Fravia's anonymity lab
Every web step leaves traces

(Fravia demonstrates that you must be careful)
~
On the web "nomen est omen"
~
On this page
Visitors tracing | Data smearing | Dejasnooping |
Anonymous web searching | Anonymous web surfing | Anonymous web publishing
Cookies | Luring | Anonymity essays | Some other links

Other related pages of my anonymity Lab
[corporate survival] [stalking matters] [enemy tracking]
[steganography] [What Fravia knows about you] [Tweak your browser!]
[Anonymous e-mailing] [things that happen]

Guess which URL will this link connect to :-)

Version September 1999

The main intent of my 'Anonymity Lab'

The main intent of this section of my site is to SCARE YOU TO DEATH about the huge amount of data and private information33 you are 'smearing' around without even knowing it.
Tears fill my eyes when I see so many good and nice Internauts fall prey of crooks of all sorts (from nasty software producer like Micro$oft, who hide snooping secret functions inside their applications, through the main search engines you use, that gather your searching patterns and store them without warning you to the outright 'dirty' crooks that search and lure gullible simpletons in order to sell them fake religions or fake tits or whatever fake they have to push). Matter is that the NASTY aspect of this nether world of us is never enough explained. There is no law here. Only reversers, like we are, can eventually help the gullible and simple ones (and damage the crooks, which is great fun :-)

We fight of course more 'active' battles, as you'll learn on my [antismut] section, yet even the simple spreading of 'passive' knowledge can be very useful (knowledge, as Master +ORC has always said, is indeed a most powerful 'good' weapon), and we help, in this section, throwing our light on some of the 'hidden', 'dark' and 'mysterious' aspects of the Web.

You'll learn here some must-know anonymity concerns and some elementary counter-measures, yet, as you will see, the data you are leaking around are so many (and so valuable) that there is not really much that you can do, short of going undercover with a completely bogus identity... which is something that you will probably want to do after having read all this :-)

Where d'you wanna go, bud?

Wanna [trace] your visitors or learn how much info you are [smearing] around? Would you like to [snoop] their profile or [search] anonymously on the Web? You may even get acquainted with some [cookies] little tricks or [lure] your enemies into a trap. If you do not understand much, you better read first just how many [traces] you leave when you browse and how you can simply [send mail anonymously] on the web... you'll understand all the rest later.
There are also some [Anonymity essays] that you may find interesting, and of course you may enjoy the [Ah Ah! Die cookie die!] section of this page as well :-)
Else you may enjoy having a look at some [things that happen].

No anonimity, I regret

This section of mine about the traces you leave on my own servers was growing bigger and bigger and has been moved to my
What Fravia knows about you
page, where all (scary) tracking possibilities used today will be discussed and some countermeasures will be analysed.

You leave traces, I said Ahi! Your precious data!
The harddisk problem
Some of the files that are on your computer (and that recent browsers can send over the Net WITHOUT telling you anything about it :-) might become interesting for adversaries, or the plain curious, or the bastards that want to sell you beer, or tits, or religions or cars:

AUTOEXEC.BAT
Contains details of the locations of many important things on your computer system, among other things, the PATH variable will show where are your tools.

SYSTEM.INI
Contains still more details about the locations and software that you are running on your system, as well as other personal things that might be helpful for rogues to find out - like preferences and the like.

USER.DAT
(On my computer, right now: 286692 bytes as c:\windows\user.dat and 286692 as c:\windows\user.da0, which is created as 'reference' when you set your computer on).
This is one mighty important file. You better be prepared to get some cheap thrills about this one... if you did not already know about it.
Inside this monster there are masses of data about you: the last few dozen places you've visited on the Internet, your name, email address, telephone number, various user ID's and passwords, details about software you use and your preferences, locations of files and folders, and literally hundreds of other personal things. You don't believe me? Here are some (very small) snippets from my own user.dat

000A0030005374617274205061676568      0 Start Pageh
7474703A2F2F6F7572776F726C642E63   ttp://ourworld.c
6F6D707573657276652E636F6D2F686F   ompuserve.com/ho
6D6570616765732F6672617669612F01   mepages/fravia/.
...
000000000005003F0075726C31386874           ? url18ht 
74703A2F2F7069706574612E6368656D   tp://pipeta.chemi
69612E706B2E6564752E706C2F707562   a.pk.edu.pl/pub/m
2F6D6973632F6578652D756E7061636B   isc/exe-unpack/dm
2F646D7065786531322E7A6970010000   pexe12.zip
...
01000000000000000A0010004C617374               Last 
2047726F7570616C742E66616E2E6267   Groupalt.fan.bgc
63726973697374757265732E65726F74   risistures.eroti
6963612E616E696D65180100004B0002   ca.anime     K  
...

