• Suddenly unable to log into your ZooVille account? This might be the reason why: CLICK HERE!

Online Security

This thread is really informative. Glad to see the tech gang has visited here. I use a free VPN atm and always use it when I acces this site and really the time in general.

My PC is very old though and I don't have enough space on the drive to update my OS anymore. Does this pose any risk to me here?
 
My PC is very old though and I don't have enough space on the drive to update my OS anymore. Does this pose any risk to me here?
Yes. It poses a risk from many different points. Update frequently fix security issues.

Considering you do not have space for update I guess windows. As on linux you would have other means of doing this. Such as backing up your home folder and installing a new distro from scratch.
But a windows machine with a 32GB EMMC is going to be landfill waste pretty much immediately.

Replace that trash with a xfce or lxde based linux distro asap. :D
 
Yes. It poses a risk from many different points. Update frequently fix security issues.

Considering you do not have space for update I guess windows. As on linux you would have other means of doing this. Such as backing up your home folder and installing a new distro from scratch.
But a windows machine with a 32GB EMMC is going to be landfill waste pretty much immediately.

Replace that trash with a xfce or lxde based linux distro asap. :D
Definitely plan to ditch this thing soon for something much more powerful (and with more space). Definitely doing Linux instead of Windows as well and if I ever need Windows for something gaming wise there's always virtual machines.
 
I read this topic and I am really suprised no one mentioned Privacy Guides (dot) org.

A lil history - there was a website PrivacyTools that recommended some tools for privacy and some knowledge-base information, but the owner disappered and didn't take care of it anymore. So the PrivacyTools community created PrivacyGuides. The website recommends software and tools that are privacy-friendly, zero-knowledge, open-source etc. Unlike other websites, the recommendations are based on discussions on forums and github about every single tool. It must met very strict criteria to be in the list and it's checked regulary if it's still keeps the privacy-policy, is still open-source and still updated. Sometimes tools might be de-listed if situation changes. For example Skiff email was de-listed after being bought be Notion.

I could also recommend Michael Bezzel, his podcast (no longer active, thou) blog and his book Extreme Privacy. It's an OSINT expert and he even was an advisor for the TV show Mr. Robot. But be careful - OSINT is a very deep tin-foil hat rabbit hole. Once you go to this parh, there is no way back.
 
  • Like
Reactions: pes
My PC is very old though and I don't have enough space on the drive to update my OS anymore. Does this pose any risk to me here?

Operating Systems that are left unmaintained for long are a bit dangerous. Usually, researchers discover and publish exploits against systems, with the hope that people will upgrade their machine immediately. If you don't upgrade in a timely manner, you may find yourself running an OS full of vulnerabilities for which the Internet is full of instructions to exploit.

In practice, you can make do upgrading only your Internet facing software (say, your web browser, email client and the like) and antimalware software. Those are the things more likely to interact with malicious sites, files and content directly.

I don't know if I have already recommended it, but I find Tails Linux good security-in-a-can solution for normal people. The idea is you instal Tails to a pen-drive. You can use it to boot your computer into Tails instead of your regular Operating System. Within Tails, you may browse the web, chat etc. and no fingerprint will be left on your main OS. Another advantage of Tails is that traffic is pushed into an anonymization multiproxy network by default (Tor). When you turn your computer off, all trace of your activities gets deleted and you may boot your regular OS as usual as if nothing had happened.
 
Why Discord is the poorest choice for illegal chat:

And:
Discord records and keeps everything you post. You can see for yourself by filling out a data subject request with them. They will return a packet of data showing your entire chat history etc. I would not trust discord for anything but playing video games and innocent chat.

It does not run through TOR either.
 
how do i clear my tracks if i havent been using vpn? free vpns out there?
Wipe your local history on your device. Start using a vpn they are cheap. I use Mullvad purchased with crypto. Some also use Tor as another layer. I use mullvad on my pc and phone . Then I use privacy browsers that don’t keep history by design. Firefox Focus on mobile and Librewolf on pc.

Edit : as others said any info your ISP has is out of your control.
 
Edit : as others said any info your ISP has is out of your control.
I do not know about other countries. But here they are required to hold onto the records for a certain number of years before deleting them.
So for example they will keep your DNS requests for 4 years. DNS is typically not encrypted unless you enabled it.
So if you visit zooville, your ISP will know you looked up this host name. The actual contents of what you did on the website is encrypted by https so that should not be visible to them.
 
I do not know about other countries. But here they are required to hold onto the records for a certain number of years before deleting them.
So for example they will keep your DNS requests for 4 years. DNS is typically not encrypted unless you enabled it.
So if you visit zooville, your ISP will know you looked up this host name. The actual contents of what you did on the website is encrypted by https so that should not be visible to them.
Yea it’s not enough to nail you outright, but can be used as evidence to target you for an investigation. Worst case is they get a warrant to search your devices though it’s dubious if dns queries would be sufficient alone.
 
how do i clear my tracks if i havent been using vpn? free vpns out there?

