Summary
Transcript
When it comes to privacy, everyone looks at the most obvious, glaring invasions. However, when dealing with the very smart engineers in big tech, they have come up with some pretty sneaky ways of identifying who you are on the Internet. The scary part is that even the privacy smart people aren’t even aware of this privacy invasion or how to get around it. The biggest offender, or at least the original player, that made serious use of this threat was Zuckerberg.
That sneaky Zucker. I noticed this early on and was one of the critical reasons why I left Facebook a dozen years ago. What this is is a list. A list that you don’t even realize you’re in, and you have very little input on whether you appear on this list. However, be aware that for most of you, this is the clear identifying mark on the Internet. This is how big tech can easily find out who you are.
This list is used by many big tech companies, not just Facebook. And it is a certainty that this is a massively important technique for three letter agencies to identify targets. It takes some careful planning to minimize the effect of being on this list. If you want to be a serious privacy ninja, then you need to really be aware of this threat and how to deal with it. Stay right there.
If you want to learn you let’s first understand a little privacy theory or have a conceptual understanding of what I will be talking about. If a three letter agency wants to find out more about you, what is the easiest way to do that? Let’s say you’re just some quiet looking dude living in some obscure small apartment in New York City. Now, you could follow this guy around all day or put in surveillance microphones at his apartment, but that would be a very limited source of information.
The easiest way, folks, is just to find out his communication methods. Typically, this would be a phone or email. Let’s start with the phone. A three letter agency can effortlessly track every phone call ever made or received. And using the MZ of the phone, you can then identify who this guy is calling or who’s calling him. Similarly, you can do the same with email. Just look at all the emails sent and received, and track the various contacts.
And to aid in the analysis, you also perform the same research on this person’s contacts. Again, checking these people’s call records and email records. You could do this to several degrees of separation. And believe it or not, you can identify circles of communities very easily and connect people in various settings, whether by family, socially, or in business. By doing this kind of tracking. I call this kind of data a relationship map and the two most obvious sources of this data are phone numbers and email addresses.
You can see here that if you’re tracking some sort of terrorist, it would be very hard for that terrorist to hide history of relationships that are recorded via phone and email. And today this is assured by the application of KYC or know your customer laws that require carriers to collect certain identifiers so they know the name of the exact person using a particular phone number. Now enter big tech and social media.
I’ve made many videos of this before, but it is important to actually give you all a plan of action on how to react to this because the environment keeps changing. Unfortunately for all of us, a government does not need to collect data on our phone traffic or our email traffic. Nowadays, this data is willingly given, not necessarily always by you, but given by people you know. One of the biggest data leaks is the contact list.
A large number of people with an NPC kind of attitude, meaning a normie, will just willy nilly upload a contact list to Facebook. Facebook makes it clear in their data privacy policy that they actually read your contact list every single day and store that information to develop these relationship maps. A very obvious implementation of these relationship maps is when Facebook recommends people as friends because your phone or email shows up in those people’s contact lists.
Now, Google’s Gmail itself does not even need to have an uploaded contact list. Just from every email you send, it should be clear who you’ve ever sent or received email to or from. So to Google again, email is an effortless identifier, and most people do nothing when it comes to the use of the most common identifiers, which are phone numbers and email. In fact, today platforms are assured of even more data.
While Facebook, Instagram, WhatsApp, LinkedIn, TikTok, and so many others are very good at collecting contact lists, they also make sure to match these to you by collecting your own phone number and email. The phone number collected is under the guise of two FA or two factor authentication. In December 2023, right before the turn to 2024, I noticed that so many platforms began really active use, like seriously active use of phone numbers for two FA.
In fact, since some of these platforms weren’t actively using two FA much before, the sudden aggressive use of two FA phone numbers meant that my phone number was not up to date on multiple platforms and I temporarily lost access to some of them. And this is because I personally use a specific method to ensure that I do not fall into this contactless trap. But before I get into that, let me just paint the complete picture here.
If you go to social media and create multiple identities because you want some privacy, please use your hand and realize that you are not hiding anything. If they can match you to a phone number or an email, and once they do, they can retrieve your real name from someone’s contact list. Again, understand the problem here. It is not an issue of what you have personally done to destroy your privacy.
