On this page you will find some Tips that I have posted on Twitter. Due to the ever changing worlds of Cyber & Digital I have included the date of when I posted the Tip.

 

Disable Apple’s U1 Tracking Chip

Top Tip, how to disable Apple’s new U1 tracking chip, for better privacy.

https://www.pocket-lint.com/phones/news/apple/150904-how-to-turn-off-apple-s-u1-location-tracking-chip-in-iphone-11

05/06/2022

 

Telegram OPSEC

Top Tip, when researching Telegram don’t forget your OPSEC, If you are downloading channels or accounts, use a virtual machine and anti virus software. You just do not know what is in the content you download.

03/05/2022

Telegram Research without an Account

Top Tip – If you are researching Telegram, anyone can open a t(.)me link to see profiles, posts or entire public channels without the need to download Telegram, use the preview button.

02/05//2022

Telegram Phone Number Search

Top Tip – Telegram Phone Number Links. Post or share a t(.)me link to let others contact you, based on a your phone number.

The links will follow the phone number privacy settings – if a user isn’t allowing others to find them by their number the link will not work. If everyone can find the user the link appears to be public and can be searched in the same way as you would a t(.)me username in a browser, https://t(.)me/+7????

If you are searching for numbers you will see a link asking you to open a chat. if you have not got Telegram, there is a link do that allows you to download it.

28/02/2022

Protect Your Local Account With Yubikey

If you do not want to set up a Microsoft Windows account but want to use a Yubikey on a local account, download the Yubikey client from the @Yubico website.

https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide

12/02/2022

Signal Secret

Probably the only argument I hear against using Signal is the fact that you have to use a phone number. Well there is a work around where you do not need to use your real number. If you are fortunate enough to live in a country where you can buy SIM cards with no issues, then use a different number to verify your Signal Account.

Download the Signal App or reinstall it. Place the new SIM in your phone or a donor phone (Preferred) to receive your verification code.Once you have verified your account, you then need to lock the donor phone number to your Signal account, as the network at some stage will reclaim the number if it is not used.

iPhone users: Click Settings > Account > Registration Lock > Enabled
Android users: Click Settings > Account > Registration Lock > Enabled

Enter a PIN. This PIN will prevent your number from being re-registered from a different device.

By doing this you keep your real mobile number secure from being searched on Signal’s server and also from your friends, who will no doubt save your number to their contacts, which they then sync across all their apps.

11/01/2022

Android OSINT Recording

For those of you who use mobile phones for OSINT, you may want to try the built in screen recording function to capture your OSINT research. No need to cast your screen or download third party software to your desktop.

Record your phone screen

Swipe down twice from the top of your screen.

Tap Screen record.
(You might need to swipe right to find it. If it’s not there, tap Edit and drag Screen record to your Quick Settings.)

Choose what you want to record and tap Start. The recording begins after the countdown.

To stop recording, swipe down from the top of the screen and tap the Screen recorder notification.

Find screen recordings.

Open your phone’s Photos app Photos.
Tap Library and then Movies.

09/12/2021

Android 12 Privacy

Have you updated to Android 12? Here is an article that talks you through some new privacy settings that you should consider.

https://www.wired.com/story/android-12-privacy-settings-updates/

30/11/2021

LocateJS

Using a VPN may not protect you from apps or websites finding your real location, as they can read your system data. Try LocateJS to see if you are still leaking your location.

z0ccc.github.io/LocateJS/

23/10/2021

Google Locked Folder

Google Pixel phones now have a new feature called Locked Folder. It will isolate your photos from other apps and they will not be available in the photo grid if your phone is stolen.

How to enable and set up a locked folder in Google Photos
Launch the Google Photos app.
Tap on the Library tab at the bottom of the page.
Tap on the Utilities button at the top of the page.

With the Locked Folder set up, you can move photos from your account directly into the Locked Folder.

https://www.androidcentral.com/how-enable-and-use-locked-folder-google-photos

08/08/2021

Amazon Sidewalk

Top Tip – Amazon Sidewalk is opt out rather than opt in. To opt out: –
1. Open the Alexa app on your phone.
2. Tap More in the lower right-hand corner of the app.
3. Tap Settings.
4. Tap Account Settings.
5. Tap Amazon Sidewalk.
6. Switch Sidewalk off and exit out of the app.
25/07/2021

Mobile Phone Privacy

Be careful what details you disclose in your emergency contact or medical information. Remember it can be accessed by anyone form the locked screen of your mobile.

They simply have to press the emergency call icon to access the information you have put.

Don’t over expose yourself unnecessarily as the information could be used to smish or phish you, or identify your home address.

You can also protect your mobile number by restricting who it is displayed to when you call anyone. You can do this in the settings of your phone.

