As most of you know, you are never really anonymous on the internet. There are too many things that give you away. Your IP address for one gives away a lot of information about you and can lead to problems in your future if someone wants to wreak havoc on your computer.

Well lately, I have been a bit worried about being anonymous on what I do on the internet and I found Tor. You guys can check out my posting about it at Anonymous Browsing with Tor - Tetsujin's Blog (http://tetsujin.metamudcreations.com/index.php?/archives/65-Anonymous-Browsing-with-Tor.html)

So check that out, and tell me what you think about your security and identity on the internet!

Cameron

Since the German government lately decided to store user data harvested by the ISPs for half I year I started to think more about being anonymous/secure on the web (even more than before ;)). I also use TOR but IMO that`s only half the way to be on the safer side. Here`s what I`d like to add:

What most people don`t get is that being anonymous doesn`t mean a higher level of privacy. For example if you send mail unencrypted over TOR someone could still catch the traffic of any of the TOR exit nodes, where the traffic finally gets delivered unencrypted to its' destination, and therefore will be able to gather maybe private information. In fact this happened already, read more on that topic at http://www.derangedsecurity.com, this guy was able to gather passwords of embassies email accounts using this kind of technique (and no it`s no joke ;)).

So, whatever goes unencrypted over TOR will eventually be anonymous but not safe. There`s still the possibility of unwanted information leaks. To achieve anonymity and privacy you will have to encrypt your traffic too, using pgp/SSL/whatsoever wherever possible. TOR is not the final answer to being safe on the net.

just my 0.02$ ;)

Those are a great two cents. I think my next post will be about properly encrypting your transmissions and harddrive and data and the like.

Cameron

Since the German government lately decided to store user data harvested by the ISPs for half I year I started to think more about being anonymous/secure on the web (even more than before ;)). I also use TOR but IMO that`s only half the way to be on the safer side. Here`s what I`d like to add:

What most people don`t get is that being anonymous doesn`t mean a higher level of privacy. For example if you send mail unencrypted over TOR someone could still catch the traffic of any of the TOR exit nodes, where the traffic finally gets delivered unencrypted to its' destination, and therefore will be able to gather maybe private information. In fact this happened already, read more on that topic at http://www.derangedsecurity.com, this guy was able to gather passwords of embassies email accounts using this kind of technique (and no it`s no joke ;)).

So, whatever goes unencrypted over TOR will eventually be anonymous but not safe. There`s still the possibility of unwanted information leaks. To achieve anonymity and privacy you will have to encrypt your traffic too, using pgp/SSL/whatsoever wherever possible. TOR is not the final answer to being safe on the net.

just my 0.02$ ;)


I guess I'd be a little bit worried about sending people to this site since they admit to harvesting private information. If you go there, I'd clear the cookie immediately following.

I guess I'd be a little bit worried about sending people to this site since they admit to harvesting private information. If you go there, I'd clear the cookie immediately following.

I understand your concern but you have to read it to get the point. They didn`t publish/gather the passwords for fame/profit or to be cool or doing dangerous stuff with it but for bringing attention to an important security issue nobody cared about: read this for a better clarification (http://www.derangedsecurity.com/deranged-gives-you-100-passwords-to-governments-embassies/) - I don`t think they`re bad guys (which evil mind would make his cell phone number public on his about page?). Talking about cookies, personally I am more worried about my google cookie than of any other site I visit ;).

I understand your concern but you have to read it to get the point. They didn`t publish/gather the passwords for fame/profit or to be cool or doing dangerous stuff with it but for bringing attention to an important security issue nobody cared about: read this for a better clarification (http://www.derangedsecurity.com/deranged-gives-you-100-passwords-to-governments-embassies/) - I don`t think they`re bad guys (which evil mind would make his cell phone number public on his about page?). Talking about cookies, personally I am more worried about my google cookie than of any other site I visit ;).
Guess I'll pass on that link. I don't know how "good" a guy is who compromises someone else's privacy whether to prove a point or not. My privacy may be important to them, but I'm thinking its most important to me.

Guess I'll pass on that link. I don't know how "good" a guy is who compromises someone else's privacy whether to prove a point or not. My privacy may be important to them, but I'm thinking its most important to me.

Once more I understand your concern, but nowadays you can`t even tell what data is gathered by sites you consider trustworthy like amazon.com/icq.com you name it.

So, no problem, I quote it for you ;) (of course this is no attempt to convince you about those people being OK ;) - I just like to keep the discussion going ... I hope the forum admins are OK with that):


Here is a list with working passwords to exactly 100 email-accounts to Embassies and Governments around the world. Yes it’s the real deal and still working when we are posting this. So why in the world would anyone publish this kind of information? Because seriously, I’m not going to call the president of Iran and tell him that I got access to all their embassies. I’m DEranged, not suicidal! He has bombs and stuff…

Experience tells me that even if I would contact everyone on this list most are not going to listen or perhaps just blame me for being an evil hacker and that no one else would ever find this out. WTF does it take for people to learn!?

Can’t throw it away, it’s only a matter of time until someone else gets the same information. Or wait, does someone else have this already? For how long have they had it? What are they doing with it?

Selling it would probably make me a fair amount of money but that ain’t my style and I’m sure people have disappeared for less.

After trying every scenario in my head I end up dead, in jail or worse.

So fuck it! Here is everything you need to read classified email and fuck up some serious International business. Hopefully this will put light on the security problems that are never talked about and get at least this fixed with a speed that you never seen your government work before. As a Swedish citizen I can’t give this information to anyone without getting into trouble, so instead I’m giving it to everyone.

I would like to remind everyone that using ANY of this is a serious crime and I trust that nothing here will be used, ever! If you do anyway you are a fucker, idiot, moron, lamer, scriptkiddie, criminal and obviously don’t get the point of this publishing. Private and company accounts gathered are NOT published, we will NEVER put a threat on your company or personal life!

The thousands of classified mail we have read however are for our own pleasure only so MUST or any such organizations don’t even bother, they are GONE! Any raid of my place will only find you loads of beer and prove that you don’t get the point of DEranged. Swedish cops need more resources and not more job.

Now let’s see how many angry mails I will get before I get my free vacation to Guantanamo Bay paid by Mr. Bush.


You could still disable cookies or not visit this page - but it wouldn`t change much security wise - out of experience I can tell you that when I am online (I run my own firewall and intrusion detection system) my machine is scanned for open ports and weak points maybe every 10 to 30 seconds - and so is yours. But people with enough brain to cause serious damage with breaking into computer systems unnoticed don`t care about ones personal computers, they`re looking for bigger targets. You should be more worried about all those script kiddies out there who download and play around with click-and-run-malware don`t even knowing what they`re doing. What I am going to say is, as soon as you put your network cable into your computer and go online you`re on a battlefield, were big corporations try to spy out what products you like or not, were script kiddies play around with malware, were governments try to set up information control and the best and only working prevention to get around all this mess is to simply stay offline ;).

yep and this is why i have been thinking of getting a new computer for the home that is not connected to the internet. if i need other data i will have to use a usb drive to transfer or some other way. mostly because i actually use my microsoft money and have important documents on my computer and my parents use it for their business accounts information so having it on a unconnectable computer would be the best idea i think

i bet a lot of people already have that email info though anyways. obviously the reason why they didnt yell it out is because they didnt want the owners of the emails to know they are being spied on . oh well