oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:36:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

minor fixes

Browse source
This commit is contained in:
zl 2025-04-01 09:47:12 -07:00
parent 1ce146f3c6
commit 16b9f16eef
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
opsec/anonymitymetadata/index.html
View file

@ -94,7 +94,7 @@
</p>
<p>
During this time, <b>the adversary did not see you or interact with you</b> and even the calls and website were encrypted. But they <b>collected metadata passively.</b><br>
Here is a diagram that displays what occured and what the adversary collected:
Here is a diagram that displays what occurred and what the adversary collected:
</p>
<div style="text-align: center; margin: 1px;"><img src="2.png" class="imgRz" style="width:85%"></div><br>
<p>
@ -130,7 +130,7 @@
In a more general sense, <b> the entire goal of the adversary is to find information that uniquely identifies you.</b><br>
Metadata provides exactly that: If they know where you go, the groups you interact with, the timing of your activity, the way you speak, the things you look at, etc, <b>the adversary can creative a very identifying profile.</b><br>
Even if each singular piece of metadata provides minor information, adversaries use it to form <b>associations</b>, connecting each one of those fragments to see an entire picture where your possible profile is narrowed.<br>
For more context on information and anonymity, <a href="../anonymityexplained/index.html">this tutorial</a> is recommended as a prequisite.
For more context on information and anonymity, <a href="../anonymityexplained/index.html">this tutorial</a> is recommended as a prerequisite.
</p>
<p>
We will will focus on understanding most major attack vectors for metadata collection and briefly cover simple mitigation.
@ -166,7 +166,7 @@
</p>
<div style="text-align: center; margin: 1px;"><img src="4.png" class="imgRz" style="width:35%"></div><br>
<p>
<a href="../torsvpns/index.html">TOR</a> mitigates some of this by making all packets the same size, but the ISP is still able to see the <b>total amount of data transferred</b> and the <b>timing.</b>
<a href="../torvsvpns/index.html">TOR</a> mitigates some of this by making all packets the same size, but the ISP is still able to see the <b>total amount of data transferred</b> and the <b>timing.</b>
<p>
Let's say that you connect to an anonymous forum account by going You->VPN->Tor->Website. You log in every Wednesday and Thursday between 4-6 P.M., post some comments and interact, and upload about 2GB of data.
The ISP can see that you connected to a VPN and transferred 2GB of data between those times.<br>
@ -176,20 +176,20 @@
<div style="text-align: center; margin: 1px;"><img src="5.png" class="imgRz" style="width:35%"></div><br>
<p>
This is a very simple attack which only involves ISP metadata and note that in real scenarios, this is not done by hand but by artificial intelligence and with more variables and information.<br>
To avoid such analysis, <a href="https://mullvad.net/en/vpn/daita">DAITA</a> (Defense Againt AI-Guided Traffic Analysis) should be used which is covered in more detail in <a href="../torthroughvpn/index.html">this tutorial</a>.
To avoid such analysis, <a href="https://mullvad.net/en/vpn/daita">DAITA</a> (Defense Against AI-Guided Traffic Analysis) should be used which is covered in more detail in <a href="../torthroughvpn/index.html">this tutorial</a>.
</p>
<p>
<b>Combining DAITA with generally not having highly predictable patterns makes network metadata difficult to use</b> and these attacks far harder.
</p>
<h3>Cell Towers</h3><br>
<p>
As simply displayed in the inital example, cell towers and telecommunications are one of the largest spots for metadata collection. Specifically: the exact <b>who, when, and where</b> of every call.
As simply displayed in the initial example, cell towers and telecommunications are one of the largest spots for metadata collection. Specifically: the exact <b>who, when, and where</b> of every call.
Unlike networks or other platforms, the identity of every connected phone is known and location can be determined by cell tower triangulation. The metadata is enough to entirely deanonymize and map most actions and is explained in <a href="../phonenumbers/index.html">this tutorial</a>.
<br>Simply, <b>anonymity is not compatible with cell towers and they should be avoided entirely.</b>
</p>
<h3> Browsers</h3><br>
<p>
To operate and communciate with websites, <b> your web browser sends out various information that is unique and identifiable.</b>
To operate and communicate with websites, <b> your web browser sends out various information that is unique and identifiable.</b>
</p>
<p>
A non-exhaustive list is as follows:
@ -218,10 +218,10 @@
Moreover, this also stops any form of persona separation because <b> all of your activity is uniquely tied to that browser footprint,</b> regardless of whether you are logged in, what site you're on, or even if you're routing through TOR.
