|
jccc
just aotherhuman


Registered: 12/01/06
Posts: 1,162
Last seen: 11 years, 3 months
|
How safe am I online?
#6326593 - 12/02/06 06:59 AM (17 years, 5 months ago) |
|
|
If I look at shroom related sites and am a member here can the cops get in my files/search me?
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
Re: How safe am I online? [Re: jccc]
#6326763 - 12/02/06 09:55 AM (17 years, 5 months ago) |
|
|
It's possible, if the shroomery servers/logs are ever subpoenaed as part of an investigation. Your IP address is permanently linked to any posts you make, IIRC. However, that seems very unlikely - the shroomery website doesn't break any laws that I know of, and is covered under free speech protections. Even if the logs ever were subpoednaed, there are hundreds of thousands of users here, it would be unusual if even one percent were investigated to do with activities described on these boards. If you are reasonably sensible with your posts (e.g. not posting photos of yourself in an underground bunker with hundreds of kilos of weed) the risk is acceptable.
If you are worried about anonymity, look at some of the other topics in this forum - programs like JAP and TOR route your communications through an anonymous network, hiding your real IP address from any servers you communicate with, meaning you are functionally anonymous when browsing sites like the shroomery. An very easy-to-use program that routes communications through the TOR network is Torpark, which is a build of the Firefox browser pre-configured to use tor. You can install it on a hard drive or flash drive, and when using it to surf websites, you are functionally anonymous (to an acceptable level, at least).
|
WIZOLZ
Poor with Needs


Registered: 03/20/06
Posts: 290
Loc: Monte Carlo
|
Re: How safe am I online? [Re: OJK]
#6328355 - 12/02/06 07:52 PM (17 years, 5 months ago) |
|
|
I need to know something...about how the internet itself, works.
Most of what it does is like a game of send and retrieve, and that requests made by us, the client are sent to the host (servers) of which the data is stored, then it is sent in data packets, back through the ISP, then to our individual IP's and onto the screen ?? Correct me If I'm off on this please..
Then considering this, can those packets of data be deciphered by your ISP or any other intrusive software ? ** I know there is spyware which tracks certain piece's of information **
Theoretically, you could have simultaneous links being loaded or downloads happening and they would be unable to correctly build an imagine from what information or files you were originally viewing.
Just so that people are aware of the potential of this happening, though ISP usually run off of a discreet privacy contract, I have read that there is new legislation being either propaganda or actual events, which would allow governments and ISP to work in connection and Log client activity, though, mostely to combat threats of terrorism and warcrime activity. But still, it remains uncertain and uncertainty fucking sucks.
-------------------- ---------o----o----o-------o------------------------o--o-o- ---------------------------------------------------------------- Requim for a Dream - Paul Oakenfold --------------------------------------------------------------- "The mis/abuse of any form of power, is the worst form of ignorance" ------------------------------------------------------------- WIZOLZ - Lover with a Killer's Smile
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
Re: How safe am I online? [Re: WIZOLZ]
#6328599 - 12/02/06 09:47 PM (17 years, 5 months ago) |
|
|
Please forgive me, but I can't exactly follow what you're saying.
When you communicate over the internet, using the standard http protocol (which, for the most part, websites use), the information you send and recieve is sent in plaintest. That is to say, most of the time, any information you send over the internet is sent as normal, human readable information. Your ISP can see all the packets you send and receive. Your ISP can therefor see all the websites you visit, and all the data you send to websites.
The length of retention of this data by ISPs usually depends on legislation. In Europe, ISPs are required to hold this information for a mininum of six months.
To be frank, information sent over the internet in standard format is not in the least secure. Things were never designed that way.
If you wish to be secure/anonymous, you should use a program like TOR or JAP.
|
0kehSt0nr
Bakery Fresh



