Fravia's anonymity labEvery web step leaves traces
woodmann.comThis page doesn't appear to be an article and therefore may not display well in the Article View. You may want to switch to the Full Web Page view.
If you know there should be an article here, help improve the article parser by reporting this page. Thanks!
Fravia's anonymity lab
Every web step leaves traces
(Fravia demonstrates that you must be careful) ~
On the web "nomen est omen"
~
On this page
Visitors tracing | Data smearing | Dejasnooping |
Anonymous web searching | Anonymous web surfing | Anonymous web publishing
Cookies | Luring | Anonymity essays | Some other links
Other related pages of my anonymity Lab
[corporate survival] [stalking matters] [enemy tracking]
[steganography] [What Fravia knows about you] [Tweak your browser!]
[Anonymous e-mailing] [things that happen]
Guess which URL will this link connect to :-)
Version September 1999
The main intent of my 'Anonymity Lab'
Tears fill my eyes when I see so many good and nice Internauts fall prey of crooks of all sorts (from nasty software producer like Micro$oft, who hide snooping secret functions inside their applications, through the main search engines you use, that gather your searching patterns and store them without warning you to the outright 'dirty' crooks that search and lure gullible simpletons in order to sell them fake religions or fake tits or whatever fake they have to push). Matter is that the NASTY aspect of this nether world of us is never enough explained. There is no law here. Only Fravias, like we are, can eventually help the gullible and simple ones (and damage the crooks, which is great fun :-)
We fight of course more 'active' battles, as you'll learn on my [antismut] section, yet even the simple spreading of 'passive' knowledge can be very useful (knowledge, as Master +ORC has always said, is indeed a most powerful 'good' weapon), and we help, in this section, throwing our light on some of the 'hidden', 'dark' and 'mysterious' aspects of the Web.
You'll learn here some must-know anonymity concerns and some elementary counter-measures, yet, as you will see, the data you are leaking around are so many (and so valuable) that there is not really much that you can do, short of going undercover with a completely bogus identity... which is something that you will probably want to do after having read all this :-)
Wanna [trace] your visitors or learn how much info you are [smearing] around? Would you like to [snoop] their profile or [search] anonymously on the Web? You may even get acquainted with some [cookies] little tricks or [lure] your enemies into a trap. If you do not understand much, you better read first just how many [traces] you leave when you browse and how you can simply [send mail anonymously] on the web... you'll understand all the rest later.
There are also some [Anonymity essays] that you may find interesting, and of course you may enjoy the [Ah Ah! Die cookie die!] section of this page as well :-)
Else you may enjoy having a look at some [things that happen].
This section of mine about the traces you leave on my own servers was growing bigger and bigger and has been moved to my
What Fravia knows about you
page, where all (scary) tracking possibilities used today will be discussed and some countermeasures will be analysed.
The harddisk problem
Some of the files that are on your computer (and that recent browsers can send over the Net WITHOUT telling you anything about it :-) might become interesting for adversaries, or the plain curious, or the bastards that want to sell you beer, or tits, or religions or cars:
Contains details of the locations of many important things on your computer system, among other things, the PATH variable will show where are your tools.
Contains still more details about the locations and software that you are running on your system, as well as other personal things that might be helpful for rogues to find out - like preferences and the like.
(On my computer, right now: 286692 bytes as c:\windows\user.dat and 286692 as c:\windows\user.da0, which is created as 'reference' when you set your computer on).
This is one mighty important file. You better be prepared to get some cheap thrills about this one... if you did not already know about it.
Inside this monster there are masses of data about you: the last few dozen places you've visited on the Internet, your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, and literally hundreds of other personal things. You don't believe me? Here are some (very small) snippets from my own user.dat
000A0030005374617274205061676568 0 Start Pageh 7474703A2F2F6F7572776F726C642E63 ttp://ourworld.c 6F6D707573657276652E636F6D2F686F ompuserve.com/ho 6D6570616765732F6672617669612F01 mepages/Fravia/. ... 000000000005003F0075726C31386874 ? url18ht 74703A2F2F7069706574612E6368656D tp://pipeta.chemi 69612E706B2E6564752E706C2F707562 a.pk.edu.pl/pub/m 2F6D6973632F6578652D756E7061636B isc/exe-unpack/dm 2F646D7065786531322E7A6970010000 pexe12.zip ... 01000000000000000A0010004C617374 Last 2047726F7570616C742E66616E2E6267 Groupalt.fan.bgc 63726973697374757265732E65726F74 risistures.eroti 6963612E616E696D65180100004B0002 ca.anime K ...
