Some of my many opsec mistakes: - Buying domains with a credit card - Using AWS with my name and credit card - Doing KYC with CloudFlare - Showing my face at conferences and podcasts - Antagonizing KYC Bitcoin companies - Not being careful about nostr posts, which cannot be deleted

Replies (90)

BTC_P2P's avatar
BTC_P2P 2 years ago
Thanks for sharing your wisdoms
Default avatar
nobody 2 years ago
Anon is almost impossible in this day/age. Great post.
Thank you for the insights. Good lessons for those fortunate enough to learn by observation this time around. Make sure you have a normie profile separate from your OpSec profile as well for all of the everyday items you’ll be doing.
That's my thinking. That if they get me they get me. What can I do. I cannot do anything useful, effective or important to fight the dark side. Just a few notes and comments here and there. What's the point of taking all the precaution? Or it's my lazyness.
Yah I am having to reevaluate what I am putting out there on the internet. I did find that some of the hosting platforms actually accept bitcoin.
Another option is buy prepaid CCs with cash in stores with basic or no camera coverage. Then use Tor to visit domain registery.
Well, it would help the authorities know who they had to strong arm. If he was completely undoxxed it would be harder, right? Assuming nodeless was hosted on AWS etc
Kendy's avatar
Kendy 2 years ago
Not completely sure. I’d speculate authorities could just work backwards through the webhost to shut down services if he did not comply. Maybe all they needed was ip addresses or numeric identifiers from the vendor account. Maybe real name wasn’t needed to shut all his stuff down.
I think about this, too, but also know it’s easier to trust social media when you see β€œreal” people. I think it depends on how you want the world to see you and how that affects your ability to interact with it.
Thanks for sharing so people can learn. The inability to delete messages is both a truly excellent feature, while also a little problematic; such as in the instance you described, but also problematic for people who might get unknowingly entangled or snared into copyright/trademark issues/lawsuits for posting an image/text/document without legitimate authorization from copyright/trademark owners or trolls. Without the ability to take the note/post down permanently and comply with the cease/desist orders, this can become a living nightmare for some.
At this point, consider yourself observed also on Nostr. Consider to completely stop sharing until you've spoken to a lawyer about the situation. They try to put as much dirt on you as possible, don't give them any (more). Best of luck πŸ™
Default avatar
nostrnormie 2 years ago
I think the not being able to delete posts is one of the strongest reasons to use a nym. We’re constantly seeing people’s old tweets being dug up from 10+ years ago when the tweeting culture was completely different from what it is now. So imagine 10 years from now, if nostr has a super strong search function and has become big enough where people dig up old posts…will the culture that’s the norm here currently still hold up then? Hard to say.
Drew F's avatar
Drew F 2 years ago
Please don't regret posting honesty on nostr. Honest is a brave way to be sometimes.
Kendy's avatar
Kendy 2 years ago
Those who live in a less communist jurisdiction than Canada
🫑 Thanks for the honesty and postmortem (mid-mortem?). So, what can we learn from this? 0) If you want to make a difference, regardless of how right or moral you are, you should probably be more paranoid and careful than you are now. Things could get more authoritarian than they seem now. 1) Hosting: some options 2) Use a reseller or see #1 3) I can understand the legitimate reasons why people use cloud flare, but they are an anathema to privacy and are taking over the web. We need better ways to combat problematic users without the CF goblin. 4) Either go @UNCLE ROCKSTAR and cover face (though voice matching is trivial these days) or disassociate your developer self from your legal/official self (though this might preclude invites to conferencesβ€”a paradox?) 5) I dunno what to say here. They suck and probably deserve antagonism 6) Think before you post. Always use a VPN/Tor. Carefully screen images for unintended content and strip metadata for what you post ⚑️🫑πŸ’ͺ thanks for being open. You are on the front lines currently but we are in this together
Sikto's avatar
Sikto 2 years ago
But now everyone knows
Just cloned all 15 repositories off of GitHub. You never know what they will censor next
Let's be honest for a second here. Sure, not doing any of that would have delayed the detection, but can one otherwise truly hide their identity while being relatively active on social networks, developing a project, or providing an online service? I'm not talking to you, Satoshi. You might have actually made it, but that is an exception. View quoted note β†’
I think if one is seriously concerned about opsec, they should pull the plug on everything and start all over. Then, as a genral rule, treat everything as if it’s compromised. This is also coming from someone with bad opsec. My paranoia can only go so far.
Default avatar
Deleted 2 years ago
Nostr is the worst platform for privacy ;)
Default avatar
nobody 2 years ago
Just pay the tax and get back to your roots. BTC needs your voice today more than ever.
↑