site banner

Small-Scale Question Sunday for February 26, 2023

Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?

This is your opportunity to ask questions. No question too simple or too silly.

Culture war topics are accepted, and proposals for a better intro post are appreciated.

1
Jump in the discussion.

No email address required.

This comment I made about how hard/easy it is to find pseudonymous users online identities got me thinking about infosec.

So I spent the rest of the evening researching about OSINT tools and other methods to do bad things (This has the added benefit of implicitly letting you know how to not have bad things done to you, but knowing how to be safe won't necessarily teach you how to be dangerous).

I am not sure how feasible this is, but I checked some emails of people I know using https://haveibeenpwned.com/ and it tells you which databreach the email password combination was found in. So isn't all that remains to acquire the breached data hoping they don't use 2FA? Or am I missing something?

Anyways, back on the topic of infosec/osint, what are you favorite tools that you totally use for security reasons? I am interested in knowing any clever techniques you have heard being used or used yourself as well for/against all things infosec.

For what it's worth, I could probably dox 3-5 regular posters with overlap on here/reddit/twitter, given say a week or two's work. If you have read 70-90% of someone's comments over the years, you can build up quite a reasonable profile on someone. For example, if you have:

-Age range

-Industry (narrowed to a few places of work)

-Location

-Interests

-Social background (schools etc)

-Ethnicity/Religion

-Sex/gender/sexuality

And at least 2 of their social media accounts, how much harder could it be to dox someone from that, without even having to use data-breaches. If you were a PI I imagine you'd begin by trawling sites like Linkedin (probably the most useful due to the breadth of information and easy access) and quite quickly finding some obvious candidates. I've always assumed I'd be relatively easy to dox and I tend on the lurker side of reddit/blogposts/twitter.

I remember there being a website that would scrape your Reddit comments and catch all the little details you let slip about you. It would quite reliably guess your age, marital status, place of residence, etc.

Strong argument for salting your comments with the occasional absolute fabrication.