Changes to Twitter API

Changes to Twitter API 1.1

As Twitter has changed their API from 1.0 to 1.1 which is totally reliant on oAuth and JSON I have had to take down the links to the Twitter Hash Tag Scanner as it was reliant on the old search RSS feeds which are no longer available.

I have had a quick look but it will take some time to re-develop and involve adding in consumer keys, access keys and so on. You would probably get blocked after a few scans anyway as you would have to login to your own twitter account to make the scans and their rate limits would apply.

Therefore I don't think a new version will be forthcoming to anyone who has purchased a previous version I can only apologise. It's a shame as I wanted to extend it but if I cannot make thousands of scans without being blocked the application just won't work with Twitters new API.

As for the Strictly TweetBot Wordpress plugin I have updated this to use the new API and I have tested it on a couple of my own blogs and it seems to be working.

Today was the switch off day so if you were using the plugin you would have noticed either:

• No tweets being sent out when you posted.
• In the Twitter message console lots of error messages saying Tweet not sent or Authentication error.

However if you upgrade to version 1.1.3 then this should fix the problem. 

You can get the latest version from Wordpress.

Also I am pissed off!

And I only just wrote a Twitter Direct Message Responder in PHP the other day which was working fine up until tonight as well!

Damn bloody Twitter.

Even with me being logged in and authenticated I was trying to get a list of my followers and for some reason I kept getting a message like this:

{"errors":[{"message":"Bad Authentication data","code":215}]}

I did write a post to the developer discussion boards on Twitter but as always I have cracked the problem before I got a response.

Basically I am using a very common Twitter / oAuth class which is used by my Twitter Plugin and many other plugins use it as well.

To fix the problem I had to do the following:

Change line 29 in the Twitter class to:

 /* Set up the API root URL. */

 public $host = "https://api.twitter.com/1.1/";

This resolved the issues in my own wordpress plugins which solved sending normal tweets out but to get my Direct Message Responder code working I needed to do one more thing.

Whereras before I was making use of a simple file_get_contents call to an XML feed which Twitter has now abandoned for JSON I had to change this to use the inbuilt HTTP request functions in the Twitter class e.g

$response = $oauth->get($followers_url);

This returns 20 of your new followers (I have not worked out how to get more yet) but in a JSON object.

You can either loop through the nested objects of you could use json_encode to convert the object to a string to do a simple regex to just get a list of screen_names e.g

$body = json_encode($response);

preg_match_all('@"screen_name":"([\s\S]+?)",@i',$body,$matches,PREG_SET_ORDER);

And that solved the problem!

Some clever code for SEO that won't annoy your users

Highlighting words for SEO, turning them off for the users

You might notice in the right side bar I have two options under the settings tab "Un-Bold" and "Re-Bold".

If you try them out you will see what the options do. Basically unbolding any STRONG or BOLD tags or re-bolding them again.

The reason is simple. Bolding important words either in STRONG or BOLD tags is good for SEO. Having content in H1 - H6 tags are even better and so are links - especially if they go to relevant and related content.

However, I don't claim to be the first person to start bolding important keywords and long tail sentences for SEO purposes but I was one of the first to catch on that the benefits for SEO were great.

To much bolding and it looks like spam, too little you might not get much benefit but you have to 2 areas to cater for.

1. The SERP crawlers (Googlebot, BingBot, Yandex etc etc) who see the original source code on the page. When they do they will just see words wrapped in normal STRONG and BOLD tags (See for yourself).

2. However if a user doesn't like the format and mix of bolded and non bolded wording then they can use the settings to add a class to all STRONG and BOLD tags that basically takes aways the font-weight of the element. You would only see this in the generated source code. Running the "Re-Bold" function after the first "Un-Bold" will just remove the class that took away the font-weight in the first place returning the element to it's normal bolded state.

Therefore the code is aimed for both BOTS and users and you can see a simple test page on my main site here: example to unbold and rebold with jQuery.

I have used jQuery for this only because it was simple to write however it wouldn't be too hard to rewrite with plain old JavaScript.

Another extension I have lost since updating this blog format but would be easy to add is the use of a JavaScript created cookie to store the users last preference so that they don't have to keep clicking the "un-bold" option when they visit the site.

As Blogger won't let  you add server side code to the blog you will need to do it all with JavaScript but with the new blogger layout (which I love by the way - unlike Google+) it is easy to add JavaScript (external and internal) plus CSS sections and link blocks to control the actions of your functions.

