Computer security

[fireman]

Sooo I am always concerned when i post pics and such since i am more savy with gardening than i am with computers.This is also the reason i have few posts in 4 years. So my question is what can i do to ensure that none of my information can be taken from pictures i post or things of the such.

How can i tell if the pic i am posting will be able to have info taken off it not from the picture itself but like the file coming from my computer?

Oh yea i use a mac so this is mostly the cause of the confusion. I grew up on PC`s so dont know how to to do anything really with a mac besides use it well but no fixing or such.

Thanks for all the help

 

[DevilWeed]

I worry about that as well. Windows 7 has a built in gizmo that will strip all tags but I don't know if I trust it. May have been in earlier windows realeases, not sure. You right click the pic, go to properties, click the Details tab then click Remove Properties and Personal info.

You can also convert jpg's to gif's as gif's don't store tags, at least that's what I've read.

 

[Godless]

Download an image viewer/resizer called irfanview. Open your pics, resize them as you wish and [save picture as], [filetype = jpg]. In the Jpeg save options dialog box, make sure that [Keep original EXIF data] is unchecked. Save the file and there will be nothing embedded in the image that will ID the camera or the date.

If you want a reasonable level of safety on this site, just browse it in HTTPS (make sure that all your URLs start off with https:// instead of http://) - add in the "s" if necessary. This makes it so that your ISP (and any LEO they give your traffic data to) will only know that your IP address requested something from icmag.com - they will have no way of knowing that you are username "fireman" who posted all those great budshots. If you are compliant in a med state, I'd consider this a decent level of protection. If you are a cash cropper or in a non-med state, then I wouldn't hit icmag.com from my home IP - better to go to a coffee shop or library with a free access point (where using HTTPS is critical!).

 

[IWanaGetHiSoHi]

Don't register your camera with the manufacturer.

 

[B. Friendly]

Got this from a REZ thread:
For My Friends
________________________________________
Internet/Personal Computer Anonymity:The Easy Way,101
------------- :smile: --------------

A#1) Throw OUT Microsoft Internet Explorer 6 or 7.
In the trash,it's shite.

1) Go to www.mozilla.com and download/install FIREFOX 2 Browser.

2) In Firefox pulldown tools>options and cofig the browser to
*Not save passwords
*Not save your history
*Not save your forms
*Not save a record of what you download
*Set to 'clear cookies when Firefox closes'.
*Set to 'clear private data when Firefox closes'.
*Disable java/javascript (some pages won't work without java.Caution.)

Let's work on Total Anonymity,shall we?

3) Go to: https://addons.mozilla.org/firefox/2275// and install TOR Button.
(A pre-emptive strike.You need to install Tor/Privoxy before you can use this extension-)

Now,

4) Go to http://tor.eff.org/download.html.en and download TOR,and install the Tor/Privoxy bundle.

5) Read the Info Files and the FAQs for everything!!

6) Go to (any 'check your IP site,or) http://www.whatismyip.com and see what your 'naked' (uncloaked) IP address is.
Write it down,stoner.

7) After installation,light up TorButton and go to http://www.whatismyip.com/ again and see what your IP is.
It shouldn't be what you saw without Tor running,and every time you want to change it,just go to the glowing Tor green onion icon,right-click on it,and select 'new identity'. Simple as pie.


When it's all said and done,Tor servers,worldwide,make your page requests, NOT your local ISP. Hence,NO TRAIL.


= = = = = = = = = = =

I'll leave this up for a day or two,then it's for people to figure out for themselves,again....

 

[DevilWeed]

Great writeup! Gonna try that tonight. +rep

 

[B. Friendly]

I am like a pack rat, every time i see a good info thread i copy and paste it in a word doc.
should start a thread with all the tips, got like 20 files easily.

 

[Godless]

In my humble, but fairly educated opinion, think that it is a bad idea for a computer security newb to use TOR. I'm a pretty savvy guy, but the only time I have ever been hacked, it came from a TOR exit node. Yes, you are hiding your traffic from ISP/LEO, but you are also waving a red flag that says: "I am into illegal shit, please come hack me as you might have something to gain that will translate to $. Oh and thank you for setting up an exit node for me, sure I'll trust you."
Not to mention that there is plenty of rumor that the feds are VERY involved in TOR. Finally the taxes you paid all these years to support the FEDs pays off when they are providing you that uber fast DC exit node.

