Philotic Web

I just noticed that many funny (freaky, nerdy or otherwise boring) vids i would like to post here (and don't do so out of fear to spam ) i post them in facebook.
So... are you guys in facebook? did someone create a pweb page in there?

I know at least three people from Pweb that are on Facebook, that is me, Peterlover14, and Graff^, and I know there's a Pweb fan page on Facebook. I know there are more people from Pweb on Facebook, I can probably find out by reverse email lookups. With an email address, I can also find out other social networks that a person is on, if it's made public. Therefore, HIDE YOUR EMAIL ADDRESS!

Yet, Facebook has privacy issues. I know the IP addresses of both Peterlover14 and Graff^ from email headers from emails that I got via Facebook in February. Although this issue is fixed, the emails are already sent. And with those IP addresses, I can find out so much more about anyone, like your approximate geographic location. I can also do a DDoS attack with ICMP packets. So, second tip, use a proxy server.

They also make it that some things must be shared, including lists of friends and your profile picture. Let's add that Germany is suing Facebook over privacy issues. So if you're going to use Facebook, make sure you use it right.

Weird, I tried this whole reverse email thing, and got three different IPs for three different email addresses used on my computer.
Sonnikku, which engine do you use? I googled and used Spokeo.com.

Haha, I also got a fake photo that I put up on this one forum, as a photo of me, for a joke. I Lold so effin hard

All this reverse email stuff is kinda shocking, I didn't know email addresses could give so much information

All this reverse email stuff is kinda shocking, I didn't know email addresses could give so much information

That's why you should have different email addresses for different things

lol yeah

I have like three different emails.

Actually have more, but forgot there names.

From an email, you can get anything. I use this one to get their social networks. For IP addresses, I have to use email headers. Then I use this to figure out their IP address. What you're looking for is "Sender's Original IP."

From an email, you can get anything. I use this one to get their social networks. For IP addresses, I have to use email headers. Then I use this to figure out their IP address.

hah! none work on my emails it also helps that most often, when i sign up for webs that require my personal data, i give fake data. XD
How do you get the headers of an email?

I don't know how to explain it without going into a long, boring explanation, so I'll let you use this to find out how.

From an email, you can get anything. I use this one to get their social networks. For IP addresses, I have to use email headers. Then I use this to figure out their IP address. What you're looking for is "Sender's Original IP."

Lol
The email address works for my emails, for myspace.

However, I put fake information, like Jota. At least, I never put my real name. And I didn't put my exact location or city, but one close.

Still, I went back to my old myspaces and changed all my info.
However, something called rapleaf still has some of the previous info on one of my accounts. It didn't register my facebook, though.

@Jota: Great, paranoid, minds think alike.

Throwing around that you can DDoS someone is kind of pathetic. I also doubt two computers qualifies as "distributed".

First: Checked my email address on that website and it only gave my first name and my location (Las Vegas, NV, US). With the proper privacy settings, you're pretty well hidden on social networks. I chalk this one up to user ignorance.

Second: Ohhh man, you have my IP address. I'm soooooo scared. You'll be able to find out the block of addresses my ISP has registered under their own name, and maybe my own approximate geographic location.

Yes, you can DDOS me. I've had it done, because I hung out in the wrong places many years ago. I've also done it, because years ago I spent time learning about those things. But, you know what? The majority of people don't have to worry about it at all. It is akin to someone spraying your front door with a fire hose, so no body and no thing can get in or out the door. It is merely an inconvenience, not an inherent security issue. Eventually they'll get bored and go away. Plus, for the more technologically inclined of us, it is a trivial matter of getting a new IP address from the ISP as most everyone at home has a dynamic IP anyway.

The real issue is home user ignorance. They don't keep up with security patches (active security) and they don't maintain some form of passive security. They don't realize that their are privacy settings on social networks that can keep them hidden. They use the same crappy password on social websites, forums, and instant messengers as they use on Amazon, Paypal, and Google. They have security questions set up that can be answered by accessing information on social networks that they haven't properly set up the privacy settings for. An IP address is a direct link to a computer, yes, but it is entirely useless if you aren't stupid with your spread of information on the internet.

No need to spread paranoia with your script kiddie ways of finding out trivially easy information to find on people.

Back to the thread topic: Yes, I have Facebook. But I'm extremely selective of who I friend because of the information I put there. I have two people I know from pweb friended on Facebook.

No need to spread paranoia with your script kiddie ways of finding out trivially easy information to find on people.

+1

I don't think he means he would DDOS attack. Just that it can be done, but as Wil said, it doesn't make sense to do it to a single person, it's like killing flies with cannons. I understood it as a way to answer to the question that would pop out: "and what does it matter if someone can know my IP address?"

