Personal Information Security - Best practices to avoiding doxxing?

tehelgee · Apr 18, 2017

I got a message recently asking to start a thread on how best to reduce the potential to get doxxed.

However, I'm no expert on the subject, not even a novice. My advice was simply not to put your personal info out there to be found in the first place, advice dating back to the 90s. The individual insisted on a proper thread, though, given the subject matter of this forum and the potential for it to end jobs if it got traced back.

So, then, what tips and advice might be given to those concerned about getting doxxed?

UrsaTempest · Apr 18, 2017

Keeping your internet footprint/history to minimum is always a good option, if not always the greatest/easiest. Keeping them separate from IRL identity works, too. Don't use email for your Facebook account for forum, etc.

Snake/Eater · Apr 18, 2017

What about software options?

i don't know much except there is spyware programs and vpns, and that a antivirus program called mcAfree is bad to install on a computer.

alethiophile · Apr 19, 2017

Software security (keeping your computer from being hacked or infected) is a separate topic from information control (keeping yourself from being doxxed). Related to the former, but still separate, are technological privacy measures such as VPNs.

For the purposes of people here, whose greatest concern is that their online identity not be linked to their real one, the best single measure is simply to not talk about your real life online. There's a degree to which it's difficult to avoid leaking some things (time zone, for example), but every unnecessary piece of information divulged is another clue, one which you can't reliably take down once the Internet has it.

Technological privacy measures, meanwhile, are more for those who are dealing with ISP- or government-level mass surveillance or censorship. There are other resources for this, and I'd generally guess QQ to be low-profile enough that it isn't really a target of such (though still vulnerable to indiscriminate collection schemes).

Snake/Eater · Apr 20, 2017

But what about idiotic but well meaning or malicious posters on QQ that are tech savvy?

can't we share our knowkedge on what is the best kind of Specific security programs to install?

tehelgee · Apr 20, 2017

Snake/Eater said:
can't we share our knowkedge on what is the best kind of Specific security programs to install?

There are no programs that prevent you from putting your personal info on the internet. There are no programs to install that prevent people from finding what you've put on the internet.

The lesson here is that you control what you put on the internet, and you must take responsibility for what you've already put out there.

There are ways to mitigate it, of course. Change bank accounts, move, change your name, etc. It just depends on how much hassle and effort you want to put into it.

Snake/Eater · Apr 20, 2017

tehelgee said:
There are no programs that prevent you from putting your personal info on the internet. There are no programs to install that prevent people from finding what you've put on the internet.

i don't think i've ever put out any personal info that would make it easier to my identity, but i have seen other posters that have made that mistake on different sites.

at most, i could only be guilty of having outdated or minimal security knowledge.

Biigoh · Apr 21, 2017

The thing is, Snake/Eater... by the time anyone gets concerned about the security of their personal information on the internet, it's too late for such.

DuskAtDawn · Apr 21, 2017

While I occasionally post information that might lead to people IDing my RL info, I'm also a compulsive liar (not actually by choice.). For every time I say something about myself that's true, I lie about myself four, five times, often with contradictory information. Even when I am telling the truth about RL things, such as when I bitch about my job, I usually do so in deliberately misleading terms, or just outright change some stuff. On top of all that, frequently much of what I don't lie about sounds outlandish, because my life's just that damn wacky for some reason. So my advice is to avoid giving out your true information excepting when you also give a reason to doubt that it's actually true.

This is the internet.You have the right to anonymity, but only if you don't waive it via stupidity. Or, uh, get on the wrong side of a sufficiently talented hacker. It's best not to put your information out there at all, but if you must, do it intelligently

Snake/Eater · Apr 25, 2017

here is a comparision chart i found on Vpns.

Evillevi · Apr 25, 2017

My opinion is don't talk about your work hours, Date of Birth, Place of Birth, the specifics of what you do, who you know and to always be as vague as possible if you use your life experience as justification for something else.

Snake/Eater · Apr 25, 2017

And avoid being a jackass on high noon with another jackass with hacking skills on high noon.

alethiophile · Apr 25, 2017

"Hacking skills" should never come into it. The only potential realization for that would be the QQ server itself, which, go ahead and try.

Google and a lot of patience, on the other hand....

