• The site has now migrated to Xenforo 2. If you see any issues with the forum operation, please post them in the feedback thread.
  • Due to issues with external spam filters, QQ is currently unable to send any mail to Microsoft E-mail addresses. This includes any account at live.com, hotmail.com or msn.com. Signing up to the forum with one of these addresses will result in your verification E-mail never arriving. For best results, please use a different E-mail provider for your QQ address.
  • For prospective new members, a word of warning: don't use common names like Dennis, Simon, or Kenny if you decide to create an account. Spammers have used them all before you and gotten those names flagged in the anti-spam databases. Your account registration will be rejected because of it.
  • Since it has happened MULTIPLE times now, I want to be very clear about this. You do not get to abandon an account and create a new one. You do not get to pass an account to someone else and create a new one. If you do so anyway, you will be banned for creating sockpuppets.
  • Due to the actions of particularly persistent spammers and trolls, we will be banning disposable email addresses from today onward.
  • The rules regarding NSFW links have been updated. See here for details.

Personal Information Security - Best practices to avoiding doxxing?

tehelgee

The stern gaze of justice.
Administrator
Joined
Feb 12, 2013
Messages
2,910
Likes received
12,796
I got a message recently asking to start a thread on how best to reduce the potential to get doxxed.

However, I'm no expert on the subject, not even a novice. My advice was simply not to put your personal info out there to be found in the first place, advice dating back to the 90s. The individual insisted on a proper thread, though, given the subject matter of this forum and the potential for it to end jobs if it got traced back.

So, then, what tips and advice might be given to those concerned about getting doxxed?
 
Keeping your internet footprint/history to minimum is always a good option, if not always the greatest/easiest. Keeping them separate from IRL identity works, too. Don't use email for your Facebook account for forum, etc.
 
What about software options?

i don't know much except there is spyware programs and vpns, and that a antivirus program called mcAfree is bad to install on a computer.
 
Software security (keeping your computer from being hacked or infected) is a separate topic from information control (keeping yourself from being doxxed). Related to the former, but still separate, are technological privacy measures such as VPNs.

For the purposes of people here, whose greatest concern is that their online identity not be linked to their real one, the best single measure is simply to not talk about your real life online. There's a degree to which it's difficult to avoid leaking some things (time zone, for example), but every unnecessary piece of information divulged is another clue, one which you can't reliably take down once the Internet has it.

Technological privacy measures, meanwhile, are more for those who are dealing with ISP- or government-level mass surveillance or censorship. There are other resources for this, and I'd generally guess QQ to be low-profile enough that it isn't really a target of such (though still vulnerable to indiscriminate collection schemes).
 
But what about idiotic but well meaning or malicious posters on QQ that are tech savvy?

can't we share our knowkedge on what is the best kind of Specific security programs to install?
 
Last edited:
can't we share our knowkedge on what is the best kind of Specific security programs to install?

There are no programs that prevent you from putting your personal info on the internet. There are no programs to install that prevent people from finding what you've put on the internet.

The lesson here is that you control what you put on the internet, and you must take responsibility for what you've already put out there.

There are ways to mitigate it, of course. Change bank accounts, move, change your name, etc. It just depends on how much hassle and effort you want to put into it.
 
There are no programs that prevent you from putting your personal info on the internet. There are no programs to install that prevent people from finding what you've put on the internet.
i don't think i've ever put out any personal info that would make it easier to my identity, but i have seen other posters that have made that mistake on different sites.

at most, i could only be guilty of having outdated or minimal security knowledge.
 
Last edited:
While I occasionally post information that might lead to people IDing my RL info, I'm also a compulsive liar (not actually by choice.). For every time I say something about myself that's true, I lie about myself four, five times, often with contradictory information. Even when I am telling the truth about RL things, such as when I bitch about my job, I usually do so in deliberately misleading terms, or just outright change some stuff. On top of all that, frequently much of what I don't lie about sounds outlandish, because my life's just that damn wacky for some reason. So my advice is to avoid giving out your true information excepting when you also give a reason to doubt that it's actually true.

This is the internet.You have the right to anonymity, but only if you don't waive it via stupidity. Or, uh, get on the wrong side of a sufficiently talented hacker. It's best not to put your information out there at all, but if you must, do it intelligently
 
My opinion is don't talk about your work hours, Date of Birth, Place of Birth, the specifics of what you do, who you know and to always be as vague as possible if you use your life experience as justification for something else.
 
"Hacking skills" should never come into it. The only potential realization for that would be the QQ server itself, which, go ahead and try.

Google and a lot of patience, on the other hand....
 
I got a message recently asking to start a thread on how best to reduce the potential to get doxxed.

However, I'm no expert on the subject, not even a novice. My advice was simply not to put your personal info out there to be found in the first place, advice dating back to the 90s. The individual insisted on a proper thread, though, given the subject matter of this forum and the potential for it to end jobs if it got traced back.

So, then, what tips and advice might be given to those concerned about getting doxxed?

Opening a PM from someone else, can allow them to figure out your IP.
 
How so?

If that's true, it's a security bug that I need to fix. <_<

It's not a bug, it is a misuse of an intended feature.

You can embed images in PMs.You know those things called tracking gifs in emails? (a transparent 1 pixel gif) It works similarly.

They can upload an image to a host that keeps a log of IPs that access it. They then embed the image in the PM and send it to 1 person only.