Also agree with Wil that the real issue is the absent-mindedness with which the regular internet user treats their internet privacy.
But anyone can fall into that... even i am growing complacent with my firefox+noscript. And that's not good... paranoia is useful in the web, right, Cen?

Also, the more people i put in my friend list in FB, the less infor i put available for friends I mean, the people who should have my phone number or my real address already have it XD And well, my city is small enough for me not to put up a real pic, so i didn't

Jota, I'm going to be personally insulted until eternity if you don't friend me on FB.




Okay, that's mostly a lie. But if you're willing, do it. FB is the only personal sort of website I can play on at the Circ desk.

I'm on FB. I'd friend any pwebber who can find me and sends me a request.

I'm on FB. I'd friend any pwebber who can find me and sends me a request.

And I thought I was special! : P

I'm on facebook too, and there is a page. I always forget that page exists though.

Ah, THIS thread is why I have a few new friend requests.

Sorry if I don't friend you, I have gotten a bit more selective with privacy settings and etc. since having kid(s).



ETA:

my own approximate geographic location.

I find this kinda funny cause you have your GPS coordinates as your location. So I really can find your exact geographic location! (I'm guessing that's not really it, though)

I should mention that you must be at least 20 years old for me to friend you.

I find this kinda funny cause you have your GPS coordinates as your location. So I really can find your exact geographic location! (I'm guessing that's not really it, though)

You would be correct in your guess. They are coordinates for Las Vegas, not my exact house.

My name is megxers and I'm addicted to Facebook. There, I said it.

I use facebook. I wish I didn't. But it is the best (sometimes only) way for me to keep up with far-flung friends. I don't friend people I don't know, and I'm not shy about ignoring people I don't see the need to friend (acquaintances, co-workers, students, professors, etc.). I friend friends, and that goes for pwebbers, too. I have a few pwebbers on facebook but they are generally people I have known for years and have had some sort of interaction with IRL (meet-ups, exchanging mail, phone calls).

Nothing personal, but I'm not into the "networking" part of social networking and I try to leave as little personal information lying around as I can. When facebook tried to force me to make all my interests into "is a fan of", complete with links, I just deleted everything.

First: Checked my email address on that website and it only gave my first name and my location (Las Vegas, NV, US). With the proper privacy settings, you're pretty well hidden on social networks. I chalk this one up to user ignorance.

Second: Ohhh man, you have my IP address. I'm soooooo scared. You'll be able to find out the block of addresses my ISP has registered under their own name, and maybe my own approximate geographic location.

Yes, you can DDOS me. I've had it done, because I hung out in the wrong places many years ago. I've also done it, because years ago I spent time learning about those things. But, you know what? The majority of people don't have to worry about it at all. It is akin to someone spraying your front door with a fire hose, so no body and no thing can get in or out the door. It is merely an inconvenience, not an inherent security issue. Eventually they'll get bored and go away. Plus, for the more technologically inclined of us, it is a trivial matter of getting a new IP address from the ISP as most everyone at home has a dynamic IP anyway.

The real issue is home user ignorance. They don't keep up with security patches (active security) and they don't maintain some form of passive security. They don't realize that their are privacy settings on social networks that can keep them hidden. They use the same crappy password on social websites, forums, and instant messengers as they use on Amazon, Paypal, and Google. They have security questions set up that can be answered by accessing information on social networks that they haven't properly set up the privacy settings for. An IP address is a direct link to a computer, yes, but it is entirely useless if you aren't stupid with your spread of information on the internet.

No need to spread paranoia with your script kiddie ways of finding out trivially easy information to find on people.

Back to the thread topic: Yes, I have Facebook. But I'm extremely selective of who I friend because of the information I put there. I have two people I know from pweb friended on Facebook.

First thing isn't intended for the people who know how to set up their privacy settings. It's a crack at Facebook's privacy settings being opt-out instead of opt-in. The average person still thinks that Facebook is looking out for them, which is untrue, and Germany is suing Facebook over this. Besides, you don't really want more spam mail, do you?

One more thing, Facebook has had private email addresses leak before. What makes you think it won't happen again?

On Facebook, your name, profile picture, gender, and networks are public, so if I find someone's Facebook, I immediately have a few more details on someone. People who are naive enough to put what Facebook "recommends" leave a lot more details out there, and that can lead to more details being found out, eventually leading to what someone thought was a secret being known by someone else. So I have your name, and I have your city, and now I find a phone book, and now I've found you.

You took the second thing out of context. The DDoS attack thing means - get a firewall and a router to block ICMP packets. The internet is becoming a utility, a necessity in life, so blocking DDoS attacks becomes more important. But an IP address gives a geographic location, I know you're near there. Won't give an address, but who cares about that? I explicitly said approximate location, why would I care if it wasn't hitting the intended target? What if I wanted collateral damage? So I said use a proxy server to screw up the results.

