/fucko/ FBI edition

-==COMMON BULLSHIT==-


chronicle.com/article/Why-Privacy-Matters-Even-if/127461/


If I've done nothing wrong there is no reason to search me.

-==TOOLS TO USE==-


pastebin.com/BbmZ8hiR


imgur.com/T8q7eB0


grc.com/misc/truecrypt/truecrypt.htm

istruecryptauditedyet.com/

wiki.installgentoo.com/index.php/Encryption


pastebin.com/tUvq8Jzj


fakenamegenerator.com/


gpg4usb.org/

gnupg.org/


otr.cypherpunks.ca/


eff.org/deeplinks/2014/08/cell-phone-guide-protesters-updated-2014-edition


pastebin.com/PxcDYUr0


pastebin.com/jd1sEwKL


#Fucko @ irc.rizon.net

All and any supportive comments, template contributions, are welcome and encouraged. NSA shills need not apply.

Template ALWAYS here: wiki.installgentoo.com/index.php/Fucko

Previously on /fucko/:

I don't fucking know

Mumble Server:
mumble://167.99.178.127

Attached: fedirino.png (1289x572, 525.18K)

Other urls found in this thread:

sparxeng.com/blog/software/recovering-images-from-google-chrome-browser-cache
chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html
mdpi.com/1999-5903/10/12/121/pdf
hackaday.com/2015/06/08/hard-drive-rootkit-is-frighteningly-persistent/
8ch.net/pol/res/12072949.html
fakenamegenerator.com/
en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits
en.wikipedia.org/wiki/AMD_Platform_Security_Processor
youtube.com/watch?v=eQ2OZKitRwc
aclu.org/other/constitution-100-mile-border-zone
web.jfet.org/hw-rng.html
blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/
vanheusden.com/aed/
vanheusden.com/ved/
onerng.info/onerng/
twitter.com/NSFWRedditImage

Attached: blurredtextdensitytest.png (1920x1080, 902.78K)

>>>/fringe/

lol u mad

What's the most disgusting thing you've masturbated to?
When did you lose your virginity?
How many sexual partners have you had?
Does your woman shove fingers up your ass while she gives you a blowjob?
Do you enjoy watching your woman get railed by random niggers?
Do you like shoving things up your shitter?
What is your masturbation routine?

All these and more are things to hide!
And none of them are illegal!
Yet all of them give others power over you.

cucks will deny this

Who the fuck does this it's gay af might as well walk over to the gay bar and get fisted on stage

Na, I don't think that's important.
What's actually important is that data alone gives other people who work against you a tool to construct evidence.
Even the most garbage data can be used to somehow prove that you think a certain way or committed some thought crime or have some other disposition.
In the CY-3 barely anyone would even hate you for the things you listed. That's how run down society is.

and since you were talking about porn.
How can one verify the age of some person in a video?
The pixels certainly can't. You can't. A lawyer can't. Unless you're only looking at grannies you could run into it.
Or random postings with underage content. Happens relatively often. Even here on infinitychan.
Can all be used against you. That stuff only touched your ram? No, there is a thing called browser cache these days and website content is written to disk and can be recovered.
Even by amateurs like you. See this random website: sparxeng.com/blog/software/recovering-images-from-google-chrome-browser-cache

What else am I missing here?

notFBI

We have accounts too
Firmware bypass and disk platter analysis
Size limit, random only good as the seed & algo: human randomness can beat computer seeds
UPnP
Hehehe, monolithic bypass, fuzz microprocessor
Open bus still open.
Depends Xsc, but cold boot attacks succeed: open RAM
Disk platter evidence, NAND ionization
Fav. vector, esp. unsecure downloads
Tu metadata es mi tesoro

>chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
Excuse me, Mr. Goldstein?