YES, I wanted to scare you, you better have a look at your own user.dat asap, btw, make a local copy of it (from your c:\windows\profiles\Yourself) and browse it using Ultraedit. You'll be amazed at the wealth of information about yourself that this huge database helds... among other things all the search strings you have recently used!
So, what can you do?
Not much, anyway you can try: First make a backup of your "real" user.dat, and call it ggs541.myn or whatever, just in case.
Second see if you find somewhere a "clean" installation user.dat (usually -on corporate machines- under /windows/profiles/instw95 or similar)... you may 'steal' a ready made one from some other machine or profile (you better choose wisely :-)
Third, after having thoroughly checked everything inside it, just in case, substitute routinely your real one with this 'bogus' and 'clean' one.
Don't let your data slip anew! You better write a simple batchfile (see my corporate survival tricks page) to automate this tedious task.
(On my computer, after the 'cure': 86168 bytes as c:\windows\user.dat and 65688 as c:\windows\user.da0, which has been re-created as 'reference' after I have resetted my computer on). Of course you may not dispose of a clean user.dat file and you may have to reinstall windows ex-novo in order to get a clean user.dat, and this would not be such a bad idea after all! Nothing like a nice hard-disk "deep level" formatting every couple of months to keep your harddisk fit, destroying as well all those tracks you are smearing around without noticing it :-)
Morale: keep your sensitive data ON THE WEB somewhere where nobody in his right mind would ever look, nor understand them even if he did (say steganographed inside the dull images of a bogus page like "me and my little dog Barkie" :-) they will be MUCH more safe there than inside your own harddisk!
(On my computer, right now: 748252 bytes as c:\windows\system.dat and 748252 as c:\windows\system.da0, which is created as 'reference' when you set your computer on).
Even worse than the above! Once again, lots more personal details, including also the location of all your windows passwords (login, screen saver, network, LAN, etc), every conceivable thing about your computer, its hardware and setup, and full details of all the software you're using or you have ever used (!) on your computer.
You'll notice perusing this little monster the huge amount of wasted bytes occupied by Micro$oft's converter strings and messages. If you ever wanted a clear example of the 'messiness' of the poor operating system we are all compelled to use, just look at your c:\windows\system.dat overbloated register.
Note also that there is a section of this crap (install information section) where you'll have the surprise to find the NAMES of all applications you have installed in the last couple of years (at least :-) on your computer... I have perused it right now in order to write this text, and I constate with stupefaction that I must have in fact installed and/or run on this machine -quite sometime ago- an impressive lot of crap that I had already forgot I ever had:
AW.EXE AWUSRFNC.DLL BD.EXE BD.ADV BLADE.BAT BLADE.DAT BIOFORGE.EXE KEYCODEE.DAT BO.BAT BO1.EXE C.BAT MISSION.DTA CAPHILL.BAT CAPHILL.GL CARPET.EXE BULLFROG.LBM CCHELP.EXE CCSETUP.EXE CKTEST.EXE CKTEST.HLP CHECKIT.EXE CHECKIT.CNF CL.EXE QLIB.EXE COASTER.EXE COASTER1.RSC COMANCHE.EXE MISSION.DTA CR.BAT JIGGSBIG.ANM CPAV.EXE CPSCHED.EXE CPBACKUP.EXE CPSCHED.EXE CYCLONES.EXE DEARJ.EXE DEAD.EXE DEADDEMO.DAT DEMO.EXE DFDEMO.BAT DFDEMO DOGNAPP.EXE GAMEMAPS.RR2 DS.BAT TOSTEXT.BIN DS.EXE NDD.EXE DRACULA.EXE SETDRAC.EXE DRAGON.BAT DRAGON.EXE DL.EXE DL.EXE DRAGON.EXE ELFISH.EXE...