An example of the code is below and hopefully you can see how easy it is to use.

First I load in the latest version of jQuery from Google.

Then I use selectors to ensure I am only targeting the main content part of the page before I add or remove classes to STRONG or BOLD tags.

<style type="text/css">
.unbold{
 font-weight:normal;
}
</style>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>

<script>
function unbold()
{
 $(".entry-content").each(function(){  
  $("strong",this).addClass("unbold");
  $("b",this).addClass("unbold");
 });
}

function bold()
{
 $(".entry-content").each(function(){
  $("strong",this).removeClass("unbold");
  $("b",this).removeClass("unbold");
 });
}
</script>

So not only are you benefiting from SEO tweaks but you are letting your users turn it off if they feel it's a bit too much. Hey Presto!

Why I hate the new Google+ API

I absolutely hate the new Google+ API

Yes Google+ have had a revamp and if you are not on it then you won't know what the old version was like if you now join.

To me it's as if someone has read too many books on the jQuery effects library and basically orgasmed code across the API.

If you go to type a new status message into a box the whole page shifts round so that your box moves to the centre of the screen and the rest of the messages and segments of the page do a little jig around it so that you are supposed to go "wow".

Not me. Too much API Jizz is something I hate. 

Not only does it repeatedly turn my PC into a helicopter as the CPU rises and falls like a coke head on the lash but it just is too much for my ageing eyes.

It really seems to me as if someone is showing off by writing their "funky" API code. Hey boss look what I can do with a shit load of JavaScript that takes ages for all the page segments to load but makes non techies go "oooh" as they see it in action.

Whilst an API should be friendly and easy to use there is nothing "useful" about the whole screen moving around just so your current type box is in the middle of the screen.

Why not just put the "new message" box in the middle to start with?

Not only that but the amount of times I go to reply to a conversation down the right hand side and someone I have never seen before pops up in a box on top of the place I am trying to write is beyond annoying.

It means not only can I hit the send button but sometimes if I can find a way to get rid of the annoying box (and that's not 100% of the time) the message I was writing disappears!

I know writing the whole page in JavaScript stops (or limits script kiddy's) from scraping easily but there really is a limit. Personally I just think Google+ have crossed it and that there was nothing too wrong with their old API.

What do you think?

Handling unassigned local variable errors with struct objects in C#

Handling non assigned struct objects in C#

If you have ever used structs and had use of unassigned local variable errors from your editor i.e Visual Studio then there is a simple solution.

The problem comes about because the compiler is not clever enough to realise that the struct object will always be initialised when used.

This is usually because the struct object is initialised within an IF statement or other code branch which makes the compiler believe that a similar situation to the "unreachable code" error has been detected.

As the compile cannot definitely tell that the struct object will always be initialised when it gets used it will raise a compile error.

In Visual Studio it will usually show up with a red line under the code in question with the error message "use of unassigned local variable ..."

Here is a simple example where the struct object is populated with a method and starts off in the main constructor method unassigned.

However because of the nature of the code and the fact that on the first loop iteration oldID will never be the same as currentID (as oldID starts off as 0 and currentID as 1) then the IF statement will always cause the this.FillObject method to run on each iteration.

Therefore the myvar variable which is based on a struct called myStructObj will always get populated with new values from the loop.

However the compiler cannot tell this from the code and will raise the "use of unassigned local variable myvar" error when I try to pass the object as a parameter into the this.OutputObject(myvar) method which just outputs the current property values from the object.

public class Test
{

 /* example of a method that believes the struct object won't get assigned even though due to the if statement it always will */
 public void Test()
 {

  myStructObj myvar;
  int oldID = 0; 

  /* just a basic loop from 1 to 9 */
  for(int currentID = 1; currentID < 10; currentID++)
  {
   /* as the oldID starts as 0 and currentID starts as 1 on the first loop iteration we will always populate the struct object with values */
   if(oldID != currentID)
   {
    /* populate our struct object using our FillObject method */
    myvar = this.FillObject(currentID, "ID: " + currentID.ToString());

    oldID = currentID;
   }

   /* try and parse our struct to a method to output the values - this is where we would get our red line under the myvar parameter being passed into the OutputObject method e.g. "use of unassigned local variable myvar" */
   this.OutputObject(myvar);
  }

