1. The Seventh Rule:
    Threads that have been dormant for 1 month are considered dead threads. IF you make a post to a dead thread, it must be a significant contribution; story update, new information on current events, new activity for games elsewhere, etc. Asking if a story or quest is dead or will be continued does not count.
    Brought to you by your oppressive neighborhood ⑨
    Dismiss Notice
  2. After some discussion backstage, I have altered Rule 2 a bit to clarify its function. Please check it out in the Rules post.
    Dismiss Notice
  3. After repeated requests and a backstage conversation, I will shortly be implementing an Index subforum in each of the Q&R forums and the NSFW CW forum. Our mods have agreed to do the dirty work of moving said threads, which will be done over the next day or three.
    Dismiss Notice
  4. Alerts on thread OP posting are now enabled.
    Dismiss Notice
  5. The server upgrade has been completed. As usual, any infelicities may be reported in the appropriate subforum.
    Dismiss Notice
  6. In light of the flood of reports concerning political posts and the repeat offenses of people arguing over the same subject for the last couple months, politics is now banned on QQ.

    See the post in the Announcements section for more details.

    Dismiss Notice
  7. In the wake of the recent Cloudflare information disclosure issues, we've been asked several times whether QQ might have been affected. QQ does not use Cloudflare in any capacity, and so is not affected by the Cloudflare bug. You may wish to take action regarding other Cloudflare-enabled sites you visit (in particular SV), but there is no problem regarding QQ.
    Dismiss Notice
  8. It is with sadness, that we have to announce the loss of a QQ member. Thunderbolt passed away in his sleep several days ago. We were informed of this loss by his wife using his account.

    Be respectful of his passing. Drop by this thread, if you want to say something nice.

    Dismiss Notice

Personal Information Security - Best practices to avoiding doxxing?

Discussion in 'Suggestions & Bugs' started by tehelgee, Apr 18, 2017.

  1. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    1,637
    Likes Received:
    3,256
    I got a message recently asking to start a thread on how best to reduce the potential to get doxxed.

    However, I'm no expert on the subject, not even a novice. My advice was simply not to put your personal info out there to be found in the first place, advice dating back to the 90s. The individual insisted on a proper thread, though, given the subject matter of this forum and the potential for it to end jobs if it got traced back.

    So, then, what tips and advice might be given to those concerned about getting doxxed?
     
    Snake/Eater likes this.
  2. UrsaTempest

    UrsaTempest Radical Yuri Maniac & Archivist

    Joined:
    May 16, 2013
    Messages:
    4,394
    Likes Received:
    8,558
    Keeping your internet footprint/history to minimum is always a good option, if not always the greatest/easiest. Keeping them separate from IRL identity works, too. Don't use email for your Facebook account for forum, etc.
     
    Snake/Eater likes this.
  3. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    What about software options?

    i don't know much except there is spyware programs and vpns, and that a antivirus program called mcAfree is bad to install on a computer.
     
  4. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    Software security (keeping your computer from being hacked or infected) is a separate topic from information control (keeping yourself from being doxxed). Related to the former, but still separate, are technological privacy measures such as VPNs.

    For the purposes of people here, whose greatest concern is that their online identity not be linked to their real one, the best single measure is simply to not talk about your real life online. There's a degree to which it's difficult to avoid leaking some things (time zone, for example), but every unnecessary piece of information divulged is another clue, one which you can't reliably take down once the Internet has it.

    Technological privacy measures, meanwhile, are more for those who are dealing with ISP- or government-level mass surveillance or censorship. There are other resources for this, and I'd generally guess QQ to be low-profile enough that it isn't really a target of such (though still vulnerable to indiscriminate collection schemes).
     
    Snake/Eater likes this.
  5. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    But what about idiotic but well meaning or malicious posters on QQ that are tech savvy?

    can't we share our knowkedge on what is the best kind of Specific security programs to install?
     
    Last edited: Apr 20, 2017
  6. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    1,637
    Likes Received:
    3,256
    There are no programs that prevent you from putting your personal info on the internet. There are no programs to install that prevent people from finding what you've put on the internet.

    The lesson here is that you control what you put on the internet, and you must take responsibility for what you've already put out there.

    There are ways to mitigate it, of course. Change bank accounts, move, change your name, etc. It just depends on how much hassle and effort you want to put into it.
     
    Valette-Serafina likes this.
  7. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    i don't think i've ever put out any personal info that would make it easier to my identity, but i have seen other posters that have made that mistake on different sites.

    at most, i could only be guilty of having outdated or minimal security knowledge.
     
