Inkbunny

IB Gear Latest Popular Members Search
 
Welcome to Inkbunny...
Allowed ratings
To view member-only content, create an account. ( Hide )
RiskItForTheBiscuit

In light of recent doxings

by
I won't hide my account. That's useless and makes the terrorists doxers win. If anything we want to be more visible than ever.

1 - Read this, and this.
I don't care if it's long, I don't care if it's hard, being doxed is worse. (Btw yes, it's doxed, with one x. The double x thing is a nefwag trend that started around like 2008.)
Most points I'll add are non exhaustive but a bit more tailored to us. I'm not a security expert though.

2 - If you're one of those people that I see every time now and then, who like to repeat this incredibly low IQ take, "aha who cares being anonymous is impossible we're always being spied on XD" as an excuse for your own laziness and lack of knowledge, do everyone a service, and shut the fuck up. Fast. You don't know what you're talking about and you're doing yourself, and others, a massive disservice.
Usually, the retort to this is "Ummm, some people don't want to spend 3 million hours setting up something secure or learning about everything ever, and avoiding services that everyone else uses". Ok, cool. Say that, then. It's perfectly okay for you to make that choice, instead of lying, and saying that it can't be done. Because it CAN be done, and people do it, regularly.
I'm not saying that my security is that great, but there's multiple layers, and there's definitely ways to be safe for a large amount of people, governments, agencies or organizations. Yes, ultimately, the NSA will probably be able to break into your shit by straight up listening to your CPU, or some other James Bond gadget type shit. But are you at this threat level?

3 - Don't use discord. If you really want to use discord for voip, because every single one of your normie friends games w/ that, then use it for that. You shouldn't be talking on there, though, especially for cub. Refrain from using the same pfp or name there. Refuse to take commission details or contacting furry artists in discord. Especially do not send cub there. Do not use the main client if possible. While ANY client shares info with the discord servers and, as a result, all this info WILL be read and used by discord. - the main discord client also scans your memory. Using another may get you banned - but I haven't been banned yet ¯\_(ツ)_/¯

4 - Some people believe that they're safe if they use discord, one drive, mail, or whatever else for cub IF they send it in a zip file. They aren't. Microsoft, apple, google, etc have REGULARLY proven that they open zip files to inspect contents. We notably know this because security researchers have shared malware with each other in zip files, and it got flagged as such (Gotta admit though, you have to be quite the security specialist to share a virus over fucking gmail)
At the very least you should add a password to that zip, if you're going to do that. And, obviously, share the password on a completely different service... Any AI worth a damn will pick it up.

5 - PayPal is really the point that hurts. We need it, but anybody who has your email can dox you. A professional account isn't enough. Typically, you aren't entitled to privacy when someone buys something from you - this is normal because people need to be accountable for bad services or goods they supply. But it's clearly used for that nowadays.
People like to complain but don't want to buy things with viable crypto currencies used for a long time, eg. BTC or XMR. People buy drugs with monero, I'm not sure I need to explain much more than that.
Yes, you can set up a fake name or information on PayPal. I may or may have not done it :) Except...
- They absolutely research the people who register on their platform. If you entered fake credentials, they may get suspicious.
- PayPal can demand verification at any time. ID, passport, etc. If you give some that don't match, they'll lock you.
- The bank account you will link it to, as an artist, absolutely uses your name. Did you open up a bank account with a false name, too? If yes, based. But I'm doubtful.
No, seriously. Seek alternatives.
To be clear, I'm not particularly anonymous on BTC either. BTC, as a matter of fact, is not even used for most illegal transactions, because it's pretty well tracked at this point (hence why XMR is the current thing). And it does have to go through an exchange, etc. But it's not an insta-dox button for sure.