There you are with your privacy concerns: your starting url, all the files/urls you accessed (above you can see as 'url 18', that I downloaded smpexe12.zip from pipeta) and even the very unencrypted names of the usenet groups you have been playing with lately...

YES, I wanted to scare you, you better have a look at your own user.dat asap, btw, make a local copy of it (from your c:\windows\profiles\Yourself) and browse it using Ultraedit. You'll be amazed at the wealth of information about yourself that this huge database helds... among other things all the search strings you have recently used!
So, what can you do?
Not much, anyway you can try: First make a backup of your "real" user.dat, and call it ggs541.myn or whatever, just in case.
Second see if you find somewhere a "clean" installation user.dat (usually -on corporate machines- under /windows/profiles/instw95 or similar)... you may 'steal' a ready made one from some other machine or profile (you better choose wisely :-)
Third, after having thoroughly checked everything inside it, just in case, substitute routinely your real one with this 'bogus' and 'clean' one.
Don't let your data slip anew! You better write a simple batchfile (see my corporate survival tricks page) to automate this tedious task.
(On my computer, after the 'cure': 86168 bytes as c:\windows\user.dat and 65688 as c:\windows\user.da0, which has been re-created as 'reference' after I have resetted my computer on). Of course you may not dispose of a clean user.dat file and you may have to reinstall windows ex-novo in order to get a clean user.dat, and this would not be such a bad idea after all! Nothing like a nice hard-disk "deep level" formatting every couple of months to keep your harddisk fit, destroying as well all those tracks you are smearing around without noticing it :-)

Morale: keep your sensitive data ON THE WEB somewhere where nobody in his right mind would ever look, nor understand them even if he did (say steganographed inside the dull images of a bogus page like "me and my little dog Barkie" :-) they will be MUCH more safe there than inside your own harddisk!

SYSTEM.DAT
(On my computer, right now: 748252 bytes as c:\windows\system.dat and 748252 as c:\windows\system.da0, which is created as 'reference' when you set your computer on).
Even worse than the above! Once again, lots more personal details, including also the location of all your windows passwords (login, screen saver, network, LAN, etc), every conceivable thing about your computer, its hardware and setup, and full details of all the software you're using or you have ever used (!) on your computer.
You'll notice perusing this little monster the huge amount of wasted bytes occupied by Micro$oft's converter strings and messages. If you ever wanted a clear example of the 'messiness' of the poor operating system we are all compelled to use, just look at your c:\windows\system.dat overbloated register.
Note also that there is a section of this crap (install information section) where you'll have the surprise to find the NAMES of all applications you have installed in the last couple of years (at least :-) on your computer... I have perused it right now in order to write this text, and I constate with stupefaction that I must have in fact installed and/or run on this machine -quite sometime ago- an impressive lot of crap that I had already forgot I ever had:

AW.EXE		AWUSRFNC.DLL	BD.EXE		BD.ADV		BLADE.BAT	
BLADE.DAT	BIOFORGE.EXE	KEYCODEE.DAT	BO.BAT		BO1.EXE
C.BAT		MISSION.DTA	CAPHILL.BAT	CAPHILL.GL	CARPET.EXE
BULLFROG.LBM	CCHELP.EXE	CCSETUP.EXE	CKTEST.EXE	CKTEST.HLP
CHECKIT.EXE	CHECKIT.CNF	CL.EXE		QLIB.EXE	COASTER.EXE
COASTER1.RSC	COMANCHE.EXE	MISSION.DTA	CR.BAT		JIGGSBIG.ANM
CPAV.EXE	CPSCHED.EXE	CPBACKUP.EXE	CPSCHED.EXE	CYCLONES.EXE
DEARJ.EXE	DEAD.EXE	DEADDEMO.DAT	DEMO.EXE	DFDEMO.BAT
DFDEMO		DOGNAPP.EXE	GAMEMAPS.RR2	DS.BAT		TOSTEXT.BIN
DS.EXE		NDD.EXE		DRACULA.EXE	SETDRAC.EXE	DRAGON.BAT
DRAGON.EXE	DL.EXE		DL.EXE		DRAGON.EXE	ELFISH.EXE...

