thelinuxfraud

If you think that nobody cares about their online safety today, imagine how they were five, ten or even fifteen years ago. Back before the threat of online threat actors were a widely known threat. Well, I guess even nowadays nobody really thinks or cares about what bad actors are doing online – until their identity is stolen because of a data breach and I’m sure even under those circumstances, there are people out there who are going to do absolutely nothing about securing their presence online. I don’t think you need to go all Edward Snowden and start running Whonix or Qubes OS – that’s a little overkill, but hey more power to you if that’s your thing – but people should at least make a few simple steps towards hardening and securing their online lives. Now if you don’t go online or have any need to have an online presence – awesome. That’s literally the best way to stay safe online. Just don’t use it. We all know though, that’s not the case for most people.

If you’re the one person who reads my blog, or whatever you want to call this thing, then you are probably among the small percentage of us who care about, or are at the very least, conscious about your data, privacy and online security. As I’ve said previously, most people don’t give a shit about that kind of thing. That is, not until something happens to them or a close loved one. Then they start thinking “Oh man, I’ve got to do something about this” so what do they do? Why they go and get a trusty ol’ VPN! Their favorite youtuber recommends them all the time and they are the only thing you need to stop those bad hacker guyz from pilfering through your computer. Plus, you can use it to watch Canadian Netflix! Win/win.

But wait, those VPN’s that your nonsensical youtuber has recommended? It’s like fifteen bucks a month. You could get it for only five bucks a month if you drop 150 dollars right from the jump. Do you want to spend 150 dollars? Besides, Claire, your friend who got hacked, is a dumb bitch and you’re not going out like that, right? So you open up the handy dandy app store on your overly priced iPhone 15 Pro MXI and you search for ‘VPN’. What comes out of your search? A shit ton of VPN’s, that’s what. Who knew there could be so many – you thought the only ones out there was Nord because that’s what everyone on youtube recommends. But, no! There are a bunch of awesome free VPN’s right here that you can use. That’s a hell of a lot better than 15 bucks a month or even dropping almost 200 dollars on something that you can just get for free, right?

This is one of the many top rated virtual private network services that you can get on the Apple app store. It’s called X-VPN. It is #26 in Productivity, has over 370k four star ratings and from the comments, people absolutely love it. Now, in the recent past, Apple made it mandatory for app developers to tell it’s users what kind of data the app collects, if any. Let me give you the list of shit that this super popular VPN collects. There are three different categories;

  1. Data Used To Track You

    • Location
    • Usage Data
    • Diagnostics
    • Identifiers

  2. Data Linked To You

    • Location
    • Usage Data
    • Diagnostics
    • Identifiers
    • Contact Info

  3. Data Not Linked To You

    • Usage Data
    • Diagnostics

Like come on, man. That’s just horrible. But people love it! Because they have no idea that this company, based in Hong Kong too btw, is siphoning data left and right from it’s users and sending it right back to the CCP. That’s the Chinese government if you didn’t know.

It’s just crazy to me that people blindly allow these companies to do this to them. And look, I get it. I’m not perfect when it comes to my online privacy/security because there is no way to be 100% perfect. It’s just impossible.

But people can do a few things to boost their privacy/security online like using strong passwords and taking advantage of a password manager. Bitwarden is a good one. But you can easily separate your digital life by using a few different email addresses or email aliases. You could also really take a look into the services that you’re using and decide if you really need it or not. I get that you can’t get rid of every evil service. Hell, I hate Google but I use youtube because.. Well because I like youtube.

But you get what I am saying, there are simple things that you can do to make yourself just a tad bit safer while being online. For example, don’t use these fucking VPN’s! They’re horrible. Go use something like Mullvad or IVPN. Because they’re on the app store too and guess how much data they collect – none.

Stay safe and be wary of the products and services that you use. They’re not all good!

But like.. No, shit. Right?

Are people still, in our Lord’s year of 2023, surprised to hear that big tech companies such as Google, Amazon and Apple have sucked us dry of our data? And then use that data to create detailed profiles of us all? This screenshot is from an article that I just read and in it, they cite some research made by some engineers over at McKelvey School of Engineering at Washington University in St. Louis. Here is a link to their findings.

https://dl.acm.org/doi/10.1145/3618257.3624803

They don’t really say anything that is too surprising or new, and they mostly talk about how big tech companies are not at all transparent with us, the customers, about what they’re doing with the sensitive information that they’re siphoning from us. No shit.