6 - Absolutely do use a VPN. Absolutely do use TOR. They're not enough, though.
First off, use Mullvad, probably. Proton is kinda sus (they have collaborated with authorities and de anonymized multiple people) Mullvad has passed the best audit I can think of: they were raided by the police, nothing was found, because they don't store anything. Simple as.
Why VPN is not enough:
- You log into things that you probably logged into before using that VPN.
- You log into things that are linked to an email linked to you, or other things like that (gave your name, your location or whatever in dms on that platform once maybe, or hardware details, etc). Also, cookies
- the DNS is not trustworthy (use 9.9.9.9, it probably helps. At the very least it hides DNS queries from your ISP)
- Doesn't help with browser fingerprinting. Do not use shit like firefox, chrome, opera, etc. Use librewolf, or brave.
- Other stuff lol.
Why TOR isn't enough:
- The site you visit can still leak info
- Fingerprinting again
- JavaScript is cancer, deactivate it
- more.
You should ABSOLUTELY use a VPN and sometimes TOR in this day and age but you shouldn't expect to be safe because of this. You must do more than just that.

7 - Your phone is likely not secure. I don't care if you run Graphene or if you're one of the cultists who pretend to be safe by virtue of being on ios, a marketing lie. Don't use your phone whenever possible. If cub, loli, shota is illegal in your area, never use your phone for this.
You should still make it as secure as possible, by using a secure ROM (Graphene isn't bad, though giving money to google definitely is) and by getting rid of any google shit in general, encrypting your device, having it reboot once a day automatically in case it's stolen/taken from you, deactivate face/fingerprint unlocks, etc. You're a furry, so you probably use it for telegram etc. Someone could, in all likelihood, gain access to everything through your phone. Don't store cub, automatically delete cache; etc.

8 - Don't use AI lol
if you do, run it locally

9 - Telegram - you're a furry. You probably use TG.
TG is not secure. Durov is not trustworthy. Telegram shares data with the police, unprompted (no need for a judge's warrant, they do it of their own volition, all the while Durov pretends to fight for free speech on his channel that you can't leave - he certainly does not talk about why he came up on the authorities radar after beating up his son, sending him to the ER. Or when he supports pro Russian parties in eastern Europe - so much for freedom). There is no encryption of public groups/DMs. Telegram never did that. Only secret messages work that way. Signal seems to do this, though, for everything - groups, dms, etc. Keyword is seems. don't trust it.
TG absolutely will ban you for cub, loli, shota. TG will snitch on you, if you reside in a place where cub, loli, shota is illegal and you appeared on the authorities radar. Telegram reveals your phone number. Your phone number is most likely tied to you. You are not anonymous on telegram - authorities in a given country can easily demand and obtain a phone number related to a message.
I can't tell you not to use TG, but you can't trust TG.

10 - Googling yourself:
Use double quotes for perfect string matching.
"your_name" + "cub_name", "regular_furry_name" + "cub_alt_name", "cub_name" + "place_where_ you_live", "cub_name" + "email", etc should be searches that you do every time once in a while. Not every day, maybe, but at least once in a while. Try various  search engines.
If you are going to be doxed by typical raiders, it's gonna happen this way, most likely.
Your email can help determine many things.
Look yourself up with:
- holehe
- LeakCheck
- Dehashed
- intelX
- Snusbase
- Holehe
- etc.

People can find out other services where you registered.
Some can be compromised. Maybe you used the same password in both places (don't do that...)
Some can help find other content you posted and figure out your identity by doing a specific search adding up all that information.
There's tools like Sherlock, and other scripts that will look up a given name on a ton of different sites and platforms. Use them on you.
Look up if you are present in any leaked database, etc.

10 - The entire long password, different password, 2FA stuff is not a meme. 2FA stopped me from accessing stuff almost all the time when I was doing mitm on my dorms network

11 - You're American? I'm not, so figure this one out yourself - there's shit tons of people being doxed by voter reports or other shit like that

12 - Lie on fucking everything. Make decoys, too.
Fake dates of births, fake names, fake fucking everything. Make a fake ass LinkedIn. Put fake ass stuff there. Make it look realistic. Drop a link to it somewhere. Let idiots dox the fake you. Make fake E621s, twitter, inkbunny.... fave random tame ass stuff, never use the account again, make a completely different one with a completely made up name, use that non correlated account day to day.

13 - Don't use windows lol

14 - I ran out of characters
Viewed: 657 times
Added: 1 month, 2 weeks ago
 
57 Comments on this Journal
Leave a Comment...
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
Most of what I said is generic shit tailored for the cub community.
So it's mostly going to be telegram stuff, identities on furry sites, paypal, etc
Most of the govt/authorities stuff is more for people who live in places that WILL go after them for browsing that type of content.
The points that matter the most for doxing are most likely the shitty tools we are forced to use.

