Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
This comment I made about how hard/easy it is to find pseudonymous users online identities got me thinking about infosec.
So I spent the rest of the evening researching about OSINT tools and other methods to do bad things (This has the added benefit of implicitly letting you know how to not have bad things done to you, but knowing how to be safe won't necessarily teach you how to be dangerous).
I am not sure how feasible this is, but I checked some emails of people I know using https://haveibeenpwned.com/ and it tells you which databreach the email password combination was found in. So isn't all that remains to acquire the breached data hoping they don't use 2FA? Or am I missing something?
Anyways, back on the topic of infosec/osint, what are you favorite tools that you totally use for security reasons? I am interested in knowing any clever techniques you have heard being used or used yourself as well for/against all things infosec.
I don't use any type of warez to cover myself (besides a VPN where good hygiene is advisable), due in part to sloth and also a lack of wherewithal. My justification for this is probably cope, but my layman's view is that, these days, unless you have a pretty comprehensive suite of software and are unrelentingly fastidious with your choice of hardware/setup, any government entity or motivated individual/group who wants to find you will.
As a result I try to keep myself clean with burner emails, use a new handle for every new platform (and password, which should go without saying. That said I know an embarrassing number of people who use the same pass for everything, up to and including using their ATM card's PIN for their phone) I find myself on and semi regularly (1-3 years) change up the primary screen names and PFPs I use. My last trick and the one I use the least because it discomfits me some is lying consistently about minor identifying details. The consistency of it is important as the purpose is to generate a false positive that'll show up in the kinds of datasets you were demonstrating in your previous post.
Gwern's incredible analysis on Death Note was the primary inspiration for these practices, not that I'm familiar with opsec/digital fingerprints or anywhere near important enough for someone to look for me. The idea is to just throw enough obstacles in the way that, contingent upon an amateur getting ants in the pants over my presence online, I have time to scrub what I can from the 'net (not much, in practice more than you think, so long as you aren't notorious or prolific, as you said). Then I can move my daily business over to a set of cutouts made a while back that I keep the credentials for in my safe.
I'm not anonymized from serious players but I can't play at that level anyway, so fuck it. If things get that far I'll have bigger fish to fry than that time my teenaged self wrote the n-word on a BBS for a kids show fifteen years ago. Would love it for someone with actual expertise in this field to chime in, maybe let me know how if my prophylactics are stupid or not.
I believe lying is quite effective, and there's no need to be consistent. On one of my longer-running Reddit alts, I've claimed to live in at least a dozen different cities, none of which I've ever actually been to. And made up a bunch of careers, family situations, hobbies, etc. Let any attacker read them all and try to guess which if any are real and which are fake. The bonus of being highly inconsistent is if you slip up once, there's no way for any attacker to know that that detail is real versus all the others.
More options
Context Copy link
I think just lying is the most effective and information theoretically robust infosec measure. I lie about minor details as well. Not egregious lies but shifting the months of events by a month or two, or claiming I went to neighboorhood X when I actually went to the identical neighboorhood 5 miles away from neighboorhood X. Dont do it much on the motte because I am confident anyone I will ever come across will not be on the Motte, but extremely useful when Im posting on my city subredit.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link