 }

 /* Simple method to output the properties of the object to the console */
 private void OutputObject(myStructObj myvar)
 {
  Console.WriteLine(myvar.prop1);
  Console.WriteLine(myvar.prop2);
 }

 /* Simple method to populate the struct object with a string and integer value for both properties*/
 private myStructObj FillObject(string val1, int val2)
 {
  myStructObj myvar = new myStructObj();

  myvar.prop1 = val1;
  myvar.prop2 = val2;

  return myvar;
 }

 /* my struct object definition - using non nullable types */
 public struct myStructObj
 {
  public string prop1;

  public int prop2;
 }
}

Solution to use of unassigned local struct variable

The solution is to either to always initialise the object before you start the loop or to just use the default keyword to ensure your struct object variable is always set-up with default values.

Example Fix

myStructObj myvar = default(myStructObj);

This will get rid of those annoying red lines and use of unassigned local variable errors.

If your struct object is a value type then it calls the default constructor and if it's a reference type you will get a null that you can then test for before using it.

Simples!

Internet Explorer virus used to attack US nuclear weapons researchers

Internet Explorer virus used to attack US nuclear weapons

By Dark Politricks

From the popular alternative news site darkpolitricks.com comes the news that the "most popular browser in the USA - yes IE 8!" has been used by hackers to infiltrate US nuclear weapon researchers computers in America.

Apparently zero day exploits were used, as well as a virus on a popular website frequented by members of the nuclear weapons industry.

The hack was only discovered after an unknown number of computers became infected with a backdoor Trojan that was reportedly installed on the machines of web surfers who used IE 8 to navigate to a specific page on the US Department of Labor website.

"The Department of Labor site was rigged to redirect users to another site that infected computers with an iteration of the infamous "Poison Ivy" Trojan, which was able to avoid detection by all but two major anti-virus products,” Ben Weitzenkorn wrote Monday for TechNews Daily."

According to Microsoft, "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Why IE 8 is still the most popular browser in the USA I have no idea. Have they not heard of Chrome, FireFox or even IE 9?

We all know IE 6 was a danger to itself, it's users and everyone else around it.

This was due to the severe amount of security holes in the code and the large number of hacks that had to be used to make websites work in it. This was both by CSS designers and JavaScript developers who had to come up with the many frameworks we are now left with. All just to make a standards compliant webpage work in IE and normal browsers.

Just think if it wasn't for IE 5 and IE 6 we probably would have never even heard of jQuery, Prototype, addEvent functions and hacks to get uncommon browsers working on your PC like window.opera and user-agents that are so full of shit they have lost all meaning to anyone.

You can view the full article US nuclear weapons researchers targeted with Internet Explorer virus at the popular #altnews site darkpolitricks.com.

How to download videos from youtube.com

How to download videos from youtube.com

Have you ever wanted to download a video from youtube.com for later watching?

What about when you visit a website that is linking to a video and you don't have time to watch it and then you go back to the site to play it to only find that it has been removed from youtube.com due to "Copyright Infringement". Or it has been removed by the original uploader for some other reason.

Well the safest thing to do if it you find a video that you like on youtube.com is to download it so you have a copy yourself which you can watch whenever you want or even upload to a server and host yourself for others to watch.

I used to have a bookmarklet that did this for me but as all these big sites keep changing their source code it doesn't work anymore.

Therefore the simplest solution to download a copy of a video from youtube.com is to do this.

1. Go to the video on youtube.com e.g http://www.youtube.com/watch?v=bxI1skgga1U (which is the Ethos Documentary by Woody Harrelson)

2. Change the URL in the address bar by just putting an ss before the word youtube e.g ssyoutube so that url will become http://www.ssyoutube.com/watch?v=bxI1skgga1U

3. You can test this by clicking the link above (the one with ssyoutube in it).

4. You will then be taken to a free downloader page which will give you various options for downloading the video such as the format, FLV, MP4, 3GP and quality options as well.

5. Click on the format you want and then the download will begin.

Quick and easy and a nice little trick to save those videos that only last an hour or two on youtube.com!

Internet Censorship and Privacy - How they track you

Internet Censorship and Privacy - How they track you

This was taken from the www.darkpolitricks.com site.

Internet Censorship and Surfing Anonymously

By Dark Politricks

Sometimes it feels like the good old days of the Internet and being anonymous have passed - and you would be right.