    Last edited: Apr 20, 2017
  8. Biigoh

    Biigoh What is this? Moderator

    Joined:
    Feb 19, 2013
    Messages:
    13,420
    Likes Received:
    25,863
    The thing is, Snake/Eater... by the time anyone gets concerned about the security of their personal information on the internet, it's too late for such.
     
    Snake/Eater likes this.
  9. DuskAtDawn

    DuskAtDawn Of the Thousand Faces

    Joined:
    Nov 26, 2013
    Messages:
    988
    Likes Received:
    1,970
    While I occasionally post information that might lead to people IDing my RL info, I'm also a compulsive liar (not actually by choice.). For every time I say something about myself that's true, I lie about myself four, five times, often with contradictory information. Even when I am telling the truth about RL things, such as when I bitch about my job, I usually do so in deliberately misleading terms, or just outright change some stuff. On top of all that, frequently much of what I don't lie about sounds outlandish, because my life's just that damn wacky for some reason. So my advice is to avoid giving out your true information excepting when you also give a reason to doubt that it's actually true.

    This is the internet.You have the right to anonymity, but only if you don't waive it via stupidity. Or, uh, get on the wrong side of a sufficiently talented hacker. It's best not to put your information out there at all, but if you must, do it intelligently
     
    Shadow Wolf75 and Snake/Eater like this.
  10. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    here is a comparision chart i found on Vpns.
     
  11. Evillevi

    Evillevi Shadow Pika!

    Joined:
    May 16, 2014
    Messages:
    1,356
    Likes Received:
    1,752
    My opinion is don't talk about your work hours, Date of Birth, Place of Birth, the specifics of what you do, who you know and to always be as vague as possible if you use your life experience as justification for something else.
     
    Snake/Eater likes this.
  12. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    And avoid being a jackass on high noon with another jackass with hacking skills on high noon.
     
    Yurihime likes this.
  13. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    "Hacking skills" should never come into it. The only potential realization for that would be the QQ server itself, which, go ahead and try.

    Google and a lot of patience, on the other hand....
     
  14. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    Could a premium upgrade protect a poster's id?
     
  15. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    No. The one thing has nothing to do with the other thing.
     
  16. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    429
    Likes Received:
    745
    Opening a PM from someone else, can allow them to figure out your IP.
     
    Yurihime likes this.
  17. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    How so?

    If that's true, it's a security bug that I need to fix. <_<
     
    Valette-Serafina and Snake/Eater like this.
  18. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    429
    Likes Received:
    745
    It's not a bug, it is a misuse of an intended feature.

    You can embed images in PMs.You know those things called tracking gifs in emails? (a transparent 1 pixel gif) It works similarly.

    They can upload an image to a host that keeps a log of IPs that access it. They then embed the image in the PM and send it to 1 person only.


    This would work, but I have never heard of anyone doing this in practice. This just figures out the persons IP.
     
  19. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.
     
  20. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    429
    Likes Received:
    745
    Huh, I forgot about that.
     
  21. Dakkaface

    Dakkaface Magical Defender of Justice

    Joined:
    Feb 20, 2014
    Messages:
    1,104
    Likes Received:
    5,848
    You seem to be under a very mistaken impression of what doxxing generally is, what hacking is, and what you can do to avoid being doxxed.

    Doxxing is when someone manages to connect your real life and online identities. Being able to say 'XxUserGuyxX is John Smith from Anytown, Texas, USA. It can go deeper than that, finding family members, jobs, clubs, etc. Trolls can then take that info and use it to harrass that person, which is why doxxing is bad.

    Doxxing can be done via hacking. It generally isn't. If your email is breached and you have your real name set on it, or in any of the services you've used that email to sign up for, they've got your real name. If they manage to get access to your computer or cloud files, they might find your real name/address/identity info via tax returns or other documents. I stress - this is a rarity.

    Much more commonly, all the details to doxx someone are provided by that person. Someone just takes an extensive walk through your post history. A year ago you mentioned where you live. A year and a half ago you mentioned being at an event in a specific city. Two years ago you mentioned you lived by a military base. You've mentioned your job several times in debates. You mentioned the schools you went to five years ago. You brought up your race in a thread about identity politics last November. Your birthday is on your profile. These are all corroborating details that can be used to confirm your identity once you make a big slip.

