I have tried looking, and cannot find a thread that puts it bluntly like I want.
What parts of my chips should I keep hidden?
I have tried looking, and cannot find a thread that puts it bluntly like I want.
What parts of my chips should I keep hidden?
What chip?
When you say “hidden”, you mean the data on it?
I have the xSIID, NExT, Spark2.
Yes, say I need to post screenshots of my taginfo, for whatever reasons. Are there parts I should not show? Just better to black out?
Physically, all four of mine bump up under my skin. No hiding those really.
Depends whats on it.
The UID would be the important one. Everything else is up to you… i.e. if you have a VCARD NDEF record on it, it will show up in the data dump. You may not want that info posted.
Ah right. Well that depends on how paranoid you are
Anything that ties the screenshot to your real persona should be biffed. The UIDs or part of them should be also, since they’re unique and inside you, and - in theory - if you ever said in another post that your chip gives you access to something of value that’s easily identified somehow, an attacker could make a clone card and gain access also. Although that’s pretty unlikely in practical terms, it’s a possibility.
Also, be generous on the biffing: there’s a guy on this here forum not long ago who posted screenshots with only parts of his personal information blurred out, and it was incredibly easy to figure out who it was within a few minutes, by cross-referencing the few pieces of information he had left in clear.
I appreciate the responses. Just trying to make sure I understand the security of these a little more.
It’s not specific to chips really. It’s just basic good practice to stay anonymous on the internet. It goes for any information you post on any forum. Unless you don’t care about revealing personal information - but you are, else you wouldn’t be asking
I guess I am struggling to figure out why someone would want to do that. Generally speaking, I post very little personal info online. I think this site is the most open I have been, and that isn’t much at all.
I am. I just wasn’t sure exactly what parts of my implants are considered “personal”.
If I remember, the person wanted to encode a business card into NDEF records. So naturally he posted screenshots of what happened when he scanned his NDEF-encoded chip. He did take care of hiding his personal information, but not well enough. He left enough of a phone number area code, first and last letter of his first and last name, and a picture of his face that I could find out who he was, where he worked and at what address in minutes.
I like uncovering information people want to hide, it’s a hobby of mine. Once a hacker… If I can do it, anyone with enough time and enough data can too.
The UID if it’s not randomized, and anything you store on the chip.
But then again, it depends on what you do with the data: I posted the UID of my EM4xxx in clear the other day because I don’t care: I use it to unlock my virtual machine at work. Good luck findout out where I work, which is my computer and which virtual machine it is. And then all you’ll have gained after breaking into my company, into my office, and into my virtual machine, is a bunch of test code for our products. The prize isn’t worth it, so I didn’t care.
Likewise, I posted the data in the M1K in clear because, while I use it to unlock my front door at home, it’s a rolling code. You won’t do anything with it if you come to my front door and try to break in with a cloned card - apart from annoying me because the door won’t open again with my legit chip.
Come to think of it, the UID of my M1K also unlocks my locker at work, so you could steal my dirty cycling underwear
Want to find my dad that walked away when I was 8 months?
I won’t quote the entirety of the last 2 paragraphs, but those are valid points. I have changed my login passwords to the xSIID uid, and that one is nowhere online.
Don’t give me reasons to figure out how to find you…
If you have enough information left about him and he’s not too careful about staying under the radar on the internet - and most people aren’t, being openly on Facebook, LinkedIn posting stuff about themselves everywhere willy-nilly - you probably can find out where he is quite easily.
Hell, even me who’s extra careful, if you’re persistent enough, you can find me out too. It’s just that it’ll take you hours instead of minutes.
I’m a big fan of self depreciation humor. I know the city he lives in. I have 0 desire to meet him.
I plan to go to his funeral to spit on his grave in front of everyone, only because I saw the pictures of bruises he left on all of us, before he left.
I also don’t have social media really. Besides here and reddit. I deleted Facebook almost 7 years ago.
Another thing I’ve noticed people overlook is the information displayed on their actual phone during a screenshot. The time gives away your timezone. There UI gives away your Android version and sometimes the manufacturer. If you have a sea of notifications at the top people can tell what types of activity you’ve been doing on your phone. It’s not really a security vulnerability if you don’t clean up your screen before you share, but it’s at least a courtesy to the viewer. You can tell a lot by just looking at someone’s tricorder
Never would have considered those things.
There was a guy at my previous company who was tasked to write a howto for one of the tools on our intranet, which had a web interface. He did that - very well, too. But there was one small problem: all the screenshots of his browser window showing the forms to fill in our tool in the main tab also showed a tab in the background with the title “Pornhub”. He clean forgot about it.
“Forgot”. I would leave something obscure open, just not porn. Something like a tab of " Furry addicts anonymous"
Hopefully this thread helps others out like though, who like things put bluntly.
I have on a few occasions seen those posts and DMd the person, Some people not bothered some really appreciative.
I think it is better to highlight and make them aware incase it is an oversight, and done via DM than broadcasting it in the thread drawing attention to it.
That’s what I did with the person: I PM’ed him and told him what I found out about him and how, and that he might want to take the images down - which he did. Doing so in the thread would be callous to say the least.