These companies have been doing this kind of thing for a long time. I’m sure that they weren’t like this in the beginning times of their companies, when they didn’t exactly know how valuable user data actually was. The pure times of the internet, if there ever was such an existence.

This post doesn’t really hold any weight in any regards, I just thought that it was funny that a team of engineers submitted information about how smart speakers, just like any other “smart” device, collects an abhorrent amount of data on whoever owns that device. As if we didn’t know all of this already.

Don’t use Amazon devices if you’re able to. Just go get a bluetooth speaker and preserve the good ol’ days.

At some point this year, youtube decided that they were going to start rolling out a warning to it’s viewers whom use a neat little extension called the ad blocker. If you don’t disable it, they could potentially stop video playback on your device. You know, something like uBlock Origin (they call that damn thing a content blocker, not just an ad blocker) which will literally block any and all ads on youtube videos. It’s like finding the golden ticket to life if your life is really boring, because let’s face it ads fucking suck. And I’m being honest here, I hate them, especially on streaming services like hbo and paramount. I don’t like them on youtube either and ublock helps with that as well – but the thing is, ads on youtube are, in my mind, a little different than on streaming services.

Again, I do have ublock installed on my computer and it does block youtube ads like a goddamn champ – but I rarely ever use my computer to consume youtube in the first place. 98% of youtube videos that I watch are on my phone while I’m at work and so I don’t get the luxury of an ad free experience and honestly, that’s alright. At least on mobile, you’re only waiting a max 15 seconds (30 once in a blue moon) on an ad and most of them let you skip it after 5 seconds anyway. Plus, those ads are helping the creator of that content. You know, that content that you love so much and are able to watch anytime for free. I don’t know about you but I really like some of the youtubers and creators that I watch. There is some really dog water ass content out there on youtube, that’s for sure. And the creators of that content aren’t much better – but there are a lot of really solid creators out there and those ads help them out. Hell, depending on the video/youtuber I’ll just let the ad play, especially if I’m just throwing it on in the background.

Don’t get me wrong, this whole adblocker blocker thing is fucking dumb because there is no way that there is enough of us who use ad blockers, for it to be really costing them much comparatively to what they make and what youtube/google is worth. Youtube kind of hid behind the “Creators need to get the money they deserve” stance and while that’s 100% true, youtube gets 45% (at least that’s what I found when I tried looking it up) so they want their share for sure. But come on, those youtubers are doing fucking great so they’re doing even better.

These statistics could be 100 percent false but it’s some quick financial stats on youtube:

  • YouTube generated $29.2 billion revenue in 2022, a 1.3% increase year-on-year
  • Over 2.7 billion people access YouTube once a month
  • YouTube Premium reached 80 million subscribers in 2022

Now that’s just ripped right off of fucking https://www.businessofapps.com/data/youtube-statistics/

don’t click that link, it’s got like 12 fucking trackers in it. But that’s where I got the information – it could be horseshit. And all of these stats are outdated so I wouldn’t be surprised if their numbers didn’t look at least something similar to that though. Probably even higher. I read from two sources that youtube premium has actually hit 80 million subscribers but one was from 2022 and the other is that link right there – that’s from earlier this year. I’d bet that they’re close to 100 million by now, but regardless. Say it is 80 million subscribers – as of now, oct 17th 2023 – youtube premium is either 14/month or 140 dollars a year. Say everyone paid for a year subscription, which they didn’t. Cause 140 bucks can be a lot of money and people are more apt to have at least 14 bucks on their debit card that they can use. Even at the “discounted” 140 a year that’s like 11200000000 many dollars. Dude just in premium subscribers they make over 11 billion dollars a year. I get it, that’s not all profit but damn. And look at how well youtubers do, especially the controversial ones. If they’re making a shit ton of money, so is youtube. They don’t need to do this whole ban on ad blockers because compared to what they make – there is no way that there is enough of us that even use ad blockers to really make a dent. Most people couldn’t give a flying shit about privacy, security or any of that shit when it comes to using the internet. I just looked up ublock and it’s got 10 million + installs on the Chrome store and another 6 million over on firefox – so not even a quarter of just their paid members. There is supposedly like 2 billion plus active users a month or some crazy shit – many of them watching ads and most definitely not using an ad blocker, so I think it’s dumb. But that’s just me.