It is your normie friends and acquaintances that are ruining your privacy and you have no control over it. For example, you can use a fake name with your email or phone number, but your friends aren’t going to use your fake name in their contact lists. Similarly, you have no control over what name is associated with your email address since it depends on how a sender has addressed you.
Also, if you are trying to be sneaky by changing your name on different platforms like banks, shopping sites and social media sites, it won’t matter if they can just compare all these and identify which ones are correct. And in case you didn’t know, your email and phone number will eventually get associated with your credit record like on equifax, and that will of course match a real identity with a Social Security number.
Based on what I’ve said here, it seems like a very daunting problem and one that is hard to find a solution to. However, there is a solution, but it requires careful planning. You need to set up some rules for yourself when going online. It is best to write these rules down for yourself so you don’t make a mistake. I’m going to present some of these rules to you today and if you apply it, then the effect of this relationship mapping will be minimal, if any, and you will be able to maintain some identity protection on the Internet.
Just note that this advice must be accompanied by other actions to protect your privacy. As I discussed elsewhere, however, these additional ingredients will not spoil your efforts. Number one, do not ever upload a contact list. Now this should be obvious based on what I just said previously, but some platforms persist in collecting your contact list and it is possible that you can accidentally upload it. A good example of this is TikTok.
I think this is TikTok’s primary spying method. In retrospect, I was testing this and TikTok persists in asking you to upload your contact list, and it is very easy to accidentally accept their request, in which case they get one quick upload of your list. And your clue, of course, is that people you know immediately get recommended for following. I would seriously think about deleting an account and starting a fresh one if you ever make this mistake, because I don’t think it’s possible to undo the damage of a permanent contact list being on your records.
Nothing you do later on to protect yourself will work because the platform will use your contacts to verify your identity, at least electronically speaking. It is safe to say that it is impossible to protect yourself on certain platforms like Facebook, Instagram and WhatsApp, so that’s a lost cause. Continue at your own peril. Number two, use a different email for every platform, although it is not strictly necessary to have 100 emails for 100 platforms.
For example, you should at least do some partitioning of your online presence by email address. There should be at least a work email, a personal email, both of which may appear on someone’s contact list, but this is the most important part. Neither of those should be used as a platform login. Never, because if you use an email address that is in someone’s contact list, then you are clearly identified.
However, to make this concept clearer in your head, let’s say that you used a unique email address for a platform. This is actually easy with an email product that I offer called Braxmail. On Braxmail you can have unlimited aliases. So if your normal email is John c@braxmail. net then you can use an alias like John cx@braxmail. net as your login to x or John C. Rumble@braxmail. net to log into Rumble the point of this is twofold.
First, this email will not appear in anyone’s contact list because it is unique. Second, there will be no email history associated with these email addresses since they will contain only platform email for two fa and notifications, at least from an external party viewing it. Thus, the email will be a dead end. As an identifier, your identity, at least from email, will not leak. I think the same benefit can be achieved even if you just use a different email for all online platforms combined.
But keep financial email like the banks different because it will be recorded on your credit reports. So a healthy separation of emails would be work personal, financial online platforms, or alternatively work personal and a different email for every platform. But here you must keep accurate records of your logins and a password manager, as you will really be screwed if you forget what email you used for a platform.
I made that mistake in x, and that’s possibly why it’s been hard to reactivate my account. I couldn’t remember the email I used. Now let me talk about a different case here, and that’s Google. So if you go to Google. You’re using Gmail and many of you use Gmail for personal use or for work use. But don’t use those same Gmail for platform logins. Meaning even if you have a personal login, don’t use that for YouTube, use a different one.
Come up with a third gmail and that’s the one you would use for platform logins. So that’s the way you would handle that on the Google end since they’re all going to be Gmail. Number three use a different phone number for two fa this is a very key instruction. Given the problem of the phone number being a primary identifier, you must use a different phone number for two factor authentication.
I just use a single phone number for all my two fa and because of all the requirements that some platforms like Google require that it be a phone equipped with a Google app, I actually have a second Google phone, meaning a standard Android for two fa. This phone is off. When I’m not using two fa, I don’t use it for any other purpose. Because two FA requires texting, it is not possible to do wifi only on this phone.
Platforms now detect if your phone number is a voiceover ip line like Google Voice Skype or Viber, and will ban that for two FA. They want a real phone number. So this is really zucked up for privacy. But my response is to have a separate phone. Let’s say your spouse needs a two FA phone number as well. There’s no need to get multiple lines. You can share one line and then call each other if there is a need to get a two FA text message with some authentication code.