This would work, but I have never heard of anyone doing this in practice. This just figures out the persons IP.
 
It's not a bug, it is a misuse of an intended feature.

You can embed images in PMs.You know those things called tracking gifs in emails? (a transparent 1 pixel gif) It works similarly.

They can upload an image to a host that keeps a log of IPs that access it. They then embed the image in the PM and send it to 1 person only.


This would work, but I have never heard of anyone doing this in practice. This just figures out the persons IP.
Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.
 
Could a premium upgrade protect a poster's id?
You seem to be under a very mistaken impression of what doxxing generally is, what hacking is, and what you can do to avoid being doxxed.

Doxxing is when someone manages to connect your real life and online identities. Being able to say 'XxUserGuyxX is John Smith from Anytown, Texas, USA. It can go deeper than that, finding family members, jobs, clubs, etc. Trolls can then take that info and use it to harrass that person, which is why doxxing is bad.

Doxxing can be done via hacking. It generally isn't. If your email is breached and you have your real name set on it, or in any of the services you've used that email to sign up for, they've got your real name. If they manage to get access to your computer or cloud files, they might find your real name/address/identity info via tax returns or other documents. I stress - this is a rarity.

Much more commonly, all the details to doxx someone are provided by that person. Someone just takes an extensive walk through your post history. A year ago you mentioned where you live. A year and a half ago you mentioned being at an event in a specific city. Two years ago you mentioned you lived by a military base. You've mentioned your job several times in debates. You mentioned the schools you went to five years ago. You brought up your race in a thread about identity politics last November. Your birthday is on your profile. These are all corroborating details that can be used to confirm your identity once you make a big slip.

Big slips - maybe you mention an extremely niche event that had some minor publicity and had a public guest list. Maybe you let slip you work at niche job, one of those deals where the webpage has a convenient staff listing with images. Maybe don't scrub the EXIF data off of a phone image you post, and the GPS coordinates for your house are attached to it. Now someone takes that big slip and compares it against all the other data points. Does the owner of this house have a name that sounds like your race? Is that name on the rolls for the schools you mentioned? Which of these people has a birthday that matches?

This is all stuff that's publicly available, the doxxer is just putting in the legwork to piece together the clues to your identity. And the more you use a particular identity, the longer you use it and more sites you use it on, the more data this sort or person has to work with to try and doxx you. It doesn't require any hacking, there's no special programs to use to prevent it, software doesn't help.

If you want to practice information security and avoid being doxxed, don't talk about your life except in the broadest possible terms. Either don't make your birthday or other private info publicly available, don't enter it, or put in deliberately false values. When you sign up for new sites, use a new handle on each one. Don't reference the names of your accounts on other sites in discussion. Every year or two, ditch that account and make a new one, if the site allows.
 
Here's the thing I don't get. People are all gungho against doxxing, they rage and call it a massive crime, it ruins lives, etc etc. Those same people plug every aspect of their life into social media, put it all out there for someone to find. What did they expect was going to happen? People with grudges simply wouldn't follow the breadcrumb trail right to their doorstep?
 
In my case it was ignorence, I got into the online community late in my life and was basically hitting every branch a noob goes through in a year.

I didn't take it seriously and I figured the other people would get over it and go live their own lives.

I was mistaken.
 
Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.

I'm guessing hotlink rot was due to linking to stuff on imageboards like 4chan.
 
I'm guessing hotlink rot was due to linking to stuff on imageboards like 4chan.
Partly it was that, but images hosted on other servers would disappear for all kinds of reasons. Plus, it's somewhat impolite to hotlink to someone else's server without notifying them; QQ isn't high-traffic enough to break anyone's upload, probably, but bandwidth is still a limited resource. As they say, all interesting behaviors are overdetermined.
 
1) Use a trustworthy proxy/vpn which is enough to stop most casual snooping by the local IT/ISP.

2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

3) Don't post anything true about yourself in RL.

Here's the thing I don't get. People are all gungho against doxxing, they rage and call it a massive crime, it ruins lives, etc etc. Those same people plug every aspect of their life into social media, put it all out there for someone to find. What did they expect was going to happen? People with grudges simply wouldn't follow the breadcrumb trail right to their doorstep?

People (as a general rule) aren't good at critical thinking and like to talk about themselves.

Its very easy to have a setup that keeps the average stalker/casual snooper from being able to bother you by using 1 identity per forum/media that isn't tied or associated with any other. Just it requires an extra 5 minutes and not talking about yourself IRL.

People who don't like talking about themselves are much harder to doxx for that reason.

I mean, I'm sure tehelgee can confirm I did those 3 things if he bothered to check :p
 
1) Use a trustworthy proxy/vpn which is enough to stop most casual snooping by the local IT/ISP.

2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

3) Don't post anything true about yourself in RL.

Most forum sites block common VPNs, or proxies.
 
2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

Actually, I recommend against that, simply due to password recovery. If you lose the login/password, you lose the account if you registered via disposable email.
 
If you don't care about the account that much, you can use Mailinator or another such superdisposable setup.

It's getting harder to make secondary long-lasting email accounts, though; Google, Yahoo and so on now all want mobile numbers or similar traceable contact info before they'll let you set up an email. Of course, burners are an option, but it's another annoying step.
 

Users who are viewing this thread

Back
Top