OK guys, I want to cover this since I work as a network administrator for a webhosting company, a lot of people here post like it's no biggy and probably don't take into account how networking, routing, packets, and all that good stuff works.
First of all, as you may know, government is getting more restrictive on our rights and people are being convicted of crimes merely for speaking their opinion or being framed for something they didn't do.
You all remember the scare we had about a year or so ago when Tina Greco was spamming kiddie porn on the forums, first of all, for those of you who have little to no idea how computers work, you need to realize the legal liability of all of this.
First of all, every single post you make, every single website you visit, every chat program you use, every email you check, these are all located somewhere in the world.
Say you are accessing JTF, when you type
http://www.jtf.org into your browser, the domain (JTF.org) is located on a physical server usually within a allocated area of space and broadcasted through a webserver of some sort (generally Apache)
Now then, this is how you can identify where JTF is located via the following traceroute (anyone can do this)
Tracing route to jtf.org [74.55.233.18]
over a maximum of 30 hops:
1 2 ms 2 ms 2 ms 192.168.3.1
2 8 ms 10 ms 10 ms 10.17.8.1
3 12 ms 11 ms 9 ms ip68-1-11-17.at.at.cox.net [68.1.11.17]
4 9 ms 14 ms 11 ms pnscsysr01-atm1401.pn.at.cox.net [68.1.10.65]
5 11 ms 9 ms 9 ms ftwlcmtc04.at.at.cox.net [68.1.10.226]
6 31 ms 26 ms 30 ms dalsbbrj02-ae4.r2.dl.cox.net [68.1.1.234]
7 44 ms 39 ms 35 ms et1-1.ibr01.hstntx2.theplanet.com [70.87.253.50]
8 33 ms 32 ms 50 ms et3-3.ibr01.hstntx1.theplanet.com [70.87.253.153
]
9 37 ms 42 ms 35 ms po1.car06.hstntx1.theplanet.com [207.218.223.22]
10 33 ms 33 ms 33 ms 12.e9.374a.static.theplanet.com [74.55.233.18]
Trace complete.
C:\Documents and Settings\******>
Now lets go through each line and I will explain whats occuring here
I am using a simple command called "tracert" which trace routes where a server is located, it's a simple command, no knowledge required.
The 1st line is me leaving my router (192.168.3.1)
Second line is me hitting the COX (my ISP) and their first NODE, usually a bunch of users in the neighborhood share one node
Third line is going through COX's datacenter in Atlanta
Fourth and fifth line are still in Atlanta and the query request is seen on COX's end that I am requesting JTF's website.
Six and seven are where COX connects me from there infrastructure to THE PLANET which is the datacenter where JTF's server is located, probably a dedicated server.
skip to the 10th line and after 10 hops, I have hit JTF's server, 33 MS which means 33 milisecond response time, about normal for broadband.
Data is traveling back and forth instantaneously between myself and JTF as I read these forums....
According to
http://whois.domaintools.com/jtf.org , the IP address is located in
- Texas - Dallas - Theplanet.com Internet Services Inc
Now this could be the IP address location or the physical server location as well.
Now then, to explain
IP ADDRESSESWhat is an IP address? Think of an IP address like a telephone number, or a house address. The only difference is that having a persons IP address does not give you their EXACT location, you may get the state and perhaps the city at most. Every single user has an IP address.
There are two kinds of IP addresses we can cover here, private network IP's (192.168.***.***) or ISP assigned IP's. Most computers nowadays are given private network IP's and only the router is given the ISP assigned IP address, a private network IP is useless outside of that network. A router being a device that splits the connection between multiple computers.
Usually servers are given their own static or ISP assigned IP addresses.
Why is this important?
Several reasons.....
LIABILITY/CRIMINAL CHARGESA lot of folks nowadays are using wireless routers like it's no big thing, they buy them from walmart and figure nothing of it, these are "OPEN" networks and anyone in your neighborhood can connect to them. When you sign up with your ISP, you have your name and credit card on file. Usually you are assigned a "dynamic" IP address, any website you visit, your data is logged by the ISP in the form of packet headers and the website also records your IP address.
Leaving a wireless router open is like letting any stranger walk in your home, you JUST don't do it! You don't know who is connecting to your router, you don't know what the users intent is. If you have a next door neighbor going online browsing kiddie porn or downloading piracy, your IP address which is "tied" to YOUR name are in those logs, and YOU will be held liable/criminally responsible. Secure your router with WPA, don't use WEP anymore, it's insecure. Read the manual if you don't know how or PM me if you need assistance.
I've seen way too many people with open routers and they get MPAA letters for downloading some pirated movie that they never downloaded before because they left their router, or some guy facing 10 years in prison and sex offender status, because his neighbor used his open network to look at kiddie porn.
LOGGING/TRACKING of a userSome of you may have knowledge with computers, infact I know i'm not the only one here. Some of us are aware of methods to hide our true IP address while webbrowsing, but it's simply not enough.
I'll give you some examples.
