IPs, Computer Security, Anonymity and the like

[cyrex]

OK guys, all this IP crap is pointless, if you don't like it you are not helpless.

Every transaction you make on the internet as soon as you log into AIM, MSN, Google Talk, ICQ, email, open a website, post to a forum, VIEW a forum you are not even a member of, your IP is broadcasted. There is absolutely nothing you can do about this. This happens whether EF is selling the ability to view IPs or not.

If I have your IP, I can find out where the location of that IP is down to the ISP. From there, getting your personal information, I would need to do some social engineering and convince your ISP to give me your contact information. ISPs are very carefull about this and will not give it up easily (typically requires a court order).

If LE wants to waste their time to come after you or track you down, they will need a good reason to get a court order in the first place. Even 10,000 forum posts about steroids will not make this happen, you need to be advertising selling, trafficing, or the like.

Of course there are many other things I could do with your IP if I wanted to as far as what you might consider to be called 'hacking' (although I hate that term in this sense). The only people that can do this without you basically giving them access to your computer are not going to want to without some very good reason and if $900 is worth it for that reason, then you probably deserver it anyway

You can do something about your IP. You can use a proxy server which basically servers as a middleman between you and the internet giving its IP rather than your actual IP. This can completely hide your IP (if the proxy server is setup properly), but on the other hand, you now have a service with a proxy server which has every website you visit going through it and you can be sure that some of those services are selling your web browsing statistics to marketers...

Even encrypted email does not mean that you are safe. Your IP is still broadcasted, the whole idea of PGP encryption is that your public key should be given to KNOWN people PHYSICALLY on a diskette and not sent over an email or message saying hey grab my key here off my public keyring..
On the other hand, many web-based PGP encrypted services serve as a proxy which leaves 1 extra barrier between you and someone who wants to know info about you, especially the services that only require that you enter a username and password, no $ paper trail, no name, address, 2ndary email, etc. but even with those, some social engineering could get your IP and more SE can grab your personal info from your ISP.

Summary: Quit fricken worrying about your Anonymity on the internet. The only think that you can really prevent is your name or something closely associated to you that your friends and family know about from being indexed by search engines. The last thing you want is to apply for a job and the employeer googles your name and you show up in a steroid forum

 

[redguru]

What is my ip, cyrex.

 

[cyrex]

What is my ip, cyrex.

the methods I would have to use to tell you that are highly illegal and I have gotten in trouble for it in the past.

I've also since done some computer forensics to determine things like this for legal issues. I can tell you that the lawyers had to go through a LOT just to get access to the laptop I had to look into. I think they said they had to get 3 or 4 court orders for various things...

 

[Frisky]

the methods I would have to use to tell you that are highly illegal and I have gotten in trouble for it in the past.

...

and thats the pt here cyrex!

 

[redguru]

the methods I would have to use to tell you that are highly illegal and I have gotten in trouble for it in the past.

I've also since done some computer forensics to determine things like this for legal issues. I can tell you that the lawyers had to go through a LOT just to get access to the laptop I had to look into. I think they said they had to get 3 or 4 court orders for various things...

That's the point of my question. You actually have to work to get my IP addy. Sure it can be garnered from any traffic I create. The problem with the current situation is that it is considered private information by most companies and the law but is readily available to users who pay for the privelege.

 

[Whiskey]

What do you think happens each time you go to a web site? Especially a porn site. Any site could have some guy behind the scenes to get your ip addy. Why would htey bother with a fitness site when more people search and pay for porn?

Whiskey

 

[NYBodyguard]

same people who are worried about IP are worried about their social sec. number its all overrated

 

[Frisky]

What do you think happens each time you go to a web site? Especially a porn site. Any site could have some guy behind the scenes to get your ip addy. Why would htey bother with a fitness site when more people search and pay for porn?

Whiskey

Illegal substances maybe? Porn is legal, so is most other sites, what can anyone do to you for shopping ebay?

