Flag 6: Digital Security

flagtheory.com /digital-security/

Digital Security is the Sixth Flag

This is part of our Pillar Content of Flag Theory where we detail how you can take a billionaires strategy for
internationalization (Flag Theory) and apply it to your life (for free) whether you have $10,000 or $10,000,000
Digital Security is the 6th Flag of Flag Theory introduced in the early 2000s. It focused on protecting your online
privacy, and communicating securely without having compromises. The Snowden revelations have given new birth
to the importance of this flag, and new technologies (namely digital currencies or virtual currencies) have created the
need for a 7th flag (digital assets)

Flag Theory Foundation

Flag 1: Second Passport

Flag 2: Tax Residency

Flag 3: Offshore Company

Flag 4: Offshore Banking

Flag 5: Physical Assets

Flag 6: Digital Security

Flag 7: Digital Assets

Essential Encrypted Services for Digital Security

Encrypted email: Unseen.is
Encrypted chat: Wickr, Line
End-to-end file sharing: Unseen.is Premium, Mega.NZ
Encrypted cloud storage: SpiderOak.com
VPN: HideMyAss.com

Here are some of the quick and easy wins for planting a digital security flag if you are too lazy to browse the entire
1/9
list below.

Digital Security/Internet Security for the truly paranoid

1. Private browsing. Duck Duck Go The search engine that doesnt track you. A superior search experience
with smarter answers, less clutter and real privacy. You can set the default preference for firefox or other
browser applications to default to this preference.

Changing your default browser settings on Firefox to set to DuckDuckGo

2. VPN. By using a VPN, which obscures your IP, youll get a more secure connection to the internet. I suggest
HideMyAss, but there are many different providers who do this.
3. TOR. TOR is a project that obfuscates your IP through an onion of other connections and also makes it
possible to access the Dark Web. TOR was originally started as a US Government project but has since been
open-sourced and continued by proponents of freedom and privacy. 1
4. PGP mail. PGP uses encryption keys to encrypt and decrypt a message that can be sent over a less than
secure channel. You need to exchange PUBLIC keys with the person you are sending a message to (send
them this as an attachment to an email) I suggest using thunderbird and enigmail. Enigmail is a security
extension to Mozilla Thunderbird that allows you to write and receive email messages signed and/or
encrypted with a set of PGP keys.
5. Encrypted voice and chat. There are a few programs that allow for encrypted messaging, including wicker,
telegram, and more but one Ive found that offers voice and chat on top is unseen.is Go ahead and send
our sales guy an email with your encrypted message. Here is his key for download (remember, public keys
are safe to share but private keys should never be shared).
6. For PC. Spyware, malware, viruses are common if you are downloading files on a regular basis, therefore a
virus scanner is a must. You likely only will come across an issue with malware if you are downloading a
program, and not checking it with an up to date virus protection, unless there is an exploit in your operating
system, so keep your OS up to date.
7. For Mac. Little snitch monitors your ingoing and outgoing computer traffic and allows you to control which

2/9
 programs are accessing the internet.
8. Multiple factor authentication. Dual
authentication is using two factors to prove your
identity. Most commonly you can pair a password
with your phone and a tool like google
authenticator or clef. Other more important
services like banking can often allow you to get
multiple factor authentication with 3 or more
verifications (banking dongle, password, cell
phone text message).
9. Search whois records. Making a whois search is
one of the easiest ways you can quickly determine
who owns a site, and if that site is trustworthy. A
friend who is deep into SEO even suggested that
a private or anon. whois record might rank lower
than public and true information.
10. Anonymize your whois records. If you are the
owners and you want to remain anonymous, then
you can pay a firm to display their information. Little Snitch in action red means the program is being stopped.
However, be aware that of these whois privacy
providers are will flip like a pancake under any
legal pressure.
11. Search companies house records. First check on Incorporations.IO to see if the information is public. Then
lookup the Companies House which enables you to check out details about company addresses, owners and
the like. Look for big discrepancies between onscreen addresses and physical offices.
12. Choose a Private Jurisdiction for Incorporation. Because anyone can at anytime lookup the shareholder
in your company if you select a jurisdiction to incorporate which makes this information public, it is
advantageous to select a jurisdiction for your company which is private.
13. Privately Register your Company using a nominee. Sometimes due to physical location or local laws, you
need to register in a jurisdiction which publicly avails your private information. Alas, there is oftentimes ways
around this and you could privately register your directors and shareholders by using a nominee.
14. Be Wary of Social engineering. Scams and people trying to give you 1,409,059.93 cents from your uncles
estate if youll only release to them $500 to (bank account in random developing nation) are not your friend,
and did not know your uncle.
15. Reverse image search images. Tineye is a website that allows you to look backwards at pictures to see
where they came from. Useful in preventing human engineering, and determining if that hottie you met on the
online dating site is a real date, or a honeypot sent from the KGB for counterespionage.
16. Never use internet explorer. If you are using IE6, your computer is likely comprimised already. Google and
YouTube have now stopped supporting the ageing browser but its also riddled with security flaws. Do
yourself a favour and download a newer browser.
17. Virus Total. Worried about the provenance of a file? Upload it to www.virustotal.com. Youll get a number
virus-scanning engines to find any hidden malware for free.
18. Dont Use Dropbox. This company has a particularly bad reputation for sharing user data, and not providing
end to end encryption Were talking about encryption. Were talking about dropping programs that are hostile
to privacy. For example, Dropbox? Get rid of Dropbox, it doesnt support encryption, it doesnt protect your
private files. And use competitors like SpiderOak, that do the same exact service but they protect the content
3/9
 of what youre sharing. Ed Snowdon
19. Dont Use Facebook. They trust me dumb fucks, says Mark Zuckerberg in a text message referring to
users of Facebook services who submitted personal information. Things have changed since he built
Facebook in a dorm room and turned it into a multi-national company earning multiple billions in the process.
However, its telling of the companies stance on privacy, direct from the Founder at the inception of the
business. Source

20. Encrypt file storage in the cloud. Dont use dropbox.

Encrypt files when you pass them to others, use
Mega.NZ

21. Check site safety. Look in the search results for a

malicious notification, or with www.siteadvisor.com.
This is a browser plug-in that has a green, yellow and
red site rating icons will help you to avoid
compromised web locations. Moderately useful,
normally search engines wont display sites that have
been compromised or have malware anyway.
22. Test your antivirus system. Using the Eicar string
(which is a string of text most virus engines use) youll
be able to detect a virus even if it is obfuscated, Copy of leaked slide that shows the information that can be
gathered by PRISM on request from intelligence agents.
wrapped or compressed.
23. Use Proper Website hosting. This could be an entire

Mega Upload homepage looking pretty cool.

article in and of itself, but most of the web runs on wordpress, and most wordpress runs on WPengine.
Therefor if you are hosting a wordpress site, use WPengine. This should take care of the majority of the
issues you might face, as they explicitly disallow certain plugins or themes that have been compromised.
24. Use strong, multiple passwords. You should utilize a strong password generator, or use a passphrase
instead of a password. A dictionary attack or rainbow table is a common attack by a hacker using an
automated tool.
25. Encrypt your data. I already included this, but want to mention it again, its that important! Use spideroak or
another encryption mechanism to encrypt your hard disk or USB thumb drive. It goes without saying that if it
is ever lost or stolen, whoever accesses the data wont be able to read it if its encrypted.
26. Careful when throwing out a computer. Magnets, freezers, fire, smashing the item to bits and pieces can
provide some degree of assurance that data is destroyed, but not 100%.
4/9
27. Hide your DNS.The leader in this space is OpenDNS. They were recently acquired by CISCO systems.
Might be better to use open source software DNScrypt which also encrypts your data.
28. Take care on public networks. Hotspots (particularly airports, hotels, coffee shops) are the most vulnerable
places you can access the internet. While it might be convenient to use public wifi, you may be exposing
yourself to a MITM attack. A man in the middle attack is where a person builds a bridge between your
computer the router you are connecting to, stealing the datapackets you are sending to the router. Basically
the person will impersonate the router, and then when you connect to the router, you are actually connecting
to a malicious source.
29. Virtualize. The truly
paranoid could
virtualise. This is
accomplished from
creating a virtual PC,
using it to perform
tasks, and then
destroying it, along
with any viruses that
may have infected it
while you were
online. Running a
virtual version of
Ubuntu from within
Ubuntu is likely to be
the easiest way of
achieving this style of
computing.
Illustration of a MITM attack or why you need to be careful on public wifi.
30. Use a credit card as
opposed to a debit
card. If you need a one time card, consider using a pre-paid debit card.
31. Use a password Manager. This is one where I am conflicted, as password managers do help save time, but
ultimately you are providing a lot of data to a single point of failure. If that company gets hacked (as notably,
lastpass did) then you might be doing a lot of password changes to make sure you are safe again.
32. Prevent Trackers. There are many different tracker blockers out there. But Blur, is one that tries to do
everything. According to their site, it is the only Password Manager that secures your email, phone, and credit
card and prevents tracking.
33. Use cookie management software or incognito mode to ditch cookies for big sites that you dont want to be
tracked by (Youtube, Google, Amazon, etc.)- Be sure to clear your cache!
34. Use Fluid App (paid for, $5) for creating a site-specific browser with separate cookie storage for websites
that you access regularly and cant avoid being tracked by (Facebook, Gmail, etc), or just for web apps you
use a lot and want to access via alt-Tab (BitBucket, Trello, etc).
35. Use ssl. Both as a business owner, and as a host SSL gives more confidence. SSL stands for secure
socket layer, and you can buy a certificate for very cheap (even free).
36. Use Cloudflare with sites that you host. Cloudflare helps mitigate against a DDOS attack. If you are a
website owner, you make money when your site is online. A DDOS attack is a distributed denial of service
attack. This is essentially *many* different connections to your site simultaneously, initiated by a bad actor in
an attempt to overwhelm your hosting provider.

