Reverser's anonymity lab
(Reverser demonstrates that you must be careful)
Every web step leaves traces
On the web "nomen est omen"
On this page
Visitors tracing |
Data smearing |
Anonymous web searching |
Anonymous web surfing |
Anonymous web publishing
Anonymity essays |
Some other links
Other related pages of my anonymity Lab
[What Reverser knows about you]
[Tweak your browser!]
[things that happen]
Guess which URL will this link connect to :-)
Version September 1999
The main intent of my 'Anonymity Lab'
The main intent of this section of my site is to SCARE YOU TO DEATH about the huge
amount of data and private information33 you are 'smearing' around without even knowing it.
Tears fill my eyes when I see so many good and nice Internauts fall prey of crooks of all
sorts (from nasty software producer like Micro$oft, who hide snooping secret functions inside
their applications, through the main search engines you use, that gather your searching patterns and store
them without warning you to the outright 'dirty' crooks that search and lure gullible simpletons in order to
sell them fake religions or fake tits or whatever fake they have to push). Matter is that the NASTY aspect of
this nether world of us is never enough explained. There is no law here. Only reversers, like we are, can eventually help the gullible and simple ones (and damage the crooks, which is great fun :-)
We fight of course more 'active' battles, as you'll learn on my [antismut] section, yet even the simple spreading of 'passive' knowledge can be very useful (knowledge, as Master +ORC has always said, is indeed a most powerful 'good' weapon), and we help, in this section, throwing our
light on some of the 'hidden', 'dark' and 'mysterious' aspects of the Web.
You'll learn here some must-know anonymity concerns and some elementary counter-measures, yet,
as you will see, the data you are leaking around are so many (and so valuable) that there is
not really much that you can do, short of going undercover
with a completely bogus identity... which is something that you will probably want to do
after having read all this :-)
Where d'you wanna go, bud?
Wanna [trace] your visitors or learn how much
info you are [smearing] around?
Would you like to [snoop] their
profile or [search] anonymously on the Web? You may
even get acquainted with some [cookies] little tricks
or [lure] your enemies into a trap. If you do not
understand much, you better read first just how many
[traces] you leave
when you browse and how you can simply [send
on the web... you'll understand all the rest later.
There are also some [Anonymity essays] that
you may find interesting, and of course you may enjoy the [Ah Ah! Die cookie die!]
section of this page as well :-)
Else you may enjoy having a look at some
[things that happen].
No anonimity, I regret
This section of mine about the traces you leave on my own servers
was growing bigger and bigger and has been
moved to my
What Reverser knows about
page, where all (scary) tracking possibilities used today
will be discussed and some countermeasures will be analysed.
You leave traces, I said
Ahi! Your precious data!
The harddisk problem
Some of the files that are on
your computer (and that recent browsers can send over the Net WITHOUT
telling you anything about it :-) might become interesting for adversaries,
or the plain curious, or the bastards that want to sell
you beer, or tits, or religions or cars:
Contains details of the locations of many
important things on your computer system, among other things, the PATH variable
will show where are your tools.
Contains still more details about the locations and
software that you are running on your system, as well as other personal things
that might be helpful for rogues to find out - like preferences and the like.
(On my computer, right now: 286692 bytes as c:\windows\user.dat
and 286692 as c:\windows\user.da0, which is created as 'reference' when you
set your computer on).
This is one mighty important file. You better be prepared to
get some cheap thrills about this one...
if you did not already know about it.
Inside this monster there are
masses of data about you: the last few dozen places you've visited on the
Internet, your name, email address, telephone number, various user ID's and
passwords, details about software you use and your preferences, locations of
files and folders, and literally hundreds of other personal things.
You don't believe me? Here are some (very small) snippets from
my own user.dat
000A0030005374617274205061676568 0 Start Pageh
000000000005003F0075726C31386874 ? url18ht
6963612E616E696D65180100004B0002 ca.anime K
There you are with your privacy concerns: your starting url,
all the files/urls you accessed (above you can see as 'url 18', that I
downloaded smpexe12.zip from
pipeta) and even
the very unencrypted names of the usenet groups you have been
playing with lately...
YES, I wanted to scare you,
you better have a look at your own user.dat asap, btw, make a local copy of it
(from your c:\windows\profiles\Yourself) and browse it using Ultraedit.
