Tor Security Guide

From The Hidden Wiki
Jump to navigationJump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This is a Tor security guide for maximum protection.

Homepage

Tho it is plain and boring dont change your homepage from about:tor It will advice you as soon as you open Tor if there is a TBB Update and will keep you ahead of the game. I changed my own homepage before a new TBB was released and didn't find out about the new one until three days later. And from now on i will be keeping my homepage on default about:tor, I advice you do the same and you'll never miss updates.

Blocking Scripts Globally

When you first install Tor Browser bundle, scripts via NoScript are globally allowed. This is very dangerous to your privacy and should be turned OFF. you can right click the no script icon (S icon next to address bar) and select options,in general tab, uncheck the scripts globally allowed tab.

Blocking Embeddings

After you do that, you need to block embedded scripts (which again are allowed by default) click on the S again and go to Options>Embeddings then click all the boxes to forbid Java, Flash, Silverlight, Plugins, <Audio/video>, Iframe, Frame and font-face and click OK

Blocking Javascript directly (about:config)

After you have done this you still need to block JavaScript in firefox incase Noscripts ever fails to protect you, or another exploit comes to light in the future. To block Javascripts in the Tor browser, Type about:config into the address bar, click 'yes you know what you are doing' scroll down (or type in the search box) javascript.enabled and change it to false by double clicking it.

Blocking HTTP Referrer headers. (about:config) (Optional)

Again Tor Project fail to have another security issue off by default. Referrers (for those that dont know) provide information to sites your visiting about what site you came from eg: the full internet address. This should be OFF to protect your privacy. If your not still the "about:config" option repeat what you did to block javascript by typing about:config in the tor browser address bar. Then Look for network.http.sendRefererHeader and double click on it and change the value from 2 to 0. So next time you open up a link, it’ll block the referrer URL to be passed to that website.

Please Note: This is optional, and turning Referrers off may prevent you downloading from some clouds like anonfiles etc.

Plugins/Addons/P2P/Torrents/Webcam Sites

As stated already addons/plugins should be blocked and/or not installed at all. This includes 'DownThemAll' NONE are supported by the TorProject and ALL run the risk of bypassing the Tor Network and accessing the net directly, which runs the risk of leaking your real IP Address. Personally i'd rather slower downloads and no knock on the door by LEA than faster downloads and having my collection taken from me anyways. Also worth mentioning Torrents and all P2P like GigaTribe etc are VERY unsafe and will see you exposing your real IP addresses. LEA head to GigaTribe whenever they want to get easy Convictions (which is daily) so don't be one of them. As for webcam sites people still try to use them to try to get ***** to do stuff on cams for them. All these sites these days are strictly monitored (even text only ones). All the cam sites require Javascript/Flash etc to be installed and ON, so you will be revealing your real IP address if you use these sites. Also many people used to use software like ManyCams etc to display a video onto the cam site that the victim could see, and be tricked into thinking it was who they were talking to. All major cam-sites now detect such third-party software and warn the viewer/victim your using third party apps. As said IPs are logged, you cant use tor securely over them, and old trick methods no longer work, so cam-sites are low results and VERY high risk. After P2P, Webcam sites are LEA's second fav place to catch people and get easy convictions.

Downloading

A lot of people keep asking about the download warning in Tor, when you click to download something your given a warning followed by two options, one is to OPEN the file, While the other is to SAVE it. You should NEVER pick the option to 'open', this would expose your real IP address (not Tor IP) to the website. So ALWAYS select Save and you remain hidden. If you go to TorBrowser Options (by clicking on the top left corner of your browser) Then go to Options>Options>Applications tab you can change the settings automatically. This will prevent you from accidentally opening a file in the browser instead of saving it. Since opening files will expose your IP address, you don't want to make that mistake. And change 'Portable Document Format (PDF)' from 'Preview in tor browser' to 'Save File' and click ok. You could also as the warning message says use a VM such as Tails to help protect your downloads even more.

TorChat

TorChat is a free Decentralized anonymous instant messenger, that runs of course via the Tor Network. No need to sign up or give out personal information or registration process. Its currently the ONLY true anon messenger available and allows private chat and sharing. Torchat has not been updated in some time, so its advised to follow the update advice below after first installing Torchat and every time Tor Browser bundle is updated as well.