Now there are ways to avoid too much of this, but I will explain that later. You may think this is a major expense, but it’s not too bad. Here in the USA, I have a very cheap sim card from red pocket. I use it only for two FA texting and it is around $60 a year or $5 a month. Again, share this with the entire family so everyone’s phone number is protected.
The important thing to remind yourself again here is that this phone number must not be known to any of your real contacts. No one must call you on this number. Once someone gets this phone number and puts it into their contact list, then you’re identified. It is not a concern if platforms know this number with a caveat, use your normal known phone number s two FA for financial sites like banks, this phone number will be reported to credit agencies, so it should not be your two FA phone number.
A final tip on this change this phone number every once in a while for safety. I realize this is hard work since you have to go to every site and change your two FA phone number, but I do this all the time and I have an organized workload for it now. Number four, use alternate methods for two FA if allowed. As of early 2024, there are alternate methods of two FA and some don’t require a phone number.
For example, I’ve removed all phone numbers from Google. Even my YouTube account is not associated with a phone number. Instead, I use a pass key for two FA. Unfortunately for Google, a pass key is not sufficient. They still require some other proof of identification. Unfortunately, I have my two FA phone with a Google app. I don’t give them that phone’s two FA number, but I use the Google app on it and it is a standard Google Android so it is possible that they can read the phone number.
In case you all forget or if you’re new to this channel, you should know that I don’t use a normie phone as a daily driver. I use a phone with no Google, otherwise known as a degoogle phone. So for most things I don’t emit any data on mobile and I’m invisible there. Other forms of alternate two fa are the use of hardware keys like UB key. Now the problem with the use of a UB key or other hardware security key is that not all platforms are able to use it consistently.
Also, some platforms like Google require you to still use a Google app so they can actually find your identity through the Google app. So you always have to remember which platform uses what and that gets extremely complicated. However, because it is hardware based, it is definitely a much more secure option. In general, I think paskis are easier to use and I need to again repeat this because many of you are incorrectly judging pass keys.
Pass keys do not pass your biometrics anywhere. The actual exchange with a platform is done by RSA certificates, just like the use of normal Internet encryption. So there is nothing to fear about your biometrics being captured in some way. The advantage of Apesky is if a platform accepts it completely instead of two fa. If a platform like Google wants to use Pascis and then still requires some other two fa, then it defeats the purpose and its value is questionable.
However, in the case of Google, it’s still more convenient because they will ask you for pass keys more often than any other method. So far, Google has not required me to use a phone number. They keep asking for it but have not required it for two fa they just required me to use a Google app and that’s been rare. A Google app is pretty bad because I’m logged in with my Google id all the time, but I mitigate this by leaving that phone off.
Due to Paskis, I rarely ever need to use additional two FA on most sites. Thus the two FA phone is turned on only a few times a year. Now, I don’t want to give the impression that this is all you have to do and you’re safe with your identity on the Internet. What I’m trying to explain here is that other measures that I teach, such as protecting your location, your IP address, your platform ids, are all useless.
If you don’t understand something this basic. All other attempts at privacy will fail if you do not mitigate being on this relationship map. I hope this information has been very helpful. I started a company to provide privacy solutions to the average person instead of just talking about problems. Today, the primary privacy solution is still to use a degoogle phone. A De Google phone is an invisible phone on the Internet.
Because it has no Google or Apple id, it cannot be precisely identified. It is also immune from being geolocated by third parties. Check that out. These phones are around $400, so they are cheaper than normal phones. It’s what I use. We have device VPN service which I started a few years ago. The purpose of the VPN service is to hide your ip address without any protection. Every interaction on the Internet will identify your home connection.
It can also subject you to man in the middle attacks where they can see your network traffic. It is very important to suppress this information. Our VPN service has worldwide coverage and is provided by an entity known to you, me. Hopefully someone you can trust. We have a Braxmail service that hides identity information from your email and prevents you from showing up on contact list. It also eliminates ip addresses from showing up in the header or in the logs.
We offer unlimited aliases, seven domains and webmail. Check that out for $50 a year. All of these are on my store on Brax. May sign up on there and you will not be asked for personal information to sign up. Thanks for watching and see you next time.