If you haven't already heard, there was a massive hack on the parent company of Ashley Madison, a popular site for men to cheat on their wives. The hackers released the personal information of 32 million people who had used the site. So, if you've ever made an account on Ashley Madison or one of its related sites (like EstablishedMen.com and others) chances are that your email address and credit card info are now publicly known, and connected with the cheating website.
This kind of thing is so foreign to me, so I decided to learn more about it. If/when your favorite site gets popped, you don't want YOUR personal info out there. There's already scammers and blackmailers contacting Ashley Madison victims, and there's been at least one suicide related to it as well.
So, what do you do if the website that knows too much about you is out of your control? You can assume that everything you post online is archived by someone forever, so it's important that you're careful about protecting your offline identity. I'm pretty new to this, but as a public service for my fellow hobbyists, I pulled together a bunch of suggestions for staying safe:
HOW TO SEE IF YOU'RE AFFECTED
Visit https://haveibeenpwned.com/ to see if you're affected by the data breach
PROTECT YOUR REAL IDENTITY WHEN YOU'RE ONLINE
* DON'T USE YOUR REAL EMAIL ADDRESS. Make a disposable, single-purpose email address that is ONLY used for hobby purposes. You can find a free webmail provider here: https://duckduckgo.com/?q=free+webmail
* DON'T USE YOUR REAL CREDIT CARD. Hackers love to get credit card numbers, but if your card number has your name on it, then you've just been outed. If you're paying for stuff online, use cash to buy a prepaid VISA gift card, then use THAT card number online.
* USE A UNIQUE PASSWORD. Don't use the same password from your hobby email that you use anywhere else. If one account gets hacked, you don't want the scammers to get into other accounts too. Memorize your hobby passwords, and never write any of them down where they can be found.
* USE A STRONG PASSWORD. Your password should not be easy to guess. So, it should be like 15 characters or more, and should not rely on easily guessed personal information about you. Here's more about strong passwords: www.businessinsider.com/how-to-create-strong-password-heartbleed-2014-4
* HIDE YOUR LOCATION FROM TRACKERS. Websites can track your exact location using an "IP Address". This is something that music pirates have figured out for a while, and the same applies to you. You can hide your location using a Proxy, VPN, or Tor. Never log in to a hobby site without masking your identity first. Learn more here: https://torrentfreak.com/anonymous-v...w-2015-150228/
SECURE YOUR PC FROM PRYING EYES
* USE BROWSER PRIVACY MODE. This wipes your history after you log out. Learn how to use it here: https://en.wikipedia.org/wiki/Privacy_mode
* NEVER SAVE FILES TO YOUR COMPUTER. Store links and notes in your online webmail as a "Draft Message". That way there's nothing to accidentally leave available.
* KEEP YOUR PC IS CLEAN. If there's a virus or keylogger installed on your machine, then your actions could still be recorded. Antivirus software can help. You can also use a Virtual Machine like VirtualPC to isolate everything from your "real" computer.
* LOG OUT. LOG OUT. LOG OUT. Never forget to log out of your computer when you step away. Even for a minute. That's the simplest way to have evidence be discovered.
* INSTALL THESE EXTENSIONS: Your browser is vulnerable to malicious websites that try to take control of your PC. Look for these two extensions that help you limit the most likely means of attack: *FlashBlock* prevents Flash animations from running. *AdBlock* or *uBlock* prevent unwanted ads and trackers from watching you online.
- golonghorns
- 09-21-2015, 03:08 PM
- im1funseeker
- 10-01-2015, 02:22 PM
Hi and thanks for the great info. I have heard that buying a Vanilla PrePaid Card will not work due to the fact that CCBill.com shows up as a foreign company, and the card will decline any foreign-based charges (due to federal law). What does one do then?
- Lena Duvall
- 10-02-2015, 10:12 PM
Thanks for sharing these resources.
- roll_with_me
- 10-03-2015, 08:38 PM
...I have heard that buying a Vanilla PrePaid Card will not work... ...What does one do then? Originally Posted by im1funseekerIt is true that most sites will not accept a PrePaid card, but Im not sure that the reason is based on it showing up as a foriegn country, as much as its a problem to collect monthly autopayments.
By the way since AM required a real credit card real credit card billing addresses were apart of the hacked information. Athe junk e-mail address is helpful, but it is not an absolute solution to having some finding out your real identity.
- roll_with_me
- 10-03-2015, 08:45 PM
I would also be leary about using sites like:
HOW TO SEE IF YOU'RE AFFECTED
Visit https://haveibeenpwned.com/ to see if you're affected by the data breach
HOW TO SEE IF YOU'RE AFFECTED
Visit https://haveibeenpwned.com/ to see if you're affected by the data breach
- FrontRunner
- 10-03-2015, 09:41 PM
Hi and thanks for the great info. I have heard that buying a Vanilla PrePaid Card will not work due to the fact that CCBill.com shows up as a foreign company, and the card will decline any foreign-based charges (due to federal law). Originally Posted by im1funseekerTrue.
What does one do then? Originally Posted by im1funseekerDepends on the site. Eccie will let you pay them with a money order instead, as will P411. But, I've heard you actually can use your pre-paid card at P411 if you call and do it over the phone.
For other online sites/vendors, YMMV.
- im1funseeker
- 10-03-2015, 11:49 PM
True.Hi. It's kind of odd since, according to Wikipedia, CCBill.com is headquartered in Arizona. I even called The Vanilla Card about the denial and was told that it is because CCBill.com is billing from The Netherlands.
Depends on the site. Eccie will let you pay them with a money order instead, as will P411. But, I've heard you actually can use your pre-paid card at P411 if you call and do it over the phone.
For other online sites/vendors, YMMV. Originally Posted by FrontRunner
- FrontRunner
- 10-04-2015, 12:28 AM
Hi. It's kind of odd since, according to Wikipedia, CCBill.com is headquartered in Arizona. I even called The Vanilla Card about the denial and was told that it is because CCBill.com is billing from The Netherlands. Originally Posted by im1funseekerFrom what I hear, CCBill has multiple processing centers (even one or more in the US). But I assume that sites that use the overseas ones are doing so for monetary and/or legal jurisdiction reasons.
- golonghorns
- 10-07-2015, 09:18 AM
Hey roll_with_me,
In general, I'd agree with you -- be cautious about any site that's asking for personal data for no good reason. Specifically regarding haveibeenpwned.com -- they're just looking up your email address in a database of addresses that have already been posted publicly online. They're getting more attention since AM, but their data comes from 54 similar breeches. So, you're not giving away much more than "someone at this [IP address] is trying to find [this email address] in our hack database."
Regardless, maintaining the wall between public and private identities is important, so you probably shouldn't let this site (or any) make a connection between these two.
In general, I'd agree with you -- be cautious about any site that's asking for personal data for no good reason. Specifically regarding haveibeenpwned.com -- they're just looking up your email address in a database of addresses that have already been posted publicly online. They're getting more attention since AM, but their data comes from 54 similar breeches. So, you're not giving away much more than "someone at this [IP address] is trying to find [this email address] in our hack database."
Regardless, maintaining the wall between public and private identities is important, so you probably shouldn't let this site (or any) make a connection between these two.