If you have reason to fear the feds/LEO, use public access points and SSL. If you don't, then you still fear rippers so use SSL.

 

[texacali713]

I just hit up a starbucks and mcdonalds around the way using there wifi access points.

 

[morecbd]

Hello Godless,

SSL ? could you explain and any other tips to see who trying pentrate your system.

cbd

 

[fireman]

Yea i mean come on i think it looks a little sketch to sit in a parking lot and use the computer personally, considering how much i am on the sight i might as well turn my car into a living room.

Second, I do think it is possible LEO are of course monitoring websites and such but I don`t think they are hacking every single person who comes on the site ya know. My only concerns are when i put up info and it may still have like a file name of my comp still attatched or something of the sort. I appreciate all the info thus far i think this is turning out to be a great thread.

Bfriendly- I installed the tor thing on my Mac but it wont let me load a page with it activated. Anyideas

thanks for all the help can always count on icmag

 

[Godless]

Hello Godless,
SSL ? could you explain and any other tips to see who trying pentrate your system.

SSL = Secure Socket Layer = HTTPS://. It encrypts all your web traffic so that a snoop in the middle of the conversation (your ISP/LEO) can't read the web traffic - only your computer and icmag.com know the data you submit. Regardless of any other security measures, always use this one. Unfortunately, icmag.com is one of the very few cannabis sites that offer an SSL connection. That, plus the fact that their server is in the netherlands (this increases the chance that the icmag.com folks won't roll over for the DEA. That won't help if icmag.com is actually run by the DEA, but let's hope that's not the case) is one of the main reasons why i will post on this site and not the many others out there.

They way you use SSL is to simply change your URL before you load it from http://www.icmag.com to https://www.icmag.com - when the page loads, note the lock icon in your browser status bar - this indicates that your browser has a secure connection to the website. Note that, when you load up a site in SSL, all of the URLs on that site SHOULD be SSL (https), but I would never ever ever trust that! So, you have to watch each URL that you load.


If you don't know much about computer security, I would just stick with SSL, a software firewall and anti-virus/spyware software. If you can, use Linux, as it is much less a hacker target and has a better OS security model. This should be plenty to protect you from rippers. If you fear LEO/DEA, then just use the above precautions at a free wireless access point (and if you are really paranoid, never use the same access point).

If you have computer security skills (or have a trustworthy mentor), there are other approaches that can use the capabilities of something like TOR, but there is no way in hell that I would just install the Vidalia TOR package and use it without knowing exactly what I am doing and what my risk vectors are.

I don't mean to come off like a know-it-all here - I am pretty savvy, but maybe I am wrong so I am putting up my opinion to spur discussion. This kind of question comes up very often and I worry that many might be putting themselves at risk unnecessarily. So, if you know your shit, jump in and maybe we can hash out a sticky-worthy post on computer security.

[edit]possible LEO/ISP backdoor for SSL!!! https://www.icmag.com/ic/showthread.php?t=165957

That's scary and way too believable. SSL is still good for keeping you safe from rippers, but that's about it I guess.

 

[Dr. Green Thumb]

After reading this thread i am seriously thinking about taking TOR off my computer.... I originally installed it because others told me it was the best way to surf the web safe. Im no computer wizard so any info will be appreciated

-DrGreenThumb

 

[!!!]

Tor is great. You're only vulnerable to being hacked if you keep your machine outdated and/or run a lot of applications that you don't trust. Badly written programs are exploitable, and somebody who has a list of what applications you're running may be able to get into your machine.

I agree with most of what Godless said but I can't recommend Linux (even though it's my favorite OS) because if you're not experienced, you can leave yourself more open to attacks than you would be on Windows, which is only really a problem if you're downloading apps from sites you aren't familiar with. i.e., Adobe, Mozilla, etc are big names, reliable, safe. But when you're downloading that screensaver from a warez site hosted in Russia, or downloading horny_girls_kissing.avi.exe from Limewire, you're at serious risk of receiving spyware.

I would recommend OS X, but generally just keep your system up to date and you'll be OK.

Use HTTPS to access this site, and use OTR (encryption) if you're discussing this stuff on AIM. Never login to this site or anywhere grow/weed related on an open network like a school campus. Years ago I used to leave my laptop in the cafeteria collecting people's logins.

