPN is scam, paid VPN I safe.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 08, 2022, 10:14:54 AM
      But is it not possible to also see a paid VPN spying on the user's activities and then selling their data?
      Absolutely it is.

      As I mentioned above, using a VPN simply moves your point of failure from your ISP to your VPN provider. Instead of your ISP being able to spy on all your data (which they pretty much all do), instead it is encrypted and sent first to your VPN provider. You then have to trust that your VPN provider is doing what they say they are doing, and not spying on your data or keeping logs. The best VPN providers submit to independent audits to prove their no logs policy, or have been tested in court and proven that they don't have any logs to provide. However, even then all that tells you is that they did not keep logs then, and they could well be keeping logs now.

      So yes, there are plenty of paid VPNs out there I wouldn't use if you paid me to, with terrible policies, known to keep logs, lying to their users, owned by very shady companies, and so on. If you want to use a VPN then you need to be clear why you are using it, understand exactly what it is doing for you, and pick a reputable one from here: https://privacyguides.org/providers/vpn/. Otherwise, use Tor.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: Pmalek on February 08, 2022, 10:56:51 AM
      What if we never give any app permission to access the data on the device, can we really prevent it and make it safe?
      A malicious app wouldn't need your permission to do whatever it intends to do. By downloading and installing it, the app can take it from there.

      I use very few mobile apps, but was always under the impression that unless you give them the access rights they ask for, you wouldn't be able to run them. Or some/most of their features wouldn't work. Since Facebook and Messenger is probably one of those apps that most people have on their phones, would they work if you didn't give them any permissions during the onboarding process?


      Title: Re: Identity Security: A Newbies' Priority
      Post by: _act_ on February 08, 2022, 11:18:16 AM
      Free VPNs are almost always a scam. They make their profits by spying on you and selling your data. A free VPN usually makes your privacy worse, not better.
      What if we never give any app permission to access the data on the device, can we really prevent it and make it safe?
      You have been answered very well, aside selling your data to third-party to display your ads, ads are very dangerous, what if the ads contain malware, some people will click on attractive ads and direct them to malicious page. Ads are forbidden by people that are very conscious of security, ads are deadly. Free VPN are also slow and contain very limited IP addresses. Do not think you are safe because you disable download permission of the app.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 08, 2022, 11:30:06 AM
      I use very few mobile apps, but was always under the impression that unless you give them the access rights they ask for, you wouldn't be able to run them. Or some/most of their features wouldn't work.
      It varies from app to app. I'm fairly certain you can revoke most of Facebook's permissions, such as access to your camera, microphone, storage, location, and it will still run, as I've shown a few friends how to do that in the past. Obviously you won't be able to do things which require these permissions, such as post photos, but you can still use the app. You can safely turn off the same permissions for things like your browser apps as well.

      Other apps will refuse to open and just prompt you to allow some permissions. For example, a video calling app isn't going to work without camera and microphone access, and a file manager app isn't going to work without access to your storage.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: KingsDen on February 08, 2022, 01:15:45 PM
      As I mentioned above, using a VPN simply moves your point of failure from your ISP to your VPN provider. Instead of your ISP being able to spy on all your data (which they pretty much all do), instead it is encrypted and sent first to your VPN provider. You then have to trust that your VPN provider is doing what they say they are doing, and not spying on your data or keeping logs.
      Looking like a dilemma, choosing to trust your ISP or VPN provider. It actually goes down to what the user wants to achieve. With what you have written and what I read from the link you provided, it is possible that one can enter into a major mess in the bid to having an IP privacy.
      Quote
      VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way.
      However, they do hide your actual IP from a third party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking.
      It is also worthy to note that the encryption provided by these VPN's is for the device to the vpn server which does not cover the encryption between your apps and the server.
      Quote
      What if we never give any app permission to access the data on the device, can we really prevent it and make it safe?
      Since it is not encrypted, you are vulnerable whether or not you permit the access.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: taufik123 on February 08, 2022, 04:16:42 PM
      A malicious app wouldn't need your permission to do whatever it intends to do. By downloading and installing it, the app can take it from there.
      -snip-
      That's true, many malicious apps are programmed to just be installed without requiring initial permissions like regular apps. I once got several applications from blackmarket which I then installed on my smartphone and after that it infected my smartphone by locking some files and appearing several other applications.

      Since that incident I have been more selective in installing applications and for smartphones now the security is better, because some applications that contain spyware will receive a warning before being installed, this will be safer.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: KingsDen on February 12, 2022, 05:27:17 PM
      A malicious app wouldn't need your permission to do whatever it intends to do. By downloading and installing it, the app can take it from there.
      -snip-
      That's true, many malicious apps are programmed to just be installed without requiring initial permissions like regular apps. I once got several applications from blackmarket which I then installed on my smartphone and after that it infected my smartphone by locking some files and appearing several other applications.
      Some apps are very malicious. There was one that my friend mistakenly got into his phone. Then, when you go to the system settings to uninstall the app it will not be visible there. I was shocked that I searched through the installed app and didn't see it. I had to search again with carefullness, then I saw a blank space and clicked and uninstall the app.
      That was actually the day I knew how malicious these apps can be.


      Title: Re: Identity Security: A Newbies' Priority
      Post by: o_e_l_e_o on February 12, 2022, 07:48:15 PM
      It is also worthy to note that the encryption provided by these VPN's is for the device to the vpn server which does not cover the encryption between your apps and the server.
      Correct, which is why everybody should install and use the HTTPS Everywhere extension on their browser. You'll find links for all compatible browsers here: https://www.eff.org/https-everywhere. If you use Tor, then it comes pre-installed. This will encrypt your traffic between your ISP/VPN server/Tor exit node and the final destination/site you are connecting to. While the entity in question will be able to see what site you connect to, they will not be able to see what you are doing on that site.

      That's true, many malicious apps are programmed to just be installed without requiring initial permissions like regular apps.
      I think the problem is less malicious apps being able to bypass permission controls, and more users just allowing any old app access to absolutely anything it asks for. Why does Instagram need to be able to read your SMS messages? Why does Netflix need to access to your contacts? Why does that random game you downloaded need access to your keyboard? Why does that crypto tracker app need access to all your files? Every app and every additional permission poses not only a risk to your privacy, but also to the security of your wallets and your coins. I remember reading about a custom keyboard app which was actually stealing any seed phrases entered and transmitting them to the developer.