With restrictive and snooping laws being passed all over the world, firewall filters wrapped around whole countries, Twitter users sued for Re-Tweeting libellous claims and big tech companies working hand in hand with the biggest security forces on the planet there really is no way to escape.

However there are ways to minimise your "footprint" and if you are not a serious criminal or terrorist then you shouldn't have anything to fear.

However if you are then you're probably being watched through your webcam right now whilst your iPhone's microphone is being channelled into GCHQ or Langley for analysing - tough luck!

From a users perspective the Internet contains a myriad of security and privacy issues which if the user is not aware of could cause potential problems on all manner of levels.

For the privacy conscious person who wants to be able to surf the net without worrying about someone looking at the content they have visited in real time or at a future date e.g your work, government or Police then there are a number of issues they need to be concerned about.

With the recent dismissal of the head of America's most powerful spy, David Petraeus, and knowledge about the way he was caught it is good to know the way's you are tracked so you can choose whether you want to take that risk.

As with most web content if you wanted to be 100% anonymous on the web it will be pretty hard to do.

If you want to stay totally anonymous you should probably move underground somewhere as there is always a satellite up there somewhere and with Google Earth you cannot even escape commercial companies anymore. So moving to the woods to live in a hut without electricity or broadband is not even an option anymore!

However there are various forms of tracking that you should be aware of so that you can limit the risks to you whilst surfing or using the Internet or phone. These don't have to be to hide from the Government but could just be to prevent your personal details from being sold to advertisers or having horrible popup boxes show when you close a window.

This is not a comprehensive list but it is a start and it is also one that is constantly changing as technology changes. When I wrote this originally tablets (iPad etc) were not that common. Now they are just another place to accumulate your browsing history and a tool to be used against you if you are ever in that unfortunate position.

Emails

This is is how the head of the CIA was caught out. He wasn't sending the emails but he was saving them as a draft under an anonymous Google account and then letting his mistress login and read them.

This way there was no Internet trail as when you send an email the mail is routed from server to server and the IP addresses of the mail servers it travelled through are recorded in the headers of your mail. 

Check it yourself. If you use a mail client find the option to "View All Mail headers" and then view an email that has been sent to you. At the top you should see the details of the route that the email took which should show the originating mail server, the receiving mail server and the IP addresses of any it traveled through in-between.

When people use this draft save only technique they are trying to avoid this trail. However you are defeating yourself in the first instance by:

a) Using an online mail server such as Gmail or Hotmail. All the data including drafts are saved on THEIR servers i.e "in the cloud" so if they disable your account, or are served with a warrant there is a good chance your draft emails will be accessed and read along with your sent, read and junk emails.

b) If you don't hide your origin when signing up for a throwaway Gmail or Hotmail account (you have to fill in a form to get one in the first place) then they will still get your IP address unless you have gone through known secure Proxy servers or used someone else's computer without their knowledge (e.g an open Wifi router). Do a scan on your PC / Phone now and see if there are any around you. Open ones won't have a lock symbol next to them.

c) Remember that Microsoft computers store all deleted emails, web history and other files even when you think they have been deleted on your computer. Here is a very old article from 2000 which shows even back then Microsoft was hiding emails, web searches and other files from users. The scripts and batch files you might find if you search for "Microsofts Really Hidden Files" probably won't work anymore but they probably have no need for such old methods anymore especially when people are buying computers and defaulting them to backup everything to the cloud.

How to bypass

Don't use "cloud based" systems that are well known to have links with the US security services (Microsoft and Google have - as I have shown and both these mega companies are actively helping the US spy agencies with their own huge database). Read this article on why we are sleep walking into a surveillance society by consent. Then ask yourself whether using any of these big Internet companies software is safe, especially as they seem to gobble up smaller companies by the minute. Why create back-doors when you can walk in the front I asked myself when Microsoft bought SKYPE.

It may pain you but by using any Internet based email service it means recording the data as it leaves the device you write your message on, storing it on a computer system you have no control over and by signing the Terms and Conditions you have allowed them to "own" your data and use it for advertising and God knows what else.

Plus nothing leaves the Internet, you can view cached versions of Google (or any site) all the way back to the 90's on this site: http://archive.org/web/web.php

If you don't want your own website to appear on this search engine that archives everything forever then they are pretty good about obeying the robots.txt directives so you can put this in your robots.txt file (read about it here) to prevent that site indexing your site.