Feel free to add more, knowing that the list is probably infinite.
Really read the opsec bible.

I re iterate that I'm not a security expert; and know of multiple holes in my opsec.
JordanusDAchipmunk
JordanusDAchipmunk
1 month, 2 weeks ago
link
well... I guess i am Screwed. Thanks for the Tip! :)

I was witch-hunted by a bunch of normies on X so I'm sure they have everything on me
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Not guaranteed.
What happened? Did they just correlate a bunch of accounts? Are they still going on? Do they look particularly smart and keep going at it? Did you actually get doxed, or are they still failing to do this?
DanielBunny
DanielBunny
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
The main thing I've noticed is to stay off of Twitter. That seems to be where 99% of the doxing I've heard of starts, and that's where the people who do the doxing seem to thrive most. As for the rest, holy shit that's a lot of effort.

I have considered getting into bitcoin just as a backup in case things go south, but I could use suggestions for payment processors/wallets that don't charge ridiculous fees, because that's been the barrier for me. In many cases they double, or exponentially increase the money I'd have to pay for anything otherwise.

edit: Not to mention the endless spam I've been receiving from the ones I looked into.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
I have not seen the massive fees mentioned before on other journals in my current context.
I will not say what exchange I use, but...

- I have a custodial wallet. I can receive and send BTC from my wallet on my computer
- I don't buy cryptocurrency. I get paid in it. So I don't know much about buying BTC, nor do I really care. My thing is cashing it in. I do wish more services that I use allowed the use of cryptocurrency. I would pay in BTC with commission money whenever possible.
- Cashing in basically requires me sending it to my account on an exchange and then sell it for euros, then send it to my bank. There is a fee on this but it's nowhere as big as mentioned before. Google each seemingly trustworthy exchange to learn their fees for that regard.
In my case, it would be around ~0.3–0.4% trading fee to sell BTC for euros, + 3€ SEPA withdrawal fee to my bank
Athari
Athari
1 month, 2 weeks ago
link
At this point, I'm offended that nobody has doxed me yet. There's a 3-step path from this account to my home address and phone number — and nobody fucking cares. 😡
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Honestly I think you shouldn't take that approach to it.
Even I won't suffer massive consequences for being doxed: What I do is entirely legal where I live.
But you can't count on it. What if you get doxed, don't care about it, and sometime in the near future, the law changes, and you get in serious trouble over it?
Athari
Athari
1 month, 2 weeks ago
link
Then that would still be the least of my troubles. The benefits of living a shitty life in a shitty country, I guess.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
Hmmm... I don't know. Situations change all the time. People generally don't realize that they have something to hide, and why. In your case, in Russia?  I remember many occurrences of self proclaimed predator hunting thugs really going after anything or anyone remotely gay to beat them up or worse, on video. If some people are ready to do that just because you're into guys, imagine what they think if they find your IB.

it's really just me coming up with a random possibility after having thought about it for not too long, but really there's plenty of reasons why even the most normal person should remain private online
DanielBunny
DanielBunny
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
Here in the US we kinda thought violence against homosexuals wasn't an issue, or at least not as much as it used to be, but now we're seeing how easy it is for someone to stir up the lead-brains into violence, nevermind the human pumpkin giving those people big guns and badges.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
there's nothing comparable between the russian and the american situation.
DanielBunny
DanielBunny
1 month, 2 weeks ago
link
I didn't say they were. I'm only saying it changed.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Perhaps it did.
Perhaps it didn't, who knows, maybe you were talking about a completely different exchange that still does it this way, that I'm not aware of
DanielBunny
DanielBunny
1 month, 2 weeks ago
link
You said that situations change, and I was adding to that by talking about how things have changed here.
Athari
Athari
1 month, 2 weeks ago
link
" I remember many occurrences of self proclaimed predator hunting thugs really going after anything or anyone remotely gay to beat them up or worse, on video.

I've heard about something like this, but in most cases, the whole story usually involved idiots taking a bait of fake 17-year-olds. I doubt those thugs would be interested in rule 34 pics. But I'm not really following local news, so maybe I've missed something.

