(Fravia demonstrates that you must be careful)
Guess which URL will this link connect to :-)
The main intent of my 'Anonymity Lab'
The main intent of this section of my site is to SCARE YOU TO DEATH about the huge amount
of data and private information33 you are 'smearing' around without even knowing it.
Tears fill my eyes when I see so many good and nice Internauts fall prey of crooks of all
sorts (from nasty software producer like Micro$oft, who hide snooping secret functions
inside their applications, through the main search engines you use, that gather your
searching patterns and store them without warning you to the outright 'dirty' crooks that
search and lure gullible simpletons in order to sell them fake religions or fake tits or
whatever fake they have to push). Matter is that the NASTY aspect of this nether world of
us is never enough explained. There is no law here. Only reversers, like we are, can
eventually help the gullible and simple ones (and damage the crooks, which is great fun
:-)
We fight of course more 'active' battles, as you'll learn on my [antismut] section, yet even the simple spreading of 'passive' knowledge can be
very useful (knowledge, as Master +ORC has always said, is indeed a most powerful 'good'
weapon), and we help, in this section, throwing our light on some of the 'hidden', 'dark'
and 'mysterious' aspects of the Web.
You'll learn here some must-know anonymity concerns and some elementary counter-measures,
yet, as you will see, the data you are leaking around are so many (and so valuable) that
there is not really much that you can do, short of going undercover with a completely
bogus identity... which is something that you will probably want to do after having read
all this :-)
Where d'you wanna go, bud?
No anonimity, I regret
You leave traces, I said
Ahi! Your precious data!000A0030005374617274205061676568 0 Start Pageh 7474703A2F2F6F7572776F726C642E63 ttp://ourworld.c 6F6D707573657276652E636F6D2F686F ompuserve.com/ho 6D6570616765732F6672617669612F01 mepages/fravia/. ... 000000000005003F0075726C31386874 ? url18ht 74703A2F2F7069706574612E6368656D tp://pipeta.chemi 69612E706B2E6564752E706C2F707562 a.pk.edu.pl/pub/m 2F6D6973632F6578652D756E7061636B isc/exe-unpack/dm 2F646D7065786531322E7A6970010000 pexe12.zip ... 01000000000000000A0010004C617374 Last 2047726F7570616C742E66616E2E6267 Groupalt.fan.bgc 63726973697374757265732E65726F74 risistures.eroti 6963612E616E696D65180100004B0002 ca.anime K ...
There you are with your privacy concerns: your starting url, all the files/urls you
accessed (above you can see as 'url 18', that I downloaded smpexe12.zip from pipeta) and
even the very unencrypted names of the usenet groups you have been playing with lately...
YES, I wanted to scare you, you better have a look at your own user.dat asap, btw, make a
local copy of it (from your c:\windows\profiles\Yourself) and browse it using
Ultraedit. You'll be amazed at the wealth of information about yourself that this huge
database helds... among other things all the search strings you have recently used!
So, what can you do?
Not much, anyway you can try: First make a backup of your "real"
user.dat, and call it ggs541.myn or whatever, just in case.
Second see if you find somewhere a "clean" installation user.dat (usually
-on corporate machines- under /windows/profiles/instw95 or
similar)... you may 'steal' a ready made one from some other machine or profile (you
better choose wisely :-)
Third, after having thoroughly checked everything inside it, just in case,
substitute routinely your real one with this 'bogus' and 'clean' one.
Don't let your data slip anew! You better write a simple batchfile (see my
AW.EXE AWUSRFNC.DLL BD.EXE BD.ADV BLADE.BAT BLADE.DAT BIOFORGE.EXE KEYCODEE.DAT BO.BAT BO1.EXE C.BAT MISSION.DTA CAPHILL.BAT CAPHILL.GL CARPET.EXE BULLFROG.LBM CCHELP.EXE CCSETUP.EXE CKTEST.EXE CKTEST.HLP CHECKIT.EXE CHECKIT.CNF CL.EXE QLIB.EXE COASTER.EXE COASTER1.RSC COMANCHE.EXE MISSION.DTA CR.BAT JIGGSBIG.ANM CPAV.EXE CPSCHED.EXE CPBACKUP.EXE CPSCHED.EXE CYCLONES.EXE DEARJ.EXE DEAD.EXE DEADDEMO.DAT DEMO.EXE DFDEMO.BAT DFDEMO DOGNAPP.EXE GAMEMAPS.RR2 DS.BAT TOSTEXT.BIN DS.EXE NDD.EXE DRACULA.EXE SETDRAC.EXE DRAGON.BAT DRAGON.EXE DL.EXE DL.EXE DRAGON.EXE ELFISH.EXE...