    Big slips - maybe you mention an extremely niche event that had some minor publicity and had a public guest list. Maybe you let slip you work at niche job, one of those deals where the webpage has a convenient staff listing with images. Maybe don't scrub the EXIF data off of a phone image you post, and the GPS coordinates for your house are attached to it. Now someone takes that big slip and compares it against all the other data points. Does the owner of this house have a name that sounds like your race? Is that name on the rolls for the schools you mentioned? Which of these people has a birthday that matches?

    This is all stuff that's publicly available, the doxxer is just putting in the legwork to piece together the clues to your identity. And the more you use a particular identity, the longer you use it and more sites you use it on, the more data this sort or person has to work with to try and doxx you. It doesn't require any hacking, there's no special programs to use to prevent it, software doesn't help.

    If you want to practice information security and avoid being doxxed, don't talk about your life except in the broadest possible terms. Either don't make your birthday or other private info publicly available, don't enter it, or put in deliberately false values. When you sign up for new sites, use a new handle on each one. Don't reference the names of your accounts on other sites in discussion. Every year or two, ditch that account and make a new one, if the site allows.
     
    Valette-Serafina and Snake/Eater like this.
  22. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    1,637
    Likes Received:
    3,256
    Here's the thing I don't get. People are all gungho against doxxing, they rage and call it a massive crime, it ruins lives, etc etc. Those same people plug every aspect of their life into social media, put it all out there for someone to find. What did they expect was going to happen? People with grudges simply wouldn't follow the breadcrumb trail right to their doorstep?
     
    Evillevi and Snake/Eater like this.
  23. Snake/Eater

    Snake/Eater Myth Maker of the North

    Joined:
    Jan 11, 2015
    Messages:
    5,047
    Likes Received:
    5,264
    In my case it was ignorence, I got into the online community late in my life and was basically hitting every branch a noob goes through in a year.

    I didn't take it seriously and I figured the other people would get over it and go live their own lives.

    I was mistaken.
     
  24. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    429
    Likes Received:
    745
    I'm guessing hotlink rot was due to linking to stuff on imageboards like 4chan.
     
  25. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    Partly it was that, but images hosted on other servers would disappear for all kinds of reasons. Plus, it's somewhat impolite to hotlink to someone else's server without notifying them; QQ isn't high-traffic enough to break anyone's upload, probably, but bandwidth is still a limited resource. As they say, all interesting behaviors are overdetermined.
     
  26. TheNorthman

    TheNorthman Making the rounds.

    Joined:
    May 8, 2017
    Messages:
    48
    Likes Received:
    62
    1) Use a trustworthy proxy/vpn which is enough to stop most casual snooping by the local IT/ISP.

    2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

    3) Don't post anything true about yourself in RL.

    People (as a general rule) aren't good at critical thinking and like to talk about themselves.

    Its very easy to have a setup that keeps the average stalker/casual snooper from being able to bother you by using 1 identity per forum/media that isn't tied or associated with any other. Just it requires an extra 5 minutes and not talking about yourself IRL.

    People who don't like talking about themselves are much harder to doxx for that reason.

    I mean, I'm sure tehelgee can confirm I did those 3 things if he bothered to check :p
     
  27. Graypairofsocks

    Graypairofsocks THIS IS A TITLE!

    Joined:
    Jul 7, 2015
    Messages:
    429
    Likes Received:
    745
    Most forum sites block common VPNs, or proxies.
     
  28. TheNorthman

    TheNorthman Making the rounds.

    Joined:
    May 8, 2017
    Messages:
    48
    Likes Received:
    62
    Privacy does limit your options but once you lose it you never get it back.

    RL doesn't exactly allow people to Respawn like a video game does.
     
    Graypairofsocks likes this.
  29. tehelgee

    tehelgee The stern gaze of justice. Administrator

    Joined:
    Feb 12, 2013
    Messages:
    1,637
    Likes Received:
    3,256
    Actually, I recommend against that, simply due to password recovery. If you lose the login/password, you lose the account if you registered via disposable email.
     
  30. alethiophile

    alethiophile Shadowed Philosopher Administrator

    Joined:
    Apr 26, 2013
    Messages:
    1,938
    Likes Received:
    5,030
    If you don't care about the account that much, you can use Mailinator or another such superdisposable setup.

    It's getting harder to make secondary long-lasting email accounts, though; Google, Yahoo and so on now all want mobile numbers or similar traceable contact info before they'll let you set up an email. Of course, burners are an option, but it's another annoying step.