I chose common Cosmo-sexual preferences because they're easy pressure points for typical fags.
It goes beyond porn. Bank statements could be used to construct "dangerous" spending patterns.
meme-posting shows intent as proven by James Field's trial.
Even visiting this site can be used to prove that you've committed a crime.

vpn are similar to cloud gay. it's just passing your information to someone else's computer and who knows what kind of security they even implement with their Indian coders. bet they use MS-CHAP internally.
encryption only protects you from a minutes worth of intrusion.
passwords are vulnerable to keyboard signal leaks, radiation attacks, and hiring a scryer to shouldersurf you / or that expensive transparent sky camera equipment though monitors are upright so they'd have to reach certain angle

remove upnp/samba and dmz
NSA(tm) linux lol, the fuck is apparmor? some ring 3 trash?
lol. keyboard? BT is much worse
or better make your own locker program not something that they've already cracked and if not - tried to negotiate inserting backdoors for muh patriotism-autism.
this
platters are strong, they just flag bad sectors so it can no longer be accessed but it still can be read with better equipment and multiple sampling of corrupted bytes /etc
NAND is much worse, they have reserve unallocated spaces for performance increase which means the files are duplicated and in case a NAND area dies it just uses the other backup NAND areas (much like RAID because NANDs decay fast or reserved sectors for HDD).
same concept they use on SSHD. avoid SSHD
legacy OS with pure opsec + virtual emulator with necessary opsec and up-to-date stuffs
,ail is shit. Use radio and implement your entire radio facility algo etc. even deviating from FCC standards. make sure no one finds out about it.

okay. it doesn't have to be angled since how you type on keyboards can be seen above. angled for eavesdropping what's on your screen

You can blacklist uas and usb_storage modules and still use usb mice and keyboards.

Also, well memed. I can tell I'm dealing with people who know what they're talking about instead of larping on chinese cartoon forum.

Reminder that the FBI is a large government bureau and, as such, is incredibly incompetent and bureaucratic [potentially by design].
Tails is designed to be used against Bugmen governments, and should work against Fiveeyes if you're not consuming much traffic.

Nice fucking larping.

notFBIagain

You didn't comprehend. Soft issue aren't architecturally safe
I know right! What department are you from?
Serials r still good, but dat signal noise mang, 15m recog
Cold Boot bypass
The illusion of security is worse than no [expectation] security at all
ROFL, did you skip the few months of news?!?
WE GOT A LIVE ONE HERE BOYS!
You got a FCC license for that hot red band we can see from orbit m8?
You're a funny dude

I like my undergarments pink too. Bloody Pink.

We seem to be doing just fine, burring Clinton, Podesta, Obama, and Epstein evidence. Wasn't Assange being delivered yesterday?

malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html
mdpi.com/1999-5903/10/12/121/pdf
hackaday.com/2015/06/08/hard-drive-rootkit-is-frighteningly-persistent/

Attached: infrared-thermal-imaging.jpeg (683x512, 231.48K)

can we like, encrypt RAM?

Yes, but why? What you need is to flush RAM as soon you hit your Killswitch.
I won't reveal my storage regimen for the FBI to read here, but it's blatant.

I bet you aren't even using a non-x86 arch combined with a FIPS 140-2 certified crypto module you scrub.

I used some thing far more tested, and readily available than say having running electricity.

Fuck off with your cellulose bullshit

I hate how modern UEFI crap behaves in such a way that it stores stuff from RAM to disk and dumps it back to RAM during boot just for the 6 seconds boot speed. I've had trouble with it a few times especially that damned hybrid boot. UEFI technology is obviously an attack vector and it's here to stay.

Seriously, the more I know, the more I want to go back to paper and never ever touch any computer again. It is so difficult... I mean, I don't see how you can be any secure if you're not yourself a hardware/software expert... A paper have so much downside compared to emacs+org mode, but at least, you burn it and you're done.

This is how the legitimate 'occult' does things.
Use magitech or some astral technology if you want pure security.
larp :^)

Organic material dies in like a day of exposure, what are you babbling about?

Don't use?

Close close: paper is biodegradable and highly corruptable. I'll hint. It isn't even it, but it should give you an idea

Attached: hint, not it.jpg (540x924, 135.78K)

Gas the CIA.

Fun fact: You get electricity from the gov and your internet is also regulated by the gov.
Check mate.

how? every fucking mb Manny has forced it on every single new mb released in the past, what, 7 years at least?

