Stop Censorship Now
  You are at: Home > Support > General

site  logo.
Escape Frames

SphynxCat's
Real Vampires Support Page

Article Library

Translate me to:  
 
Title:
Security and Safey conference, June 2000
Author(s):
SphynxCatVP

 
                    ______________________________
__ ____| |____ __
_______| |__| :| Security And Safety | |__| |_______
\ :| |::| :| Online And Offline | |::| | /
\ :| |::| :| | |::| | /
| :| |::| :| Date: 2 June 2000 | |::| | |
| :| |::| :| Channel: #Vampyric_Musings | |::| | |
| :| |::| :| Hosts: Narradas & Isthme | |::| | |
| :| |::| :|______________________________| |::| | |
/ :|__|::|___:/ \.___|::|__| \
/_____:/ \::/ \::/ \._____\
   Attracting unwanted attention is a frequent danger to those of the
   VC, so preventative security or a switch of identity is sometimes our
   best tool to self-preservation. This process is not as simple as it
   once was but neither is it overwhelmingly difficult when approached
   properly. Online safety is as critical as offline precautions in
   protecting our identities and thus in some cases, our lives. At the
   root of this is the necessity for shielding ourselves from the
   invation of a variety of stalkers, researchers, and hackers as the
   internet is a vast gateway leading directly to our doorsteps. This
   campaign of safety must take place both Offline and Online
   simultaneously in order to be successful.
Areas of expertise for the hosts:
NARRADAS: Online - Safety and security related to email, guestbooks,
   ICQ, message boards and websites.
   Offline - Security and safety issues involved with meeting
   people for the first time one-on-one: where, when, how to
   get there, what to do, precautions to take, etc.
 ISTHME: Paper trail chasing (from the registrar of voters to 
   your magazine subscriptions), Reverse tracing to your
   home (name, phone, address, etc), electronic security 
   (email, PGP and firewalls), tracker cookies, IP
   tracerouting and the dangers of cable IP's, mail drops
   (relaying and forwarding), and advice on personal safety.
==== SURVIVING THE ONLINE IDENTITY GAME =============================
Be willing to change identities without looking back. If your
   identity is cracked, you must shed it and that includes all the paid
   ISP services as well. Never get the same nicks again. Safe identities
   are the ones you are not attached to.
This also means you do NOT tell anyone what your previous online
   identity(s) is/was. 
Protecting yourself online goes a long way to protecting yourself
   offline. Most online data leads to offline data, and a paper trail.
==== EMAIL BASICS ===================================================
When presenting yourself in the VC, never EVER use an email that 
   you pay for. This leads to your identity and you can be hacked in
   much worse ways than mailbombing if your attacker is sly. Freemails
   and many webmails now have spam protection and can also be abandoned
   if there is a problem with full mailboxes and such. 
When using webmails, bear in mind, that many of them have YOUR
   outgoing IP address in the headers when you use them to send mail.
   This cannot be shut off in a webmail system! You'll just have to hunt
   around for ones that don't show your outgoing IP address. 
Even though many of these are not "truly secure", they are good
   intermediaries and contribute greatly towards keeping your identity
   confidential, and because of their disposable nature, can be
   abandoned without cost.
It's actually a good idea to run multiple email accounts; use one as
   a "spam dump" (for, say, posting to Usenet newsgroups, a common
   target of spammers) and one as a more "secure" email, given only to a
   select few.
When you send email by whatever system, the first and last name you
   enter in the configuration is what shows up when it arrives in the
   other person's email - if you don't want them to see your real name,
   don't use it! Most webmails never verify real names when signing up,
   so you can use whatever name you'd like. Use fake information when
   signing up to freemail services as well (i.e., NetZero, Juno, etc)
Check to see if the IP address shows up in the headers - an IP
   address is the online equivalent of a street address - if yours is
   sent out with outgoing mail headers, it can come back to haunt you
   later.
If you have trouble remembering fake identities, write them down in a
   safe place - never keep them near the computer, it's a common thing
   to stick userid's and passwords under the keyboard for instance. If
   you have at least two accounts, you can send email from one of your
   accounts to another to read the headers the first one sends out.
You can also use a freebased mail forwarding system. 
Isthme: Whatever the case, when using browser based
   mail, it registers the intermediary server as the ip as it serves
   as the SMTP portal rather than coming directly from you by using
   an intermediary CGI/backend script to process the mail rather
   than accepting a transmission directly from your ISP. Browser based
   mail is mail that uses creates a mail program in your browser window
   rather than using Outlook; Eudora is an example of a browser based mail
   retrieval system.
==== LISTSERV BASICS ================================================
On the whole, most lists request confirmation from the email address
   when signing up. In the event that you do not with to be subscribed
   to a given list, you should refer to the listserver for directions to
   be unsubscribed. Usually this is a very simple process (either from
   the "home" site or through an email command) but it varies from