I don’t know, I thought about making a video on this but I didn’t think that there was really enough to talk about but now that I’ve written this out, I feel like I probably could. Because there is the whole ad blocker thing, but then there are people out there that bitch about people being able to make a living on youtube – or more specifically they think that having ads on your videos turns you into a corporate cog and it diminishes the art. Then there are the people who only look at youtube as a business, and I mean that’s cool. But that content usually sucks because the videos that are good, are the ones who’s creator actually cares about their content and their audience and just genuinely loves to create shit. And guess what, they’ve got ads on, baby. And I don’t blame a single one of them.

The internet has become a staple in our everyday lives and the truth is, most people just don’t care about about their privacy when it comes to being online. It is very obvious that the more private and secure you make your online profile — the less convenient it becomes. Nobody wants to log into Twitter, Facebook or TikTok every single time they open up the application on their phone or computer. That is just tedious and ain’t nobody got time for that. Frankly, I don’t even want to have to login to sites that I visit everyday or even multiple times a day and I highly advocate for online privacy and security. We, as people, have become accustom to instant gratification and that bleeds into something even as small as needing to enter a password or not. For the most part, we will take the easier and more convenient option even if that means leaving a trail of fingerprints everywhere we go on our technological “yellow brick road”.

I want to acknowledge that there is a difference between online privacy and online security. When we talk about privacy, we’re talking about how browsers fingerprint your activity by tracking your IP address, your location, what operating system you use, what type of computer you own and even the size of your monitor. If you are interested in seeing what type of data the most popular browsers (and some lesser known browsers) actually collect from you, check out this website. When we talk about security, we are talking about how secure your system and online profile is overall. They blend together, and in this article I use them somewhat synonymous together, but just know that even though they go hand in hand they’re also different. I wanted to point this out because in the next section we’re going to go over some simple steps you can take to become more secure and private. It’s just that some steps will make you more secure and some will make you more private. If this sounds confusing, think of it this way. A password manager is a highly recommened application that, I believe, everyone should be using. Although using a password manager and secure passwords will make you more secure, it doesn’t mean that it will make your browsing private. Removing telemetry options or enabling a VPN to obfuscate your IP address are steps that would make you more private rather than secure. I wanted to explain this just so you know the difference.

Is balance possible?

The reason that most people tend to not care about their privacy online is because it can be tedious. As I have already said, the more secure you become the less convenient your online life becomes. When you start adding long and hardened passwords, two factor authentication, email aliases, etc. It can become a lot. Now you could jump in head first and start using something like TailsOS, booting off of USB’s and then deleting everything that you did on that computer once you power off the device but that isn’t very practical for everyday use. There are just 3 steps that you can take today to start being more secure and private online and they’re not even difficult steps to do.

  1. Password Managers

This step will make you more secure rather than private, but these days it is an absolute necessity. You should never be using the same password for different accounts. Especially sensitive accounts such as your banking institution. Along with not recycling your passwords, they should also be secure. I recommend a password be no less than 20 characters long with varying upper and lowercase letters, numbers and symbols. Some websites limit you to 14–16 characters (which I think is absolutely wrong) so in those cases make it as long as you’re allowed to. Once you have a password manager set up, you no longer have to worry about remembering long and complicated passwords and you never have to worry if you’re passwords are too short or crackable. There are only a few password managers that I would recommend and those are;

Any of these three selections would work great. I will say that Bitwarden and 1Password are more ‘user friendly’ in that they are cloud based. You setup your account and master password and the vault is then stored in the cloud. KeePassXC on the other hand is self-hosted so it is aimed at more the advanced computer users. Bitwarden also has a self-hosting option as well if you’d like to look into that.

