Michael Vasiliev <[EMAIL PROTECTED]> writes:
> 1. Change your online id to single-letter strings of just one letter, > Like: > > zzz zzzzzzz > > [EMAIL PROTECTED]
I suggest you take a look at advanced search syntax of google for a start. "Google Hacks" and book and j0hnny's website may be an interesting reading for you.
What makes you think I am not aware of that ? ;-) > > This makes searching by your name futile. Or do what I do and sign all > > your messages with 'Peter' or 'John'. There are about 100 million Johns > > out there and in case of identity theft they will likely take another > > John's identity. > > After wiping off my tears, I did this naive query: > > http://www.google.com/search?q=peter+plp+actcom&ie=UTF-8&oe=UTF-8 > > hitting paydirt at the very first obvious link: > > http://www.actcom.co.il/~plp > > Stealthy online presence indeed. The rest of the results look relevant as > well. Having your not very common name, should I continue on what would an > identity thief do next? You just proved that what I preach works. That page is ten years old and has not been actualized sice Y2K or so with small exceptions. The information therein is about as 'fresh', with exception of the code, which works, and gives it some credibility. My email address in plain on that page has helped train my spam filter to unbelievable perfection, scoring a solid <0.1% false negatives over the years. The lack of another homepage forces you to believe that that *is* in fact my homepage. That might even be true. Or not. But that could change now that you opened the subject. About name search: If many people use ids like [EMAIL PROTECTED] then searching by that will not yield results. At least not in the beginning. > > 2. Encode your birthday and snail mail address using a riddle that only > > a patient human can solve. Example: > > > > http://www.cogsci.indiana.edu/farg/harry/address.htm > > > > (I solved that but it took a while) > > How's that going to protect your identity? If by 'identity' you mean the information available to anyone on the internet then me and you mean different things with 'identity'. I am not playing this game for a variety of reasons. I am not a 'hacker' and usually do not wear any hat, nor do I pretend to. > > 3. Digitally sign your email. Not like the peasants do by adding four > > lines of gpg crud, put it in a custom header instead. > > Yum! Give me another tracking vector, your web of trust. I will be able to > pinpoint your location, interests, friends, business contacts...and measure > the pet paranoia level in bits, while I'm at it. Are you talking about my real web of trust or about one of the ones I am faking, if so, which one of them, and how do you know that what you found was not put there so you can find it. I'm not saying that it was, but suppose. Also how do you know if the web of trust you just hooked so easily is waxing or waning (never mind its initial role, standalone or aggregated with other issues, or whether it had such a role in the first place). Or whether it is a trap of some sort (see above about spam). > Do yourself a favor and next time you are going to distribute security advice, > don't insult the blackhats' intelligence while you're doing it. They have a > swollen ego, the very least, you'll be laughed at. They are smart enough to > do what they do and not get caught, what makes you think they are stupid > enough to not master the art of Google search? Thanks for playing, although this is not a game. The 'advice' was not security advice, which I am not qualified to give. Someone asked something and I answered. Basically what I advocated should prevent most script kiddies from having a fun day. It does not bring 'security'. John ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