And there are more and more pages of software denominations I will not annoy you with,
and a couple of surprises: I for instance absolutely DO NOT remember having ever installed
anything like DRACULA.EXE it really beats me what the hell
that's supposed to be!
(of course -cela va sans dire- all those other games have been installed only in
order to study their protection schemes... :-)
about:memory-cache (you'll see the memory cache) about:image-cache (you'll see a list of the cached images...) about:global (you'll see global history entries) about:cache (you'll see all disk cache statistics) about:document (you'll get a new window with info about the current document) Fun, eh?
But we can try to 'stalk' Dejanews... have a look here
How to search anonymously
All the main search engines KEEP TRACK of your search strings and of your activity.
There are on the web (very interesting) "search strings depots", listing the
most used search strings (yes, you have guessed it, they are mostly sex-related) and you
can even see 'on-line' the search actions performed by some users (on some search engines)
that do not know that you are 'watching their search' while they perform (and refine)
it... this is great fun. Another way to get at the search strings that people use (which
may be very well thought little masterpiece of 'exact' searching, useful to learn the
difficult art of searching correctly) is the "klebing" method, explained
elsewhere on my site.
As I have already explained in my "how to search" lessons, search engines are
only ONE of the search strategies and approaches you can use. Yet their importance cannot
be underestimated (that's the reason more and more search engines are popping up like
fungi nowadays) and you better learn how to defend yourself from their tracking
mechanisms. You should always try to use a dynamic IP (like compuserve or aol: your IP
address and host name should always be the more anonymous and "neutral" you can
get, if possible without any 'national' tag as well... see below Lord Caligo's lesson and
my comments on how to get 'bogus' IP-dynamic host names :-)
Anyway, for the more paranoids (or the more careful) among you, here is a link to the anonymized
Altavista search form
(Courtesy of fravia+... do not leave your tracks around!)
Of course no real anonymity section would be complete without an explanation of the above
anonymizer...
anonymizer
will allow you to do it whenever you feel like it. You actually do not need to visit the
anonymizer page: just remember, when you smell a rat, to precede the *exact and complete*
http://... address you want to visit, writing (even per hand in the "address"
field of your browser) "http://www.anonymizer.com:8080/"
before it. The spiders will then track your visit as "niobe.c2.com", or
something similar. Are there other "...:8080" URLs that allow this kind of
anonymity? Yes, many server (even if they do not realize it), just find yours if you do
not trust the anonymizer (btw, :8081 works as well, only with less "concurrence"
:-) netobjectiveCookies (and crookies :-) Crack the browsers
The Jar for your cookies
Use Netscape, like all sensible reversers do, DO NOT USE MS-Explorer:
Micro$oft's Trojan Web_horse does not allow you to see its own traces, it's terribly slow
in all its version, it is even more bugged than Netscape's Navigator (how they could pull
even more bugs than Netscape really beats me :-) and, globally, Micro$oft's products are
only good for lamers and people that has been brain-washed by frills and advertising, as
you'll learn perusing the material inside
Cookies -together with Javascript programs and Java applets- are the
*FUTURE* of reverse engineering.
So study them. Here is the coveted entrance to
my cookies (and robots) pages
|
WARNING! Some of the cookies and of the secret robots pages are MICROSOFT EXPLORER HOSTILE |
You may of course use Netscape, if you
want (Best version is version 3 NOT version 4), but if you want to browse with a
fast, complete and agile application (LESS than one million bytes! MUCH more
fast and MUCH more configurable than the overbloated duo), you better download Opera right away... you'll never go back to the
big Browsersaurii! |
Click on this 
to see three simple anti
Micro$oft Javascript applets
BTW, you may like to know already now which kind of cookie my pages will plant inside your computer, don't worry, it's an harmless little thing and looks like this (you may check later):
/fravia FALSE 872928000 fravia_cookie_noanon_page 1
Ah Ah! Die cookie die!
As you (should) already know, the best way to eliminate once for all any cookies
planting possibility is to create a directory cookies.txt
inside Netscape's directory (where the file cookies.txt originally is). This
directory will get a GREATER priority than the targeted file, and all cookies will be
therefore sent to dev null. Ah Ah! Die cookie die! Once you have created this new cookies.txt directory you may quietly reset
"Options"/ "Network preferences"/"protocols"/"show an
alert before accepting a cookie" to NO, in fact the sites that you will visit will
"believe" that they planted their silent cookies in your hardisk, and let you
through without delay, yet you will know that no cookie whatsoever has been planted. Ah
Ah! Die cookie die!