 

[steelmass]

the methods I would have to use to tell you that are highly illegal and I have gotten in trouble for it in the past.

I've also since done some computer forensics to determine things like this for legal issues. I can tell you that the lawyers had to go through a LOT just to get access to the laptop I had to look into. I think they said they had to get 3 or 4 court orders for various things...

Any hacker would know this, I use to be one myself. If you are really a hacker then tell me the telnet command to find someone's ip and then the command to track them down. I'll give you hints the first one starts with a p the second starts with a t.

 

[cyrex]

posting on a forum is circumstantial evidence that DOES NOT hold up in the court of law...
only people that should be worried are sources.

 

[cyrex]

and for the worry worts out there, just hook up to a proxy server...

 

[steelmass]

That would work if you had never accessed it from your home. They have your ip. Gameover.

 

[cyrex]

Any hacker would know this, I use to be one myself. If you are really a hacker then tell me the telnet command to find someone's ip and then the command to track them down. I'll give you hints the first one starts with a p the second starts with a t.

telnet lol...

your questions are meaningless. telnetting to which service/port?

what means are you using to get the IP
if you are talking about ping and traceroute (or for you windows folks out there tracert) then that makes no sense. you must be pinging a FQD to grab the IP, but you can always just use WHOIS rather than ping, as a matter of fact all my servers have pinging disabled so a tracert and a ping will do nothing in the first place

 

[cyrex]

That would work if you had never accessed it from your home. They have your ip. Gameover.

nah, there are some good proxy servers out there than drop your info and do not keep logs.

http://www.publicproxyservers.com/ you can find some here.

 

[steelmass]

lol ok you pass...

 

[steelmass]

nah, there are some good proxy servers out there than drop your info and do not keep logs.

http://www.publicproxyservers.com/ you can find some here.

Tru, im just talking about the fact that 99.9% of people have already accessed EF from home/work and therefore EF has their ip.

 

[d_o_c_]

One thing with all of this. Le is not going to go after you through your ip for checking out flowers.com. They may if you post a steroid related question like

" How do I inject "

So there is a big difference.

 

[cyrex]

Tru, im just talking about the fact that 99.9% of people have already accessed EF from home/work and therefore EF has their ip.

YES YES... good point LOL
I completely missed it.

but still, there isn't much to worry about for those people out there who are not advertising as a source and there is very little to NONE of that on these boards...

only thing people need to worry about is some sort of malicious attack and those take time, effort and $900 so they will need a good reason other than just for the F of it.

 

[cyrex]

One thing with all of this. Le is not going to go after you through your ip for checking out flowers.com. They may if you post a steroid related question like

" How do I inject "

So there is a big difference.

Again, my point stands

Why the fuck would LE want to bust a guy that doesn't know how to inject?....

Fuck, bust me now:
I'm thinking about taking a hit of X, how do I swollow a pill?

 

[steelmass]

Ya true, I am just curious because you seem knowledgable. Would a forum evidence be enough to obtain a warrant for someone they suspect of personal use ?

 

[cyrex]

Ya true, I am just curious because you seem knowledgable. Would a forum evidence be enough to obtain a warrant for someone they suspect of personal use ?

absolutely not, unless they are posting pics or videos with some very revealing information:

A marketing image with them holding a handfull of vials and bottles of gear with "THESE ARE STEROIDS" all over it and they have some other evidence as well.

Obviously a shitty judge might give a warrant for anything, but if they do, your lawyer should be able to get you a few million in punative damages for the judge fucking up.


Personal use will NOT get you busted just by posting about it on the internet.
I can post whatever false or true information I want on here and no one will be able to know what is what. That is the pure nature of the Internet. In general though, I tend to believe in the common good and honesty of people and would bet that 90% of the people on the Internet that appear to be honest ARE in fact honest, but THAT will not hold up in a court of law.