# alexa archiver
User-agent: ia_archiver
Disallow: /

To be really sure you can block the IP 207.241.224.41 in your .htaccess file or at your firewall if you wanted to stop them crawling your robots.txt file at all.

Also use throwaway email addresses if you can or even create your own with some basic scripting (not hard if you can be bothered) and put it on a server in another "more freedom friendly country" and use proper proxies to access the webpage front end to send your emails (the part about proxies come later on).

The need for these disposable email systems sprung out of the need for a quick email address to sign up to a site or set up an anonymous blog or anything else that you don't want all the spam emails that follows. I also have found with some basic hacking you actually use them to send AND receive email - it all depends on how good the programmer is.

Either do a search for "Disposable Email Addresses" to find the latest ones or check out guerrillamail.com or Mailinator  however a word of warning - there are lots of disposable email accounts out there who knows who really owns them? If you do use them make sure their URL starts with https:// (this means data is encrypted from your PC to their server).

As for Internet files you can use "cleaner" tools like CCleaner to remove cookies, old registry files, old programs, start up applications and Internet history easily. Plus you should never use Internet Explorer anyway, as there are a myriad of more security conscious browsers such as FireFox out there which are much better on the privacy front as they are not tied into the operating system of your computer.

Using the Cloud to backup your "Secure" data

Storing anything on anyone else's computer means you don't have control over it. Therefore cloud based storage systems should be avoided for anything personal or secure. Even phones nowadays have settings to automatically back up your numbers, texts, photos and videos.

It might be good if you ever lose your computer or phone but remember that if the cloud based backup server is in the USA then they are probably sniffing everything inputted into it anyway.

This is  the same for Facebook, Google, Tumblr and any other social media site. As soon as you put anything on that site THEY own it and if they are served a subpoena or warrant to hand the data over there is nothing you can do.

How to bypass

It may pain you but just don't use Facebook, Google, Twitter or any other social media system if you are going to put anything dodgy on it.

The same goes for dropbox and any other web based storage centre that may have to hand over your data to the authorities one day.

If you must keep files secret then keep a portable external hard drive at home and backup all your files to that device before hiding it. At least that way you have control and ownership over the backed up data and you are the only person who knows where it is located.

Using your computer hardware to spy on you

There have been many cases lately where computers and phones have been used against their owners to spy on them.

Last year there was a big outcry about iPhones "secret" database that logged all the GPS positions you had been to with your phone. Even without GPS they can use phone mast triangulation to find a near enough point that your phone pinged the mast.

Also we had the case of cops using tools to download this data as they pulled motorists over or arrested people and then illegally accessed this database of locations to find out where you had been.

As for computers we had a school in Lower Merion school district in Philadelphia that was accused of spying on students in their bedrooms via school issued laptops and the webcams built into them. Would you want a headmaster in his office alone at night watching your kids in their bedroom?

How to bypass

Take the battery out of your phone whenever you don’t want to be tracked.

As the earlier report shows cellphone triangulation tracking takes less power than GPS tracking and even when your phone is turned off a tiny amount of battery charge is available to the phone which is enough to log your presence at a nearby tower and then log your presence down to the nearest 100 metres or so. 

Either that or use pay phones or pay passers by to use their phone when you need to make a call when your phone is unavailable.

On your computer turn off the microphone and webcam with your settings e.g on Windows it's in Control Panel. On Windows 7 it will be under Speech Recognition and Audio Devices.  To be extra safe wrap masking tape over the webcam when you don't want to use it as well as the speaker (blue-tack or something else that would muffle the sound). Anything that can be useful to you can be useful to someone with control of your computer.

To test if your microphone is working either go into your computers settings e.g control panel or go to the old Google Search Engine (if it's still available at http://www.google.com/webhp?hl=all ) hit the microphone symbol in the input box and talk.

If you see the blocks under the microphone move up and down and then a result similar to what you said appear in the box - the microphone is still on. If it's off it will say so.

Javascript urchins

These are little bits of script that are added to the source code of the HTML page you are visiting. They use JavaScript to record identifying features about the user and their browser such as the user-agent, system details and location by calling a script on another server that then logs these details to a central database. A good example is Google Analytics which most sites including this one use to tell the owner about the amount of traffic they receive and where it is coming from.

How to bypass

Turning off Javascript will prevent this logging from occurring. You can do this in most browsers through their Tools > Options settings but you can get toolbars and add-ons like the FireFox Web Developer Toolbar or the NoScript add-on that do this for you.

Webbugs

Similar to urchins these are little images, usually so small they cannot be seen, that point back to a web server and run some code whenever the image is loaded by a client. They tend to be used by email marketing tools and are embedded within HTML emails so that they can record who has actually opened the email and track the email if its forwarded it on. 

They can also exist on web pages or within desktop applications and as the image is hosted remotely whenever it is loaded it records the location of the application or user who is loading it.

How to bypass

Many email clients if they don't do it automatically have the option to display emails as plain text which would prevent these webbugs from working. I use Thunderbird which is free and you can set to ask you first whether to load any remote content at all whether they are images, scripts or anything not already embedded within the email.

 In Browsers you can disable images easily with the Web Developer toolbar, Google Chromes privacy settings or by using a text browser like Lynx.

Server Side logging by the page

Most pages on the web nowadays are more than pure HTML/CSS and contain code that runs server side e.g .asp, .php, .jsp, .aspx etc.

When the page is requested the web server parses the page and runs any code before returning the generated HTML to the client. This code has access to a lot of information about the client requesting the page such as IP address which can be used for GEO tagging, User-agent details, accepted file types and other information contained within the headers. They could choose to log this information to a database or file if they wanted to even if the IIS or Apache web server had its own logging disabled.

For example if you got to whatsmyip.org you will see all the information that is passed to each webpage you request including geo-location information, details about the type of computer you are using and much more. Whilst not totally accurate they can pinpoint the last location of the computer used to access a webpage which could be your own PC or could be someone else's (if you use a proxy - see below).

How to bypass

Please read the guide under the following section about web server logging as it applies to both.

Logging by the Web Server

Every time you make an HTTP request e.g access a web page, a record is made on the web server that hosts that page to a log file. Each separate file contained within that web page is logged so every image, CSS file and script is logged along with your IP address, the method e.g POST or GET, the URL, bytes sent and received and much much more.

Although its possible to turn off this logging most companies running web servers require these logs for traffic analysis e.g with a tool such as Webtrends as it helps analyse traffic from all agents including robots who do not have JavaScript support. Also many countries now require ISP's to keep log files for up to a year or more in case the data is required at a later date.

How to bypass

As you must assume that the web servers you are visiting sites on have logging enabled then the only way to not get tracked is to go through proxy servers or use tools like the FireFox add-ons Modify Headers or Tamper Data which allow you to change the headers sent from your PC to the webserver in question and act as a mini proxy on your own PC. They cannot however change the REMOTE_ADDR header which holds the IP address of the PC making the request.

Another way is to turn your PC into a webserver through free software like WAMP Server and then create a web based proxy for your surfing. The good thing about this is that in the remote servers log files all they will see for an IP address is 127.0.0.1 which is the local loopback IP address and cannot be used to track anyone as every PC uses that address.

Remember a proxy is just an intermediate server that sits between you and the web server you want to access. If someone was tracking you they would only see your request to the proxy server and not the actual content that the proxy server requests on your behalf.

There are various forms of proxy some that are anonymous and others that pass your IP address along in the HTTP_FORWARDED_FOR, HTTP_X_FORWARDED_FOR or any number of other headers. You can also use code or tools to fill these headers with random IP addresses to make it harder for a tracker to find you as it will look like you have bounced round a lot of proxies when in fact you haven't.

There is also a form of proxy known as an "anonymizer", which is called this because it hides all the users identifying information such as headers that hold the IP and user-agent. There are lots online for you to use.

Anonymizers are not entirely secure. If an anonymizer keeps logs of incoming and outgoing connections and the anonymizer is physically located in a country where it is subjected to warrant searches then there is a potential risk that government officials can reverse engineer and identify all users who used the anonymizer and how they used it.

Most anonymizers state they do not keep logs but there is currently no way to confirm that. However, if the user used another anonymizer to connect to the exposed anonymizer, that user is still anonymous. This is sometimes called daisy-chaining. 

The safest way therefore is to use a chain of proxy servers to make your requests or use a specialist service like TOR which is designed to make it hard to track Internet usage.

P2P Torrents

People use torrents to download films, music and other software. Sometimes these are illegally obtained copies or pirated software.

The Pirate Bay was one of the most famous sites that people used to obtain torrents and the people behind it are currently involved in legal action as the US movie industry is trying to sue them for facilitating the illegal download of copyrighted material.

