Cybersecurity 101 -

[Leonard Helplessness]

- DO NOT DO NOT DO NOT send any Word documents especially if your name is in the author field. Converting to .odt should solve this problem.

I’ve been using Excel for some analytics I’ve been doing on Twitter scrapes, and I noticed that Excel likes to expose personal information in Excel files’ metadata. Windows has an button to strip metadata in the Properties window of a file, but doing this to an Excel file tends to break it. Excel has some shit buried deep in its settings (that you have to enable for each fucking file) that lets you strip metadata and prevent it from being saved onto the file again, but is there a way to confirm a file doesn’t still expose personal details after that?

 

[Kosher Salt]

I’ve been using Excel for some analytics I’ve been doing on Twitter scrapes, and I noticed that Excel likes to expose personal information in Excel files’ metadata. Windows has an button to strip metadata in the Properties window of a file, but doing this to an Excel file tends to break it. Excel has some shit buried deep in its settings (that you have to enable for each fucking file) that lets you strip metadata and prevent it from being saved onto the file again, but is there a way to confirm a file doesn’t still expose personal details after that?

Saving as .csv will discard any formulas/formatting, but it'd definitely eliminate the possibility of there being any metadata in there.

 

[TheMagician]

If you ever tell a personal anecdote (for example, in threads like "Share Your School Stories" or "Retail Horror Stories"), don't share the same anecdote on a different site, especially not if it has a unique word/phrase/name that's easily searchable.

 

[Condicional]

By the way, about Discord, be careful with who you talk to because they can copy your User ID without permission, if you want to start anew or hide, don't try to change your Discord tag, just make a new account.
People can just copy your user ID if they enable developer mode and search it in discord.id to get your actual name and tag. Developer mode is literally one click.
If you're not sure, then just try it with another user, even if they change nick, avatar, or tag, it will always reflect back your actual info because your ID doesn't change.

 

[stacks]

iirc modern variants of ken thompson's compiler backdoor could be on every chip on every modern device and it would be next to impossible to find without an electron microscope, so you are fucked either way

 

[Fiveish]

Which is why people should use PrivateInternetAccess, which has been proven to not log IPs.

Throwing in another advertisement for this one. It's a good price and does its job quietly and conveniently.

 

[Condicional]

Throwing in another advertisement for this one. It's a good price and does its job quietly and conveniently.

I would truly like to know which ones are confirmed to log ips.
I used TunnelBear VPN with its free MB, but not as an active VPN for everyday, but I'm not sure of how safe is to use it.

 

[Fiveish]

I would truly like to know which ones are confirmed to log ips.
I used TunnelBear VPN with its free MB, but not as an active VPN for everyday, but I'm not sure of how safe is to use it.

" TunnelBear does not collect traffic logs or monitor any user activity. It does collect some data, including your OS, whether or not you’ve been active this month, and the total amount data used within a month. However, “TunnelBear does NOT store users originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers.” "

List of VPNs confirmed to log IPs
Banana VPN
Buffered
F-Secure Freedome
Faceless.Me
FlowVPN
FlyVPN
FreedomIP
HideMyAss
Hola
IdentityCloaker
Iron Socket
LeVPN
MyIP.io
PandaPow
PrivateWifi
SecurityKISS (10 days)
Speedify
SunVPN
SwissVPN (6 months!!!)
TotalVPN
Unlocator
VPN.ac (one day)
VPNBook (one week)
VPNLand (sign-up)

Not proven to NOT store IP Logs
Privatoria

 

[AcolyteOfMilk]

Is there an advanced guide here on how to not get doxxed?

 

[Condicional]

Is there an advanced guide here on how to not get doxxed?

There's always a blind spot.
What you can do though, is to be careful with your identity online:
Don't share photos, don't announce your name, always go under an alias or nick.
Don't trust people with any of your info, don't use the same nick everywhere.
Don't tell where you live, if your country is that picky then go with a VPN always.
Use a second computer for more sensible stuff, always use another nick for whatever you're going to do that is outside of your personal life (like saying your political opinion online)
Don't be stupid (hard one)
And not to live in USA. Lmao, it surprises me that you can get where someone lives just with their phone or name (If i'm not wrong). The most that you can get in mine is your identity number, name and maybe some legal shit but anything like: where you are, and even who are your parents

 

[glow]

Is there an advanced guide here on how to not get doxxed?

You should also concern yourself with technical factors.

If KF were to get 0wned and have its user list for all to see, how many idiots here have used their personal email address? You could then tie a real-world identity to many posters.

