Blazr
|
|
May 10, 2015, 05:25:53 PM |
|
How is it you manage to give security advice, and don't even understand how shit works? This again is another example of "a little information is dangerous". "Browser fingerprinting" refers to a whole class of techniques that can be used to identify your browser uniquely, based on information it sends the server, how it behaves in certain situations, how fast certain processes take and many other ways. Panopticlick isn't some "magic" website that can find everything that leaks your identity. But here you go, I'll post my browser prints from both the altered-through-proxy: Those aren't "browser prints", like I said fingerprinting refers to lots of different techniques. Think of it like a crimescene, browser fingerprinting is like CSI, it's finding the little "breadcrumbs" that your browser leaves behind. Here are some example situations whereby an addon can help fingerprint you: You install an addon that sends some random statistics back to its developer at a regular interval. Many addons do this, most collect some kind of statistics. The Tor exit node you are using can see these connections and determine that you have the addon installed. If the addon connects back unencrypted like most do, the exit node can also see the contents of that statistics which can include things like your OS, IP, hostname which they know is linked to whatever other stuff you've been doing via that exit node. Even if that addon connects back via HTTPS You might be the only Tor user with that addon installed on Tor browser, and in any case few people even modify their Tor browser at all. They can then track you across multiple "sessions" and even across multiple Tor exit nodes. Another example is you install an addon that changes the behaviour of your browser. Lets pretend Tor browser didn't block Flash by default, so you decided to install a flash blocker. A website you load will be able to see that the flash didn't run by default as it's supposed to and know that you have a flash blocker installed. If few Tor users have a flash blocker, this could allow them to track you across multiple sessions. BTW, not sure how you managed to get the timezone wrong, but you did You what I actually didn't, because I did some more looking into that screenshot and determined via another method that you are likely located in Queensland, Australia. How I figured out your timezone the first time is that the time you took the screenshot is actually in the image data, it was taken less than a minute before you posted it and stored on an NTFS filesystem. I honestly don't really care who you are, I just hope someone out there reading this learns from your mistakes.
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 05:28:31 PM |
|
lol no, that's just your ridiculous sense of self-importance talking. As I said before, "You are just a convenient example of the douchebaggery that's destroying this forum. I have nothing against you personally - no more than any of the other scumbags turning this place into spam bazaar Smiley" But if I was the hatin' sort, you'd be hilarious to own P.S. Ive been accused of being a whole bunch of people on this forum. I never deny the accusations. Perhaps you should contact that kid's internet provider? Or perhaps his mom? He's what, 17?
|
|
|
|
Blazr
|
|
May 10, 2015, 05:31:14 PM |
|
BTW, literally your browser is 100% fingerprintable, did you even look at those panopticlick screenshots? HTTP_ACCEPT, user agent and others is different, plus you have localstorage turned on so I hope you installed some addon that doesn't send back statistics to it's owner that clears localstorage when you close Firefox as Firefox doesn't do that. In fact, if someone wanted to track your Tor activity that screenshot is really all they need.
If you want I can code up a page that can tell you when you visit it with your modifed Tor browser. Literally all I need to do that is the screenshot
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 05:39:12 PM |
|
[bunch of backpeddling bullshit]
You what I actually didn't, because I did some more looking into that screenshot and determined via another method that you are likely located in Queensland, Australia. How I figured out your timezone the first time is that the time you took the screenshot is actually in the image data, it was taken less than a minute before you posted it and stored on an NTFS filesystem. I honestly don't really care who you are, I just hope someone out there reading this learns from your mistakes.
Wait, you looked at a screencap from a winbox and found out that it was stored on NTFS And you've figured out the screencap was taken minutes before being posted ...because screencaps?! Are you a wizard?! And yeah, you've got the time zone dead wrong. Don't usually deny accusations, but will this time, just to embarrass you. You're about as sharp as Quickseller, you 1 of his alts? Re. post above: The second screencap is the "unmodified," current TOR bundle. DuH.
|
|
|
|
Blazr
|
|
May 10, 2015, 05:40:40 PM |
|
Also one last thing, you are using a http (unencrypted) proxy, the exit node can snoop on everything you do.
|
|
|
|
Blazr
|
|
May 10, 2015, 05:51:28 PM |
|
Wait, you looked at a screencap from a winbox and found out that it was stored on NTFS And you've figured out the screencap was taken minutes before being posted ...because screencaps?! Are you a wizard? You need to go back to anonymity school. You must have skipped the day they were learning about file attributes. Re. post above: The second screencap is the "unmodified," current TOR bundle. DuH.