Registered: 03/15/06
Posts: 767
Loc: smb://slakcr
|
Re: How safe am I online? [Re: WIZOLZ]
#6330119 - 12/03/06 12:45 PM (17 years, 5 months ago) |
|
|
It doesn't matter how many things you're downloading/uploading, the packets can be retrieved in order. Thus is the magic of IP/TCP; each packet sent has a sequence order, to prevent corrupt data and to make sure no packet is lost.
Like Opiumjunkie said, TOR or JAP would be your best bet if you're the paranoid type
|
Oatman2000
-=Outa Space=-



Registered: 05/10/05
Posts: 2,877
Loc: Planetary Nebula
Last seen: 1 year, 7 months
|
Re: How safe am I online? [Re: 0kehSt0nr]
#6332737 - 12/04/06 12:16 PM (17 years, 5 months ago) |
|
|
but aren't these anonymous servers sometimes "traps" for the accused?
--------------------
Spawning to COIR
My Chocolate Recipe
WBS QUART SPAWN JAR PREPERATION ----------------------------
4-PO-DMT; 4-phosphoryloxy-N,N-dimethltryptamine
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
Re: How safe am I online? [Re: Oatman2000]
#6332767 - 12/04/06 12:26 PM (17 years, 5 months ago) |
|
|
Random proxy servers are not terribly secure. Established, well known open-source projects like JAP and TOR are not "traps" of any kind.
Commercial projects (i.e. NOT JAP and TOR) that promise anonymous browsing are often scams, or at least provide anonymity not worth a damn, but I've never heard of a project set up as a government honeypot, no.
|
deck
01100100011001010110001101101011

Registered: 12/03/06
Posts: 36
Last seen: 17 years, 5 months
|
Re: How safe am I online? [Re: OJK]
#6333457 - 12/04/06 04:36 PM (17 years, 5 months ago) |
|
|
Quote:
Odiumjunkie said: Random proxy servers are not terribly secure. Established, well known open-source projects like JAP and TOR are not "traps" of any kind.
I'd be hesitant in expressing your faith in such open-source projects. Do you recall that in 2003, JAP was backdoored by the German BKA? (http://www.securityfocus.com/news/6779)
As for TOR, most forums I've visited seem to make a habit of blocking the TOR servers. In fact, this site seems to be doing the same thing.
Some advice I'd recommend you and others follow while using projects such as JAP and TOR is:
You should never send personal data. Do never ever enter any personal data into any website while using such a service. Their goal is to hide your identity, so I'm sure it's obvious why it would be a bad idea to enter such information while using such a service. You can do that during normal browsing.
Never ever enter any usernames or password trough non-SSL connections. The TOR/JAR-exit-node could sniff on his network-interface and grab the username/password pair.
Also, do not fully trust open-source projects such as TOR and JAP. Their network is run by volunteers and that there’s absolutely no guarantee that one or more nodes could be compromised.
You seem to be very intelligent regarding this subject, Odium, you just seem to have a little too much unwarranted trust regarding such services.
-------------------- deck@shroomery:~$ chown -R deck your_mother
|
OJK
Stranger