Even though they are just a search engine on the same lines as Google or BING (and you can find torrents on those search engines as well!) - it is pretty unfair as the Pirate Bay are not uploading the films themselves they are just a search engine that lists files of a certain type.

When you download torrents you use special software such as uTorrent or Deluge to download all the tiny pieces of the file you want. The idea is that because you are not downloading a whole file from one location but rather tiny bits of it from lots of locations you are not really breaking the law.

When you download you are a "leecher" and when you upload you are a "seeder". The software simplifies all this when you download a file as it connects all the tiny bits up for you so you don't have to worry about where they are coming from. 

Also as you download you are also uploading the bits you have already downloaded so other people can obtain them. You can change your settings to prevent the uploading part of this if you want to by changing the ratio of upload versus download or the rate/speed that you upload (or even turn it off).

The Priate Bay was the biggest site on-line which is why it is being targeted and if you try accessing www.thepiratebay.org in your browser now I bet you it will be blocked by your ISP.

How to bypass

There are many proxies for the Pirate Bay which will allow you to access the site from a different URL. Just search for "Pirate bay proxies" and then pick one. 

You might find an advert at the top of the page counting down - this is a way to access the site once the count is down to 0. Ignore the main part of the page and click on the "view" button that might appear after the countdown in the top right corner which should take you to the pirate bay proxy. 

You might have to try a few out first but I use https://piratereverse.info. As soon as the ISP shuts one down another one will pop up (just like the thousands of people who pointed domains at WikiLeaks when it was blocked) so you will always be able to find a site to get them from whether it's the Pirate Bay or a User Group or discussion board.

Also beware that many torrent tools will be flagged as Trojan down-loaders (even when they are not) and also that ISP's and other government organisations insert their own trackers that log the IP addresses of people downloading the torrents so that they can contact/blacklist/reduce your bandwidth etc. Therefore be careful and pick a good one and read up about trackers before engaging in torrent downloading.

To make the chance of being caught a lot less you can should change your torrent tool settings to go through a proxy server - preferably HTTPS (encrypted) or use any option that forces encryption when transferring files. 

You should also change the port used by the tool in your settings from a random number to 80 or 8080 as these are common webserver ports and make it hard for ISP's to tell what kind of traffic is being transferred. If possible use a "block list" that will mean that all the data packets sent to or from you will bypass known ISP routers where they can be sniffed and identified. More and more ISP's are doing this so this is wise to prevent yourself from being caught.

Read these articles to help you install a torrent down-loader and set-up measures to prevent yourself being blocked.

http://thecyndicate.com/Communication/showthread.php?703-%26%239432%3B-Download-Torrents-SAFELY-Without-Your-ISP-Tracking-You

http://www.ehow.com/how_8716782_torrents-work-isp-block.html

Cookies

Cookies are small text files that are stored on the clients computer and contain very small pieces of text. They are mainly used by websites to store flags that enable the site to know whether you have previously been to their site or not. Advertisers also use them to track the type of sites you visit so that they can deliver targeted advertising the biggest offender being Google which uses their domination of the market to track the sites users visit so they can target content specific adverts to the user.

Another type of cookie is a session variable which is used by many sites to store a unique ID that refers to a visit on the site. The ID is generated by the web server and the session cookie only stores this ID so that on each request to the server the system knows that the visitors requests belong to one visit.

How to bypass

If you are concerned about tracker cookies then you easily disable site related cookies in your browser but if you disable all cookies then Session variables won't work and you will most likely find yourself getting logged out of member only areas of websites or not being able to login in the first place.

The best option is to disable 3rd party cookies (those set by advertisers) and to delete non essential cookies after using the Internet (Incognito mode in Chrome).

Flash, ActiveX, Java Applets

3rd party components such as Flash, ActiveX controls and Java applets come with their own security concerns. There have been numerous security vulnerabilities reported with these types of component as due to their complexity and power they have more access to the clients computer than a normal web page. They should be seen as mini applications rather than just a fancy banner, game or helpful utility to enable you to upload files to Facebook more quickly.

You shouldn't install these types of application unless you are totally sure they are safe as they could have a lot more control over your computer than you realise. There have even been hacks that have enabled remote users to video and record a user through their webcam without them knowing.