5/9
37. A diagram of what a DDOS attack looks like.
38. Make sure youre using dnssec on all your own
domains it will protect against DNS based attacks
and some mitm attacks
39. Email Tips from your own domain. Setup spf
records and dkim for all your domains it will
stop/slow down people spoofing email from your
domain
40. Dont Use Hushmail! Hushmail uses PGP as a
protocol, which is safe, but unfortunately have been
known to flip on their customers due to pressure from
government. Notably, they created an insecure Java
Diagram of a DDOS attack.
applet with a backdoor to intelligence agencies so the
agencies could steal their own customers
passwords.Its complicated and the details are hazy but some investigative reporting pretty much confirmed
this rumor. It involved a password vulnerability on the server side that wasnt exposed on the client side, but
the TL;DR is PGP is safe but dont use hushmail! Better to do it yourself 100% client side or use a more
reputable provider.http://www.theregister.co.uk/2007/11/08/hushmail_court_orders/
41. Unregistered / throwaway data SIMs. Many countries allow for SIMs to be obtained without any
identification (see panama). Some require a passport to signup (see Thailand) and others require a plethora
of data including Tax ID (see Brazil). You might also consider the phone you are using and use a burner or
throwaway phone if you are particularly paranoid.
42. Second Passport. Obtain a second passport The 1st Flag of Flag Theory and use this identification as
needed.
43. Tax Residency. Properly establish a legal tax residency in a private, low tax jurisdiction The 2nd Flag of
Flag Theory and ALWAYS set your VPN location to this country.
44. Offshore company. Utilize an Offshore Company to hold assets, and ALWAYS register web domains,
hosting, and assets of the company properly within this legal entity.
45. Bank in Private Jurisdiction. Unfortunately, banking isnt as private as it used to be. As of 2016, the most
private place to setup a bank account is actually the USA. but pair that with a Wyoming company and no one
but the IRS will be able to find out without a lawsuit.
46. Buy Gold and Physical Assets Plant them in a secure, offshore and safe jurisdiction like Singapore,
Switzerland and youve effectively planted the 5th Flag of Flag Theory.
47. Utilize this very list! The 6th Flag of Flag Theory
48. Use CryptoCurrency The 7th Flag of Flag Theory.

Why is Digital Security Necessary?

There are countless examples of how
governments around the world,
particularly the 5 eyes have
overstepped bounds and see it as
important and necessary to collect as
much data as possible. This data is being
Flags of the 5 eyes the intelligence agencies of the AU, CA, NZ, UK, US want your data at
held in massive data centers for an all costs, and they most likely have it already.
indefinite period of time. So even if what
6/9
you are dont isnt illegal (now) it can still be used against you later down the road. This isnt a crazy conspiracy
theory, these are facts.

This is a very slippery slope indeed. We now live in a world

where a simple google search could implicate you in a crime,
or at least deny you of bail under certain circumstances.

If you google searchhow to get away with murder does

that make you a murder?
If you read a book on how to avoid taxes? does that
make you a tax evader?
If you search how to start a fire? does that make you a
arsonist?
If you google how to explore space? Will a magical
jetpack suddenly appear and take you to outer space?

Obviously the answers to these questions are no. However, the

are courts that have held people without bail because of these
types of internet searches. A million abstractions can be drawn
by the courts about intention. However, as evidenced by the
above, intention does not equal action.

This is a perverted form of future crime, Minority Report style, and it brings up a scary conclusion: When
governments and corporations collude to provide your private information, it can and will be used against you in a
court of law. Its clear that there is a necessary action to be taken to protect ourselves in our homes, and in our
laptops to secure the privacy of our most personal intentions.

Its a natural human right, and anyone who tells you that they have nothing to hide is offering up a straw-mans
argument. The argument isnt whether you have something to hide, its whether we as humans have the right to be
safe and secure in our personal space. In America (home to the most egregious violators of privacy rights on both
corporate and public level) citizens should are no longer protected by the 4th Amendment of the constitution.

[t]he right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated, and
no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the persons
or things to be seized.

I feel it fitting to end the article with a quote from one of the drafters of the constitution
document, Benjamin Franklin: Those who would give up essential Liberty, to purchase a little temporary Safety,
deserve neither Liberty nor Safety.

=============================================

Here are more articles on internet security.

Girl Refuses tracking device, expelled.

7/9
 Do You post on Facebook?
Kim Dotcom
Drug Sniffing Lasers (say what?)

Dont stop reading. Here is more of our pillar content

Flag Theory Foundation

Flag 1: Second Passport

Flag 2: Tax Residency

Flag 3: Offshore Company

Flag 4: Offshore Banking

Flag 5: Physical Assets

Flag 6: Digital Security

Flag 7: Digital Assets

1. *You have to be very, very careful when accessing the dark web. There are very nefarious sites, and the FBI

8/9
has even used malicious javascript injections to track down users. Proceed with caution.

9/9