===Uncle-Daddy’s Big Book of Deception 2.0=== Non-profit and free for redistribution Written on July 3rd | 2017 Published on July 3rd | 2017 Extra (RED) Herring Edition For entertainment and research purposes only +++++++++++++++++++++++++++++ DISCLAIMER The Paranoid's Bible and its writers hold no responsibility for the acts of others. The Paranoid’s Bible is for research and entertainment purposes only. Please visit our blog for more PDFs and information: https://www.paranoidsbible.tumblr.com/ +++++++++++++++++++++++++++++ ===Preface=== When I shot the PB team a PM on their blog I didn’t expect my critique to become a quick gig of helping them hammer out a guide on deception. After much consideration and a few shots of cheap tequila, I agreed to help them out. Because why not? They have a decent idea and are trying to help the pitiful users of today’s internet. So here you guys & gals go: a guide on being a deceptive bastard on the internet and preventing people from getting a good grasp on your information. +++++++++++++++++++++++++++++ ===SEO and Privacy=== So Search Engine Optimization (SEO) is one of those magical things everyone has to learn, to an extent, for anything they do online to be successful, especially websites and blogs. It’s also one of those things that no one would think can be applied to INFOSEC but it can. To an extent, SEO tactics can be used to further rank and quickly index red herrings and canaries. Now, one thing to remember is there are such things as Black Hat SEO, which is aimed more toward search engines than organic traffic (White SEO). The truth is, regardless what tactics you plan to use, they all have a place when it comes to preventing people finding your information. You should really give it a search and checkout the various articles, blogs and forums on SEO. Who knows, you might actually find something of use that I didn’t make mention of here. +++++++++++++++++++++++++++++ ===Clone Wars=== If you’re reading this, then I’ll assume you’ve read The Paranoid’s Bible guide and the guide on OPSEC. You should have a grasp on the DOs and DON’Ts of the internet. However this will break those rules just a teensy bit in order to help you create garbage data and digital noise to obscure your real identity and information. The PB tells you that you should always use a unique username for each account and never repeat this username elsewhere, yet there is an exception to this rule: Cloning. While cloning has several names, I’m partial to the term cloning because it gets the message across—make multiple accounts across the internet using the same username but with different information concerning the basic image of its creator. When you create an account you always end up adding just a tiny bit of yourself to it. Using the ‘About Me’ or ‘Description’ or those pesky bios… you’re going to use these and differentiate each account by giving it its own persona. So while you’re following the advice of the PB team and their various guides, these cloned accounts will be vastly different. Go nuts and use your imagination but remember some simple facts. Globally, European names aren’t all that common. Look at the current global makeup of the Earth’s population. Islamic-like names of Muhammad are quite popular, as are Asian names and East Indian names. While the majority of Western sites are heavily European and Americentric, it doesn’t hurt to mix it up with a Vash or Aiko. Of course, you can then flesh it out a bit more by giving them a European or American-sounding last name and background. You want these accounts to be completely different from your own. Everything about the personas being made for these accounts are not to be related to you or your ‘main account’. You don’t want them to ever communicate with each other or touch in any way. You must keep them completely separated, which is why you’ll be making them on various forums, social media sites and chats. The more ground you cover, and the more varied the accounts are the less likely people can make a cohesive argument as why this piece of information or that data is supposed to be related to you. For example, you make an account on deviantART. They’ve a little bio app that you can adhere to your profile. So, if you made yourself a Tumblr account, then the deviantART account is to not only be different in description but also look. If you hate Undertale, then the deviantART persona loves it. You like yellow, they love blue. So on and so forth until you’ve suddenly a teenage female artist with an Asian background who moved to the U.S. and knows very little about their own Asian heritage, ergo they cling to their last name which sounds Japnese-ish. By doing this, if someone were to ever look for information to use against you or to grab your dox, they end up on a wild goose chase where they’re looking for someone who doesn’t exist. +++++++++++++++++++++++++++++ ===Dirty SEO Tactics==== There are numerous ways to pollute a search engine’s results with “dirty