The only issues with TorChat is you can't block users - This could be an issue is theres an exploit to this that we dont know about, because someone could try to DDoS the connection. It also allows people who know your TorChat ID to see when your online, that is when TorChat is active at your end. So for extra safety don't give out your TorChat ID to anyone and everyone, like displaying it in forum posts etc. And Don't keep TorChat active all the time, this will reduce the chance of someone trying to work out your country etc from the times they can see your Torchat active.

TorChat Download - https://github.com/prof7bit/TorChat

Updating TorChat

Torchat suggests to all windows users to upgrade tor engine inside torchat each time a new tor browser is released following these simply instructions:

1. Close TorChat 2. Download the official Tor Browser Bundle from Tor Project 3. Extract Tor Browser Bundle to: c:\ 4. Copy: C:\Tor Browser\Tor\tor.exe to c:\TorChat\bin\Tor\ 5. Copy: C:\Tor Browser\Tor\libeay32.dll to c:\TorChat\bin\Tor\ 6. Copy: C:\Tor Browser\Tor\libevent-2-0-5.dll to c:\TorChat\bin\Tor\ 7. Copy: C:\Tor Browser\Tor\libssp-0.dll to c:\TorChat\bin\Tor\ 8. Copy: C:\Tor Browser\Tor\ssleay32.dll to c:\TorChat\bin\Tor\ 9. Copy: C:\Tor Browser\Tor\zlib1.dll to c:\TorChat\bin\Tor\ 10. Start TorChat: c:\TorChat\bin\torchat.exe

Tails

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leave no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

Its an extra layer of protection that a lot of people trust and use, to learn more go to https://tails.boum.org/

Shredding history/cache/cookies and other footprints left behind

I personally use Ccleaner to delete and overwrite such files (there are tons of other programs out there tho) its free and covers a lot of software footprints. If you do use it i would recommend going to Options> Settings then clicking on the drop down menu and selecting 'Complex Overwrite (7 passes)' and selecting 'secure file deletion'. And make sure all boxes are ticked on the 'Cleaner' tab on the main program screen. Tick all boxes on the 'Windows' and the 'Applications' Tab. Then hit 'Analyze and Run cleaner. I would recommend using this before connection to tor and after you left Tor, to wipe all cookies etc. I have also been told about a Add-on if you like, for ccleaner this addon adds 100s more applications/cache/history/log files to ccleaners applications list. I would advise caution when using CCEnhancer tho, its NOT supported by the company that makes ccleaner, so its not beta tested like ccleaner is. And its use may lead to bugs or errors with windows. I would suggest if your not an advanced user then just keep using ccleaner on its own. If you're an advanced user then CCEnhancer is great however not all on the new "application list" are even needed, so please read every application and check that its needed before checking its box in ccleaners app list. Some of the logs are simply screen resolution settings etc, and don't need to be removed to protect privacy and would mean having to set your screen resolution etc on every reboot. So read the warnings carefully.

Ccleaner (for Reg Users)-https://www.piriform.com/ccleaner

CCEnhancer (for Advanced Users) - https://singularlabs.com/software/ccenhancer (Put in same folder as cclearner is in, then click the 'download latest' button on CCEnhancer and then check the new application boxes in ccleaner). Credit to TP @ BV4 for CCEnhancer info.

PrivaZer - https://privazer.com/download.php Compatible with: XP, Vista, Win7, Win8/8.1, 32bits & 64bits only.

Accessing Tor on other devices

People keep asking if its safe to access Tor from phones/ipods and Tablets such as ipad, the answer is No.

Yes there is software that allows you to connect to Tor from such devices, however its not full software and has a lot more weaknesses. Not to mention these type of devices have java and other software that can not be turned off, and well as backdoors and regularly send logs and check for app updates etc, again which have no settings to turn them off. Which mean's its highly likely at some point they will expose your real ip address, and even if you don't have the device registered or not registered in your name, they all send back GPS info to the makers servers. This info is (in most countries US/EU) legally kept for two years, so they know where you go, where you live,work or go to school. So ignore the BS developers who say these Tor apps are safe, because they're far from safe.

Using Public/Hacked WiFi

Using someone else's Wifi connection technically is no less safer than using your own (if accessing both over Tor and following the norm security advice). keep in mind i only mean the encrypted data is no less safer on public connection, not the act of doing it. However I wouldn't advice using public or hacked wifi for the following reasons.