Don't

Attached: homebrew8088.jpg (1030x752, 243.98K)

Found this on Zig Forums thread. Maybe it will help some of you faggots.
8ch.net/pol/res/12072949.html

Attached: CYBERLOLI Elite Unit.png (1945x6002, 753.65K)

>chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

Attached: Screenshot from 2018-12-23 02-47-11.png (1131x575, 104.71K)

I remember seeing that on:
>>>/netplus/103
>>>/netplus/213
It's an interesting read in a morbid way, but that retard who keeps talking about his kid needs to shut the fuck up and also stop

Pornography is a weapon of mass destruction.

Thank you for your service.

You also have to be a subscriber.

If you watch, user, it's like joining in on the abuse

>fakenamegenerator.com/

for what use is this nonsense?
Hugo R. Varnado
781 Rosewood Lane
New York, NY 10019

Mother's maiden name
Davis

SSN
095-94-XXXX
You should click here to find out if your SSN is online.

Geo coordinates
40.862454, -74.046628

Phone

Phone
212-974-4137

Country code
1

Birthday

Birthday
April 2, 1968

Age
50 years old

Tropical zodiac
Aries

Online

Email Address
[email protected]
This is a real email address. Click here to activate it!

Username
Commerea

Password
ohvaKoT7Ka

Website
lolaymaria.com

Browser user agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.80 Safari/537.36

Finance

MasterCard
5549 5960 9730 6942

Expires
4/2020

CVC2
061

Employment

Company
Muscle Factory

Occupation
Treasurer

Physical characteristics

Height
5' 8" (173 centimeters)

Weight
175.8 pounds (79.9 kilograms)

Blood type
A+

Tracking numbers

UPS tracking number
1Z 013 3V4 10 5481 120 1

Western Union MTCN
2394859646

MoneyGram MTCN
66250723

Other

Favorite color
Purple

Vehicle
2002 Kia Sorento

GUID
97522463-b81d-4a02-a088-474eb78af255

QR Code
Click to view the QR code for this identity

>malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html
News that a hacking group within or associated with the National Security Agency compromised the firmware of hard drive controllers from a number of manufacturers as part of a 14-year cyber-espionage campaign has led some to believe that the manufacturers were somehow complicit in the hacking—either by providing source code to controller firmware or other technical support. But it's long been established that hard drive controllers can be relatively easily reverse-engineered without any help from manufacturers—at least, without intentional help.

Despite keeping hardware controller chip information closed, hard drive manufacturers' use of standard debugging interfaces makes it relatively simple to dump their firmware and figure out how it works—even inserting malicious code that can trigger specific behaviors when files are accessed. Reverse-engineering it to the point of creating a stable alternative set of firmware for multiple vendors' hard disk controllers that also includes persistent malware, however, is a significant feat of software development that only the most well-funded attacker could likely pull off on the scale that the "Equation group" achieved.

Hard drive controller boards are essentially small embedded computers unto themselves—they have onboard memory, Flash ROM storage, and a controller chip that is essentially a custom CPU (usually based on the ARM architecture). They also generally have diagnostic serial ports, or other interfaces on the board, including some based on the JTAG board debugging interface. Using software such as Open On Chip Debugger (OpenOCD), you can even dump the "bootstrap" firmware from the controller and analyze it with an ARM disassembler.


But an attacker doesn't need to necessarily perform hands-on brain surgery on every hard drive to get a persistent attack. The best way to deal with this is to use the same sort of tool hard drive manufacturers use to send out legitimate firmware updates to customers—with a software tool that uses vendor-specific ATA or SCSI commands to re-flash the drive controller's ROM. While these commands aren't exactly documented, they have been reverse engineered for open-source diagnostic tools.

So, in theory, if an attacker was able to use another exploit to gain remote access to a machine and identify the hard drive on the system, they could then drop a customized installer onto the victim system that installs modified drive controller code that gives them a persistent backdoor. The problem, of course, is having a custom set of ROM code for precisely the hard drives that are on the targeted systems—a bit of work that would quickly elevate the cost of development of the attack to something attainable only by an organization with deep technical skill and deep pockets, or a relationship with someone willing to pay for it.

The National Security Agency would seem to meet those criteria. It's already been documented that NSA has funded the development of other persistent attacks, especially as presented in NSA's infamous ANT catalog. But other state-funded actors and criminal organizations could certainly benefit from the same approach in instances where a target uses a relatively consistent set of hardware, such as corporate environments with standardized desktops and notebooks.

