Search the Community

For those using Proton mail, it appears shut down today after suffering a DDOS attack. Tech Crunch reported on it: https://techcrunch.com/2018/06/27/protonmail-suffers-ddos-attack-that-takes-its-email-service-down-for-minutes/

Hey all, I go to great lengths to keep my hobby persona safe, but in a recent post I saw that there are others who don't have any safeguards in place. I'd also appreciate any tips anyone else has. Here's my setup: I use Veracrypt to create an encrypted container on my computer. In that encrypted container, I have installed Firefox portable. That way all of the tracks left by browsing are contained within Firefox portable and they don't leave the encrypted container. As an added bonus, because it's in its own little hidden box, I can use tools like LastPass to keep track of my passwords and stuff without it ever encroaching into my normal life. I also keep a text document or two and a spreadsheet in there of providers I would like to see or have seen with notes so I can remember why I want to visit them or why I would (or wouldn't) return. For my phone, I use Google Voice. I don't like it much. It can be flaky and Google isn't known for keeping data private. Because I'm an infrequent hobbyist, though, it's good enough for me. I have a burner but I don't use it because I usually don't hobby often enough to keep the minutes up to date. The browser on my Android phone is called Frost. It has a method in place to hide my private bookmarks and it removes all history when I exit the app. When I had an iPhone, there was an awesome app that had a hidden browser, notepad, and image collector built into it. I can't remember the name, though. What to y'all do to keep your data safe? I'm especially interested in how providers keep data safe. I'm often uncomfortable sharing info because I have no idea how it's treated once it has left my hands.

Was recently asked by a provider to send a face pic before she would confirm our appointment or provide an ETA. When I asked why, she said it was for her security so she would know who was coming. OK, ladies, first of all I understand how you feel about security. Meeting a new person feels incredibly risky because it is incredibly risky; law enforcement, Ted Bundy, some 18 year old who stole one of grandpa's Viagra - it could be anybody. But anyone with the IQ of a turnip knows that requesting a face pic does not provide any security whatsoever, does not tell you who is coming in any way whatsoever, and in fact is a request with no legitimate purpose that is logically defensible. Ted Bundy has a library of fake face pics that he's already Photoshopped to not show up on TinEye and that look juuuuust enough like him that the provider will open up the hotel or apartment room door without a second thought. Law enforcement probably has a better library than that. The good guys who will send you a legitimate picture are the guys from whom there is nothing to worry about. The bad guys who are coming over to steal your silverware and kidnap your pets are going to head-fake this "security" measure in two seconds. Meanwhile, sending a real face pic is a huge and obvious security risk for the hobbyist. These providers are asking us to enormously damage our security while doing nothing at all to enhance their own. On reflection, I think I know why some providers ask for this. It is because they want to have a race policy, but they don't want to admit it. They ask for the face pic, and if what they get is too brown they just kind of quietly stop answering messages. Non-response is pretty much the industry standard method for not confirming; this lets them be racist without looking racist.

There's several way to protect your anonymity while hobbying. 1- Protection from SO / family / friends: - Simple and enough in 99% of the case, unless your gf is a sysadmin a- Internet: Use Chrome or Firefox on "private browsing" to visit the web. Do not save files, pictures & password or bookmark. Once you close your browser, there will be absolutely no trace on your computer about what you surfed. Nothing will be saved on YOUR hard drive. The site you visited will still have a trace of your visit through IP. This is safe enough for your SO / family / friend. None will serve your ISP to track your web history. b- Handle & password: create a new identity, don't be lazy! And the password should be unique...Do not use your hotmail password, it is estimated than over 20% of Microsoft logins services are "public" #justsaying. c- Twitter: turn off geo location… d- Phone: Pre-paid cell and public phone are your friends! e- Email: Set up a Tormail account or a low volume email provider. There's tons of them f- Skype is a big NO NO! It's now owned by Microsoft and the privacy is gone in a big way. 2- Protection for paranoid people VPN + Tor. If you don't know what it is, you probably don't need it. Now about LE intercepting communication. This is a long video, but worth it, lot of infos, statistics. Mostly about ISP, but also about Sprint, AT&T... The best 50mn you'll spend to learn about security.

Let me start this with a little cautionary tale. In Chicago in 2001 a new board spung un that had all kinds of features for hobbyists inluding a private Senior member board with a very good review database and a chat function that allowed hobbyists to communicate directly. The reviews were very useful and and kept private from normal users and providers. Everything was going well until it came out that the board owner was running a string of top providers (ASPs in TOB parlance), it also turned out that one of the most exclusive and influential providers in the City was his half sister. Another huge problem was that this guy had access to all users passwords and e-mail addresses on the board. Armed with this information the owner did some fishing and was able to gain access to several hobbyist's e-mail accounts because they used the same password for their VIP account that they used on their e-mail account. The worst part was that with this access the owner was able to send out e-mail from these hobbyists as well as read all their e-mail. Who they saw, where people were meeting what the rates were, etc. I am in no way suggesting that such a thing Could or would happen at TOB but it taught me some things about how serious password security is. My advice to all is: 1. Catagorize your online accounts. Personal financial, bank and credit cards. Online order accounts. Amazon and ebay, etc. Email accounts etc. 2. If you have a large number of acounts it isn't practical or always possible to have and remember different paswords for everythng. 3. Create seperate secure passwords for groups. 4. A super secretr and strong passsword for finacials, another for board memberships, another for online purchase accounts, a different one for e-mail accounts, etc. 5. Create strong passwords for everything, a strong password will have 8 characters minimum and contain characters from 3 of these 4 groups, lower case leters, uppercase letters, numbers and special characters. 6. Avoid common words or your name and birtrhdays. Jsanders1 is strong but not a good choice if your name is John Sandes. I like to use mashed up words, mneuminics and things with random dates. Ch!c4g0I would be gold and it's easy for me to remember chicagoil, D3n5erCO would be good for denver and JS0512tob or js0512TOB would also be OK. When using dates, choose something other than your birthday. Another might be ATF_Kate100. 7. given enough time and flaws in a security system meant to provide convenience, any password can be hacked given enough tries and time. Just don't make it easy. 8. Change your group passwords every 6 months. Pick passwords you can remember so you don't have to write them down. My advice, for what it's worth.