• Suddenly unable to log into your ZooVille account? This might be the reason why: CLICK HERE!

Online Security

Does anyone know how private are the Two-Step authentication apps? I prefer them instead of having a code sent to my email every time, but I don't know if they keep track for what we use their apps
 
GENERAL POSTING

1. Do not use an identifiable avatar. This includes faces, tattoos, fursuits (especially if they are not yours)

2. Review every picture, every video you post multiple times. Look for identifiable things; houses, barns, unique saddles, collars with or without tags, pictures, furniture, mail, packages, collectibles, mirrors or anything can reflect your face or body, absolutely anything that can be used as identification.

3. If you have a unique pet, be very, very careful. If you have posted normal pictures anywhere, like facebook, twitter, ect., do not post him here or anywhere zoo themed. Even if you delete the social media pics, it's too late. ( Familiarize yourself with Reverse Image Search, what it is, and how it can be used against you )

4. Be careful with the information you post. Anyone with enough patience can piece together little things through pictures, descriptions, email addresses, anything to pinpoint who you are.

5. Use an email that is not attached to anything. Do not use real name, and do not setup a password recovery phone number or alternate email. Make yourself an absolute stand alone free email account and do not use it for anything else but zoo. Not even furry or fursuit related sites or accounts.




ONLINE SECURITY

1. Public IP addresses can be used to track your general location. We Recommend a VPN service like Nord VPN to mask your IP. ALWAYS USE VPN!

2. Use Strong Passwords on your ZooVille Account.

3. Whatsapp and Discord are NOT recommended services for private off-site chat. They have been known to be leaked and report info on users.

4. Telegram and Signal are considered safe in of themselves, however always used a VPN when logging onto telegram and also be wary of phishing for your IP address with external HTML links. This has been used before to catch users NOT using VPN on telegram or Signal.

5. Public telegram links to group chats are allowed here on zooville if you own a group (see site rules), however be aware that bestiality is illegal in many countries. Law enforcement can phish users out into private chats is a common way to trace and doxx your identity. TRUST and RESPONSIBILITY is on your hands for whomever private chats you join.
I use incognito modes for these sorts
 
I use incognito modes for these sorts
All incognito mode does it prevent the browser from storing cookies locally and deletes your browser history from your computer when you close the window. While a good practice it provides no protection from people tracking your IP address and your ISP from seeing what you're doing
 
All incognito mode does it prevent the browser from storing cookies locally and deletes your browser history from your computer when you close the window. While a good practice it provides no protection from people tracking your IP address and your ISP from seeing what you're doing
I use incognito with a special browser. Not just a standard browser lmao.
 
Does anyone know how private are the Two-Step authentication apps? I prefer them instead of having a code sent to my email every time, but I don't know if they keep track for what we use their apps
Without a code-review it's hard to say for certain, but the ones like Google Authenticator and various other RSA token generators use standard methods of derriving a shared secret from an initial starting point (defined when you set up the 2FA). Without going into the weeds, the server and client (you) can use that initial setup and feed it through crptographic functions so they can both calculate a code and use that to verify independently without the client or server applications communicating directly. There's typically no need for network access to generate the code, there are even little keychain gadgets that can do it.


For the truly paranoid, it's possible to run most of the common vpns over tor...just expect it to be very, very slow; I've done it for amusement and I can see some very obscure corner cases where it could be useful, but it's not practical or useful in general.

Use a virtual machine with tor and javascript disabled.
For advanced users, if you setup your firewall rules to deny all non-tor traffic except the bits necessary to setup tor and redirect all non-tor traffic through tor as a transparent proxy you can use non-tor aware applications with tor relatively safely. Due to some protocols embedding IP information in packets, I don't recommend doing so with a computer having a public IP though. You can do the same with vpns too, but in both cases you need a firm grasp of IP and be very familiar with your firewall of choice.
This allows you to get around the problems of javascript and other methods bypassing proxy settings. This is, admittedly, likely more effort than most are going to want or need.
 
Last edited by a moderator:
Tor Browser is the safest available method. It is built on Firefox ESR and highly customized to protect you in ways a standard browser can't. But web browsers all have flaws, so it's still possible to find and exploit those flaws to escape the browser to the host operating system and reveal who you are. The way to mitigate that possibility is to increase the security level in Tor Browser from 'Standard' to 'Safer' or 'Safest' and try to put up with websites being kind of messed up. It varies from site to site.