Yeah I noticed. I take back the bit about localstorage (Tor browser handles that for you the right way), but the rest is still valid.
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 05:57:55 PM |
|
Also one last thing, you are using a http (unencrypted) proxy, the exit node can snoop on everything you do.
Why would I care if a TOR exit node could potentially snoop on me ...making a burner account on Bitcointalk? Listen to yourself Thus far, other than telling me that the screencaps from a winbox were "taken less than a minute before you posted it and stored on an NTFS filesystem." (to be that clever!) So I repeat: "You're about as sharp as Quickseller, you 1 of his alts?" Edit re. "You need to go back to anonymity school. You must have skipped the day they were learning about file attributes." Winbox = Commputer running windows NTFS = The only file system used by windows. And ... you've managed to figur out that a screencap from a winbox was stored on NTFS?! And the screencaps were taken seconds before being posted, as screen caps usually are? Amazing powers of deduction, Holmes. I ask again: Are you a wizard?
|
|
|
|
Blazr
|
|
May 10, 2015, 06:01:49 PM |
|
Also one last thing, you are using a http (unencrypted) proxy, the exit node can snoop on everything you do.
Why would I care if a TOR exit node could potentially snoop on me ...making a burner account on Bitcointalk? Listen to yourself Thus far, other than telling me that the screencaps from a winbox were "taken less than a minute before you posted it and stored on an NTFS filesystem." (to be that clever!) So I repeat: "You're about as sharp as Quickseller, you 1 of his alts?" Yeah I am an alt of his. Who are you an alt of? Honestly the only reason I posted here is because I saw the screenshot and knew you were doing dumb shit with Tor, so I replied back and clarified, so that any future lurkers will read the thread and learn not to make the same mistakes as you. I do this whenever I see people unknowingly do dumb shit that pisses me off. The whole idea behind Tor is hiding in the crowd, so if your browser sticks out from the crowd thats no good for you and everyone else that uses Tor. You know, if you type the URL of one of those images into any exif data viewer, they should show you (atleast some of) the file attributes like the creation date so you can see for yourself.
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 06:10:10 PM |
|
Also one last thing, you are using a http (unencrypted) proxy, the exit node can snoop on everything you do.
Why would I care if a TOR exit node could potentially snoop on me ...making a burner account on Bitcointalk? Listen to yourself Thus far, other than telling me that the screencaps from a winbox were "taken less than a minute before you posted it and stored on an NTFS filesystem." (to be that clever!) So I repeat: "You're about as sharp as Quickseller, you 1 of his alts?" Yeah I am an alt of his. Who are you an alt of? Honestly the only reason I posted here is because I saw the screenshot and knew you were doing dumb shit with Tor, so I replied back and clarified, so that any future lurkers will read the thread and learn not to make the same mistakes as you. I do this whenever I see people unknowingly do dumb shit that pisses me off. Bro, you wanted to helicopter some girthy h4x0r D, and it backfired on you, since you're clueless about the shit you wanna be 1337 47 Now stop backpedaling, dox me, call my ISP. Now stop spouting platitudes about tor use. Let's see some product or STFU Edit re. "You know, if you type the URL of one of those images into any exif data viewer, they should show you (atleast some of) the file attributes like the creation date[]" Please, halp! Tell me the creation date! post full link.Edit: I'm waiting, Great wizard...
http://comicsbulletin.com/main/sites/default/files/shot/images/1203/Elinore.jpg
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 06:27:29 PM |
|
Also one last thing, you are using a http (unencrypted) proxy, the exit node can snoop on everything you do.