Even if my social and sexual life, hetero or gay, wasn't dead (*tumbleweed rolls by in the distance*), I don't think I'm at a high risk of crossing paths with thugs. Not saying the whole Russian "fight against gay propaganda" didn't turn things to worse, especially in recent years, but it isn't quite there yet.
FullDiaperPail
FullDiaperPail
1 month, 2 weeks ago
link
I am kinda impress, you are not just intro drawing and for once the subject is quiet addressed correctly.
About VPN, it only use it to protect your transaction on a public network. Don't expect any anonymity when using it... People literally pay a private company to root your payload to a well know output node. the "privacy and security" stop where the tunnel end and those companies are require by law to log the traffic.
Being anonymous is a rabbit hole, just look at address mac correlation. The hardware is the first to give your ID. Thinking using ios with mac rotation, look at NDR tools and ARP tables on your local ISP, they perfectly know who you are hahahaha
Anyway like i said, i am pretty amused to find security topic on a porn website, that nice
Athari
Athari
1 month, 2 weeks ago
link
There's a significant difference between stopping doxers from Twitter and hiding from FBI. This post mostly covers the former, not the latter. :)
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
The people I think of are not exactly from twitter, they're from soyjack /raid/, mostly.
GarryMouse
GarryMouse
1 month, 1 week ago
link
And kiwifarms
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 1 week ago
link
from these recent raids? nah, soyjack.st. I saw the exact threads related to the exact attacks we saw.
GarryMouse
GarryMouse
1 month, 1 week ago
link
That may be true but kiwifarms is still a hate promoting site full of actual monsters, including the owner himself.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
" FullDiaperPail wrote:
Don't expect any anonymity when using it... People literally pay a private company to root your payload to a well know output node.


To an extent.
Independent audits are not bullshit.
There are things a VPN helps, and some it doesn't. There might be some fuckery around cookies, fingerprinting, DNS, and others - but in the case of mullvad? IDK what else to say, dude. They got raided by the police, with judge warrants, etc - highest form of authority available, physical access, subpoenas and whatnot.
Nothing was found because it simply wasn't there.

To me that's an excellent guarantee, it's hard to counter that.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Also I'm not an expert, but I'm still a firmware dev and I know some things. Tho we are usually the worst of all when it comes to security IMO.

It's not that surprising. We're in a place where privacy is required. Most furries seem to be in IT.
Most people in IT have some level of security knowledge. I've done basically as much as everyone else. Cracked some handshakes and got into some wifis, did some injections, captured some flags at CTFs, bypassed some loops on de compiled binaries, etc - all very momentary stuff that I didn't keep practicing, and honestly, in security, when your knowledge is outdated by a few months, sometimes weeks, you might as well consider you know nothing at all. That's where I stand. I am not up to date, and know next to nothing.

There's plenty here who know more than me.
Yes, the hardware would be the things that would give my identity away. I made sure that it's not really a thing, though.
And you can also spoof a mac address, etc. I've done that, mac spoofing in mcds or whatever, classic script kiddie shit.
FullDiaperPail
FullDiaperPail
1 month, 2 weeks ago
link
As Athari pointed out, you just want peace and your approach totally fine. Mullvad is a correct choice as far as i know
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
I want peace from the government as well. Nothing guarantees that they'll be okay with cub forever. Nothing guarantees that other things that I do, which aren't immoral, are safe from them.
Denmark may tolerate cub, they still spawned the spectacularly mentally ill and authoritarian age verification initiative. There's plenty of evil here too.
Ainoko
Ainoko
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
I still have to use windows until I can afford to get my new PC built and installed with with an OS that I have a love/hate relationship with... Linux. Got a couple of Linux for dummies book that focus on different flavors of Linux that I am reading to better understand the OS.

Good thing I haven't used Discord in a few years on my desktop but not on my laptop.

Yes, I do use multi-factor authentication and passwords that are long and damn near impossible to crack and thanks to a podcast I listen to, all my passwords are short 75-150 character stories that are based on events in my life, what I am writing, my interests and other relevant random shit. All sites, usernames and passwords (as of today, I have over 200 past present and future passwords logged) are stored on separate documents that are both password and passcode locked and are stored on 4 different external HDs, 2 flash drives and two MicroSD cards. And all are stored in separate and easy to access (to me) locations. I also run every password I create through a password checker to see how long it will take either AI of computer to crack and so far the passwords will survive past the end of the universe.