If you're storing images or files on your PC, you should encrypt them and make sure to use a hard to guess passphrase (like a full sentence, with punctuation and intentional misspellings.) Look at TrueCrypt and programs like it. If you're on a Mac, you can create an encrypted disk image using Disk Utility.

(Warning: there's absolutely NO WAY to retrieve your data if you forgot your passphrase. Ask me how I know)

And remember that newer cameras have GPS and store A LOT of information along with each picture. Most of the info is just the settings of the camera when that pic was taken (sites like Flickr make use of this), but there is also info that may be linked back to you. If you're uber-paranoid, open up the image, and take a screenshot of your desktop and then crop the image out, or use an app to strip off any excess tags from images before uploading them. I also wouldn't send pics or login to this site directly from my phone.

 

[Preacharound]

I use FoxyProxy. Easy to use but bouncing between proxy's is a pain in the arse.

TBH... i'm really not concerned anymore. Got a small garden and if authorities want to try to nab me for providing medicine for my epilepsy then i'll go to jail quietly; Call my attorney "ALWAYS LEAVE A RETAINER", and be walking the streets in three days max.

Just don't tell anyone your growing, splurge on odor control, and insulate your grow space. That's really all you can do. I try not to post anything much just for peace of mind but I seriously doubt they're worried about small timers like us.

There are ways to find out your info but i doubt narcs are bouncing around on forums or trying to gain IP or MAC information.

 

[hardraade]

How is the Tor-related Privoxy proxy? Anyone? The enforcement here has just gotten perm. to "counterattack" crypt.messages and traffic.

 

[2Lazy]

You're going to have to "trust" me on this one.

If they want to find you, they will. There is no form of encryption or proxy redirection that is 100% safe. A single proxy chase could take someone with some serious CS skills a few minutes to trace.

Let me put it another way though. We're growing pot. Not building bombs. There is only so much in the way of resources for them to use to find a guy growing some meds.

So bottom line is that if they want to find you, despite how you try, the federal government has the capability to get to you. It's just that they won't. They could even track you from a hotspot using traffic cameras and security feeds.

If after 9 years and hundreds of thousands of soldiers on the ground they still haven't found Osama Bin Laden... I think your paranoia and (don't take this the wrong way) self-importance have clouded your rational mind.

I think that if you used a wireless computer solely for ICMag (as the hardware address of the NIC is basically unchangeable), and you used someone else's connection, and you cleared the photo data, and you connected here via a proxy using encryption and HTTPS... They still have a way to track your ass down. I find the key is to just not care.

 

[fireman]

Haha i don`t know why this has turned into a conspiracy theory thread, but lets get away from how not to get traced by LEO to more of a way to protect what people posts and pictures that may have information about the poster. I appreciate the theories on this 2Lazy, but i think you are going in the wrong direction IMHO for this thread.

While we are on the subject i will throw out my beliefs, briefly.I personally am not a conspiracy theorist and agree with you on some points basically that the government can pick up terrorists and enemies of the states by using resources afforded to them by being the government.

The lines stops with the fact that last time i checked the CIA has had a history of ashes and along with the NSA i can imagine these are the only agencies that use this kind of satellite and traffic cams and things of the such mainly. Obviously there are exceptions in the case of an inter agency investigation that involves body counts, and i hope hope hope those people arent posting on icmag ( haha such exclusivity).

The DEA is our captor and they are not the biggest agency out there, but defnitely have resources needed to do their job 10 times fold. Albeit we belong to a somewhat underground society due to its social and legal status currently, there are still bigger fish to fry that do have the body counts and so on such as meth labs. Hopefully The DEA is focusing there resources on this, considering Meth actually kills people and ruins lives and families.

I do agree that there are LEO getting on comps and doing simple investigations if someone was a moron like posting there name in a pic on a website with illegal info or in our case information that may have come from a picture without the knowledge of the poster.

 

[Mike Seed]

If they want to know. They can find out.

In the meantime: http://noscript.net/ - Firefox only plugin. A definite super-tool for web cruising.

 

[slackx]

Those proxy's really don't work if they want you their finding you, some of the best hackers the world has EVER seen have been caught but a simple free proxy is going to hide you from them? Get real.