Why would I care if a TOR exit node could potentially snoop on me ...making a burner account on Bitcointalk? Listen to yourself Thus far, other than telling me that the screencaps from a winbox were "taken less than a minute before you posted it and stored on an NTFS filesystem." (to be that clever!) So I repeat: "You're about as sharp as Quickseller, you 1 of his alts?" Yeah I am an alt of his. Who are you an alt of? Honestly the only reason I posted here is because I saw the screenshot and knew you were doing dumb shit with Tor, so I replied back and clarified, so that any future lurkers will read the thread and learn not to make the same mistakes as you. I do this whenever I see people unknowingly do dumb shit that pisses me off. Bro, you wanted to helicopter some girthy h4x0r D, and it backfired on you, since you're clueless about the shit you wanna be 1337 47 Now stop backpedaling, dox me, call my ISP. Now stop spouting platitudes about tor use. Let's see some product or STFU Edit re. "You know, if you type the URL of one of those images into any exif data viewer, they should show you (atleast some of) the file attributes like the creation date[]" Please, halp! Tell me the creation date! post full link.Ok, here, this link will redirect you: http://freemoneygpt.comFile Name Capture.png File Size 89 kB File Modify Date 2015:05:10 14:20:05-04:00 File Permissions rw-r--r-- You're AMAZING. You downloaded the .PNG on your own box This is what I get: http://s22.postimg.org/jv0uz37jl/Capture.png <-posted new pic Edit: Now I know what you're reading and where you're getting that time: You're reading the postimage file data
|
|
|
|
Blazr
|
|
May 10, 2015, 06:29:47 PM |
|
You're AMAZING. You downloaded the .PNG on your own box This is what I get: Yes I know I am. Now scroll down to see the file attributes, geez do I have to hold your hand while you do this...
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 06:41:07 PM |
|
[] Yes I know I am. Now scroll down to see the file attributes, geez do I have to hold your hand while you do this...
You really are a dangerous h4x0r. Let me school you: "Edit: Now I know what you're reading and where you're getting that time: You're reading the postimage file data Cheesy" Take the Elenore pic in this post, and see what you get from your awesome website: System File Name Elinore.jpg File Size 76 kB File Modify Date 2015:05:10 14:33:26-04:00 File Permissions rw-r--r--
You don't understand how to use the internet. You don't understand how to use the tools you're using. Edit: BTW, you've still not answered me: Are you Quickseller's alt? Stop Well done, Great wizard...
http://comicsbulletin.com/main/sites/default/files/shot/images/1203/Elinore.jpg
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 07:11:21 PM |
|
[] Yeah I am an alt of his. Who are you an alt of? [] Another alt of Quickseller confirmed. Nice. I want to believe in a kind & capable God, one who doesn't make the same mistake twice. Faith reaffirmed. Just because you might have missed what I was telling you, and, of course, to rub your nose in it, here's what your link gives me from the same picture, uploaded to postimage: ( http://s17.postimg.org/gmtxyqetr/Elinore.jpg) System File Name Elinore.jpg File Size 76 kB File Modify Date 2015:05:10 15:04:48-04:00 File Permissions rw-r--r--
Hmm... The time! It has changed!!!1! What kind of filthy gypsy magic is this?!
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2996
Merit: 2374
|
|
May 10, 2015, 08:02:05 PM |
|
<-posted new pic If you seriously don't realize how much information you just leaked then you really shouldn't even bother using tor because it isn't going to help you. You might as well make your signature a link to a picture of your ID
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 08:42:31 PM |
|
[]If you seriously don't realize how much information you just leaked then you really shouldn't even bother using tor because it isn't going to help you.
You might as well make your signature a link to a picture of your ID
You must be used to bluffing preschoolers. As I said before, let's see some product or stfu. Your buddy/alt thought the time /file data his site ( http://www.exifdata.com/; he /you quickly changed the link to http://freemoneygpt.com <-probably 3v01, don't click) was giving him/you was a bunch of gibberish. You're a lolcow, your lel is strawberry-flavored & delicious, you practically milk yourself. Never change P.S. Send me shitloads of BTC, I'll teach you how to work computers http://replygif.net/i/627.gif
|
|
|
|
tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
|
|
May 10, 2015, 08:47:56 PM |
|
First, thanks a lot to Shorena for arguing in a reasonable tone.
To some of the other things we've heard here:
I'm not implying that boxlite was correct in linking these particular farmed accounts to quickseller (did he actually make that link? I didn't see it) but I do want to ask what evidence you have that Quickseller "always made decent posts and didn't 'farm' in this way"? How do we know what he did or didn't do? He's been incredibly secretive about which accounts he sells are farmed and which are traded. He says that once someone knows an account is an alt or a farmed account it gets negrepped so he doesn't reveal this info (but he *does* go around negrepping other accounts all the time, even ones he hasn't traded with or had any business with, like mine---I'm convinced this has in part to do with the conflict of interest in inherent in both selling accounts and in being on default trust, but that's another topic). My question to hillarious here is on what evidence do you know what accounts quickseller farmed or how he farmed them?