Let's find out who Crack the enemies
Internet Address finder Stalker page You
may want to have a look at my counter measures
page or, more directly, at my enemy tracking page,
or, for some other funny tricks to my corporate survival
tricks page in order to grasp even better some useful techniques and approaches, yet
you'll find tricks all over my site, for instance on the links page, and of course on the search engines
page and inside all my "how to search" lessons.
The Anonymity Essays
Fravia's Anonymity Academy
Well, this new section begins with some very interesting essays by our colleague and
friend LordCaligo, I hope to receive more contributions from all the anonymity wizards
among my readers... else I will start writing and adding some new essays myself... in the
mean time you may also find interesting my how to search the web lessons, where
I discuss subjects like 'combing', 'klebing' and automated retrieval of information
through intelligent agents, all matters which may be quite relevant for anonymity purposes
:-)
FAA: PHASE A by LordCaligo, 8 November 1997
How to create a webpage with
controversial contents (FAA_001)
FAA: PHASE B by LordCaligo, 21 November 1997
How to have free access to the net by
fake-accounts (FAA_002)
FAA: PHASE C by fravia+, 15 June 1997
Concealed and hidden files inside your
own computer
First essay: What's behind Micro$oft's mm256.dat and mm2048.dat files? (FAA_003)
FAA: PHASE D by MML, 23 September 1997
Reversing Governmental Polices: Internet
access for the masses
Get access passwords sent to you and browse anonymously (FAA_004)
FAA: PHASE E by -the_gonz, 25 November 1998
An easy way to stop the guys (from
Redmond) to snoop data inside your harddisk
An hardware attempt for more safety while you´re out on the web (FAA_005)
FAA: PHASE F by a295225(at)hotmail, 25 June 1999
Better E-Mail Anonymity
The basics of SMTP and telnet used to explain how to enhance anonymity (FAA_006)
Anonemail section
FAA: PHASE G by +Zer0, 24 September 1999
Making an anonymous mailer
Messing with data structures (FAA_007)
Anonemail section
Some other links |
How to mail anonymously:
How to post anonymously:
How to surf anonymously:
How to publish anonymously:
How to search anonymously:
Privacy
on the web, never ending links
![[Opera!
The browser that was made for you!]](opera.gif){kind=small}
I will remind you of THREE useful digests related to privacy (and general
interesting reversing things :-)
* The RISKS Forum is a MODERATED digest. Its Usenet equivalent is
comp.risks. Peter Neumann of SRI International is the moderator of
this excellent and renowned Internet digest.
Read RISKS as a newsgroup (comp.risks or equivalent) if possible and
convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL
REQUESTS to <risks-request@csl.sri.com> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
The INFO file is also obtainable from
http://www.CSL.sri.com/risksinfo.html ftp://www.CSL.sri.com/pub/risks.info
ARCHIVES are available: ftp://ftp.sri.com/risks or
ftp ftp.sri.com
login anonymous
[YourNetAddress]
cd risks
* The PRIVACY Forum is run by Lauren Weinstein. It includes a digest (which
he moderates quite selectively), archive, and other features, such as
PRIVACY Forum Radio interviews. It is somewhat akin to RISKS; it spans
the full range of both technological and nontechnological privacy-related
issues (with an emphasis on the former). For information regarding the
PRIVACY Forum, please send the exact line:
information privacy
as the BODY of a message to "privacy-request@vortex.com"; you will receive
a response from an automated listserv system. To submit contributions,
send to "privacy@vortex.com".
PRIVACY Forum materials, including archive access/searching, additional
information, and all other facets, are available on the Web via:
http://www.vortex.com
* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
run by Leonard P. Levine. It is gatewayed to the USENET newsgroup
comp.society.privacy. It is a relatively open (i.e., less tightly moderated)
forum, and was established to provide a forum for discussion on the
effect of technology on privacy. All too often technology is way ahead of
the law and society as it presents us with new devices and applications.
Technology can enhance and detract from privacy. Submissions should go to
comp-privacy@uwm.edu and administrative requests to
comp-privacy-request@uwm.edu. (For example, vol 13, issue 031, 23 Dec
1998, has a long item on random credit-card fraud via small charges.)
There is clearly much potential for overlap between these digests.
Other related pages of my anonymity Lab
[corporate survival]
[stalking matters]
[enemy tracking]
[steganography]
[What Fravia knows about you] [Tweak your browser!]
[Anonymous e-mailing]
[things that happen]
Fravia's main
homepage links anonymity +ORC javascript wars academy database
bots' wars tools cocktails antismut CGI-scripts search forms mail fravia+
Is reverse engineering legal?
(c) Fravia, 1995, 1996, 1997, 1998, 1999.
All rights reserved, in the European Union and elsewhere