Cybersecurity 101 -

Null

Ooperator
kiwifarms.net
I get criticized a lot for hand-holding with this community. People think I should more often let users get doxed or harassed or ridiculed, but those things do not grow a community. A more aware userbase makes it harder to fuck with.

When the people we talk about become frustrated, they will often lash out at members by "doxing" them, or pulling the real-identity information of the person to try and scare them. This is almost always a scare tactic, but real-life problems can arise -- especially if you're someone who does not work for themselves and is prone to saying stupid things.


#1: Consider what every post you make would look like with your real name and picture next to it.


Unless you're a fucking weirdo like me who knows nobody who would ever care about these things, the best advice you can get is: An ounce of prevention is worth a pound of the cure.


#2: Never use the same name twice.
The most common mistake. The best way to deal with this, of course, is to not use the same username more than one place. Especially not here. If there's no way to link you back to a Facebook account or another place you might've used your real name, there's no threat. 90% of the time, this is how people fuck up.

The forum ordinarily does not change names, but in the extraordinary circumstance where: 1) your username links to your identity, and 2) you have not already made a fool of yourself, make a thread in Talk To Staff and we may resolve this for you.


#3: Be careful signing up to other communities.
This is especially pertinent with communities in our Community Watch board that you are joining to fuck with. If you use your email address for personal accounts, they can and will use it to identify you. If your IP is residential, there is a possibility that they can call your ISP and try to find out who you are. ISPs are not supposed to give out dox, but telephone operators are less-than-savvy, poorly-paid human beings who can potentially oblige a charismatic caller.


#4: Don't host images with account-based image sharing sites.
- Image hosting sites that host albums frequently tag your username in the URL, giving people a way to trace it back. Photobucket is a massive fucking culprit of this. Do not ever host images posted here on Photobucket. Upload directly the site.
- Never post an image from Facebook. It is 100% possible to take a Facebook URL and get your profile from use. Upload directly the site (but change the filename).


#5: Don't make enemies if you don't want enemies.


GL:HF. Post comments or tips in this thread.
 
Last edited:

Dynastia

woman respecter
True & Honest Fan
kiwifarms.net
If you live in the United States and have ever signed up for a phone line or other utility in your own name, or been on a lease, you're very likely to have your personal contact information hosted on the internet white pages or information aggregators such as spokeo. Obviously this isn't a problem for Kiwi Farmers since we all still live in our mother's basements, but on the off chance that you maybe paid for your cell phone plan yourself...

- Google your full name, address along with shit like "street address" or "white pages" and see if you crop up. If you don't, that's fine.

- If you're on the white pages, see here for instructions on getting removed.

- For other common peoplesearch directories, here.

edit ; Forgot to mention this also applies to home ownership, and that anytime you purchase land, change utility providers, change phone provider, or sign onto a new lease it's very likely your private information will be spewed back onto those peoplesearch sites, so check again afterwards.
 
Last edited:

The Knife's Husbando

Combat pragmatist
kiwifarms.net
If you live in the United States and have ever signed up for a phone line or other utility in your own name, or been on a lease, you're very likely to have your personal contact information hosted on the internet white pages or information aggregators such as spokeo. Obviously this isn't a problem for Kiwi Farmers since we all still live in our mother's basements, but on the off chance that you maybe paid for your cell phone plan yourself...

- Google your full name, address along with shit like "street address" or "white pages" and see if you crop up. If you don't, that's fine.

- If you're on the white pages, see here for instructions on getting removed.

- For other common peoplesearch directories, here.
May be a stupid question, but are pay-as-ya-go cellphones covered by that?
 

Gangster Talk

You lookin' at my gut?
kiwifarms.net
If you're active in a community and you reveal any personal details about yourself, no matter how seemingly mundane, you should really just expect crazy people to be able to identify you. It only takes one flippant comment to be used as a starting point for someone sufficiently obsessed and competent enough to find out who you are. This could be as simple as "As someone from (somewhere)..." or "As someone who works in (industry)..." By and large, tech companies no longer respect privacy and are open about this change in attitude. The internet that you knew as a safe haven for you to secretly masturbate to anime characters wearing diapers or whatever is dead. The internet today is now fundamentally structured with the assumption that the average internet user is your harmless 35 year old uncle sharing bird photography, and that this user would never have to worry about vindictive crazy people trying to send SWAT teams to their house. It is a tedious and uphill struggle to try to stay totally under the radar and one slip up is permanent damage.


The good news is that while many of the crazy people on the internet are obsessed, few are actually competent. Consider that the name "Jace Connors" only existed because doxmasters Gamerfood looked up a single voter registry based on a Google Voice number and they neglected to verify that the real Jace was middle aged (despite this information being in the very same voter registry) and the address they had was vacant. Consider that days after the Deagle Nation reveal, while Jan's real name was in multiple news articles, Sluthate went on a doxing crusade and somehow failed to discover any data on administrator "DeagleDad420". It's probably not necessary to hide under a rock, but you should always operate under the assumption that somebody is capable of doxing you, because it's invariably true.
 
Last edited:

Ruin

Big tiddy Nazi GF
True & Honest Fan
kiwifarms.net
I think it's also worth striping exif from any photos of youself. Plus make sure it's a unique image. Unless you're particularly ugly google reverse search won't find anything.
In case someone doesn't know the path for windows seven users is.

Right click on picture
Details
Remove Identity and personal information
Save properties
 

AnOminous

do you see what happens
True & Honest Fan
Retired Staff
kiwifarms.net
This neat little app also strips metadata:
http://codewelt.com/stripper (Windows / OS X)
As a drag & drop, it's good for stripping metadata from a bunch of images at once.

Or if you want to fake it to plant bullshit info for your own amusement and the embarrassment of would-be doxers:
http://www.sno.phy.queensu.ca/~phil/exiftool/

There are too many viewers to really keep track of them all, but this Chrome plugin gives you (limited) exif info on mouseover. Not the fun stuff like GPS, though:
https://chrome.google.com/webstore/detail/exif-viewer/nafpfdcmppffipmhcpkbplhkoiekndck?hl=en

And this online utility gives you everything:
http://regex.info/exif.cgi
 

Wilkins

Jim Henson's angry ghost
kiwifarms.net
It's dox, not doxx. That corruption was made popular by Gawker.

Don't use Tinypic or Photobucket, they have a tendency to linking up to your social media accounts in a very discreet way.

Watch out for private messages. IP logger pixels are super easy and very effective.

All the precautions in the world won't save you from a skilled social engineer. The best doxers get the information by asking.
 

ULTIMATEPRIMETIME

my dream is an internet without women
kiwifarms.net
What's the point of removing exif data?
Do some people program their name on cameras and phone ? Because I never did that.
There have been people that took phone pictures with GPS tracking on, and from the EXIF data you can tell exactly where it was taken, sometimes what room they were in, and if it's a really fancy phone, what direction they were facing. GPS tracking is that good now.
 
Last edited:

Null

Ooperator
kiwifarms.net
Watch out for private messages. IP logger pixels are super easy and very effective.
Oh yeah, I tried enabling the XenForo reverse image proxy, but the two problems with that are:

1) The image loggers can then launch identification attacks against the actual server, and
2) People had trouble copy+pasting the URL for stuff uploaded to the forum because it included the fucking proxy URL and the forum couldn't figure out what to do with those images.

I wish they'd fix that.
 
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino