Professional Documents
Culture Documents
Issue 002
June 2022
UnredactedMagazine.com
UNREDACTED is published free of any charge to the reader, and this file may be publicly shared in its entirety. All issues are available for free
download at UNREDACTEDmagazine.com. Contact details are also available at this site.
The contents of this publication are copyright © 2022 by UNREDACTEDmagazine.com, and are published via a Creative Commons Attribution-
NonCommercial-NoDerivatives 4.0 International license. You may share it for free as long as you keep the entire file intact. Commercial use is
prohibited.
Cover Design by Anonymous Reader. Layout by Astropost. Special thanks to everyone who helped make this happen. You know who you are.
4 Image: Jan Huber
FROM THE EDITOR
By Michael Bazzell submissions to various hacker zines We also saw a substantial increase
many years ago were all declined. The in politically charged submissions.
Well, we made it to a second issue. I sixth attempt finally got through. Even The balance was almost equal of the
truly mean it when I say “Whew, what worse, one of my articles for this issue left blaming the right and the right
a relief”. Launching any new product did not make the cut (my staff can, and blaming the left. Our desire is to keep
is always a gamble. We estimate that should, be brutally honest). this publication politically unbiased and
over 30,000 copies of issue 001 were eliminate anything which focuses solely
downloaded directly from our site Several people submitted links on politics. There are plenty of other
within the first two weeks, and countless to their various blog posts asking places online where you can scratch
additional copies have been archived us to select one for the magazine. that itch.
and shared all over the internet. Since While I didn’t state it clearly before,
we do not host any analytics on our we are looking for new and unique Finally, we are introducing two new
site, this is a rough guess based on content. There is no need to re-publish sections to each issue. The first is “The
bandwidth usage of that otherwise something already available. We want Linux Lifestyle“ which will walk through
minimal HTML-only website and the this publication to contain new content an ideal Linux build using Pop!_OS
temporary access data within cPanel. unavailable anywhere else. We updated which we can rely on every day for all
I am thrilled with the response and our submission guidelines to reflect of our computing needs. I will explain
interest, and excited to keep pushing this. This magazine is definitely a work every tweak and customization which
new content. in progress as we figure things out. may motivate others to make the switch
to Linux. As I find new applications
This month’s layout will appear a bit We had to make a few difficult useful to the privacy, security, and
different. Nick over at Astropost has decisions. Well, difficult for me at OSINT landscape, you will see it here
volunteered to create a more polished least. This month, the majority of the first.
and professional document, and we are submissions were what we have since
grateful for the assist. labeled “preaching to the choir”. These The second section is “Fun With
were mostly well-written articles about Radio Receivers”, where I discuss the
Many people have asked how we the reasons we all care about privacy. many ways to monitor radio signals for
select articles for publication from those While these were great pieces, we hobby or OSINT. Both of these sections
which have been submitted. In the first decided we simply can’t publish all of will appear every month and cover many
issue, we just published anything we them. Reading 100 pages about why details of the ever-expanding realm.
found interesting. As more options are we all agree that privacy is important Both categories were in my head when
coming in, we must be more selective. doesn’t take us as far as reading about I began considering this publication,
I have three staff members who help new techniques or unique situations. but I wanted to get the first issue out
me go through email and pluck out Therefore, we plan to limit each issue before committing to this task. User
interesting items. All four of us have to only one article which fits this submissions for each are welcome.
an equal say in what gets published. scope. That was hard for me because
We assign a numerical score (1-10) I wanted to simply publish everything Again, thank you for being here. We
to each entry and the highest scorers we received, even if that meant a 40 have a lot to do, but I look forward to
that month get published. We keep GB PDF with 1,000 pages. My wise staff the journey.
it simple for now. If your submission talked me away from that, and we will
~MB
was not selected, please do not be continue to focus on the submissions
offended. Consider polishing it up which teach us all something new.
