Personal Information, Anonymity, and Security

[No_Strings]

So that means you're not going to give me your address so I can show up at your house with some restraints, lube, and a full set of studio gear to take some photos? Waahhhhhh!!!!! You're so..... hot... and innocent.... C'mon, I'll shoot you all day and you can uh, shoot me all day. :biggrin1:

Why on earth would I cancel my birthday plans? Speak sense woman! Two months to go, I'm sure you can fit me into your schedule if you fancy it... I don't mind if you bring a friend or two either.

 

[dong20]

Security is relative, privacy an illusion and true online anonymity a myth.

I pretty much stopped worrying about it a long while ago. All one can do is take (mostly basic) steps that will defeat 95%+ of potential violations but in the end almost any information (online or not) is available to those with the resources, time and desire necessary to obtain it.

A saving grace being that 99.99% or more of it almost certainly isn't worth finding out and much of the 0.01% or less that is will likely lie within the 5% that requires above average skill and detirimination to winkle out.

Also, couple the sheer volume of crap squirelled away in obscure corners of the Internet with the mentality and attention span of the average 'hacker' and (I use the term hacker in the loosest sense of the word) or in context, stalker may be more appropriate, there really is safety in numbers.

This is a good read.....

Security Watch: The myth of online anonymity - CNET reviews

 

[B_ironsoul]

Why on earth would I cancel my birthday plans? Speak sense woman! Two months to go, I'm sure you can fit me into your schedule if you fancy it... I don't mind if you bring a friend or two either.

do you have any requests on who that friend could be? can I volunteer?

 

[nudeyorker]

Wow...this is food for thought...I've only exchanged my phone # and address with one person, and my phone # with only a hand full... but only after my rare diagnostic mind was certain they were not ax murderers... I'll keep my fingers crossed.
Thanks for the info!

 

[HazelGod]

In a related vein, this little bit of recent news from my hometown area goes to show that sometimes even just your name can be too much info to have in public circulation.

"A Porn Star Stole My Name"

 

[earllogjam]

I feel that I do reveal a lot about myself here that I don't otherwise do but have found by doing this I get the most out of the site in terms of advice. Get what you give I've found.

As far as being recongnized on the street - hmmm. That has not happened yet. I guess it would be a bit odd for another person to know all about your history here without you knowing a stitch about them. I do take care not to reveal where I live or what I do for this reason, but if someone should come up to me and say "hey elj, I know you from LPSG." it wouldn't bother me too much. It would just make me feel that I'm walking down the street naked. I don't tell many people I know that I'm here just as I don't leave dirty magazines out on the coffee table.

I'm not ashamed about things I post here so I guess it doesn't bother me if anyone has time to waste looking into my profile and post history and "discover" my true identity. I'd prefer to be anonymous however.

I do regret putting more revealing photos all at once here because I have recieved solicitation PM's into my personal email address which was not great. I have since taken them down and the few I get now just go into junk mail. (I hate snubbing them actually but they seem to be a can of worms most times and I'm not looking to "hook up" here). I reposted some for a LPSG friend I've made recently.

 

[Falcon9]

I watched a television special on security issues in the electronic age and a few things stand out: Cell phones (certain kinds when activated or "on") can be located through triangulation by receivers. Your whereabouts can be detected and pinpointed with great accuracy this way if you are indeed the one carrying your own cell around (which most of us do). I have this homing function turned off on my phone as it is an option in functions but if I am ever kidnapped I can hopefully activate it again (if my arms are not bound) while trapped in the villain's car trunk I suppose.

Another thing of interest: A majority of digital cameras have electronic codes built into image files (the entire image is series of digits after all) taken with the camera. The code numbers embedded in the images are unique codes to each camera and can be traced to the serial number of the camera (also a unique number to the individual camera). The tv special went on to explain that individuals who send in their camera warranty registration cards have provided a company with a way to trace their images, linked with codes in the image file, linked with the serial number to their camera and linked to the personal information asked for on the warranty registration card (name, home address, etc.) It makes one stop to think! Anyway, it was mentioned as a way for solving crimes involving digital images used in blackmailings, etc.

