Tips For Secruity On The Net. Everyone Should Read!

[Shredder]

Since All the fuckin bust going on, I hope this article I Found on AB will help protect you.

Often overlooked, and never well respected, personal privacy and security is of utmost importance to our community. We as a bodybuilding community are a bit outside the bounds of current main stream thought and law. Operating outside these bounds puts us under ever increasing scrutiny by DEA and other law enforcement officials. Because I am a firm believer that anabolic steroids pose no more social and health problems than any other over the counter or prescription drugs, I am writing this article to hopefully help both buyers, sellers, and everyone in between keep your identity a secret on the net. Without an identity you can never be caught!! Remember this and take it very seriously. Whereas nothing is foolproof, I am not claiming to know everything or guaranteeing you secrecy of your identity. I do know a lot, and I stay current on encryption techniques. So here we go:

YOUR COMPUTER

First step in keeping your identity a secret is to mask your real ** address. An ** address is a number assigned to each computer on the net. Your ** is given to you by your ISP. Usually it is changed every few months by your ISP. This number can identity you very easily. If an agent had your ** he could easily have the billing info in a matter if minutes from your ISP. Two easy websites to mask your ** are www. anonymizer.com and http://www.megaproxy.com./ Megaproxy is 100% free. Another way to permanently hide your ** for free is http://www.multiproxy.org/ which provides a small program to mask your **. Now for most of you this is probably as far as you would go, but I would go much further. Using the services I just described you do hide your ** from websites you visit, but your ISP still knows where you’re going and what you’re doing. ISP’s are required to report suspicious activity to the government. Besides what your ISP may voluntarily give to the government, you have to now worry about Carnivore. Carnivore is the governments program that runs on your Email and ISP servers reading emails, communications, websites, and more looking for key words. Once certain key words are found (Like DECA , KETAMINE, EXTACY) you are reported for further investigation. So how do you view the web without your ISP knowing where you’re going? It’s called SSH Tunneling. SSH Tunneling allows your computer to securely connect to a proxy server over an encrypted connection. All your HTTP (web) traffic is routed over port 22 so all your ISP can see is that encrypted traffic is running over port 22 from your computer. This connection is unbreakable even by the most sophisticated computers in the world. Carnivore is therefore useless, and so is any eavesdropping from your ISP. SSH is generally a paid for service, and can be bought and setup through http://www.anonymizer.com./ To get your SSH software I suggest getting it for free at http://www.ssh.com/ (non commercial version) instead of paying for anonymizer’s version. Anonymizer is unique in that they set up there systems so that logged in users cannot be associated with what web traffic they’ve looked at. This is to ensure that even with a court order no identification is possible. Using an SSH connection will ensure your ** address and web sites you view will be private to only you. Now that you know how to hide your **, do you know how to hide info on your computer? I suggest PGP Corporate Desktop 7.1 with disk encryption. You can do a simple search on Yahoo and find a working copy. Once you have this software installed setup an encrypted disk to keep all those incriminating files you have in. Once the disk is created it will be protected by unbreakable encryption that you will need a password to get into. Another neat aspect of this software is it allows you to truly erase files off your computer. The Wipe feature totally deletes incriminating files. In case you didn’t know simply deleting a file does not permanently erase a file, it is easily retrievable given the right software. Can you see how this PGP software keeps you safe just in case feds were to enter your home and take possession of your computer? Don’t forget PGP is the ultimate weapon in email too, but too complicated for most. Thank god for hushmail which I will talk about in a minute. One other suggestion is that you never input any real information about yourself into Windows. This information is very easily found. For instance when you first use windows it asks for your name. Don’t use your real info. Keep this in mind as windows asks for personal info. What may seem paranoid shouldn’t, this is a serious game we are all playing.

