Site hosted by Angelfire.com: Build your free website today!

SECURITY

NOTE:   !  If - despite our warnings - you decide to download from   ! 
        !  and/or store at home and/or post to this group, pictures  ! 
        !  of at least questionable legal status, this section is   ! 
        !  *vitally* important for you.    !

What different risks do I face? Direct detection by law enforcement agencies is only one of several dangers, and perhaps not the one that is most likely. Depending on your personal situation, it may in the end be just as bad to be found out by your wife, your kids, your employer, a visitor or a computer service technician. Also, do not forget that there are many anti- porn zealots and "child savers" who will carry on their own personal crusades if they get a chance. Some of them know quite a lot about the Internet and Usenet news and may be able to hack your news server to get access to its logs. May my posts be traced? YES. If you use a news server with restricted access (i.e. you mu give a user ID and password), the server log will show what you have posted. Even if you do not, their may be a server log which shows what has been posted from a certain IP address. Together with a log from your ISP, showing when you were logged in and what IP address you were assigned, this is enough to trace posts to you. Law enforcement agencies can always get search warrants giving them access to service provider logs, if criminal activities are suspected. You can read more about anonymity at: www.stack.nl/~galactus/remailers/usenet.html In what other ways may my activities be uncovered? If your computer can be used by anyone, your wife, kids or visitors may find incriminating pictures or other evidence. Don't forget that many newsreaders leave revealing log files that show what newsgroups you have been accessing. Browser-based newsreaders may leave files in cache folders that perhaps you don't even know about. And if you encrypt your picture files so nobody else can view them, keep in mind that the filenames can often reveal what it's all about. If you use your office computer to access AFOS, your employer may suddenly decide to use it for some other purpose, leaving you without time to clear away all traces of your activities. Using an office computer is an absolute no-no!!! If your hard disk crashes, think twice before you send it in for service. It is not at all hard to salvage data off a crashed disk, and although nobody will do it for free, a service technician may well do some preparatory tests that could reveal incriminating evidence.If you use the same kind of removable media for porn and ordinary stuff, you may accidentally mix them up and let someone see the illegal stuff. If you access non-porn newsgroups under your real name, the day will come when you forget to change your personal configuration info, and accidentally post to AFOS under your real name. How may I increase my security off-line? Quite a list: Make it harder for others to use your computer. The following link ("The PC hacking FAQ" v2.0 by Olcay Cirit) gives a lot of tips: www1.insnet.com/~darkshadow/homepage/text/pchack.txt Use removable media backup devices to keep your hard disk clean of incriminating data: - Hide the media. - Most devices allow password-protection. - Do not rely on this protection, encrypt your files! - Prefer devices that allow large media: easier to hide and more convenient. - If you can spend the bucks, get fast devices like Syquest's SyJet or Iomega's Jaz Drive so that you May even run your net software on them (newsreaders keep log files!). Using these it is important to always backup *twice* because their media are quite sensitive. MO-drives also seem to be a good choice. They are slower than magnetical (like Syquest or Iomega) drives, but the media are much less sensitive, are much cheaper, are available in different Sizes and are a common industry standard.An even cheaper way would be to obtain a second hard disk and a drive bay that allows you to swap disks. In that way, you could run two totally independent systems: a clean one and one for AFOS.If you use slow devices (tape streamer etc), create thumbnail catalogues on your hard disk and hide the folders and your net software with an application like "magic folders" (see IX.9). Use security software (see IX.9) like: - File shredder. If you erase a file it can be restored. File shredders prevent this by overwriting files that you delete with random junk. - Encryption tools. Data can only be read with the correct key/ pass-phrase. Try to get one that also encrypts the filenames. - Hiding. This kind of software completely hides files and folders, and in some cases even itself, from users who don't know the password. - If you use Windows95, get TweakUI, which is part of the Microsoft PowerToys. It allows you to configure many security settings. - Disk management utilities allow you to completely hide whole partitions from your operating system. Be careful with that though, because all partitions behind the hidden ones will change their drive letter! You may even use it on a boot disk so that anyone who wants to unhide your secret partitions will first have to get and install the application. Do not use browser built-in newsreaders because they retain *very* telling hidden logfiles. If you do it anyway take the following measures (Windows 95 only, no info on other operating systems):- Netscape: To check the cache, type "about: cache" into the location bar, to check only for images type "about: image-cache". To get an overall view, type "about: global" (amazing, isn't it?!). To delete the list of currently visited sites under Win95 go to the registry for HKEY_CURRENT_USER/Software/Netscape/NetscapeNavigator/URLHistory,Erase the entries in the value-field (do *not* edit "Name"!). To clear the cache use "Options | Network Preferences", tab "Cache", click "Clear Cache". - Explorer: Press "Alt-X + O" for an overall view. To erase history files use menu Explorer, shows Folder History. Mark all data by pressing "Ctrl-A" and erase them with "Del". To clear cache use "View | Options", tab "Extended", click "Empty Folder".. (Windows only) If you do not want to keep the pictures on your hard disk anyway, set up a RAM drive in your config.sys and target your download-path to it.Syntax: DEVICE=RAMDRIVE.SYS /E The content of this drive will be erased without trace every time you switch off your machine. How may I increase my security on line? Use aliases (i.e. a handle that is different from your real name) when posting. Enter the alias in your newsreader's configuration menu, together with a fake email address. Use one or more aliases at the same