Other related pages of my anonymity Lab
[corporate survival]
[stalking matters]
[enemy tracking]
[steganography]
[What Fravia knows about you]
[Tweak your browser!]
[Anonymous e-mailing]
[Anonymity Lab]
Things that
happen I thank Lutz Donnerhacke (ccc-Jena) for a lot of what follows |
Thou shallt not sacrifice thy son! (How many beers drank Gerhard Schr–der last Saturday?)
Don't ever think that anonimity is just an 'Internet' stuff. Make a small experiment (I did it).
Use your real address and the real name of your 4-years old son and book one of those
Reader's Digest (or whatever) bogus advertisement. Of course never pay for anything, let it
just die out. The interesting thing happens after a short while: your letterbox begins to
be filled with OTHER advertisement and ads-campaigns directed to your son. They have passed the
data around.
This is a common practice among the bastards: they integrate reciprocally their databases with
the most complete possible data about you (and if you use one of those 'super-advantage'
supermarket
cards they will know also how oft you cry ~ go to the toilet ~ sleep ~ wash your teeth and so
on).
Another example: 'outsourcing' means that many data that you believe you are giving to your
doctor ~ insurer ~ railway company ~ rent-a-car society ~ frequent flyer schema (and so on)
are in reality elaborated by just ONE huge (mostly american) company (let's say Electronic Data
System just to make a name :-) don't think the amis will really need a lot of
CIA to know exactly how many beers the German Chancellor (or whoever else)
drinks on Saturday...
How quick do you read what? (Ever wondered why there are free email services?)
On the web you leave a lot of traces,
as you'll be able to see [here], every server
you are using to access the web has an IP-address that will be logged together with exact
information about WHATEVER YOU DO on a page. Yes: how long you looked at it, where did you
come from, which links you clicked onto and so on... there are some (weak) counter measures
that you can take see [here], but
overall it would be fairly easy to understand exactly what your real
interests are if deemed necessary. Now, you'll say, noone is going to go after me! Nice attitude,
you'r not Paranoid, yet this does not mean that they are not interested in your data
nevertheless. The data you are smearing around are collected, because they are
useful per se or, more often, because they MIGHT be useful if inserted in a data
mainstream. Did
you ever wonder WHY there are free email-services on the web? I see the light of understanding
sparkling inside
your eyes... yes! The sheer amount of data that can be gathered through somebody as huge as
AOL (or somebody as visited as Altavista) is incredibly interesting for data evaluation, data
merchandising, targeted advertising, insider trading and even maybe for simple
denunciation (or collaboration) purposes with the power that be. In systems like ours, µ
where the
political oligarchy is
elected by the small part of the population that care to vote, mostly on the base of some
televisive crap or on the basis of some "info" that has been obviously concocted by
their very masters for personal gain purposes,
the sheer POWER that the abovementioned data can represent gives me the creeps. Forget
obsolete means like the "Bild-Zeitung" or "the Sun",
the new methods to control the slaves are much more refined.
Email tracking and PGP
As you can learn [elsewhere] on my site, it is relatively easy (if time-consuming) to track
an email (even if forged). Not only does the header itself, mostly, deliver quite
exact information about the provenience of the mail (IP-path and timezones), but all
server through which the email went have gathered all traces onto
their own loggings, with the exact message-ID of the email that you are targeting.