and re-submitting. FWIW, my first five
MAINTAINING MULTIPLE
GOOGLE VOICE NUMBERS
By Michael Bazzell not reclaim numbers that have been The short answer here is a dedicated
ported into Google Voice or made Firefox browser, only used for Google
Theoretically, assume that I have permanent. Voice, with isolated containers for
dozens, if not hundreds, of Google each account. The long answer is more
Voice numbers. Maybe I have taught This is not completely accurate. complicated.
live OSINT courses since 1999 and part If you own a Google Voice number
of every course was a live demo for which was not used within 90 days, On my primary Linux computer, I have
creating a new Google Voice number you have probably received a warning standard Firefox as my daily browser. I
while using hotel phone lines and library from Google telling you to make calls have also installed Firefox Beta as an
fax machines as verification numbers. or send text messages to keep the isolated browser which is never used
Also assume that I have maintained all number active. While Google indicates for anything but Google accounts.
of those numbers over the years and incoming calls and text messages Before attempting any login, I installed
I can use any of them when needed. reset the clock, they do not. I have the Firefox Multi-Account Containers
Again, this is all theoretical, as this tested this thoroughly. I have a Google add-on and created a new container
would violate Google’s terms of service. Voice number which receives a spam for each Google account. I labeled the
Now, assume I have a conundrum. How call every day and at least one spam container as the Google Voice number
do I keep them organized and active? message every week. If I do not place associated with the account. I also set
outgoing calls or texts within 90 days, I the Google Voice login page as the
There are a few concerns if you start get the dreaded email telling me I must default home page for every container.
to possess multiple Google Voice use the number or lose it. Therefore, I installed uBlock Origin with the default
numbers. The first is suspension of incoming communication does not settings to block some of Google’s
the account. If you ever log in from a qualify as active use of the account. data collection. Once I configured, let’s
suspicious network or device, Google say all 112 numbers, I was ready to start
is known to suspend your account until Next, there is the issue of organization attaching the accounts.
you provide proof of your identity. of all of these numbers. It is one thing
Since you probably created the account to store them all within your password One must be careful here. If you
in an alias name, verification could be manager (I do), but how should we start logging into numerous accounts
difficult, if not impossible. Next, you access each number? Is clearing from the same IP address and browser
risk loss of the number due to lack of browser cache enough to eliminate characteristics, this will result in an
use. Google states: all evidence of usage? Finally, there account suspension. Therefore, take it
is a concern about contamination. If I slow. If you have previously accessed
Google may reclaim your Google download the Google Voice app onto a Google account from behind a VPN,
Voice number (if you have one) if you my mobile device and log in and out of there is little harm in repeating this
have not placed or answered calls, numerous accounts, I just told Google process. When I set up my system, I
or sent or opened text messages that they all belong to me. Let’s address logged into only two accounts per day
for a period of 3 months. We will each of these issues while I present my within the specified containers. I then
desired solution. waited until the next day when my
ANONYMOUS IN TIJUANA
By AnoninTJ the border of the United States and as crossing without comment or questions
such offer interesting possibilities as far or having to produce documentation.
As a longtime listener of the Privacy, as privacy and anonymity are concerned. And I look like a gringo. This is not an
Security, & OSINT Show, it’s kinda Before we get into the weeds, so to everyday occurrence however. If you
obvious that there’d be a significant speak, one of the more interesting don’t have or can’t get the required
portion of the readership of this new aspects of the city and the country in legal documents and just have to enter
publication who’d be interested in general is that corruption is rampant. the country, try the Otay crossing, and
anonymity. If you’re in that category As in omnipresent. It’s everywhere that discreetly and well-placed note of
or just want a good read, allow me to and anyone who has the opportunity legal tender mentioned above could
tell you about some of my experiences participates. Depending on just how very well get you in. Or you might be
in Tijuana, Mexico. A note before we socially and/or legally unacceptable able to just waltz right in like you own
continue. Nothing you are about to you want to be, a discreetly and well the place. Leaving, though, could be
read should be considered as legal placed 500 peso note will turn most another thing entirely, so think things
and/or professional advice. Or maybe heads for the amount of time necessary through. Do the OSINT.
even taken seriously. to not notice something.
