Today we start on part 3 of our Photobucket Safety Series. Today we will be focusing on “fuskering”.

We have discussed previously that there are things you can do to prevent your password from being compromised. Sadly however, there is absolutely nothing you can do to prevent fuskering. You can only slow it down.

Fuskering is the action of using a program that can do a brute force search of a directory looking for specific file names. For those who do not know what a brute force search is, it simply means that the program goes through every possible combination of numbers, letters, and symbols looking for a hit. Now lets take an example direct link to an image located in a Photobucket account, www.photobucket.com/username/picture.jpg. This is not the proper form for a Photobucket account but it will suffice for our purposes. This fuskering program will now find the directory your pictures are located in and go through its brute force search to find combinations that will produce a picture. Photobucket makes this easier for crackers by using your user name as the name of the directory it stores your pictures in. There are a few programs available for free that will do this for you. Feel free to download them yourself and try it on your own account to see how secure it really is. Note, I am not condoning using these on other people’s accounts. Please do not do so.

Now the question becomes, “what can I do to protect my pictures?” The simplest one is to not put anything you don’t want others seeing on the internet. Were picking on Photobucket here merely for the fact that it is one of the most popular services out there. Unless you don’t mind others peeking at them, pictures of you naked, pictures of your driver’s license, and pictures of anything else that has sensitive information does not belong anywhere on the internet. If you want to share pictures, carrying around a flash drive with those files on them is much safer. If you insist on storing these online, do not name them something obvious. Files named “sexy1”, “sexy2”, and “sexy3” will not help you. Do not store them in a sub folder named “private.” During a fusker search, finding that sub folder is like hitting the jackpot in Vegas. Instead, rename all of your files and folders with a random combination of letters numbers and symbols. Each file and folder should also be over 6 characters long. By doing so, you make it unprofitable for the people searching as going through about 50 to the power of the length of your filename will take a very long time, days upon days of going through one account. Most people I have come across on those groups are not willing to wait that long. Use this to your advantage.

So as a recap, your private Photobucket account is not really private. Files containing sensitive information do not belong on the we. If you insist on having those files online, name them something difficult to guess. This wraps up part 3 of the series and next time we will go into how those pictures that were censored due to a “terms of service” violation, “TOS”, can be recovered, or “un-TOSd”. Stay tuned.

Today we start on part 2 of our Photobucket safety series. This part will be focused on password cracking.

There are two different passwords attached to your Photobucket account. The first is your main account password. This is the one you use to log into your account and access all your administrative tools such as adding and removing pictures and videos. As with other passwords, this need so to stay secret and secure. Most of us do a good job in this. This is not where the security risk is. The second password that is affiliated with your account is what is called a “guest pass”. This is the password that you give to your friends. It allows your friends to access your account and view all your pictures and videos. Many times, the guest pass is not as secure a password as your main administrative password. It is usually something easy to remember for your friends. This makes your pictures very vulnerable to those who wish to use your pictures against you.

Now that you know the risk, here as some ways to avoid having your guest pass exploited. First and foremost, DISABLE IT! There is no need to have your entire Photobucket inventory available to others. If you wish to show people your photos, simply make a slide show and give your friends the link to the slide show. Second, if you insist on using a guest pass, change it every week or so. This will minimize any damage should your guest pass get into the wrong hands. Also, make sure your guest pass is not a common word. Words like “friends” and your name are the first things people try when attempting to get into your Photobucket. Use a combination of letters, numbers, and symbols in your guest pass. Taking some care with your account will help you keep your private pictures private. Remember, no matter how advanced the security system, it is only safe from people who don’t know the password.

Please tune in next time for part three of the Photobucket safety series, where we will be discussing “fuskering”.

In a recent interview, Peter Hustinx, European Data Protection Supervisor, argues that your IP Address should be considered personal data. I happen to agree.

Organizations such as Google argue that with dynamic IP’s, public terminals, WiFi hotspots, etc. it would be tough to verifiably trace an IP Address directly back to an end user, effectively making their collection of such data a non issue.

Google’s case might have some merit if IP information was being collected strictly for statistical analysis and treated only for the purpose of providing an end user with a unified experience. For example, site operators deciding which language or regional settings to display to their users depending on their source IP. This is a “top level” across the board decision that provides a similar experience to ALL users in a broad area. But, if an IP Address is tracked and logged for Google searches, and other behavior, and based on those results, different content is displayed to that IP, this crosses the line into custom tailored behavior based on past interaction, and in my opinion, that past interaction should be considered personal data, thus be governed by privacy protection laws. In the mean time all a consumer can do is use networks such as tor or other Privacy 2.0 type applications to anonymize their browsing experience.

Here is the interview with Hustinx:

Whenever I bring up the issue of online privacy I typically get the same reaction, a chuckle. Most users, even the relatively tech savvy ones, simply have come to terms with the fact that their online activity is being monitored all the time. Be it by their employers, their ISP, or the government (for those conspiracy theorists out there).

 As a privacy 2.0 advocate, I try my best to set the record straight and educate the public that there are many choices out there to anonymize part or all of one’s online activities. The only downside is, it takes time and technical skills. Just like everything else in life, whats it worth to ya?

In this post I would like to cover Internet Proxies. For those of you who dont know what proxies are, here is a high level explanation:

Internet Proxy

I’ve used several proxy servers, and the one I like the most is Tor.

Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Hundreds of thousands of people around the world use Tor for a wide variety of reasons: journalists and bloggers, human rights workers, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and just ordinary citizens.

The bottom line is, if you’re willing to put in the effort, anonymizing your online activities can help protect your identity and privacy from prying eyes.