Radio and renewable energies like solar panels / geothermal steam power / water fall or wind turbine.
Hard mode: personal nuclear fusion reactor

It is regulated but not if they dead.

Dear captain blowjob
Thanks for your comedy thread, I enjoyed reading every last one of the data at the end of those links
Unfortunately the author of those insane texts are completely oblivious to just how much computing power for decryption and surveillance is actually in the hands of the secret services and other military forces. However much you believe you can secure a computer system and/or its data, think again, the agencies can suck you up their asshole into their mouth, chew you up and spit you out like a blob of snot hocked up from the back of their throat. Give it up, dood. The government spends billions recruiting the best of the best. Most university professors work for government agencies if they are called to do so, and whole teams of the best minds in the world can hoover you up from a half a world away

...

Attached: 009a.jpg (948x450, 55.39K)

I have a question lads, how resource intensive is running whonix in a VM on a 4th gen i3 laptop, also how much more secure is it compared to the regular TBB?
sorry for the retarded question

Attached: 1544954259561.png (600x600, 35.17K)

TBB was compromised
Guess who owns mozilla :^)

Need recommendations on outdoor security cameras. Needs to be IP based but not smart (doesn't talk to an internet service, no mobile app, open protocol, no backdoors)

Net 10 surveillance cameras n gear. Old brand.

Net 10 cameras attach to serio port. runs digital signal thru 120Volt house system. IP based controls, remote handheld controls. Sense Win95-

Stopped reading@
Every Crime Scene Forensics Expert I've met, will swear your hardware matters more than software, esp. regarding backdoor hardware, from physical leak to firmware.
It's probably law enforcement himself.

It's NSA.
And which 3LA actually has contributed to FOSS?

Cameras don't save anything, Patrol does.

DO NOT BUY INTEL OR AMD CPUs. THEY ARE BOTNET

en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits
en.wikipedia.org/wiki/AMD_Platform_Security_Processor
Intel and AMD cpu's have a secondary CPU that is outside of your operating system control. this chip can access your storage, keyboard, mouse, network, it can remotely send your files or keystrokes. it can also remotely destroy your PC. Installing Linux won't deactivate it. The only solution is to not buy and not use those CPUs
Also, Intel is israeli jewish company, if you support them financially you support the white genocide and jewish supremacy.

Everybody has something to hide: CCN, SSN, home address, your kid's class schedule.
Nobody needs to hide everything all the time. You dont need to hide that you played Skyrim for an hour last night, or that you watched "top ten scariest haunted places" on youtube

Redpill me on veracrypt full disk encryption

good for europoors
bad for mericucks

Transparent encryption of all data using trustworthy cipher and implementations. Keys generated and stored on tamper resistant cryptoprocessor sitting on a USB device. To destroy the data, destroy or erase the device holding the keys.

Yeah, we know. What CPUs, then? There are no real contenders.

The only real way to counter these trust issues is to make our own CPUs just like we make our own software. Obviously, no single person can make modern CPUs at home.

get your PC from the good guys
Vikings.net - They even have a workstation with 32-core processors and libreboot (SICK!)
minifree.org - edgy tranny sells librebooted thinkpad

...s

...

Could Trusted End Node Security be trusted with online banking

bump in the midst of spam

no, use backbox

wew
Yes that is well known because it limits finger printing, and the only solution to not let your ISP know if you use tor is to always use tor.
see:
youtube.com/watch?v=eQ2OZKitRwc

Nowadays encryption has been compromised thanks to intels implementation of crypto in hardware aka backdoors
That's not really backdoors, it's more a very advanced hacking technique.

IT security is only as good as the physical security.
Physical security ensures the device can enter a logical secure state before an adversary has access.

AES encryption instructions are difficult to compromise because its result are predictable and uniform, means it can be decoded on an AMD or an older Intel in software.

Dubious are Intel's hardware random number generator in newer processors, due to their intransparency. Random number generation is the number one difficulty in cryptography, as well as checking for proper randomness, nearly impossible, a major weak point.

Real talk, how can one inject randomness into the kernels entropy pool? Say I have a script that makes random numbers from a rtl dongle using radio noise. How do you actually use it in the kernel?

I am curious and have a few questions. In advance I apologize if this is not the correct place to ask.