time. If you use only one, change it from time to time. If you participate in non-porn newsgroups under your real name, you should consider using a different newsreader for those activities. If you don't, the day will surely come when you forget to change your newsreader's configuration, and accidentally post to AFOS under your real name. Configure your newsreader to automatically include the line: X-NO-ARCHIVE=YES in your headers. Not all newsreaders allow you to do that; in that case you may use it as the first line of the article body instead. This will at least prevent Alta Vista and DejaNews from archiving your posts. If possible, change your ISP from time to time. Try to find a news server that does not put your IP address in the article header when you post (that's in the line called "NNTP Posting Host"). True, that still doesn't make you untraceable to your ISP (and hence to the law, should they feel like it), but it makes it harder for private individuals to find you. It is also a good idea to use a news server other than the one your ISP provides. If at all possible, use one in another country. That would add a lot of administrative work for the law, if they were to go after you. They would need pretty strong motivation for that. Post in waves. Do not start a flame-war or a discussion with the "child-savers". Just ignore them. BE VERY CAREFUL WITH EMAILING! (See VIII.6). When you surf the Web, your browser will give out information about yourself and your system to all the servers you visit. If you want to see for yourself what your browser tells servers, go to: www.helie.com/BrowserCheck If you want to avoid this, you may go through a Web anonymizer service. It functions like a gateway and strips off all or some of the info that the browser will give to the servers you visit. There is a downside, though: some sites will not work when visited in this way, and also the service doesn't come for free. If you're interested, visit:www.anonymizer.com and check out their offer. Why do I have to be particularly careful with emailing? You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content Emails will always disclose the address they have been sent from. Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.). If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver). Emails can be intercepted and forged. But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: Direct detection by law enforcement agencies is only one of several dangers, and perhaps not the one that is most likely. Depending on your personal situation, it may in the end be just as bad to be found out by your wife, your kids, your employer, a visitor or a computer service technician. Also, do not forget that there are many anti- porn zealots and "child savers" who will carry on their own personal crusades if they get a chance. Some of them know quite a lot about the Internet and Usenet news and may be able to hack your news server to get access to its logs.
May my posts be traced? YES. If you use a news server with restricted access (i.e. you mu give a user ID and password), the server log will show what you have posted. Even if you do not, their may be a server log which shows what has been posted from a certain IP address. Together with a log from your ISP, showing when you were logged in and what IP address you were assigned, this is enough to trace posts to you. Law enforcement agencies can always get search warrants giving them access to service provider logs, if criminal activities are suspected. You can read more about anonymity at: www.stack.nl/~galactus/remailers/usenet.html In what other ways may my activities be uncovered? If your computer can be used by anyone, your wife, kids or visitors may find incriminating pictures or other evidence. Don't forget that many newsreaders leave revealing log files that show what newsgroups you have been accessing. Browser-based newsreaders may leave files in cache folders that perhaps you don't even know about. And if you encrypt your picture files so nobody else can view them, keep in mind that the filenames can often reveal what it's all about. If you use your office computer to access AFOS, your employer may suddenly decide to use it for some other purpose, leaving you without time to clear away all traces of your activities. Using an office computer is an absolute no-no!!! If your hard disk crashes, think twice before you send it in for service. It is not at all hard to salvage data off a crashed disk, and although nobody will do it for free, a service technician may well do some preparatory tests that could reveal incriminating evidence.If you use the same kind of removable media for porn and ordinary stuff, you may accidentally mix them up and let someone see the illegal stuff. If you access non-porn newsgroups under your real name, the day will come when you forget to change your personal configuration info, and accidentally post to AFOS under your real name. How may I increase my security off-line? Quite a list: Make it harder for others to use your computer. The following link ("The PC hacking FAQ" v2.0 by Olcay Cirit) gives a lot of tips: www1.insnet.com/~darkshadow/homepage/text/pchack.txt Use removable media backup devices to keep your hard disk clean of incriminating data: - Hide the media. - Most devices allow password-protection. - Do not rely on this protection, encrypt your files! - Prefer devices that allow large media: easier to hide and more convenient. - If you can spend the bucks, get fast devices like Syquest's SyJet or Iomega's Jaz Drive so that you May even run your net software on them (newsreaders keep log files!). Using these it is important to always backup *twice* because their media are quite sensitive. MO-drives also seem to be a good choice. They are slower than magnetical (like Syquest or Iomega) drives, but the media are much less sensitive, are much cheaper, are available in different Sizes and are a common industry standard.An even cheaper way would be to obtain a second hard disk and a drive bay that allows you to swap disks. In that way, you could run two totally independent systems: a clean one and one for AFOS.If you use slow devices (tape streamer etc), create thumbnail catalogues on your hard disk and hide the folders and your net software with an application like "magic folders" (see IX.9). Use security software (see IX.9) like: - File shredder. If you erase a file it can be restored. File shredders prevent this by overwriting files that you delete with random junk. - Encryption tools. Data can only be read with the correct key/ pass-phrase. Try to get one that also encrypts the filenames. - Hiding. This kind of software completely