Security / privacy concerns and apps ( Geek Alert !)

Ashi's Avatar
  • Ashi
  • 08-27-2015, 09:38 PM
i did not want to hijack the previous thread on phones and eccie pm usage but this thread is somewhat related. I am not sure if belongs on the board though...

Geeky stuff below.

Hobby phone has advantages but has limited text messages. The text messages are not encrypted.
Using an Android for hobby and moved to an app named Text Secure From the google play store. It has a few advantages imho:
1. It can provide end to end fully encrypted texts. If you loose your phone or it is confiscated, it is reeeeeeaaaaaly hard to get your compromising text messages, or even f it is accessed from the server side: they are encrypted.
2. It takes over your messages and even if you text with someone who does not have text secure, it keeps your local message box encrypted. The server side is not encrypted.
3. If both parties are on a wifi and have text secure, you can message without spending your limited count of text messages, so it is free!
I wish all the ladies I text message with would have this app , for confidentiality and sparing my android phones limited text count. I cannot transfer minutes into text message counts.

Unfortunately it has no iOS replica yet.

Would be nice to have a large usage base... I do not trust google phone nor any other Google app with confidential stuff ( mail, cloud storage, photos, chat, phone, searches, etc)...they make their money by building targeted advertising so how can they be trusted not to try to make money of your private data?

Anyone else using TOR browser and/or RED ONION iOS browsers? If anybody is an expert in privacy, how secure is your communication using these browsers. ( of course , using only trusted WIFi or local wired network, and disposable emails when signing up. ) I also invite you to share privacy techniques , for those who appreciate it.


Sorry, this ended up longer than initially planned...

*steps out from the shadows*
I use the TOR browser and wouldn't have it any other way. Sure the hops and interstitial encryption make it slower, but it's worth it for the additional peace of mind. It's quite safe unless you're using extensions or plugins that give up identifying information or end up with a compromised exit node (which makes it easier to identify you but still very difficult).

It sure beats the alternative of having any of the hobby info directly tied to you or your devices. Though it's all for naught if the PC or device you're using is already compromised (CarrierIQ anyone?).

I also use a cash burner with the battery removed except for scheduling and +/- a few hours of any appointment. But that's paranoia for you!

*coalesces back into the shadows*
If you use a combination of a vpn account and a TOR browser, it makes things that much more secure as your entry point could be in another state or country even...
Be careful with claims made by app providers that can't be verified. The app provider might be the most honest person on the planet and the best software engineer around, but you will never know if the encryption and security claims are accurate.

A few years ago I bought the highest rated secure texting app that existed at the time, but found unencrypted copies of my texts in obscure data files on my phone using a simple search app
  • grean
  • 08-28-2015, 11:57 AM
I kinda work under the albeit paranoid presumption that Big Brother can also see if he wants. I am more or less trying to minimize the chances of S.O. finding anything.
I just started using www.privateinternetaccess.com about 5 days ago and haven't had any problems. I paid for it with a vanilla credit card. I leave it turned off when I am doing "legit" browsing but turn it on when I go into Eccie mode.
I been learning about VPN's with the thought of using one. Can anyone tell me when using a VPN are there any issues with your regular internet SP? Does your regular SP know you are using a VPN, or do they care at all? Do these two services have to be coordinated in any way? Thank's.
Roger.Smith's Avatar
If you're going to use TOR, do from behind a proxy or SSH. TOR traffic on a network stands out like a sore thumb. It's extremely easy for a Network Admin or Engineer who understands the basics of their job to spot TOR traffic. ISPs turn user data over to the government, that's no secret, it's been well documented by various new outlets. Call something the Patriot Act and idiots fall in line.

You can draw the interest of various government agencies just by using TOR because they're always bad apples that spoil the party. Terrorists, hackers, and people that dabble in forbidden topics can find safe haven on the Darknet for the most part. TOR isn't something I would personally recommend to someone that doesn’t understand computers and networking. You have to be capable of reading and understanding technical information or know someone that does. If not, you're likely to give yourself away.

Windows gives away so much personal info, as well as browser extensions. I use TOR, but not from my regular PC, and I certainly don't use it for ECCIE. Of the things I do online, ECCIE is small potatoes. It's one of the things I worry the least about. Unless you're trafficking women, you'll be fine. LE likely isn't coming after you. If the government ever did get a hold of the ECCIE servers, you'd be hosed anyway unless you've always used an encrypted connection to come here as well as never putting personal info in a PM.
Eccie is my primary concern, and the possibility of ISP's turning over user data or IP addresses to the government. As I understand it the government still has to get a warrant to do that (extremely unlikely just for misdemeanor solicitation). The government tried to change that law in the patriot act but has not been successful, YET. There is still many politicians that would like to change it, and will keep trying.

I have not been considering using TOR I am simply considering using a VPN such as privateinternetaccess.com or hidemyass.com. I'm just curious if there are any complications with my regular ISP, or any other difficulties in using a VPN?

Your comment about the government getting a hold of eccie servers, HUMMM. For all of our sakes I hope the government is more concerned about real terrorists than they are about me fucking a girl much hotter than their wives, but I wouldn't bet on it.
Luke Skywalker's Avatar
If you're going to use TOR, do from behind a proxy or SSH. TOR traffic on a network stands out like a sore thumb. It's extremely easy for a Network Admin or Engineer who understands the basics of their job to spot TOR traffic. ISPs turn user data over to the government, that's no secret, it's been well documented by various new outlets. Call something the Patriot Act and idiots fall in line.