Snake/Eater · Apr 25, 2017

Could a premium upgrade protect a poster's id?

alethiophile · Apr 26, 2017

No. The one thing has nothing to do with the other thing.

Graypairofsocks · May 6, 2017

tehelgee said:
I got a message recently asking to start a thread on how best to reduce the potential to get doxxed.

However, I'm no expert on the subject, not even a novice. My advice was simply not to put your personal info out there to be found in the first place, advice dating back to the 90s. The individual insisted on a proper thread, though, given the subject matter of this forum and the potential for it to end jobs if it got traced back.

So, then, what tips and advice might be given to those concerned about getting doxxed?

Opening a PM from someone else, can allow them to figure out your IP.

alethiophile · May 6, 2017

Graypairofsocks said:
Opening a PM from someone else, can allow them to figure out your IP.

How so?

If that's true, it's a security bug that I need to fix. <_<

Graypairofsocks · May 6, 2017

alethiophile said:
How so?

If that's true, it's a security bug that I need to fix. <_<

It's not a bug, it is a misuse of an intended feature.

You can embed images in PMs.You know those things called tracking gifs in emails? (a transparent 1 pixel gif) It works similarly.

They can upload an image to a host that keeps a log of IPs that access it. They then embed the image in the PM and send it to 1 person only.

This would work, but I have never heard of anyone doing this in practice. This just figures out the persons IP.

alethiophile · May 6, 2017

Graypairofsocks said:
It's not a bug, it is a misuse of an intended feature.

You can embed images in PMs.You know those things called tracking gifs in emails? (a transparent 1 pixel gif) It works similarly.

They can upload an image to a host that keeps a log of IPs that access it. They then embed the image in the PM and send it to 1 person only.

This would work, but I have never heard of anyone doing this in practice. This just figures out the persons IP.

Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.

Graypairofsocks · May 7, 2017

alethiophile said:
Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.

Huh, I forgot about that.

Dakkaface · May 9, 2017

Snake/Eater said:
Could a premium upgrade protect a poster's id?

You seem to be under a very mistaken impression of what doxxing generally is, what hacking is, and what you can do to avoid being doxxed.

Doxxing is when someone manages to connect your real life and online identities. Being able to say 'XxUserGuyxX is John Smith from Anytown, Texas, USA. It can go deeper than that, finding family members, jobs, clubs, etc. Trolls can then take that info and use it to harrass that person, which is why doxxing is bad.

Doxxing can be done via hacking. It generally isn't. If your email is breached and you have your real name set on it, or in any of the services you've used that email to sign up for, they've got your real name. If they manage to get access to your computer or cloud files, they might find your real name/address/identity info via tax returns or other documents. I stress - this is a rarity.

Much more commonly, all the details to doxx someone are provided by that person. Someone just takes an extensive walk through your post history. A year ago you mentioned where you live. A year and a half ago you mentioned being at an event in a specific city. Two years ago you mentioned you lived by a military base. You've mentioned your job several times in debates. You mentioned the schools you went to five years ago. You brought up your race in a thread about identity politics last November. Your birthday is on your profile. These are all corroborating details that can be used to confirm your identity once you make a big slip.

Big slips - maybe you mention an extremely niche event that had some minor publicity and had a public guest list. Maybe you let slip you work at niche job, one of those deals where the webpage has a convenient staff listing with images. Maybe don't scrub the EXIF data off of a phone image you post, and the GPS coordinates for your house are attached to it. Now someone takes that big slip and compares it against all the other data points. Does the owner of this house have a name that sounds like your race? Is that name on the rolls for the schools you mentioned? Which of these people has a birthday that matches?

This is all stuff that's publicly available, the doxxer is just putting in the legwork to piece together the clues to your identity. And the more you use a particular identity, the longer you use it and more sites you use it on, the more data this sort or person has to work with to try and doxx you. It doesn't require any hacking, there's no special programs to use to prevent it, software doesn't help.

If you want to practice information security and avoid being doxxed, don't talk about your life except in the broadest possible terms. Either don't make your birthday or other private info publicly available, don't enter it, or put in deliberately false values. When you sign up for new sites, use a new handle on each one. Don't reference the names of your accounts on other sites in discussion. Every year or two, ditch that account and make a new one, if the site allows.

tehelgee · May 9, 2017

Here's the thing I don't get. People are all gungho against doxxing, they rage and call it a massive crime, it ruins lives, etc etc. Those same people plug every aspect of their life into social media, put it all out there for someone to find. What did they expect was going to happen? People with grudges simply wouldn't follow the breadcrumb trail right to their doorstep?