That's how spammers and small trollers are caught, btw. Here you go with some ID-examples of
a single email I have received to-day (as you all can see through the timestamps
it went from the States to the European Union early this morning)
Received: ...with SMTP id 6DZA8ABF; Tue, 8 Dec 1998 05:10:49 +0100
Received: ...with SMTP id <28477>; Tue, 8 Dec 1998 05:09:16 +0100
Received: ...with local id 0xlFgz-0006w6-00; Tue, 8 Dec 1998 05:29:13
+0100
Received: ...via SMTP by fvial id smtpda31528; Tue Dec 8 05:29:05 1998
Received: ...with ESMTP id GBA11095
for <fravia@nospam>; Tue, 8 Dec 1998 05:08:04 +0100 (MET)
Message-Id: <199812080508.GBA11095@hydra.accu.uu>
Received: ...with SMTP id <0.6AB1C5D0@iris.itcs.nwu.edu>; Tue, 8 Dec
1998 0:04:41 -0400
Date: Tue, 8 Dec 1998 05:06:35 +0100
When stalking this specific target you would use the
Message-Id: <199812080508.GBA11095@hydra.accu.uu>
performing your queries to the various servers, in order to check their loggings...
Since email is passed around IN CLEAR, you would be well advised to ROUTINELY USE PGP. I know
that
I myself am not following this advice nearly often enough, yet I believe I'll begin to do
it soon. The level to which the automated email sniffers have arrived is getting quite
disturbing.
So send your mail encrypted with PGP. It's simpler as you may fear.
Set a 4096 bit encryption if you'r truly parano.
NOBODY cracks this! (1024 bit is considered Military Grade) Not the
NSA, certainly not some wannabe electronic PIs. How powerful is PGP?
Hear: "If all the personal computers in the world -260 million- were put to
work
on a single PGP-encrypted message, it would still take an estimated 12
million times the age of the universe, on average, to break a single
message" (Crowell, Deputy Director of the National Security Agency, in March 1997.
Fact is PGP won't be cracked by any brute-force attack. Not in your
lifetime. Want to read about how tough it is to crack PGP?
http://www.stack.nl/~galactus/remai
lers/index-pgp.html
With PGP you can create e-mail that only your recipient can read, encrypt
documents on your hard disk and more. Start here :
http://www.ifi.uio.no/pgp/
If you use PGP, take care: PGP 2.6.3. is still probably the best choice, since
PGP versions over version 5, tough easier to use, have a special
'mitsniffer' function built within that
will allow third parts to read your encrypted emailings. (A sad world, isn't it?)
Usenet postings
Usenet postings are de facto 'public' emailings. Anyone can peruse them, and dejavue (and
other
depots) allows you to quickly search through millions of them, as you'll be able to
learn [here].
On every usenet posting there are a couple of lines that can be useful in order
to gather information about the poster:
Path: news.reference.com!arclight.uoregon.edu!wn4feed!worldnet.att.net!
128.230.129.106!news.maxwell.syr.edu!news.alt.net!usenet
From: mdmedis@earthlink.net (MdmeDis)
Newsgroups: rec.games.computer.ultima.dragons,rec.games.computer.ultima-dragons
Subject: Re: Attn: Carly
Date: Thu, 3 Dec 1998 21:10:37 -0500
Organization: Altopia Corp. - Usenet Access - http://www.altopia.com
Lines: 71
Message-ID:
References:
X-Newsreader: MicroPlanet Gravity v2.10
Xref: news.reference.com rec.games.computer.ultima.dragons:58379
You see the path line? That's almost the same as for a normal email, you can read there
all the servers that have brought this article until reference.com (where I have fished it).
Even the browser your target's using can deliver you some clues (MicroPlanet Gravity v.2.10?
Forte Free Agent? Forte
Agent 1.5/32.451?) In the last case a very honest lemming (uses windows and has paid for his
registrated full-version of Forte) we could target for windows advertisment... in the
hope we have not found a reverser that has cracked his version!
Deleting Files
There are many utilities out there, whatever you decide to use,
set it to do a dozen overwrites of random zeroes and ones. Be aware
of the fact that -if anyone can physically access yopur computer- it is
always possible to understand ('feel') if the bit that AT THE MOMENT
CARRIES A ONE HAD A ZERO OR A ONE BEFORE! A small charge residuate is
in fact persistent over the first (and may be even the second) delete...
overwrite a dozen times, as I said then, after you have erased your
sensitive files this way, repeat the process erasing all
free space on your "real" hard disk (as you may have [read], you should
always use TWO harddisks: the 'innocent traveler' one and your 'real' one).