If you're really concerned about that kind of intrusion, you have to run Tor Browser in a disposable environment like TAILS or Qubes-whonix. TAILS is easy, Qubes is hard. Try TAILS sometime if you haven't, it's pretty nice.

It's more nuanced than that. Combining Tor with a VPN hurts performance, offers little to no extra protection, and is only useful in rare circumstances. There are two combinations. The "X" marks a connection that is outside the Tor network and not protected by Tor:


(You) <---> (VPN) <---> (Tor) <-x-> (Website)

In this case, the VPN provider is not able to read your Tor traffic. Your connection to Tor is highly resistant to man-in-the-middle attacks. This is one of Tor's most important features because it enables you to use internet connections you don't trust.

Maybe do this if your local network is blocking Tor traffic but not VPN connections, and only after trying to connect to Tor directly with an unpublished Tor Bridge first.

Maybe do this if you're unable to turn off WebRTC without breaking a website you want to use. Certain functions in WebRTC can leak your real IP, so in that case a VPN could offer a little bit of protection. This only applies other browsers you are connecting to Tor by proxy, which you should never do unless absolutely forced, and to Tor Browsers on iOS which all have to use Apple's Safari browser underneath.


(You) <---> (Tor) <-x-> (VPN) <-x-> (Website)

In this case, the VPN provider is able to read your Tor traffic, because it has already left the Tor network. However, the VPN will only see that it is traffic coming from a Tor exit node, and the VPN will know who you are because you subscribed to them. Some VPNs like Mullvad allow anonymous signup and payment. The content of your traffic could reveal enough personal information for others to deanonymize you.

Doing this is a bad idea and the need for it is very rare. Basically it's a way to hide the fact you're using Tor from a website that blanket blocks connections from Tor exit nodes, since exit nodes are well known. However you lose some anonymity because your traffic is more unique and interesting. To an outside observer, you are no longer a Tor user with traffic coming from a Tor exit node like all the others, you're a VPN user with regular traffic on one side and Tor traffic on the other. That's not great.

In either case you are creating nested TCP connections, which can be very finicky and slow.

?
This is the most clear explanation I've read. Thank you for posting this!
 
GENERAL POSTING

1. Do not use an identifiable avatar. This includes faces, tattoos, fursuits (especially if they are not yours)

2. Review every picture, every video you post multiple times. Look for identifiable things; houses, barns, unique saddles, collars with or without tags, pictures, furniture, mail, packages, collectibles, mirrors or anything can reflect your face or body, absolutely anything that can be used as identification.

3. If you have a unique pet, be very, very careful. If you have posted normal pictures anywhere, like facebook, twitter, ect., do not post him here or anywhere zoo themed. Even if you delete the social media pics, it's too late. ( Familiarize yourself with Reverse Image Search, what it is, and how it can be used against you )

4. Be careful with the information you post. Anyone with enough patience can piece together little things through pictures, descriptions, email addresses, anything to pinpoint who you are.

5. Use an email that is not attached to anything. Do not use real name, and do not setup a password recovery phone number or alternate email. Make yourself an absolute stand alone free email account and do not use it for anything else but zoo. Not even furry or fursuit related sites or accounts.




ONLINE SECURITY

1. Public IP addresses can be used to track your general location. We Recommend a VPN service like Nord VPN to mask your IP. ALWAYS USE VPN!

2. Use Strong Passwords on your ZooVille Account.

3. Whatsapp and Discord are NOT recommended services for private off-site chat. They have been known to be leaked and report info on users.

4. Telegram and Signal are considered safe in of themselves, however always used a VPN when logging onto telegram and also be wary of phishing for your IP address with external HTML links. This has been used before to catch users NOT using VPN on telegram or Signal.

5. Public telegram links to group chats are allowed here on zooville if you own a group (see site rules), however be aware that bestiality is illegal in many countries. Law enforcement can phish users out into private chats is a common way to trace and doxx your identity. TRUST and RESPONSIBILITY is on your hands for whomever private chats you join.
Thanks for the info!
 
In certain states it's illegal to discuss or advocate for bestiality/zoophilia I live in one of those.?

Don't suppose you can name it and/or cite the law as that seems like it would be a complete violation of one's constitutional rights.
 