pages”. Their page rank might not be all that existent, however they do tend to clutter around specific search terms like a username or a piece of common information laced into profiles or bios in order to throw someone off a trail. Now, to do this you need to have clean and organic looking back links. However one good way to populate an account with seemingly organic back links is to use one of the numerous “generators” that usually end up hurting your SEO in the long run. We don’t care about the long run, though. This is a short game tactic that translates into, in the long run, a small, albeit affective little trail duster meant to help cover some of your tracks. These three links are a good start; however there exist numerous “generators” that can be used. Using these three for all of your clone accounts should help you spark a little bit of a boost in their appearance on Google and Bing. With enough accounts under a similar or the same username, you can basically pollute the search results to help cover your main account with the clone accounts. https://www.freebacklinkbuilder.net/ https://sitowebinfo.com/back/ https://www.indexkings.com/ Ensure you read the PB’s “Internet Primer” to help you reduce Ads and pop-ups when using these websites. While not intentionally malicious, numerous sites, like these, can have malicious Ads or pop-ups. They also will only give you a small boost in your garbage collecting on search engines, so always ensure you stagger what accounts get hit with these and always aim to use the smallest amount of available or offered links. A handful, like 10 or 20, will look less suspicious than, say, 2500. You should also checkout forums, which can be found easily be searching for things like “Black Hat SEO” and “SEO”. +++++++++++++++++++++++++++++ ===Get a Friend Involved=== Let’s say you’ve a friend that you really trust and they’re interested in privacy and security just like you. ==Here’s a suggestion:== Get them involved. Have your friend help you by using one of their own persona/clone accounts to accuse one of yours of being something that currently upsets the moral majority. From there, work in some fake dox and a handful of other pieces of information. Work those bits and pieces into a believable “dox” and have your clone/persona take it a bit too personally and start acting like you’re panicked. Delete the blog after a few days of the drama, let your friend’s persona/clone do some victory posting and move on. People will believe that that information belongs to you and follow that trail instead of looking for your real information. And, if you followed the PB’s namesake you should have very little information out there. You can even be lazy and just make your own callout blog to attack your own persona/clones. In the end, though, you just want to create enough tension and static to misdirect people. +++++++++++++++++++++++++++++ ===Mean Girling=== One of the best things you can do is to create a clique of totally separate and unique accounts whenever you sign up for any account you plan to use for a period of time. This clique will be referred to as the Mean Girls as they’ll ultimately be the opposite of whatever account you create and be controlled opposition. So, the purposes of these accounts are to spread some pseudo-dox and act as controlled opposition. This means if you create a political blog that’s semi-conservative, then you create (with a VPN or proxy or TOR) 1 to 4 accounts that’ll act as the clique of Mean Girls. They’ll work their way into being legit by simply following several people or accounts or whatever and have simple responses or posts that seem to fit the opposition of whatever your (main) account is about. If you can queue posts, then do so on those accounts VIA reblogs or whatever’s popular, be it fandom junk or miscellaneous images. You won’t have to spend so much time on these accounts and they can simply run off the queues, appearing to be active. Whenever the mood strikes or you want to lay down some herrings, bring up one or more of the mean girls and have them attack you, making outrageous claims and posting (obvious to you) false information, like state, location or whatever. Ignore them, don’t respond or tell them they’re blocked. This will then cause that information to be picked up by search engines and attached to the searches for your account/username, thus giving you even more ground coverage of false information in search results. Do this enough; staggering it by months or years, and you’ll have polluted your search results while not actively doing anything bad or obvious. Then, if someone does try to dox you, they’ll have to sort through all sorts of garbage data. +++++++++++++++++++++++++++++ ===Midwestern Theory=== The PB team had a guide for this one however you don’t need an entire guide for what can fit in a chapter. I won’t bore you with the excessive details but some time ago when Newgrounds was the in-thing, someone got upset at people for making the claim