The Internet does not forget.

If you have visited a site without using no anonymity overlay to protect yourself, then your ISP (Internet Service Provider) probably knows you visited the site. The site itself probably collects some personal identifying information when you connect, such as your IP address, username, email address...

Once your information is out there, there is no way to control who gets it or what is done with it, which is the reason why you must make damn sure no information leaks from you in the first place.

Regarding free VPNs, I am not going to recommend any third-party VPN provider because I don't know the market, but you may research the Tor network and Tails if you want to use an anonymity overlay.
 
Yea it’s not enough to nail you outright, but can be used as evidence to target you for an investigation. Worst case is they get a warrant to search your devices though it’s dubious if dns queries would be sufficient alone.
I do not know about other countries. But here they are required to hold onto the records for a certain number of years before deleting them.
So for example they will keep your DNS requests for 4 years. DNS is typically not encrypted unless you enabled it.
So if you visit zooville, your ISP will know you looked up this host name. The actual contents of what you did on the website is encrypted by https so that should not be visible to them.


There's a "catch" you (or your lawyer, if it gets that far) can use as at least a partial defense - When you visit a site - *ANY SITE AT ALL*, regardless of whether it's the pureset, cleanest, G-rated-est site on the planet, or a site that serves up honest-to-god torture-snuiff-pedo porn, or anything you can imagine in between, you have *ABSOLUTELY NO CONTROL WHATSOEVER* what that site might trigger a DNS lookup for. Go to a cooking/recipes website, and you might, without ever knowing it, request lookups for anything from google's "urchin" (their stats/tracking/counting infestationware) server, or an image-hosting site for the picture of the nice fresh loaf of bread that the page displays, any number of ad servers, perhaps a server that hosts the code that puts a stock ticker across the top of the page you want to look at, any number of servers that ticker looks at to find out what the price of Ford stock is, some other site for the music that plays when you open the page, or pretty much anything else that you can imagine someone putting on a web page.

In other words, just because there's a record of a DNS lookup for "www.we-rape-four-year-olds-before-torturing-them-to-death-live-on-your-screen.xxx" on your machine is *NO* indication whatsoever that you've ever seen so much as a single pixel from a single frame of a kiddy-snuff movie - Just by virtue of how the internet works, it could be that your machine did indeed look up the address of the "evil" server - because something on the page you *WANTED* to see loaded something from who-can-even-guess-where as part of loading itself onto your machine in response to your request. That something may be operating on the same server as the kiddy-snuff site. Or it may in turn be asking a third server for a piece of the original "www.how-to-make-a-loaf-of-bread.com" page you wanted to see to begin with. And so on.

In short, it's not only possible, but *VERY* likely for your attempt to load "www.makechilifordinnertonight.com" or "www.paintmycar.net/prices" to spawn dozens, possibly hundreds, and in some extreme cases, maybe even THOUSANDS of DNS queries that you, the person sitting at the keyboard, have absolutely no idea about, have no clue they're happening at all, and since they produce *NO* detectable output on your screen, therefore you have no indication that such requests ever happened.

TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.
 
I use both because Im concerned my real IP address will leak if Tor goes down.
Bad news: Using TOR and VPN together can (not "will", but can) trigger a couple of conditions that effectively destroys ALL protection from EITHER. VPN folks won't tell you this, but TOR folks will. I don't pretend to understand the "how" of it, but peopel I have reason to believe have said many times that VPN+TOR=serious (and easily exploited) potential for your supposedly "private" data to leak to even casual attackers. Against a government entity with (effectively) unlimited funding, using a VPN into TOR is slightly less secure than the screen door on your front porch - Yeah, it'll keep the flies and skeeters outside, but it ain't gonna do a damned thing to stop the rottie that decides to jump through it, or the crook who wants to rob you...
 
There's a "catch" you (or your lawyer, if it gets that far) can use as at least a partial defense - When you visit a site - *ANY SITE AT ALL*, regardless of whether it's the pureset, cleanest, G-rated-est site on the planet, or a site that serves up honest-to-god torture-snuiff-pedo porn, or anything you can imagine in between, you have *ABSOLUTELY NO CONTROL WHATSOEVER* what that site might trigger a DNS lookup for. Go to a cooking/recipes website, and you might, without ever knowing it, request lookups for anything from google's "urchin" (their stats/tracking/counting infestationware) server, or an image-hosting site for the picture of the nice fresh loaf of bread that the page displays, any number of ad servers, perhaps a server that hosts the code that puts a stock ticker across the top of the page you want to look at, any number of servers that ticker looks at to find out what the price of Ford stock is, some other site for the music that plays when you open the page, or pretty much anything else that you can imagine someone putting on a web page.

