Customize

Safeguard Your Personal Info and Your Finances!

Discussion in 'Keeping Your Anonymity In Iran' started by NiteOwl, Aug 15, 2009.

  1. NiteOwl Member

    Pass this on on Twitter or emails if you think it's sensible.

    In light of what has been happening in the past few days, I figured it was time to write something to try and keep people safe from the variety of schemes that are popping up, as well as from IRANIAN AGENTS who are targeting people. With the current situation in Iran, it would be wise to be very careful when providing your personal or financial information at a demonstration, online or by donating.

    Giving out your information during a demonstration or online is a NO NO NO! You will not only be endangering yourself but also your family. Please take note, there are Iranians within the Iranian communities abroad, who have sympathies with the government. THEY WILL use their situation, outside of Iran, to work for the government. Please be very careful about this. Friends have told me, on multiple occasions, they have noticed suspicious people trying to get personal information from people during demonstrations and also online. KEEP YOUR ANONYMITY!

    No one needs to know anything about you and what you are doing. I love you all and want you to be SAFE and SECURE while you are helping human rights and democracy globally.

    As for donations, anyone can ask for personal information or financial donations without you being aware of who they are or what they represent.

    IT IS ILLEGAL IN THE US TO SUPPORT CERTAIN GROUPS SO PLEASE CHECK CAREFULLY BEFORE DONATING TO ANY ORGANIZATION. IT IS ALSO INCUMBENT UPON THE PERSON MAKING THE DONATION TO ENSURE THE MONEY IS NOT BEING USED FOR ILLEGAL ACTIVITIES OR THE DONOR COULD ALSO BE IMPLICATED. THE SAME GOES FOR MANY EU COUNTRIES.

    If you do wish to donate there are several well known charities which have been highlighting the human rights issues in Iran such as Amnesty International / Amnesty International USA / UNICEF as well as other respectable well known charities who would welcome donations. They are well known and use the money where it will do the most good. You can also be certain that they will not be using your personal information in any shape or form to steal your identity or your money.

    There is also the issue of tax-exemption. To check if a charity has tax-exempt status in the US, go to the Internal Revenue Services web site Internal Revenue Service. For people living outside the US please check with the appropriate authorities in your part of the world.

    This is a summary of information from http://www.charitywatch.org and for tips try: http://www.us-cert.gov/cas/tips/

    Never give to a charity that you know nothing about. Look for a mission statement, a clear description of program accomplishments and a list of the board of directors. Do not assume a web address with a “.org” rather than a “.com” ending is a non-profit organization. Anyone can purchase a “.org” web address.

    ANYONE CAN REGISTER A DOMAIN, WRITE UP SEVERAL PAGES OF INFORMATION AND THEN ASK YOU FOR MONEY OR PERSONAL INFORMATION IN THE NAME OF HUMAN RIGHTS/IRAN/TIBET. BE CAREFUL. VERY CAREFUL. WHAT IF THE ORGANIZATION YOU ARE DONATING TO IS A SCAMMER WAITING TO GET YOUR CREDIT CARD NUMBER? WHAT IF S/HE IS GOING TO PURCHASE GUNS WITH YOUR DONATION? THIS IS VERY, VERY SERIOUS AND I CANNOT STRESS IT ENOUGH – BE CAREFUL.

    If you provide your personal details online, without checking exactly to who you are providing those details, it is a real possibility your name, address and personal financial information could be misused. Make sure you have the option to contact the charity on-line (through a working email address) and off-line (through a phone number and a mailing address). Foreign groups that solicit in the US are subject to US laws and regulations but it is very difficult for a US regulator to enforce a court injunction against a group operating outside of the country. (Same applies to elsewhere.) Sometimes a current issue is used, a web site is set up, raises a lot of money and then disappears into the anonymity of cyberspace.