Before arriving, it’s good to know
Tijuana is a large, third world city in I have personally experienced some Spanish. Many years ago when I
a large third world country. It and the walking through the border checkpoint crossed the border for the first time, I
country’s borders are back to back with and into Mexico at the Otay border knew two words of the local language.
ANONYMOUS IN TIJUANA
Image: Gabriel Heinzer
Every other April presents the perfect I now rely on two Linux systems. My minimal over the last two years. Both
opportunity to refresh my laptop and desktop is always at my home and is devices are clones of each other with
desktop computers. In April of even the system which I use over 90% of the the exact same OS, apps, and data. I
years (2020, 2022, etc.), we see the time. The desktop format allows me to synchronize documents weekly, and
release of a new Long Term Support easily add more internal storage, RAM, both contain fully encrypted discs.
(LTS) version of Ubuntu Linux. This April or peripherals. It also pushes me to be My desktop also does not possess a
we were given Ubuntu 22.04, which more intentional about my computer camera or internal microphone, which
includes support via software updates usage. I now avoid taking the laptop eliminates any accidental broadcasts.
for at least five years. I always take this from my home office into the living I find this comforting. I also rely on
opportunity to completely reinstall the area, as it encouraged me to always ethernet for my network access, and
operating system and all applications. do “one more thing” while watching a never need Wi-Fi enabled on the
This removes any outdated or movie or spending time which should desktop device. Win. Win. Win.
undesired data from applications which be away from a computer screen.
have since been removed and various Having a desktop helps me isolate work Typically, I would just download the
caches which have begun to clutter my and life more than a laptop always by latest Ubuntu LTS ISO file, wipe out my
system. It also allows me to jump right my side. machine, and reconfigure everything,
into the latest LTS release with a clean but this year is different. Instead, I am
slate and no software conflicts or less The desktop also allows me to really taking the plunge and using Pop!_OS
than optimal configurations. It is the “turn it off” when I am finished with as my operating system on both of my
equivalent to reformatting a Windows work, and gives me a sense of walking devices. Pop!_OS is based on Ubuntu,
or Mac machine when it gets slow, but away from the office. Closing a laptop and is also on the 22.04 LTS release. It
a bit more tied to a schedule instead lid does not give that same feeling is maintained by System76, who also
of a specific need. As a nerd, I look of closure for the day. I now reserve makes the computers I use every day,
forward to April every other year. the laptop for travel, which has been but is ideal for any hardware which
W E LCO M E TO T H E L I O
The Thelio desktop line was born from the belief that humans are capable of anything.
We believed that we could make an open hardware desktop that’s powerful, compact,
quiet, beautiful, upgradeable, backed by lifetime support, and manufactured in the United
States—so we did. Powered by either AMD or Intel with a top of the line components,
the Thelio is made to help you unleash your potential. What will you make with it?
Cybersecurity MananagedTM
Worse, her phone was set to display • Make sure you have backup access
notifications on the lock screen. If codes to any accounts which
demand 2FA upon login.
One of the benefits of working with to go back an hour later and find that it restrictions imposed by our employers.
and instructing a wide variety of teams, is no longer there. Sure, you can hope to One area that is often overlooked when
is the opportunity to identify common recover it using something like Google doing contract work is taking the time
mistakes and pitfalls which we tend cache, but that is an unnecessary roll of to clarify with clients any restrictions
to run into during our open source the dice. Best practice is to at least take due to their own policies and legal
intelligence work. The following are a screenshot of any key intelligence as constraints. If you are acting as their
some considerations and potential you discover it. Even better is saving agent, you likely are beholden to
issues that I see arise often, both with it in a forensically sound manner to additional restrictions and limitations.
new and experienced practitioners. preserve a page or post at the code We never want our actions to damage
level. the reputations or legal standing of
Issue: Rushing into the research phase ourselves, our employers, or our clients.
without taking the time to organize Issue: Using third-party tools or If there is any murkiness, consider
your investigation and environment. services which provide data, but for further research into applicable laws/
which you may have no understanding polices or if available consult with legal
Considerations: We always want to of where the data came from. counsel.