1. The connection would still be encrypted from the wifi owner, but they could still work out where you were from from the wifi signal strength. And they could also know that your using Tor (from the packets) as well as how much data you're using. Which could lead to them investigating you more closely. They will also get your MAC address (Physical Address) of your Ethernet adapter (auto logging process when you access someone else's router), which could be used against you in court, if they ever get physical access to your computer.

2. As said public places have the Public, I read 20+ news reports of people using public or hacked wifi in public places as well as outside someones house (who's had their wifi hacked) and been caught red handed by chance mostly. One guy traveled 40 miles to hack someones wifi late at night in his car to download *****, however his screen was spotted by a dog walker who called police and the guy was arrested. You can never be sure who can see your screen, or who may come up to your computer/ look over your shoulder to get a peek or ask a question.

3. Eyes in the sky is also a risk since most public places these days have a lot of security camera's that are hidden and others in plain view. As well as the public with camera on their cellphones etc, so you can never be 100% sure your screen cant be viewed. Or if someone can take a quick photo proving what you've been up to and using it as evidence against you later or even blackmail you.

4. It came out last year that an encryption company ran a test on computer encryption and basically broke what was said to be the worlds strongest encryption. How? By simply using audio devices to LISTEN to the sounds the computers made while someone was inputting their encryption passphase. Tho this would be unlikely to be used often even with the 100% success rate its claimed to have, and probably only used on terrorists under surveillance. However if you use the same public wifi connections often and have raised suspicion in the past, its possible this new technique could be used against you. Which would basically render even full disk encryption useless. This only breaks computer encryption when inputting passwords for it and do not however break any tor encrypted data traveling over the wifi.

5. Another thing people forget about when accessing someones WiFi connection for illegal purposes is Cell Phones. And you can bet LEA will contact all phone companies to order a list of all phones that where on and in that area at the time (If a criminal investigation is started). Even if a person hasn't registered the phone itself the person can still be traced in many ways. The main being they know and log all a phones movements via their phone signals, they can determine where the person is living from those records alone. On top of that the phone company still retains ownership over the SIM card in peoples phones, so if a person has contacts saved on SIM card, the phone company can send that information back to themselves, thus getting peoples home phone numbers, work numbers etc. As well and more than likely being about to trace how the cellphone was topped up, eg where the person brought the credit from and with what method.. So the key point is don't have a cellphone with you if you use other peoples WiFi for illegal purposes, or if you do turn it off before going near the WiFi area. Keep in mind some older phones don't totally turn off when you switch them off, it's been said some older phone basically go into power saving mode and are still on and check for updates etc. So best not to bring them at all or remove the battery instead.

Windows 8 is not recommended at all!

All Windows 8 machines contain a chip called Trusted Platform Module (TPM), this chip is meant to block access to software and hardware which could be harmful to your system or avoid software conflicts (that's the good news). The bad news is it also allows Microsoft FULL access to every Win 8 machine remotely, the chip cannot be turned off in win 8 nor will a firewall, anti-virus protect your system from Microsoft having full control over your system. Which of course means NSA and alike can also get access to machines/monitor cams, take screen shots and record users, undermine other security programs like encryption. The NSA tried making a backdoor chip, law years ago, meaning it would be illegal to own a machine without such a backdoor chip, however due to privacy the courts didn't allow this law to pass. And now with Windows 8 comes with the chip that does just what the NSA wanted. Its not law that you have to use it, so don't. If you doubt this or think I'm being paranoid have a read of this.

https://rt.com/news/windows-8-nsa-germany-862/

Please Note: If you want to check if your PC has TPM chip you can hold the Windows button and press R. That should bring up the "Run" console. then type in "tpm.msc". Now you should have a form which tells you wether or not you have a TPM installed in your PC. Credit to Raykom @ H2TC for info.


Media Players

When playing on topic stuff in your media player its recommended to be offline OR have that program blocked in your firewall from outgoing connections. Media players have a nasty habit of connecting directly to the internet (by passing tor network). They're normally checking for updates, but can also in some cases send back information including Real IP Address, file names, descriptions, and Hash codes of the files themselves. Some offer free built-in subtitle searches, which basically copy to hash code of the file your playing, send it to their server and they scan it for a match to provide subtitles. However Interpol and other agency's offer some large and small companies lists of all hash codes of known ***** files to Microsoft and alike, and when they do a subtitle search they could also check the hash code of the file your playing against the known ***** hash database as well. Microsoft are already using this Technology to search cloud servers like Skydrive for ***** hash matches, This could apply to all media players not just Microsoft's, so its recommended to be offline or block outgoing connections from media player/s you use for topic stuff in firewalls. If you pick to block the media player instead of being offline while viewing topic stuff on it, don't forget to check for updates for the player (since blocking outbound connections will prevent auto updates).