    Only donate on charity sites that utilize encryption technology to scramble your personal and credit card information, before it is transmitted on the Internet. You can tell if the form that asks for your personal and credit card information is secure by seeing if there is an “s” after the “http” (e.g. “https”) that precedes the Internet address or URL in the browser window on the top of the web page. Also look for a padlock or unbroken key symbol at the bottom of the web page. If a charity keeps donors’ personal information on an on-line network, find out if it utilizes firewalls or other technology to protect it from hackers. Also, make sure whatever technology a charity uses to protect your information from theft is up-to-date, since hackers may know how to defeat older security software.

    If you are concerned about charities being able to follow where you travel on their sites and how often you visit them, find out if they are placing “cookies” in your computer. Cookies are bits of information put on your hard disk that can reveal your identity and places visited to the charity.

    Look for a privacy policy and read it. If you don’t, you may learn, too late, that the privacy policy does not safeguard your privacy. Before disclosing personal information, especially your credit card number, find out how the site plans to use your information and if it plans to sell it or exchange it. It is not adequate protection for the charity to agree to not sell your information, if its vendor operating the site does not also agree to respect your privacy. Make sure that the charity gives you an “opt in” or at least an “opt out” option. An “opt in” option puts the burden on the charity to obtain your permission before using your personal information for other purposes. An “opt out” puts the burden on you to notify the charity if you don’t want your information used for other purposes.

    Print a copy of your final confirmation screen or an email confirmation of your donation. If you do not receive a confirmation notice, immediately notify the charity to see if it received your contribution. It is a good idea to hold on to a hard copy receipt in case your computer crashes at tax time.

    The above information is to help people understand and help them take precautions to protect themselves. I cannot cover every eventuality and it is up to each individual to check to their own satisfaction and make their own determination.
  2. jadt65 Member

    This is great information! Thank you for compiling this...I will link & tweet after I finish work.
  3. Thanks so much for your excellent article

    This report was so necessary. Can't thank you enough for all you are doing to help and protect everyone. You are a Star!
  4. Well said

    As a lot of ppl get caught up in the developments in Iran, many feel they wish they could help more by making donations. Unfortunatly not everyone is knowledged up on computers and internet rules. I know a lot of ppl only joined twitter since Iran (myself included). So some ppl as you stated may fall for these bogus charities thinking they are legit, because it looks genuine.
    Thank you for your very informative piece. I am sure ppl will be a lot more aware and cautious now.
  5. agreed, its like those ppl who all donate to haystack projects. do u know who austinheap is? how he will use the money? where is accountability

    some ppl take advantge of generosity in these times

    same with 115
  6. Another reputable charity is UNICEF, which is doing some excellent work in Iran. Their website has details.

  7. umm, hello? Look up Austin's past tweets:

    highly involved with the Iran situation since the first week of protests

    2 projects for enabling network access in Iran he was doing before haystack, neither benefits him financially

    working on putting together a 501c3 for haystack

    a big thing that he wants in donations are usb sticks, if we only wanted $$ he would go directly to that

    now to let someone else take a turn with the clue-by-4
  8. MrZand Member

    Thanks!

    Thank you so much for compiling these! Do you ever sleep? :)
  9. NiteOwl Member

    I don't know. I crash sometimes.. I THINK. Mostly it's just quick naps between things here and there.

    The day should REALLY have more than 40 hours.
  10. NiteOwl Member

    Better think again on the witnesses thing from now on. ;)
  11. Referring to AH

    I think by now most of us are VERY familiar with Haystack and the incredible effort they are making so people inside of Iran will have a voice. Haystack is legit. Don't believe me, thats ok, do the research.
  12. Greenmail Member

    Cyveillance?

  13. Checking non-profit status in the US

    guidestar - Google Search

    Guidstar has on-line 990's, which are the tax forms filed by non-profits.


    Search for Charities, Online Version of Publication 78
    IRS.GOV link to look up non-profits
    Publication 78, Cumulative List of Organizations described in Section 170(c) of the Internal Revenue Code of 1986, is a list of organizations eligible to receive tax-deductible charitable contributions. This online version is offered to help you conduct a more efficient search of these organizations.
  14. Whizzbizz Member

    "Super" Cookies

    There is another, new category of cookies that are not stored in the same way/folder as "normal" cookies. These cookies are created by sites who use Macromedia Flash (most animated sites or sites like YouTube, that use Flash videos). These cookies are not necessarily dangerous, but could as well be misused to store data that can be used for hostile purposes like stealing personal data.