You'll be amazed at the wealth of information about yourself that this huge
database helds... among other things all the search strings you have recently
So, what can you do?
Not much, anyway you can try: First make a backup of your
"real" user.dat, and call it
ggs541.myn or whatever, just in case.
Second see if you find somewhere a "clean" installation user.dat (usually -on
corporate machines- under /windows/profiles/instw95 or
similar)... you may 'steal' a ready made one from some other machine or profile (you better
choose wisely :-)
Third, after having thoroughly checked everything inside it,
case, substitute routinely your
real one with this 'bogus' and 'clean' one.
Don't let your data slip anew! You better write a simple batchfile (see
survival tricks page) to automate this tedious task.
(On my computer, after the 'cure': 86168 bytes as c:\windows\user.dat
and 65688 as c:\windows\user.da0, which has been re-created as 'reference' after I
have resetted my computer on).
Of course you may not dispose of a clean user.dat file and you
may have to reinstall windows ex-novo in order to get a
would not be such a bad idea after all! Nothing like a nice hard-disk "deep
level" formatting every
couple of months to keep your harddisk fit, destroying as well all
those tracks you are smearing around without noticing it :-)
Morale: keep your
sensitive data ON THE WEB somewhere where nobody in his right mind would ever look, nor
understand them even if he did (say
steganographed inside the dull images of a bogus page like "me and my little
dog Barkie" :-) they will be MUCH more safe there than inside your own harddisk!
(On my computer, right now: 748252 bytes as c:\windows\system.dat
and 748252 as c:\windows\system.da0, which is created as 'reference' when you
set your computer on).
Even worse than the above! Once again, lots more
personal details, including also the location of all your windows passwords
(login, screen saver, network, LAN, etc), every conceivable thing about
your computer, its hardware and setup, and full details of all the software
you're using or you have ever used (!) on your computer.
You'll notice perusing this little monster
the huge amount of wasted bytes occupied by Micro$oft's converter strings and
messages. If you ever wanted a clear example of the 'messiness' of the poor
operating system we are all compelled to use, just look at your
c:\windows\system.dat overbloated register.
Note also that there is a section of this crap (install information section)
where you'll have the surprise to find the NAMES of all applications you
have installed in the last couple of years (at least :-) on
your computer... I have perused it right now in order to write this text, and I
constate with stupefaction that I must have in fact installed and/or run
on this machine -quite sometime ago- an impressive lot of crap
that I had already forgot I ever had:
AW.EXE AWUSRFNC.DLL BD.EXE BD.ADV BLADE.BAT
BLADE.DAT BIOFORGE.EXE KEYCODEE.DAT BO.BAT BO1.EXE
C.BAT MISSION.DTA CAPHILL.BAT CAPHILL.GL CARPET.EXE
BULLFROG.LBM CCHELP.EXE CCSETUP.EXE CKTEST.EXE CKTEST.HLP
CHECKIT.EXE CHECKIT.CNF CL.EXE QLIB.EXE COASTER.EXE
COASTER1.RSC COMANCHE.EXE MISSION.DTA CR.BAT JIGGSBIG.ANM
CPAV.EXE CPSCHED.EXE CPBACKUP.EXE CPSCHED.EXE CYCLONES.EXE
DEARJ.EXE DEAD.EXE DEADDEMO.DAT DEMO.EXE DFDEMO.BAT
DFDEMO DOGNAPP.EXE GAMEMAPS.RR2 DS.BAT TOSTEXT.BIN
DS.EXE NDD.EXE DRACULA.EXE SETDRAC.EXE DRAGON.BAT
DRAGON.EXE DL.EXE DL.EXE DRAGON.EXE ELFISH.EXE...
And there are more and more pages of software denominations I will not annoy you with, and
a couple of surprises:
I for instance absolutely DO NOT remember having ever installed anything
it really beats me what the hell that's supposed to be!
(of course -cela va sans dire- all those other games have been installed only in order
to study their protection schemes... :-)
Located by knowing your username, or by looking up the
above file. Inside here are all your passwords. These are easily decrypted
(if necessary) on any laptop with SAVE-TO-DISK features and a disk editor.
