Online Security

Why Discord is the poorest choice for illegal chat:
www.youtube.com

PSA: Don’t Send this Photo on Discord!

There is an ILLEGAL photo that is floating around that if you send it on Discord, YOU WILL GET BANNED. Doesn't matter if it's in DMs or in a Discord server.T...
www.youtube.com www.youtube.com

And:
erphy said:
Discord records and keeps everything you post. You can see for yourself by filling out a data subject request with them. They will return a packet of data showing your entire chat history etc. I would not trust discord for anything but playing video games and innocent chat.
Click to expand...

It does not run through TOR either.
 
stephshoneyonkik said:
how do i clear my tracks if i havent been using vpn? free vpns out there?
Click to expand...
Wipe your local history on your device. Start using a vpn they are cheap. I use Mullvad purchased with crypto. Some also use Tor as another layer. I use mullvad on my pc and phone . Then I use privacy browsers that don’t keep history by design. Firefox Focus on mobile and Librewolf on pc.

Edit : as others said any info your ISP has is out of your control.
 
erphy said:
Edit : as others said any info your ISP has is out of your control.
Click to expand...
I do not know about other countries. But here they are required to hold onto the records for a certain number of years before deleting them.
So for example they will keep your DNS requests for 4 years. DNS is typically not encrypted unless you enabled it.
So if you visit zooville, your ISP will know you looked up this host name. The actual contents of what you did on the website is encrypted by https so that should not be visible to them.
 
pes said:
I do not know about other countries. But here they are required to hold onto the records for a certain number of years before deleting them.
So for example they will keep your DNS requests for 4 years. DNS is typically not encrypted unless you enabled it.
So if you visit zooville, your ISP will know you looked up this host name. The actual contents of what you did on the website is encrypted by https so that should not be visible to them.
Click to expand...
Yea it’s not enough to nail you outright, but can be used as evidence to target you for an investigation. Worst case is they get a warrant to search your devices though it’s dubious if dns queries would be sufficient alone.
 
stephshoneyonkik said:
how do i clear my tracks if i havent been using vpn? free vpns out there?
Click to expand...

The Internet does not forget.

If you have visited a site without using no anonymity overlay to protect yourself, then your ISP (Internet Service Provider) probably knows you visited the site. The site itself probably collects some personal identifying information when you connect, such as your IP address, username, email address...

Once your information is out there, there is no way to control who gets it or what is done with it, which is the reason why you must make damn sure no information leaks from you in the first place.

Regarding free VPNs, I am not going to recommend any third-party VPN provider because I don't know the market, but you may research the Tor network and Tails if you want to use an anonymity overlay.
 
erphy said:
Yea it’s not enough to nail you outright, but can be used as evidence to target you for an investigation. Worst case is they get a warrant to search your devices though it’s dubious if dns queries would be sufficient alone.
Click to expand...
pes said:
I do not know about other countries. But here they are required to hold onto the records for a certain number of years before deleting them.
So for example they will keep your DNS requests for 4 years. DNS is typically not encrypted unless you enabled it.
So if you visit zooville, your ISP will know you looked up this host name. The actual contents of what you did on the website is encrypted by https so that should not be visible to them.
Click to expand...


There's a "catch" you (or your lawyer, if it gets that far) can use as at least a partial defense - When you visit a site - *ANY SITE AT ALL*, regardless of whether it's the pureset, cleanest, G-rated-est site on the planet, or a site that serves up honest-to-god torture-snuiff-pedo porn, or anything you can imagine in between, you have *ABSOLUTELY NO CONTROL WHATSOEVER* what that site might trigger a DNS lookup for. Go to a cooking/recipes website, and you might, without ever knowing it, request lookups for anything from google's "urchin" (their stats/tracking/counting infestationware) server, or an image-hosting site for the picture of the nice fresh loaf of bread that the page displays, any number of ad servers, perhaps a server that hosts the code that puts a stock ticker across the top of the page you want to look at, any number of servers that ticker looks at to find out what the price of Ford stock is, some other site for the music that plays when you open the page, or pretty much anything else that you can imagine someone putting on a web page.

In other words, just because there's a record of a DNS lookup for "www.we-rape-four-year-olds-before-torturing-them-to-death-live-on-your-screen.xxx" on your machine is *NO* indication whatsoever that you've ever seen so much as a single pixel from a single frame of a kiddy-snuff movie - Just by virtue of how the internet works, it could be that your machine did indeed look up the address of the "evil" server - because something on the page you *WANTED* to see loaded something from who-can-even-guess-where as part of loading itself onto your machine in response to your request. That something may be operating on the same server as the kiddy-snuff site. Or it may in turn be asking a third server for a piece of the original "www.how-to-make-a-loaf-of-bread.com" page you wanted to see to begin with. And so on.

In short, it's not only possible, but *VERY* likely for your attempt to load "www.makechilifordinnertonight.com" or "www.paintmycar.net/prices" to spawn dozens, possibly hundreds, and in some extreme cases, maybe even THOUSANDS of DNS queries that you, the person sitting at the keyboard, have absolutely no idea about, have no clue they're happening at all, and since they produce *NO* detectable output on your screen, therefore you have no indication that such requests ever happened.

TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.
 
new_to_this_902jws said:
I use both because Im concerned my real IP address will leak if Tor goes down.
Click to expand...
Bad news: Using TOR and VPN together can (not "will", but can) trigger a couple of conditions that effectively destroys ALL protection from EITHER. VPN folks won't tell you this, but TOR folks will. I don't pretend to understand the "how" of it, but peopel I have reason to believe have said many times that VPN+TOR=serious (and easily exploited) potential for your supposedly "private" data to leak to even casual attackers. Against a government entity with (effectively) unlimited funding, using a VPN into TOR is slightly less secure than the screen door on your front porch - Yeah, it'll keep the flies and skeeters outside, but it ain't gonna do a damned thing to stop the rottie that decides to jump through it, or the crook who wants to rob you...
 
UR20Z said:
There's a "catch" you (or your lawyer, if it gets that far) can use as at least a partial defense - When you visit a site - *ANY SITE AT ALL*, regardless of whether it's the pureset, cleanest, G-rated-est site on the planet, or a site that serves up honest-to-god torture-snuiff-pedo porn, or anything you can imagine in between, you have *ABSOLUTELY NO CONTROL WHATSOEVER* what that site might trigger a DNS lookup for. Go to a cooking/recipes website, and you might, without ever knowing it, request lookups for anything from google's "urchin" (their stats/tracking/counting infestationware) server, or an image-hosting site for the picture of the nice fresh loaf of bread that the page displays, any number of ad servers, perhaps a server that hosts the code that puts a stock ticker across the top of the page you want to look at, any number of servers that ticker looks at to find out what the price of Ford stock is, some other site for the music that plays when you open the page, or pretty much anything else that you can imagine someone putting on a web page.

In other words, just because there's a record of a DNS lookup for "www.we-rape-four-year-olds-before-torturing-them-to-death-live-on-your-screen.xxx" on your machine is *NO* indication whatsoever that you've ever seen so much as a single pixel from a single frame of a kiddy-snuff movie - Just by virtue of how the internet works, it could be that your machine did indeed look up the address of the "evil" server - because something on the page you *WANTED* to see loaded something from who-can-even-guess-where as part of loading itself onto your machine in response to your request. That something may be operating on the same server as the kiddy-snuff site. Or it may in turn be asking a third server for a piece of the original "www.how-to-make-a-loaf-of-bread.com" page you wanted to see to begin with. And so on.

In short, it's not only possible, but *VERY* likely for your attempt to load "www.makechilifordinnertonight.com" or "www.paintmycar.net/prices" to spawn dozens, possibly hundreds, and in some extreme cases, maybe even THOUSANDS of DNS queries that you, the person sitting at the keyboard, have absolutely no idea about, have no clue they're happening at all, and since they produce *NO* detectable output on your screen, therefore you have no indication that such requests ever happened.

TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.
Click to expand...
All true I never thought about it that way being used as a defense. I suppose this is why they almost always catch people on posession or disseminating of illegal content. The DNS lookups and patterns of such are just little beacons that you MAY be visiting those sites. They may use that to add you to a list for further scrutiny and surveillance. The actual kill shot is a warrant for your devices and they find the content, or solid evidence that you uploaded content to someplace. Many times they use payment information, as in for pay services linked to you. Like you used your CC to purchase obvious access to illegal media.
 
UR20Z said:
Bad news: Using TOR and VPN together can (not "will", but can) trigger a couple of conditions that effectively destroys ALL protection from EITHER. VPN folks won't tell you this, but TOR folks will. I don't pretend to understand the "how" of it, but peopel I have reason to believe have said many times that VPN+TOR=serious (and easily exploited) potential for your supposedly "private" data to leak to even casual attackers. Against a government entity with (effectively) unlimited funding, using a VPN into TOR is slightly less secure than the screen door on your front porch - Yeah, it'll keep the flies and skeeters outside, but it ain't gonna do a damned thing to stop the rottie that decides to jump through it, or the crook who wants to rob you...
Click to expand...
VPN and TOR only hide your IP. IF they are really determined they will leverage other tracking tech like browser fingerprinting or browser exploits that make it give up your real IP. Usually involves tricking their target to visit another site that is loaded with a payload and tech to do so. Then they swoop in , grab your device, and prove that only your browser in all the world with its unique fingerprint visited the illegal site in question. Even so, there are a lot of defenses to use. For instance it is not illegal to talk about bestiality, or say how you like it , and how much you want to do it. AFAIK even viewing images of it isn't illegal in many places even with "crimes against nature" laws. What they really want to get people on is them creating the content and disseminating it, selling it, or soliciting for it usually for favors or money. It is the act of fucking the animal is that is the big whammy illegal in many places. This is why content security measures is imperative. The FAQ on this site covers a lot of the easy basic steps to take. Also ensure your personal library of content that you create, even if you don't share, is well hidden and protected (encrypted with plausible deniability measures) like Veracrypt offers. It has a feature to encrypt files with two passwords, one that actually decrypts your content, and another that you give under legal duress that just decrypts some innocent files. And they can't prove you gave the wrong key because everything is scrambled.
 
UR20Z said:
TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.
Click to expand...

I agree up to a point, but I have heard of cops doing very retarded shit when desperate. There was a case in which some Motorola radio equipment was stolen from a cop, and they asked Google for search queries regarding that radio model in the area - the idea being that if you steal a radio you are likely going to search for how much you can get for it. The mere idea that cops think that information would be useful at all tells you how they think. Any information provided by Google would be considered circumstantial evidence at court at best but cops don't care for such things.
 
You must log in or register to reply here.
Back
Top