And there are more and more pages of software denominations I will not annoy you with, and a couple of surprises: I for instance absolutely DO NOT remember having ever installed anything like DRACULA.EXE it really beats me what the hell that's supposed to be!
(of course -cela va sans dire- all those other games have been installed only in order to study their protection schemes... :-)

*.PWL
Located by knowing your username, or by looking up the above file. Inside here are all your passwords. These are easily decrypted (if necessary) on any laptop with SAVE-TO-DISK features and a disk editor.

nsform??.TMP
All the data inside every Netscape form you've ever submitted, with and without SSL, when the submission failed or was cancelled.

Inbox, Outbox, Sent, Trash
A complete copy of all your incoming, outgoing, sent, and soon-to-be-deleted email. All in plain text without any encryption. I hope you're using PGP ! (I do not, because even that will not always work, see below)

SECRING.PGP, Secring.SKR, .ASC, etc
Your secret keyrings, if you do happen to be using PGP! These are protected by your passphrase, so I hope you've got a realllllly long one, and it's not something any average cracker will be able to pick, and you're not running any keypress macro recorders or typing sniffers, and you've not got any Trojan Horses or Password Targeted Viruses busy siphoning off your passwords and passphrases, and you trust all the software you run on your PC, even Micro$oft's recent "on line sniffing programs"

MsWord, Excel, Access, PowerPoint
All these programs, as well as windows itself, cache the filenames of the most recent documents you have been working on. This leads any attacker directly to your recent work!

/etc/passwd
One for the Unix folk. Running a cracking probe against this file will usually reveal dozens of usernames and passwords to anyone who wants to play with you or your users.

mm256.dat and mm2048.dat
See the specific page about these two Micro$oft's monsters that are haunting your own computer (5 megabytes of concealed activity!)

Wanna have some "fun"? Type the following inside your Netscape URL window (Location):

about:memory-cache (you'll see the memory cache)
about:image-cache  (you'll see a list of the cached images...)
about:global       (you'll see global history entries)
about:cache        (you'll see all disk cache statistics)
about:document     (you'll get a new window with info about the current document)

Fun, eh?

You are being cracked
Have a look at

DejaNews there you'll quickly discover how many indications about your interests can be gained by EVERYBODY just checking your usenet comments and mail (another good reason to use ALWAYS anonymous remailers)... this is really scary! Looks like the ideal playground for "blackemailers". All the search engines are slowly building huge databases with your preferences, they also react immediately to your search patterns... if you search for "tits" on Yahoo, you'll get some hideous pub about (not free) smut-services, if you search for "job", you'll get some hideous pub about (not-free) career services... do you really believe that all these data (about you) will be ever erased?

But we can try to 'stalk' Dejanews... have a look here

How to search anonymously
All the main search engines KEEP TRACK of your search strings and of your activity. There are on the web (very interesting) "search strings depots", listing the most used search strings (yes, you have guessed it, they are mostly sex-related) and you can even see 'on-line' the search actions performed by some users (on some search engines) that do not know that you are 'watching their search' while they perform (and refine) it... this is great fun. Another way to get at the search strings that people use (which may be very well thought little masterpiece of 'exact' searching, useful to learn the difficult art of searching correctly) is the "klebing" method, explained elsewhere on my site.
As I have already explained in my "how to search" lessons, search engines are only ONE of the search strategies and approaches you can use. Yet their importance cannot be underestimated (that's the reason more and more search engines are popping up like fungi nowadays) and you better learn how to defend yourself from their tracking mechanisms. You should always try to use a dynamic IP (like compuserve or aol: your IP address and host name should always be the more anonymous and "neutral" you can get, if possible without any 'national' tag as well... see below Lord Caligo's lesson and my comments on how to get 'bogus' IP-dynamic host names :-)

Anyway, for the more paranoids (or the more careful) among you, here is a link to the

anonymized Altavista search form
(Courtesy of fravia+... do not leave your tracks around!)

Of course no real anonymity section would be complete without an explanation of the above anonymizer...

Anonymous surfing Crack the tricksters

You better begin to surf the Web anonymously if you want to be an "old" cracker. The anonymizer will allow you to do it whenever you feel like it. You actually do not need to visit the anonymizer page: just remember, when you smell a rat, to precede the *exact and complete* http://... address you want to visit, writing (even per hand in the "address" field of your browser) "http://www.anonymizer.com:8080/" before it. The spiders will then track your visit as "niobe.c2.com", or something similar. Are there other "...:8080" URLs that allow this kind of anonymity? Yes, many server (even if they do not realize it), just find yours if you do not trust the anonymizer (btw, :8081 works as well, only with less "concurrence" :-)

I'm sure you'll appreciate the fact that you may nowadays telnet using a fake proxy! Indeed there exist now a "Java Telnet Proxy Server" that will allow a telnet applet connecting with any server on the Internet!
Here it is at

netobjective
And you can even choose the port!... Your little cracker's heart understand what this mean as well as I do, don't you? (and even if you don't understand now why this is QUITE important I'm sure you will in due time :-)

Back to the top of this nice page

Cookies (and crookies :-) Crack the browsers

We live in a world where software (and hardware) developments are neither documented nor care to tell their user what's really going on under the hood (and under the hoop). Still not convinced? You still believe that the society you live in cares from something else than pushing you around along paths and patterns you are not even supposed to see? Well, if it is so, cookies may represent a very instructive example for you.

