JAVASCRIPT VULNERABILITIES AND
REMOVING PERSONAL METADATA
FROM FILES
Before I get into removing harmful meta data from your files, I want to talk about another
vulnerability to our browsing capabilities called JavaScript.
In mid-2013, a person in Ireland was providing hosting to people that hosted hidden
services including a secure email platform called Tor Mail. Unfortunately, they busted him
on an unrelated charge relating to child pornography and seized all his servers. Whether or
not he was related to child porn or not, is unknown to me, or it could be a silly charge the
feds slapped him with but either way, the feds ended up injecting malicious JavaScript into
his servers so that when users would visit certain sites, this malicious code would execute
on their computers and reveal information about their computers to the feds. I suggest you
read the following article to learn more about this.
https://openwatch.net/i/200/
With that being said, you may want to disable JavaScript in your browsers, especially
when visiting certain websites like that may become compromised one day.
In Tails, the browser is called Iceweasel and when Tor in ran in Windows, it uses Firefox.
Both browsers can disable JavaScript using the exact same method. Open up a Window
and type the following command in the address bar, “about:config” and click the button
that says “I’ll be careful, I promise.”
This will bring up a bunch of settings including a search bar at the top. Enter JavaScript in
the search bar and look for the following two entries, “javascript.enabled” and
“browser.urlbar.filter.javascript”. Right click on these and click “Toggle” and you will see
the Value changed to false. If you want to enable JavaScript again, just click Toggle again
and you will see the value change back to true.
Again, remember that every time you restart Tails you will have to do this again, so get
into a habit of doing this every time. You never know when your favorite website could
become compromised.
Moving onto meta data. There is a bit of a famous story about an online hacker named
w0rmer that would take pictures of his girlfriend and post them online after he would
deface a webpage. What he either forgot, or didn’t know was that photos taken with the
iPhone and other smart phones save the GPS coordinates of where the picture was taken
and store it in the meta data of the picture. Check out this article below.
https://encyclopediadramatica.es/W0rmer
You need to remove this meta data! Otherwise you could end up in federal prison with
w0rmer. Luckily Tails has a solution for this! See why I love Tails?
Applications -> Accessories -> Metadata Anonymization Toolkit
Please get a clearer idea of how this works by reading the following page.
https://mat.boum.org/
Please note the currently supported formats. In terms of pictures, jpg, jpeg and png. But
unfortunately MAT is not perfect and I wouldn’t solely rely on it, so a better idea would be
to never upload pictures of yourself or your significant other online, especially bragging
about a hack you committed. Please read the site provided above for more information.
Do'stlaringiz bilan baham: |