Privacy is like diet, it is not a zero sum game. The less data we give to advertisers and governments the better. The point is to increase the expense of tracking and create as many holes in their databases as possible.
> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.
E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.
> same goes with bus/trains tickets
I pay cash for these and use them short term so little tracking value here.
> our home internet can be logged one way or another too, at router level (think of the many exploits against that).
I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.
> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.
I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/
firmware.
As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.
> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?
If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.
> What about personal connections like friends and family or work that could be a weak link?
I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.
> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.
My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.
My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.
At least by reading all of the above, it seems they have something like Genode (running on https://sel4.systems/ , amongst others ), but instead of some academic research thing, widely deployed commercially, running on consumer ready devices of all sorts.
Lately all based on that HongMeng kernel thing, comparable in performance to SEL4, utilizing containerized Linux-drivers by way of compatibility-shim, still fast.
I really appreciate the scorched earth efforts to redo computing with security from the start, but personally I have reached the conclusion that compatibility is key to adoption, and that desktop focused linux distros like ubuntu with yolo security being used for servers is the practice causing the most harm we must end as soon as possible.
QubesOS falls really short in supply chain integrity, and server solutions, but IMO the overall hypervisor/IOMMU isolation architecture is the most practical and compatible way forward though nowhere near as elegant as some of the ideas in Genode.
In EnclaveOS my team and I chose to focus on remote attestation and best available security isolation technologies available to most server CPUs while still using (hardened) linux kernels. We talk about this here: https://distrust.co/blog/enclaveos.html
Maybe in US but in various parts of Europe this ain't true, you cross certain threshold for power or speed and license plate is required, with corresponding insurance - same for e-scooters.
Ie in Switzerland thats 20kmh so basically all of them since they often cut off at 25kmh. Almost nobody does that for weaker ones and thus police keeps taking them and then you see police guys riding around say Geneva on various e-scooters.
> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.
E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.
> same goes with bus/trains tickets
I pay cash for these and use them short term so little tracking value here.
> our home internet can be logged one way or another too, at router level (think of the many exploits against that).
I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.
> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.
I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/ firmware.
As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.
https://trove.distrust.co
> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?
If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.
> What about personal connections like friends and family or work that could be a weak link?
I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.
> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.
My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.
My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.