Do your burning twice for good measure, then defragment the disk.
Considering that the sensitive files were PGP encrypted to start with, I just
hope that nobody will ever be able to read those files.
Another issue is the creation of the original file, the one you are going to
encrypt. Would traces of it,
pre-encryption, be hanging around? Possibly. So never create them by
writing them to your hard disk. Use a floppy. Create and save files to
a floppy, encrypt it, then transfer it to the hard disk. No trace of the
thing pre-encryption should ever exist on your hard drive.
The floppy? Burn it. Literally. Turn it into ash.
Floppies are cheap, and there are enough people giving away disks with
trial software out there to fill your needs. You probably have
dozens of AOL disks
sitting around. Many old games I had on floppies have gone to Magazine's CDs (and can
be bought for next to nothing in all good second-hand shops), and there are still folks out
there promoting their services on 3.5" disks...
You decode a binary, base 64, file using your preferred decoder.
Little do you know that
a copy of the original file is stored somewhere, often inside the
Preferences folder in the System folder. Burn 'em. Browser Global
History? Burn it. Cache? Set it to zero. Anything shows up there,
burn it.
In Netscape, it is fairly easy to disable much of the functionality of
Cookies, by making the cookies.txt file "read only" (PC).
Else replace the File MagicCookies with an empty folder with the same name in
your Netscape Preferences folder (Mac).
This will allow you to visit
sites that ban
cookies disabled visits, and yet you'll write no cookie! And while your in there,
burn your Global History file. And set your cache to zero, you get a
fresh copy of each site you visit and no record of where you've been is
written to your disk.
And try to visit sites via a proxy site. The Anonymizer is good, but many
sites are refusing access to visits originating from there. A little
research will turn up some [proxy sites] you can go through :-)
Digital_IDs invaders: VeriSign
(Thanks to Casey Lide for this info, you
may want to visit The Internet Legal Practice Newsletter)
Despite some misleading statements by VeriSign, a web site can choose to have Digital IDs
automatically transferred, with no involvement or choice from the end user whatsoever. Digital
IDs can be customized and added to, and are, in effect, tools to facilitate the creation of
consumer marketing profiles. VeriSign is (perhaps primarily) a database marketing tool. Itís not
about consumers verifying that theyíre who they say they are so that they can make
point-and-click purchases online Itís the gathering and distribution of information about the
consumers themselves, and the existence of an elaborate framework of strategically aligned
companies poised to capitalize on it, while the producers of the information (the consumers)
remain ignorant of the whole practice.
Why are Digital IDs used? Here the words of the commercial bastards themselves, you'll
easily reverse their real meaning: "Since the information fields in Digital
IDs
are customizable and extensible, you can also more easily track user activity to
acquire more precise demographic information about your customers, and more accurate
readings on the effectiveness of web site marketing or other online promotions...
Digital IDs provide a unique identifier for each user that you can use to . . .
personalize the information or advertising displayed to a user, match behavioral
patterns with a userís profile. . . . You can even link a visitorís Digital ID to
customer-specific information, such as purchase history, that resides in your
database. These Digital Id's are something more than cookies: accomplished by
Verisign through several companies, strategically aligned with VeriSign,
which exist solely to "offer the following products and services (to webmasters):
tracking and analysis of web site traffic; demographic and psychographic profiles
of web site visitors; servers for targeted advertising and web content; and comprehensive 1:1
marketing capabilities.