hides files and folders, and in some cases even itself, from users who don't know the password. - If you use Windows95, get TweakUI, which is part of the Microsoft PowerToys. It allows you to configure many security settings. - Disk management utilities allow you to completely hide whole partitions from your operating system. Be careful with that though, because all partitions behind the hidden ones will change their drive letter! You may even use it on a boot disk so that anyone who wants to unhide your secret partitions will first have to get and install the application. Do not use browser built-in newsreaders because they retain *very* telling hidden logfiles. If you do it anyway take the following measures (Windows 95 only, no info on other operating systems):- Netscape: To check the cache, type "about: cache" into the location bar, to check only for images type "about: image-cache". To get an overall view, type "about: global" (amazing, isn't it?!). To delete the list of currently visited sites under Win95 go to the registry for HKEY_CURRENT_USER/Software/Netscape/NetscapeNavigator/URLHistory,Erase the entries in the value-field (do *not* edit "Name"!). To clear the cache use "Options | Network Preferences", tab "Cache", click "Clear Cache". - Explorer: Press "Alt-X + O" for an overall view. To erase history files use menu Explorer, shows Folder History. Mark all data by pressing "Ctrl-A" and erase them with "Del". To clear cache use "View | Options", tab "Extended", click "Empty Folder".. (Windows only) If you do not want to keep the pictures on your hard disk anyway, set up a RAM drive in your config.sys and target your download-path to it.Syntax: DEVICE=RAMDRIVE.SYS /E The content of this drive will be erased without trace every time you switch off your machine. How may I increase my security on line? Use aliases (i.e. a handle that is different from your real name) when posting. Enter the alias in your newsreader's configuration menu, together with a fake email address. Use one or more aliases at the same time. If you use only one, change it from time to time. If you participate in non-porn newsgroups under your real name, you should consider using a different newsreader for those activities. If you don't, the day will surely come when you forget to change your newsreader's configuration, and accidentally post to AFOS under your real name. Configure your newsreader to automatically include the line: X-NO-ARCHIVE=YES in your headers. Not all newsreaders allow you to do that; in that case you may use it as the first line of the article body instead. This will at least prevent Alta Vista and DejaNews from archiving your posts. If possible, change your ISP from time to time. Try to find a news server that does not put your IP address in the article header when you post (that's in the line called "NNTP Posting Host"). True, that still doesn't make you untraceable to your ISP (and hence to the law, should they feel like it), but it makes it harder for private individuals to find you. It is also a good idea to use a news server other than the one your ISP provides. If at all possible, use one in another country. That would add a lot of administrative work for the law, if they were to go after you. They would need pretty strong motivation for that. Post in waves. Do not start a flame-war or a discussion with the "child-savers". Just ignore them. BE VERY CAREFUL WITH EMAILING! (See VIII.6). When you surf the Web, your browser will give out information about yourself and your system to all the servers you visit. If you want to see for yourself what your browser tells servers, go to: www.helie.com/BrowserCheck If you want to avoid this, you may go through a Web anonymizer service. It functions like a gateway and strips off all or some of the info that the browser will give to the servers you visit. There is a downside, though: some sites will not work when visited in this way, and also the service doesn't come for free. If you're interested, visit:www.anonymizer.com and check out their offer. Why do I have to be particularly careful with emailing? You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content Emails will always disclose the address they have been sent from. Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.). If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver). Emails can be intercepted and forged. But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: YES. If you use a news server with restricted access (i.e. you mu give a user ID and password), the server log will show what you have posted. Even if you do not, their may be a server log which shows what has been posted from a certain IP address. Together with a log from your ISP, showing when you were logged in and what IP address you were assigned, this is enough to trace posts to you.
Law enforcement agencies can always get search warrants giving them access to service provider logs, if criminal activities are suspected.
You can read more about anonymity at: www.stack.nl/~galactus/remailers/usenet.html
In what other ways may my activities be uncovered? If your computer can be used by anyone, your wife, kids or visitors may find incriminating pictures or other evidence. Don't forget that many newsreaders leave revealing log files that show what newsgroups you have been accessing. Browser-based newsreaders may leave files in cache folders that perhaps you don't even know about. And if you encrypt your picture files so nobody else can view them, keep in mind that the filenames can often reveal what it's all about. If you use your office computer to access AFOS, your employer may suddenly decide to use it for some other purpose, leaving you without time to clear away all traces of your activities. Using an office computer is an absolute no-no!!! If your hard disk crashes, think twice before you send it in for service. It is not at all hard to salvage data off a crashed disk, and although nobody will do it for free, a service technician may well do some preparatory tests that could reveal incriminating evidence.If you use the same kind of removable media for porn and ordinary stuff, you may accidentally mix them up and let someone see the illegal stuff. If you access non-porn newsgroups under your real name, the day will come when you forget to change your personal configuration info, and accidentally post to AFOS under your real name. How may I increase my security off-line? Quite a list: Make it harder for others to use your computer. The following link ("The PC hacking FAQ" v2.0 by Olcay Cirit) gives a lot of tips: www1.insnet.com/~darkshadow/homepage/text/pchack.txt Use removable media backup devices to keep your