If you've ever been to a website before, you are sending GET queries.
I'll give you an example when I visit my own website
http://www.fwbairsoft.comWhen I visit the site, files are automatically loaded on my computer regardless if I want them to or not merely by going to that page. For example, images are loaded, a cookie is loaded that tells that webserver information on what webbrowser, operating system, and my IP address is, and more.
Here is an example of the log
Host: 98.174.***.***
/
Http Code: 200 Date: Mar 04 20:39:27 Http Version: HTTP/1.1 Size in Bytes: 7644
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
/includes/tiny_mce/tiny_mce.js
Http Code: 200 Date: Mar 04 20:39:27 Http Version: HTTP/1.1 Size in Bytes: 101393
Referer:
http://fwbairsoft.com/ Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
/includes/tiny_mce/themes/default/editor_template.js
Http Code: 200 Date: Mar 04 20:39:29 Http Version: HTTP/1.1 Size in Bytes: 9082
Referer:
http://fwbairsoft.com/ Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
/includes/tiny_mce/langs/english.js
Http Code: 200 Date: Mar 04 20:39:29 Http Version: HTTP/1.1 Size in Bytes: 2175
Referer:
http://fwbairsoft.com/ Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
/themes/Milo/style/editor.css
Http Code: 200 Date: Mar 04 20:39:30 Http Version: HTTP/1.1 Size in Bytes: 2122
Referer:
http://fwbairsoft.com/ Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
/themes/Milo/style/style.css
Http Code: 200 Date: Mar 04 20:39:30 Http Version: HTTP/1.1 Size in Bytes: 2778
Referer:
http://fwbairsoft.com/ Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
Now as you can see, my IP address is censored in the post but you can see where I requested information, it identifies I am using Microsoft Internet Explorer, my version of Windows (XP) and a few other things. This is common on any website you access as you are using "HTTP", so you are engaging with a connection to another server and your ISP is sending requests to you and your sending requests to them to pull that site, all that data is forwarded over multiple nodes to get to your location hence how the internet works (made up of numerous connections).
WRONGLY ACCUSEDHere is where a huge liability comes into play, now that you understand a little bit about how IP addresses/internet works, lets see how it can be used against users for the wrong posts.
I've seen a few posts here lately that shouldn't have been made such as users making death threats or advocating violence which could hold them liable against government for civil or criminal charges. Do not assume you are safe behind a computer screen.
I'll give you an example, remember how those logs show how anyone accessing that website, their IP is logged?
Much like JTF, your IP is logged in a apache server, no biggy right? Well, here's another issue.
3rd party images.
You guys remember when Tina Greco spammed kiddie porn on the forums? Technically when you enter a image tag, your putting in
As you can see, you are connecting as a proxy to yourself but the software is broadcasting and acting as a node between other users, almost a separate network of it's own. Your rerouting your own traffic and all traffic is encrypted between all users so no one knows who is browsing what/etc. The packet headers aren't identifiable by the ISP because all they see is the user connected to the I2P network.
TOR does the same thing.
http://www.i2p2.deThis explains more how I2P works.
http://en.wikipedia.org/wiki/I2Phttp://www.i2p2.de/how.htmlhttp://www.i2p2.de/techintro.htmlThere are numerous reasons people are using this program, some for good reasons, some for bad reasons. Good example is that many people in China use this software because China blocks any websites that have to do with human rights or voice chat programs or any site they don't approve of.
Europe bans all Neo Nazi websites.
The US has not yet banned any websites, but if things get worse under the marxist dictatorship under this country, this is your link to the outside world.
Unfortunately, running I2P2 does not make you 100 percent anonymous. I2P2 only covers the HTTP link, so if your making a purchase with a credit card through a SSL encrypted website such as HTTPS, your true IP address is shown. Also any programs you would use that require HTTPS perhaps email or a chat program, your IP is exposed unless I2P releases a SOCKS proxy and a HTTPS proxy.
There are also other security issues, if you have your cookies enabled to accept from third party or the site, there are sometimes tracking cookies which identify sites your going to and coming from. Javascript and Java can be exploited too, but to access JTF, you don't need Java enabled.
Other applications can identify you as well such as Flash or live audio streams.
This does boost you anonymous activity however and is completely legal.
ENCRYPTION OF YOUR DATA/HARDDRIVEDon't believe for a second that your data is safe. Guards at the border can now confiscate your laptop if your leaving the country, laptops are stolen, and sensitive material is lost all the time.
I recommend checking out Truecrypt. I use this to encrypt all my thumbdrives and my harddrive.
http://www.truecrypt.org/Truecrypt is wonderful that it provides advanced encryption and hidden partitions (a partition would be for example your C drive which is a virtual partition of a physical harddrive). Your able to encrypt an entire physical drive or a partition.