So someone wants to DDoS someone, will they stop? Well, probably 99% of people will, but that remaining 1% of people are just that darn stubborn that they won't stop.

First thing isn't intended for the people who know how to set up their privacy settings. It's a crack at Facebook's privacy settings being opt-out instead of opt-in. The average person still thinks that Facebook is looking out for them, which is untrue, and Germany is suing Facebook over this. Besides, you don't really want more spam mail, do you?

Google is pretty good at filtering out spam mail for me.

One more thing, Facebook has had private email addresses leak before. What makes you think it won't happen again?

I'm not too concerned with people having my email address.

On Facebook, your name, profile picture, gender, and networks are public, so if I find someone's Facebook, I immediately have a few more details on someone. People who are naive enough to put what Facebook "recommends" leave a lot more details out there, and that can lead to more details being found out, eventually leading to what someone thought was a secret being known by someone else. So I have your name, and I have your city, and now I find a phone book, and now I've found you.

Yep. But, I'm not one of those people that are super worried about people having my name, knowing I'm a guy, knowing what I look like, or where I went to school. Some people are. These are the people that are paranoid or have legitimate reasons for wanting privacy, and they are probably already aware of how insecure facebook is.

You took the second thing out of context. The DDoS attack thing means - get a firewall and a router to block ICMP packets. The internet is becoming a utility, a necessity in life, so blocking DDoS attacks becomes more important. But an IP address gives a geographic location, I know you're near there. Won't give an address, but who cares about that? I explicitly said approximate location, why would I care if it wasn't hitting the intended target? What if I wanted collateral damage? So I said use a proxy server to screw up the results.

It isn't quite that easy. Assuming it isn't just one or two computers doing the, as said above, distributing denial of service, then blocking and filtering ICMP packets is entirely useless. Why do you think large websites actually falter under DDoS attacks from time to time? The filtering software and hardware becomes so bogged down by the literally hundreds of thousands of requests that they can't process anything else.

So someone wants to DDoS someone, will they stop? Well, probably 99% of people will, but that remaining 1% of people are just that darn stubborn that they won't stop.

The 1% that are stubborn enough to be randomly DDoSing some random home user will likely find that the home user will call their ISP, since they have no idea why they can't get online, and after some finagling and standard "restart" nonsense, the ISP will force an IP change for that router to their network and no more DDoS attack.

Telling a home user to get a firewall/software to block and filter ICMP requests and to run everything through a proxy is like telling someone in the Sahara Desert to get flood insurance... stupid.

And that's not good... paranoia is useful in the web, right, Cen?

Paranoia is useful at all times.

The English in the thread title kinda urks me.

Jota, I sent you a pm about finding me on facebook. Write back!

From an email, you can get anything. I use this one to get their social networks. For IP addresses, I have to use email headers. Then I use this to figure out their IP address. What you're looking for is "Sender's Original IP."

Not only did it give nothing useful (it managed to ID a flikr account that I'd forgotten I even had and a google profile. for one of the three e-mail addresses of mine that I tried) but it even gave the completely wrong location for the IP.

The English in the thread title kinda urks me.

It's adorable.

From an email, you can get anything. I use this one to get their social networks. For IP addresses, I have to use email headers. Then I use this to figure out their IP address. What you're looking for is "Sender's Original IP."

Not only did it give nothing useful (it managed to ID a flikr account that I'd forgotten I even had and a google profile. for one of the three e-mail addresses of mine that I tried) but it even gave the completely wrong location for the IP.

Every address I try just says "no user info found" for the first one. The one address I tried for the IP finder it gave a totally wrong location. (shrug)

Luet, just wrote back Not having net at home because of silly internet companies not knowing their own silly business, so i can only use pweb from college >.>

Btw in my home IP (that is, when i used to have home net ), the IP was located in France, so that's pretty safe XD.

Will do, Alea ... btw, what's wrong with the english in the thread title?

You need a subjunctive "wouldn't" instead of "won't", and colloquially, a person is "on" facebook, not "in".

You need a subjunctive "wouldn't" instead of "won't", and colloquially, a person is "on" facebook, not "in".

Thanks for the correction

-shakes head- I tell you how to find the sender of an email from an IP address, and then you guys use it to try and find your own IP address from email headers... Or at least, that's what I can assume due to the crazy results. Based on that assumption, the effect would be that you're finding the initial sender of an email, and reporting it as your own IP address. However, I've tested two IP addresses given from email headers, and my own IP address, and two were in the same city as where the actual address was. And I knew their addresses because they were naive enough to give them to me. That's cause for concern.