hard disk clean of incriminating data: - Hide the media. - Most devices allow password-protection. - Do not rely on this protection, encrypt your files! - Prefer devices that allow large media: easier to hide and more convenient. - If you can spend the bucks, get fast devices like Syquest's SyJet or Iomega's Jaz Drive so that you May even run your net software on them (newsreaders keep log files!). Using these it is important to always backup *twice* because their media are quite sensitive. MO-drives also seem to be a good choice. They are slower than magnetical (like Syquest or Iomega) drives, but the media are much less sensitive, are much cheaper, are available in different Sizes and are a common industry standard.An even cheaper way would be to obtain a second hard disk and a drive bay that allows you to swap disks. In that way, you could run two totally independent systems: a clean one and one for AFOS.If you use slow devices (tape streamer etc), create thumbnail catalogues on your hard disk and hide the folders and your net software with an application like "magic folders" (see IX.9). Use security software (see IX.9) like: - File shredder. If you erase a file it can be restored. File shredders prevent this by overwriting files that you delete with random junk. - Encryption tools. Data can only be read with the correct key/ pass-phrase. Try to get one that also encrypts the filenames. - Hiding. This kind of software completely hides files and folders, and in some cases even itself, from users who don't know the password. - If you use Windows95, get TweakUI, which is part of the Microsoft PowerToys. It allows you to configure many security settings. - Disk management utilities allow you to completely hide whole partitions from your operating system. Be careful with that though, because all partitions behind the hidden ones will change their drive letter! You may even use it on a boot disk so that anyone who wants to unhide your secret partitions will first have to get and install the application. Do not use browser built-in newsreaders because they retain *very* telling hidden logfiles. If you do it anyway take the following measures (Windows 95 only, no info on other operating systems):- Netscape: To check the cache, type "about: cache" into the location bar, to check only for images type "about: image-cache". To get an overall view, type "about: global" (amazing, isn't it?!). To delete the list of currently visited sites under Win95 go to the registry for HKEY_CURRENT_USER/Software/Netscape/NetscapeNavigator/URLHistory,Erase the entries in the value-field (do *not* edit "Name"!). To clear the cache use "Options | Network Preferences", tab "Cache", click "Clear Cache". - Explorer: Press "Alt-X + O" for an overall view. To erase history files use menu Explorer, shows Folder History. Mark all data by pressing "Ctrl-A" and erase them with "Del". To clear cache use "View | Options", tab "Extended", click "Empty Folder".. (Windows only) If you do not want to keep the pictures on your hard disk anyway, set up a RAM drive in your config.sys and target your download-path to it.Syntax: DEVICE=RAMDRIVE.SYS /E The content of this drive will be erased without trace every time you switch off your machine. How may I increase my security on line? Use aliases (i.e. a handle that is different from your real name) when posting. Enter the alias in your newsreader's configuration menu, together with a fake email address. Use one or more aliases at the same time. If you use only one, change it from time to time. If you participate in non-porn newsgroups under your real name, you should consider using a different newsreader for those activities. If you don't, the day will surely come when you forget to change your newsreader's configuration, and accidentally post to AFOS under your real name. Configure your newsreader to automatically include the line: X-NO-ARCHIVE=YES in your headers. Not all newsreaders allow you to do that; in that case you may use it as the first line of the article body instead. This will at least prevent Alta Vista and DejaNews from archiving your posts. If possible, change your ISP from time to time. Try to find a news server that does not put your IP address in the article header when you post (that's in the line called "NNTP Posting Host"). True, that still doesn't make you untraceable to your ISP (and hence to the law, should they feel like it), but it makes it harder for private individuals to find you. It is also a good idea to use a news server other than the one your ISP provides. If at all possible, use one in another country. That would add a lot of administrative work for the law, if they were to go after you. They would need pretty strong motivation for that. Post in waves. Do not start a flame-war or a discussion with the "child-savers". Just ignore them. BE VERY CAREFUL WITH EMAILING! (See VIII.6). When you surf the Web, your browser will give out information about yourself and your system to all the servers you visit. If you want to see for yourself what your browser tells servers, go to: www.helie.com/BrowserCheck If you want to avoid this, you may go through a Web anonymizer service. It functions like a gateway and strips off all or some of the info that the browser will give to the servers you visit. There is a downside, though: some sites will not work when visited in this way, and also the service doesn't come for free. If you're interested, visit:www.anonymizer.com and check out their offer. Why do I have to be particularly careful with emailing? You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content Emails will always disclose the address they have been sent from. Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.). If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver). Emails can be intercepted and forged. But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: If your computer can be used by anyone, your wife, kids or visitors may find incriminating pictures or other evidence. Don't forget that many newsreaders leave revealing log files that show what newsgroups you have been accessing. Browser-based newsreaders may leave files in cache folders that perhaps you don't even know about. And if you encrypt your picture files so nobody else can view them, keep in mind that the filenames can often reveal what it's all about.
If you use your office computer to access AFOS, your employer may suddenly decide to use it for some other purpose, leaving you without time to clear away all traces of your activities. Using an office computer is an absolute no-no!!!