    What makes them more suspicious than other cookies is the fact that they are not stored by your browser but by your Macromedia (or Adobe) Flash plugin, which itself is used by EVERY browser on your system. So the folder where these cookies are stored is a CENTRAL location used only by your Flash plugin. They can NOT be deleted simply by telling your browser to delete all cookies.

    There is a Firefox add-on named "Better Privacy" that can be used to delete these cookies. It is recommended by the Firefox crew and can be found here: <https://addons.mozilla.org/de/firefox/addon/6623>.

    After installing, choose "Extras"->"Add-Ons"->"BetterPrivacy(versionNr.)"->"Preferences" to influence behavior of "Better Privacy".

    If you don't use Firefox:
    the cookies folder is located inside the following folders:

    MacOS X: "~/Library/Preferences/Macromedia/Flash Player/" - most cookies in "#SharedObjects/"
    Windows: "C:\Users\YourUserName\AppData\Roaming\Macromedia\Flash Player" - most cookies in "#SharedObjects/"

    Not everything is stored in #SharedObjects, so it's safer to use "BetterPrivacy" and "Firefox" to find all cookies.
  15. Security

    Your finances are fairly safe under some circumstances. In the case of Haystack and Iran115, they both used Paypal for a time. I don't like Paypal as a company, but they have never stolen my money. I did contribute to Haystack using Paypal and fortunately got my contribution in before they had problems with it. In any case, I feel quite safe.

    I think that Iran115 is a fairly legitimate organization, and I am even surer of Haystack. What I am NOT sure of is, I have no proof saying that either will not rake off money for purposes I don't approve of.

    I would be much happier if someone I trust such as Oxfordgirl would list causes that are endorsed by Sea of Green. I have made this suggestion repeatedly and it has been ignored.

    I feel that Iran115 is now trying to raise money in the way that any organization should. Unfortunately, I don't approve of Iran115's attitude entirely. If you ask me, I think that Sea of Green should be aggressively raising money in a way similar to what Iran115 is doing.
  16. Hechicera Member

    That IP block is owned by a massive ISP: Cogent. Cogent aquired PSInet (another ISP) a bit back. This class A (large range) address, that was inherited from PSInet, they seem to farm out off a backbone to companies/entities that want to do a lot of spider use. Spiders crawl the net for information and usually the central servers need to be on backbones. The spider everyone knows is Google. How do you think google knows what tags are on your web page? A google spider visited. This range, 38.0.0.0 to 38.255.255.255, is rented to private or government entities, not googe.

    I think this address range gets a lot of complaint for two reasons. One, lots of spider hosts and two, they seem to not have strong abuse filtering on its administration. So looking carefully at an access from this range, and blocking them if you don't like the registrant (need to to a rwhois through cogent.com's server and check the network org name).

    Cyveillance is the network org name of who rents that IP from Cogent, that part you have.

    That was probably a spider visit. That Company I'm sure uses them to test for malware and phishing sites. In this case it's actions were probably not of concern. If you had a known malware distributing item on your page it may flag you as a malware site though. So this specific visit from that IP range is probably not cause for concern as this company is a known malware site tracker.
  17. SanguineRose Member

    One question that should be of concern is how exactly is the money going to be used? Haystack is 100% functional and working. As for Iran115, what are they doing? So far I have heard pretty much nothing besides for the site looking like some kind of aggressive give me allot of money but... What is that site doing with it?
  18. 100% functional and work? do you test it ? or just believe someone who say it?

    besdies what a user tweets, have anyone here actually SEEN or USE haystack? i am a big atheist and i always want to see my proof, not believe some big wizard even if his name is khameneyi or heap!! so far haystack does not open source ( tor open source) and does not do eff audit (from other forum in this site that say that). also they put up faq but it does not answer any real yquestoins it just sound like sales to me.

    how do we know it is secure and wont KILL ppl? do we just base it on someone's word who work on a completely UNRELATED project (simply distributing proxies)?