Also, all external storage devices require password and passcode authentication to access the contents, same goes for my phone, tablet, laptop and PCs
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
Well... Linux doesn't require you to get a new computer. Pretty much the opposite, unlike windows, it can honestly run on anything I can think of - it's a bit of a sin, even, because people started shoving it in places that shouldn't even run an OS to begin with.
I would know, I cross compiled our own version of Debian for a specific device that we made in house a while back, running on a small MCU, with our own drivers, etc. And then there's all the Chinese routers that run some sort of Linux that you can log into via serial and realize it's spying on you...

Arch, which I run today (btw), has some i686 users, which I find funny, since windows 11 can barely support some instruction sets that aren't even 10 years old.
In this day and age? Ignore the books - the respective communities of every OS are the best resource by far. As far as I'm concerned the only case in which the best resource is a book is Linux from scratch, and it's a whole ass pdf about making your own.

It varies a little depending on the distro. Arch has an incredible wiki. Ubuntu (lol don't get Ubuntu, mint is better) has askubuntu which is pretty massive, IDK what opensuse has but I knew someone who went on some IRC and asked for an solution for obscure hardware and immediately got replied "Well there's this thing I compiled a few years ago..." and got given a solution within minutes just like that, etc.

You don't particularly need a new PC to switch to Linux but I would argue you absolutely need a large external storage where you can do a copy of your entire system, wipe your entire storage on your computer, install whatever you like, make a list of all you need to put on your Linux, and over time, methodically re insert all these things back in.

I generally like to challenge the "need to have windows" part.
Honestly at this point the only thing I believe that you cannot have on Linux, would be any game requiring kernel level anti cheat. Everything else has worked. And I would argue kernel level AC has no future.
Now... I'll admit, some things are hard.
These include:
- pro software like fusion 360 etc
- very intensive game modding.

All the VR stuff, all the niche games, all the obscure peripherals, etc - all of this I made work, effortlessly. I'm talking my HOTAS, head tracking devices, my VR headset, games that require external tools like dwarf fortress, elden ring seamless coop mod, etc, etc, etc.

The very intensive game modding (EG falcon BMS - a huge, 70 GB rework of a game from 1998, turned into a modern simulation, for instance) required me a lot of fucking around with winetricks. And the pro software required me to do some winapps emulation with GPU pass-through.
Now that was difficult. But it worked. It's also not something most users need.

I'd argue that for the widest majority of tasks, software, and games, Linux will serve you better.
If you require niche pro stuff or similar, it might be a little difficult without much knowledge.
I'm kinda knowledgeable when it comes to Linux at this point, I'm assuming setting up winapps is a biiit difficult for a normie though, it depends on where you sit .

In any case, all the games I talk about, all the work I do, all the cub porn I draw, it's all done under Linux
Ainoko
Ainoko
1 month, 2 weeks ago
link
my laptop (Alienware G67) is Win10, my current desktop (Altex Forge) is Win7pro, my new desktop will be a custom build in a HAF Cooler Master 932 tower that will run Linux. I do know that I can put whatever I want in the new tower, but the new system will be a beast with some of the best components moreso if I can get a server motherboard that would fit in the tower
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
First of all, the one thing that really matters is the motherboard. Honestly at this point I'm not sure I know of CPUs, GPUs etc that do not "run" Linux. We have definitely seen in recent year a surge in absolutely fucking shitty motherboards with an absolutely lame firmware, which do not really allow to install anything, and lack functions. That's about the only thing that would prevent Linux from being installed, mostly in laptops. these are not the norm though.

With that in mind:

The Win 7 computer probably deserves an urgent update if it's still in use. You know W10 is EOL, but win7 is turbo dead, security wise. You can't really trust that machine. I mean, win7 is an OS that I could crash at will by accidentally making a device communicate nonsense over serial, leading to win7 actually believing it's a mouse and immediately BSODing - that kind of stuff makes me REALLY not trust it at all.
Altex forge is not really a PC model, it's an assembled retailer thingie, it could be anything from ASUS to MSI or whatever.
By default, considering most motherboards from most brands from that era, I would say it most likely runs linux but I'm not sure if you have maybe something very weird and specific. I'm willing to bet it can install it.