EMAIL

I’m secure right, I use Ziplip (http://www.ziplip.com/)? No!! Not unless you and the person you are sending to are both using ziplip and you are password protecting every message. Simply sending an email from ziplip is not secure! Let me repeat that again for the people who insist on using ziplip incorrectly. Simply sending an email from ziplip is not secure! Emails sitting on ziplips servers not password protected can easily be picked over by Carnivore or Ziplip employees. Now I am not saying ziplip is a bad service. It is in fact secure and safe if used correctly (still the issue of how to exchange passwords securely is a serious flaw in ziplip). Now since no one uses it correctly lets just give it up. Ok good job, we are all going to give ziplip up right? I hope so. Now on to real email, hands down HUSHMAIL (http://www.hushmail.com/) is leaps and bounds superior to ziplip. HUSHMAIL is secure end to end. Emails and attachments are secure without the need for a separate password as long as both parties are using HUSHMAIL. This takes all the guess work out of this. Emails won’t sit on the server unencryped for Carnivore, and hushmail employees cannot read them. It’s so simple a 5 yr. old could use it. It’s truly an amazing system. When HUSHMAIL first appeared there were rumors that it wasn’t secure at all, well Phil Zimrnerrnann was brought on as chief technology officer of HUSHMAIL. He is the creator of PGP, and would never put his reputation in the encryption community on the line for a shady company not living up to its promises. Phil’s commitment to the company gives me even more faith that HUSHMAIL is the premier email and web based encryption company on the net. Also another good feature of HUSHMAIL is that its subsidiaries http://www.cyber-rights.net,/ http://www.elitefitness.com,/ and http://www.keptprivate.net/ are all compatible with it. If you don’t like using hushmail, I suggest you learn to use PGP. Otherwise Carnivore is picking your emails for key words. How does it feel to be watched?

MONETARY TRANSACTIONS

Ok all sellers please read. What the hell are you doing taking money by mail from people you don’t know well?? Sellers should view every single customer as a fed until they have proven they are not. Are you going to give your address to a fed? Well how do you know you haven’t so far? How long would it take a fed to find out all the personal info on a PMB, PO Box, or Home Address? I would bet less than 10 minutes. I’ve never had any problems getting the real info using a PI even on a PMB. Then of course once the feds have your box they have it flagged, and for months packages are watched and let through then they’ve got ya. Ok so what’s the smart thing to do here? I would say lets start by not giving out our addresses to strangers. Instead payments should be made electronically. Simple and efficient. Only 5 companies make my cut http://www.evocash.com/ (I consider the best as cheapest fees), http://www.e-gold.com,/ http://www.e-bullion.com,/ western union, and moneygram. Reason for this is they are well backed, can be 100% anonymous, and safe. Evocash is my first choice as its fees are cheap, you are 100% anonymous with them, and they do not cooperate with law enforcement agencies as they are offshore and out of US jurisdiction. Sellers I know you are reluctant to make your customers use these services, because they are resistant to change and may take their business elsewhere, but if all sources go to these methods we will all be safer. Buyers, when a seller won’t let you to pay by mail remember they will be around longer and less likely to get busted taking your guys money with them.

[calidude]

bump good post

[mackrazy]

Wow thanks for that.. i didnt know our emails were so unsecure...

[mcgirkz]

ya great post. saw it over at elite as well.

[tt333]

Fantastic!

[Full Intensity]

i'll bump this one

[MR BICEPS]

GREAT INFO!!!

[BigGreen]

Excellent and informative post, though i have what I believe to be a legitimate and valid concern/question. You (or the original writer if not yourself) state that "all your HTTP (web) traffic is routed over port 22 so all your ISP can see is that encrypted traffic is running over port 22 from your computer." Given that ISP's are "required" (or strong-armed) into to report suspicious activity, in this post-9/11 world will not the mere fact that your ISP is aware you're going to great lengths to hide something raise more eyebrows than visiting a site selling gear? I imagine the sheer volume of people visiting such sites for "educational purposes" is such that even if they were all reported, very little could be done to discern who was just visiting, who was visiting to purchase, who was visiting to purchase LOTS, etc, etc without wasting resources unquestionably needed and being used elsewhere. However, I suspect that the volume of individuals utilizing SSH Tunneling is significantly smaller (could be wrong) and thus its mere use might be enough to warrant further action of any type, given that resources can be allocated to this smaller population AND that what you're hiding isn't clear in the least, i.e., are you hiding the fact that you visited Roids R' Us or that you logged on to a known terrorist-associated website?

Again, this is based solely on reasoning (and perhaps faulty reasoning at that) but i would like to hear some feedback on this perspective.

[majorpecs]

bump

[BigGreen]

Another thought....ideally, wouldn't the greatest security (as it pertains to the web) be to conduct all internet business from either a school terminal (obviously either logged in as a guest user if school permits, not logged in at all, or at a terminal where somebody forgot to log off) or a public terminal of any kind (same 'restrictions'). Done halfway intelligently, you'd leave a trail very difficult to pick up on, without the possibility of raising eyebrows due to the encryption software.