   system to system.
==== SPAM AND MAILBOMBING ===========================================
Remember that the desire of the mailbomber is to bog you down and
   under a heap of data. They hope to keep you uninformed and occupied. 
   If you use the email address of an account you pay for and you choose
   to retaliate by contacting his ISP to have his service severed, he
   has succeeded in eating up your time. 
(SphynxCat: OTOH, the faster you can get the spammer offline, the
   faster he doesn't bother anyone else either. Just my opinion, I have
   a zero tolerance approach to spammers.)
==== DO YOU HOST YOUR OWN DOMAIN? ===================================
If you host a domain and have email through that, do not use it at
   any level for VC interaction! If they ever catch on, they can do a
   simple Internic search and know your address for the registration.
   (Although you can have your ISP "cloak" your identity when they
   register your domain for you, you then have the risk of the
   "social engineering / bullshit factor" than some people can talk
   their way into getting almost any information from the ISP.)
==== ISP BASICS =====================================================
Regardless of what you use for email and such, use a service with a
   random IP assignment like AOL or earthlink for your browsing in
   questionable areas. They will give an IP that will route to the
   corporate HQ of the company regardless of your dialup in most cases.
Some ISP's have static IP addresses that don't change. You can find
   out by calling your ISP.
==== BROWSER BASICS ================================================
Use a proxy server that does not "pass through" your actual ISP
   information. 
==== IP ADDRESSES AND TRACEROUTING ==================================
Be aware of what contains your IP address:
 * ICQ
   * Outgoing email headers
   * /whois information in chat
   * posts made to message boards
   * entries made in guestbooks (if not public, then to the owner)
   * outgoing webmail headers
   * Many cable IP's are static, and LAN security sucks
   (SphynxCat: If you have no hardware firewall, invest in a program
    called "ZoneAlarm" - it's a software firewall. Take the time to 
    learn this package, it's VERY worthwhile!)
   * DSL's tend to have static IP's as well
Your personal info can be tracked from:
 * /whois in chat - city/state, city/province/country, ISP hostmask...
   * embedded cgi programs or cookies in other web sites
   * email - name, IP address (and thus ISP) 
   * ICQ - if you put personal info, web address, etc in ICQ settings
   - ICQ has almost no security!
   * whatever you put in your website can give someone a "profile" of
   you, this plus all the previously mentioned items can make 
   tracking you down much too easy. (Many people have lots of 
   personal info on "about me" pages - for instance, where they 
   work, what they drive, what pets they have, even their resumes!)
   * And all of these don't require any special gadgets or special
   software programs!
Hit tracking software can give:
 * IP address
   * Your ISP and YOUR timezone
   * Browser type and version
   * Whatever personal information YOU put in the browser
   (and even information that you don't put in it!)
   * Operating system/computer type, version
   * screen resolution and how many colors your running
   (i.e., 1024x768 and 16million colors)
   * And all this is recorded THE INSTANT YOU ARRIVE! 
You can bypass this with a proxy server that does not "pass through"
   your actual information. You can test a proxy server with the
   Anonymizer web site: http://www.anonymizer.com/
You will have to text proxy servers yourself, and do a search to come
   up with useful ones. This WILL be a time-consuming process, and
   you'll have to check each one to be sure it doesn't pass your real
   information through. Develop a list of at least a half-dozen so if
   one stops working, you can move on to the next and search for more.
   You may have to repeat the process frequently, as some proxy servers
   become unavailable in a short time period.
==== RECOMMENDED READING ============================================
   How to Disappear Completely and Never Be Found by Doug Richmond
   Reborn in the U.S.A. by Trent Sands
   Counterfeit I.D. Made Easy by Jack Luger 
==== GOOD RESOURCES =================================================
http://www.webdeveloper.com
One of your best ways to learn to protect yourself is to run a mock
   stalking of yourself. Do everything you can think of based on what
   data you have posted publically to trace it to your identity. Even
   call your ISP and lie badly about who you are, do not give any
   confirmation that you are yourself and try to lie your name, password
   or any sort of information out of the customer service rep. This
   will prove very enlightening. Often an ISP when looking up your
   account before asking for more annoying information to confirm you
   identity may simply say: "alright moi@myisp.com... looking it up...
   alright...Isthme? OK..." then proceed. This is an error on
   their part that they avoid but it is a natural reaction on the part
   of a weary tech.
Not everyone is a hacker, but there are people who are just good at
   finding info or know the tricks.
==== SELF DEFENSE ===================================================
Always carry a weapon that you are intimately familiar with. If you
   can't carry a weapon, always be aware of what in your surrounding you
   can use as an impromptu weapon, and the emphasis here is speed AND
   effectivess in that order. 
If you don't have any weapon skills, get some. Buy training and