TOR Exit Nodes

All traffic over Tor is encrypted and ISP's cant see what your doing, however after your requests have been bounced around to the different tor nodes the last node/computer on the tor network your connected to (known as a Exit Node), can see the traffic in plain text. They Do NOT see your real IP address, that is still hidden and was replaced with a tor ip from the first node (on connecting to the tor network you were given). But the exit node can find out where you have been, what sites you have been looking at and if you input usernames/passwords they can see them as well. Some exit nodes have no logs, some however are run by companies and people who actively record/log the exit node data. And of couse it's known some exit nodes are run by Governments around the world. So keep in mind they can see the information you request however cannot see your real ip address. So its advised not to link your tor identity to your real identity, so NO shopping online or logging into your real email accounts etc. As from there they can see the information and link you to your real identity, or LEA can for example request your account information/ip address of the user who owns that Amazon/ebay/youtube/gmail or other accounts. They can only see this information if the connection was not over a https (encrypted), so if there is a second layer of encryption they cant view that information. However its always my advice to avoid using tor even over https connection to access accounts that could possibly be linked back to your real identity.

Update: NSA & GCHQ have broken/cracked SSL encryption used for 'https' connections and can decrypt that data. The information was leaked by Ed Snowden. So again don't mix up personal life with tor life even over https/SSL connections its not safe, and we know this for a fact now.

Cookies - How NSA is using Cookies to Track Tor users ?

Let's suppose that there is a famous online shopping website, owned or controlled by NSA. When a normal user will open that website from his own real IP address, the website creates a cookie on the user ' browser and stores real IP address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - website will read last stored cookies from browser, which includes the user' real IP address and other personal Information. Further website just needs to maintain a database of Real IP addresses against the Tor Proxy enabled fake IP addresses to track anonymous users. More Popular the site is, More users can be tracked easily. Documents show that the NSA is using online advertisements i.e. Google Ads to make their tracking sites popular on the internet.

How you can avoid Cookie tracking ?

One browser can't read the cookies created by other browser (As far as we know at the moment but this may change in the future, or become public). So Don't use Tor on the same browser, that you use for regular use with your real IP address. Only use the standard Tor Browser Bundle instead for Anonymous activities. You should always clear the cookies (with ccleaner or alike) after you’re done so any stored information, such as login information – will not be stored on that computer. If you're doing something very interesting, you should use Tor on a virtual machine with the live OS so that cookies and cache and other OS data are dumped when the machine is closed.

Tor2Web

Have seen this talked about a few times so to remind people about the risks of this. Tor2Web is basically a clearnet site/service that gives non-tor users access to Tor hidden services from a normal browser. However just to remind people this site gives no protection whatsoever to visitors, your accessing on clearnet so your ISP can see everything you do (which is legally logged for at least two years). No encrypting connection is given to visitors and the site doesn't even have a privacy policy in place so you don't even know if they themselves log searches. However they do give the following warning : WARNING: tor2web only protects publishers, not readers. As a reader installing Tor will give you much greater anonymity, confidentiality, and authentication than using tor2web. Using tor2web trades off security for convenience. I suggest following their advice and ONLY access tor services on Tor/TBB itself, for protection against logs/ and prying eyes from tracking cookies and ISP's/LEA.

VPNs/Proxies services (non-Tor)