All the data inside every Netscape form you've
ever submitted, with and without SSL, when the submission failed or was
- Inbox, Outbox, Sent, Trash
A complete copy of all your
incoming, outgoing, sent, and soon-to-be-deleted email. All in plain text
without any encryption. I hope you're using PGP ! (I do not, because even
that will not always work, see below)
- SECRING.PGP, Secring.SKR, .ASC, etc
Your secret keyrings, if
you do happen to be using PGP! These are protected by your passphrase, so I
hope you've got a realllllly long one, and it's not something any average
cracker will be able to pick,
and you're not running any keypress macro recorders or typing sniffers,
and you've not got any Trojan Horses or Password Targeted Viruses
off your passwords and passphrases, and you trust all the software you run on your PC, even
Micro$oft's recent "on line sniffing programs"
- MsWord, Excel, Access, PowerPoint
All these programs, as well
as windows itself, cache the filenames of the most recent documents you have
been working on. This leads any attacker directly to your recent work!
One for the Unix folk. Running a cracking probe
against this file will usually reveal dozens of usernames and passwords to
anyone who wants to play with you or your users.
- mm256.dat and mm2048.dat
See the specific page about these two
monsters that are haunting your own
computer (5 megabytes of concealed activity!)
Wanna have some "fun"? Type the following inside your Netscape URL window (Location):
about:memory-cache (you'll see the memory cache)
about:image-cache (you'll see a list of the cached images...)
about:global (you'll see global history entries)
about:cache (you'll see all disk cache statistics)
about:document (you'll get a new window with info about the current document)
You are being cracked
Have a look at DejaNews there you'll quickly discover
how many indications about your interests can be gained by EVERYBODY just
checking your usenet comments and mail (another good reason to use ALWAYS
this is really scary! Looks like the ideal playground for "blackemailers". All
the search engines are slowly building huge databases with your preferences, they also
react immediately to your search patterns... if you search for "tits" on
Yahoo, you'll get some hideous pub about (not free) smut-services, if you
search for "job", you'll get
some hideous pub about (not-free) career services... do you really believe that
all these data (about you) will be ever erased?
But we can try to 'stalk'
Dejanews... have a look
How to search anonymously
All the main search engines KEEP TRACK of your search strings and of your
activity. There are on the web (very interesting) "search strings depots", listing
the most used search strings (yes, you have guessed it, they are mostly sex-related)
and you can even see 'on-line' the search actions performed by some users (on
some search engines) that do not know that you are 'watching their search' while
they perform (and refine) it... this is great fun. Another way to get at the search
strings that people use (which may be very well thought little masterpiece of 'exact'
searching, useful to learn the difficult art of searching correctly) is the "klebing"
method, explained elsewhere on my site.
As I have already explained in my "how to search" lessons, search engines
are only ONE of the search strategies and approaches you can use. Yet their importance
cannot be underestimated (that's the reason more and more search engines are popping
up like fungi nowadays) and you better learn how to defend yourself from their tracking
mechanisms. You should always try to use a dynamic IP (like compuserve or
aol: your IP address and host name should always be the more anonymous and "neutral" you
can get, if possible without any 'national' tag as well... see below Lord Caligo's
lesson and my comments on how to get 'bogus' IP-dynamic host names :-)
Anyway, for the more paranoids (or the more careful) among you, here is a link to
the anonymized Altavista
(Courtesy of reverser+... do not leave your tracks around!)
Of course no real anonymity section would be complete without an explanation of
the above anonymizer...
Crack the tricksters
You better begin to surf the Web anonymously if you want to be an
"old" cracker. The anonymizer will
allow you to do it whenever you feel like it. You actually do not need to visit
the anonymizer page: just remember, when
you smell a rat, to precede the *exact and complete* http://... address you
want to visit, writing
(even per hand in the "address" field of your browser)
before it. The spiders will then track your visit as "niobe.c2.com", or
something similar. Are there other "...:8080" URLs that allow this kind of
anonymity? Yes, many server (even if
they do not realize it), just find yours if you do not trust the anonymizer
(btw, :8081 works
as well, only with less "concurrence" :-)
I'm sure you'll appreciate
the fact that you
may nowadays telnet using a fake proxy! Indeed
there exist now a "Java Telnet Proxy Server"
that will allow a telnet applet connecting with any server on the Internet!
