this post was submitted on 15 Dec 2024
183 points (98.9% liked)

chapotraphouse

13610 readers
855 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Slop posts go in c/slop. Don't post low-hanging fruit here.

founded 4 years ago
MODERATORS
 

Hexbear started during the 2020 BLM protests, where cops were using social media and internet presence to track down activists. They are still doing this, but with less vigor than when police stations were burning down.

This included things like using tattoos on naked bodies, etsy store receipts etc.

Just before the r/cth ban, there was also a problem with chasers and leering objectification, and steps were taken to reduce thirst-posting and the like.

These things combined means that people don't post selfies or direct identifying information. People post their pets and artwork, but I know I have to make a decision about where and when I post things to make things non-trivial for cops or random chuds. I feel like a unique pet name, breed, and rough region could be enough to track someone down.

Even so, I think I'm bad at it. I feel like if someone knew me and read everything on hexbear they could ID me pretty easily (and I know multiple people in person on hexbear, but we've never exchanged usernames).

Idk if there are any hard and fast rules beyond the selfies and direct ID though. I should burn this account.

Edit: removed reference to masculinity

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Xiisadaddy@lemmygrad.ml 12 points 1 week ago (3 children)

The thing i personally think people should be focused on is compartmentalizing their internet activity. Cross-site tracking is pretty much everywhere these days. So if you have a twitter, instagram, lemmy, reddit, pintrest, whatever it is you do online. If you do not want your activity on lemmy to be linked back to those accounts you should be using a different browser for lemmy, preferably something like Librewolf. Privacy focused. If your really feeling paranoid go ahead and use TOR browser to login to lemmy. Assuming they dont block TOR connections here I've never tried.

Burning your accounts not a bad idea either. Back when i used reddit id make new accounts regularly and never use the old ones again. With lemmy i dont bother tho. Even if you make a new account regularly on a site as small as this its pretty easy to see if an account showed up around the time your old one went inactive and then followed all the same communities your old one did. Not a big assumption that is your new one then. the way you type, and words you use can also be fingerprinted and used to ID you across accounts. Of course you can take steps to prevent this type of tracking too if you want.

If what you want tho is to not get some chud sending you death threats thats pretty easy to accomplish. Make yourself a new account, dont post any personal photos, and only give very vague information about yourself. For example, How old are you? I'm in my 30s, 20s, etc. Dont say the exact number. Whats your name? Its Xiisadaddy as far as your concerned. Whats your gender? Irrelevant need to know only. Chuds arent that smart. They can only find you if you hand it to them on a silver platter.

Now let me see if i can find out some info about you from this account: Based on your profile just a quick glance tells me, your a woman, live in australia, seems like maybe you or someone you know was in the military, you live in an area with public transport that isnt good, a food desert, your landlord has a meth test cause in your lease, probably live in an apartment building, you have a niece, and siblings, and are autistic. I'm guessing late 20s, early 30s? Took me maybe 10mins to get all that. Don't feel like putting in more effort, but yeah id say you need a new account. Thats some pretty specific stuff an internet stranger just found out about you in 10 minutes. (reply to this and let me know if you want me to delete this comment btw so its gone too if you decide to get rid of your account)

Funnily enough ive been considering making a new one too this might be what pushes me to do it.

[–] keepcarrot@hexbear.net 11 points 1 week ago (2 children)

Even if you make a new account regularly on a site as small as this its pretty easy to see if an account showed up around the time your old one went inactive and then followed all the same communities your old one did.

Fortuntely, I only follow the defaults and the last time I burned my account Hexbear closed down new accounts for three days >.>

I think my main cross-account doxxing would come from artwork I personally have been created and I think both communities would enjoy. Reverse image search would out me pretty fast, especially if the post gets no traction (if a post goes viral, then its more likely it would be posted by a rando).

(I think being on hexbear and autistic doesn't actually change anything)

[–] propter_hog@hexbear.net 10 points 1 week ago

Hexbear + Autistic is pretty much just Hexbear

[–] Xiisadaddy@lemmygrad.ml 7 points 1 week ago (1 children)

Well a lot of sites track you across sites by fingerprinting your browser, cookies, stuff like that. So you dont necesarilly have to do anything for that. Its why using a different web browser helps.

[–] Erika3sis@hexbear.net 7 points 1 week ago (4 children)

How does using a different web browser per se compare to using a user-agent switching extension?

Sent from Mdewakanton Dakota lands / Sept. 29 1837Treaty with the Sioux of September 29th, 1837

"We Will Talk of Nothing Else": Dakota Interpretations of the Treaty of 1837

[–] blight@hexbear.net 8 points 1 week ago (1 children)

Tracking scripts use way more than the user agent. In fact, only changing your user agent makes you stand out more. See EFF’s site.

[–] Erika3sis@hexbear.net 3 points 1 week ago

I should note that this is in conjunction with blocking scripts etc by default.

Sent from Mdewakanton Dakota lands / Sept. 29 1837Treaty with the Sioux of September 29th, 1837

"We Will Talk of Nothing Else": Dakota Interpretations of the Treaty of 1837

[–] Edie@hexbear.net 8 points 1 week ago

Browser fingerprinting is complicated, there is a lot more than just user-agent.

[–] SamotsvetyVIA@hexbear.net 8 points 1 week ago

using a user-agent switching extension?

If you mean the Firefox Multi-Account Containers extension, then that's fine (although I have issues with cookie management in that), but just switching a user-agent is not enough to stop fingerprinting and cookies. Some new features like cookie bounce protection in the latest update and the enhanced tracking protection can kind of prevent this leakage, but remember that it's a numbers game and you need to be lucky always to not give anything away that could link your account to an off-site account.

