# πŸ”’ Security & Privacy Guide
**πŸ›‘οΈ Comprehensive security measures and incident response** *Protect your accounts and maintain privacy*
--- ## 🎯 Security Overview This guide explains how the script **detects security-related issues**, what it does automatically, and how you can **resolve incidents** safely. ### **Security Features** - 🚨 **Automated detection** β€” Recognizes account compromise attempts - πŸ›‘ **Emergency halting** β€” Stops all automation during incidents - πŸ”” **Strong alerts** β€” Immediate notifications via Discord/NTFY - πŸ“‹ **Recovery guidance** β€” Step-by-step incident resolution - πŸ”’ **Privacy protection** β€” Local-only operation by default --- ## 🚨 Security Incidents & Resolutions ### **Recovery Email Mismatch** #### **Symptoms** During Microsoft login, the page shows a masked recovery email like `ko*****@hacker.net` that **doesn't match** your expected recovery email pattern. #### **What the Script Does** - πŸ›‘ **Halts automation** for the current account (leaves page open for manual action) - 🚨 **Sends strong alerts** to all channels and engages global standby - ⏸️ **Stops processing** β€” No further accounts are processed - πŸ”” **Repeats reminders** every 5 minutes until intervention #### **Likely Causes** - ⚠️ **Account takeover** β€” Recovery email changed by someone else - πŸ”„ **Recent change** β€” You changed recovery email but forgot to update config #### **How to Fix** 1. **πŸ” Verify account security** in Microsoft Account settings 2. **πŸ“ Update config** if you changed recovery email yourself: ```json { "email": "your@email.com", "recoveryEmail": "ko*****@hacker.net" } ``` 3. **πŸ” Change password** and review sign-in activity if compromise suspected 4. **πŸš€ Restart script** to resume normal operation #### **Prevention** - βœ… Keep `recoveryEmail` in `accounts.json` up to date - βœ… Use strong unique passwords and MFA - βœ… Regular security reviews --- ### **"We Can't Sign You In" (Blocked)** #### **Symptoms** Microsoft presents a page titled **"We can't sign you in"** during login attempts. #### **What the Script Does** - πŸ›‘ **Stops automation** and leaves page open for manual recovery - 🚨 **Sends strong alert** with high priority notifications - ⏸️ **Engages global standby** to avoid processing other accounts #### **Likely Causes** - ⏱️ **Temporary lock** β€” Rate limiting or security check from Microsoft - 🚫 **Account restrictions** β€” Ban related to unusual activity - πŸ”’ **Verification required** β€” SMS code, authenticator, or other challenges #### **How to Fix** 1. **βœ… Complete verification** challenges (SMS, authenticator, etc.) 2. **⏸️ Pause activity** for 24-48h if blocked repeatedly 3. **πŸ”§ Reduce concurrency** and increase delays between actions 4. **🌐 Check proxies** β€” Ensure consistent IP/country 5. **πŸ“ž Appeal if needed** β€” Contact Microsoft if ban is suspected #### **Prevention** - βœ… **Respect rate limits** β€” Use humanization settings - βœ… **Avoid patterns** β€” Don't run too many accounts from same IP - βœ… **Geographic consistency** β€” Use proxies from your actual region - βœ… **Human-like timing** β€” Avoid frequent credential retries --- ## πŸ” Privacy & Data Protection ### **Local-First Architecture** - πŸ’Ύ **All data local** β€” Credentials, sessions, logs stored locally only - 🚫 **No telemetry** β€” Zero data collection or external reporting - πŸ”’ **No cloud storage** β€” Everything remains on your machine ### **Credential Security** ```json { "accounts": [ { "email": "user@example.com", "password": "secure-password-here", "totpSecret": "optional-2fa-secret" } ] } ``` **Best Practices:** - πŸ” **Strong passwords** β€” Unique, complex passwords per account - πŸ”‘ **2FA enabled** β€” Time-based one-time passwords when possible - πŸ“ **File permissions** β€” Restrict access to `accounts.json` - πŸ”„ **Regular rotation** β€” Change passwords periodically ### **Session Management** - πŸͺ **Persistent cookies** β€” Stored locally in `sessions/` directory - πŸ”’ **Encrypted storage** β€” Session data protected at rest - ⏰ **Automatic expiry** β€” Old sessions cleaned up automatically - πŸ—‚οΈ **Per-account isolation** β€” No session data mixing --- ## 🌐 Network Security ### **Proxy Configuration** ```json { "browser": { "proxy": { "enabled": true, "server": "proxy.example.com:8080", "username": "user", "password": "pass" } } } ``` **Security Benefits:** - 🎭 **IP masking** β€” Hide your real IP address - 🌍 **Geographic flexibility** β€” Appear from different locations - πŸ”’ **Traffic encryption** β€” HTTPS proxy