I wonder if these low-resolution (ie: not sexy) cell phone pics people take are also linked with embedded (coded) digital data corresponding to the user's phone number, address, etc!

 

[Falcon9]

PS: I hope this didn't put a wet electronic blanket on posting sexy pics here. It is too much fun after all!

 

[HazelGod]

Cell phones (certain kinds when activated or "on") can be located through triangulation by receivers. Your whereabouts can be detected and pinpointed with great accuracy this way if you are indeed the one carrying your own cell around (which most of us do). I have this homing function turned off on my phone as it is an option in functions but if I am ever kidnapped I can hopefully activate it again (if my arms are not bound) while trapped in the villain's car trunk I suppose.

Guess again.

Any cell phone that is turned on can be triangulated by the network operators. At its basic level, it's just a two-way radio. The phones are in constant contact with the surrounding cell towers when they are on...otherwise they wouldn't ring when dialed. The only way to "hide" your cell phone from location searches is to turn it off entirely.

 

[snoozan]

Why on earth would I cancel my birthday plans? Speak sense woman! Two months to go, I'm sure you can fit me into your schedule if you fancy it... I don't mind if you bring a friend or two either.

Yes!

do you have any requests on who that friend could be? can I volunteer?

Ooooh, YES!!! Now I'm excited.

Another thing of interest: A majority of digital cameras have electronic codes built into image files (the entire image is series of digits after all) taken with the camera. The code numbers embedded in the images are unique codes to each camera and can be traced to the serial number of the camera (also a unique number to the individual camera). The tv special went on to explain that individuals who send in their camera warranty registration cards have provided a company with a way to trace their images, linked with codes in the image file, linked with the serial number to their camera and linked to the personal information asked for on the warranty registration card (name, home address, etc.) It makes one stop to think! Anyway, it was mentioned as a way for solving crimes involving digital images used in blackmailings, etc.

This is called EXIF data and is generally very useful because it contains all the information that you could ever need about a photograph-- time, date, lens used, fstop, flash, exposure and on and on and on. As far as I know, the cameras are identified so that I as a consumer/photographer know which camera I used for which photo even if they are the same model. So for example, if I shot a wedding with my assistant and we both used the same model camera body, I can go into my editing software and sort the photos by camera serial number. This is really helpful for me, and even moreso for larger companies that may have 5-10 cameras that are the same model. I didn't think about the more nefarious uses for it. However, you can strip the EXIF data from images usually by just pushing them through your photo editing software.

 

[invisibleman]

I'm very careful about whom I choose to share information with. There is only one person i've regretted sharing my email address with and i've blocked him.

Hey, you blocked me.

Why'd ya do that? What am I gonna do with all these banana splits with extra chocolate sauce and walnuts :smile: ? And the double chocolate mocha cheesecake with the ground zwieback and espresso bean pie crust from the Cheesecake Factory?

Oh, well.

 

[SteveHd]

A number of years ago Scott McNealy of Sun Microsystems said, "You have no privacy. Get over it."

Still relevant.

 

[dong20]

This is called EXIF data and is generally very useful because it contains all the information that you could ever need about a photograph-- time, date, lens used, fstop, flash, exposure and on and on and on. As far as I know, the cameras are identified so that I as a consumer/photographer know which camera I used for which photo even if they are the same model. So for example, if I shot a wedding with my assistant and we both used the same model camera body, I can go into my editing software and sort the photos by camera serial number. This is really helpful for me, and even moreso for larger companies that may have 5-10 cameras that are the same model. I didn't think about the more nefarious uses for it. However, you can strip the EXIF data from images usually by just pushing them through your photo editing software.

