- Joined
- Sep 14, 2019
From what I've seen, Mullvad's VPN has a strong stance regarding privacy.
KiwiFarms' Official OPSec Guide - A guide on how to protect yourself and others from the internet.
- Thread starter Osama Bin Laden
- Start date
-
🏰 The Fediverse is up. If you know, you know.
-
Want to keep track of this thread?
Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
Create account
- Joined
- Feb 2, 2023
Some personal things I've used to add, if I may be so bold:
Have I Been pwned? - another website that scrapes emails in spillages and leaks
Simple Google hacking from the GHDB - the ghdb, or Google Hacking Database, is a website that can teach you simple mechanisms to "hack" or really just narrow your searches. For instance if you look up intext:"room temp shrimp" those quotations will search pages with that EXACT text match. You can also look for profiles by intitle: or search specific sites with insite:tumblr.com and the such. One very useful feature us the filetype: which can be used to search for pdf, word, spreadsheet etc documents with an exact match to say, an email address. I've been able to find individuals by document searches before.
Shodan is a search engine that parses and indexes IPv4 addresses instead if web servers. What this means is that they will list through the 4-something billion ipv4 addresses and effectively knock on their door to see if they're serving something such as an http server, some sort of scada or ics device, or goodness forbid a Webcam service. It's free to a point but only $50 for a lifetime, it's worth if you want to monitor an ip such as your own to make sure you're nit exposed. The membership features a global map as well, so if there is an address you're interested in, you can look qt it to see what us exposed in the general area. Good for a business if you're a cyber sec guy....or if you're particularly nosey. Membership also allows am image search which will often list exposed desktops or webcams. I personally recommend using this to keep yourself safe. It can get creepy. You can look up your ip address to see what you have exposed to the public.
Have I Been pwned? - another website that scrapes emails in spillages and leaks
Simple Google hacking from the GHDB - the ghdb, or Google Hacking Database, is a website that can teach you simple mechanisms to "hack" or really just narrow your searches. For instance if you look up intext:"room temp shrimp" those quotations will search pages with that EXACT text match. You can also look for profiles by intitle: or search specific sites with insite:tumblr.com and the such. One very useful feature us the filetype: which can be used to search for pdf, word, spreadsheet etc documents with an exact match to say, an email address. I've been able to find individuals by document searches before.
Shodan is a search engine that parses and indexes IPv4 addresses instead if web servers. What this means is that they will list through the 4-something billion ipv4 addresses and effectively knock on their door to see if they're serving something such as an http server, some sort of scada or ics device, or goodness forbid a Webcam service. It's free to a point but only $50 for a lifetime, it's worth if you want to monitor an ip such as your own to make sure you're nit exposed. The membership features a global map as well, so if there is an address you're interested in, you can look qt it to see what us exposed in the general area. Good for a business if you're a cyber sec guy....or if you're particularly nosey. Membership also allows am image search which will often list exposed desktops or webcams. I personally recommend using this to keep yourself safe. It can get creepy. You can look up your ip address to see what you have exposed to the public.
Last edited:
- Joined
- Oct 9, 2021
Another one that's good is whatsmyname dot app. It allows you to look up people's usernames and find them across the internet pretty well. It compiles a list of all the sites they've registered under that name. It does require cookies, if that's a dealbreaker in any way.
Using it to even search yourself and get old names changed helps a lot as well. There were a few old sites I forgot I used in my younger years that I deleted after finding them with this. Every little bit helps.
Using it to even search yourself and get old names changed helps a lot as well. There were a few old sites I forgot I used in my younger years that I deleted after finding them with this. Every little bit helps.
- Joined
- May 8, 2022
okay i've included everyone's advice and websites
LesDiscrets
kiwifarms.net
- Joined
- Aug 8, 2021
Another good site for looking up steam profiles is https://steamhistory.net/ it also logs comment sections. Sadly steamid.uk has required a steam login for more and more things over the years. steamhistory.net does as well but to a lesser extent for certain tools. Granted, you could just make a burner account.
- Joined
- Mar 27, 2023
The best lifehack for a vpn personally is tor. Tor browser is just extremely good compared to the tor options in say brave or something. It basically acts as a vpn and its not just customisable like a standard browser but also has network testing options and stuff. Using tor often makes me feel like using one of those war room control terminals, I never use the kiwifarms or any other "shady website" without it considering they log ips. When it comes to network level vpns, I used to use windscribe for free but idk of anything else. Proton sucks ass.