Hi,
If you make a post with a picture, can you edit/remove it after it's been posted? A little nervous to make my first post, that's all. Thank you.
 
Hi,
If you make a post with a picture, can you edit/remove it after it's been posted? A little nervous to make my first post, that's all. Thank you.
Lower tier users have a limited time to remove old messages. Ask a mod to remove it for you by reporting your own post for example.
 
Loving all of this information, I'm pretty new at all of this....that said, did anyone else have issues with Proton shutting down your email because of "potential policy violation"? I'm not too worried since I don't think I'll need password recovery anytime soon, but I do find it odd
 
Before I became savvy about online security I visited some zoo sites for about a month without any VPN or software to anonymize my activity. I noticed that I started to receive frequent robocalls on my cell phone, probably at least five per day at the exact time I visited the sites without a VPN. I had never had frequent robocalls before. What organization do you think is the source of the robocalls? Law enforcement? Maybe it's the ISP selling my info to third party sources which then gets made available to predatory robocall scammers. Anyone have any input? It makes me sound a little paranoid but I swear this happened and I think it would quickly happen again if I stopped using my VPN.
 
Loving all of this information, I'm pretty new at all of this....that said, did anyone else have issues with Proton shutting down your email because of "potential policy violation"? I'm not too worried since I don't think I'll need password recovery anytime soon, but I do find it odd

I have not and communicate with others who's accounts appear to be functioning as expected. Don't know what policy violation you're suspected of, but anonymous != unreadable. If you're doing things that are against policy and want to persist at such, might I recommend encrypting your communications (a-la pgp) so the provider has no idea what you are communicating? Alternatively, if Proton is concerned, perhaps reexamine what you're doing and ask yourself if maybe it's you that's gone astray? Don't know the details (and I'm not asking) so not judging, just offering an answer and some commentary that some might find useful.
 
Before I became savvy about online security I visited some zoo sites for about a month without any VPN or software to anonymize my activity. I noticed that I started to receive frequent robocalls on my cell phone, probably at least five per day at the exact time I visited the sites without a VPN. I had never had frequent robocalls before. What organization do you think is the source of the robocalls? Law enforcement? Maybe it's the ISP selling my info to third party sources which then gets made available to predatory robocall scammers. Anyone have any input? It makes me sound a little paranoid but I swear this happened and I think it would quickly happen again if I stopped using my VPN.

Likely an unrelated event, the usual term is "post hoc egro propter hoc", or "post hoc" for short, it's a logical fallacy that two events which are close together in time seem related, but are not. Not saying they aren't, but most robocalls are spam/scam and there's no reason for a gov to tip their hand if they were interested in you.
 
Well I may try to login for a few days to zoo sites without a VPN then a few days with VPN and record the number of robocalls. Logical fallacy or not I have enough experience with statistics to compare the values and determine if there is likely a difference between VPN vs. no VPN.
 
Well I may try to login for a few days to zoo sites without a VPN then a few days with VPN and record the number of robocalls. Logical fallacy or not I have enough experience with statistics to compare the values and determine if there is likely a difference between VPN vs. no VPN.
I suggest you just login to a ‘normal’ site to measure. No need to get your IP caught.
 
I have not and communicate with others who's accounts appear to be functioning as expected. Don't know what policy violation you're suspected of, but anonymous != unreadable. If you're doing things that are against policy and want to persist at such, might I recommend encrypting your communications (a-la pgp) so the provider has no idea what you are communicating? Alternatively, if Proton is concerned, perhaps reexamine what you're doing and ask yourself if maybe it's you that's gone astray? Don't know the details (and I'm not asking) so not judging, just offering an answer and some commentary that some might find useful.
It happened immediately after I registered here, I hadn't used it for anything else. I'm not too worried about it, I was just curious if anyone else had come across a similar happening
 
Always use a vpn, made a blunder and joined telegram, other users you accept can see your mobile number ?
 
Most of the mainstream VPN services are snitches and also corporate with feds, you want to use a VPN service that allows you to pay in crypto preferably in XMR
Mulvad VPN is the best
If you are on windows please atleast use ccleaner lol
Consider using tails, qubes, whonix or even fucking Linux for an OS as windows is garbage for opsec
Proxies are also better than a VPN
Use protonmail for email addresses
I like to use tails OS with a USB boot load
 
Last edited:
Back
Top