In other words, just because there's a record of a DNS lookup for "www.we-rape-four-year-olds-before-torturing-them-to-death-live-on-your-screen.xxx" on your machine is *NO* indication whatsoever that you've ever seen so much as a single pixel from a single frame of a kiddy-snuff movie - Just by virtue of how the internet works, it could be that your machine did indeed look up the address of the "evil" server - because something on the page you *WANTED* to see loaded something from who-can-even-guess-where as part of loading itself onto your machine in response to your request. That something may be operating on the same server as the kiddy-snuff site. Or it may in turn be asking a third server for a piece of the original "www.how-to-make-a-loaf-of-bread.com" page you wanted to see to begin with. And so on.

In short, it's not only possible, but *VERY* likely for your attempt to load "www.makechilifordinnertonight.com" or "www.paintmycar.net/prices" to spawn dozens, possibly hundreds, and in some extreme cases, maybe even THOUSANDS of DNS queries that you, the person sitting at the keyboard, have absolutely no idea about, have no clue they're happening at all, and since they produce *NO* detectable output on your screen, therefore you have no indication that such requests ever happened.

TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.
All true I never thought about it that way being used as a defense. I suppose this is why they almost always catch people on posession or disseminating of illegal content. The DNS lookups and patterns of such are just little beacons that you MAY be visiting those sites. They may use that to add you to a list for further scrutiny and surveillance. The actual kill shot is a warrant for your devices and they find the content, or solid evidence that you uploaded content to someplace. Many times they use payment information, as in for pay services linked to you. Like you used your CC to purchase obvious access to illegal media.
 
Bad news: Using TOR and VPN together can (not "will", but can) trigger a couple of conditions that effectively destroys ALL protection from EITHER. VPN folks won't tell you this, but TOR folks will. I don't pretend to understand the "how" of it, but peopel I have reason to believe have said many times that VPN+TOR=serious (and easily exploited) potential for your supposedly "private" data to leak to even casual attackers. Against a government entity with (effectively) unlimited funding, using a VPN into TOR is slightly less secure than the screen door on your front porch - Yeah, it'll keep the flies and skeeters outside, but it ain't gonna do a damned thing to stop the rottie that decides to jump through it, or the crook who wants to rob you...
VPN and TOR only hide your IP. IF they are really determined they will leverage other tracking tech like browser fingerprinting or browser exploits that make it give up your real IP. Usually involves tricking their target to visit another site that is loaded with a payload and tech to do so. Then they swoop in , grab your device, and prove that only your browser in all the world with its unique fingerprint visited the illegal site in question. Even so, there are a lot of defenses to use. For instance it is not illegal to talk about bestiality, or say how you like it , and how much you want to do it. AFAIK even viewing images of it isn't illegal in many places even with "crimes against nature" laws. What they really want to get people on is them creating the content and disseminating it, selling it, or soliciting for it usually for favors or money. It is the act of fucking the animal is that is the big whammy illegal in many places. This is why content security measures is imperative. The FAQ on this site covers a lot of the easy basic steps to take. Also ensure your personal library of content that you create, even if you don't share, is well hidden and protected (encrypted with plausible deniability measures) like Veracrypt offers. It has a feature to encrypt files with two passwords, one that actually decrypts your content, and another that you give under legal duress that just decrypts some innocent files. And they can't prove you gave the wrong key because everything is scrambled.
 
TL;DNR:
While DNS lookups CAN leave tracks, the reality (to anyone who has even the most basic understanding of how TCP/IP (AKA "The Internet") and HTTP/HTTPS (AKA "The Web") works) is that, although it's rarely encrypted, almost nobody except the most desperate will even TRY to make the case that because a DNS lookup for "www.howtomurderyourneighbor.com" exists on your machine, you're guilty of killing your next door neighbor. Or at least, they won't make such an attempt without a metric fuck-ton of other evidence - evidence that would likely be way more than enough to get a warrant/make an arrest even without the DNS info.

I agree up to a point, but I have heard of cops doing very retarded shit when desperate. There was a case in which some Motorola radio equipment was stolen from a cop, and they asked Google for search queries regarding that radio model in the area - the idea being that if you steal a radio you are likely going to search for how much you can get for it. The mere idea that cops think that information would be useful at all tells you how they think. Any information provided by Google would be considered circumstantial evidence at court at best but cops don't care for such things.
 
Is Duck Duck Go a decent level of security?
I mean... it's part of a decent security strategy. You don't want to rely on any one thing to protect yourself. Multi-layer security is the key. Non-logging VPN, non-tracking search engine, privacy-focused browser... those are must-haves. Me, I kinda go overboard... I do all my questionable activities within a Linux virtual machine, because I do not trust any non-open-source operating system to not report back to the mother-ship, and it's pretty easy to nuke a virtual machine, since the virtual hard drive is just another file on your system... delete the file, empty Recycle Bin, and wipe the free space on the HD. Then again, what I do for a living... I kinda know some of the tricks of the trade ;)
 
Also if you carry contents on your mobile device, please have a lock on it, no matter how inconvenient it may be. So many have gotten into legal issues because of it.
 
Back
Top