The HAF cooler master thing is, again, also a case. It does not really matter what the case is. There is nothing in a case that is relevant to the software. If the motherboard is a server MB (are you absolutely sure it fits...?) I'm also willing to bet it can install linux. Servers are our domain. Linux runs the internet.

The laptop can run linux. The G series iirc just can. I would strongly advice against buying alienware computers though. In the case of alienware specifically, all the proprietary, alienware specific stuff like command center, with RGB lighting configuration, etc, will not function under linux.
Ainoko
Ainoko
1 month, 2 weeks ago
link
I know the HAF Cooler Master is a tower, I have a couple friends who own their own computer repair and sales stores and I have asked them for assistance in finding a server motherboard that could fit in the tower using the motherboard mounts (before looking at drilling new mounting holes in the back wall), otherwise I'll be looking at something that is close to server grade.

I run Windows Bitdefender on my Win07pro desktop and my laptop I bought at a pawnshop and had Win10 on it then replaced the original 250Gb HD with a 2TB SSD 7 years ago. I plan on taking the laptop back into the shop and replace and upgrade both the RAM and HD from 16Gb DDR3 RAM to 64GB DDR3 if possible and a 5TB SSD (as the OS and software drive) and an 18TB HDD for onboard storage as well as getting a full diagnostic on the unit and fixing any issues I may have missed when updating/deleting software and doing general maintenance.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
Antivirus is reactive, works with heuristics, and will not react to threats it doesn't know, exploiting holes that are not patched.
It is insufficient in unsupported OSes when unpatched kernel issues, driver exploits, outdated cryptography, etc are the issue.
Exploits do not require malware, in which case the antivirus will be completely useless, kernel level issues bypass the antivirus, exploits run at higher privilege. No patch means the exploit is permanent. The AV won't close it. It'll just sit there until exploited.
At this point in time I would argue that while W11 is a massive piece of shit, it is actually now preferable to use it than W10 for this specific reason. W7 is even more affected and you're far more at risk on it.
Obviously I don't recommend W11, I recommend multiple Linux distros. But should I need Windows, I'd be forced to use 11.

I trust you got the motherboard stuff figured out, I believe compatibility shouldn't be an issue on any of that
UnchainedMonkey
UnchainedMonkey
1 month, 2 weeks ago
link
The fact someone had a Twitter of the same name as me is what saved my ass. I changed up nannes and other stuff. I often Google myself and what not as well. You have a lot of extremely good point. Also I could never remember if it was one x or two hahaha
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
Common names are good. Making decoys is also good
I've been a bit lazy and need to make more.
Riskitforthebiscuit is a fun one. Lots of people called that
UnchainedMonkey
UnchainedMonkey
1 month, 2 weeks ago
link
Edited 1 month, 2 weeks ago by Owner
For me in particular this guy had an inactive account but he had the my gaming handle he just beat me to it by a couple years so like when the doxing stuff had happened the couple weeks back or whatever it was they had so much wrong information on me if I actually kind of laughed when the person that was informing me of I told me this I'm very grateful to the person that informed me because I was aware of their intentions before they even did anything
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
snrt
that's pretty good
Tderg
Tderg
1 month, 2 weeks ago
link
Maybe don't combine your name and furry name in searches. They certainly log that stuff and you'll have created an association.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
thought about it, in a dox context, that's not coming up on anyone's radar. Definitely does on google search, if a judge subpoenas google to get your search history in the US but certainly not otherwise.
PlapPlapGulp
PlapPlapGulp
1 month, 2 weeks ago
link
What recent doxings?
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
mitsy, some other person I don't recall, and an effort against ib and cubs in general.
FeatheredAdventures
FeatheredAdventures
1 month, 2 weeks ago
link
Thank you for posting this, there is a lot of useful information on here for those who might not be that familiar with it.  I actually just made a journal myself asking about stuff like this when it comes to commissions and staying safe.  I'm gonna provide a link to this journal if that's cool.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
thanks for the watch, the list is not exhaustive and I even haven't covered it all myself yet
KatiePup
KatiePup
1 month, 2 weeks ago
link
Oh FINALLY someone in this space that values some good OPSEC!