Because I am Quickseller . Funny, but I seriously doubt it. I've interacted with you on and off for over a year and I've never seen the quicktempered, hotheaded name calling from you which is bacsically QS's calling card. Lots of people are secretive with their alts but I figure them out occasionally in various ways. He also told me a few of them when I asked. No need to expose them if they're not doing anything wrong. Accounts don't really get neg-repped anymore either and haven't for some time (or only trolls who aren't on the default neg-rep them (usually incorrectly half of the time)). And if he was making shit-posts he would have had all his accounts banned and that was something he was very conscious of.
So, I guess you know how he's farming some of his accounts because of your "various ways" or because he told you. But that doesn't really say anything about the ones you don't know about. That is, just because he's somehow farming some accounts in a "non-shit-post way" doesn't really say anything about how many accounts he actually farms and what he does with those. Right? Meanwhile, lots of crazy bluster and mudslinging between ebzec and blazr seem to have totally derailed this thread. I guess there's been some intersting reading about browser security, though.
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 09:06:14 PM |
|
[] Because I am Quickseller . Funny, but I seriously doubt it. I've interacted with you on and off for over a year and I've never seen the quicktempered, hotheaded name calling from you which is bacsically QS's calling card.[] But Blazr... Quick-tempered, self-important & hilariously inept. I find it difficult to doubt it when he admits to being Quickseller's alt. Pea[s ] in a pod [] Yeah I am an alt of his. Who are you an alt of? [] D00d complains about my TOR habits, I [self-effacingly, for the sake of diffusing the situation] agree with him, and he still picks a fight [] You're right, on both points. Mainly because both are shit discipline on my part. My meh excuse is "good 'nuff" & laziness - the outdated TOR bundle is non-virgin, set up to work with several plugins & automation scripts. The flashing warning's a handy way to tell it apart from the current version, which lives on the same box. The pix posted are .png (no EXIF data), posted through TOR/proxy. But I'm no 3V01 M4s73r H4x0r, so I'm guessing my slack opsec is "good 'nuff" Yep...
|
|
|
|
tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
|
|
May 10, 2015, 09:19:46 PM |
|
[] Because I am Quickseller . Funny, but I seriously doubt it. I've interacted with you on and off for over a year and I've never seen the quicktempered, hotheaded name calling from you which is bacsically QS's calling card.[] But Blazr... Quick-tempered, self-important & hilariously inept. I find it difficult to doubt it when he admits to being Quickseller's alt. Pea[s ] in a pod [] Yeah I am an alt of his. Who are you an alt of? [] I haven't seen anything near the trolling name-calling nonsense from Blazr. Yes, he has taken you to task here about browser security and you guys seem to be in some sort of "I'm cooler" bluster-war, but if it was quickseller, we'd see the usual "you are an idiot" "what an idiot" "i am the greatest" which he puts in every other post. Blazr's language is much more measured and while he's arguing with you, he's doing so with quite a diferent style.
|
|
|
|
ebzec
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 10, 2015, 09:32:35 PM |
|
^You'll forgive me if I disagree. Especially in light of his admitting to being an alt. inb4 sarcasm/facetious: the best way to weasel out if eventually caught in a lie: "but i admitted 2 being his alt, look!"
Far as dicksizing: "But I'm no 3V01 M4s73r H4x0r, so I'm guessing my slack opsec is "good 'nuff" Cheesy" Won't lie tho, do enjoy making pontificating buffoons look stupid. Is that so wrong?
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
May 11, 2015, 09:45:46 AM |
|
-snip- Meanwhile, lots of crazy bluster and mudslinging between ebzec and blazr seem to have totally derailed this thread. I guess there's been some intersting reading about browser security, though.
Yeah, this makes me wonder whether there is an actual interest in finding a possible solution or if this is just an ego game. I did not read this thread for a while because I thought I would need at least 30 minutes to read the posts here. Now that I have the time I skipped most of the posts and find another dead thread. Whether or not Quickseller is farming accounts whether they are high or low quality is IMHO their own "problem". Its in their best interest to farm accounts with quality posts, since a ban would also impact their main account.
|
Im not really here, its just your imagination.
|
|
|
|