Topic: [Guide] Use Bitcointalk (more) privately (Read 693 times)

You're missing the point: I'm much less worried about my privacy on KnittingParadise.com than I am on Bitcointalk. I'm pretty sure a knitting granny doesn't do $5 wrench attacks to steel my wool.
I left you neutral feedback from LoyceMobile (not on DT) after your plagiarism in January. I've replaced it by the same feedback from this account.

But it is never late to learn something new. The information shared in this thread may be useful while using other sites on internet in future.

For many of them it is enough and it does not raise any problems for them. It is common for other services like normal banking as well. Some bad instances may occur to some users but for majority, life will complete peacefully even after not following the precautions in this thread.

According to what can be read on the official site TOR can be used in China, but requires some additional actions by users. It would be interesting to know how many people in China use TOR or VPN, or how many dare to go against the regime, given the penalties in that country. I assume that every ISP can see what the user is doing, and therefore I do not doubt that the Chinese ISPs in its fanatical surveillance monitors these activities as well.

Thank you for this guide, certainly very useful especially in countries where there is repression.
It is not only useful for using bitcointalk but in general where some things are not allowed.
But does TOR for example work in China? I've always wondered about this.

i have to agree with this statement. it's difficult to choose both coz eventually you'll have to choose one and proceed with that.

i do prefer using my opera rather than tor and changing browsers is not that convenient for me, i have tried tor once and we are not compatible so i just choose a browser which is convenient for me.

Why Opera and not another browser? For example, Firefox. Will Opera be able to provide a level of privacy at least close to TOR, or have you chosen what is convenient and familiar to you without giving a damn about privacy?


But other browsers also need to be configured before initial use, and not use the default settings.

Although, you can’t argue here: most users will always choose convenience and practicality over privacy.

But ProtonVPN's obfuscated servers work in Russia, Iran and Egypt.
China is a very individual case, sometimes some VPNs work in China, sometimes - not. At the moment, Astrill VPN is very popular in online Chinese communities. Chinese usually use Shadowsocks, V2Ray, Xray, Trojan, VLESS, or gRPC to bypass Great Firewall of China.
By the way it's a good idea to add in my thread VPNs or methods that work in China to bypass their internet cencorship.

I use an app called "TOR Browser", because the onion browser does not reliably work for me (or should I say not at all)!

It's good if you don't mind the occasional nagging to use the built-in VPN - honestly, I never use it, as a Proton Visionary subscriber.


ProtonVPN servers can also be exported as OpenVPN profiles. None will work in eg. China, unfortunately.

Why? We all have models for passwords, even if it is the simple fact of using "software" to create passwords.

Also, the main passwords should be kept in a safe place, in case something goes wrong.

I don't think your are the only guy in bitcointalk forum from same country, but they could also send that same t-shirt to any neighboring country PO Box of mysterious person, since there are no real borders in EU  

LoL, but you brain is also a system, and when it breaks that means you don't have any backups.
You can do whatever you want, but most cases of people losing passwords and bitcoin keys is when they tried to act smart creating their own ''systems''.

Sorry but I have to say that you are making perfect recipe for disaster with your unique password model, whatever that is.

Having strong passwords is good, but 2FA is better because no password is strong enough not to be cracked with a quality config and combolist. A lot of accounts could get cracked using good checkers, so when that happens even if the cracker got the username and password they can't access the account if s/he don't pass through the 2FA requirements. For a forum like this having the question and answer feature set up is also recommended, to enable easy account recovery. Hence, since the forum is not a target to crackers, its nothing to worry about, since the forum account sales market is falling on daily basis. Though, your thread is very excellent, as we are meant to be security conscious online and keeping things private is important.

I also have a question, what happens to a person that doesn't have a picture anywhere online, how can he be traced? if their privacy is leaked that is they don't use VPN, Tor or all the tools you just mentioned, between the forum encourage users not to attach their real faces on the site.

Maybe I didn't explain it well. And what I did was just an example. Furthermore, the world does not only speak in English.
The idea I mean is that it doesn't necessarily have to be random in human eyes, but rather random in machine eyes.

This is a little bit what I want to say:

Maybe my English is not the best and I can't explain it in the best way.
I apologize.




I also wouldn't trust passwords created by a password system, because if a system can create them, it can also crack them.

Either way, you can rest assured that I have my own password model, different in many aspects from those discussed here, which, as you may understand, I will not share here.