Here it is at
And you can even choose the port!... Your little cracker's heart understand what this mean
as I do, don't you? (and even if you don't understand now why this is
QUITE important I'm sure you will in due time :-)
Back to the top of this nice page
Cookies (and crookies :-)
Crack the browsers
We live in a world where software (and hardware) developments are neither
documented nor care to tell their user what's really going on under the hood (and under the
hoop). Still not convinced? You still believe that the society you live in cares from
something else than pushing you around along paths and patterns you are not even
supposed to see? Well, if it is so,
cookies may represent a very instructive example for you.
The Jar for your cookies
Use Netscape, like all sensible reversers do, DO NOT USE MS-Explorer: Micro$oft's Trojan Web_horse does not allow you to see its own traces, it's terribly slow in all its version, it is even more bugged
than Netscape's Navigator (how they could pull even more bugs than Netscape really beats me :-) and, globally, Micro$oft's products are only good for lamers and people that has been brain-washed by frills and advertising, as you'll learn perusing the material inside +HCU's project 9, the "Micro$oft bashing" project.
So use your good, relatively old and relatively stable Navigator version 3, that you may merrily reverse (in order to use its hidden functions to your advantage) using the material inside
+HCU's project 5 that deals with Netscape cracking (and the
many 'surprises' that are hidden inside the browsers you are using.
start your "cookies discovery" trip! You'll quickly see how very simple cookies (and there are much more nasty things
some eggs inside your harddisk (inside your "cookies.txt" netscape file).
the *FUTURE* of reverse engineering.
So study them.
Here is the coveted entrance to my cookies (and robots) pages
WARNING! Some of the cookies and of the secret robots pages
MICROSOFT EXPLORER HOSTILE
You may of course use Netscape,
if you want (Best version is version 3 NOT version 4),
but if you want to browse with a fast, complete and agile
application (LESS than one million bytes! MUCH more fast and MUCH more
configurable than the overbloated duo), you
better download Opera
right away... you'll never go back to the big Browsersaurii!|
Anyway I'm warning you: don't use Micro$oft's puke on my site!
(Watch it! Some pages just "play" hostility, some
are seriously hostile, so: don't complain
you have not been warned! :-)
Click on this to see three simple anti Micro$oft
BTW, you may like to know already now which kind of cookie my pages will
plant inside your computer, don't worry, it's an harmless little thing and
looks like this (you may check later):
/fravia FALSE 872928000 fravia_cookie_noanon_page 1
Ah Ah! Die cookie die!
As you (should) already know, the best way to eliminate once
for all any cookies planting possibility is to create a directory
cookies.txt inside Netscape's directory
(where the file cookies.txt originally is). This directory
will get a GREATER priority than the targeted file, and all cookies will
be therefore sent to dev null. Ah Ah! Die cookie die! Once you have
created this new cookies.txt directory you may
quietly reset "Options"/ "Network preferences"/"protocols"/"show an alert before
accepting a cookie" to NO, in fact the sites that you will visit will "believe"
that they planted their silent cookies in your hardisk, and let you through without
delay, yet you will know that no cookie whatsoever has been planted. Ah Ah! Die cookie die!
Let's find out who
Crack the enemies
Internet Address finder
You may want to have a look at my counter measures page or, more directly, at
my enemy tracking page, or, for some other funny
tricks to my corporate
survival tricks page in order to
grasp even better some useful techniques and approaches, yet you'll find tricks all over my site, for instance
on the links page, and of course on the search
engines page and inside all my "how to search" lessons.
Common tricks to lure wannaby anonymous
Crack the lamers
A common (in our trade) trick to lure wannaby anonymous surfers
is the "fake page" trick: here is
it is (courtesy of reverser)
1) set up a page which is not connected with any other page
2) put some goodies on it that the target needs badly
3) write (remailing) to the target and tell him to download the goodies
4) target downloads... he will be one of the very few(*) that your spiders
will track on the "fake" page in the following days
(*) Yes, he will not be the only one... somebody
else will nevertheless come and visit your "secret" page:
1) a robot i.e. an automated spider
looking for pages or information, logging, for instance, from Yahoo, but could also be private
(the older ones use funny spiders, BTW) mostly these spiders are simple
automated "logging in" from a
remote server... and yes! There are ways to "catch" them and "reverse
engineer" the kind of info
they are carring away: Master +Alistair has long ago promised a tutorial
on this strange art, let's hope
he'll write it asap :-)
2) a seeker (these are the guys that always check the full
directory of a URL location just in order to find
hidden pages there, simplest way is to use a /.rt command), or
3) the server administrator slaves.