connections - πŸ›‘οΈ **Detection avoidance** β€” Rotate IPs to avoid patterns ### **Traffic Analysis Protection** - πŸ” **HTTPS only** β€” All Microsoft communications encrypted - 🚫 **No plaintext passwords** β€” Credentials protected in transit - πŸ›‘οΈ **Certificate validation** β€” SSL/TLS verification enabled - πŸ” **Deep packet inspection** resistant --- ## πŸ›‘οΈ Anti-Detection Measures ### **Humanization** ```json { "humanization": { "enabled": true, "actionDelay": { "min": 150, "max": 450 }, "gestureMoveProb": 0.4, "gestureScrollProb": 0.2 } } ``` **Natural Behavior Simulation:** - ⏱️ **Random delays** β€” Variable timing between actions - πŸ–±οΈ **Mouse movements** β€” Subtle cursor adjustments - πŸ“œ **Scrolling gestures** β€” Natural page interactions - 🎲 **Randomized patterns** β€” Avoid predictable automation ### **Browser Fingerprinting** - 🌐 **Real user agents** β€” Authentic browser identification - πŸ“± **Platform consistency** β€” Mobile/desktop specific headers - πŸ”§ **Plugin simulation** β€” Realistic browser capabilities - πŸ–₯️ **Screen resolution** β€” Appropriate viewport dimensions --- ## πŸ“Š Monitoring & Alerting ### **Real-Time Monitoring** ```json { "notifications": { "webhook": { "enabled": true, "url": "https://discord.com/api/webhooks/..." }, "ntfy": { "enabled": true, "url": "https://ntfy.sh", "topic": "rewards-security" } } } ``` **Alert Types:** - 🚨 **Security incidents** β€” Account compromise attempts - ⚠️ **Login failures** β€” Authentication issues - πŸ”’ **Account blocks** β€” Access restrictions detected - πŸ“Š **Performance anomalies** β€” Unusual execution patterns ### **Log Analysis** - πŸ“ **Detailed logging** β€” All actions recorded locally - πŸ” **Error tracking** β€” Failed operations highlighted - πŸ“Š **Performance metrics** β€” Timing and success rates - πŸ›‘οΈ **Security events** β€” Incident timeline reconstruction --- ## πŸ§ͺ Security Testing ### **Penetration Testing** ```powershell # Test credential handling $env:DEBUG_SECURITY=1; npm start # Test session persistence $env:DEBUG_SESSIONS=1; npm start # Test proxy configuration $env:DEBUG_PROXY=1; npm start ``` ### **Vulnerability Assessment** - πŸ” **Regular audits** β€” Check for security issues - πŸ“¦ **Dependency scanning** β€” Monitor npm packages - πŸ”’ **Code review** β€” Manual security analysis - πŸ›‘οΈ **Threat modeling** β€” Identify attack vectors --- ## πŸ“‹ Security Checklist ### **Initial Setup** - βœ… **Strong passwords** for all accounts - βœ… **2FA enabled** where possible - βœ… **File permissions** restricted to user only - βœ… **Proxy configured** if desired - βœ… **Notifications set up** for alerts ### **Regular Maintenance** - βœ… **Password rotation** every 90 days - βœ… **Session cleanup** weekly - βœ… **Log review** for anomalies - βœ… **Security updates** for dependencies - βœ… **Backup verification** of configurations ### **Incident Response** - βœ… **Alert investigation** within 15 minutes - βœ… **Account verification** when suspicious - βœ… **Password changes** if compromise suspected - βœ… **Activity review** in Microsoft account settings - βœ… **Documentation** of incidents and resolutions --- ## 🚨 Emergency Procedures ### **Account Compromise Response** 1. **πŸ›‘ Immediate shutdown** β€” Stop all script activity 2. **πŸ”’ Change passwords** β€” Update all affected accounts 3. **πŸ“ž Contact Microsoft** β€” Report unauthorized access 4. **πŸ” Audit activity** β€” Review recent sign-ins and changes 5. **πŸ›‘οΈ Enable additional security** β€” Add 2FA, recovery options 6. **πŸ“‹ Document incident** β€” Record timeline and actions taken ### **Detection Evasion** 1. **⏸️ Temporary suspension** β€” Pause automation for 24-48h 2. **πŸ”§ Reduce intensity** β€” Lower pass counts and frequencies 3. **🌐 Change IPs** β€” Rotate proxies or VPN endpoints 4. **⏰ Adjust timing** β€” Modify scheduling patterns 5. **🎭 Increase humanization** β€” More natural behavior simulation --- ## πŸ”— Quick Reference Links When the script detects a security incident, it opens this guide directly to the relevant section: - **[Recovery Email Mismatch](#recovery-email-mismatch)** β€” Email change detection - **[Account Blocked](#we-cant-sign-you-in-blocked)** β€” Login restriction handling --- ## πŸ”— Related Guides - **[Getting Started](./getting-started.md)** β€” Initial setup and configuration - **[Accounts & 2FA](./accounts.md)** β€” Microsoft account setup - **[Proxy Configuration](./proxy.md)** β€” Network privacy and routing - **[Humanization](./humanization.md)** β€” Natural behavior patterns