How to bypass

You can use Firefox extensions such as FlashBlock or AdBlocker to disable flash on specific pages or the Opera browsers Turbo mode which speeds up page loads as well as allowing you to choose which flash movies to play. If you decided to choose privacy over anything else then you will end up having a pretty boring web experience as more and more sites use Javascript and Flash to deliver interactive content.

However if you are really security conscious you should use a text browser such as Lynx which won't load images, flash, JavaScript or any other form of plug-in. It will show you the textual content of the pages you visit and will ask if you want cookies to be stored for each request. Due to only loading text and links you will have fast load times so there is a benefit to having a reduced web interface.

You should also regularly check your PC for viruses and spyware. One of the first things modern Trojans do nowadays is download good anti-virus software so that they don't get overwritten by another spyware app!

They also try to disguise themselves as virus checkers to avoid detection. Even the best off the shelf virus checkers don't catch all forms of spyware especially those that have to regularly download virus definition patterns as it means new viruses don't get caught until they have been identified, a pattern created and downloaded by the client.

Virus payloads can also be modified randomly to avoid pattern detection so tools that don't use pattern matching such as hijackthis.exe which runs an analysis of all currently running processes looking for odd behaviour are good tools to use. This tool will generate a report which can then be analysed by members of the special Hijackthis.exe message board for signs of infection.

One of the best removers of Trojans I have found is a tool called SDFix.exe which managed to detect and remove a Trojan that four other tools including an off the shelf app didn't detect. There are also a number of good free products such as MalwareBytests Anti-Malware and AdAware anti adware and spyware software which can be run regularly to check your PC for spyware and viruses.

However keyloggers that are based around hardware such as cable extensions that you don't notice that have been inserted by your employer are undetectable unless you know what you are looking for and will store every key pressed on your PC whilst enabled. Check your cables that come out your computer to see if anything strange is connecting two parts of a wire together.

If you are caught out by such a tool make sure your employer has followed the law by informing you of any anti-privacy measures he or she may have introduced such as monitoring your PC and web usage in your contract. If they haven't then you have a good legal case to sue  them and they are breaking the law by spying on you without your knowledge. The same goes for CCTV, recording devices and other means of logging your activity without your knowledge.

Article 8 of the Human Rights Act that is used in the UK has been successfully used in previous cases by employees who have been sacked due to unknown spying by their employers and should be used by anyone taking their employer to court if they have been sacked due to such technological spying.

Tools to use to aid privacy on the web Firefox Add-Ons

• Web Developer toolbar. Disable Javascript, cookies, view cookie and header info, modify the DOM, view generated source code, show password fields.
• Flashblock disables flash movies until you enable them. Allows creation of a white-list of allowed sites.
• FoxyProxy manage your proxies with an easy to use tool.
• Tamperdata or Modify Headers acts like a proxy and allows you to modify HTTP requests as they are made from your client.
• HTTP Fox, Firebug and even the Chrome developer toolbar allows you to see all the data your PC send to websites and the data sent back by the webserver you are accessing. It also shows any redirects or code loaded in that you might not be aware of.

Google Chrome

• Use Incognito browsing to prevent browser and search history and cookies from being stored.
• Firefox and IE9 also have privacy modes that can be used to remove cookies and reduce your internet footprint but I would not trust anything Microsoft as it's hooked into the computers main system and parts of the browser are shared with other non Internet based software.

All browsers

• De-activate Javascript, VBScript (IE only) until you know the site is safe.
• De-activate 3rd party cookies used by trackers, advertisers and sites wanting to keep track of you as move around the web such as Google Analytics.
• If you share a PC Clear your cache, autocomplete, download list and history regularly - use CCleaner, AdAware etc.

If you need more details about the various forms of Internet Censorship and how to bypass it then check out the following article that contains a lot of details about the various methods used and how to bypass them.

How to bypass Internet Censorship If you are looking for an up to date list of available proxy servers then you can check out the following links:

http://nntime.com/proxy-list-01.htm

http://www.proxies.by/proxy/

http://www.workingproxies.org/

The following page has an index where you can find more proxy lists 

http://www.dmoz.org/Computers/Internet/Proxying_and_Filtering/Hosted_Proxy_Services/Free/Proxy_Lists/

If you want to quickly access some web based proxies you can pick from the following list or you can read my guide on creating your own web proxy which comes with an example and some code you can use to get running quickly.

Read the original article at www.darkpolitricks.com.