But these few occurrences apart, you'll get a lot information about
your "anonymous" target (or your enemies will, if *YOU* are the target)
The Anonymity Essays
Reverser's Anonymity Academy
Well, this new section begins with some very interesting essays
by our colleague and friend LordCaligo, I hope to receive more contributions
from all the
anonymity wizards among my readers... else I will start writing and adding some
new essays myself... in the mean time you may also find interesting my
how to search the web lessons, where
I discuss subjects like 'combing', 'klebing' and automated retrieval of information through
intelligent agents, all matters which may be
quite relevant for anonymity purposes :-)
FAA: PHASE A by LordCaligo, 8 November 1997
How to create a
webpage with controversial contents
FAA: PHASE B by LordCaligo, 21 November 1997
How to have
free access to the net by fake-accounts
FAA: PHASE C by reverser+, 15 June 1997
hidden files inside your own computer
First essay: What's behind Micro$oft's mm256.dat and mm2048.dat files?
FAA: PHASE D by MML, 23 September 1997
Reversing Governmental Polices:
Internet access for the masses
Get access passwords sent to you and browse anonymously
FAA: PHASE E by -the_gonz, 25 November 1998
An easy way to stop the guys (from Redmond) to
snoop data inside your harddisk
An hardware attempt
for more safety while you´re out on the web
FAA: PHASE F by a295225(at)hotmail, 25 June 1999
Better E-Mail Anonymity
The basics of SMTP and telnet used to explain how to enhance anonymity
FAA: PHASE G by +Zer0, 24 September 1999
Making an anonymous mailer
Messing with data structures
Wanna check the nice URL below? (Discover Janus' services...)
How to mail anonymously:
How to post anonymously:
How to surf anonymously:
How to publish anonymously:
How to search anonymously:
Privacy on the web, never ending links
I will remind you of THREE useful digests related to privacy (and general
interesting reversing things :-)
* The RISKS Forum is a MODERATED digest. Its Usenet equivalent is
comp.risks. Peter Neumann of SRI International is the moderator of
this excellent and renowned Internet digest.
Read RISKS as a newsgroup (comp.risks or equivalent) if possible and
convenient for you. Alternatively, via majordomo, SEND DIRECT E-MAIL
REQUESTS to <email@example.com> with one-line,
SUBSCRIBE (or UNSUBSCRIBE) [with net address if different from FROM:] or
INFO [for unabridged version of RISKS information]
The INFO file is also obtainable from
ARCHIVES are available: ftp://ftp.sri.com/risks or
* The PRIVACY Forum is run by Lauren Weinstein. It includes a digest (which
he moderates quite selectively), archive, and other features, such as
PRIVACY Forum Radio interviews. It is somewhat akin to RISKS; it spans
the full range of both technological and nontechnological privacy-related
issues (with an emphasis on the former). For information regarding the
PRIVACY Forum, please send the exact line:
as the BODY of a message to "firstname.lastname@example.org"; you will receive
a response from an automated listserv system. To submit contributions,
send to "email@example.com".
PRIVACY Forum materials, including archive access/searching, additional
information, and all other facets, are available on the Web via:
* The Computer PRIVACY Digest (CPD) (formerly the Telecom Privacy digest) is
run by Leonard P. Levine. It is gatewayed to the USENET newsgroup
comp.society.privacy. It is a relatively open (i.e., less tightly moderated)
forum, and was established to provide a forum for discussion on the
effect of technology on privacy. All too often technology is way ahead of
the law and society as it presents us with new devices and applications.
Technology can enhance and detract from privacy. Submissions should go to
firstname.lastname@example.org and administrative requests to
email@example.com. (For example, vol 13, issue 031, 23 Dec
1998, has a long item on random credit-card fraud via small charges.)
There is clearly much potential for overlap between these digests.
Other related pages of my anonymity Lab
[What Reverser knows about you]
[Tweak your browser!]
[things that happen]
antismut CGI tricks
Is software reverse engineering illegal?
(c) Reverser, 1995, 1996, 1997, 1998, 1999.
All rights reserved, in the European Union and elsewhere