Like I said, I can remember a few passwords. But I can't remember hundreds of them, and most of them I don't need very often. If I'd try to remember them all, I'd either have weak passwords, of lose access all the time.

I always type with my eyes closed

Definitely it is less alarming. VPN is used by people to bypass restrictions that mostly include access to some games, game servers, netflix/hulu and so on. A lot of people use vpn with servers in Turkey to get cheap access to digital services.
Even if you want to hide your VPN usage from ISP, you can use VPN with obfuscated servers like ProtonVPN with Stealth mode or setup OpenVPN with obfsproxy.

By the way, if you use Tor bridges without VPN, node owner may know your IP address and in case nodes get compromised, others will know it too.

That's true but I always wonder what kind of prediction can someone find, for example, in this password: 'railWayZDanieAccCausticCornUebung'. I'll explain: Railway is railway, ZD is Russian word, short version of здapoвa (Hello), Zdanie is also Russian word здaниe and means building, Acc is a short version of Account, Caustic is caustic, for example caustic soda, Corn is a corn and Uebung is a German word Übung that means practice.
I agree that humans are very bad at randomness but I'm curious why these combination of words doesn't sound or look random.

No, that's wrong. These are all regular English words found in every wordlist and cracked in minutes.
https://en.wikipedia.org/wiki/Dictionary_attack

No, I said the opposite. Letter-by-letter bruteforcing is probably dead for well over a decade now.
https://ieeexplore.ieee.org/document/4799025

That's entirely backwards. The second option is orders of magnitude easier to crack, since it is just 7 words and a number. As the sentence even makes semantic sense, some crackers should have an even easier time guessing that password.
Meanwhile the first option consists of 15 random characters, so wordlist-based attacks don't work and one would have to default back to the much slower / 'legacy' byte-by-byte bruteforcing approach.

Sure; thanks for the suggestion. I will do such a guide in the future. But in essence, you just connect to https://boltz.exchange/ via Tor (you will be redirected to their Tor site), enter the amount you want to send to your Lightning wallet (such as Core Lightning) and send the amount shown on screen through a regular on-chain transaction.

No, he won't.

That is wrong. By definition, a sentence has less entropy since it does not consist of random letters.

There is not much to discuss; it is mathematically proven that truly randomly generated passwords are much stronger than real words and sentences. We don't need to mix a strong system with a weaker system, either, that only reduces security.
My mate, I honestly suggest you go and change all of your passwords, now..

It depends: if you're comparing one random character to a word, the word is harder to find. But if you compare 4 random characters to a 4-letter word, the word is easier to brute-force (by using a dictionary attack).

Both isn't ideal, but VPNs are often used to connect to a company network too. Or for streaming.

"I'd like to give the t-shirt I won to a Newbie who lives in the same country as me"....

What makes you think they're equally strong? If the first one is generated randomly, it's much stronger. If you want to use words as a password, at least generate them randomly. Kinda like Electrum does it.

You should look up the words "dictionary attack"

The phrase indicated was just an example, I do not recommend that it be used, much less that it be so logical.

The point I wanted to emphasize is that for a hacker who steals hundreds of passwords, he will use automatic systems that will try to match the victim's password letter by letter. The probability of him hitting random letters is greater than a sentence.

I am not recommending this or any other type of password here. Just to point out that both types of passwords can be safe if used correctly.

Perhaps a mix of the two options could be something interesting to explore.

Guess what, i have made a username with my real name. Never thought about the privacy back then when i created this bitcointalk account, but now its too late.

Generally, the IPs are logged for last 30 days. So if we opt for this limited IP retention, won't they be logged at all ?

It will be great if anyone can tell the procedure of doing this with a lighting wallet. A step by step procedure or guide may be really helpful along with links to site / wallets etc. Usually how much fee is involved in this process ?

The second one looks pseu-do strong but in fact it is not. It is more vulnerable to bruteforce process because you don't know what are bad guys who intend to steal your passwords.

If it is people around you and know you love cat and some other information about your cat, he will put words like "cat" "2" "old" into inputs of brute force and make it becomes more easily to bruteforce your passwords.

If a person has his habit to create password like this, possibly he will have other passwords like
My3YearOldCatLikesYoWalk
My4YearOldCatLikesYoWalk
My2YearOldCatLikesFish

https://www.youtube.com/watch?v=rMtW8vIHHek