Awesome guide 👍 thanks for the tip about Google opening zip files, probably should have figured that would become automated with the mass-AI adoption. I like your warrior's spirit! Fuck those losers! 💪
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 2 weeks ago
link
AI isn't new and neither was mass opening of these files etc. I think the file didn't require any of this. Just heuristics, and hash comparison etc in files that end up on their servers.

On the google side of things, translation for instance always more or less was AI, and so were many other things for over 10 years. We've had pattern matching on missiles in the 80s, autonomous radars working with models etc in the 70s, it just really blew up for anything and nothing these past years, but you can bet google has been on it for a muuuuch longer time.
SanisPifo
SanisPifo
1 month, 1 week ago
link
The biggest problem with Bitcoin is that the end user is lazy. People don’t want to learn, and they don’t use it out of pure inertia. It’s just way more convenient to use garbage like PayPal.

I hate PayPal, but let’s be honest  most of the alternatives either suck or barely work properly.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 1 week ago
link
If the only problem with BTC is that people don't use it as much, as opposed to paypal where your money gets frozen (aka stolen) for whatever reason, taxed, you get fees, you get banned for anything, you get doxed, etc - then by definition no, bitcoin does not suck.

If people are being lazy, well... they really shouldn't. Because once all their favorite artists have been banned from paypal they'll absolutely have to set a wallet up.
SanisPifo
SanisPifo
1 month, 1 week ago
link
I agree with you—PayPal is trash and Bitcoins is good. It’s a shame, because only a massive movement of both big and small artists could really force buyers to move toward Bitcoin/crypto. I usually use Binance along with a cold wallet, though I prefer Binance for convenience when receiving crypto payments.

I really hope users start supporting artists by migrating to other payment methods, even if it’s inconvenient. It’s safer, decentralized, and private.
RaineShadowpaw
RaineShadowpaw
1 month, 1 week ago
link
Edited 1 month, 1 week ago by Owner
thank you. ill share this around nwn, if anything cause people need info.

one extra note... this works because of social engineering... doxing is meant to damage your livelihood by making the people you depend on not work with you, divest from you, affect you in collateral ways. the best way, is to make your livelihood not dependent on that... easier said than done, for example i absolutely require PayPal to function. not just me but others in my family depend on my income. but as far as job opportunities. community chances and such.. I don't interact with the larger furry fandom in hiding, i am loud and proud about my cub work. and i make sure it's present and established. the people who would not associate with me because of it, don't. which has lowered my damage control cost.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 1 week ago
link
There's honestly far more that than just that, and I haven't gone through my entire list myself.
One thing I should have added is that they're also HUGE larpers. Like, most of those are little virgins who don't really amount to much in life and won't actually do anything with the dox - I've seen it in multiple of their threads, they actually cry and complain that nobody does anything with the dox once it's done.
Like, people who have jobs mostly don't care, and at most, those guys have sent a few pizzas and, more rarely, called parents when they actually found them, which is rare. It's still possible to cause damage like that but some people panic WAY too much here when it does happen.
Their effect is quite frankly limited and in most cases, people should NOT delete their profiles even if they were doxed.

They don't actually seem to go for PayPal that much, they mostly rely on OSINT tools to get it done, and find profiles on whatever random websites - seemingly, not PayPal, at least not yet.
I do recommend NOT to leave paypal links in the open, EG in journals, profiles, or telegram channels, though. You should probably stick to invoicing people who commission you, this way you control the entire thing, who receives paypal links, and what comments get written (so that nobody says COMMISSION MONEY FOR X / Porn for Y / NSFW commission / whatever when sending money to you.)
Also, no email address in the open either.
Eventually I recommend dumping paypal wherever possible, using BTC, XMR (it's like... the only crypto currencies that are used for anything) or wire transfer if you really trust whoever you're dealing with (that one is a mega self dox though)
MkLXIV
MkLXIV
1 month ago
link
Edited 1 month ago by Owner
I've seen somebody try to dox TalentlessHack real-time and failed because they couldn't extract anything useful out of his PayPal email
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month ago
link
I found out in tests with friends that all that comes up with my paypal is a fake address (not mail. Like, fake postal address) My email does not. I do use a professional account.
strawbaby
strawbaby
1 month, 1 week ago
link
I know quite a few artists that use monero but haven't been able to figure out how to successfully buy crypto. x_x;