So now you understand WHY there are so many 'free'
trackers, counters and messageboards around. Man I could puke :-)
So how is this done? There are two aspects to the Digital ID infrastructure which are probably
unknown to the average end user who signs up. First, there are functionally no limits on what a
Digital ID can contain, and there is no guarantee that the end-user has absolute control over
whatís contained in his own Digital ID. They can be customized and extended upon (though, by whom
is not entirely clear). Second, there is an elaborate hierarchy of IAís (Issuing Authorities) and
LRAís (Local Registration Authorities) and CAís (Certificate Authorities) and PCAís (Public
Certificate Authorities): VeriSign, Inc. is at the root, while the end-user is the leaf at the
end of the branch. A hierarchical structure such as that, while perhaps necessary for the "web of
trust" model of authentication, also lends itself to the use of early artificial intelligence
technologies. The unrestricted practice of database marketing/datamining -- and consumer
profiling -- relies heavily on similar technology. This hierarchical structure should be closely
watched.
Personally, as EU-citizien, I would like to know HOW exactly the European Union is
implementing its Directive 95/46/EC of the European Parliament and of the Council
of 24 October 1995 on the protection of individuals with regard to the
processing of personal data and on the free movement of such data... and its
Directive
97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector.
Probably, as usual with good European legislation, some of the
more commercially corrupt Member States and/or more feudally managed regional areas
of the Union (like Catalonia and Bayern) are grinding all
wheels an playing all possible dirty delaying tricks in order to AVOID any
implementation at all costs (because defending the privacy of their
citiziens would be tantamount to an heavy attack towards many of their
commercial friends (and supporters) and, moreover, to some strong American interests,
since most of these snooping services are based in
the States). These developments should be closely watched by all reversers IMO.
Let's go over to our cookies and to DoubleClick.
Cookies invaders: DoubleClick
The king of the privacy invaders: DoubleClick seems to be up to some new
tricks these days.
Double Click is the outfit that tracks your movements on the internet, and
makes sure you receive an ad banner, etc --- wherever you visit --- that
they have determined should be "of interest to you" --- based upon their data
base of your browsing habits.
Ok, here's what you'll do right now: have a look at your folder windows/cookies. Do a grep search
for your
REAL email address. Chances are that you'll find it inside some cookie. Scared? That's
nothing, those are the OLDER ones, that did not even care to encrypt your data... Now
do a grep search for doubleclick... here is one of them:
id
61b8610f
doubleclick.net/
0
1868938761
13583431
0046757619
29692000
*
But there will be more occurrences, of course.
Well, ole Double Click now has the ability to target ads to you based upon
your telephone area code used in your internet telephone connection.
Further, one of the shortcomings of "Cookies" as used by Double Click, is
that while the Cookie will identify your computer on a particular site ---
if you do not visit that site again for weeks or months --- the Cookie is
of little use to Double Click.
Therefore, beginning next year (1999), Double Click is reported to be installing
special snooping
software that will identify your computer wherever it goes --- weeks and
months after an original Cookies may have been placed on your computer by
Double Click for a particular site. The Cookies placed by Double Click will
apparently no longer be site specific -- but rather specific to your
computer --- and apparently, to your name --- so your movements on the WWW
can be monitored wherever you go --- whenever you go there.
Once again, it is the ubiquitous Cookie that makes all of this possible.
As we said, in Netscape, it is fairly easy to disable much of the functionality of
Cookies, by making the cookies.txt file "read only", but there is a very simple
solution to permanently block cookies silently on
nearly any browser. You'll just need an hex-editor.
Watch it... all the following tricks are still experimental, depend on
many variables and may not apply for all type of browsers. Moreover the following
tricks could damage your software. Use at your own
risk and only if you know what you are doing. On the other hand... what's life
without reversing a little? :-)
You load the
browser's executable into the editor, and search for the string
"set-cookie" (it might be in uppercase). Once you've found it, alter it by changing some
characters. Simply overwrite them. For example, you could change it
to "no-cookies". Then save (and use) the altered file.
Now instead of looking for "set-cookie" in the http headers your browser
will be looking for "no-cookies". When a site sends a cookie it will send
"set-cookie" in the httpd headers, but your browsers will no longer
recognize that as the code for a cookie. Instead the cookie header will
ignored. No requester, no cookie :-)
Another trick you can use with the Trumpet winsock dialer: in the directory under
which Trumpet winsock was installed, there is a file named HOSTS.
