fobegano.htm: How to search the web, by fravia+ fobegano

~ For beginners ~

				For beginners

Version November 2000

[Elementary anonymity steps for beginners] [When posting on Usenet]
[When they dare to spam you (and you have some spare time)] [When you search]

Elementary anonymity steps for beginners
by fravia+
How d'you begin a "crash-course" in anonymity lores for beginners? Ah! Parum tuta per se ipsa probitas est! Let's just be frank and direct... let's use a lore... sort of...

"Yep!" - said fravia+ - "so you want to understand why anonymity is important? Easy, just read on:... I believe that each time ANYBODY asks you for some personal info you should by all means do a mix from the following":

You NEVER give real info, no matter how pressing they are - unless you really - and I mean REALLY - know what you are doing. You can bet they are going to use those data / sell them / throw them to the wolfes.
You should ALWAYS lie so much that your falsehood cannot possibly be outdone. It's great fun and, as you will see, it is pretty useful - surfing to-day's web.
To begin with, you should already have found some "alternate" personalities - it should possibly be somebody that 'almost' really exists: fetch data from any personal pages on the web... see geocities and fortunecity for hundreds of ready made "dull" lifes, you'll have "visited schools", "year of birth", name of the beloved one, everything... those pages are real goldmines in order to fetch valuable lusers' info. I personally found also all those "bride for sales" pages very useful as well for 'identity gathering' purposes. They give fotos, biographies, cities of birth and whatever else you need to get a faked bank account in Groenland...
The oldest trick is indeed quite effective: just take a book from your library and have a look at the data there. Let's say you are working and accessing the web from the States... I could fetch - here behind me - "Using assembly language" by Allen L.Wyatt. Let's see: look! This book is edited by Que corporation (on a side note I think this is about the only book worth buying from this crappy editor :-). And see here, on page 2: Bingo! Que corporation: 11711, North College Avenue, Carmel, Indiana, 46032. You are done: Let's say your new identity is - Nescio N. Nomine, 11711, North College Avenue, Carmel, Indiana, 46032, United States (that's a country in North America, duh).
You can keep the "Nescio N. Nomine" part, but if you are accessing the web from - say - Germany, you better use a german book of course (and so on mutatis mutandis). Let's see what's here behind me... a nice one: Joachim Schildt & Hartmut Schmidt Berlinisch, edited by the Akademie Verlag Berlin in 1986, which has the added advantage of being a "disappeared" Geografical location: See: Berlin, 1086, Leipzigerstrasse 3, GDR (German Democratic Republic: gone for good, I'm afraid :-)
Great fun to tease data-collectors feeding them such "disappeared" places: Chekoslovakia, Yugoslavija, GDR... It will take some time before they come clear with that.
Now you surely dig it: wherever you live find three-four LOCAL COMPLETE REAL EXISTING ADDRESSES (unless you want to tease :-) and learn them by heart. You'll use them from now on for EVERYTHING on the web, unless you are really compelled to give out your real name (which should NEVER happen if you are clever enough :-)
First thing you do with your new "faked" identity: you open half a dozen addresses on yahoo.com and other "free" email providers. You'll not need to give much info away (you'll give the faked one, access them from a proxy) but they will find out who you are nevertheless THROUGH THE EMAIL YOU WRITE. Of course no one here is so na�v to believe that 'free' email providers provide email possibilities for altruistic reasons... eh?
So what? This is not -by far- "real" anonymity, it is just a "preparation phase". You'll learn more advanced techniques in due time. To begin with, just play with them. Use those "free" email addresses (chained or through the autoresponder / autoforwarders) as feedback for page providers or sites that require you to have a "working" email address. Finally note that some "free" email addresses hqve the "org" suffix. These may be useful for those cases where they may require you to sign using an email addresses without any "com" suffix.
You should ALWAYS give completely faked credit card numbers, use cc_gen.zip if you don't know how to fake credit card numbers on the fly by yourself (the algos are very easy to crack). In general I have found Eurocard/Mastercard with a "valid thru" date 4-6 months from your current time to work best.
You should NOT feel bad in the least to lie like a madman to anyone who dares asking your data: such people are just scum that will use EVERYTHING you will tell them for profit the very moment you do, and they don't even have the decence of admitting it. Screw them black and blue, such clowns deserve far worse than that: never believe for a minute that their 'privacy - pleads' about how they will "never use your data" are anything else than cheap sarcasm.
Alternatively, when you (have to) "choose" some options from a menu ("Your income", "Your profession", Your "State" and so on) ALWAYS choose the first option you encounter, whatever it is: State=Afganistan, Income=less than 15 USD per year and so on. Screw them. If you want to play with them, there are some funny logistical options like "American Samoa" "Fortune and Wallys Islands" and so on... the possible option "other" that you may find on these menus is also great, because you will get these idiots thinking hard about updating their options' palette, adding even more idiotical crap to the possible choices.
An exception to the above: When you decide to use a bogus 'predetermined' identity (i.e. for instance Nescio N. Nomine, 11711, North College Avenue, Carmel, Indiana, 46032, United States), then keep COHERENT with the (faked) data you give, stick to them. This will make things even more difficult for those that want to steal and sell your data.
But you don't need to be pseudoanonymous at all if you are really nasty. Quite the contrary: remember that in the frenzy to put up an "e-commerce" most commercial sites don't have any provision whatsoever to check the real commands flows. Errors are not only possible, but frequent. Chances are that if you point out that you never ordered some of the useful goods you have somehow received (commanded by someone you don't happen to know through an ad hoc account - which has been accessed through proxies and will never be reused again - yet sent to your real address with your real cardnumbers) they wont be able to prove that you actually really did order them. They will ask for a restitution, of course, whereby you just sit on those goods and wait until they will send you over enough money to cover the costs of sending back the goods you "so wrongly" received. Any publicity about this would harm the new holy e-business, so you'll soon notice how they will bend backwards to help you 'sort things out'.
Anyway don't try this, it is not ethical, it would enable you to use that PC, watch that TV, read (and scan) those books, burn those games on your cd-roms in the meantime ("Of course I opened the packet... I wanted to see what was inside it!"). So don't do this: such an attitude would not be very correct vis-�-vis the growing new branch of our smart e-business entrepreneurs

Yep!" - said fravia+ - "this is but the beginning..."

