Author Topic: MEMBER SECURITY RISK AT VESPIARY  (Read 6593 times)

0 Members and 1 Guest are viewing this topic.

WizardX

  • Guest
MEMBER SECURITY RISK AT VESPIARY
« on: May 15, 2020, 04:48:31 AM »
Vespiary has install web firewall software BitNinja.IO https://bitninja.io/ when using TOR.

Please, turn Javascript on in your browser then reload the page. Security check by BitNinja.IO

MEMBERS ENABLING JAVASCRIPT WILL COMPROMISE YOUR ANONYMITY AND SECURITY.

Offline Tsjanga

  • Donated!
  • Pupae
  • *****
  • Posts: 76
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #1 on: May 15, 2020, 06:42:26 AM »
Yes I just posted this in a new topic...
Well this isn't good for the users, could we change it back?

Offline CathCath

  • Subordinate Wasp
  • ***
  • Posts: 119
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #2 on: May 15, 2020, 08:41:36 PM »
so the proxy server i was using and paid now dont work to connect to the comunity, will see if its problem in the proxy or there have happen some changes in site politics ?

Offline Zippy

  • Founding Wasp
  • *****
  • Posts: 542
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #3 on: May 15, 2020, 10:00:18 PM »
Vespiary has install web firewall software BitNinja.IO https://bitninja.io/ when using TOR.

Please, turn Javascript on in your browser then reload the page. Security check by BitNinja.IO

MEMBERS ENABLING JAVASCRIPT WILL COMPROMISE YOUR ANONYMITY AND SECURITY.

Do you mean turn off javascript?

Also is it sufficient to just block it for this site?

Offline CathCath

  • Subordinate Wasp
  • ***
  • Posts: 119
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #4 on: May 15, 2020, 10:07:26 PM »
i already deleted it months ago as it was stoped of maintaince and some sort of strage updates was wanting to instal off, im not saying it for first time if you the target you cant escape modern technologies. Hope the problem goes away fast so less people will get on the radar.
« Last Edit: May 15, 2020, 10:20:57 PM by CathCath »

Offline maker

  • Subordinate Wasp
  • ***
  • Posts: 150
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #5 on: May 15, 2020, 10:55:08 PM »
I think that it is more likely that all of you who do the massive hide myself tech are probably better know to the NSA/whoever types. Heck, they have every email/every phone call. You think you are invisible?? I worry not so.
Just my thoughts, yours obviously is different.

I do not worry so much, I mostly attempt to make myself small in this world. They could come visit me tomorrow or not.
I actually think that they know that I am a nothing and not to be feared in this drug thing. Hell, I do not even make enough stuff to keep me happy along with a select couple.

Offline carl

  • Global Moderator
  • Founding Wasp
  • *****
  • Posts: 5,626
  • circular pastry filled with hazelnut crime
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #6 on: May 15, 2020, 11:01:39 PM »
I'm happy with my VPN.
Never got such a problem like you TOR users ???
I think anyways that the TOR stuff is not our friend, be wary of that.
I would suggest that you guys share information like it was the last day on Earth.  This information slowdown is all because of all that dumb unwillingness to share.  That is where the DEA is winning.  There goal is you not talking to each other.  Let the information flow.  I  promise we will always be 2 steps ahead of DEA chemists if we just keep sharing information
Quote
Real bees just hear the buzzing and it doesn´t ever stop. Ever.

Offline carl

  • Global Moderator
  • Founding Wasp
  • *****
  • Posts: 5,626
  • circular pastry filled with hazelnut crime
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #7 on: May 15, 2020, 11:53:49 PM »
so the proxy server i was using and paid now dont work to connect to the comunity, will see if its problem in the proxy or there have happen some changes in site politics ?
If that little idiot registers again to disturb the community, just report him, I will remove him forcibly then.
Don't get into an argument with him, he will threaten you with either beating, sending you TNT, or to get you send to prison.
He also threatened to take this site down... ::)
Don't ever argue with him, he is a little kid with too little education in school and too much free time on hand.

Or better: never argue with an idiot, he will pull you down to his level and beat you with experience.
I would suggest that you guys share information like it was the last day on Earth.  This information slowdown is all because of all that dumb unwillingness to share.  That is where the DEA is winning.  There goal is you not talking to each other.  Let the information flow.  I  promise we will always be 2 steps ahead of DEA chemists if we just keep sharing information
Quote
Real bees just hear the buzzing and it doesn´t ever stop. Ever.

WizardX

  • Guest
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #8 on: May 16, 2020, 02:48:01 AM »
Do you mean turn off javascript?

Also is it sufficient to just block it for this site?

As I have stated many time before, both here, the Collective and other forums, that javascript MUST be disabled permanently on sites such as this AND the DarkNet.
Now, the TOR browser has NoScript add-on installed, disable javascript in the TOR browser also. Do NOT rely on the NoScript add-on only.

I'm happy with my VPN.
Never got such a problem like you TOR users ???
I think anyways that the TOR stuff is not our friend, be wary of that.

The TOR topography was designed for anonymity, so threat actors (black hats, gov state hackers, script kiddies, etc) WILL use the TOR network in their hacking attacks.
Just as the TOR network can be used for hacking, SO can VPN's and proxies.
Advance/Elite hackers, hack networks and create botnets to hide their activities.

Offline hamsterbob

  • Subordinate Wasp
  • ***
  • Posts: 145
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #9 on: May 16, 2020, 09:41:04 AM »
Payed RDP to VPN simple.