I have decided to travel outside of the US and I plan to bring along my laptop. Now I don't have any data that could get me into trouble, but I still do not want anyone snooping through my hard drive. My drive is encrypted and I was told that agents can confiscate my drive or even my entire laptop if I refuse to give them the code. Is this true, and can I get in any kind of trouble for not providing the code?

If it is a common practice, is there a way to fool them? I was thinking something along the lines of disconnecting the hard drive and having the computer automatically boot an OS from an SD card. Not so clever, though I have not thought of anything else yet.

Any information about how common this is and tips on dealing with this situation would be greatly appreciated.

Other countries can (and do) do whatever they want once you arrive on their soil. Many countries offer no meaningful protection against searches and have no doctrine of presumption of innocence. Depending on where you travel, having them confiscate your laptop could be the least of your worries.

Upon return to the U.S., in practice, customs and border authorities have broad latitude to search your belongings, including your devices.

aclu.org/other/constitution-100-mile-border-zone

Unless you're keen on being the next test case for the ACLU, you'll either unlock your drive when you're told to like a good boy, or not take your laptop with you in the first place.

Maybe that would work. But what do you do if they think something's fucky, and they disappear with your laptop for 30 minutes, then bring it back and say you're free to go? Would you ever trust that machine again?

Think they can keep for 90 days and make clones. Be careful of extra hardware and special firmware updates when you get it back. Can detain and hassle you for a while, but it's not illegal to refuse. Some set up a vpn server with their data and bring only a basic os and vpn client across the border.

I thought about them taking it into a back room and messing with the hardware, and no, I would never trust the machine ever again.

I was too focused on dealing with agents while leaving the US, dealing with agents in another country slipped my mind. I think now I may have to purchase some really cheap laptop and let them check it. All I really wanted was to bring along my digital collection of language learning books to keep me busy if I get tired of picture taking and such things. Maybe a chromebook. Any way, thank you for your input.

I've been out of the U.S. a handful of times. In my (admittedly limited) experience, getting out of the U.S. is no problem. They're keen to make sure your passport is in order, so you don't end up stranded somewhere without proper documents, but otherwise I don't recall any scrutiny more serious than what you get for a domestic flight these days. Getting in to Europe was no problem, either. I guess they see a white, clean-cut guy with a U.S. passport and just don't get worried. Never been harassed or subjected to any unusual scrutiny. In one Euro country, they barely glanced at my passport before waving me through and didn't even look at my bags. Not in front of me, anyway. And this was after 9/11.

In the couple Asian countries with advanced economies I've visited, they were a bit more thorough than that Euro country and asked several questions, but didn't ask to see any of my devices.

Now, getting back in to the U.S. is another matter. Sometimes they only ask a few cursory questions, but occasionally they'll ask more probing questions, like they're trying to trip me up or get me to say something inconsistent so they can drag me to a back room for an interrogation. That's never happened, but of all of the places I've traveled (which are, granted, all countries that get a lot of U.S. tourists and have good relations with the U.S.) I'm less nervous going than coming back home.

So YMMV depending on where you're traveling.

It's a learning experience to make you understand why privacy matters. You have to be mentally raped before you understand the importance of privacy.

Attached: MAGAbomb.jpg (958x536, 29.99K)

You're set

The problem is where to find a source of randomness.
There are several theoretical physical solutions.
In practice the randomness might be pollute by other predictable signals (noise, but not random), like 60Hz hum for example. difficult to generate real randomness (unpredictability).

I'm not a kernel hacker, but maybe that helps:
old
web.jfet.org/hw-rng.html

blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/
links to
audio entropy daemon
vanheusden.com/aed/
videorandom
vanheusden.com/ved/
Silicon video sensors do have a lot of low level pattern noise that needs to be filtered and are not suitable for dark-field random noise generators. I know your device is just a receiver and the idea is probably to use "static" noise as source of randomness.
The problem is to find a (random) noise signal/source that has very good signal to not-so-random-noise relationship.

...

Funny thing is, security measures like that (searching notebooks at airports) are pointless anyways as you could literally email yourself the encrypted plans on how to bomb the infidels and just download them in your destination country with a there-purchased computer or even in an internet cafe. It's just another excuse to infringe on people's rights and snoop on them and their hardware.