</p>
<p>
Mitigation for this is quite straightforward: usage of the <a href="../torsvpns/index.html">Tor Browser </a> since <b>every user is made to look the same.</b> Most of the identifying metadata mentioned before is not a threat since configuration is uniform across all users.
Mitigation for this is quite straightforward: usage of the <a href="../torvsvpns/index.html">Tor Browser </a> since <b>every user is made to look the same.</b> Most of the identifying metadata mentioned before is not a threat since configuration is uniform across all users.
</p>
<p>
However, metrics like typing speed, mouse patterns, operating system, and a few others will still be leaked, so when consistently visiting the same websites using the Tor Browser, <b>vary your acitvities</b> so the information is not usable.
However, metrics like typing speed, mouse patterns, operating system, and a few others will still be leaked, so when consistently visiting the same websites using the Tor Browser, <b>vary your activities</b> so the information is not usable.
</p>
<h3>File Data</h3><br>
@ -233,7 +233,7 @@
Most images taken by any camera <b> contain sensitive information like the device used, operating system, and even the exact GPS coordinates</b> of where the picture was taken in their <b>EXIF metadata.</b>
</p>
<p>
If these files are uploaded anywhere, <b>the party that recieves the file could potentially pinpoint your exact location.</b>
If these files are uploaded anywhere, <b>the party that receives the file could potentially pinpoint your exact location.</b>
</p>
<p>
Let's use an example: Say I have a sample image from an iPhone camera, called image.jpeg, taken at the Eiffel Tower. <br>
@ -331,12 +331,12 @@ File Type : JPEG
<p>
Metadata doesn't only exist in EXIF format in images, it can also be embedded in files like PDFs.
</p>
<p> Elsevier, the largest academic publisher, <b>embedded unique hashes in PDF metadata</b> for each <a href="https://news.ycombinator.com/item?id=30082138">download</a>, meaning that your copy was uniquely identifiable. If you downloaded a file like this and then shared it in your anonymous persona, you would instantly be deanonymized since <b>the specifc copy ties back to your account only.</b> Using the same exiftool commands as before will remove this metadata as well. </p>
<p> Elsevier, the largest academic publisher, <b>embedded unique hashes in PDF metadata</b> for each <a href="https://news.ycombinator.com/item?id=30082138">download</a>, meaning that your copy was uniquely identifiable. If you downloaded a file like this and then shared it in your anonymous persona, you would instantly be deanonymized since <b>the specific copy ties back to your account only.</b> Using the same exiftool commands as before will remove this metadata as well. </p>
<div style="text-align: center; margin: 1px;"><img src="6.png" class="imgRz" style="width:60%"></div><br>
<p>Similar identifying methods may be in other files or from general content and it is advised to use plaintext and thoroughly <b>remove all metadata before uploading anything.</b></p>
<h3>Image Geolocation</h3><br>
<p>
An image of the real world contains a significant amount of data such as the buildings in it or the lighting. Figuring out where a picture was taken is a rather popular activtiy in everything from OSINT to GeoGuessr.
An image of the real world contains a significant amount of data such as the buildings in it or the lighting. Figuring out where a picture was taken is a rather popular activity in everything from OSINT to GeoGuessr.
</p>
<p>
A few techniques are using <a href="https://www.bellingcat.com/resources/2021/05/18/unsure-when-a-video-or-photo-was-taken-how-to-tell-by-measuring-the-length-of-shadows">shadows</a> to determine timing, <a href="https://www.bellingcat.com/resources/2023/09/07/measuring-up-how-to-calculate-the-size-of-objects-in-open-source-material">perspective</a> to determine distance, <a href="https://www.youtube.com/watch?v=cMsaj4SSwCw">bruteforcing</a> after reducing search space, and looking at nature or other details to determine location.
@ -402,7 +402,7 @@ File Type : JPEG
Let's look at a few examples:
</p>
<p>
- If your forum posts have certain <b> slang,</b> an adversary can <b> estimage your age</b>, which can be 2-3 bits of information. <br>
- If your forum posts have certain <b> slang,</b> an adversary can <b> estimate your age</b>, which can be 2-3 bits of information. <br>
- If your writing is consistently highly technical and includes references and wording central to a specific field, the adversary can roughly guess <b>your profession, level of knowledge, and skills,</b> which could be 10+ bits of information. <br>
- <b>Metaphors</b> and <b>word choice</b>, or speaking in multiple languages can reveal <b>ethnicity, location, or content you've read.</b> <br>
<div style="text-align: center; margin: 1px;"><img src="9.png" class="imgRz"></div> <br>