If your hard disk crashes, think twice before you send it in for service. It is not at all hard to salvage data off a crashed disk, and although nobody will do it for free, a service technician may well do some preparatory tests that could reveal incriminating evidence.If you use the same kind of removable media for porn and ordinary stuff, you may accidentally mix them up and let someone see the illegal stuff.
If you access non-porn newsgroups under your real name, the day will come when you forget to change your personal configuration info, and accidentally post to AFOS under your real name.
How may I increase my security off-line? Quite a list: Make it harder for others to use your computer. The following link ("The PC hacking FAQ" v2.0 by Olcay Cirit) gives a lot of tips: www1.insnet.com/~darkshadow/homepage/text/pchack.txt Use removable media backup devices to keep your hard disk clean of incriminating data: - Hide the media. - Most devices allow password-protection. - Do not rely on this protection, encrypt your files! - Prefer devices that allow large media: easier to hide and more convenient. - If you can spend the bucks, get fast devices like Syquest's SyJet or Iomega's Jaz Drive so that you May even run your net software on them (newsreaders keep log files!). Using these it is important to always backup *twice* because their media are quite sensitive. MO-drives also seem to be a good choice. They are slower than magnetical (like Syquest or Iomega) drives, but the media are much less sensitive, are much cheaper, are available in different Sizes and are a common industry standard.An even cheaper way would be to obtain a second hard disk and a drive bay that allows you to swap disks. In that way, you could run two totally independent systems: a clean one and one for AFOS.If you use slow devices (tape streamer etc), create thumbnail catalogues on your hard disk and hide the folders and your net software with an application like "magic folders" (see IX.9). Use security software (see IX.9) like: - File shredder. If you erase a file it can be restored. File shredders prevent this by overwriting files that you delete with random junk. - Encryption tools. Data can only be read with the correct key/ pass-phrase. Try to get one that also encrypts the filenames. - Hiding. This kind of software completely hides files and folders, and in some cases even itself, from users who don't know the password. - If you use Windows95, get TweakUI, which is part of the Microsoft PowerToys. It allows you to configure many security settings. - Disk management utilities allow you to completely hide whole partitions from your operating system. Be careful with that though, because all partitions behind the hidden ones will change their drive letter! You may even use it on a boot disk so that anyone who wants to unhide your secret partitions will first have to get and install the application. Do not use browser built-in newsreaders because they retain *very* telling hidden logfiles. If you do it anyway take the following measures (Windows 95 only, no info on other operating systems):- Netscape: To check the cache, type "about: cache" into the location bar, to check only for images type "about: image-cache". To get an overall view, type "about: global" (amazing, isn't it?!). To delete the list of currently visited sites under Win95 go to the registry for HKEY_CURRENT_USER/Software/Netscape/NetscapeNavigator/URLHistory,Erase the entries in the value-field (do *not* edit "Name"!). To clear the cache use "Options | Network Preferences", tab "Cache", click "Clear Cache". - Explorer: Press "Alt-X + O" for an overall view. To erase history files use menu Explorer, shows Folder History. Mark all data by pressing "Ctrl-A" and erase them with "Del". To clear cache use "View | Options", tab "Extended", click "Empty Folder".. (Windows only) If you do not want to keep the pictures on your hard disk anyway, set up a RAM drive in your config.sys and target your download-path to it.Syntax: DEVICE=RAMDRIVE.SYS /E The content of this drive will be erased without trace every time you switch off your machine. How may I increase my security on line? Use aliases (i.e. a handle that is different from your real name) when posting. Enter the alias in your newsreader's configuration menu, together with a fake email address. Use one or more aliases at the same time. If you use only one, change it from time to time. If you participate in non-porn newsgroups under your real name, you should consider using a different newsreader for those activities. If you don't, the day will surely come when you forget to change your newsreader's configuration, and accidentally post to AFOS under your real name. Configure your newsreader to automatically include the line: X-NO-ARCHIVE=YES in your headers. Not all newsreaders allow you to do that; in that case you may use it as the first line of the article body instead. This will at least prevent Alta Vista and DejaNews from archiving your posts. If possible, change your ISP from time to time. Try to find a news server that does not put your IP address in the article header when you post (that's in the line called "NNTP Posting Host"). True, that still doesn't make you untraceable to your ISP (and hence to the law, should they feel like it), but it makes it harder for private individuals to find you. It is also a good idea to use a news server other than the one your ISP provides. If at all possible, use one in another country. That would add a lot of administrative work for the law, if they were to go after you. They would need pretty strong motivation for that. Post in waves. Do not start a flame-war or a discussion with the "child-savers". Just ignore them. BE VERY CAREFUL WITH EMAILING! (See VIII.6). When you surf the Web, your browser will give out information about yourself and your system to all the servers you visit. If you want to see for yourself what your browser tells servers, go to: www.helie.com/BrowserCheck If you want to avoid this, you may go through a Web anonymizer service. It functions like a gateway and strips off all or some of the info that the browser will give to the servers you visit. There is a downside, though: some sites will not work when visited in this way, and also the service doesn't come for free. If you're interested, visit:www.anonymizer.com and check out their offer. Why do I have to be particularly careful with emailing? You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content Emails will always disclose the address they have been sent from. Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.). If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver). Emails can be intercepted and forged. But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: Quite a list:

Make it harder for others to use your computer. The following link ("The PC hacking FAQ" v2.0 by Olcay Cirit) gives a lot of tips: www1.insnet.com/~darkshadow/homepage/text/pchack.txt
Use removable media backup devices to keep your hard disk clean of incriminating data:
- Hide the media.
- Most devices allow password-protection.
- Do not rely on this protection, encrypt your files!
- Prefer devices that allow large media: easier to hide and more convenient.
- If you can spend the bucks, get fast devices like Syquest's SyJet or Iomega's Jaz Drive so that you May even run your net software on them (newsreaders keep log files!). Using these it is important to always backup *twice* because their media are quite sensitive. MO-drives also seem to be a good choice. They are slower than magnetical (like Syquest or Iomega) drives, but the media are much less sensitive, are much cheaper, are available in different Sizes and are a common industry standard.An even cheaper way would be to obtain a second hard disk and a drive bay that allows you to swap disks. In that way, you could run two totally independent systems: a clean one and one for AFOS.If you use slow devices (tape streamer etc), create thumbnail catalogues on your hard disk and hide the folders and your net software with an application like "magic folders" (see IX.9).
Use security software (see IX.9) like:
- File shredder. If you erase a file it can be restored. File shredders prevent this by overwriting files that you delete with random junk.
- Encryption tools. Data can only be read with the correct key/ pass-phrase. Try to get one that also encrypts the filenames.
- Hiding. This kind of software completely hides files and folders, and in some cases even itself, from users who don't know the password.
- If you use Windows95, get TweakUI, which is part of the Microsoft PowerToys. It allows you to configure many security settings.
- Disk management utilities allow you to completely hide whole partitions from your operating system. Be careful with that though, because all partitions behind the hidden ones will change their drive letter! You may even use it on a boot disk so that anyone who wants to unhide your secret partitions will first have to get and install the application.
Do not use browser built-in newsreaders because they retain *very* telling hidden logfiles. If you do it anyway take the following measures (Windows 95 only, no info on other operating systems):- Netscape: To check the cache, type "about: cache" into the location bar, to check only for images type "about: image-cache". To get an overall view, type "about: global" (amazing, isn't it?!). To delete the list of currently visited sites under Win95 go to the registry for HKEY_CURRENT_USER/Software/Netscape/NetscapeNavigator/URLHistory,Erase the entries in the value-field (do *not* edit "Name"!). To clear the cache use "Options | Network Preferences", tab "Cache", click "Clear Cache". - Explorer: Press "Alt-X + O" for an overall view. To erase history files use menu Explorer, shows Folder History. Mark all data by pressing "Ctrl-A" and erase them with "Del". To clear cache use "View | Options", tab "Extended", click "Empty Folder"..
(Windows only) If you do not want to keep the pictures on your hard disk anyway, set up a RAM drive in your config.sys and target your download-path to it.Syntax: DEVICE=RAMDRIVE.SYS /E The content of this drive will be erased without trace every time you switch off your machine.
How may I increase my security on line? Use aliases (i.e. a handle that is different from your real name) when posting. Enter the alias in your newsreader's configuration menu, together with a fake email address. Use one or more aliases at the same time. If you use only one, change it from time to time. If you participate in non-porn newsgroups under your real name, you should consider using a different newsreader for those activities. If you don't, the day will surely come when you forget to change your newsreader's configuration, and accidentally post to AFOS under your real name. Configure your newsreader to automatically include the line: X-NO-ARCHIVE=YES in your headers. Not all newsreaders allow you to do that; in that case you may use it as the first line of the article body instead. This will at least prevent Alta Vista and DejaNews from archiving your posts. If possible, change your ISP from time to time. Try to find a news server that does not put your IP address in the article header when you post (that's in the line called "NNTP Posting Host"). True, that still doesn't make you untraceable to your ISP (and hence to the law, should they feel like it), but it makes it harder for private individuals to find you. It is also a good idea to use a news server other than the one your ISP provides. If at all possible, use one in another country. That would add a lot of administrative work for the law, if they were to go after you. They would need pretty strong motivation for that. Post in waves. Do not start a flame-war or a discussion with the "child-savers". Just ignore them. BE VERY CAREFUL WITH EMAILING! (See VIII.6). When you surf the Web, your browser will give out information about yourself and your system to all the servers you visit. If you want to see for yourself what your browser tells servers, go to: www.helie.com/BrowserCheck If you want to avoid this, you may go through a Web anonymizer service. It functions like a gateway and strips off all or some of the info that the browser will give to the servers you visit. There is a downside, though: some sites will not work when visited in this way, and also the service doesn't come for free. If you're interested, visit:www.anonymizer.com and check out their offer. Why do I have to be particularly careful with emailing? You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content Emails will always disclose the address they have been sent from. Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.). If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver). Emails can be intercepted and forged. But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: Use aliases (i.e. a handle that is different from your real name) when posting. Enter the alias in your newsreader's configuration menu, together with a fake email address. Use one or more aliases at the same time. If you use only one, change it from time to time. If you participate in non-porn newsgroups under your real name, you should consider using a different newsreader for those activities. If you don't, the day will surely come when you forget to change your newsreader's configuration, and accidentally post to AFOS under your real name.
Configure your newsreader to automatically include the line: X-NO-ARCHIVE=YES in your headers. Not all newsreaders allow you to do that; in that case you may use it as the first line of the article body instead. This will at least prevent Alta Vista and DejaNews from archiving your posts.