The Jar for your cookies
Use Netscape, like all sensible reversers do, DO NOT USE MS-Explorer: Micro$oft's Trojan Web_horse does not allow you to see its own traces, it's terribly slow in all its version, it is even more bugged than Netscape's Navigator (how they could pull even more bugs than Netscape really beats me :-) and, globally, Micro$oft's products are only good for lamers and people that has been brain-washed by frills and advertising, as you'll learn perusing the material inside +HCU's project 9, the "Micro$oft bashing" project.
So use your good, relatively old and relatively stable Navigator version 3, that you may merrily reverse (in order to use its hidden functions to your advantage) using the material inside +HCU's project 5 that deals with Netscape cracking (and the many 'surprises' that are hidden inside the browsers you are using.
OK, start your "cookies discovery" trip! You'll quickly see how very simple cookies (and there are much more nasty things around, thank Javascript) can lay some eggs inside your harddisk (inside your "cookies.txt" netscape file).

Cookies -together with Javascript programs and Java applets- are the *FUTURE* of reverse engineering.
So study them. Here is the coveted

entrance to my cookies (and robots) pages

WARNING! Some of the cookies and of the secret robots pages are MICROSOFT EXPLORER HOSTILE

You may of course use Netscape, if you want (Best version is version 3 NOT version 4), but if you want to browse with a fast, complete and agile application (LESS than one million bytes! MUCH more fast and MUCH more configurable than the overbloated duo), you better download Opera right away... you'll never go back to the big Browsersaurii!
Anyway I'm warning you: don't use Micro$oft's puke on my site!
(Watch it! Some pages just "play" hostility, some are seriously hostile, so: don't complain you have not been warned! :-)

Click on this to see three simple anti Micro$oft Javascript applets

BTW, you may like to know already now which kind of cookie my pages will plant inside your computer, don't worry, it's an harmless little thing and looks like this (you may check later):

/fravia	FALSE	872928000	fravia_cookie_noanon_page 	1

Ah Ah! Die cookie die!
As you (should) already know, the best way to eliminate once for all any cookies planting possibility is to create a directory cookies.txt inside Netscape's directory (where the file cookies.txt originally is). This directory will get a GREATER priority than the targeted file, and all cookies will be therefore sent to dev null. Ah Ah! Die cookie die! Once you have created this new cookies.txt directory you may quietly reset "Options"/ "Network preferences"/"protocols"/"show an alert before accepting a cookie" to NO, in fact the sites that you will visit will "believe" that they planted their silent cookies in your hardisk, and let you through without delay, yet you will know that no cookie whatsoever has been planted. Ah Ah! Die cookie die!

Let's find out who Crack the enemies

Internet

Address finder

Stalker page You may want to have a look at my counter measures page or, more directly, at my enemy tracking page, or, for some other funny tricks to my corporate survival tricks page in order to grasp even better some useful techniques and approaches, yet you'll find tricks all over my site, for instance on the links page, and of course on the search engines page and inside all my "how to search" lessons.

Common tricks to lure wannaby anonymous surfers Crack the lamers
A common (in our trade) trick to lure wannaby anonymous surfers is the "fake page" trick: here is it is (courtesy of fravia)
1) set up a page which is not connected with any other page
2) put some goodies on it that the target needs badly
3) write (remailing) to the target and tell him to download the goodies
4) target downloads... he will be one of the very few(*) that your spiders will track on the "fake" page in the following days

(*) Yes, he will not be the only one... somebody else will nevertheless come and visit your "secret" page:
1) a robot i.e. an automated spider looking for pages or information, logging, for instance, from Yahoo, but could also be private (the older ones use funny spiders, BTW) mostly these spiders are simple automated "logging in" from a remote server... and yes! There are ways to "catch" them and "reverse engineer" the kind of info they are carring away: Master +Alistair has long ago promised a tutorial on this strange art, let's hope he'll write it asap :-)
2) a seeker (these are the guys that always check the full directory of a URL location just in order to find hidden pages there, simplest way is to use a /.rt command), or
3) the server administrator slaves.
But these few occurrences apart, you'll get a lot information about your "anonymous" target (or your enemies will, if *YOU* are the target)

The Anonymity Essays

Fravia's Anonymity Academy

Well, this new section begins with some very interesting essays by our colleague and friend LordCaligo, I hope to receive more contributions from all the anonymity wizards among my readers... else I will start writing and adding some new essays myself... in the mean time you may also find interesting my how to search the web lessons, where I discuss subjects like 'combing', 'klebing' and automated retrieval of information through intelligent agents, all matters which may be quite relevant for anonymity purposes :-)

FAA: PHASE A by LordCaligo, 8 November 1997

How to create a webpage with controversial contents (FAA_001)

FAA: PHASE B by LordCaligo, 21 November 1997

How to have free access to the net by fake-accounts (FAA_002)

FAA: PHASE C by fravia+, 15 June 1997

Concealed and hidden files inside your own computer
First essay: What's behind Micro$oft's mm256.dat and mm2048.dat files? (FAA_003)

FAA: PHASE D by MML, 23 September 1997

Reversing Governmental Polices: Internet access for the masses
Get access passwords sent to you and browse anonymously (FAA_004)

FAA: PHASE E by -the_gonz, 25 November 1998

An easy way to stop the guys (from Redmond) to snoop data inside your harddisk
An hardware attempt for more safety while you�re out on the web (FAA_005)

FAA: PHASE F by a295225(at)hotmail, 25 June 1999

Better E-Mail Anonymity
The basics of SMTP and telnet used to explain how to enhance anonymity (FAA_006)

Anonemail section

FAA: PHASE G by +Zer0, 24 September 1999

Making an anonymous mailer
Messing with data structures (FAA_007)

Anonemail section

Janus

Wanna check the nice URL below? (Discover Janus' services...)
http://www.rewebber.com/surf_encrypted/MTAGtqqMSQPXgerK+zzE4o+YXD9iiYG1YZ6BzeY30IejBq4N14oyXtN7EErAqkCNahXInIfsF8IUMytcUBP3v3GQgLyfof1tagnZK6K6LOZvhJgcrG+h2evioU2Pz59DGgk=

Some other links

How to mail anonymously:

How to post anonymously:

How to surf anonymously:

How to publish anonymously:

How to search anonymously:

Anonymous web searching

Privacy on the web, never ending links

I will remind you of THREE useful digests related to privacy (and general 
interesting reversing things :-)
* The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is 
  comp.risks. Peter Neumann of SRI International is the moderator of 
  this excellent and renowned Internet digest. 
  Read RISKS as a newsgroup (comp.risks or equivalent) if possible and 
  convenient for you.  Alternatively, via majordomo, SEND DIRECT E-MAIL 
  REQUESTS to <risks-request@csl.sri.com> with one-line, 
  SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
  INFO     [for unabridged version of RISKS information]
  The INFO file is also obtainable from
  http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
  ARCHIVES are available: ftp://ftp.sri.com/risks or
  ftp ftp.sri.com
  login anonymous
  [YourNetAddress]
  cd risks
* The PRIVACY Forum is run by Lauren Weinstein.  It includes a digest (which
  he moderates quite selectively), archive, and other features, such as
  PRIVACY Forum Radio interviews.  It is somewhat akin to RISKS; it spans
  the full range of both technological and nontechnological privacy-related
  issues (with an emphasis on the former).  For information regarding the
  PRIVACY Forum, please send the exact line:
     information privacy
  as the BODY of a message to "privacy-request@vortex.com"; you will receive
  a response from an automated listserv system.  To submit contributions,
  send to "privacy@vortex.com". 
  PRIVACY Forum materials, including archive access/searching, additional
  information, and all other facets, are available on the Web via:
     http://www.vortex.com
* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
  run by Leonard P. Levine.  It is gatewayed to the USENET newsgroup
  comp.society.privacy.  It is a relatively open (i.e., less tightly moderated)
  forum, and was established to provide a forum for discussion on the
  effect of technology on privacy.  All too often technology is way ahead of
  the law and society as it presents us with new devices and applications.
  Technology can enhance and detract from privacy.  Submissions should go to
  comp-privacy@uwm.edu and administrative requests to
  comp-privacy-request@uwm.edu.  (For example, vol 13, issue 031, 23 Dec
  1998, has a long item on random credit-card fraud via small charges.)
There is clearly much potential for overlap between these digests.