(of course -cela va sans dire- all those other games have been installed only in order to study their protection schemes... :-)
Located by knowing your username, or by looking up the above file. Inside here are all your passwords. These are easily decrypted (if necessary) on any laptop with SAVE-TO-DISK features and a disk editor.
All the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.
A complete copy of all your incoming, outgoing, sent, and soon-to-be-deleted email. All in plain text without any encryption. I hope you're using PGP ! (I do not, because even that will not always work, see below)
Your secret keyrings, if you do happen to be using PGP! These are protected by your passphrase, so I hope you've got a realllllly long one, and it's not something any average cracker will be able to pick, and you're not running any keypress macro recorders or typing sniffers, and you've not got any Trojan Horses or Password Targeted Viruses busy siphoning off your passwords and passphrases, and you trust all the software you run on your PC, even Micro$oft's recent "on line sniffing programs"
All these programs, as well as windows itself, cache the filenames of the most recent documents you have been working on. This leads any attacker directly to your recent work!
One for the Unix folk. Running a cracking probe against this file will usually reveal dozens of usernames and passwords to anyone who wants to play with you or your users.
See the specific page about these two Micro$oft's monsters that are haunting your own computer (5 megabytes of concealed activity!)
Wanna have some "fun"? Type the following inside your Netscape URL window (Location):
about:memory-cache (you'll see the memory cache) about:image-cache (you'll see a list of the cached images...) about:global (you'll see global history entries) about:cache (you'll see all disk cache statistics) about:document (you'll get a new window with info about the current document)
Have a look at DejaNews there you'll quickly discover how many indications about your interests can be gained by EVERYBODY just checking your usenet comments and mail (another good reason to use ALWAYS anonymous remailers)... this is really scary! Looks like the ideal playground for "blackemailers". All the search engines are slowly building huge databases with your preferences, they also react immediately to your search patterns... if you search for "tits" on Yahoo, you'll get some hideous pub about (not free) smut-services, if you search for "job", you'll get some hideous pub about (not-free) career services... do you really believe that all these data (about you) will be ever erased?
All the main search engines KEEP TRACK of your search strings and of your activity. There are on the web (very interesting) "search strings depots", listing the most used search strings (yes, you have guessed it, they are mostly sex-related) and you can even see 'on-line' the search actions performed by some users (on some search engines) that do not know that you are 'watching their search' while they perform (and refine) it... this is great fun. Another way to get at the search strings that people use (which may be very well thought little masterpiece of 'exact' searching, useful to learn the difficult art of searching correctly) is the "klebing" method, explained elsewhere on my site.
As I have already explained in my "how to search" lessons, search engines are only ONE of the search strategies and approaches you can use. Yet their importance cannot be underestimated (that's the reason more and more search engines are popping up like fungi nowadays) and you better learn how to defend yourself from their tracking mechanisms. You should always try to use a dynamic IP (like compuserve or aol: your IP address and host name should always be the more anonymous and "neutral" you can get, if possible without any 'national' tag as well... see below Lord Caligo's lesson and my comments on how to get 'bogus' IP-dynamic host names :-)
Anyway, for the more paranoids (or the more careful) among you, here is a link to the anonymized Altavista search form
(Courtesy of Fravia+... do not leave your tracks around!)
Of course no real anonymity section would be complete without an explanation of the above anonymizer...
I'm sure you'll appreciate the fact that you may nowadays telnet using a fake proxy! Indeed there exist now a "Java Telnet Proxy Server" that will allow a telnet applet connecting with any server on the Internet!
Here it is at netobjective
And you can even choose the port!... Your little cracker's heart understand what this mean as well as I do, don't you? (and even if you don't understand now why this is QUITE important I'm sure you will in due time :-)
We live in a world where software (and hardware) developments are neither documented nor care to tell their user what's really going on under the hood (and under the hoop). Still not convinced? You still believe that the society you live in cares from something else than pushing you around along paths and patterns you are not even supposed to see? Well, if it is so, cookies may represent a very instructive example for you.