TrueCrypt is a software application used for real-time on-the-fly encryption. It can create a virtual encrypted disk within a file or a device-hosted encrypted volume on either an individual partition or an entire storage device. It supports Microsoft Windows, Mac OS X and Linux and encrypted volumes can be made portable. The version for Windows Vista or XP can encrypt the boot partition or entire boot drive and has the ability to create and run a hidden encrypted operating system whose existence is deniable. TrueCrypt is distributed under the TrueCrypt Collective License.
Anytime I encrypt my system, I use two encryption methods and I always use Advanced Encryption Standard (AES) which is military standard encryption.
http://en.wikipedia.org/wiki/Advanced_Encryption_StandardGenerally I encrypt an entire harddrive or thumb drive but I don't post the data within the harddrive, I also encrypt a container that requires a key file and password within the already encrypted partition. Law Enforcement and even Government are having a difficult time dealing with this, while it's possible to retrieve a set of files, the files are full of bogus data and are impossible to use. While that doesn't mean I encourage illegal activity with it, that gives you an idea how difficult it is for someone to steal information from your computer.
Unfortunately, there is a weak point to encryption. The method to defeating encryption is by removing the physical memory (RAM) from the machine and doing a memory dump which sometimes can recover the key used for the encryption or any data that was dumped before the last reboot. Memory slowly removes any data intact.
I use truecrypt for customer data as well.
WHEN YOU DELETE A FILE, IT IS STILL THEREContrary to popular belief, you may think when you delete a file that it is gone. It isn't. If your on JTF, then you may have cleared your temporary files, but the HTML pages are still on your system and can be recovered. Any pictures or media can also be recovered. I tested this method using EnCase (forensics tool) to recover data from a formatted harddrive, I was able to retrieve full pictures and executables intact. Some files were slightly corrupt but enough fragments none the less.
Generally in the case that forensic analysis is done on a harddrive by law enforcement or a private company, data intact is easily retrieved, your little windows password won't protect you.
Generally there are 2 methods that are used, EnCase where a harddrive is connected and a clone/copy or mirror is made of the harddrive, the original drive is put in evidence if it's a criminal case. The mirror is analyzed and fragments of data are infact recoverable.
The 2nd method from a physically damaged harddrive is Magnetic Force Microscope which recovers data from a low frequency.
A magnetic force microscope is a type of atomic force microscope (AFM). Unlike typical AFM, magnetic materials are used for the sample and tip, so that the tip-sample magnetic interactions are detected. Many kinds of magnetic interactions are measured by MFM, including magnetic dipolar interaction. MFM scanning often uses non-contact AFM (NC-AFM).
In MFM measurements, the magnetic force between the sample and tip is given by:
F = (m .∇)H
m: magnetic moment of the tip
H: magnetic stray field from the sample
Because the magnetic stray field from the sample will affect the magnetized state and vice versa, in most cases it is difficult to obtain quantitative information from the MFM measurement. To interpret the information quantitatively, the configuration of the tip must be known. With this measurement, a typical resolution of 30 nm can be achieved (Abelmann, 1998). Although resolutions as high as 10 nm are attainable (Nanoscan AG, February 2008).
A potential method of increasing the resolution would involve using an electromagnet on the tip instead of a permanent magnet. Enabling the magnetic tip only when placed over the pixel being sampled could increase the resolution.
Usually deleting your data is a good idea especially if you let others use your computer. It's also important that if you buy a used computer or harddrives from ebay or someone, always wipe your harddrive with a harddrive scrubber.
I personally use Terminus 6 which has multiple wipe methods including what is known as GUTMANN method.
Gutmann method
The Gutmann method is an algorithm for securely erasing the contents of computer hard drives, such as files. Devised by Peter Gutmann and Colin Plumb, it does so by writing a series of 35 patterns over the region to be erased.
The selection of patterns assumes that the user doesn't know the encoding mechanism used by the drive, and so includes patterns designed specifically for three different types of drives. A user who knows which type of encoding the drive uses can choose only those patterns intended for their drive. A drive with a different encoding mechanism would need different patterns. Most of the patterns in the Gutmann method were designed for older MFM/RLL encoded disks. Relatively modern drives no longer use the older encoding techniques, making many of the patterns specified by Gutmann superfluous
http://en.wikipedia.org/wiki/Gutmann_methodThere is a myth that 35 wipes are required to remove data permanently, but that's a myth, only 1 overwrite is required. But I guess if it makes someone safer, more freedom to them.
I always wipe my temporary files and at work, we wipe all old server harddrives as we don't know the contents on them since users are not monitored and one can be held criminally liable for data on a disk if they are "aware" of it.
You can obtain Terminus 6 or any data scrubber.
http://www.e-f-w.com/content.php?cid=t6-introAnd this article explains why it's near impossible to recover any data that's been overwritten
http://sansforensics.wordpress.com/2009/01/15/overwriting-hard-drive-data/ (his last names Cohen too)
The only thing about overwritten data is that if there is a bad sector in the harddrive, that data will not be overwritten and can sometimes be recovered if the physical drive platter is moved.
Anyways, keep safe guys, I think too many people here use the internet without thinking about the liability out there.