Because I knew their exact geographic locations due to their naivete, I could check how far the IP lookup was from their actual house. The results are alarming. My IP lookup was 2.3 km away from my actual house and was in the same city. Peterlover14's IP lookup was 4.4 km from her actual house and was in the same city. Graff^'s IP lookup was 24.7 km from his actual house, very close in a rural area. All of these used no proxy server and used their actual IP address. So based on the data I have, IP addresses are reliable enough to find someone.

Since you're trying to use it to see your location from your IP address, I bet you'll get closer results if you use this. And don't change whatever is in the box either, as it should detect your public IP.

If your email address is private, it won't detect it. It means you know what you're doing online. Plain and simple. Yet I'm getting flak for telling the masses how to do it and advocating privacy. It's freedom of information, freedom of speech.

-shakes head- I tell you how to find the sender of an email from an IP address, and then you guys use it to try and find your own IP address from email headers... Or at least, that's what I can assume due to the crazy results. Based on that assumption, the effect would be that you're finding the initial sender of an email, and reporting it as your own IP address. However, I've tested two IP addresses given from email headers, and my own IP address, and two were in the same city as where the actual address was. And I knew their addresses because they were naive enough to give them to me. That's cause for concern.

Because I knew their exact geographic locations due to their naivete, I could check how far the IP lookup was from their actual house. The results are alarming. My IP lookup was 2.3 km away from my actual house and was in the same city. Peterlover14's IP lookup was 4.4 km from her actual house and was in the same city. Graff^'s IP lookup was 24.7 km from his actual house, very close in a rural area. All of these used no proxy server and used their actual IP address. So based on the data I have, IP addresses are reliable enough to find someone.

Since you're trying to use it to see your location from your IP address, I bet you'll get closer results if you use this. And don't change whatever is in the box either, as it should detect your public IP.

If your email address is private, it won't detect it. It means you know what you're doing online. Plain and simple. Yet I'm getting flak for telling the masses how to do it and advocating privacy. It's freedom of information, freedom of speech.

They weren't naive enough to give them to you, they were trusting.

Also, what is your point here? That you plan to stalk all of us? That it's shocking to you that an IP address shows where you live? THAT'S WHAT THEY'RE FOR!

It takes me one click to see your IP address on pweb, since I'm a mod, but that doesn't mean I'm going to spend $800 to fly to your house.
If you want absolute privacy, don't go online.

-shakes head- I tell you how to find the sender of an email from an IP address, and then you guys use it to try and find your own IP address from email headers... Or at least, that's what I can assume due to the crazy results. Based on that assumption, the effect would be that you're finding the initial sender of an email, and reporting it as your own IP address. However, I've tested two IP addresses given from email headers, and my own IP address, and two were in the same city as where the actual address was. And I knew their addresses because they were naive enough to give them to me. That's cause for concern.

Because I knew their exact geographic locations due to their naivete, I could check how far the IP lookup was from their actual house. The results are alarming. My IP lookup was 2.3 km away from my actual house and was in the same city. Peterlover14's IP lookup was 4.4 km from her actual house and was in the same city. Graff^'s IP lookup was 24.7 km from his actual house, very close in a rural area. All of these used no proxy server and used their actual IP address. So based on the data I have, IP addresses are reliable enough to find someone.

Since you're trying to use it to see your location from your IP address, I bet you'll get closer results if you use this. And don't change whatever is in the box either, as it should detect your public IP.

If your email address is private, it won't detect it. It means you know what you're doing online. Plain and simple. Yet I'm getting flak for telling the masses how to do it and advocating privacy. It's freedom of information, freedom of speech.

Also, what is your point here? That you plan to stalk all of us?

I lold at this point

My point still remains, use a proxy server or some sort of anonymity network. There are a lot of people who use PO Boxes, and this way, you don't have to give away your address. It's the same with proxy servers, they prevent giving away an IP address. So, Jayelle, you're saying it's wrong for me to use an anonymity network to protect my location when a PO Box does the same thing? It's wrong to try and get people to use anonymity networks with my experimental data to support it? Illogical. All these points I've been bringing up support using anonymity networks.

Whats wrong with a scientific experiment? Nothing. I can't run an experiment without getting baseless accusations of stalking? Makes me think the United States is a lot better than Canada.

Didn't I mention earlier that the internet is becoming a utility, a necessity for life for the world? Once again, disregarding previous points. If you wanted absolute privacy, you'd use an anonymity network like The Onion Router (Tor). But privacy comes at a price, a lot less bandwidth.

Is it worth it to argue a point when the concensus is against someone? Probably not. Is it worth it to argue a point when you know you're right and they're wrong? Oh yes.