The same principle applies to other file formats too. Most people don't consider the potential 'dark side' of its use either. But then of course most people don't realise it's there or even possible to store so much information 'invisibly' so for the most part it's a non issue and information stored is usually of little or any use to anyone but its owner.

I have used it on occasion in conjuntion with security procedure audits and so on, but mostly it's innocuous, misleading and incomplete. But, as they say; information is power and whatever its source I think there is much truth in that.:smile:

 

[Shelby]

All of the true things that I am about to tell you are shameless lies.
​

 

[Ethyl]

Hey, you blocked me.

Why'd ya do that? What am I gonna do with all these banana splits with extra chocolate sauce and walnuts :smile: ? And the double chocolate mocha cheesecake with the ground zwieback and espresso bean pie crust from the Cheesecake Factory?

Oh, well.

Told you I prefer pecans over walnuts...pay attention next time. :tongue:

A number of years ago Scott McNealy of Sun Microsystems said, "You have no privacy. Get over it."

Still relevant.

Yes, it is. If someone has the time and resources, they'll find out what they want.

 

[Falcon9]

Guess again.

Any cell phone that is turned on can be triangulated by the network operators. At its basic level, it's just a two-way radio. The phones are in constant contact with the surrounding cell towers when they are on...otherwise they wouldn't ring when dialed. The only way to "hide" your cell phone from location searches is to turn it off entirely.

Thanks for pointing this out. I had to go back and read the instruction book. So, to be more specific, the new cell phone that I use has a feature that allows the user to disable the "Location" setting. The manual states that turning off the Location setting disables the GPS (Global Position Satellite) locating service for all services except 911. But doesn't, as you have correctly stated, hide the general location based on the cell site servicing the call. The phone would have to off as you noted to be undetectable. At least I am safe from Dr. No.

 

[chico8]

A number of years ago Scott McNealy of Sun Microsystems said, "You have no privacy. Get over it."

Still relevant.

If you live in the USA, there's no such thing as privacy. Every scrap of information about you, whether on the internet or not, is available for a few measly dollars. The best any of us can do is be vigilant and take immediate action if we suspect identity theft.

It's amusing to see people here say how cautious they are about what they post here. All you have to do is look through someone's old posts and you could come up with quite a bit of information.

The best thing to do is post only what you would say in real life so that some ill-informed rant doesn't come back to bite you in the butt when a future partner checks you out or when you're looking for a new job.

Too many people ignore this aspect of the internet.

 

[rob_just_rob]

I can't imagine giving my personal email address* to anyone I met here. Bottom line is, you can never be 100% sure anyone here, or elsewhere on the internet, is who or how they claim to be.

That said, I don't think I would lose too much sleep if I was tracked down, which is undoubtably possible for someone who was willing to put in the time, to do.



* as opposed to one of my many free, throwaway web-based email addresses.

 

[B_big dirigible]

It's amusing to see people here say how cautious they are about what they post here. All you have to do is look through someone's old posts and you could come up with quite a bit of information.

What a load.

Sure, there's information here. About ten percent of it might actually be true. Even that ten percent will tell you what, exactly? Not much.

My modest self can serve as an example. There is a great deal of info about me on the 'Net. People I haven't seen in years have been able to contact me that way. But they knew my real name, which gave them something to search on. Even so it's not easy, as a certain famous person has the identical name, and the first fifty pages of google hits are his. I have a number of well-known web sites which are publicly registered in my real name. But none of them link to me here. Similarly, the information I've given out here doesn't link to any of that outside stuff. A search on my novelty name will reveal only that it's not a rare one. My contact e-mail account has no genuine information attached to it, and my photos were uploaded from a dynamic ISP address. The rumor that I run a tractor repair forum won't help in a search, as it's not true. "Tractor repair" is a euphemism for another topic.

The only way information I post here can be used to identify me is if someone who knows me happens to blunder into this site. In that case, there is indeed enough information to convince him that I'm me. But that's a long way from asserting that "anybody can find out anything".