These are all very helpful steps to securing our online identities, thank you!
strawbaby
strawbaby
1 month, 1 week ago
link
Also, what are some better chat clients that we can use?
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 1 week ago
link
They all kinda suck. I believe signal is the best option rn but there's no one on it.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month, 1 week ago
link
It's a bit of a pain, personally I'd set up a custodial wallet, I use sparrow for that matter, the bitcoin are on my wallet, which I handle myself and I backup.
I don't actually buy crypto, I sell things for it and then send it to my bank account through an exchange, I suppose in your case you would either have to mine it, or to buy it somewhere and send it to that wallet, I'm not sure who sells monero.
MkLXIV
MkLXIV
1 month ago
link
Edited 1 month ago by Owner
To add:

11a: If you ARE American, look up your info on people search sites. Intleius, Spokeo, etc. This is the low-hanging fruit for doxers and what people looking for random "furry cringe" people to dox will be going for first. Many of these sites will let you look people up by email or phone number, which is what doxers are likely to find out about you first.

Most of the rest of this is probably (currently) overkill for Americans at the moment as cub isn't illegal here, but "don't trust platforms" is a good thing to go by. I'll also point out ban evasion on Discord is trivial.
RiskItForTheBiscuit
RiskItForTheBiscuit
1 month ago
link
Edited 1 month ago by Owner
Cub isn't illegal here either. Here, neither are loli and shota, for that matter.

However,
- Nothing guarantees, in either country, that things won't change. We've had in fact plenty of indications on both sides that it may
- This is absolutely something that someone might want to look into, which might cause some shit. In fact, I know directly two people who went to court over cub porn, one in Virginia, and one in Germany. The process is also punishment. Fees, stress, and, especially, the family and friends who get dragged in. In both cases, cub porn was projected in court. In one case, the family was aware, didn't care, etc. In the other case... yeah, that's hell.
Both "won" their cases (+ won the appeal for the one in Germany) But do you consider that a win, if your family and friends are there and you've been outed?
- Socially, even if you're not arrested and/or charged, you can take a hit.
- There's possibility of getting fucked when/if you travel.

IDK much about data brokers in the US. They exist, there's people I know who were doxed through voter records, etc. Allegedly, there are some services you can pay that demand your data to be wiped.
Half of the people I know who have a take regarding this think it's a meme. Some who used it tell me it works. Someone asked me if I could look him up based on the information I had on him, and I could, through one of these things. Mix of white pages and other stuff

Edit: the large majority of people who were doxed are Americans, it did contain pizza threats, calling their parents, workplace, school, etc (or claims that they were gonna do it) and it seemed real enough to those people that they'd delete their account.
MkLXIV
MkLXIV
1 month ago
link
Edited 1 month ago by Owner
Entirely fair point and I already do much of this myself in ways it's relevant to me (I don't use Windows, I use GrapheneOS, I use 2FA including a YubiKey, I already know about the ZIP scanning thing too) because I'm paranoid. There was another case in Indiana (in the US) in 2024 where somebody went to court for loli/shota stuff and won that as well. Though the world is currently in a stranglehold by prudes, so I try to keep myself safe ahead of time (though the enforcers of such bans are likely bots and total morons).

And yeah, people search sites are basically OSINT, they're used mostly by advertisers to sell people things but anybody can look people up. That's why I pointed that out, and given most of the people doxed are American makes me think that's the primary way people are getting doxed.

Also a thing to mention, Graphene OS supports duress passwords which could be useful if your phone is snatched.
New Comment:
Move reply box to top
Log in or create an account to comment.
 

Help

Information

Policy & Legal

Twitter Facebook LinkedIn

All artwork and other content is copyright its respective owners.

Powered by Harmony 'Gravitation' Release 80.

Content Server: Tokyo Cache - provided by Inkbunny Donors. Background: Mountain Stream by Lando.

The Inkbunny web application, artwork, name and logo are copyright and trademark of their respective owners.