[CarbonCopy]

Originally posted by BigGreen
Excellent and informative post, though i have what I believe to be a legitimate and valid concern/question. You (or the original writer if not yourself) state that "all your HTTP (web) traffic is routed over port 22 so all your ISP can see is that encrypted traffic is running over port 22 from your computer." Given that ISP's are "required" (or strong-armed) into to report suspicious activity, in this post-9/11 world will not the mere fact that your ISP is aware you're going to great lengths to hide something raise more eyebrows than visiting a site selling gear? I imagine the sheer volume of people visiting such sites for "educational purposes" is such that even if they were all reported, very little could be done to discern who was just visiting, who was visiting to purchase, who was visiting to purchase LOTS, etc, etc without wasting resources unquestionably needed and being used elsewhere. However, I suspect that the volume of individuals utilizing SSH Tunneling is significantly smaller (could be wrong) and thus its mere use might be enough to warrant further action of any type, given that resources can be allocated to this smaller population AND that what you're hiding isn't clear in the least, i.e., are you hiding the fact that you visited Roids R' Us or that you logged on to a known terrorist-associated website?

Again, this is based solely on reasoning (and perhaps faulty reasoning at that) but i would like to hear some feedback on this perspective.

ISP's aren't as worried about its users or user activity as you may think. Now I don't mean to say they don't care at all what you are doing, but I believe and from my experience with ISP's unless you are doing something that is really raising a lot of "red flags" i.e. hacking, hosting illegal web servers, stealing bandwidth, spamming, scanning large subnets, and the king of all red flags to ISP's using large amounts of bandwidth they aren't that concerned with what sites you are visiting. Now if a person were to do some of the activities I have listed then yes, you will be watched and your traffic could be monitored, logged and later used for possible legal action against you. I would also bet that the number of people using SSH is significantly smaller compared to other types of data, but using SSH has so many legitimate uses that unless this SSH traffic was generating massive amounts of traffic I doubt it would raise any red flags with your ISP. And what’s even better about SSH is, even if it did generate massive amounts of traffic (and oh god I love this) your ISP can’t read the encrypted data being exchanged threw the tunnels. SSH tunneling is a great idea PEORID and anyone that values his or her privacy should employ this technology into their own network or home computer. Remember there is no such thing as a totally secure network or system, but with the right knowledge and hardware you can take preventative measures that will help ensure your security and privacy. Hope this helps!

Peace,
CC

[CarbonCopy]

I just wanted to add the only type of proxy I like are ones that support ssh. Oh and Carnivore, magic lantern and all the other toys the feds have and use can eat a dick up... J/K I love the law..

Peace,
CC

[BigGreen]

Thanks Cc...that was exactly what I was looking for here.

[The Butcher]

bump

[tolinka]

I was looking for a safre email and I found this thread, some really great information, I think it desreves a bump

[Sicilian30]

great posts I also have heard that Zip lip is now stamping emails with ** numbers now. I have totally gotten rid of ziplip, and only use hushmail.
Awesome post couldn't have done it better myself..

[monstercojones]

great post... bump

[Innervision]

Good read, it did take me a minute to figure out why "** address" was censored, but then I got it

[Sicilian30]

Also one more thing to add if you do use one or more of these online secure emails, remember to try and keep all your sent and inbox email deleted. Even when I reply to an email, I delete the corresponding reply, before I start typing my reply email.

[Boxer101]

Great post bro. Ironically I purchased a membership at anonymizer when I registered here. I check and send all emails using this service as well as post on these boards. It was $10 for 3 months and $30 a year for anonymizer and has a good feature where you simply click in on and off on your browser and all your favorites and all still work. WELL worth the money.

[steppenwolf]

my source's don't use encripted e-mail. including the chinaman. the chinaman and another source posted on bolex that evocash ripped them off.

-steppenwolf

[groverman1]

One of the best posts of all time

[Fashioncore1]

long read, well worth the time. Thanks for the info

[jnm]

good info!

[hugovsilva]

You just bumped a 4 yo thread.

In these case it was not so bad, as this info remains actual because of all the fuss lately.

[CYP400]

egold is run by gangsters...

[spywizard]

AND HUSHMAIL has agreed to turn over account info to the feds..

but the tunneling and proxy are good info..

except mega proxy doesn't exist anymore..

how things change..