A virtual private Network (VPN) service basically are meant to do the same job as tor but offer faster speeds (normally), they're job is to replace your IP address with one of their own and encrypt your connection. The very important difference with VPNs vs Tor is that VPN know your real IP address, Tor does not. VPN's are required by law to hand over your information if demanded to do so by the courts. VPN services are also required by law in most counties to log users data, just like other ISPs are for currently a min of two years. So you see using VPN's for illegal purposes doesn't work as you would think. Some VPNs try to hide they keep no logs by saying 'We hold no content logs', content logs are basically all the URLs you visited and data you uploaded and downloaded while using the service. LEA don't need 'content logs' all they need and want are you persons IP address, and IP addresses are logged by law and not part of the 'content logs' the VPNs refer to. So they will and do mislead paying users, even lulzsec members (hacking group) got busted because they too trusted a VPN called 'HideMyAss'. 'HideMyAss' also claimed to have no logs, after they handed over IP addresses to the UK police who then handed over the data to the FBI, this VPN admitted it legally still had to keep ip address data. Some will also mislead people by saying they use IP-sharing services, meaning 10-30 customers will be given the same VPN IP address at the same time. And the VPNs that use this claim this will protect the users, because LEA may come to them and say for example this IP address was downloading ***** on this date and time. And the VPN then can say well 20 people where using that same IP address at the same time, so we don't know which one was downloading the *****. However LEA can then simply legally order all logs for those IP addresses on the list that shared that same IP connection. From there they can then match other ***** downloads at different times and see which real IP address keeps coming up on the list of people using the VPN to download *****. So basically it may take LEA a bit longer to work out but even if the VPN uses shared ip-address services the people behind them can still be found out. So Tor is still your best bet for the reasons given, some people may use free VPNs AFTER connecting to tor, which means the VPN only ever gets your Tor ip address and since its free it holds no subscriber info as well. Keep in mind if you use tor with other proxies/VPNs then your connection speeds will be slower tho. NEVER trust VPNs or subscribe to them or connect to them before connecting to Tor. Some VPN services now ask for min details or even fake name, address etc and offer payments via Bitcoins etc. Again this is misleading since yet again they will and do by law keep your real IP address on record, which is all the LEA normally need or want to locate the person under investigation.

Spyware/Malware protection (Windows Only)

Of course you should have an anti-virus and firewall product updated and installed on your system, but as an extra layer of protection you should always have and use at least one spyware scanner program. I cant recommend software for other operating systems because i dont use them so wont recommend something i havent used. However if your not using windows i'd recommend doing a search yourselves and see whats out there for your operating system. As said spyware scanners are an extra layer of protection and often find things that could be a threat to your privacy that a AV product wont. If your only going to use one I'd say malwarebytes is currently the best free anti-malware product available for windows at the moment. Spy-Bot used to be the best years ago and i used to love it, however since they started doing a paid for version as well as a free one, the free one is more bloated and doesn't ofter the same detection rates it used to.

Malwarebytes Anti-Malware - https://www.malwarebytes.org/downloads/ System requirements: Windows 8.1®, Windows 8®, Windows 7®, Windows Vista®, Windows XP® (32-bit, 64-bit)

Spybot - Search & Destroy - https://www.safer-networking.org/mirrors/ Available on Windows 7/8/Vista/XP

Please note: You should use any spyware scanner while Offline, just in case they ever start searching for MD5 ***** ***** matches in the future. Always backup registry before removing suspect files with anti-malware products and send items to Quarantine instead of deleting suspect files. Spyware scanner's do often result in a lot of false positives, so you may need to recover files that may have been ID'ed as Malware by mistake. So always use caution when using products like this, just as you would with registry cleaners and alike. Also if you use keygens or hacking software (port scanners etc) just like AV software spyware/malware scanners will normally flag/give false positives for such software/programs.

Encryption

In this game Encryption is a must! I would recommend Truecrypt to encrypt your Whole hard disk. Truecrypt doesn't offer full disk encryption for Linux only containers, in which case for Linux users use Linux Unified Key Setup (LUKS) instead for full encryption. Full hard drive encryption will encrypt all files on your HDD (doh) but that also includes all deleted files as well. If you have files deleted that were not shredded/overwritten before installing turecrypt then you need to run the 'free space' shredder option. This option will come up during the encryption process when using the program to encrypt your drive for the first time. There are step by step instructions how to use the full disk encryption on the net. Again full disk encryption can be used to encrypt everything including any footprints/history/cache etc (which is good), some people only bother to use encrypted 'containers', which will NOT encrypt logs and other footprints by itself. Personally I use Truecrypt full disk encryption and also have encrypted container with my topic stuff in it, two layers of encryption is best.

Update: Leaked by Ed Snowden that Both NSA & HCHQ have broken 'https' SSL based encryption used for banking/shopping/clouds/mail sites. It's also possible they have broken TLS based encryption (used for tor connections). But if they have broken internet connections encryption its also possible they're trying to use the same methods to break AES encryption. AES is used with all major encryption packages including truecrypt, given this information i'd advice anyone who has encrypted their drives with AES-only encryption to change the type of encryption used as a precaution. Truecrypt and alike allow you to use different types of encryption when encrypting drives, at the moment the combo of AES/Twofish-Serpent Algorithm is probably the strongest to use. Keep in mind if you do opt for combo algorithm then its safer, however the read/writing of that disk will be slower since it has more work to do by encrypting/decrypting data (which is why most just use AES because it was strong years ago and fast). Also that even if they could break AES as well as SSL (which has not been confirmed nor mentioned by Snowden), I doubt they would use this crack very often against AES. I'm guessing like with other things, this would only be used against top level targets like drug lords/ other counties communications or terrorists than us, to prevent public knowledge that they could break AES. (Information pre-dated Heartbleed bug going pubic by at least 3 months).

Windows Users Only - Truecrypt's homepage is https://www.truecrypt.org Download version 7.1a from TC fork project after TC site stopped the project (Do NOT download version 7.2 from TC site its a suspect decryption version only) 7.1a is and the bottom of this page - https://truecrypt.ch/downloads

Linux Users Only - Linux Unified Key Setup (LUKS) - https://code.google.com/p/cryptsetup Credit to Prince@H2TC

Mac Users only - Currently unavailable, TC doesnt offer full disk encryption to Mac users only unsafe containers, and LUKS doesn't work on Macs. So without an open source full disk encryption software available to Mac users it's unsafe.

Also a side note there is only one loophole in Truecrypt, and that's one option is not on as default. This can be manually changed/corrected in seconds. After installing the prog and installing the full disk encryption, click on the Truecrypt icon task manager click on Settings>Preferences then tick the boxes 'user logs off','Screen Saver is launched' and 'Entering Power saving mode' and click ok. This now means that truecrypt will also encrypt/protect the hibernate file (which could store/leak passwords).

EDIT: Windows Hibernate file can save things in memory like passwords and usernames (even TrueCrypt password) to the hibernate file in plain text (unencrypted). You can turn the Hibernate file off in Windows altogether for extra safety. Press Windows button then type 'cmd', cmd should pop up in the programs list then right click it and select 'Run as Administrator'. Then type 'powercfg /hibernate off' this should turn the hibernate file off, Credit to TP @ BV4.

Bitcoins

Bitcoins etc are meant to be an anon way to pay for services and are used regularly by people all over Tor for sites/services like Silk Road. Please keep in mind Bitcoins are NOT truly anon currency and there are indeed ways to track transactions. Bitcoins like all the e-currencies have public records that shows people what address/account number holds how many bitcoins, and this public record can be followed by LEA etc to the time you payout the coins into a bank account.

Bitcoins are also regularly targeted by hackers and indeed bitcoin banks themselves have been suspected of just stealing the coins they where meant to be looking after. Bitcoins are not backed by any governments, so they're not insured like normal money is in banks and such. So once stolen, that's it you lost your money.

There are "services" on Tor that offer to Launder your coins for a fee, these services can also just steal your coins or take a cut for their 'service' and give you back the same coins without laundering them at all. So use them at your own risk.

Image Metadata/EXIF Removal

For anyone producing original images or videos one of the post-process jobs you should carry out before uploading/sharing them is to remove metadata. Metadata can include clues that could help LEA in trying to track down people, even to the point it leads them straight to your door. Metadata in images contains the make and camera model, date the image was taken, the software used to edit the images, with videos it can also include the language version or editing software used. And by far the worst is GPS location data, being included in images metadata taken with internet accessing devices such as cellphones. We've seen so many producers spending years being careful what they say and do only for them to share a few images they took on their IPhones that included GPS data. And remember this is not only important to producers, i recently saw a tactic used asking for *****s to post dick pix of their own dicks. Again NEVER forget to remove metadata from images shared even if they're only of body parts of yours or *****. Its a common LEA tactic to ask for dick photos of *****s on Tor, and thats the reason why. They hope you will take an image on a cellphone and will have GPS data embedded within the photo that you share with them, and thus being traced.

There are many programs that will remove metadata just listing one as an example - xnview - xnview.com

As for video recording its harder to remove their more hidden metadata because there is currently no set standard with dealing with video formats metadata. But that data can be very revealing as well and can include language information about the editing software used, as well as the date of creation listed within the data. And if downloaded of places like Youtube etc youtube embed their own unique ID within videos that are uploaded, so that they can be tracked. The only current way i know of to remove video metadata is to convert the videos file format, which wipes the metadata clean.

Mediainfo is a little program that will give you access to most of the embedded metadata within video (but wont let you change it) - www.mediaarea.net

See Also