stop and take moment to identify the
key questions that need answering Considerations: The impact of this Issue: Wanting credit where credit is
and our overall mission goals. We scenario will depend on your mission not appropriate.
should also make sure our workstation, and final disposition of your case work.
accounts, and tools are all sufficient for If you are like me and much of your Considerations: One of the many
the task at hand. Are we preventing work ends in a court case, you will need odd things about working in the
cross contamination with other to be able to explain to a jury or other intelligence field is that if we are doing
investigations? Are we protecting our third party how the intelligence was our job correctly, we should be drawing
connection and workstation at a level recovered, and why we are confident very little attention to ourselves. This is
appropriate for the operational security that it is accurate. We need to properly counterintuitive to the current culture of
needs of our mission? Is this a long term source or provide attribution for our broadcasting successes on Twitter and
case that may warrant creating a new findings. Using free or paid tools which elsewhere. Almost all of the work we
virtual machine and new investigative “spit out” lists of data is not valuable do in truth belongs to others: clients,
accounts? These are all good questions unless you know where that data came victims, employers etc., and it is not our
to ask ourselves before diving in. from. This is even true with our own place to spike the football for internet
custom OSINT toolset, and why we points. This is ironically one of the tricky
Issue: Failure to capture key findings always encourage users to get under things about instructing tradecraft.
prior to them changing or disappearing. the hood and learn how those tools Most of my best examples of OSINT
work. work, I can never share with students.
Considerations: When you find that
This will also ring true to those of you
pivotal Twitter post or that incriminating Issue: Failure to understand and in the intelligence community, because,
image on a blog, we should consider abide by applicable policies and laws. in a world of “show us stats to prove
preserving it immediately so that we do
your worth”, we are a sub-sector that
not lose it if the target or the platform Considerations: We need to
really should be quiet most of the time
deletes or modifies the content. There understand not only the local, state,
and focused on getting out ahead of
is nothing worse than finding a case- and federal laws where we work, but
infrequent, but high impact, critical
breaking lead or piece of evidence, only also be aware of additional policies and
incidents.
Order at IntelTechniques.com
Register at IntelTechniques.net
Image: Sunil Ray
READER Q&A
By UNREDACTED Staff
Do you have a question or need clarification about a privacy-related topic? Submit it to us for
publication consideration at UNREDACTEDmagazine.com. If you have questions, other people
are wondering the same thing! Please make sure your submissions are actual questions, and
not vague statements with a “?” at the end. Here are questions from last month.
Q: How do we know our emails to website. Email is broken, though. Never covers browser queries, and nothing
you are secure? What are you doing use it for anything vitally sensitive. from your OS, which is why a firewall
to protect contributors? is better. Cloudflare makes their money
Q: The Firefox browser gives the in other ways, and their DNS has been
A: You don’t. Any email you ever send
option (under Settings > Network audited by a third party. I currently
to anyone could be abused. However,
Settings) of sending the domain prefer NextDNS for DNS and filtering.
we do take your contributions and
privacy seriously. We host our email name to the DNS server using
with ProtonMail, which is encrypted at an encrypted HTTPS connection Q: My business would like me to
rest. No one but our staff can access (instead of a plain text one). Is start traveling again. How should I
your emails from within that account. this a suggested setting? Should get around at my location? Should
If you send email to us from your own it be done on a firewall instead? I rent a car or use Uber/Lyft? I have
ProtonMail account, then the entire According to the link above, Firefox been trying to figure out how to
conversation is encrypted within uses the services from a third party rent a car privately, but most places
their network and safe from external (i.e. Cloudfare). It seems these require a photo ID. I have thought
eyes. After every issue is released, we third parties need a way to profit about using Uber, but I’d rather not
permanently delete all email sent to from providing that service. Is download it, since it will basically
our staff email address. This way, we this another case where the user’s track my phone. Please let me know
can not be compelled to hand over information is the product? what you recommend.
any communication in the event a U.S. A: If you have a firewall with A: Rental cars will always (and should)
court order was received. You can read encrypted DNS, this might be overkill, demand your driver’s license. There is
more about our privacy policy on our but no harm in doing both. This only no such thing as anonymous car rental.