    dont make assumption, base decisions on fact. distributing proxy like heap did does not make anyone a securiyt or cryptograph experts. most my family is there i do not want them to have risk,

    i know u mean well but its differnt when real life on the lines for iranian people. is not some project to feel good about but adds new worry to us my whole family so sorry if i am angry

    no point to get into a big discussion heres, there is a big thread in another forum here that discusses the very serious problems with haystack and the reason why so many are skeptical thank u for post this i hope everyone donate money wit wisdom and not excitement
  19. SanguineRose Member

    I have 100% confirmation it works in Iran. I don't see anyone else trying to do what he has done? He is not just some guy in some basement that gets a bright idea with no technical knowledge, try researching instead of complaining you don't know anything? Being 100% biased because you want all the information spoon feed to you is a tad moronic. Use Google, it's your friend. (That is if you know how to use it). It is not just one person but an actual group of poeple working on it.
  20. sorry whole family is in iran (i leave to make money to help) i dont believe one guy post or not

    u r blinded , freegate ultrasurf jondo tor and psiphon and also regular proxy work fine

    they all work fine for long time (my cousin talk to me last night he use freegate to send me email

    we dont need another already have so many we ned people to help human rights tell obama to help us we have enough internet now

    but my cousin say american or europe poeple on internte get angry so fast so maybe this true u r angry fast like he tell me,,,so angry people here

    do u talk to someone using haystack in iran to know for sure? or some one tell u? trust ur own eyes dont be sheep,, being sheep got my peple into islamic republic

    if hay stack release code so we can be sure maybe people use it,,, but they have enouugh internet we need be sure it work, it safe, we must see nobody tell us,,, like open source, like democracy when ppl tell u it is dictator, i know i lived most my life with dictator,

    but is easy for u to be so confident, u on internet sit behind computer in ur home, ur family not in danger, so u talk and say anything, at home

    but me is not so easy, i want to hear my cousin voice, again,,,
  21. SanguineRose Member

    I am not angry, using stereotypes is a fairly poor. The problem realized later on is normal proxys are not safe due to everything sent is unencrypted/plaintext. Freegate actually sells its info on their own users to the highest bidder with a basic "don't do anything bad". The other ones I am not familiar with nor have I examined how they work besides psiphon. As for Tor at the moment it is the best thing to use. It has full encryption all the way so DPI doesn't work on it but on somewhat unconfirmed sources that they are using packet shaping and since Tor is designed to look like SSL traffic they could be just capping it next to nothing. Tor is extremely slow in Iran which this might be a reason why. Haystack is designed to answer/solve all the problems that the others have. At the moment Tor is the best solution even though it is slow reportedly by allot more the one person from Iran.

    As for haystack existing, I am not simply going on what others have said but I have 100% confirmation it exists and indeed works inside of Iran. Other details on it like how it works, etc. i'm not going to talk about here or anywhere else but from all the details I do know it does indeed solve all the pitfalls of the rest. As for the Open Sourcing it... Would you give your layout and all your plans to your enemy? Tell them everything and all your secrets? It can be decompiled but that is only one section of how it works (just the client). It's security isn't based on bad code in the source code either but a means to be more irritating to the Iran Government. Also it's not going to be a website where u can download and use it either. Austin's want of USB Thumb Drives is a hint of how he is going to do it.
  22. perry1949 Member

    From almost day one Austin Heap has been working to get proxys set up for the people of Iran. He set up a site to help show us how to set up proxys and get them to the people of Iran. You might also like to know that Austin Heap is the developer of Freegate that you mentioned you use. The Iran Govt has gotten too good at blocking proxys and it has been an uphill battle staying ahead of them. Haystack is based on Freegate but vastly improved. The Haystack program will be distributed on the USB sticks he is asking people to donate. (I sent him 25 of them myself).
  23. Uh What? Link please?
  24. Ummm, I'm basically a computer idiot, and even I know who Austin Heap is. He's been well known since before the revolution, and is highly respected in his field. He is credible and highly trustworthy.
    I can't say the same thing for 115 however.

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins