from the article:
Although xHamster is a free porn site, users can sign up to create personal favorite collections, post comments, or upload their own videos. According to the xHamster site, over 12 million people have signed up for an account.
I checked their sign-up page to find out more, they tout the reasons for signing up as: commenting, favouriting videos, viewing private content and being able to upload your own content. The article also lists these pretty much verbatim.
Supposedly there are almost 13m accounts on the site, I would expect at least some of the accounts which have uploaded personal content could be valuable for extortion. Even without having uploaded content a profile of someones porn habits could be used for blackmail.
I m sure there are a ton of throwaway emails, names and such. There are a lot of people surfing porn on the web and many remain anonymous. The problems come up when billing is involved, they need to reveal their true identity.
I agree, in the end probably everyone is identifiable and it depends on who's after you. I meant it on a more "superficial" level eg. them not having your clear plain personal data.
That makes sense. But I do think we use the word 'anonymous' too often when we talk about the Internet, and it leads people to believe, falsely, that if they don't log in to a website then no one ever knows they've visited.
Quite the contrary. Imagine, as someone mentioned elsewhere in this thread I think, if the adtrackers got hacked. What might it reveal about you?
If someone threatened to email your boss your entire browsing history, how much would you pay to prevent that?
What if it was being sent to you wife? Your mother?
What if it were being broadcast to the world at large?
These hacks are a dime-a-dozen. Everyone sees Ashley Madison hacks or xHamster hacks and thinks, 'well that's not me. I don't go to those sites.' But it very well could be you. Or worse, someone could falsely claim it was you...
hell we don't even know if the referenced email accounts were stolen or not. The article says the addresses are "military," but we have no idea how securely the affected branches treat their accounts. They could have default passwords which were never logged into by the original owners.
I am not aware, does xhamster require confirmation of the email address before using the account? That might also be a way to sign up using someone elses email.
This is a good point. One year the military healthcare company was hacked 2-3 times. Imagine all the information the govt makes you fill out to do something simple, how easy it would be to hack an email account knowing all the info you need for medical services.
When attacking an IDS, especially a signature-based one like Snort, my first move is always to overload the network engineers with so many bogus attacks that they can't locate the true vector in the giant haystack.
One can use the same strategy against this type of snooping. Maintain multiple Facebook accounts in one name, some conservative, some liberal, some radical, some tame. Have a bunch of accounts in legal but embarrassing places. Report your location at several places at once. One could even so far as to start rumors about oneself.
Put that much chaffe up in the air and sorting the true from the false would be almost impossible.
Well, yes. If you're saying anything important at all, make sure to say it multiple times from opposing viewpoints. Your best argument will carry the day anyway.
Of course this is a "break glass in case of emergency" type countermeasure, probably most useful in a nominally liberal state that starts to drift away from civil rights.
22 comments
[ 3.3 ms ] story [ 55.2 ms ] threadSupposedly there are almost 13m accounts on the site, I would expect at least some of the accounts which have uploaded personal content could be valuable for extortion. Even without having uploaded content a profile of someones porn habits could be used for blackmail.
People who are not aware of the risks, they also happen to be the most vulnerable targets (extortion for example).
I don't think these people were unable to use any other email address if they were paying members. Unless they linked their bank to their work email?
Quite the contrary. Imagine, as someone mentioned elsewhere in this thread I think, if the adtrackers got hacked. What might it reveal about you?
If someone threatened to email your boss your entire browsing history, how much would you pay to prevent that?
What if it was being sent to you wife? Your mother?
What if it were being broadcast to the world at large?
These hacks are a dime-a-dozen. Everyone sees Ashley Madison hacks or xHamster hacks and thinks, 'well that's not me. I don't go to those sites.' But it very well could be you. Or worse, someone could falsely claim it was you...
I am not aware, does xhamster require confirmation of the email address before using the account? That might also be a way to sign up using someone elses email.
One can use the same strategy against this type of snooping. Maintain multiple Facebook accounts in one name, some conservative, some liberal, some radical, some tame. Have a bunch of accounts in legal but embarrassing places. Report your location at several places at once. One could even so far as to start rumors about oneself.
Put that much chaffe up in the air and sorting the true from the false would be almost impossible.
All hacking is war, and all warfare is deception.
It would be easier to do this with Twitter when it is not expected that you would know the people you follow IRL.
I don't want to update my one blog weekly and here you're saying that to be secure you need to maintain 12.
Of course this is a "break glass in case of emergency" type countermeasure, probably most useful in a nominally liberal state that starts to drift away from civil rights.