Android (Will vary) – Phone Icon – Settings – Calls – Additional Settings – Caller ID

Apple – Settings – Phone – Calls – Show My Caller ID

20/07/2021

WhatsApps

10/07/2021

Privacy Health Check

https://clickclickclick.click – fun example of how websites interpret your behaviour.
https://themarkup.org/blacklight – tells you what trackers and cookies a website is using.
https://tosdr.org/ – rates the term of services of a website.
https://www.securemessagingapps.com/ – rates messenger apps.
https://justgetmydata.com/ – tells you how to obtain your data.
https://browserleaks.com/ – browser fingerprinting tools.

27/06/2021

Use Windows Offline

I know Windows is not the best for privacy. That may even be an understatement, however so many people us it. This article explains how to circumnavigate Windows forcing you to create an online account.

https://helpdeskgeek.com/windows-10/how-to-setup-windows-10-without-a-microsoft-account/

10/06/2021

Find Keywords in a YouTube Video

•    Open the video in question
•    Click on the three horizontal dots
•    Open Transcripts
•    Ctrl+F (or Cmd+F)
•    Type in, “Keyword”

06/06/2021

Backups

Probably one of the easiest things you could do to protect yourself, if your files are ever infected with malware, is to have an offline backup.

24/05/2021

Researching LinkedIn

Researching LinkedIn without an account. Try Bing as your search engine. I have had some good responses to it allowing me to see the landing page of a profile, even when using a VPN however the lifespan of this access is limited when using one.  I still prefer the power of Google advanced search operators but try Bing’s it throws up some good results too. Mix and match for best results.

13/05/2021

Apple Air Tags & Samsung Smart Tags

With the emergence of Apple Air Tags & Samsung Smart Tags, now maybe is a good time to turn off Bluetooth, Location Services and Find My Phone. These little devils utilise your Bluetooth and Location to work out where they are.

If you are lucky enough to own an Android you can also switch off Bluetooth scanning in your settings. Apple doesn’t allow you to do this as apparently, it affects their ability to provide precise location data.

Settings – Location – Wi-Fi Bluetooth Scanning (May differ with Android manufacturer)

08/05/2021

OSINT & Hardware Acceleration.

If you use @hunchly and @VMware virtual machines together for your OSINT you may have issues around colour opacity, this can be a result of, “Hardware Acceleration”

It can be remedied in either the settings of the VM or the Browser you use, by disabling hardware acceleration.

03/05/2021

Email & Mobile Hygiene

Take a stepped approach to the use of emails and mobiles, Primary, Secondary & Disposal:-

Primary email and  mobile for the financial side of your life. Never share them with anyone, including family.

Secondary can be used for less important matters, such as online services or memberships, where you have regular contact.

Disposal or Alias use when you are purchasing online where there is no need to create an account.

30/04/2021

Cookies

For those of you who live in Europe, do you ever click on the Cookie options popup or do you just press accept? For privacy reasons, don’t select the default, accept all. Click and manually only allow, essential options. Some sites have a frightening array of trackers deployed.

18/03/2021

MySudoApp

One of the be benefits of @MySudoApp  is you can keep your all important network mobile number safe. The number you use for banking that you also use on SM & IM platforms as well as buying online. Keep it safe, MySudo is one way you can. Reduce the risk of smishing.

16/03/2021

OSINT Hardware

I know the cost of hardware to support sock accounts in OSINT can sometimes be an issue. Android phones now come with the facility to create a separate user account.

Samsung phones also have the Knox vault which enables you to have a second account secured in the vault with its own apps. (Not available on every model)

Maybe a good Privacy & OPSEC tool too.

03/03/2021

Windows Safety

I want to share two little tricks that may help with privacy & cyber-security. Consider creating two accounts on Windows, an Admin & User. By only being a User you will need to use a password to carry out certain task, like exe a program. This may safe you from certain Malware.

Some Malware require Admin privileges. Also it is a safeguard from accidentally opening something you didn’t want to.

Why not consider a virtual desktop, if in these times you are working agile and sharing your desktop on meetings. WIN + Ctrl + D will create a second desktop.

25/02/2021

Firefox Privacy

If you are interested in the Privacy of your Firefox browser, use this link to see what you are leaking https://inteltechniques.com/logger/ then use this link to adjust the Privacy settings https://restoreprivacy.com/firefox-privacy/ and then try the first link again.

21/12/2020

Photo Privacy & OPSEC

Privacy tip, if you have a Google account don’t forget to enable, ‘Remove geo location in items shared by a link.’ This setting relates to photos you have taken and shared. You can disable, ‘Save location,’ in your cameras settings too.

20/12/2020

Stay Incognito

Change Chrome to Incognito mode permanently (Windows 10).
Go to – Properties – Shortcut – Target – then add “–incognito” to th end.
It should look something like this – “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” —incognito
27/07/2019

Go Incognito

OSINT & Privacy tip, I’m not a massive user of Chrome mobile browsers but in the settings – privacy you can set secure DNS to one of your choice, Cloudflare is also a default option.

If you want  permanent Chrome incognito browser on your mobile. Menu -> Long press on Chrome Icon.

Long press on the Incognito tab or drag and place the Incognito shortcut to home by holding the dual horizontal lines. You can now directly open  Incognito mode.

01/11/2020