The legal costs for LE to bust a personal user are FAR FAR more than the actual benefit of doing so. The only personal users that are gonna get busted are the ones that get physically/personal caught some how, parole officer (Krishna), friend/family turning them in to a cop that gives a shit, other drugs, illegal activity, etc. Almost all of those just amount to people being fucking stupid but have NOTHING to do with Internet use.

 

[steelmass]

Great to hear.

 

[ItalianMuscle27]

same people who are worried about IP are worried about their social sec. number its all overrated

And those same people are also worrying about sending money WU and showing ID.. I think Im going to just post my IP in my signature from now on! I honestly could care less if anyone has it. The post that Cyrex made is true. I read that on a website before..

 

[itlnstln]

absolutely not, unless they are posting pics or videos with some very revealing information:

A marketing image with them holding a handfull of vials and bottles of gear with "THESE ARE STEROIDS" all over it and they have some other evidence as well.

Obviously a shitty judge might give a warrant for anything, but if they do, your lawyer should be able to get you a few million in punative damages for the judge fucking up.


Personal use will NOT get you busted just by posting about it on the internet.
I can post whatever false or true information I want on here and no one will be able to know what is what. That is the pure nature of the Internet. In general though, I tend to believe in the common good and honesty of people and would bet that 90% of the people on the Internet that appear to be honest ARE in fact honest, but THAT will not hold up in a court of law.

The legal costs for LE to bust a personal user are FAR FAR more than the actual benefit of doing so. The only personal users that are gonna get busted are the ones that get physically/personal caught some how, parole officer (Krishna), friend/family turning them in to a cop that gives a shit, other drugs, illegal activity, etc. Almost all of those just amount to people being fucking stupid but have NOTHING to do with Internet use.

Well Done Today Cy............

 

[cyrex]

Even when I got in trouble for crashing 6 mail servers when I was 16 years old, my ISP could not prove it was me for sure!
They didn't press charges because they couldn't!, they did however suspend our service for 3 months and required I make a formal apology in front of their board before we got service back again. But on that same note, I helped them find and fix a bug in their network that was a HUGE security vulnerability and other than causing their techs to have a late night, didn't do much harm.

I'm not trying to brag about my computer skills here. My crashing of 6 servers was purely a mistake in a program I was working on that was very primitive, but for those of you that like the word 'hacker', I can do and have done what a 'hacker' can inheritely do. I have put my knowledge to good use though by making an honest living out of being a programmer, web developer, and some computer forensics on the side for a few different law firms. I have 1st hand experience with these types of issues and have experience running some VERY LARGE websites and had access to LOTS of sensitive information.

Want to hear something scary?

90% of Internet users use the same password for everything they have. Years ago NONE of those passwords were hashed (made unreadable to the human eye). Site administrators could grab their passwords. Most sites like this require an email address to sign up . . .

What am I getting at? EF grabs your pw to login, they know your email address and if you fall into the 90% of the people that use the same PW for your email and your EF login, suddenly EF has access to your email which I'm sure has many registration confirmations for other sites and services, like forums, BANKS, CC sites, etc, which may also have username and account numbers in them, and some even send you back your password (since they encrypt rather than hash the passwords). Suddenly, any site owner who requires registration has a WORLD of 'possible' information available to them and they could do a TON of malicious shit such as transfer $$ from your paypal account to theirs, make bank transfers, etc.

If EF wanted to be malicious, giving your IP out is NOT the easy way to do it . . .


now how many of you will go change your passwords? HAHA

 

[cyrex]

Well Done Today Cy............

hehe some ignorant people lately are giving me the chance to post some good shit

IGNORANT, not stupid or dumb.

Uneducated, I simply attempt to educate those that are ignorant and hope that anyone who can educate ME will because I very well know that I am ignorant in many areas.

 

[digger]

cyrex, not bad on the first post, except for one thing -- the whole point of PGP is that you have two keys, public and private.

As long as you protect the private key, it doesn't matter if you publish the public key in the friggin' newspaper. That's why it's called a "public key"!