READER Q&A
31
Q: I own a small business that I holding the letter for me, and the hotel sense of the results) How is it
run out of my house in Missouri. address was published online without different from an analytics service
For my business name I must file a scrutiny. Long-stay hotels seem to work like Google Analytics?
“Registration of Fictitious Name” best.
A: That is a great question, especially
form. The state does not allow P.O.
since the term is mentioned here often.
Boxes in this form—physical address Q: For the person new to digital My definition would be the persistent
only (I have tried—they manually security and only familiar with collection and transmission of usage
review all submissions). The address Windows-based platforms, can you metrics and other data associated with
provided will appear in a publicly recommend a free or affordable a specific digital product or service to
searchable database/website. Any site or course to learn more about a third-party server. In other words, the
advice on how to keep my home DIY personal digital security, Linux constant analysis of your information
address off this publicly searchable etc.? Something that goes beyond while you use a product, such as MacOS
website? following the commands in your or Windows. In one example, Apple
Extreme Privacy book? collects data about every application
A: I can’t speak to your specific
situation or Missouri law, and I am not A: I would revisit the book (Extreme you launch from your mobile device or
providing legal advice, but I can share Privacy), as it is much more than computer, then analyzes your usage for
an anecdote. I once had to provide an “commands”. It is over 500 pages of their own benefit. Is Google Analytics
official physical (non-CMRA) address content to help with the very thing you telemetry? I guess it is in a way, but I
which would become public record. I are asking. The first four chapters (1/4 make an important distinction. It goes
booked a hotel room for one night and of the book) are dedicated to the tech back to the word “persistent”. Your
completed an online registration form side of things. If that doesn’t scratch Apple or Microsoft operating system
while there which required a “Current the itch, I would create some Linux is constantly collecting data. Google
physical address”. I provided the hotel VM’s and work through any issues. The Analytics can only collect data when
address and even the room number as internet can solve any problem you a website hosting the code is visited
to be completely transparent. I then find. (unless you use uBlock Origin to prevent
booked a second stay 30 days later and this). However, there are similarities
told them I may be receiving a package. Q: What is telemetry? (Yes, I which are open to interpretation.
When I arrived a month later, they were googled it and have trouble making
First, the steps in the book to download and apply a Firefox profile with 260-Google’s New Policy Change
customized add-ons, bookmarklets, and settings do not work as printed in the
book, because the path to the Firefox app has changed. Profiles must now be Discusses Google’s new data removal
copied to the following folder. policy, the first issue of UNREDACTED
Magazine, and numerous privacy &
/snap/firefox/common/.mozilla/firefox/*.default OSINT updates.
Next, the Firefox icon might be missing from your build because of this same 261-A Client Stops By
path change. Instead of adding a shortcut for “firefox.desktop“, you must now
specify “firefox_firefox.desktop“. A client stops by to discuss his recent
full privacy reboot, plus the latest news.
Finally, the search tools shortcut was broken by the 22.04 upgrade because
the Firefox Snap package now requires the path of a local file to be included 262-Brief Updates
within single quotation marks. The ‘tools.desktop’ shortcut file now includes
the following line. Provides brief updates to the show,
magazine, and latest privacy news.
Exec=firefox ’/home/osint/Desktop/tools/index.html’
263-Proton Changes & New Breach
These are all minor changes, and many people will never notice if they simply Lessons
follow the online steps. I modified the following details within the book login
portal on May 5th, 2022: Discusses the latest Proton changes
and some new breach data privacy
• Updated the ”linux.txt” Linux Steps file to reflect path changes for Firefox concerns (and investigation benefits).
in Ubuntu 22.04.
If you use the URL and credentials from your book, you will see these changes.
As long as you are following the updated online TXT files during your build
process, all should function normally. This is why it is always vital to check for
updates on the site while following the book.
