Hiding In Plain Sight - Ivan Banov

Here is an excellent talk given by Ivan Banov at BSidesCache 2025 called How to Hide in Plain Sight: Next-Level Digital Privacy.

The following is an AI generated summary of the talk:

🎯 Overview

The speaker delivers an engaging, humorous, and practical talk on digital privacy — why it matters, how our data is constantly being collected and exploited, and what concrete steps ordinary people can take to reclaim control over their digital footprint. The presentation blends storytelling, humor, and technical insights to make privacy awareness relatable.

🧩 1. Opening Story: The Movie Theater Example

• The talk begins with a personal story about trying to buy a ticket to How to Train Your Dragon from Megaplex.
• The speaker is shocked at the amount of personal data required (full name, birth date, phone number, zip code, etc.).
• Curiosity leads him to read the company’s privacy policy, which — despite claiming “We don’t sell your personal information” — admits to sharing personal and even biometric data with third parties.
• He investigates Megaplex’s IT department, discovering it’s small and underqualified to protect sensitive data, underscoring the irony of trusting such organizations with biometric information.

🕵️ 2. The Bigger Picture: Why Privacy Matters

• Everyday businesses collect far more data than necessary, often for marketing and behavioral manipulation.
• Privacy breaches aren’t just about identity theft — they’re about control, influence, and profit.
• AI and corporations use behavioral data to predict and shape human actions, e.g., targeted ads, dynamic pricing, and emotional manipulation.
• Example: Delta Airlines allegedly uses AI-driven “personalized pricing,” possibly charging more based on emotional or situational context (like needing to fly after a family death).

💬 3. Defining Privacy

• Privacy = “The state of being free from being observed or disturbed by others.”
• The speaker humorously likens it to wanting to “poop in peace” — the right to exist online without constant surveillance.
• He argues that privacy isn’t about hiding, it’s about freedom, autonomy, and self-determination.

💡 4. Why It’s Urgent

• Corporations and governments view personal data as currency.

• Even innocuous details — address, habits, relationships — can be weaponized.

• Lack of privacy leads to:

  • Loss of freedom of thought (algorithms nudge beliefs and behaviors)
  • Economic exploitation
  • Permanent profiling starting from birth (companies collect data even on unborn children via pregnancy apps)

🔒 5. Practical Privacy Strategies

The bulk of the talk provides step-by-step privacy recommendations for ordinary users.

🧠 General Principles

• Share as little information as possible.
• Avoid reusing personal data (emails, usernames, payment info, etc.).
• Only give what’s legally or functionally required.

🌐 Browsers & Search

• Stop using Chrome, Edge, or Safari — they track everything.
• Prefer Brave, Mullvad Browser, Librewolf, or Orion.
• Replace Google with DuckDuckGo, Startpage, or self-hosted SearXNG.

📱 Messaging & Email

• Avoid SMS, RCS, Google Messages — not private.
• Use Signal (best balance of privacy and usability).
• Avoid Gmail; use Proton Mail or Tuta Mail (formerly Tutanota).

🕶️ VPNs

• Use a privacy-oriented VPN like ProtonVPN, Mullvad, or Surfshark.
• Avoid free or ad-driven VPNs.

💳 Payments

• Use privacy.com to generate disposable virtual cards.
• Create aliases or authorized users with alternate names to mask real identity.
• Demonstrates live how he generated and shared a $10 virtual card safely.

📞 Phone Numbers

• Use VoIP providers (like MySudo, JMP.chat, or AnonAddy-style services) to create throwaway phone numbers.
• Smaller carriers often allow pseudonymous registration.

🪪 Identification

• Use a U.S. Passport Card instead of a driver’s license; it omits address info.
• Never allow anyone to photocopy or scan your ID.
• Create “for display only” IDs (company cards, event passes) if identity proof is required.
• Always mark images of your ID with “copied for [service] on [date]” before sending.

🏠 Addresses

• Use hotels, mail forwarding services, or commercial mail agencies (CMRAs) like UPS as mailing addresses.
• Avoid exposing your home address online or in registrations.

💻 Devices

• Use GrapheneOS for Android or Linux-based operating systems like Pop!_OS or Qubes for desktop.
• Turn off location precision, cookies, and fingerprinting in browsers.

🧩 6. Advanced or Creative Tactics

• Flood data brokers with disinformation:

  • Donate small amounts to multiple political parties with fake addresses.
  • Order magazines or sign up for trials under aliases.
  • Use the legendary phone number 867-5309 for loyalty programs.

• Create multiple “identities” to dilute your real digital footprint.

• Consider trusts and wills for digital asset protection.

⚙️ 7. Resources

• IntelTechniques.com & Extreme Privacy by Michael Bazzell – comprehensive privacy methodology
• Privacy Villages at DEF CON & security conferences

🧭 8. Closing Takeaways

• Any step toward privacy is a win — start small and build.

• Always ask: “Why do they need this information?”

• Make informed, intentional decisions about data sharing.

• Example: when re-attempting the Megaplex sign-up, he used:

  • Name: No Nopey
  • Phone: 867-5309
  • Birthdate: 01/01/2001
  • Zip: 90210 → Everything worked fine — proving most data collection is unnecessary.

🧱 Core Message

“Privacy isn’t paranoia — it’s prudence. Every piece of information you give away is a piece of control you lose.”

The talk encourages digital minimalism, informed consent, and personal sovereignty in an era of ubiquitous surveillance.

#privacy