Registered: 06/08/03
Posts: 10,629
|
Re: How safe am I online? [Re: deck]
#6333782 - 12/04/06 06:14 PM (17 years, 5 months ago) |
|
|
Your points make sense when configured in a vacuum, but when compared to the alternatives, they're less of a worry.
> I'd be hesitant in expressing your faith in such open-source projects. Do you > recall that in 2003, JAP was backdoored by the German BKA? > (http://www.securityfocus.com/news/6779)
True, a german court ruled that JAP collect data in relation to a child pornography operation. However i) the backdoor was relatively trivial to 99.9% of JAP users as it regarded a single website (not terribly comforting) and ii) as an open-source project, the backdoor was noticed almost immediately (much more comforting). Compared to any kind of closed-source or commercial privacy service, the process was relatively transparent.
> As for TOR, most forums I've visited seem to make a habit of blocking the TOR > servers. In fact, this site seems to be doing the same thing.
A lot of IRC channels block access from TOR nodes - I've never had problems with forums using TOR. I'm using TOR to browse the shroomery right now. I'd be surprised if this forum blocks access from TOR nodes - Ythan has gone so far as to write a proxy finding script to help users remain pseudonymous around here.
> You should never send personal data. Do never ever enter any personal data > into any website while using such a service. Their goal is to hide your > identity, so I'm sure it's obvious why it would be a bad idea to enter such > information while using such a service. You can do that during normalbrowsing.
Broadly sound advice in so far as it's a good general rule not to send personal data to servers you wish to remain anonymous from - but if you're using the TOR network, there's no reason not to send personal data to websites after you've completed an anonymous activity, as TOR changes nodes. You're personal data is also in some ways more secure through TOR - while your end TOR node and the end server will be able to see your data, people on your local network and intermediate nodes won't be able to access the cleartext.
> Never ever enter any usernames or password trough non-SSL connections. The > TOR/JAR-exit-node could sniff on his network-interface and grab the > username/password pair.
True, sending passwords in cleartext is generally a bad idea. True, if you send a cleartext password through TOR, the end node can see the cleartext.
However, people on your local network and intermediate nodes won't. If you send a password in cleartext over a normal http connection, everyone on subnet can see your cleartext, your ISP can see your cleartext, and every intermediate server between you and your end server can see your cleartext.
It depends who you want to keep your data private from. I find it far more convincing a scenario that a government agency will require an ISP spy on your connection and log all packets than a government agency performing a corelation attack on the entire TOR network.
It's a calculated risk, either way.
> Also, do not fully trust open-source projects such as TOR and JAP. Their > network is run by volunteers and that there’s absolutely no guarantee that one > or more nodes could be compromised.
Theoretically true, although once again I find it hugely more convincing that your ISP or a commercial privacy service would be mandated by government to spy on your traffic without telling you than a lone TOR developer somehow sneaking some rogue code into a build and no-one noticing. With open source, you can open up the source code yourself and examine what's going on before you compile, or at least rely on a peer that has programming knowledge to do it and share any surprising results.
It's also true that end nodes can see cleartext. However, there's no way to show who's cleartext it is. The end node does not know the source node. If a government agency did backdoor a TOR node, or even several in their state, they still wouldn't know who any of the traffic was from, and they couldn't gaurentee that any one person would use one of their backdoored node. If you want to break the TOR network right down, you need to perform a corelation attack - and for that, you need to see a large part of the network. If a hostile agency wants your data badly enough to perform a corelation attack on teh entire TOR network, then they want your data badly enough to break into your house and seize your computer, or plant hidden cameras, or torture you, or do any of the other things hostile agencies do. I think, at present, the TOR network is fit for purpose.
> You seem to be very intelligent regarding this subject, Odium, you just seem > to have a little too much unwarranted trust regarding such services.
Thank you, but I'll trust any code that I can view, edit and compile myself a hell of a lot more than an unknown binary. If we accept that sending data over the net is necessery, TOR and JAP present in my opinion the safest and most private method of doing so. Don't forget that anything you don't send through a secure service is in essence viewable by your ISP and therefor the government. I trust volunteer efforts by universities and open source code more than I trust my ISP and government.
|
deck
01100100011001010110001101101011

Registered: 12/03/06
Posts: 36
Last seen: 17 years, 5 months
|
Re: How safe am I online? [Re: OJK]
#6333861 - 12/04/06 06:39 PM (17 years, 5 months ago) |
|
|
Well said. I really have no response to anything you just said besides the fact that I just like providing overly cautious advice, then allowing the individual to get as sloppy as they wish from there on out. 
Quote:
Odiumjunkie said: I trust volunteer efforts by universities and open source code more than I trust my ISP and government.
As do I. The day I experienced my first OS released under the GNU General Public License was the day I converted. I am a vocal and proud supporter of the open-source movement and advocate others to do the same.
-------------------- deck@shroomery:~$ chown -R deck your_mother
|
|