Cybersecurity 101 - A brief introduction to protecting yourself online.

  • 🏰 The Fediverse is up. If you know, you know.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Markass the Worst said:
Not sure what you mean here but just to be clear, we are not hosted by DreamHost. We used to use them for domain registration but they dropped us a long while ago after trannies blamed us for Byuu killing himself.

From an opsec perspective using your own domain is not recommended as it creates a paper trail that leads back to your real life identity.
Click to expand...
Yeah that’s what I meant sorry for the confusion.

I think having your domain isn’t bad if you use tools like SimpleLogin. If you don’t care about having control over your emails then ProtonMail simply works.
 
My old e-mail account linked to the kiwifarms account has expired.
Is it safe to use Hide My Email service from Apple iCloud subscription to forward messages to my e-mail account, or is it retarded?
 
Do businesses dox people online? Like customer service people or Amazon employees.
 
From learning experience:

Don't be an idiot and go by a pattern that'll be easily recognizeable for undesired attention if you don't want to be traced. This could mean doing a 180 on your personality and how you engage with different communities online. But the more times you're caught, banned and coming back with alts. You'll have issues in differentiating your behavior patterns because people will now have eyes on you.

Don't trust anybody, least readily and immediately. Only a fool does this. The less people who you know where you are and what you do online, makes you a ghost to them. Shutting the fuck up about certain things to certain people goes a longer way than trust.
 
If your IP is residential, there is a possibility that they can call your ISP and try to find out who you are. ISPs are not supposed to give out dox, but telephone operators are less-than-savvy, poorly-paid human beings who can potentially oblige a charismatic caller.
Click to expand...
I think this happened to me off-site and it made me realize you do actually need a VPN if you want to remain anonymous from non-government and non-hacker people. I had zero personal information floating around aside from simply not using a VPN and they found out a buttload that I'm sure even data brokers wouldn't have had up-to-date.
 
Markass the Worst said:
Not sure what you mean here but just to be clear, we are not hosted by DreamHost. We used to use them for domain registration but they dropped us a long while ago after trannies blamed us for Byuu killing himself.

From an opsec perspective using your own domain is not recommended as it creates a paper trail that leads back to your real life identity.
Click to expand...
If you're giving your real name to a registrar, then yeah, but you should already never be using your real name online. If you don't do anything crazy to bring attention to yourself/domain, you will literally never be contacted by ICANN so you can give whatever info you want to. Alternatively you can skip that and use a registrar like Njalla that doesn't ask for any info at all from you.

Payment is the tougher part when it comes to paper trail, but Njalla and some other registrars like FlokiNET accept Monero.
 
One tip I'd like to add to this thread:

Avoid Password Reuse​

Never use the same password in multiple places. Even if you take great care by not using the same username across multiple sites, a shared password can potentially tie the two accounts together in the event of a database leak, law enforcement raid, malicious administrator, or any other type of exposure. Now, the likelihood that two sites would share the exact same hashing algorithm, same number of rounds, same salt, etc. is quite low, but it may happen, and the hash could be cracked in the future.

Believe it or not, this happens more often than one would think. See https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/ for a recent example.
 
What if I want/need to change the email Im using for something less "traceable" you might say? Is it possible if I ask to the staff?
 
What is the go to email service for burners the Farms accepts? Proton requires a "one time use" email that they actually do keep. If you've used them before, it won't work. Everyone other site I tried blocks vpns.
 
MosBodacious said:
What is the go to email service for burners the Farms accepts? Proton requires a "one time use" email that they actually do keep. If you've used them before, it won't work. Everyone other site I tried blocks vpns.
Click to expand...
The farms rejects burners for a reason, but if you really want one you can use cock.li as one.
 
Markass the Worst said:
The farms rejects burners for a reason
Click to expand...

The KF registration page said:
You should use a real and permanent alter-ego email address or mail forwarding service.
Click to expand...

I'm curious, are there any benefits for the user for requiring an e-mail address at all as part of account registration?

I could see how it might help somewhat for the site's operator to control bots and spam, but I can't think of a reason why a user, especially someone who wants to stay anonymous and untracable, would benefit from having to link their KF account with a real e-mail address (which are annoying to obtain if you want them not to be linkable back to your IRL identity).
 
SleeplessEcho said:
I'm curious, are there any benefits for the user for requiring an e-mail address at all as part of account registration?

I could see how it might help somewhat for the site's operator to control bots and spam, but I can't think of a reason why a user, especially someone who wants to stay anonymous and untracable, would benefit from having to link their KF account with a real e-mail address
Click to expand...
Null

Thread 'Reminder: Use a real email address and a real password or you will lose your account'

Make an alter-ego email address that you remember the password to so that when you forget your password you can still recover the account.

I get asked every day to fix an account because the owner forget the email password and his account password and now has absolutely no way of recovering the account. When his log-in session is expired his account will be inaccessible forever.

Resetting passwords of accounts whose owners I do not know and cannot verify ownership of is a bad practice and I do not do it. Your account security is your sole responsibility. I warn you when you...
Reactions:Informative x 36 Like x 68 Feels x 29 Agree x 7 Winner x 3 Semper Fidelis x 2 DRINK! x 2 Horrifying x 1 Optimistic x 1
SleeplessEcho said:
(which are annoying to obtain if you want them not to be linkable back to your IRL identity).
Click to expand...
It's extremely easy to sign up with cock.li with a VPN/Tor and be completely untraceable to your IRL identity.
 
Markass the Worst said:
[From linked post] Make an alter-ego email address that you remember the password to so that when you forget your password you can still recover the account.
Click to expand...

See, this is why I don't agree with the requirement for an associated e-mail. If you lose your KF login credentials, there's nothing stopping you from also losing your associated e-mail login credentials, especially if you do as recommended and NOT use your main e-mail account. If you're using an alt that means you'll be creating that account at the same time you're creating your KF account, and presumably storing the credentials for both using the same method.

I get the the pain of having to deal with retarded users on the daily, but I see zero actual benefit to this policy, and especially zero benefit to the "will help you not lose access to your KF account" point. In fact it's a net negative since it's a possible way (notwithstanding the warnings; we all know users don't always follow best security practices) in case of a data breach to follow a KF account back to an IRL identity.

</sperg>
 
SleeplessEcho said:
<sperg>
Click to expand...
Good point. Through "Verify Mail" checkers (that give extra info on where an e-mail address has been registered and at what time), anybody, even if the e-mail isn't present in any data breach, can get info on name, profile picture and extra info about a certain user. This gets mitigated by using an e-mail that is designated purposefully for the forum, so not using it for anything else. Use whatever provider you like, just, no Gmail or Outlook. Those are vulnerable to VMs without even signing up to anything.

However, after David Hoffman's shenanigans with CSAM on the forum, e-mail is absolutely a necessary evil to properly check if someone on the other side is a child porn bot or an actual user. I'll explain this briefly: instead of receiving a "verification" e-mail, the user has to send one to the actual forum. This reduces the amount of sent emails by the forum (avoids being put on a Spamhaus blacklist), and forces a bad actor to shell out more money for SMTPs that are able to actually send e-mails back.

E-mail, however, isn't the main motor of this system, that goes to the residential IP checker that has been implemented through the sign-up captcha. It's a combination of things to weed out weird faggots who shit up things to ruin it for everybody else. I hope this answers your pondering.
 
You must log in or register to reply here.
Back
Top Bottom