2. Choice of browser is important

There are many browsers in the world these days. From Google Chrome (The leading browser today) to Safari, Firefox, Brave, etc. If you are looking to take your privacy and security a little more seriously then I suggest switching to an open source browser such as Brave or Firefox. Out of the box, Brave has the most sane defaults for privacy without sacrificing any convenience. Firefox would be my second choice but if you use Firefox, it is suggested to tweak a few settings to harden it even more. This is a free world and you are of course allowed to use any browser that you want, but if privacy is something that you are becoming interest in — do not use Google Chrome. They are the leading browser today and they’re also the biggest culprit of data collection. If you currently use Chrome and want to get away from Google’s absolutely absurd amount of data collection — check out Brave. It is a chromium based browser, meaning it’s pretty much Chrome, without all of the nasty data collection.

There are also other less known browser out there that are hardened a lot more out of the box such as Mullvad Browser and Librewolf. These browsers are great for when you are out at a coffee shop and you have to use public WiFi to connect to the internet. These browsers usually have a lot disabled out of the box such as browsing history, cookies and telemetry. They’re good for quick searches and casual browsing and will not leave much fingerprinting if any at all. The great thing about these browsers is that you can use one of them or all of them! A lot of people in the privacy/security community would, for example, run Brave as their main browser that they use for social media and other accounts when they are at home on their personal network. Then if they’re out and about using something like public WiFi and needed to do some browsing, they’d pull up something like Mullvad or Librewolf. Personally, this is what I do.

3. Using a VPN

Contrary to what your favorite Youtuber says about that big VPN company that they’re shilling to the masses — VPN’s will not protect you from everything. A lot of people are confused to what a VPN actually is. It doesn’t make you completely hidden on the internet and it doesn’t actually make you 100% secure either. Don’t get me wrong, they’re an extremely helpful tool if you use the right ones, but they’re not the end all be all of privacy and security. Think about it like this — You get a brand new luxury vehicle. It’s a 2022 red Mercedes Benz. Now you go and take your brand new car out for a drive and because it’s a beautiful day out you decide to speed down the road. Then you get pulled over and now the police have all of your information about you and your vehicle. You stand out like a sore thumb and that’s what happens to your online personality when you do not use a VPN. Now imagine that you and everyone in your town gets the same exact car. A used Silver 2015 Toyota Prius and you all leave for work at the same exact time and you all travel the same exact route every single day. Now, you are you’re own person driving that car just as your neighbor is and same with his neighbor. The difference now is that when you are driving down the road, nobody can tell who is who because everybody is driving the same exact car with the same exact license plate. This is pretty much what is happening when you use a VPN. It just masks your identity so that it is a lot harder to identify you. Now, the caveat is that you don’t want to run a VPN constantly. It wouldn’t make sense to run a VPN and then go and log into your Gmail account (Why are you using a Gmail account anyway) which exposes who you are. You only really want to use a VPN whenever accessing public WiFi or even your WiFi at work. If you are looking for a VPN provider, here are the only ones that I recommend you use.

Conclusion

So these were just a few easily configurable steps that you yourself could take if security and privacy is something that you are intersted in. If there is somebody out there that is reading this and thinking “Pssh, I don’t care that companies suck me dry of my personal data — I have nothing to hide!” To those people I say.. A lot of people have nothing to hide. That doesn’t mean that we want big corporations leeching and selling our data. If you don’t care about online privacy and security I beg of you to just take one of these steps. The easiest step to take is switching browsers and just doing that can be a huge step. If you are a person who doesn’t care about online privacy then I am going to assume that you’re probably using Google Chrome as your browser. Do yourself a favor and delete Chrome and replace it with Brave. It’s the easiest service to switch and you’ll be helping yourself a lot just by doing that one step.

I love to write and like.. type. I really enjoy the act of it, and I enjoy putting words in my head down on paper or I guess more so a keyboard. But, I warn you – I’m not good at it at all. These are just ramblings of a soon to be mad man and literally, nobody is reading these. Maybe one day though.

I got a comment on one of my videos over on youtube like, a month ago. Someone asked me what my plans were for the channel and it really got me thinking. I thought about it and then I realized that I have no idea what my plans are for the channel. As of late, the majority of my videos have been Linux related as well as touching on the subjects of security and privacy online – somewhat. This is the first time I’ve actually put forth effort into making videos and actually trying to be somewhat consistent. They’re not phenomenal by any means, but I have fun making them. Even though I haven’t posted a video in about two weeks now, but there will be more videos that’s for sure.

