Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
This comment I made about how hard/easy it is to find pseudonymous users online identities got me thinking about infosec.
So I spent the rest of the evening researching about OSINT tools and other methods to do bad things (This has the added benefit of implicitly letting you know how to not have bad things done to you, but knowing how to be safe won't necessarily teach you how to be dangerous).
I am not sure how feasible this is, but I checked some emails of people I know using https://haveibeenpwned.com/ and it tells you which databreach the email password combination was found in. So isn't all that remains to acquire the breached data hoping they don't use 2FA? Or am I missing something?
Anyways, back on the topic of infosec/osint, what are you favorite tools that you totally use for security reasons? I am interested in knowing any clever techniques you have heard being used or used yourself as well for/against all things infosec.
I have been tracked down a few times actually – though all instances but the one mentioned in the last thread have taken place before I started to pay any real attention to privacy. Virtually all of those people who have succeeded became my friends, at least for a while. Guess I was more likable back then. One of them was a fledgling teenage hacker who later started working for FSB in basically the same capacity, and knows a lot about this stuff, but we haven't been in touch in a while.
I don't believe there are very clever things one can do to ensure anonymity. (Maybe LLM instances to populate correlated but misleading online identities? Style transfer? I'll use this as soon as possible though my style is... subjectively not really a writing style in the sense of some superficial gimmicks, more like the natural shape of my thought, and I can only reliably alter it by reducing complexity and quality, as opposed to any lateral change). @gattsuru gives decent advice but, aside from those technological attack surfaces, you should just understand the threat model and not share data that meaningfully narrows down one's identity. Speaking of elder gods, Terry Tao has written on this topic:
We've moved past compressed sensing, of course.
I wonder if this was a purely theoretical musing, a good-faith advice, or a hint that Fields laureates, too, have opinions to hide and shitposts to send. «On the internet, nobody knows you're a Tao».
Reminds me of that joke about a janitor who looked exactly like Vladimir Lenin. When someone from the Competent Organs suggested that it's kinda untoward, maybe he should at least shave his beard, the guy responded that of course he could shave the beard, but what to do with the towering intellect?
More options
Context Copy link
This is precisely why one should regularly nuke one's internet identity. Online handles are like underwear in this regard. Have multiple, switch them often, and don't use them past their expiration date.
This goes very much against common sentiment on basically all internet communities except for the chans. Mainly because the people who will have the largest sway over the community will be those who have built a reputation for themselves. We are thus amplifying the voices of the least OPSEC conscious.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link