Snake/Eater · May 9, 2017

In my case it was ignorence, I got into the online community late in my life and was basically hitting every branch a noob goes through in a year.

I didn't take it seriously and I figured the other people would get over it and go live their own lives.

I was mistaken.

Graypairofsocks · May 9, 2017

alethiophile said:
Actually, on QQ this will not work. The server caches any image shown on the board and serves it itself (originally a measure to reduce hotlink rot). Thus, the attempted tracker will just get a single request from QQ, and no others.

I'm guessing hotlink rot was due to linking to stuff on imageboards like 4chan.

alethiophile · May 10, 2017

Graypairofsocks said:
I'm guessing hotlink rot was due to linking to stuff on imageboards like 4chan.

Partly it was that, but images hosted on other servers would disappear for all kinds of reasons. Plus, it's somewhat impolite to hotlink to someone else's server without notifying them; QQ isn't high-traffic enough to break anyone's upload, probably, but bandwidth is still a limited resource. As they say, all interesting behaviors are overdetermined.

TheNorthman · May 11, 2017

1) Use a trustworthy proxy/vpn which is enough to stop most casual snooping by the local IT/ISP.

2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

3) Don't post anything true about yourself in RL.

tehelgee said:
Here's the thing I don't get. People are all gungho against doxxing, they rage and call it a massive crime, it ruins lives, etc etc. Those same people plug every aspect of their life into social media, put it all out there for someone to find. What did they expect was going to happen? People with grudges simply wouldn't follow the breadcrumb trail right to their doorstep?

People (as a general rule) aren't good at critical thinking and like to talk about themselves.

Its very easy to have a setup that keeps the average stalker/casual snooper from being able to bother you by using 1 identity per forum/media that isn't tied or associated with any other. Just it requires an extra 5 minutes and not talking about yourself IRL.

People who don't like talking about themselves are much harder to doxx for that reason.

I mean, I'm sure tehelgee can confirm I did those 3 things if he bothered to check

Graypairofsocks · May 11, 2017

TheNorthman said:
1) Use a trustworthy proxy/vpn which is enough to stop most casual snooping by the local IT/ISP.

2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

3) Don't post anything true about yourself in RL.

Most forum sites block common VPNs, or proxies.

TheNorthman · May 11, 2017

Graypairofsocks said:
Most forum sites block common VPNs, or proxies.

Privacy does limit your options but once you lose it you never get it back.

RL doesn't exactly allow people to Respawn like a video game does.

tehelgee · May 12, 2017

TheNorthman said:
2) Disposable Email with an alias you never used before to keep it from being correlated which stops the other form of casual snooping (FB, Google, et al).

Actually, I recommend against that, simply due to password recovery. If you lose the login/password, you lose the account if you registered via disposable email.

alethiophile · May 13, 2017

If you don't care about the account that much, you can use Mailinator or another such superdisposable setup.

It's getting harder to make secondary long-lasting email accounts, though; Google, Yahoo and so on now all want mobile numbers or similar traceable contact info before they'll let you set up an email. Of course, burners are an option, but it's another annoying step.

Personal Information Security - Best practices to avoiding doxxing?

The stern gaze of justice.

Yuri Fanatic, Archivist

Myth Maker of the North

Shadowed Philosopher

Myth Maker of the North

The stern gaze of justice.

Myth Maker of the North

Primordial Tanuki

Of the Thousand Faces

Myth Maker of the North

Shadow Pika!

Myth Maker of the North

Shadowed Philosopher

Myth Maker of the North

Shadowed Philosopher

THIS IS A TITLE!

Shadowed Philosopher

THIS IS A TITLE!

Shadowed Philosopher

THIS IS A TITLE!

Magical Defender of Justice

The stern gaze of justice.

Myth Maker of the North

THIS IS A TITLE!

Shadowed Philosopher

Making the rounds.

THIS IS A TITLE!

Making the rounds.

The stern gaze of justice.

Shadowed Philosopher

Users who are viewing this thread