See I’ve only been making videos about linux for a few months, but I’ve wanted to make videos for youtube for a really long time. I just never knew what kind of videos to make. And not to mention that I was super self-conscious about recording, I still get like that sometimes, but not as bad as before. I gave a half ass attempt in the past when I was into sleight of hand magic and illusions, mostly with playing cards, and I tried doing that when I was younger – but when I grew out of magic and that whole art form, I obviously stopped making videos. Don’t get me wrong though, I still love all that magic has to offer, I just wanted to do something more. I wish I had some footage of some of those old videos that I used to make – they were not good whatsoever but it’d be fun to watch them.

I only started making videos about linux just this past summer of twenty-three and I’ve only been using linux as my main operating system since twenty-one, so only a couple of years. I started making the videos because A.) I needed some type of topic to get my ass started on making videos again and B.) It was something new that I was into, I had learned a good amount in the first 1.5 years that I had been using linux and not surprisingly, there is a big enough community surrounding all that is gnu/linux and all it has to offer that you can actually make videos about linux and people will probably watch.

But I Have A Problem

I like the process of shooting, editing and creating these videos more than I actually like linux itself and just like what happened with magic, the same thing is happening with linux. I absolutely love linux and the community behind it and I would be so bummed if I had never found out about it. It genuinely has been awesome, and I’ll forever continue to use linux like I have been – but I want to create more. You know? Have you ever had that feeling where you just want to do more? Well, that’s how I’m feeling. I don’t think I’m just going to abruptly stop making videos surrounding linux and tech – I just know that at some point in the future, it's gonna change.

The reason all comes down to a single font type.

One of the best things about Linux is that you can customize and theme your desktop experience in almost anyway that you can think of. You can make it look like MacOS and even Windows if you’re into that kind of thing. Or, you can make it look completely different in every way. You can use desktop environments or you can use standalone window managers. Linux truly gives you choice and that’s what many people love about it.

I have themed my desktop ever since I started using Linux. I’ve themed GNOME, KDE Plasma and tiling window managers. Since I can remember, I have always used the Nord color scheme because let’s face it – It’s awesome! Seriously, if you don’t know about the Nord theme – check it out https://nordtheme.com/

Now, applying the Nord theme to GNOME or Plasma is very easy. You just install the theme (or any other theme that you want) from https://gnome-look.org, and then you apply it in your settings. Theming a tiling window manager is a little different, but still relatively easy after you do it once or twice. Also, it doesn’t matter what distribution that you are on because you can apply themes to any distro. Although, there is something that you can’t get on every distribution – at least not in my experience.

There is a font called *joypixels* which enables icons/emoji styled fonts that you can use throughout your system. On Arch it’s very easy to install because the joypixels font is right in the Arch repos. With a simple **sudo pacman -S ttf-joypixels** you’ve got the font installed. This is not possible on a distro, say for example, like Fedora. Both distros are obviously free and open source software but the difference is what software they allow in their repositories. Fedora will not allow any proprietary software in their repos, but Arch has no problem with it. Well, the joypixels font isn’t open source software which means that you can’t just easily install it on something like Fedora. I believe that goes for distros like Debian and Ubuntu as well, but don’t quote me.

Anyway, the reason that Arch has ruined every other distribution for me is because it literally has everything. If a package you need isn’t in the repos, you can easily get it from the AUR and being able to do that means that you never have to worry about *not* having the packages that you want and need. Because it’s so easy to get any package, it makes it tough when you jump to a different distribution and have to jump through so many hoops just to get a single fucking font.

So, thank you, Arch. You have trapped me and I don’t see myself using any other distribution in the future.

Thanks for reading my convoluted blog post.

I am not an ethical hacker by any means or a security researcher and I don’t do any type of threat analysis for a job. I don’t even work in the IT field. I started to become interested in ethical hacking and cybersecurity in general a couple of years ago – that’s actually how I was introduced to Linux. Since then I have realized that I wouldn’t really thrive in an office type workplace and with all of the layoffs in the IT and tech industry recently – I would be battling against some heavyweights. I’ve also realized that my passion is creating videos but that’s not what this post is about.

Then What’s It About?

I recently logged back into Reddit, which I haven’t done since the whole API drama, and I noticed that somebody commented on a post that I made like eight or nine months ago on r/ethicalhacking. I frequented that subreddit a lot in the past and while I was there, I noticed that so many newcomers would always post the same question.