Last edited:
- Joined
- May 8, 2022
Instagram search is god fucking awful and it really only allows you to search usernames, hashtags, and locations.
If I’m thinking logically, if that comment was made before an account goes private, and it got cached by a search engine, I think you can search for it.
I don’t believe being private prevents you from others being able to see your comments because then what’s the point?
This is also assuming that Instagram allows you to search for comments via search engines. I’d try google dorking with Instagram and see your results
- Joined
- Jun 12, 2020
+1. They don't paywall username history but their database is sadly nowhere near as complete.
There's a Python script called Blackbird that can perform the same searches (uses the same site DB) and it's a lot faster since there's no CAPTCHA to solve and it runs on your connection instead. You can specify a proxy but it doesn't seem to support SOCKS5 which is a huge bummer.
I also use Snusbase a lot when doing doxes etc. It's a paid service though but you can purchase 7 days of access for $6.50 and use that to check on yourself. They're not perfect but have a lot more breaches than search.0t.rocks ever had.
Another thing that came to mind
Remove EXIF Data
I've seen so many users lately post photos on the forum with GPS data still embedded. Even though this is obvious to a lot of people here, newer users have been coddled by other website removing this data and are routinely blindsided as the forum does not do this..
This website is my favorite for viewing the data as you don't have to actually upload the image, all the analysis is done client side: https://onlineexifviewer.com/
Privacy Guides has a thing on removing EXIF data https://www.privacyguides.org/en/data-redaction/
- Joined
- Feb 17, 2024
Here’s another one (OSINT) with a lot of valuable resources and links.
Last edited:
- Joined
- Oct 9, 2023
Great thread, thanks for sharing these tools. I've said before that constantly doxxing yourself is a great way to stay safe online. For a while, these people finder sites were the bane of my existence and I was paranoid about ever appearing on them, but realized that they're an inevitable part of modern life. I was pleased to see nothing beyond my PO box, childhood home, age, and an extinct landline. I bookmarked this info in my "information about me online" folder, which contains links to ancient profiles, local news articles, and anything online that I don't personally control.
As far as usernames and online presence goes, I think it's okay to have a small, consistent, professional brand identity. You almost need to be found online to get a job or start a small business, though there's no need to powerlevel on your personal accounts, or even post anything for that matter. For any forum or community not strictly related to your personal or professional identity, you need unique usernames and strict compartmentalization. I also see routinely going through old accounts and deleting or obfuscating them as part of good data hygiene, like brushing your teeth or showering.
As far as usernames and online presence goes, I think it's okay to have a small, consistent, professional brand identity. You almost need to be found online to get a job or start a small business, though there's no need to powerlevel on your personal accounts, or even post anything for that matter. For any forum or community not strictly related to your personal or professional identity, you need unique usernames and strict compartmentalization. I also see routinely going through old accounts and deleting or obfuscating them as part of good data hygiene, like brushing your teeth or showering.
- Joined
- May 3, 2022
this is helpful if you want to blend in with the public, so the feds dont think you have shit to hide and give you a personal knock on the door.
- Joined
- Oct 9, 2023
It's like the saying, "you're not in traffic, you are traffic." I think it's a necessary evil to appear on people finder sites and maintain a small online presence, you just don't need to sperg out in Facebook posts or get caught up in the matrix of big data. There's a lot to be said for proactively scrubbing your past if it's not related to your current professional image. I've gone so far as to reregister old domains just to exclude them from the Wayback Machine, reach out to admins of forgotten forums to request account deletion (rarely works), and set up an email server specifically for pseudonymous accounts. The single best opsec advice I've read is to always decouple your name, address, and date of birth.
- Joined
- Oct 9, 2023
Pardon the double post, but I just found the book Extreme Privacy, which seems like a more thorough version of How to Be Invisible written by someone who actually knows how computers work. The author also published a workbook specifically for removing your data from people finder sites. I'm going through the workbook now for my own profiles.