 

[dong20]

Sure, there's information here. About ten percent of it might actually be true. Even that ten percent will tell you what, exactly? Not much.

My modest self can serve as an example. There is a great deal of info about me on the 'Net. People I haven't seen in years have been able to contact me that way. But they knew my real name, which gave them something to search on. Even so it's not easy, as a certain famous person has the identical name, and the first fifty pages of google hits are his. I have a number of well-known web sites which are publicly registered in my real name. But none of them link to me here. Similarly, the information I've given out here doesn't link to any of that outside stuff. A search on my novelty name will reveal only that it's not a rare one. My contact e-mail account has no genuine information attached to it, and my photos were uploaded from a dynamic ISP address. The rumor that I run a tractor repair forum won't help in a search, as it's not true. "Tractor repair" is a euphemism for another topic.

The only way information I post here can be used to identify me is if someone who knows me happens to blunder into this site. In that case, there is indeed enough information to convince him that I'm me. But that's a long way from asserting that "anybody can find out anything".

Firstly, so far as I can see nobody said "anybody can find anything" in such an unqualified sense as I’m sure you well understood. Also, I don’t recall anyone saying it was easy. In your typical style you’re again seeking to twist what was written for some unclear motive, or perhaps sheer contrariness.

For myself, I was talking less about casual sleuthing by idiots or wannabee stalkers than systematic attention by those who know what they want and how to obtain it. To be fair, it’s unlikely anyone on LPSG would warrant such attention, they'll fall in the 99.99% which even if ‘worked out’ would be about as interesting as finding out who reached 1000 posts this week. No offence intended to anyone in that sense.

Technology.

Technology will only get you so far, though often it will get you far enough. The way any such information is obtained is rarely about any one source. Of course, in the LPSG context it’s highly unlikely one will uncover detailed personal information from a member from any one post or posts, or casually ‘Google up’ the personal details of LPSG users as you seem to suggest. It’s about lateral thinking, persistence and, often a casual relationship with morality and the law.

Images may have embedded information about when they were created - the tool used to create or edit them, information that may even contain a name. If it’s a tool that has been registered then with access to a registration database a geographical crosscheck could be run (based on IP). This thread has shown many are blissfully unaware of the ‘invisible’ embedded information they pass around.

Email is a bit iffy, but even if you use web mail then it’s entirely likely your source IP address will be embedded. Yahoo emails certainly do. If you use Outlook for example your PC name may also be included. Armed with that and a likely IP address depending on how secure it is and how you connect extracting a surprising amount of information from it is pretty straightforward.

Never mind that anything sent by unencrypted email is about as private as a postcard.

You post from a dynamic IP? Well, firstly if your address lease is 24hrs which is pretty typical and you connect again at least once within that period, you may keep that IP for days or weeks. But either way it gives away your ISP and depending on your ISP DHCP management setup, network topology etc with a little digging this should turn up a location.

This will almost certainly be at city level which may or may not be much use of course, but knowing a little about the way the ISP is structured physically or logically may well allow a more precise location down to the Rack/POP/Frame level.

You may even narrow it down to cabinet (street) level. Blueyonder in the UK used to do this. Naturally, ISP’s don’t generally publish this information but it’s often available nonetheless. Even a simple tool like tracert can be useful in getting a general location.

Of course there are whole raft of issues that can cloud the accuracy of this, proxy servers, ISP’s who by using gateways make it appear all their users live where they don’t, long distance dial up, firewall configuration etc but there are ways around most of these, although they may require detailed packet analysis. Naturally, if a packet can get from A to B, then A and B can be determined.