Simply add the following two lines to the file :
127.0.0.1 doubleclick.net
127.0.0.1 ad.doubleclick.net
This trick completely blocks any connection to doubleclick, so neither
coocky exchange will take place nor the ad will appear on the web page.
Another possible trick is to write a small batch file that you'll use to launch your browser,
say something like
rem fravia's cookiesmasher
c:\
cd windows\cookies
del *.*
This is NOT as good as removing all cookies for good (since the various commercial
bastards will start pumping cookies back as soon as you visit them) but it has a
couple of advantages: - The whole significance of cookies is negated by the simple
fact that you'r always a 'newbie' in the cookies world (so they are NOT targeting
you effectively and their data are somehow falsed)
- It is much simpler to implement
in a corporate environment, where more 'heavy' reversing
operations could give you problems.
Active-x invaders
Javascript is relatively innocent, yet you may be able to use it to defend yourself
from idiotical commercial ads, see the banner killer script at greythorne's.
Java runs inside a Sandbox, yet ActiveX (Micro$oft's crap, as usual) can access
ANYTHING that you have on your PC.
Active-x controls are PROGRAMS, that you load, install and start onto your own PC.
Such executable code, including unauthorized ActiveX code, can do just
about anything it wants, from reading and writing files
to installing software, such as games, or viruses.
It is relatively easy to use them in order to check the serial numbers of your software or
to exchange data with a bank.
In theory Micro$oft's "Authenticode technology" for verifying
the origins of software components could try to block evil applets
from accessing a user's PC, since the evil applet would not contain an
identifying digital signature. Alas this 'technology' is very easy to
reverse and, moreover, the whole Active-x certification bazaar does not make much sense, since European certifications
are NOT allowed by Micro$oft, as a consequence the (very weak) certification protections
are not even implemented on most browsers. The problem isn't just downloading evil code, it's
also downloading bozo code, if a black reverser can get ahold of an
ActiveX component installed on your box,
he could give it arguments and it would toast your machine.
Particularly evil crackers (of the 'black' stream) 'fish' everyday poor unsuspecting
active-x-enabled lamers and throw all sort of crap inside their PC. A particular
malevolent attack is that if their control find Quicken, it would NOT just issue a
transfer order and add it to that application's batch of existing transfer orders (following the
ccc-people famous example), but it would try
to change all "0x33", (that's the number 3, duh) into
"Ox38" (that's the number "8", duh) inside all Excel and Word files (luser will have
them if he is lemming around with Windoze). Remember when you tricked with your pencil a
3 into an 8? Think what will happen as soon as the bank-employees of YOUR OWN bank (or
railway, or hospital) will fall for that... :-(
A good reason to choose banks, railways and hospitals (and everything else)
that DO NOT use Micro$oft browsers and
products... I know it's getting [more and more
unlikely], but there's no
reason I shouldn't add my own pebbles to the M$-demise nevertheless :-)
You should consider disabling the ActiveX capability in your browser
or using a browser such as Opera, or Netscape Navigator, which does not support ActiveX. Setting to maximum the 'security' feature of your M$-browser
is NOT an option, btw, since it is pretty easy to
create a link to a small applet that will MODIFY it if needs be.
Other related pages of my anonymity Lab
[corporate survival]
[stalking matters]
[enemy tracking]
[steganography]
[What Fravia knows about you]
[Tweak your browser!]
[Anonymous e-mailing]
[Anonymity Lab]
Fravia's main
homepage
links
+ORC
bots wars
students'
essays
counter
measures
bots wars
antismut CGI
tricks
academy
database
tools
javascript
tricks
cocktails
search_forms
mail_fravia+
Is software reverse
engineering illegal?
(c) Fravia, 1995, 1996, 1997, 1998.
All rights reserved, in the European Union and elsewhere