If possible, change your ISP from time to time.
Try to find a news server that does not put your IP address in the article header when you post (that's in the line called "NNTP Posting Host"). True, that still doesn't make you untraceable to your ISP (and hence to the law, should they feel like it), but it makes it harder for private individuals to find you. It is also a good idea to use a news server other than the one your ISP provides. If at all possible, use one in another country. That would add a lot of administrative work for the law, if they were to go after you. They would need pretty strong motivation for that.

Post in waves.

Do not start a flame-war or a discussion with the "child-savers". Just ignore them.

BE VERY CAREFUL WITH EMAILING! (See VIII.6).
When you surf the Web, your browser will give out information about yourself and your system to all the servers you visit. If you want to see for yourself what your browser tells servers, go to: www.helie.com/BrowserCheck If you want to avoid this, you may go through a Web anonymizer service. It functions like a gateway and strips off all or some of the info that the browser will give to the servers you visit. There is a downside, though: some sites will not work when visited in this way, and also the service doesn't come for free. If you're interested, visit:www.anonymizer.com and check out their offer.
Why do I have to be particularly careful with emailing? You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content Emails will always disclose the address they have been sent from. Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.). If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver). Emails can be intercepted and forged. But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: You do not know the receiver, do you? There have been cases of agents provocateurs trying to get people into mailing illegal content
Emails will always disclose the address they have been sent from.
Emails can easily be read all the way from sender to receiver. There are programs that can filter mails for specific contents (keywords, file extensions etc.).
If law enforcement searches the guy you mailed to, they will have your email address and your mails, too. Or someone else can discover them and may try to blackmail you (or even the original receiver).