Here’s a simple example. Of course if it can be done legally…..There’s no ‘rocket science’ involved here.

eTECHnews: Internet Anonymity Compromised Through IP Address Tracking

There are whole raft of RFCs dealing with this issue, if anyone is interested have a look at 2050 and 4886 (which deals with IPv6).

http://www.ietf.org/rfc/rfc2050.txt
http://www.ietf.org/rfc/rfc4882.txt

Even with a dynamic IP, it takes a few seconds to scan a range for which ones were active when "joe bloggs was". Digging a little deeper, if one had access to ISP DHCP logs (a buddy who worked for them perhaps) then a userid and account details are a step away.

Alternatively, if one could gain access to the appropriate routers, switches (after all, many are woefully insecure) or cable runs any decent protocol analyser would capture your login authentication, and pretty much anything else you did online.

Much authentication is clear text and PAP/CHAP authentication is hardly unburstable. Although CHAP or NTLM won’t get you a password as such, neither. If that’s what you’re after a session replay may enable you to get it later. VPN traffic is pretty secure for the most part too, but how many use a VPN to post on say LPSG? The simple, open designs of IP and Ethernet are their strengths and weaknesses.

Read “Session Based Logging (SBL) for IP-Traceback on
Network Forensics” by Omer Demir, Ping Ji and Jinwoo Kim.

I’m sure it’s online somewhere. It’s pretty light but interesting enough.

As one might imagine, there is no shortage of sites willing to help those budding Dick Tracey’s in this regard. Abika is just one.

Trace IP Address, Find IP address, IP Address tracing, Search IP Address, Map IP Address

What’s said there contains a fair amount of smoke and mirrors, it is a commercial site after all, but it's far from Holywood either. There are oodles of tools out there that can do amazing things, so they would have you believe but while these are aimed largely at script kiddies and the gullible the basis on which they work is essentially sound.

I do this kind of stuff for a living, well I used to and have done so for years and have some experience in the field. I have traced the odd ‘hacker’ using a combination of the things mentioned above. I've no idea of or interest in what happened to them, I just handed over the details to the authorities or those that asked for it. Back in the early days though, I used to have fun backtracking some dumb script kiddie and send them a nice message, lock up or crash their PC or some such thing. It releived the boredom.

People.

Tracking folk is not really my area of expertise, and I have no interest in but for those so motivated but without technology skills or where IT led nowhere; this is where most clues are found. I agree in the context of LPSG this is amateur stuff and not really germane to the wider issue of privacy. The thing is, for the most part people are careless with personal information, usually without realising it. As BD said, they will lie about many things, certainly exaggerate, well, given this forum that’s a given but that’s not that sort of information that’s of use.

Unless they are consciously seeking to hide or fabricate all they post they tend not to lie about the casual “I live 5 Min walk from XXX”, "I eat at XXX which is a few streets away", "I use XXX phone/network", "I work in XXX field" or spread over a few posts - "I drive a XXX, I drive to work, I use XXX road every day" (which road happens to have a junction with a live traffic cam – with sufficient resolution to read number plates). DMV records are hardly secure after all.

Sure, it sounds rather Sandra Bullock but I'd wager there are some sad folk out there with nothing better to do than stand at a busy junction noting license plates of blue cameros, or hang round Fredo's pizzeria with an eye out for suspiciously large bulges, or the latest Motorola timewarp. Or, better, the cash to pay some other poor sap to do it for them.

People may post elsewhere; more clues may be found in those other environments where, perhaps a perceived need for anonymity is reduced. People leave a trail of electronic breadcrumbs that can be easy to follow, perhaps all the way to their front door.

In a nutshell; people give away far more information than they realise. It may come in tiny fragments, no single piece may mean much on its own, but like a jigsaw, get enough such fragments and the bigger picture becomes clearer.

It’s seldom easy; because most information worth finding out isn’t that easily obtained. It’s highly unlikely any one piece of information is enough but put together they narrow the field. All it takes is time, motivation, a degree of intelligence and the right resources (which may be other people or tools etc).

Naturally, most people don’t have the motivation, never mind the skill or time to do it, so as BD says it’s a non issue. If they do, you can run..