   lessons. If you really don't want to carry firearms, learn alternate
   weapons (especially whatever is legal to carry in your
   state/province/country.) Take martial arts classes, and lots of them.
   If you're caught without a weapon, just flailing your fists isn't
   going to do a lot of good unless you get lucky. Learn where on the
   body are good targets. 
Always be aware of your surroundings - the people, what they're
   doing, behavior of drivers in parking lots and roads, etc. Learn to
   recognize what IS normal, then learn to spot what isn't. If you can,
   see about taking police self defense classes.
==== WHEN MEETING SOMEONE FOR THE FIRST TIME ========================
ALWAYS - 
   * Let someone know where you are going to be
   * what time you're leaving
   * what time you're coming back
   * who you're going to be with and any other information you have 
     about them.
   * If you can, take an active cellphone with you. If you have to
     get the hell outta there, you can call for help. 
   * observe their body language - how they carry themselves and
     how they walk/stand/sit can speak volumes about their everyday
     occupation and lifestyle. What they wear and how they wear it
     will tell you even more.
   * Always pick a neutral location - a strip mall, etc - and check 
     out the place beforehand so you're familiar with the
     surroundings.
NEVER - 
   * let the other person have total control - if they
     pick the place, you pick the time/date or vice-versa.
   * trust anyone just because they say they trust you
   * trust anyone who has the same interests - people are 
     too quick to figure they're safe because they have something
     in common.
   * get into the car of someone you don't know, no matter how
     harmless they seem.
   * judge someone to be harmless based on their body size - a
     110-pound female in a miniskirt and tube top can be just as 
     dangerous as a 6-foot 300 pound jock - and sometimes more
     dangerous because you don't expect it!
   * let your hormones make decisions for you. s/he may be a
     babe/stud, but if you don't know them, it doesn't mean it's
     safe.
   * Never call them from your home or work number - in this day
     and age of CallerID, that can give out too much information,
     especially since there are publically available websites that
     will do reverse lookups of phone numbers.
One good meeting does not mean they're safe.
Many public places will have cameras in them - airports, etc - and
   can provide proof that you were there and who you met with if
   something happens to you. 
Carefully decide whether to meet at night or during the day and why.
   If at night, make sure the area is well lit.
If you're really paranoid, plan to meet the person in someplace
   outside of your native city, and outside of their native city.
   Arrange ahead of time topics of discussion (what you will or won't
   talk about, etc) and agreed upon contact (i.e., shake hands but no
   grasping of forearms - what may be normal for one may be interpreted
   as hostile by the other.) Choose a place with at least 2 exits and be
   someplace where you can watch the entrance.
Use cash only - no cards that might show a name, bank, or PIN when
   buying anything. This prevents information that might be identifiable
   from being left behind.
Don't dress the way you normally would, unless that is very
   mainstream. 
Use public mass transit to get there if possible. Cabs can be useful,
   but you can be tracked down later from your description.
   Busses/subways are nice, anonymous transport modes. 
If you're really REALLY paranoid, bring a couple friends and have
   them show up AHEAD OF THE MEETING. (Give them time to blend in to the
   "scenery".) Preferrably two friends who can be really good at not
   looking in your direction. Be aware that 2 beefy guys can draw
   attention because they'll look like bodyguards.
If your instinct is screaming at you to leave, DO SO!!! Your health and
   safety are far more important than finding someone with things in
   common! Don't feel you have "an obligation to stay" either!

==== PORTABLE PHONES ================================================
Cellphones/digital phones have the advantage of being small and
   portable wherever you go. Especially the new ones that practically
   fit in the palm of your hand.
Cellphones, however, can be picked up easily by scanners and radios
   if the radios go in the right bandwidth. No, it's not easy to pick
   out a specific individual's phone transmission, however, it's easy
   enough to stumble across in a random search. In the USA there was 
   a high-profile news story about one congressman who's cellphone 
   conversation was taped from the radio. Never never NEVER assume 
   cellphone conversations are completely private!
Baby monitors have been known to pick up both cellphone and cordless
   phone transmissions.

This article is presented as part of an ongoing effort to present other views outside of, as well as within, the online vampire community. As such, the views and attitudes contained in this article are entirely those of the author(s), and may not necessarily be shared by SphynxCatVP. The webmaster is not under obligation to update or otherwise keep current the contents of this article. Most importantly, only you can decide for yourself whether this article or any of the author(s) other views are useful or applicable to you - use your own reasoning and judgment.


Contact Author(s):
Compiled by SphynxCatVP; Hosts: Narradas and Isthme

Home | Tell a Friend | Privacy Policy | Site Map | Webrings | Dictionary
© July 1999 to present, SphynxCatVP