You can draw the interest of various government agencies just by using TOR because they're always bad apples that spoil the party. Terrorists, hackers, and people that dabble in forbidden topics can find safe haven on the Darknet for the most part. TOR isn't something I would personally recommend to someone that doesn’t understand computers and networking. You have to be capable of reading and understanding technical information or know someone that does. If not, you're likely to give yourself away.

Windows gives away so much personal info, as well as browser extensions. I use TOR, but not from my regular PC, and I certainly don't use it for ECCIE. Of the things I do online, ECCIE is small potatoes. It's one of the things I worry the least about. Unless you're trafficking women, you'll be fine. LE likely isn't coming after you. If the government ever did get a hold of the ECCIE servers, you'd be hosed anyway unless you've always used an encrypted connection to come here as well as never putting personal info in a PM. Originally Posted by Roger.Smith
What Roger siad is right on the money. Using tor or even bittorent always raise flags. The biggest riskon using a site like eccie is more on the server than your computer or phone.

As far as eccie activities are concerned, here is my advice:
-use Firefox's private mode ( ctl shift p) prior to getting on eccie.
-use a vpn service
-never divulge anything personal anywhere including pms or chat.
-always delete pms right after sending and reading them
- when sending files via pm or emails, always remove all metadata from them prior to attaching
Roger.Smith's Avatar
A VPN that doesn't keep logs is a good bet. Private Internet Access is a good provider, they don't keep logs. Using a VPN won't cause any trouble with your ISP. VPNs are pretty common, especially for people that work from home or need remote access to a protected network. If you're not doing anything that's crazy illegal or poses a national security threat, a VPN with TOR is very good protection. I don't know about the people that work in tech divisions in the Metroplex, but I seriously doubt they have the resources to crack a VPN and TOR.


The feds are a different matter. There was a 30 year old man from Austin, Ross Ulbricht, who ran a website called Silk Road that sold things that can't be talked about here. The FBI hacked the Silk Road server, which was located in Iceland, without a warrant. The government's position was that the site was involved in illegal activity, so they didn't need a warrant anyway. The presiding judge allowed it, and Mr. Ulbricht was convicted and sentenced to life in prison. The trial was a sham.

Most servers keep information like IP addresses, cookies, and computer information such as; computer names, mac addresses, and browser info. ECCIE runs VBulletin, so I know IP addresses and cookies are stored, it's the most common way to identify a user with multiple handles on this platform. Once the Police have your IP, all it takes is a request to your ISP to find out who you are. The more information a Web server stores, the more ammo LE has to solidify their case. That's why I was saying that if you've ever log into this site with an unencrypted connection, it doesn't matter if you start using a VPN now because they'll be able to identify your username with the IP from your cable or phone company broadband connection.

The good news is that I don't know of a case when users of a review site have been targeted, LE usually targets the operators of escort review sites. Plus, I don't see them spending crazy resources just to nail someone for a misdemeanor they may not be able to prove. Computer professionals who can do the legwork on that kind of investigation don't come cheap.
Ashi's Avatar
  • Ashi
  • 08-29-2015, 09:40 PM
Roger, thank you for sharing some of your knowledge!!
It is always nice to learn from the experts...



Ashi
RicardusRex68's Avatar
For encrypted messaging, look at Telegram. It is available for iOS, Android, Windows, OSX and Linux. It's open source and free.

ProXPN is another VPN that does not log.
boydcrow's Avatar
So if I'm using a VPN (HideMyAss) to log onto Eccie, I delete PMs, and use either a burner or Google Voice with providers, I should be OK, right?
Roger.Smith's Avatar
So if I'm using a VPN (HideMyAss) to log onto Eccie, I delete PMs, and use either a burner or Google Voice with providers, I should be OK, right? Originally Posted by boydcrow
A VPN will stop your Internet Service Provider from seeing what you're doing. If you're using the paid version of hidemyass, that should be fine. The Web version generates a URL (web address)which your ISP can see, so I wouldn't consider that secure. I don't know if those URLs from the web based verison of Hidemyass are deleted later or go inactive.

Solicitation is a misdemeanor, so the chances of LE spending the resources to bust individual users seems highly unlikely. I don't know what IT/Internet police officers make, but if it's similar to what I make, that would be an incredible waste of resources to bust people for a misdemeanor. Not that wasting resources have ever stopped a government agency before.

Now if they did choose to pursue you, if once you've logged into ECCIE from your personal internet account(cable or phone), LE can find out who a username belongs to if they have get access to the logs linking usernames with IP addresses. They'll go through whatever channels to compel your ISP to provide your identity. If they know <eccie handle> belongs to John Doe because AT&T was subpoenaed to reveal who one of their IP addresses belonged on a specific day and time, they'll assume <eccie handle> belongs to John Doe no matter where he logs in from afterwards. Proving it was John Doe is another matter. It's not what they know, it's what they can prove. Some ISP's will give you a heads up that a legal request has been made for your info. Google will notify you of such request, so if LE requests info for your Google Voice number, Google will give up a heads up. That is in their privacy policy. From there it's usually a search warrant for all of your personal devices. Because IP addresses are assigned by MAC address, they'll be able to confirm the exact device you logged in from if it was never protected by a VPN.

But again, I don't know know of any instances where a hobbyist has been tried and convicted for participating on escort review sites. People write fake reviews, so going through the hassle of trying to prove a session took place would be more trouble than it's worth. For all they know, you met and talked about your feelings, or wrote a review for PA credit. With good lawyers and closed mouths, I think all parties involved should be okay.