“Dash Cam Stories“ by Anonymous: decided when you set up the Linphone fantastic since it makes you less visible
application, as in that URL you specify in public, and there is no prominent
I have another reason to own a dash
“us1” or “us2” or whatever. branding. Bring forth the Jason Bourne
cam. I live in a county which allows
in you. Initially, I didn’t notice this
drivers to sign a complaint against Editor’s Note: We tested this with ingenious design. The zippers can clip
drivers who have allegedly committed the original text and calls came through to a ring at the end to avoid accidentally
a traffic violation. An officer does not fine (without forcing to VM). We tested opening the bag. The lock mechanism
need to witness anything, and the fines this alternate option and it also worked is a minor feature that momentarily
are steep. Last week, I accidentally fine. We are not changing the tutorial becomes a deterrent for those looking
pulled out in front of a speeding driver. since it works as described and is the for easy prey in densely populated
They got mad and rode my tail. I refused official Twilio guidance, but we will regions. The “anti-slashing” fabric
to speed up and they could not pass. present your modification here in outperforms expectations. I wouldn’t
They called the Sheriff and said I was case others have issues. You may have rely on it as a defensive weapon, but
driving aggressively and “road raging”. something else unique going on. the material is sturdy enough that
The deputy pulled me over and allowed
I’ve let my dog play with it, and it has
the other driver to sign a complaint
“RFID Bag Review“ by Jun: survived. So if you’re a tourist in an area
against me. Before the paperwork was
Those who travel frequently are known for thieves slicing open bags as
finished, I convinced the deputy to
no stranger to the sales pitch of you walk, this would be a significant
look at my dash cam of the incident.
Radio Frequency Identification (RFID) bag to avoid such troubles.
He watched as I drove normally, and
then refused to allow the complaint. He blocking. Many RFID-blocking products
Overall, it was worth the purchase,
asked if I wanted to sign a complaint are available and are famous in wallets
significantly since I use it every day.
against the other party for filing a false and passport holders. On the other
The sling bag is small enough to
police report, but I declined. Going to hand, backpacks have never maintained
leave my keys, three SLNT wallets, my
court is not very privacy-friendly. their integrity, especially for Everyday
GrapheneOS device, wired earbuds,
Carry (EDC) enthusiasts. Target has
and flashlight at all times. I can leave
“Twilio Updates“ by John: a simple-looking sling bag that took
this next to my front door when I’m
me a few months to pull the trigger
I just went through and set up my home, then grab and go whenever I
to ultimately purchase: “AntiTheft
Twilio numbers and the code is almost need to run errands. If I know I’m out
RFID Sling Backpack Gray”. The RFID
right, but needs one change. With the the entire day, it’s big enough to fit
sales point on any sling bag has never
incoming calls bin, the sip URL address more stuff like a portable charger, USB
met anyone’s expectations from my
is wrong. You are not allowed to specify cables, and a portable gaming console.
experience. To my surprise, its other
a local server in the address. For Let’s say you want a minimalist and
features have made this specific sling
example, ”6666666666@6666666666. defensively practical bag. In that case,
bag my primary everyday bag.
sip.us1.twilio.com” should be: I believe this is an excellent first EDC
”6 6 6 6 6 6 6 6 6 6 @ 6 6 6 6 6 6 6 6 6 6 . s i p . As predicted, RFID-blocking is sling bag for a gray man’s lifestyle.
twilio.com”. With the previous one terrible, so don’t count on it. However,
it goes straight to voicemail (if that’s this sling bag has become the mainstay
set up). It seems the local server is of my EDC gear. A Plain Jane style is
CAN DECENTRALIZED IDENTITY GIVE YOU GREATER CONTROL OF YOUR ONLINE IDENTITY?
41
The standards being defined are mainnet blockchain.” If you were to A well-designed identity wallet
at standards bodies such as World provide that DID to a service or another shields you from the complex
Wide Web Consortium (W3C), user, it would be resolvable to an technical information I’ve described.