Sadly, IRL privacy can be expensive, e.g., I wanted to own my car through my LLC, but my state requires registering foreign LLCs, which would cost several hundred dollars yearly for another annual report and resident agent. There are some relatively cheap and effective methods like using LLCs for business and PO boxes for mail. It's always a balancing act, but I'd say getting a PO box is better value than paying for whatever scam Turkey Tom shills in his videos.
Sadly, IRL privacy can be expensive, e.g., I wanted to own my car through my LLC, but my state requires registering foreign LLCs, which would cost several hundred dollars yearly for another annual report and resident agent. There are some relatively cheap and effective methods like using LLCs for business and PO boxes for mail. It's always a balancing act, but I'd say getting a PO box is better value than paying for whatever scam Turkey Tom shills in his videos.
Last edited:
- Joined
- Dec 12, 2022
thx, been cleaning up my accounts for a while and it seems pretty good so far
- Joined
- Oct 9, 2023
After two days of work, I'm off about 90% of people finder sites, using a dedicated Proton Mail account where possible. TruthFinder makes me MatI because they need to manually confirm your info if it's outdated (they had an old work email and landline), and they're a huge data broker that supplies sponsored ads for many sites that source their own data through BeenVerified or Spokeo.
My current situation requires open credit so I'll add more opsec advice by linking this previous post (specifically, the paragraph about freezing your credit profiles and physically mailing a form to permanently opt out of pre-approved offers). I don't really have a defined threat model beyond a simple wish not to be identified in ways that I don't personally control, and to not receive spam.
The net result is a privacy stance where I'm the single source of truth for my own image, but very rarely I appear in a professional capacity such as a podcast or bio, some historical capacity like an article about an extracurricular success in school, or as a mention in an obituary. This is an acceptable way to present yourself online, in my opinion.
Editing this while I still can. PeopleConnect (Instant Checkmate, TruthFinder, and Intelius) has the most accurate data by far, so focus on them first.
My current situation requires open credit so I'll add more opsec advice by linking this previous post (specifically, the paragraph about freezing your credit profiles and physically mailing a form to permanently opt out of pre-approved offers). I don't really have a defined threat model beyond a simple wish not to be identified in ways that I don't personally control, and to not receive spam.
The net result is a privacy stance where I'm the single source of truth for my own image, but very rarely I appear in a professional capacity such as a podcast or bio, some historical capacity like an article about an extracurricular success in school, or as a mention in an obituary. This is an acceptable way to present yourself online, in my opinion.
Editing this while I still can. PeopleConnect (Instant Checkmate, TruthFinder, and Intelius) has the most accurate data by far, so focus on them first.
Last edited:
- Joined
- May 7, 2022
It's a worthwhile obfuscation tool as well. A consistent, controlled image puts eyes somewhere else because it doesn't fit a given profile for a pseudonymous internet actor. It's also a great way to fudge data and build an identity that is worthless for backtracking from. The direction the @bonglord420 <-> John Smith search goes is bivalent and a boring ass Twitter or Reddit account that has a direct or carefully crafted indirect link full of lies, omissions, and nothing of value goes a long way to killing a search. The more bullshit and conflicting information you have between identities, the more insulated you are.
This is taught in some professional settings and in the backrooms of less professional settings. If you're good with it, your professional, social, and personal lives won't overlap with only 10 minutes of searching. It's not a magic bullet, but matching an identity to an identity most often needs much more than a name and a general geographic location to go anywhere.
- Joined
- Oct 9, 2023
I've not gotten into disinformation, preferring a recursive approach where all my socials link to my professional portfolio, which links to my socials. These more or less reflect my real identity but are very boring and professional, and they don't doxx me beyond a PO box and a VoIP number.
There's probably a lot of value in propagating false information, but I'd rather sit back and control what's out there before adding more information to my name that may be hard to remove in the future. IntelTechniques set up the number +12484345508 that rickrolls every caller, so now I wanna start a supermarket discount card.
Last edited:
- Joined
- May 7, 2022
It's more about consistent misinformation in some part of a given identity. More useful for when you have to have some kind of social media presence that isn't entirely part of your professional life, or situations where some degree of PII is expected. Separation between professional and freelance or hobby work. Having some misleading PII out there is surprisingly effective.
Think of all the dox attempts that stall or go nowhere because the individual is a compulsive liar and has 50 layers of accounts. It's a simplified version of that. If you want to talk full blown fake identities, that's a different beast and takes work that needs to have started 10 years ago.