My advise is to simply do that and not take electronic devices across borders. Take a book. Staying away from all your electronic shit for a few hours is sometimes quite healthy.

You are living in the free western world, are you disagreeing with the leadership of party and country, comrade?

Redpill me on hard drive destruction

Just get on the highway and play the fucking license plate game. Pick random cars, write em down, and then convert to '\xXX\xXX' string that you can pass to openssl.

Try stealing that data from me. I dare you.

LUKS + microwave = unrecoverable shit

A big black guy raped him and it's the time when he lost his virginity!

I actually lost my virginity that way.

Not the user you were replying by the way.

Was it as bad as people make it out to be?

As with everything, depends on your threat model.

Full Disk Encryption grants some basic levels of comfort. Someone steals your machine, luks will keep your data safe from the lowlife thief, and the person he shills it to. Drive in an array fails, luks will let you bin it or send it in for warranty repairs/replacement without needing to worry about leaking the partial data on it. Re-purposing the drive? `cryptsetup luksErase ` will return it to near-enough random noise in two seconds by destroying the headers (there are backup sectors, `dd`'ing the first few MB is not enough).

Nation state threats, harder to solve. Digital then physical destruction is best - modern disk controllers do all sorts of clever things that make it harder to digitally erase (another bonus point for FDE - you've never written a plaintext block of data) so total physical destruction is next to ensure coverage. Shoot it, hit it with hammers, shatter the platters, drill through the flash chips, set it on fire, toss it in an engine shredder.

Worried the FBI is coming down the hallway and about to kick in your door? Probably too late by now, they've got enough shit on you to kick in your door but luksErase that shit and hurl the drive out the nearest window as fast as you can. But again, if they're who you are worried about, you'll probably do things differently.

But what is more likely? Your drive fails or is stolen, or the NSA want to get all up in your shit?

I have at least one of these in every computer: onerng.info/onerng/

I put a USB hub inside my X200 too, and embedded one inside that - keeps my USB ports free of kinda obnoxiously sized/shaped dongles, and always travels with me.

What's the best OS for securing yourself against the US government and corporate dataminers?

Yes. I still didn't recover from it.

You would need your behavior to change. It is all the same shit that just needs to be configured/hardened by someone competent. All your software isn't really much use when you buy ALL of your hardware from these (((corporations))) in the first place. Physical access to a box has been accomplished.

Same as other responder.
Using Qubes/Whonix dispVMs is possibly the best other than Tails.

IBM Power9 is free of backdoors as far as I'm aware

I've heard some people talk about "undeletable cookies" that are picked up by your browser even if you don't accept any cookies at all from sites. Does anyone here know more about this and how to protect against them?

Font fingerprint
js can fetch it with one liner -minified
Other is just vanilla cache if you rarely delete cache
They can also detect if X site favicon is cached (usually not cleared on history deletion)
If favicon is cached and you replied a request that it's not needed to be redownloaded bc cache they will know which sites you visit or probably not yet until they read this.
Browser screen can be spoofed with the right tools.

Other method is if you're using bare IP. they can fingerprint your machine public name immediately easily and even benchmark your speeds and latency or rtc your local NAT IP.

At best you can use a newly installed ubuntu on a decent spoofing VM and spoof the most common canvas though tbb removed that feature from what I've heard.
Actually it would be much more easier to just use android x86 for such cases.
Your problem would be if the kernel is malicious (which is usually the case where it phones and bypasses firewall) this is the time you should be compiling from scratch, use root and AFwall, spoof device IDs and all easily compared to a linux desktop or botnet VM which leaks everywhere.

Or just use Tor Browser.

no, no, no. most of the time platter fragments can be restored, if only somewhat. get a torch, get the platters fuck hot, bonus points if they melt, and do it to as much surface area as you can. this will destroy the ability of the material to be magnetic ever again, making the data unrecoverable afaik.
of course, you should still drop it off buildings or blow it up in your backyard or put it in a car crusher or whatever just to be sure, but always do both.

how about some really strong magnet? wouldnt it be empty or even destroyed if you put it in some really strong industrial magnet.. like those that can lift really heavy things

Wouldn't encrypting the drive beforehand simply suffice? There should be no need for physical destruction.

You'd better use hidden volumes of VeraCrypt in case of torture.