[–] Xiisadaddy@lemmygrad.ml 5 points 1 week ago

Honestly i have no idea ive never used one.

[–] glans@hexbear.net 5 points 1 week ago

I think your overall answer on the social side of it was good. Compartmentalizing etc is a good way to think of it. But I feel compelled to challenge any specific technical advise. In general because it's impossible to give advice like this without knowing more details about the recipient. There are ways it could easily backfire by someone just blindly following it.

If you do not want your activity on lemmy to be linked back to those accounts you should be using a different browser for lemmy, preferably something like Librewolf. Privacy focused.

This plan doesn't really make any sense. The idea of breaking things up by browser doesn't scale like hardly at all. You can only have so many browsers installed on your computer. And they tend to be extremely resource-intensive so you can't be running many instances. A more reasonable way obtaining every benefit possible from this concept would be the use of profiles.

Even ignoring all that, I am still skeptical. Basically the benefit of the dedicated browser/profile concept is that it somewhat compartmentalizes system data which is exchanged with the remote host, ya? Is hexbear.net sharing a lot of cookies with gmail or facebook or cnn or whatever other websites you are going to? Does it make sense to pick 1 special website that will get the special secure treatment while all other browsing is done in.... an insecure environment? Are you opening external links in this special browser or are you copy/pasting them into your general purpose browser? And what about the large amount of fingerprinting that would remain consistent between browsers/profiles, such as IP address and other network infos, system environment, browser settings, session times etc? It doesn't really have much of a hope to accomplish the goal of keeping the accounts discreet.

It also doesn't consider use of mobile devices, apps etc.

Overall this kind of strategy could only even possibly be appropriate if you are considering a very specific adversary, namely one who has insider access to server logs, network traffic etc, of other computers you interact with on the internet. I guess multiple different remote systems in order to triangulate the information. So the owners/operators of servers, or someone who is able to obtain access (like by hacking or a warrant). If you have such an enemy this would hardly be sufficient and it'd be better advice to go straight to TOR. On the other hand, OP seems specifically concerned with "pervy men" who almost certainly do not have such access. It would be better to focus on the social compartmentalization to avoid divulging so much information that some creep can easily compile a dossier on you and track you down.

Setting and maintaining boundaries like that is not easy especially in a comradely social situation. I would avoid adding a bunch of dubiously-useful technically complexities. On the other hand it could possibly help to self-enforce. I like to use browser profiles to segregate off certain tasks. Like I have one for school work. It has a different color theme than my usual one and it reminds me not to wander off into other stuff getting distracted. I am not logged in to anything fun in that browser and I keep all the bookmarks on topic to school. The session can be opened and closed when I decide to start and stop working. It probably has a very minimal benefit in preventing my school-work online ID from getting mixed up with other online activities but I wouldn't rely on it at all. It's mostly just a mental thing.

[–] sudoer777@lemmy.ml 4 points 1 week ago* (last edited 1 week ago)

If your really feeling paranoid go ahead and use TOR browser to login to lemmy. Assuming they dont block TOR connections here I’ve never tried.

.w*rld blocks Tor a lot of times, .ml hexbear lemmygrad.ml do not

[–] JustSo@hexbear.net 11 points 1 week ago

This one hunna. I wish I could show you guys my pet and tell you all about him etc, he's the best thing in the world and there are so many cool facts to share about him and his type of what he is. I'm very proud of him. But alas, it is not to be.

Someone prolific and popular here posted about a cringe food item they saw IRL and I immediately knew which country they're from. Its hard to avoid not leaking your own info if you want to be a normal sociable and fun person on here.

I try to obfuscate by switching up my language here and there in certain ways but its not enough. my identity could be triangulated by matching metadata to posts linking out to eg youtube on the odd occasion i post a series of songs to the music comm in a given day. Fortunately other than framing Luigi for that time i shot the ceo I never really have to worry about threat vectors with the resources to ID me via that level of sophistication.

Remember to assess your threat model realistically. Problem is any random chud could recognise my pet without needing to be NSA tier, so while I dont have to be so paranoid as to avoid posting a series of music videos I'm watching, i do have to worry about shit like pets and tattoos and photos of my garden or of irl of any kind. I'm not a threat to anyone with power but my real world area does have natsocs with enough time on their hands to go walking in numbers masked up for shows of force.

I guess what I'm saying is be realistic, be reserved and dont get paralysed by the worst case scenario situations. Because we wouldn't even be posting at all if we engaged in truly serious activities, or thought one day we might do something funny irl.

Remember they caught dread pirate roberts off a fkn historic old question he asked on stack exchange probably made long before he had any idea his little coding project might potentially attract serious heat. Its probably too late for any of us to scrub accounts and get away with cool hijinx

If you really mite do a hardcore direct action one day then yes, be paranoid af. Otherwise just make sure a nazi tourist on the site cant ID you because they happen to live nearby and see you on your daily walks with your ferret.

[–] Acute_Engles@hexbear.net 11 points 1 week ago (1 children)

This account is the only one with this name but there are a couple users, i believe, who know my other handle. I've definitely got holes in my opsec but I'm pretty confident I'm low on the list of potential political prisoners.

I'm more worried about my cellphone data being used to track my IRL crimes so I usually just leave it at home

[–] stink@lemmygrad.ml 10 points 1 week ago

What crimes???

[–] ashinadash@hexbear.net 6 points 1 week ago (9 children)

The space was generally masc,

Is hexbear a femme space? If hexbear was masc, would that be really bad and perverted innately?

Sorry, I don't disagree with the whole post but this lil zinger is just hiding in there all innocuous.

load more comments (9 replies)
load more comments