Linux Foundation (Hyperledger and address on the Sovrin mainnet where From your perspective, you create
TrustoverIP), and Decentralized Identity the DIDDoc could be returned. The your decentralized identity and
Foundation (DIF). DIDDoc contains your public key and take it out and use it. Complexities
an address where to reach you. around cryptography, endpoints, and
Now we have touched on the high blockchains are not that interesting to
level concepts, let’s dig a bit deeper into There is a lot to unpack in that the everyday user.
the decentralized identity technology. paragraph.
So, to answer the question we
Identity wallet Sovrin is a Hyperledger Indy- started with: can decentralized identity
based blockchain specifically built give you greater control of your online
As the user, your view into for decentralized identity. Being identity? Clearly yes.
decentralized identity is via an identity a permissioned blockchain, it is a
wallet. The wallet allows you to create network of validator nodes (twenty four I’ll leave it there for now. This is
your decentralized identities and for each of the three Sovrin networks: the first in a series of articles on
connections with other users and mainnet, staging, test). It is designed decentralized identity from Anonyome
services, and to receive, hold and to support decentralized identity- Labs. In future articles I’ll discuss:
present verifiable credentials (your based applications. Anonyome Labs
digitally signed digital documents). is one of the founding stewards of • Decentralized identity focused
Sovrin, meaning we have been running blockchains
First, you need to get an identity
a validator node on the Sovrin network
wallet. There are a few different ones • Decentralized identity verifiable
for over three years now. Think of a
out there; one example is the Lissi credentials
validator like a bitcoin miner.
wallet (lissi.id/mobile), which is a mobile
application purposely built to allow the • Identity (data) hub concept
A blockchain is used for decentralized
user to participate in a decentralized identity because it provides an anchor • Real world projects leveraging
identity world. for trust. Not only can you write your decentralized identity
DIDs to the blockchain, but other
The wallet is designed to hide much
parties, such as verifiable credential • The key decentralized identity
of the complexity of decentralized
issuers, can write credentials definitions standards, and more.
identity, but let’s cover some detail
and their own DIDs (unique identifiers)
here. When you create your first
as well. Because the blockchain is
decentralized identity, you are in fact
immutable (can never be altered, only
creating a private/public key pair
added to), there is no way for a hacker
(usually based on Elliptic Curves, e.g.
to modify the information on the
ec25519) and a unique identifier called
blockchain.
a DID. A DID is a simple text string
consisting of multiple parts: DIDDoc is also important. The DID
points to a location on a blockchain
did:indy:sovrin:7Tqg6BwSSWapx-
gUDm9KKgg so that a DIDDoc can be retrieved.
The DIDDoc gives the decentralized
The string above has this meaning: “I identity’s public key (for establishing
am creating my decentralized identity connections) and an address that can
following the Indy DID method, and be used to reach you as the user.
the identity is anchored on the Sovrin
Astropost
UNREDACTED
love to build you an awesome, magazine-ready ad!
PRIVACY-THEMED PUZZLES
43
FINAL THOUGHTS CROSSWORD ANSWERS
19. Red
16. Dashcam
15. CTF
By Michael Bazzell 11. Engineering
I am already thinking about the July issue. While I have a few articles brewing
9. IoT
in my head, this magazine cannot be completed without you. Please send your
8. qwerty
contributions sooner rather than later if you would like to be published within
7. Phishing
the next issue. I sincerely thank everyone who contributed to this second release.
6. Anonymous
I look forward to seeing what you come up with next.
4. Backups
2. Alias
~MB 1. Genymotion
Down
20. HTTPS
18. Monterey
17. Ransomware
14. OPSEC
13. Linux
12. SIM
10. IntelTechniques
5. Data
3. Yubikey
AFFILIATE LINKS
Across
If you would like to support this free publication, please consider using the following affiliate links. If you plan to purchase
any of the items below, or other items from the vendor (such as Amazon), the following links provide a small financial
contribution to us without costing you anything extra. We see nothing about you or your order.
Order at IntelTechniques.com
Register at IntelTechniques.net