Dealing with the compromise -

4Macie

The Cow Dullahan
kiwifarms.net
My two cents that literally no one asked for and no one cares about.

@Null Thanks. Honestly. I get that hosting the leaked information has come as a sore spot for some; but I honestly wouldn't have known they got any information from me if you hadn't. I'm not worried about it because (surprise) none of my real life stuff was grabbed. But it was cool to see that I was on the list...just to have the knowledge.

Thank you for being honest with us, for making as many threads as you did to let us know a breach of some kind had happened. You could have scum lorded and ignored it. Many of us would have never known because we don't follow the cows tweeting about it.
 

totse

my uncle gave me herpes
kiwifarms.net
It's kinda me being iffy about my money and privacy I guess even though I've used burners and fake info; I discussed VPNs with a few others before, most say you should pay with bitcoin/crypto/whatever to stay safer and more anonymous since paying with real money is risky (and I don't like bitcoin/crypto). That, and if people didn't use a VPN before but suddenly switch to one now to stay on KF it feels pointless since the file is out.
Probably doesn't make much sense and I'm stupid for thinking this.
It's unlikely that your IP in the leak can be tied to you or your internet identity unless you're a particular target. However, using a VPN post-breach does remove the chance that your IP from the leak could be used to correlate your KF account with other activity from that IP later.

Edit: I feel I should clarify, that means using a VPN for everything, not just for going to KF. This is because the scenario in mind is that someone operating another website or service could see your actual IP address, which is already known to be associated with your KF account. Then they can know that "you" on their service = "you" on KF. Realistic? Maybe not a huge concern, it depends. You could also use the VPN for KF only, if you just want to avoid your future IP address getting exposed in case KF gets haxxored again.
 
Last edited:

Bi Eraser

Fudge packing gussy grabber
kiwifarms.net
At first I disagreed with the people in this thread who were against hosting the leak, but after mulling it over I think they're right. It would have been much safer to just post a list of usernames who got their info leaked instead of leaking all the info the the public. Hosting all that info on KF just makes it easier for people who hate us to fuck over our userbase.
A few pages back I asked if it would be hypocritical to host doxxes for cows but not for our users. It would. But it seems like every week or two some outside force is trying to fuck us over, shut the site down, or do other nefarious things to prevent us from having fun on the internet. I'm willing to be a bit of a hypocrite if it keeps the Farms safe and allows us to continue doing what we do.
This point has been beaten to death already so my apologise but why does it matter if KF has the doxx? It's not any easier or harder to access to people who actually want to find it, they would of found it without us because it's been spread around so much by people other than us. I understand your point but IMO I don't care much that I'm on Schindler's List. Honestly a fake IP and a throwaway email really don't matter whatsoever. Also still waiting on that hug...:(
 
Last edited:

simulated goat

Intellectual Property
kiwifarms.net
Thank you @stakenifes for the compltete list. All I needed to do was change my password, all the ip's are the net version of old used rubbers on the sidewalk outside a grind dive.

Thank you Null for the heads up and sage advice, I'll be switching some more furniture around soon.
 
  • Like
Reactions: Dork Of Ages

Reverend

Avatar of Change
kiwifarms.net
I know of at least one that I found within 15 minutes of Null posting this .... so, yes, there are.
and dumb fucks were using the same email for other social media accounts, business accounts, registering property, etc. etc. ETFUCKINGCETERA.

the only way for people to learn is to get exposed. It's why you say to children "The stove is hot, you'll get burned if you touch it." They do it anyway and learn that, yes indeed, the stove is hot and they get burned for it and that hurts. Pain is the ultimate Tutor.
 

Desire Lines

shitposting russian queer
True & Honest Fan
kiwifarms.net
I've taken my time making this post, but quite frankly I am very dissapointed in Null. I've already disliked the direction the site is going in, and I've expressed my concerns over it, but this is not only unprofessional, but incredibly disrespectful to the community at large. Hosting this file does literally nothing but create an aura of unease over the site, forcing people to not trust each other and discouraging forming actual relationships. I've had many wonderful talks with some of the people on here, but lately there has been a huge influx of users that blatantly disrespect the authority of the site and each other. I really don't want this forum to turn into 4chan 2.0.

The logical course of action would be alerting users about the leaks and mitigating the damages relating to it. The way this post is written shifts the blame entirely on the userbase for not using a VPN and a disposable e-mail address, but the thing is, a lot of people haven't bothered with that because they trusted Null with personal data, which is why hosting this feels like a giant stab in the gut. Also what Null completely brushes over is that the main reason the site got hacked is because of the setting up of non-Cloudflare domains, which could have been handled SO much better than taking off the security off THE MAIN SITE. I am personally not affected by the leak (it just shows I live in the general region of Moscow, which I've already talked about), so I don't accuse me of being salty. I just wish the speds that go "hurr durr it's ur fault for not being secure" and Null would realize that this kind of shit is unacceptable.

Also didn't you tell @Gengar that you were going to take down the file? Did you backpedal on that?
 
Last edited:

LocalFireDept

kiwifarms.net
I was part of the breach, but I didn't use a name here I use elsewhere (as well as one that would be difficult to search online) an email address completely disconnected from my "normal" stuff, and a password that I don't reuse on anything of any significance and use 2FA on anything that does. I do this for everything because if it wasn't KF it would be another site.
 