WizardX

  • Guest
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #10 on: June 02, 2020, 04:39:37 AM »
Payed RDP to VPN simple.

Incorrect! If javascript is disabled the same message...

Quote
Please, turn Javascript on in your browser then reload the page. Security check by BitNinja.IO

...javascript RUNS client side (on your browser's PC side), so your vulnerable.

Offline iknowjt

  • Subordinate Wasp
  • ***
  • Posts: 112
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #11 on: June 12, 2020, 01:38:30 PM »
Payed RDP to VPN simple.

Incorrect! If javascript is disabled the same message...

Quote
Please, turn Javascript on in your browser then reload the page. Security check by BitNinja.IO

...javascript RUNS client side (on your browser's PC side), so your vulnerable.

Connected via TAILS, forced to solve several CAPCHA's.
If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?

Offline Hooloovoo

  • Slayer of Poppies and
  • Founding Wasp
  • *****
  • Posts: 538
  • It's not *my* fault
    • Don't use Google
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #12 on: June 12, 2020, 02:33:09 PM »
If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?

Browser fingerprinting, maybe?

I dunno - just spitballing.

WizardX

  • Guest
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #13 on: June 15, 2020, 12:03:27 AM »
If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?

Browser fingerprinting, maybe?

Browser fingerprinting, and much more.

Go to this site https://www.whatismybrowser.com/ with javascript disabled and then enabled. See the info it can gather.

Another is, https://panopticlick.eff.org/

Offline iknowjt

  • Subordinate Wasp
  • ***
  • Posts: 112
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #14 on: July 27, 2020, 03:02:16 PM »
If one is running on TAILS or behind a WHONIX gateway, what javascript command could be used to correlate or de-anonomize the user?

Browser fingerprinting, maybe?

Browser fingerprinting, and much more.

Go to this site https://www.whatismybrowser.com/ with javascript disabled and then enabled. See the info it can gather.

Another is, https://panopticlick.eff.org/

WizardX, by the way I am in 100X agreement with all of the concerns you raise and have admired you as a leader in our community for over 10 years.

And to be clear, I never questioned anyone or any site warning me that I must disable JS.  I learned C++, exclusively console programming intended for a career in matters closer to the bare metal.  Of course I know basic HTML, and have a grasp of the big picture.  I was just wondering if you could elaborate.
Browser fingerprinting usually involves cookies, client side js code executing dynamic content, or server side - all the other languages - .

But on TAILS even if all this data starts getting collected, it's perfectly generic, or near perfectly.  Since TAILS makes it almost impossible to customize anything.

I mean I understand the there could be a plethora of JS 0day exploits floating around, and sites built by 'the good guys' won't even allow you to proceed if they detect your JS is enabled.

My 'manifesto is at the bottom of this thread:'
https://www.thevespiary.org/talk/index.php?topic=15181.0

Please Note, if you get the chance,  the call to action proposal that I conclude my rant with.  It would be a win-win solution.  I see you are fighting for a just cause, and I want to help.



WizardX

  • Guest
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #15 on: July 29, 2020, 05:47:25 AM »
WizardX, by the way I am in 100X agreement with all of the concerns you raise and have admired you as a leader in our community for over 10 years.

And to be clear, I never questioned anyone or any site warning me that I must disable JS.  I learned C++, exclusively console programming intended for a career in matters closer to the bare metal.  Of course I know basic HTML, and have a grasp of the big picture.

I was just wondering if you could elaborate.
Browser fingerprinting usually involves cookies, client side js code executing dynamic content, or server side - all the other languages - .

But on TAILS even if all this data starts getting collected, it's perfectly generic, or near perfectly.  Since TAILS makes it almost impossible to customize anything.

I mean I understand the there could be a plethora of JS 0day exploits floating around, and sites built by 'the good guys' won't even allow you to proceed if they detect your JS is enabled.


My 'manifesto is at the bottom of this thread:'
https://www.thevespiary.org/talk/index.php?topic=15181.0

Please Note, if you get the chance,  the call to action proposal that I conclude my rant with.  It would be a win-win solution.  I see you are fighting for a just cause, and I want to help.

I'll post you as time permits. This post is public! The Vespiary » Site » News »


Offline iknowjt

  • Subordinate Wasp
  • ***
  • Posts: 112
Re: MEMBER SECURITY RISK AT VESPIARY
« Reply #16 on: July 29, 2020, 07:26:24 PM »
WizardX, by the way I am in 100X agreement with all of the concerns you raise and have admired you as a leader in our community for over 10 years.

And to be clear, I never questioned anyone or any site warning me that I must disable JS.  I learned C++, exclusively console programming intended for a career in matters closer to the bare metal.  Of course I know basic HTML, and have a grasp of the big picture.

I was just wondering if you could elaborate.
Browser fingerprinting usually involves cookies, client side js code executing dynamic content, or server side - all the other languages - .

But on TAILS even if all this data starts getting collected, it's perfectly generic, or near perfectly.  Since TAILS makes it almost impossible to customize anything.

I mean I understand the there could be a plethora of JS 0day exploits floating around, and sites built by 'the good guys' won't even allow you to proceed if they detect your JS is enabled.


My 'manifesto is at the bottom of this thread:'
https://www.thevespiary.org/talk/index.php?topic=15181.0

Please Note, if you get the chance,  the call to action proposal that I conclude my rant with.  It would be a win-win solution.  I see you are fighting for a just cause, and I want to help.

I'll post you as time permits. This post is public! The Vespiary » Site » News »



Understood. Thanks for the reply.