Before public-key crypto, there was always a "key management" dilemma: how do I get a key securely into your hands so we can exchange messages? Public-key crypto blows that problem away.

 

[cyrex]

cyrex, not bad on the first post, except for one thing -- the whole point of PGP is that you have two keys, public and private.

As long as you protect the private key, it doesn't matter if you publish the public key in the friggin' newspaper. That's why it's called a "public key"!

Before public-key crypto, there was always a "key management" dilemma: how do I get a key securely into your hands so we can exchange messages? Public-key crypto blows that problem away.

hehe I'm not saying that PGP is unsafe, but it does not guarantee that when you get someone else's public key that it is legit and thus you could get receive some non-legit emails from them.

If you'd like a more detailed explanation sometime, we can discuss it. I've actually written a few proofs on PGP and how great it is. (I love it) but there are some social/physical loopholes.


anyways it's moot

my point was that, although i HIGHLY recommend encrypted email for UG type stuff, don't rely on it 100% from protecting you..

 

[steelmass]

Even when I got in trouble for crashing 6 mail servers when I was 16 years old, my ISP could not prove it was me for sure!
They didn't press charges because they couldn't!, they did however suspend our service for 3 months and required I make a formal apology in front of their board before we got service back again. But on that same note, I helped them find and fix a bug in their network that was a HUGE security vulnerability and other than causing their techs to have a late night, didn't do much harm.

I'm not trying to brag about my computer skills here. My crashing of 6 servers was purely a mistake in a program I was working on that was very primitive, but for those of you that like the word 'hacker', I can do and have done what a 'hacker' can inheritely do. I have put my knowledge to good use though by making an honest living out of being a programmer, web developer, and some computer forensics on the side for a few different law firms. I have 1st hand experience with these types of issues and have experience running some VERY LARGE websites and had access to LOTS of sensitive information.

Want to hear something scary?

90% of Internet users use the same password for everything they have. Years ago NONE of those passwords were hashed (made unreadable to the human eye). Site administrators could grab their passwords. Most sites like this require an email address to sign up . . .

What am I getting at? EF grabs your pw to login, they know your email address and if you fall into the 90% of the people that use the same PW for your email and your EF login, suddenly EF has access to your email which I'm sure has many registration confirmations for other sites and services, like forums, BANKS, CC sites, etc, which may also have username and account numbers in them, and some even send you back your password (since they encrypt rather than hash the passwords). Suddenly, any site owner who requires registration has a WORLD of 'possible' information available to them and they could do a TON of malicious shit such as transfer $$ from your paypal account to theirs, make bank transfers, etc.

If EF wanted to be malicious, giving your IP out is NOT the easy way to do it . . .


now how many of you will go change your passwords? HAHA

Very true indeed, I have 3 different passwords for 3 levels of sites, the highest I would die if someone got, the lowest I could care less. EF is on the lower tier. Also, the easiest way people get your passwords is by keylogger so anyone trying to be safe use the character map.

 

[cyrex]

Very true indeed, I have 3 different passwords for 3 levels of sites, the highest I would die if someone got, the lowest I could care less. EF is on the lower tier. Also, the easiest way people get your passwords is by keylogger so anyone trying to be safe use the character map.

well a keylogger would require that somehow a keylogger was installed on your system, if that is the case you have worse problems to worry about. I personally don't use windows so I don't really deal with that stuff.

 

[cyrex]

FOR THE RECORD
I think it is a HUGE error on EF's part to allow chairmen to see IPs or even MODs, only site admins should have that info, but still it really doesn't matter. I personally would like to give my customers as much comfort as I can even if it is meaningless

 

[BrothaBill]

lol, there was a funny story on another board about this kid getting busted talking about smoking pot in a chatroom.
People get busted off the internet. Having a timestamped statement with their IP address if you are lawenforcement makes it easy.
I too have had my own chatboard and was admin and I have every person's who posted there's IP address, many from EF.
So what, I used to altercheck and one b/c my gf was screwing around and traced different handles to her city.
But, its also possible to gain control of someone's computer with just their IP address or attack them.
Its the ease of information. I am sure if I hired a private investigator I could get all of your information.
Did you know I can purchase logs of your cellphone? Who you call, how long, how often?
The issue is this, if you think people cant or wont do things with information then you are wrong, it happens everyday. Just it takes some investment of time and know-how to do it.
Why take that risk with releasing IP address information? Whether it be one out of a hundred times or a thousand that something goes wrong, its just not right to "DISPLAY" information like that. You should be able to opt out.

