Online Security
- Thread starter Oldman
- Start date
ribbityrabbit
Lurker
Related to the topic of "not using personal information," if I wanted to make a telegram account or something similar which requires a phone number, what are some options of not using my own phone number? I've read about some virtual phone number services, but they seem to still require a legit phone number to use? I am considering just getting a cheap prepaid phone, but I could even use some advice on that if anyone has experience? Does it matter where I buy a burner from? Can a cheap prepaid be tracked back to me very easily?
Using a second system in a VM does not do much for you unless you also take some more precautions.
1. If you are saving any data on that VM, they stay saved inside the VM image file (the virtual disk) which means that if anyone gets access to this file and knows how to use it, they can get the data.
You could turn on disk encryption in the Ubuntu or use something like Tails linux that does not save any data permanently. If you are not doing this, all you are achieving is making it a little more difficult to get your browsing history for maybe your wife/husband not anyone determined to get there.
2. If you are not using TOR or a VPN (if you trust the vpn
) the VM system is connecting to the internet using your host system's network and sending the data there. Therefore, your ISP knows which sites you access. For example DNS name resolution protocol is by default not encrypted, your domain name queries are sent in plain text making it trivially simple for your ISP to know that a system using your IP is looking for zooville...Tor urls have to be accessed with the tor browser. Normal links can be accessed with regular browsers. Tor sites are entirely contained within the tor hidden services network and when you access them, you are not using a tor exit node which makes the connection more secure.
Go watch some youtube videos about the safety of VPNs on youtube.
It boils down to:
1. A VPN is a money making company that is by no means going to stand up for you if you get in trouble.
2. They say they do not keep logs but you have absolutely no way of verifying it is true.
3. A VPN provider knows it will likely be used by people for shady stuff, so it is an easy target or and easy honeypot.
4. By using a VPN all you are doing is shifting your trust from your ISP provider to your VPN provider.
Non TOR websites are accessed using exit nodes. Basically your connection goes through several internal tor nodes where each node adds an encryption layer and does not know the whole route. In the case of a normal website the last node is an exit node which finally sends the request to the clear normal net. So it is still safer to use than not using tor. The website sees the IP of the exit node, not your IP. On top of that following the request back through the tor route is difficult making it hard to find out who made it.
It is not impossible though and (usually governments) periodically attempt to compromise tor nodes and try to deanonymize users. But it should still take more effort since tor is an open source decentralized network than getting access to a VPN that you can simply sue.
The tor browser also does many other things to protect you from fingerprinting where websites may try to track users based on a combination of unique data like you display resolution, user agent, os version, hardware, rendering capabilities and javascript...
It all depends on what is your threat model. If it is your family/partner, using tails and keeping stuff encrypted is enough. Take a look at VeraCrypt.
If it is your ISP, you need a VPN/TOR.
If it is the government, you need to shoot your modem.
Last edited:
MypupandI69
Citizen of Zooville
Im currently running Nord with duckduckgo browser generally I think im pretty safe. should I upgrade?
Beyonder2099
Tourist
Tor will give u more protection than a VPN for sure also use an encrypted email service as well like proton mail
Well, you can register with only protonmail, so that's already covered.
I hope this isn’t a dumb question, but I’ve been using my device (IPhone) on the private safari browser and I stay off of the WiFi. I didn’t think to get a VPN as it is legal to view in my location. Does anyone have any recommendations such as; do I need a new phone to pretext my privacy, etc. I feel dumb for not thinking, any help is much appreciated as I’m new to this.
Private browsing window/tab (if that is what private safari is) only hides the content from someone else who has access to your device by not saving history. It does not hide anything from the ISP or VPN and it most likely still caches images you download so even the device is not entirely clean.
Try running some deleted photo recovery app if that is available on iphones. You might be surprised.
Not sure what the staying off wifi does for you. You are using an internet connection that is connected to your name anyway.
You gave up your privacy by using a plain connection on your phone. A new phone is not going to change that if you continue using it the same way.
In my opinion a phone is inherently an unsafe device as you have very little ways of controlling what the device does and where and for how long it stores files. A phone is the first device that will be confiscated from you and it is only as strong as you password. If you are using a fingerprint, it is almost useless, if you are using face id, it is insecure by design. If you are using a 6 digit pin, it is only going to take about a week to crack it and it can be done automatically.
Zoo porn might be legal to view in your country now, might stop being legal next year.
Also you should find out what could be considered as not legal, sharing your experience might be considered written porn for example.
Try running some deleted photo recovery app if that is available on iphones.
You might be surprised.Not sure what the staying off wifi does for you. You are using an internet connection that is connected to your name anyway.
You gave up your privacy by using a plain connection on your phone.
A new phone is not going to change that if you continue using it the same way. In my opinion a phone is inherently an unsafe device as you have very little ways of controlling what the device does and where and for how long it stores files. A phone is the first device that will be confiscated from you and it is only as strong as you password. If you are using a fingerprint, it is almost useless, if you are using face id, it is insecure by design. If you are using a 6 digit pin, it is only going to take about a week to crack it and it can be done automatically.
Zoo porn might be legal to view in your country now, might stop being legal next year.
Also you should find out what could be considered as not legal, sharing your experience might be considered written porn for example.
Isaacthefox
Tourist
NordVPN will now comply with law enforcement data requests
NordVPN is still a no-logs VPN but it will comply with court orders
This might be of note to most people here.
More and more VPN providers cucking out to the government these days.
Personally I've cancelled and refunded my plan.
Hello all,
I think there's great information in this thread maybe above the heads of some however there are two things that haven't been mentioned that I see that are far more accessible to the general public than geolocating IP addresses that haven't been put behind a VPN or more.
1. AI searching.
Image searching using artificial intelligence is a fast growing and very powerful tool. It is mostly available to the public, those in LE have access to much more powerful systems. It goes without saying that the tips in the beginning of this thread regarding no identifiable anything in your pictures should not be taken lightly.
Currently facial AI image searching is available for anybody to use it's databases and data sets are growing daily. While most people are smart enough to not have their faces in pictures publicly available AI will be extending far further than just facial searching.
They're already is a tattoo AI search which is only available for LE at the moment but that won't last long.
Voice patterns, furniture and room layouts color schemes you name it AI will be taking all of these things into it's searching capabilities. This isn't 30 years away 20 years away more like over the next 5 to 10 years AI searching going to grow in leaps and bounds and people better be careful.
Unlike traditional reverse image searching which is looking for basic patterns AI can use facial structure, iris details, dental features and this will extend far far further even down to somebody's fingertips. I'm not fear mongering just be aware of the future and the power of AI.
2. Open source intelligence, or OSINT, is the collection and analysis of information that is gathered from public, or open, sources.
OSINT includes all publicly accessible sources of information. This information can be found either online or offline: The Internet, which includes the following and more: forums, blogs, social networking sites, video-sharing sites like YouTube.com, wikis, Whois records of registered domain names, metadata and digital files, dark web resources, geolocation data, IP addresses, people search engines, and anything that can be found online. Traditional mass media (e.g., television, radio, newspapers, books, magazines)
I copied the above from Reddit, link at the bottom. The osint community and it's tools and resources is growing rapidly. Most people have never heard of this what most people know about doing searches for people reverse image searches, People finder type search sites are just but a small bit of the tools and assets used for osint.
If you're really interested in what tools are accessible to the public and how powerful this ever expanding tool sets are the link is a good place to start.
People really need to take heed to the tips in the first part of this thread. And for the love of God people need to stop using stupid passwords and usernames like knottygurl1 or k9couple69. It's amazing how many are found on leaked database sites.
Anyway, I'd be less worried about using Tor and use common sense. Assuming you don't live in a country where they hunt down zoos LE have better things to do. So set up a room hang some white sheets around like a photo studio cover all your tattoos put makeup on your moles on your hands and use a different shade of lipstick and remove your nose ring. Cuz it's those little things that AI will match against a photo you posted on Facebook 10 years ago.
I think there's great information in this thread maybe above the heads of some however there are two things that haven't been mentioned that I see that are far more accessible to the general public than geolocating IP addresses that haven't been put behind a VPN or more.
1. AI searching.
Image searching using artificial intelligence is a fast growing and very powerful tool. It is mostly available to the public, those in LE have access to much more powerful systems. It goes without saying that the tips in the beginning of this thread regarding no identifiable anything in your pictures should not be taken lightly.
Currently facial AI image searching is available for anybody to use it's databases and data sets are growing daily. While most people are smart enough to not have their faces in pictures publicly available AI will be extending far further than just facial searching.
They're already is a tattoo AI search which is only available for LE at the moment but that won't last long.
Voice patterns, furniture and room layouts color schemes you name it AI will be taking all of these things into it's searching capabilities. This isn't 30 years away 20 years away more like over the next 5 to 10 years AI searching going to grow in leaps and bounds and people better be careful.
Unlike traditional reverse image searching which is looking for basic patterns AI can use facial structure, iris details, dental features and this will extend far far further even down to somebody's fingertips. I'm not fear mongering just be aware of the future and the power of AI.
2. Open source intelligence, or OSINT, is the collection and analysis of information that is gathered from public, or open, sources.
OSINT includes all publicly accessible sources of information. This information can be found either online or offline: The Internet, which includes the following and more: forums, blogs, social networking sites, video-sharing sites like YouTube.com, wikis, Whois records of registered domain names, metadata and digital files, dark web resources, geolocation data, IP addresses, people search engines, and anything that can be found online. Traditional mass media (e.g., television, radio, newspapers, books, magazines)
I copied the above from Reddit, link at the bottom. The osint community and it's tools and resources is growing rapidly. Most people have never heard of this what most people know about doing searches for people reverse image searches, People finder type search sites are just but a small bit of the tools and assets used for osint.
If you're really interested in what tools are accessible to the public and how powerful this ever expanding tool sets are the link is a good place to start.
People really need to take heed to the tips in the first part of this thread. And for the love of God people need to stop using stupid passwords and usernames like knottygurl1 or k9couple69. It's amazing how many are found on leaked database sites.
Anyway, I'd be less worried about using Tor and use common sense. Assuming you don't live in a country where they hunt down zoos LE have better things to do. So set up a room hang some white sheets around like a photo studio cover all your tattoos put makeup on your moles on your hands and use a different shade of lipstick and remove your nose ring. Cuz it's those little things that AI will match against a photo you posted on Facebook 10 years ago.
NordVPN will now comply with law enforcement data requests
NordVPN is still a no-logs VPN but it will comply with court orderswww.techradar.com
This might be of note to most people here.
More and more VPN providers cucking out to the government these days.
Personally I've cancelled and refunded my plan.
Proton vpn
ForsakenGod197666
Tourist
I am waiting for Nord to run out to pick up Proton, I grabbed Nord because I wasn't going to sketchy sites and just liked the idea of the protection, that Pornhub isn't like Hey, Single STDS in {insert town here}! and such, But Since I have started to use this site more, I do think Switching to Proton would be good.
knotthegirlnextdoor
Tourist
Thanks for bringing this to my attention! I've used Nord for years and had no idea this was happening. I'll be switching ASAP, most likely to Proton.NordVPN will now comply with law enforcement data requests
NordVPN is still a no-logs VPN but it will comply with court orders
This might be of note to most people here.
More and more VPN providers cucking out to the government these days.
Personally I've cancelled and refunded my plan.
I don't think anyone needs to go running from Nord, they're still no logs unless a court orders otherwise. In that event they really have nothing to hand over up to the point of the order which is posted on their "warrant canary" page for everyone to read.
When a vpn fully refuses to comply in any way then they'll have issues.
We're talking about bestiality here which isn't a national security threat nor is it espionage, human trafficking etc...
If you're really that worried use a rotating proxy service.
When a vpn fully refuses to comply in any way then they'll have issues.
We're talking about bestiality here which isn't a national security threat nor is it espionage, human trafficking etc...
If you're really that worried use a rotating proxy service.
That is what they say but honestly there is no way you can verify that.
To a pint that goes for every vpn however if you read this blog post
NordVPN’s no-logs policy aces test second time in a row
In late 2018, we ordered an industry-first independent assurance engagement to verify our no-logs claim. Here's how we ensure your privacy.
You will see that they have had PricewaterhouseCoopers conduct an assurance examination in 2018 and 2020. I'm sure they could fool them but they would get caught eventually. To many employees for one not to leak something and too many others not to find something out eventually. They don't hide what their policies are and if an audit by PricewaterhouseCoopers isn't enough then I don't know what to say.
I went to proton because they are in Switzerland and all traffic is run through their data centers which are not members of 14 eyes including Switzerland. There are some exceptions in Swiss law but they're again for serious national security matters. Not for interpol to arrest k9lovercouple.
Panama where Nord is based isn't part of 14 eyes either, I imagine they're quicker to kowtow to the US before the Swiss are.
Remember the Swiss are beyond private, can shut every road into their country by a flick of a switch. Preset explosives in mountian sides and bridges... Not to mention every citizen is armed, they have enough fallout shelters for 100% of their population and there are ground to air defense houses in pretty much every neighborhood.
They don't fuck around with their privacy or security.
I'm not suggesting using Nord just saying I don't think LE is sending official government orders for logs. use proton
If you're that worried use Tor and VPN.
If your email is in the zooville database hack that would be disconcerting if anything is.
Justalittleblue
Tourist
Thank you for this info!
K9kumsluts
Lurker
I've Downloaded pics and videos of a girl and her dog from Wikr... When you save a file from that, you can change the file name from let's say for example "me and my dog" to the file name 1234.... In doing so, does that actually change the file name if I were to share that picture again and or have it on my device or does the metadata remain?
Yes. You are changing the file name, the rest of the metadata remains.
This may include:
GPS
camera serial number
lens serial number
phone serial number
phone manufacturer and type
photographic settings
creation date
...
K9kumsluts
Lurker
This is the default behavior of pretty much any device anywhere.