Make sure that you use an email address you don't use anywhere. I would suggest a combination of a non-mainstream email provider that offers a free account and an email forwarding service. Once you've figured out what to use, don't tell other people what you use.

You should use a VPN and access those services via a VPN but you should use a different VPN connection for other browsing to keep the identities separate. I made a post recently explaining how even the non-glowies with appropriate access can unmask you.

 

[Kosher Salt]

If KF were to get 0wned and have its user list for all to see, how many idiots here have used their personal email address? You could then tie a real-world identity to many posters.

You don't just have to imagine this; it's actually happened in the past.

 

[Saigon63]

Yea, at this point it doesn’t matter much. Pulling a T1059 with F# automating Powershell utilizing python as a container creator can be done in all major systems. I can still write a 10 liner VB script and decimate your computer because it’s still widely used.

Bluetooth Low Engery Adapter remain hidden adapters and if you pay attention to your battery plan, you don’t really shut off for a long time. Your BT Low energy chips are universally installed and have like a 3km ranges. So the sphere of confluence that is tied to you is extremely complex. Your devices are beacons bby.

My new project is utilizing the Agent Based Model I utilized prior but using MS User Accounts to their extensibility.

Functional programming for agent architecture is the way to go. The eNodeB box from OAI will act as an intermediary to emit a stronger frequency to act as a gateway to my devices.

Gl0Box has three main agents.
EgoAgent, IDAgent, SuGoAgent

Part one starts collecting stats on me as to figure out what I’m overall sending out to establish a linear normalization that I can then modify.
While the EgoAgent is training, NLP with mill be used to establish 2 RNN’s- IDAgent, SuGoAgent.

Part two: Using the Ego, the ID and the super ego start to make an accretion of automated changes to start figuring out stats of dataminers and spyware and their stochastic programming. And fuck yo their data. #FuckYoStatsBitch

then hope just utilizing the available open source and legal tools to plug my SoundCloud.

The project in tandem after that is the NOpenSources License and the MuIE Templating Engine- utilizing the sinks from the box, I hope to write a decentralized encryption/decryption templating engine utilizing an Apache Cassandra approach that would have the snitch like concept. The template would utilize distributed key set information to lock down code based with 0 accountability. Not only would make this easier to track, it would offer a more granulated way to stop a code base or to send one. By zero accountability, I mean there is no one to hold accountable. Because all I see are limp dicks passing the buck with the fire eye drops. No bueno.

Ive got the UDM setup. The wireframes are pretty solid, I intend to implement event driven architecture and I’ve established key stores and data warehousing needs.

 

[JeNeComprendsPas420]

This may have been mentioned here but you should also delete your facebook and instagram account.

 

[Coleslaw]

If you want to send a message but don't want your recipient to know who you are, keep it short and don't take questions. Better to keep them guessing about its content than to help them identify its source.

 

[TerrorSperg99]

I would also recommend to not post impulsively when you’re emotional if something on the site upset you it’s best just to cool off and take a break for a bit

 

[Prophetic Spirit]

As a student of this matter, the 2 last comments are right; even cybersecurity workers can't do miracles if the victims made ways to get doxxed/hacked.
Never download shit from random emails, don't get cocky or blinded with false threatments and always be cautious.
Viewing porn in work is one of the most hilarious ways to get virus without a decent antivirus

 

[2 litre soda]

I would also recommend to not post impulsively when you’re emotional if something on the site upset you it’s best just to cool off and take a break for a bit

But, if everyone were to take this advice, where would half the lolcows go?

 

[Coleslaw]

No amount of encryption can save you from your trust of someone who's untrustworthy.

 

[Carlito]

I'm not sure if this has already been mentioned, but I suggest Eraser as a piece of file deletion software. Open source and under the GNU General Public License (Eraser's home site), it works by overwriting a file a number of times as per various presets (e.g. Gutmann at 35 passes, "US DoD 5220.22-M (8-306. / E, C and E)" at 7 passes, etc.) so that the true data is obfuscated. This way, the user can nuke any file from orbit. You also have the ability to make your own presets, but I never touched that so I can't vouch for that or describe how it works.

For the rightfully paranoid, this is a godsend as it throws even more of a hamper on the feds, law enforcement, and criminals who have actual know-how to obtain the info after it has been deleted normally. I suggest it's portable variant as it's small (3 megabytes max), gets its job done, and can be fit onto a USB drive.

https://portableapps.com/apps/security/eraser-portable - Download link for if the hyperlink does not work
https://eraser.heidi.ie/ - Information link for if the hyperlink does not work.