When posting on Usenet
by fravia+
Never, never, never use a working email address.
When posting news items use a From: or Reply-To: address like the following ones:

bounce@[127.0.0.1]
bounce@localhost
postmaster@[127.0.0.1]
postmaster@localhost

This will frustrate spammer programs, that are actively grepping email addresses on usenet. There are LISTS of grepped email addresses that are sold by the spammers' masters to the stupid zombies that really believe they can make money that way.
[127.0.0.1] and localhost are synonyms for "the current host". If you're lucky the first two addresses will cause a bounce on the sender's machine as it tries to deliver to the non-existent user bounce. The last two addresses will cause the spam to be delivered to the email administrator of the machine sending the spam. If you're lucky that will be the ISP and not the spammer themselves.
In general use different email for different activities (one for real life, one for posting on usenet group A, another one for posting on usenet group B and so on. There are so many "free" email providers that you can have an infinite number of addresses, using the real one to 'pick' from those that you are using on the web - through pop for instance - and never using it directly.
Note however that ALL 'free' email addresses do use the data and the content of your mail for 'insider trading' and statistical building purposes (that's the real reason they offer you email for "free", duh) so never use these email for sensible data (never use the web for sensible data, for that matter), and learn to use pretty good privacy just in case (version 5 is the last one without backdoors and works fine on windoze).
So that you can be contacted make sure your posting body includes a signature that gives a working email address, in an encoded form - to confuse automated address collectors that scan news article bodies as well as article headers.
Here some good examples:

fravia(at)operamail(dot)com (WARNING: this is now 'deprecated', since some new grepping bots translate it into a working email address)
fraviaAToperamail!com (note the "!")
fraviaNIRGENDSoperamailNIRGENDScom
[email protected] adding, on the line below,
Cut a "fravia" to answer
fravia__A@T__operamail.com adding, on the line below,
To reply by email, use "@" not "__A@T__"
fravia(ThatfunnycharacteryougetwhenyouuseALT+64)operamail(thekeybeneaththe3)com

And so on... have fantasy, screw the spammers.

When they dare to spam you
(and you have some spare time)
by fravia+

Another good technique with commercial spammers if you have time enough is to retaliate, wasting as much of their time and resources as you manage to do. This wont help you much, but it is great fun. Use their toll-free telephon number and tell them you want to buy whatever gods / tits / cars they are selling. Chat a lot, let them call back you, let them send you a representative. Then just change your mind.
If you are good at social engineering you can get some real email addresses out of them ("...mmm, hey Liza, how can I reach you in a hurry if I decide to buy another item -just like the one I'll now buy for myself- for my buddy Charlie?"). If you manage to get a spammer's real working email address it's the jackpot! You can then slowbomb him for the eternity.
Alternatively just flood them with order made using bogus credit card numbers and faked identities: let them deliver their goods to a big house full of people that barely speak english and where at least 200 individuals have the name -say- "Chan" you purposedly used to reserve the goods (or whatever name/immigrant combination applies to your country). They'll go nut because they will never be able even to understand that somebody simply retaliated.
There are a lot of tricks you can devise to drive the commercial spammers nut if you have enough time, phantasy and dedication, but imo the best approach (the same you should use when commercial bastards dare to phonecall you) is to immediately look like you are falling for the trick ("...mmm, well, yes, thanks a lot, come to think of it I desperately need a new mortgage-insurance special packet..."), luring them into sending you a representative, if possible carrying all the way a very heavy or very cumbersome box / catalogue / documentation of whatever useless crap he's selling (choose accordingly when you order), that you of course wont buy once he finally arrives (you wont even appear at the meeting place for that matter) because you have simply "changed your mind". Don't laugh at them, don't curse them, don't let them understand you are playing with them: just let them convince you to fix a second rendez-vous: drive them nut (and try once more to get some real & working emailaddresses out of them :-).
Believe me, they will hate this approach, especially if you ordered the "megabigasupraoption" of whatever crap they are selling and thus lulled them into being all excited for their "commercial kill", thinking they had finally managed to fish a zombie. La va sans dire that you should choose for these meetings the most inconvenient time for the spammers, picking weird or far away located places (or expensive restaurants :-) where you will anyway never show up.

When you search

Topclick (the 'anonymous' google)
Sort of overstructure to google, they promise [privacy] in various [forms], of course you may or may not believe them... "TopClick does not use cookies or other profiling technologies, display banner advertising, or disclose any personal information about our customers to third parties", which alas seems to imply that they, even without 'profiling technologies' do gather after all "customers" (and information about them) for their internal use... but one thing is sure: since not everybody is capable of learning the relevant techniques on his own there's a big 'market for anonymity' on the web and we'll see more and more services on these lines... good!