Lets say that lawenforcement decided to clean house of the number one fitness site as part of Operation GearGrinder. They set up a room and make a list of people with incriminating posts or other salient information that can be used to bust, scare or intimidate AAS users.
Then they use their IP, put it into a database. Then they go out and do their job.

THe RIAA got people's information and did the same shit with sharing songs. All it takes is the operation to be launched. This hole of giving out IP addresses make it easy. THey could concentrate on a certain region by looking at IP addresses. I mean its simple.

Anonymization with the TOR network, onioning your identity is too late for these posts. I mean for hiding an alter, sure about a few years of posts with IP addresses displayed on every post pretty much means you would have had perfect vigilance.

If they have your IP, AND a reason, they can find out who you are, look at the RIAA model of suing college kids, some members here got involved in that and posted about it. How did they get the information from filesharing to put a name on the court documents?

 

[cyrex]

#1 whether the pot story was true or not, don't believe everything you read. I cannot believe that the chances are greater than 0.000001% that someone will get busted for doing something PURELY by posting about it on the internet unless it has to do with national security.

#2 the RIAA stuff went after the people who were DISTRIBUTING for the most part and still lost some of the cases.

lol, there was a funny story on another board about this kid getting busted talking about smoking pot in a chatroom.
People get busted off the internet. Having a timestamped statement with their IP address if you are lawenforcement makes it easy.
I too have had my own chatboard and was admin and I have every person's who posted there's IP address, many from EF.
So what, I used to altercheck and one b/c my gf was screwing around and traced different handles to her city.
But, its also possible to gain control of someone's computer with just their IP address or attack them.
Its the ease of information. I am sure if I hired a private investigator I could get all of your information.
Did you know I can purchase logs of your cellphone? Who you call, how long, how often?
The issue is this, if you think people cant or wont do things with information then you are wrong, it happens everyday. Just it takes some investment of time and know-how to do it.
Why take that risk with releasing IP address information? Whether it be one out of a hundred times or a thousand that something goes wrong, its just not right to "DISPLAY" information like that. You should be able to opt out.

Lets say that lawenforcement decided to clean house of the number one fitness site as part of Operation GearGrinder. They set up a room and make a list of people with incriminating posts or other salient information that can be used to bust, scare or intimidate AAS users.
Then they use their IP, put it into a database. Then they go out and do their job.

THe RIAA got people's information and did the same shit with sharing songs. All it takes is the operation to be launched. This hole of giving out IP addresses make it easy. THey could concentrate on a certain region by looking at IP addresses. I mean its simple.

Anonymization with the TOR network, onioning your identity is too late for these posts. I mean for hiding an alter, sure about a few years of posts with IP addresses displayed on every post pretty much means you would have had perfect vigilance.

If they have your IP, AND a reason, they can find out who you are, look at the RIAA model of suing college kids, some members here got involved in that and posted about it. How did they get the information from filesharing to put a name on the court documents?

 

[steelmass]

well a keylogger would require that somehow a keylogger was installed on your system, if that is the case you have worse problems to worry about. I personally don't use windows so I don't really deal with that stuff.

Of course, but it would be easy for someone to get your email address and send you a trojan keylogger. I never crashed servers but I definitely found my way into many people's computers back in the day. This was the easiest way to gain information about a person, personally. You on Linux ?

 

[George Spellwin]

Please continue this discussion here:
http://www.elitefitness.com/forum/showthread.php?t=468758