N

ND 719

Guest
kiwifarms.net
Joined KF to talk shit about videogames and some internet idiots and now i'll probably be put in a bin with a bunch of other bullshit. Well, at least I used a burner email and a unique password, though what Null said about websites being potentially downloaded from active log in tokens does still concern me even though I changed all my passwords out of sheer paranoia.
 
J

JR 020

Guest
kiwifarms.net
It's kinda me being iffy about my money and privacy I guess even though I've used burners and fake info; I discussed VPNs with a few others before, most say you should pay with bitcoin/crypto/whatever to stay safer and more anonymous since paying with real money is risky (and I don't like bitcoin/crypto). That, and if people didn't use a VPN before but suddenly switch to one now to stay on KF it feels pointless since the file is out.
Probably doesn't make much sense and I'm stupid for thinking this.
you can always use tor instead. it's free and much more secure than any VPN can ever be.
tor is a bit slow, so if you want protection for torrenting big files or watching video streams then a VPN is a better option, but for general web browsing on sites like this tor is the way to go.
 
  • Disagree
Reactions: Vlinny Chan
N

ND 719

Guest
kiwifarms.net
i think he unhosted it, all the links are 404

also as far as "brushing over"... this thread is about how not to get fucked, it's not even the post-mortem. i think the OP of this thread has an express purpose. that's just my take.

also today is stream day, he could have more to say then.
Dumb question but where is the stream happening, Dlive or?
 

AmpleApricots

kiwifarms.net
tor has gotten faster in recent years, it's even fast enough for video if the site in question doesn't block the IP that is, which is the bigger problem with Tor. Or rather with cloudfare where like half the web sits behind.

I wish kiwifarms wouldn't have the cuckflare CAPTCHA where I have to help google to train killbots, but it's alright I guess. Could be worse. Tor is safer as the servers that relay your request each don't know enough to make a noose out of it for you. That is not the case with VPNs who get to know a lot more about what you do.

People really really should get that this is a normal thing that happens all the time. Registered once on some shitty webshop to buy some steam key ore a new vase? Chances are, that place leaked your data too through some exploit. (if it didn't outright sell it, random chinese sellers are very much in that business) Most sites simply don't have the courtesy to ever tell you. You need to compartize what kind of info each of the sites you use get. Sadly that often means tons of burner emails because that's the easiest way to link stuff together, but that's how this game goes.

A fun game you can play is registering on sites with emails like this: John+sometag@doe.net the "+sometag" is just an addition that's respected by email servers but doesn't factor into actually delivering the mail, which in my example would go to John@doe.net. It's a really handy way to figure out who leaked your email address to spammers. You'd be surprised.
 

2nd_time_user

Equitably diffident
kiwifarms.net
I've taken my time making this post, but quite frankly I am very dissapointed in Null. I've already disliked the direction the site is going in, and I've expressed my concerns over it, but this is not only unprofessional, but incredibly disrespectful to the community at large. Hosting this file does literally nothing but create an aura of unease over the site, forcing people to not trust each other and discouraging forming actual relationships. I've had many wonderful talks with some of the people on here, but lately there has been a huge influx of users that blatantly disrespect the authority of the site and each other. I really don't want this forum to turn into 4chan 2.0.

The logical course of action would be alerting users about the leaks and mitigating the damages relating to it. The way this post is written shifts the blame entirely on the userbase for not using a VPN and a disposable e-mail address, but the thing is, a lot of people haven't bothered with that because they trusted Null with personal data, which is why hosting this feels like a giant stab in the gut. Also what Null completely brushes over is that the main reason the site got hacked is because of the setting up of non-Cloudflare domains, which could have been handled SO much better than taking off the security off THE MAIN SITE. I am personally not affected by the leak (it just shows I live in the general region of Moscow, which I've already talked about), so I don't accuse me of being salty. I just wish the speds that go "hurr durr it's ur fault for not being secure" and Null would realize that this kind of shit is unacceptable.

Also didn't you tell @Gengar that you were going to take down the file? Did you backpedal on that?
KF has never been about actual relationships in public. Building those happens mostly in DM. While only DM headers appear to have been leaked this time around, people can and have released them otherwise, and I think people should be communicating with that in mind.

Early on, Josh revealed that TTS threads in particular were compromised. To me, that's the bigger issue as Null is steering people toward verifying via a talk-to-staff thread than just talking to him--which means that person isn't talking just to Josh Moon who has doxed himself fully but to a room full of anons who could be anyone but trust "us" because we don't even tell lowly supes. But then, if you do, it could be anyone who leaked your info to the Internet. You should have been behind a VPN/disposable but then the site's denizens are telling you to verify with IRL details.

Anyone doing official verification should be expected to reveal their own PI to the extent that Josh did. You show me yours, I'll show you mine. If we're going by the ethos of everyone being as anon as poss except Josh, no one should be expected to verify.
 

CabbageMan

sly miss
kiwifarms.net
i think he unhosted it, all the links are 404

also as far as "brushing over"... this thread is about how not to get fucked, it's not even the post-mortem. i think the OP of this thread has an express purpose. that's just my take.

also today is stream day, he could have more to say then.
The zip file is still up and all the files are intact in there.
 
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino