1. Due to issues with external spam filters, QQ is currently unable to send any mail to Microsoft E-mail addresses. This includes any account at live.com, hotmail.com or msn.com. Signing up to the forum with one of these addresses will result in your verification E-mail never arriving. For best results, please use a different E-mail provider for your QQ address.
    Dismiss Notice
  2. For prospective new members, a word of warning: don't use common names like Dennis, Simon, or Kenny if you decide to create an account. Spammers have used them all before you and gotten those names flagged in the anti-spam databases. Your account registration will be rejected because of it.
    Dismiss Notice
  3. Since it has happened MULTIPLE times now, I want to be very clear about this. You do not get to abandon an account and create a new one. You do not get to pass an account to someone else and create a new one. If you do so anyway, you will be banned for creating sockpuppets.
    Dismiss Notice
  4. If you wish to change your username, please ask via conversation to tehelgee instead of asking via my profile. I'd like to not clutter it up with such requests.
    Dismiss Notice
  5. Due to the actions of particularly persistent spammers and trolls, we will be banning disposable email addresses from today onward.
    Dismiss Notice
  6. A note about the current Ukraine situation: Discussion of it is still prohibited as per Rule 8
    Dismiss Notice
  7. The rules regarding NSFW links have been updated. See here for details.
    Dismiss Notice
  8. The testbed for the QQ XF2 transition is now publicly available. Please see more information here.
    Dismiss Notice

Personal Information Security - Best practices to avoiding doxxing?

Discussion in 'Suggestions & Bugs' started by tehelgee, Apr 18, 2017.

  1. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    2,910
    Likes Received:
    12,688
    I got a message recently asking to start a thread on how best to reduce the potential to get doxxed.

    However, I'm no expert on the subject, not even a novice. My advice was simply not to put your personal info out there to be found in the first place, advice dating back to the 90s. The individual insisted on a proper thread, though, given the subject matter of this forum and the potential for it to end jobs if it got traced back.

    So, then, what tips and advice might be given to those concerned about getting doxxed?
     
    Ddmkm122 and Snake/Eater like this.
  2. UrsaTempest

    UrsaTempest Yuri Fanatic, Archivist

    Joined:
    May 16, 2013
    Messages:
    5,677
    Likes Received:
    14,540
    Keeping your internet footprint/history to minimum is always a good option, if not always the greatest/easiest. Keeping them separate from IRL identity works, too. Don't use email for your Facebook account for forum, etc.
     
    Ddmkm122 and Snake/Eater like this.
  3. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    What about software options?

    i don't know much except there is spyware programs and vpns, and that a antivirus program called mcAfree is bad to install on a computer.
     
    Ddmkm122 likes this.
  4. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    Software security (keeping your computer from being hacked or infected) is a separate topic from information control (keeping yourself from being doxxed). Related to the former, but still separate, are technological privacy measures such as VPNs.

    For the purposes of people here, whose greatest concern is that their online identity not be linked to their real one, the best single measure is simply to not talk about your real life online. There's a degree to which it's difficult to avoid leaking some things (time zone, for example), but every unnecessary piece of information divulged is another clue, one which you can't reliably take down once the Internet has it.

    Technological privacy measures, meanwhile, are more for those who are dealing with ISP- or government-level mass surveillance or censorship. There are other resources for this, and I'd generally guess QQ to be low-profile enough that it isn't really a target of such (though still vulnerable to indiscriminate collection schemes).
     
    Ddmkm122 and Snake/Eater like this.
  5. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    But what about idiotic but well meaning or malicious posters on QQ that are tech savvy?

    can't we share our knowkedge on what is the best kind of Specific security programs to install?
     
    Last edited: Apr 20, 2017
    Ddmkm122 likes this.
  6. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    2,910
    Likes Received:
    12,688
    There are no programs that prevent you from putting your personal info on the internet. There are no programs to install that prevent people from finding what you've put on the internet.

    The lesson here is that you control what you put on the internet, and you must take responsibility for what you've already put out there.

    There are ways to mitigate it, of course. Change bank accounts, move, change your name, etc. It just depends on how much hassle and effort you want to put into it.
     
    Ddmkm122 and Valette-Serafina like this.
  7. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    i don't think i've ever put out any personal info that would make it easier to my identity, but i have seen other posters that have made that mistake on different sites.

    at most, i could only be guilty of having outdated or minimal security knowledge.
     
    Last edited: Apr 20, 2017
    Ddmkm122 likes this.
  8. Biigoh

    Biigoh Primordial Tanuki Moderator

    Joined:
    Feb 19, 2013
    Messages:
    28,443
    Likes Received:
    111,703
    The thing is, Snake/Eater... by the time anyone gets concerned about the security of their personal information on the internet, it's too late for such.
     
    Ddmkm122 and Snake/Eater like this.
  9. DuskAtDawn

    DuskAtDawn Of the Thousand Faces

    Joined:
    Nov 26, 2013
    Messages:
    2,425
    Likes Received:
    11,983
    While I occasionally post information that might lead to people IDing my RL info, I'm also a compulsive liar (not actually by choice.). For every time I say something about myself that's true, I lie about myself four, five times, often with contradictory information. Even when I am telling the truth about RL things, such as when I bitch about my job, I usually do so in deliberately misleading terms, or just outright change some stuff. On top of all that, frequently much of what I don't lie about sounds outlandish, because my life's just that damn wacky for some reason. So my advice is to avoid giving out your true information excepting when you also give a reason to doubt that it's actually true.

    This is the internet.You have the right to anonymity, but only if you don't waive it via stupidity. Or, uh, get on the wrong side of a sufficiently talented hacker. It's best not to put your information out there at all, but if you must, do it intelligently
     
  10. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    here is a comparision chart i found on Vpns.
     
    Ddmkm122 likes this.
  11. Evillevi

    Evillevi Shadow Pika!

    Joined:
    May 16, 2014
    Messages:
    4,769
    Likes Received:
    10,443
    My opinion is don't talk about your work hours, Date of Birth, Place of Birth, the specifics of what you do, who you know and to always be as vague as possible if you use your life experience as justification for something else.
     
    Ddmkm122 and Snake/Eater like this.
  12. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    And avoid being a jackass on high noon with another jackass with hacking skills on high noon.
     
    Ddmkm122 and Yurihime like this.
  13. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    "Hacking skills" should never come into it. The only potential realization for that would be the QQ server itself, which, go ahead and try.

    Google and a lot of patience, on the other hand....
     
    Ddmkm122 likes this.
  14. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    Could a premium upgrade protect a poster's id?
     
    Ddmkm122 likes this.
  15. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    No. The one thing has nothing to do with the other thing.
     
    Ddmkm122 likes this.
  16. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    430
    Likes Received:
    925
    Opening a PM from someone else, can allow them to figure out your IP.
     
    Ddmkm122 and Yurihime like this.
  17. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    How so?

    If that's true, it's a security bug that I need to fix. <_<
     
  18. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    430
    Likes Received:
    925
    It's not a bug, it is a misuse of an intended feature.

    You can embed images in PMs.You know those things called tracking gifs in emails? (a transparent 1 pixel gif) It works similarly.

    They can upload an image to a host that keeps a log of IPs that access it. They then embed the image in the PM and send it to 1 person only.


    This would work, but I have never heard of anyone doing this in practice. This just figures out the persons IP.
     
    Ddmkm122 likes this.
  19. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.
     
  20. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    430
    Likes Received:
    925
    Huh, I forgot about that.
     
    Ddmkm122 likes this.
  21. Dakkaface

    Dakkaface Magical Defender of Justice

    Joined:
    Feb 20, 2014
    Messages:
    2,396
    Likes Received:
    19,249
    You seem to be under a very mistaken impression of what doxxing generally is, what hacking is, and what you can do to avoid being doxxed.

    Doxxing is when someone manages to connect your real life and online identities. Being able to say 'XxUserGuyxX is John Smith from Anytown, Texas, USA. It can go deeper than that, finding family members, jobs, clubs, etc. Trolls can then take that info and use it to harrass that person, which is why doxxing is bad.

    Doxxing can be done via hacking. It generally isn't. If your email is breached and you have your real name set on it, or in any of the services you've used that email to sign up for, they've got your real name. If they manage to get access to your computer or cloud files, they might find your real name/address/identity info via tax returns or other documents. I stress - this is a rarity.

    Much more commonly, all the details to doxx someone are provided by that person. Someone just takes an extensive walk through your post history. A year ago you mentioned where you live. A year and a half ago you mentioned being at an event in a specific city. Two years ago you mentioned you lived by a military base. You've mentioned your job several times in debates. You mentioned the schools you went to five years ago. You brought up your race in a thread about identity politics last November. Your birthday is on your profile. These are all corroborating details that can be used to confirm your identity once you make a big slip.

    Big slips - maybe you mention an extremely niche event that had some minor publicity and had a public guest list. Maybe you let slip you work at niche job, one of those deals where the webpage has a convenient staff listing with images. Maybe don't scrub the EXIF data off of a phone image you post, and the GPS coordinates for your house are attached to it. Now someone takes that big slip and compares it against all the other data points. Does the owner of this house have a name that sounds like your race? Is that name on the rolls for the schools you mentioned? Which of these people has a birthday that matches?

    This is all stuff that's publicly available, the doxxer is just putting in the legwork to piece together the clues to your identity. And the more you use a particular identity, the longer you use it and more sites you use it on, the more data this sort or person has to work with to try and doxx you. It doesn't require any hacking, there's no special programs to use to prevent it, software doesn't help.

    If you want to practice information security and avoid being doxxed, don't talk about your life except in the broadest possible terms. Either don't make your birthday or other private info publicly available, don't enter it, or put in deliberately false values. When you sign up for new sites, use a new handle on each one. Don't reference the names of your accounts on other sites in discussion. Every year or two, ditch that account and make a new one, if the site allows.
     
  22. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    2,910
    Likes Received:
    12,688
    Here's the thing I don't get. People are all gungho against doxxing, they rage and call it a massive crime, it ruins lives, etc etc. Those same people plug every aspect of their life into social media, put it all out there for someone to find. What did they expect was going to happen? People with grudges simply wouldn't follow the breadcrumb trail right to their doorstep?
     
    Ddmkm122, Evillevi and Snake/Eater like this.
  23. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    6,421
    Likes Received:
    7,507
    In my case it was ignorence, I got into the online community late in my life and was basically hitting every branch a noob goes through in a year.

    I didn't take it seriously and I figured the other people would get over it and go live their own lives.

    I was mistaken.
     
    Ddmkm122 likes this.
  24. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    430
    Likes Received:
    925
    I'm guessing hotlink rot was due to linking to stuff on imageboards like 4chan.
     
    Ddmkm122 likes this.
  25. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    Partly it was that, but images hosted on other servers would disappear for all kinds of reasons. Plus, it's somewhat impolite to hotlink to someone else's server without notifying them; QQ isn't high-traffic enough to break anyone's upload, probably, but bandwidth is still a limited resource. As they say, all interesting behaviors are overdetermined.
     
    Ddmkm122 likes this.
  26. TheNorthman

    TheNorthman Making the rounds.

    Joined:
    May 8, 2017
    Messages:
    48
    Likes Received:
    98
    1) Use a trustworthy proxy/vpn which is enough to stop most casual snooping by the local IT/ISP.

    2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

    3) Don't post anything true about yourself in RL.

    People (as a general rule) aren't good at critical thinking and like to talk about themselves.

    Its very easy to have a setup that keeps the average stalker/casual snooper from being able to bother you by using 1 identity per forum/media that isn't tied or associated with any other. Just it requires an extra 5 minutes and not talking about yourself IRL.

    People who don't like talking about themselves are much harder to doxx for that reason.

    I mean, I'm sure tehelgee can confirm I did those 3 things if he bothered to check :p
     
    Ddmkm122 likes this.
  27. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    430
    Likes Received:
    925
    Most forum sites block common VPNs, or proxies.
     
    Ddmkm122 likes this.
  28. TheNorthman

    TheNorthman Making the rounds.

    Joined:
    May 8, 2017
    Messages:
    48
    Likes Received:
    98
    Privacy does limit your options but once you lose it you never get it back.

    RL doesn't exactly allow people to Respawn like a video game does.
     
    Ddmkm122 and Graypairofsocks like this.
  29. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    2,910
    Likes Received:
    12,688
    Actually, I recommend against that, simply due to password recovery. If you lose the login/password, you lose the account if you registered via disposable email.
     
    Ddmkm122 likes this.
  30. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    7,569
    Likes Received:
    52,857
    If you don't care about the account that much, you can use Mailinator or another such superdisposable setup.

    It's getting harder to make secondary long-lasting email accounts, though; Google, Yahoo and so on now all want mobile numbers or similar traceable contact info before they'll let you set up an email. Of course, burners are an option, but it's another annoying step.
     
    Ddmkm122 likes this.