Some of my many opsec mistakes:
- Buying domains with a credit card
- Using AWS with my name and credit card
- Doing KYC with CloudFlare
- Showing my face at conferences and podcasts
- Antagonizing KYC Bitcoin companies
- Not being careful about nostr posts, which cannot be deleted
And these contributed to having nodeless taken down, I suppose?
I doubt it. The timing of his note is likely coincidence.
Well, it would help the authorities know who they had to strong arm. If he was completely undoxxed it would be harder, right? Assuming nodeless was hosted on AWS etc
Not completely sure. Iβd speculate authorities could just work backwards through the webhost to shut down services if he did not comply. Maybe all they needed was ip addresses or numeric identifiers from the vendor account. Maybe real name wasnβt needed to shut all his stuff down.
You live in a commie state, doesnβt matter how good your opsec is
That's my thinking. That if they get me they get me. What can I do. I cannot do anything useful, effective or important to fight the dark side. Just a few notes and comments here and there. What's the point of taking all the precaution?
Or it's my lazyness.
Thank you for your unintended sacrifice. By sharing all this, it serves as a reminder to the community 1) We are firmly in the "they fight you" stage. 2) stay vigilant and 3) continue to practice good opsec.
Thank you for the insights. Good lessons for those fortunate enough to learn by observation this time around. Make sure you have a normie profile separate from your OpSec profile as well for all of the everyday items youβll be doing.
Thanks for sharing so we may learn.
Just a helpful list in general, this entire thing has convicted me to be way more anxy
ππ½
Iβm so sorry this happened.
Thanks for sharing your wisdoms
Your face and name is safe with me π« I have amnesia π
How to buy a domain without a credit card please?
Another option is buy prepaid CCs with cash in stores with basic or no camera coverage. Then use Tor to visit domain registery.
BTCco prepaid Visa cards
I honestly wonder at least a couple times a week if I should stop using my real name and profile pic.
my lineage is well dressed skeletons
I think about this, too, but also know itβs easier to trust social media when you see βrealβ people.
I think it depends on how you want the world to see you and how that affects your ability to interact with it.
These are fair points and I believe the success of Nostr Plebs and my travels speaking about Nostr at various conferences has benefited from being doxxed. I could be wrong.
Itβs similar to people preferring to meet up in person with someone using Facebook rather than Craigslist.
Doxbook
All good points. I guess it also depends on the conference, which ones were they?
Fuck me.
I typed them all out and almost hit send.
π€£π
I think the not being able to delete posts is one of the strongest reasons to use a nym. Weβre constantly seeing peopleβs old tweets being dug up from 10+ years ago when the tweeting culture was completely different from what it is now. So imagine 10 years from now, if nostr has a super strong search function and has become big enough where people dig up old postsβ¦will the culture thatβs the norm here currently still hold up then? Hard to say.
I regret leaking that I am a cat. Now everyone thinks Iβm a pussy.
Here puss puss π
I regret leaking Iβm a wolf. Now everyone thinks I sniff asses.
I regret leaking Iβm a frog. Now everyone thinks Iβm a French Canadian
Dog, but same. I'd neeeeeeever do that...
Big if true.
You've always been a pussy. That's why we love you.
Itβs probably too late at this point.
Wait, so you were investigated, not because you are a registered company, but because you were an anon hobbyist that technically self doxxed?
Yah I am having to reevaluate what I am putting out there on the internet. I did find that some of the hosting platforms actually accept bitcoin.
I worry a bit too , try not to loose any sleep though , whatβs done is done π«βοΈ
Rationale behind the second last point?
Thanks for sharing so we may learn.
Sad that privacy isn't the default in our world.
Too few normies value privacy, and won't until it's gone. π₯
Thanks for sharing so people can learn. The inability to delete messages is both a truly excellent feature, while also a little problematic; such as in the instance you described, but also problematic for people who might get unknowingly entangled or snared into copyright/trademark issues/lawsuits for posting an image/text/document without legitimate authorization from copyright/trademark owners or trolls. Without the ability to take the note/post down permanently and comply with the cease/desist orders, this can become a living nightmare for some.
Split online personalities is highly recommended nowadays, when we're living through the privacy apocalypse, we probably can't make it through but at least we have to try.
Befriend the shadows.
At this point, consider yourself observed also on Nostr. Consider to completely stop sharing until you've spoken to a lawyer about the situation. They try to put as much dirt on you as possible, don't give them any (more).
Best of luck π
Please don't regret posting honesty on nostr. Honest is a brave way to be sometimes.
How is Wikileaks even online in spite of state attacks?
More trouble than I feel it's worth taking. Until I figure out how to truly unplug from the matrix I'll just keep shit posting. And letting the government know how much I hate their guts.
Even if nots could could be deleted - internet doesnt forget.
Most Bitcoiners can add to that:
Not utilising #Monero when it is literally made for an adversarial environment.
What interesting domains you got lately?π€
Yea man with all that being said, ur still being shafted wrongly.
π«‘
Thanks for the honesty and postmortem (mid-mortem?). So, what can we learn from this?
0) If you want to make a difference, regardless of how right or moral you are, you should probably be more paranoid and careful than you are now. Things could get more authoritarian than they seem now.
1) Hosting: some options
https://www.privacytools.io/private-hosting
2) Use a reseller or see #1
3) I can understand the legitimate reasons why people use cloud flare, but they are an anathema to privacy and are taking over the web. We need better ways to combat problematic users without the CF goblin.
4) Either go nostr:npub1j8y6tcdfw3q3f3h794s6un0gyc5742s0k5h5s2yqj0r70cpklqeqjavrvg and cover face (though voice matching is trivial these days) or disassociate your developer self from your legal/official self (though this might preclude invites to conferencesβa paradox?)
5) I dunno what to say here. They suck and probably deserve antagonism
6) Think before you post. Always use a VPN/Tor. Carefully screen images for unintended content and strip metadata for what you post
β‘οΈπ«‘πͺ thanks for being open. You are on the front lines currently but we are in this together
The prison is not designed for you to escape it.
Just cloned all 15 repositories off of GitHub. You never know what they will censor next
Time for a new identity
I'm afraid our dog did some similar mistakes... Maybe I should stop abusing his accounts, but not quite yet!
Let's be honest for a second here. Sure, not doing any of that would have delayed the detection, but can one otherwise truly hide their identity while being relatively active on social networks, developing a project, or providing an online service?
I'm not talking to you, Satoshi. You might have actually made it, but that is an exception.
nostr:note15h3l225n2n3k4ykpqsv2a9w4wdng5phnndmxwftv2g2y9ykxruxqa7z9q3
I think if one is seriously concerned about opsec, they should pull the plug on everything and start all over.
Then, as a genral rule, treat everything as if itβs compromised.
This is also coming from someone with bad opsec. My paranoia can only go so far.
Nostr is the worst platform for privacy ;)
there are some mastodon instances with IP cleanup from their servers every 24 hrs
Snort lets you delete posts, but it's not perfect. Honestly, even if it was perfect, screenshots last forever. https://snort.social/
maybe comes handy to someone else in this scenario https://bitcoin-vps.com/
I hate the credit card/ internet transaction opsec issues. Lots of inconveniences
Thank you for this list of missteps...
I am so sorry about your current consequent struggles... No one deserves the state boot heel.π π‘π€¬