Hey guyz so I really really really want to make ethical hacking my life long career and I have a passion for computers and I’d just love to be an ethical hacker – HOW DO I START?!

Because of this question, which would be asked multiple times a day, I decided to make a post and list a bunch of different resources for beginners, intermediate and even advanced people that want a list of for anything from cybersecurity blog posts and news, creators on youtube that focus on the subject, podcasts and much more. It is of course still over on r/ethicalhacking as it’s pinned to the top of the subreddit – I wanted to create that list somewhere else in case Reddit blows up or some shit and then all of the great content and resources that are on that website disappear or something lol. So that’s what this post is – a backup ;)

Websites:

https://notes.siira.io/ – This is Linux Journey. If you don't know anything about Linux and the command line then start here. Seriously, start here.

TryHackMe.com – this website is great and teaches a lot of those fundamentals that you need. There’s a free tier but I suggest paying 10 bucks a month if you can because it’s well worth it for the extra courses that you can get.

HackTheBox – this is more intermediate. They’re vulnerable boxes that you can practice on. Basically CTF’s (Capture The Flag) they also have an academy site that’s like THM but I think tryhackme is still a better bang for your buck academy wise.

ITPro.Tv – This website has a bunch of courses for everything. Linux, Windows, MacOS, networking, hardware, etc. Literally everything.

Youtube.com – You may think that this isn't as good as the other websites but I swear that there are some really good tutorials on youtube. I'll go into some people to watch below.

Teachers

The Cyber Mentor

This guy is amazing. He has a YouTube channel (search ‘the cyber mentor’) and has tons of good videos. He has a free 15 hour ethical hacking course right on his channel that’s got great information. That’s a portion of a paid course that he has on his website. Go to www.TCM-security.com and there is an Academy tab somewhere near the top. The full course called Practical Ethical Hacking is like 30 bucks I think? Completely worth it. I highly suggest checking out the free 15 hour or so video on YouTube and if you like that – get that PEH course. 30 bucks is nothing in this space and you get it forever. He’s also got other courses on there that are well worth it.

Professor Messer

He's a good guy to watch to learn about networking and all the CompTIA exams. You don't have to get certified but it will help you greatly when it comes to finding a job. Just search him on YouTube and you’ll find him. I can’t stress how important it is to get a good foundation on networking before jumping into the hacking part. I messed up when I first started because it is boring to learn. It’s just dry. Learning about TCP/IP protocols, the OSI Model, etc. at face value it’s boring as fuck. But when you realize that you need this information to be a good pen tester (or just working in IT) it helps. Hell, I’m still working on getting better with networking myself.

HackerSploit

This guy is one of the best on YouTube. He is extremely detailed and I don't think you're going to find someone that is much better than him in my opinion.

John Hammond

He is up there with Hackersploit and The Cyber Mentor. He's got tutorials but he also has a lot of in depth videos about malware and a lot of different cybersecurity related topics.

Mental Outlaw

Good youtuber to check out to learn about security news as well as Linux topics.

David Bombal

Great information as well as very good interviews with cybersecurity and IT professionals.

Network Chuck

The most mainstream youtuber of this whole list, but he still know's what he is talking about for the most part. His videos are a great starting point if you don't know who any of the other people in this list. Some people may find him a bit too overzealous and annoying but the information he provides is pretty solid.

Podcasts To Listen To

  • Darknet Diaries
  • The Cyberwire
  • Hacking Humans
  • Down the Security Rabbithole
  • Defensive Security Podcast
  • Malicious Life
  • Defensive Security Podcast
  • Hackable?
  • Brakeing Down Security

News/Articles/Blogs

Hello and welcome to the blog of The Linux Fraud. This is basically just a place where I can post my thoughts and ideas. I run a little YouTube channel called “The Linux Fraud” where we cover topics including Linux, privacy, security and just tech in general. While I love those topics, I also enjoy other things such as photography, film and history. While tech, history and film don't really mix well in the sense of a YouTube channel – I can talk about any and all topics here on this blog. That's the idea – a potluck of letters and words strung together in anyway to form sentences that my scattered ass brain puts together.

I hope you enjoy your time here <3