The Jar for your cookies
Use Netscape, like all sensible Fravias do, DO NOT USE MS-Explorer: Micro$oft's Trojan Web_horse does not allow you to see its own traces, it's terribly slow in all its version, it is even more bugged than Netscape's Navigator (how they could pull even more bugs than Netscape really beats me :-) and, globally, Micro$oft's products are only good for lamers and people that has been brain-washed by frills and advertising, as you'll learn perusing the material inside +HCU's project 9, the "Micro$oft bashing" project.
So use your good, relatively old and relatively stable Navigator version 3, that you may merrily reverse (in order to use its hidden functions to your advantage) using the material inside +HCU's project 5 that deals with Netscape cracking (and the many 'surprises' that are hidden inside the browsers you are using.
OK, start your "cookies discovery" trip! You'll quickly see how very simple cookies (and there are much more nasty things around, thank Javascript) can lay some eggs inside your harddisk (inside your "cookies.txt" netscape file).
Cookies -together with Javascript programs and Java applets- are the *FUTURE* of reverse engineering.
So study them. Here is the coveted entrance to my cookies (and robots) pages
Anyway I'm warning you: don't use Micro$oft's puke on my site! (Watch it! Some pages just "play" hostility, some are seriously hostile, so: don't complain you have not been warned! :-) |
BTW, you may like to know already now which kind of cookie my pages will plant inside your computer, don't worry, it's an harmless little thing and looks like this (you may check later):
/Fravia FALSE 872928000 Fravia_cookie_noanon_page 1
Ah Ah! Die cookie die!
As you (should) already know, the best way to eliminate once for all any cookies planting possibility is to create a directory cookies.txt inside Netscape's directory (where the file cookies.txt originally is). This directory will get a GREATER priority than the targeted file, and all cookies will be therefore sent to dev null. Ah Ah! Die cookie die! Once you have created this new cookies.txt directory you may quietly reset "Options"/ "Network preferences"/"protocols"/"show an alert before accepting a cookie" to NO, in fact the sites that you will visit will "believe" that they planted their silent cookies in your hardisk, and let you through without delay, yet you will know that no cookie whatsoever has been planted. Ah Ah! Die cookie die!
1) set up a page which is not connected with any other page
2) put some goodies on it that the target needs badly
3) write (remailing) to the target and tell him to download the goodies
4) target downloads... he will be one of the very few(*) that your spiders will track on the "fake" page in the following days
(*) Yes, he will not be the only one... somebody else will nevertheless come and visit your "secret" page:
1) a robot i.e. an automated spider looking for pages or information, logging, for instance, from Yahoo, but could also be private (the older ones use funny spiders, BTW) mostly these spiders are simple automated "logging in" from a remote server... and yes! There are ways to "catch" them and "reverse engineer" the kind of info they are carring away: Master +Alistair has long ago promised a tutorial on this strange art, let's hope he'll write it asap :-)
2) a seeker (these are the guys that always check the full directory of a URL location just in order to find hidden pages there, simplest way is to use a /.rt command), or
3) the server administrator slaves.
But these few occurrences apart, you'll get a lot information about your "anonymous" target (or your enemies will, if *YOU* are the target)
(FAA_001)
(FAA_002)
FAA: PHASE C by Fravia+, 15 June 1997
Concealed and hidden files inside your own computer
First essay: What's behind Micro$oft's mm256.dat and mm2048.dat files?
FAA: PHASE D by MML, 23 September 1997
Reversing Governmental Polices: Internet access for the masses
Get access passwords sent to you and browse anonymously
FAA: PHASE E by -the_gonz, 25 November 1998
An easy way to stop the guys (from Redmond) to snoop data inside your harddisk
An hardware attempt for more safety while
Original Page: http://www.woodmann.com/fravia/noanon.htm
Shared from Read It Later
Comments
Post a Comment