Emails can be intercepted and forged.
But some people are exchanging email. Are they nuts? Well, maybe they are. But there are ways to make email pretty safe: Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone. To send and receive mails open a free account at:www.hotmail.com or:www.netaddress.com Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address. Do not mail anybody who isn't an active participant in the group. . Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing. Do not store mail longer than necessary. Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server. You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group. You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com or: remailer@replay.com. They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: Well, maybe they are. But there are ways to make email pretty safe:

Never ever email someone via your ISP's mail server. This will disclose your real email address to anyone.

To send and receive mails open a free account at:www.hotmail.com
or:www.netaddress.com
Use your imagination when filling out your application form. Do NOT use mail-forwarding features. If you do, you will have to give your real email address.
Do not mail anybody who isn't an active participant in the group.
. Do not send or ask for material whose legal status is at least questionable, unless you are *absolutely* sure about what you are doing.

Do not store mail longer than necessary.

Use PGP or equivalent encryption software. This will encrypt your message, will disclose the content only to the addressee, and will give you the option to sign your message so that your partner in communication can be sure that this message is really from you. Include your public key in your first post, or store it on a public key server.
You may find information and download links for PGP at the following sites:www.mbay.net/~jcking/pgp.html www.tkinson.demon.co.uk/crypto.htmNOTE: Please do *not* post PGP encrypted messages to AFOS. That is bad manners. Confine PGP to email, or if you need the greater anonymity of Usenet news, post to alt.anonymous.messages or some similar group.
You may also use remailers. Remailers are mail gateways, which strip off all relevant headers from a message so that it can't be retraced. Most of them do not support sending binaries, and there is a certain amount of lost mail. To receive further information about using remailers, send an email with the line "remailer-help" in the body (*not* in the subject line) to: remailer@huge.cajones.com
or: remailer@replay.com.
They will send back a detailed how-to. A web-based remailer is available at: www.replay.com/remailer/anon.html For more information, go to:www.well.com/user/abacard/remail.html
All this sounds like paranoia to me. Is it really that dangerous? Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!: Well, you will perhaps not become public enemy number 1 by posting to this group. But arrests for mere possession of " pornography" do occur. Go to: insight.mcmaster.ca/org/efc/pages/media/id.25jan96.html for a rather strange case. And accidents do happen. If you want to take this risk, it's up to you. But don't say you weren't warned!

[ Home |Back |Next |Author ]

Email: alphonso@postmaster.co.uk