that there were a lot of Californians online. This led to the Midwestern netizen forced meme that quickly died out. The claim of being Midwestern is actually a good ploy when covering up your tracks. The Midwestern accent (https://en.wikipedia.org/wiki/Midwestern_accent) is easy to mimic and if you watch some Youtube videos (https://www.youtube.com/watch?v=-DlxCDlIfh0), you should find yourself being able to pick it up and force it when need be. Ideally you should never let anyone see your face or hear your voice, yet it does come in handy just in case. Mix the various “Midwestern quirks” with setting all your accounts’ time zones to “Central” and keeping tabs of the time (https://www.worldtimezone.com/time/wtzresult.php?CiID=32119) (Always pick a random city or state in the Midwest) and mix in some research on “College towns” (https://www.collegeraptor.com/college-rankings/best-colleges-in-the-midwest/)… you should be able to spice up your bios and descriptions with something akin to a specific college team or name dropping a college or university that you go to and study at. So when you log off or leave your account, stating something like “OMFG! It’s 12:30 am! I have to go and sleep! I have a compsci class @ 9!” Keep this up with several accounts, adding in the oddball California town or Florida town, and you’ll have created enough static to keep people scoping out the wrong area for information. Though keep in mind that a lot of plant life in the Midwest tends to spread out into non-Midwestern areas. Take a picture or two of common plants around the US that appear in the Midwest, too. Figure out what’s a common park or nature preserve in the area of your false town/city and look at the common trees or plants in the area. Take a picture of something that is in your area that is in that area, too, and tag it with #Yellowstone park or whatever is popular in that area. And suddenly… you’re a Midwestern grilling in sub-zero temperatures because you want your burger. Don’t forget to show your almost zealous obsession and support for that area’s sports teams and no one is going to suspect a thing. Maybe spice in some local news from the area and make a comment on the weather (It isn’t that hard to look up a weather report through Google) and you’re good as Gold. You’re a real Midwesterner now, bro. ==Note:== You can literally apply all of the above to any state or location in the US. Get creative, spread the trash. +++++++++++++++++++++++++++++ ===Positivity Feeds=== When creating clone accounts and applying the above, it’s best to leave a few accounts aside for picture or quote spam. These accounts, if they have queue functions, can serve as a means to wipe out image and search results with positive trash. This means you could create a flickr and photobucket account with nothing but .gifs of cats playing or images of literal plants. Apply this to several accounts, applying very little in the way of black hat seo, and you may be able to create what we call a positive feed. These are neutral or positive results when people do a search query on you, your accounts or usernames. They’re literally nothing but junk data yet they’re not bad either simply due to the fact it’s kittens or puppies or plants or images of cute girls doing cute things or even smug anime girls. Working through enough accounts and mixing in positivity feeds can ultimately help hide information but is also a good way to drain out any call out posts or so called dox drops. +++++++++++++++++++++++++++++ ===Be a Good Person, Share=== The PB team has in their namesake guide way to opt out of Google maps, among others. Take the information for getting out of Google maps (and others) and make a flyer. Print it out, take it to Kinkos or some other print shop, or go to your local library and print some copies there. Make some wheat paste (shown below) and paste them all over your town (Put paste on wall and smooth, then put your poster up and slather on paste and smooth it on it too.). Soon a whole mess of people will be blurring out their houses on the online maps, and this in turn messes with the real estate sites to the point of anyone trying to look up your information finds a mass of blurred out houses. This causes a mix of the “Streisand effect” and reasonable deniability. ==WHEAT PASTE HOW-TO== Flour (wheat works best) Sugar 1 Cup of Water Container with a lid • Boil a cup of water. • Put 3 tablespoons of flour into a bowl • Add 10 teaspoons of cool water until it forms a runny mix • Once the water has boiled, add the runny mix to the boiling water. Stir well! • Keep stirring. The mixture will foam up while it boils, so the constant stirring is essential to keep it from bubbling over and to keep it from getting chunky. • Keep the mixture boiling for 2 minutes. • Take the boiled mix off the heat. Add 2 tablespoons or more of sugar (added strength) • Let it cool. Pour into an appropriate container for carrying with you. It will keep well for about a week. • Learn more @ https://destructables.org/destructable/wheatpaste-recipe-putting-postersbillboard-alterations • Spray with a clear sealant or hairspray to help weatherize and make the poster last longer. Police, military members, and their families can opt-out of a wealth of databases. Some take it to the extreme and have their houses blurred out. If enough people in your area begin to blur out their houses and look into other means of removing their information, you’ll soon see a bit of a trend that can affect several blocks when it comes to viewing houses on any online map. This means that you can not only safely blur out yours but it’d be near impossible to guess whose house is whose. It’s only defeated if they have an address, and that’s if it’s actually your address to begin with. Let these people rant and rave as they knock or send a malicious package to the wrong house. If anything happens, since it broke into the realm of reality, they’ll end up being arrested and charged with several crimes. ==Fun fact:== Not many places care about doxing, especially the police. Most modern “dox” is openly available information. This is why you must work toward suppressing it through opting out of websites and databases. If someone takes it from the internet to the realm of reality, lawsuits and arrests can happen. +++++++++++++++++++++++++++++ ===Don’t Neglect Reality=== No one’s denying the PB’s effectiveness when it comes to lessening the overall data of yours online, however until they discuss ways to limit information bleeding offline you’ll need to take a few extra precautions outside of creating noise and lessening your data. They do have a PDF on how your privacy’s invaded, yet that only covers so much. Be a little bit nihilistic and apathetic. Don’t care as much and don’t react if you are doxed or some gets a bit too close. Ignore them; work on lessening your information. In the offline realm however you should work on creating some good for yourself. This means work on cleaning up your neighborhood, keeping your property clean and being nice to your neighbors. Look into doing some volunteering and charity work. Create some good will toward yourself and lessen the general impact in case anything comes toward you and your life. By doing this you can create a large support focus toward you and what good you’ve done. People will be in disbelief and outright call the claims made against you false. Ever wonder why politicians and famous people, even the internet famous, never get much crap and have an unusually large support behind them? What they do is quite simple: Act like a good person. With bit of charity under your belt and by observing social protocols enough by simply greeting people and saying your “Please” and “Thank yous” you’ll create an air of being someone half way decent. People will see this and any accusations made against you will result in either demand for blood or death of someone who dares attack you. Now you shouldn’t encourage the bloodlust or wanting of death, however simply using your time wisely and helping your community can act as a good cover. Someone comes around and harasses you; someone who might have power will come to your aide possibly. It also doesn’t hurt to remove your information and have it replace with falsified information. Checkout https://reddit.com/r/freebies and keep an eye out for free magazine subscriptions. Fill out a few, regardless what they are, with your home address and a burner cell’s number. The name can be made up, possibly made to match the cultural and ethnic makeup of your area. Think about it. What are the most common people in your immediate area? White? Black? Hispanic? It doesn’t matter as long as you pick the majority and follow suit with their name. It’ll help further push that static to help cover your tracks. So if you’ve a large number of Hispanic families in your area, using a Hispanic sounding first and last name on your free magazine subscriptions can help you replace all your removed database records with falsified ones. Go the extra step, load up on other freebies. Anything you don’t need or want can be donated to a number of homeless shelters or shelters for women and/or children. Gives you an extra push in being a good person too! +++++++++++++++++++++++++++++ ===Afterword=== Outside of following the PB’s advice, using a VPN, a non-propriety OS and not touching social media there’s not much else you can do. While being deceptive and sprinkling lies and half truths into your conversations and online shenanigans helps, most of us who were born in the 80s and 90s have screwed up royally and will never truly be un-doxable or secure. Work toward anonymity and spread the PB’s information to as many people as you can. I should note however that your text and how you type can give you away too. Look into using a text editor and use Basic English spelling and grammar. Mix in some chat speak and some texting quirks and you should be able to keep the personas even more separated and unique.