Clean up all the things
From Gender and Tech Resources
Granny bit her lip. She was never quite certain about children, thinking of them-when she thought about them at all-as coming somewhere between animals and people. She understood babies. You put milk in one end and kept the other as clean as possible. Adults were even easier, because they did the feeding and cleaning themselves. But in between was a world of experience that she had never really inquired about. As far as she was aware, you just tried to stop them catching anything fatal and hoped that it would all turn out all right.” ― Terry Pratchett, Equal Rites
Contents
- 1 Metadata cleaning
- 2 Altering application headers
- 3 Freeing up disk space
- 4 Shredding files and deleting data
- 5 Removing malware
- 6 Related
- 7 References
Metadata cleaning
Metadata is data about data.
To put it bluntly, metadata is hidden data that can fuck you over. Fuck you over real hard and rough like, savvy? Often defined as "data about data," metadata is information about a specific file that’s often included within the file itself but that’s often not readily visible or modifiable to the end-user when z is viewing the file in the standard application that z would typically use to view the file. In other words, metadata provides background information about a file. Chances are that every document you create, every digital photograph you take, every music file you download, and so on, all have little bits of metadata which can leak vital information about your identity. ~ The dangers of metadata, 2008[1]
Computer forensics
Metadata plays a number of important roles in computer forensics:
- It can provide corroborating information about the document data itself.
- It can reveal information that someone tried to hide, delete, or obscure.
- It can be used to automatically correlate documents from different sources.
Governmental mass surveillance
The Snowden leaks (see timeline masters of the internet) revealed a massive surveillance program including interception of email and other internet communications and phone call tapping. Some of it appears illegal, while other documents show the US spying on friendly nations during various international summits, and on its citizens. The programs are enabled by two US laws, the Patriot Act and the FISA Amendments Act (FAA), and a side dish called Executive Order 12.333.
Upstream collection, Hemisphere and XKeyScore by way of wealthycluster2 gobble up our metadata, and with interconnected systems such as by ICReach that data can be shared and associated with other data. There are dozens of clever analyses you can perform with such linked databases. I'm sure that is what they're doing right now. If I can think of it, so did they.
And it is not only the NSA and the other agencies from the five-eyes countries, these techniques are being used by many countries to intimidate and control their populations.
Corporate surveillance
Metadata is collected by corporations for psychological manipulation -- persuasion or advertising.
Removing metadata from images
Did you know that your photos contain hidden information, including the GPS coordinates of the location they were taken at, the date and time, camera shutter setting details, and possibly even the name of the program you used to edit them? This type of metadata can be useful, but you may want to remove it from your photos before sharing them online.
Reading exif metadata
exiftool
jhead
Removing exif metadata
imagemagick
exiftool
Removing metadata from documents
Document metadata is information about one or more aspects of a document, spreadsheet, pdf file, that is not always visible to the person creating them, but can be found by the person who receives them next. Comments, track changes, hidden text, markups, properties, attachments and bookmarks are all examples of document metadata. Metadata removal software identifies and removes the metadata contained within a document so it cannot be shared.
Scrubbing pdf metadata
hexedit
pdftk and sed
PDF exploit cleaning
pdf2ps and ps2pdf
pdftops
Altering application headers
Browser
When your browser requests a web page, a header is attached to each packet of web page code and each object (images, videos, flash) that is returned to your browser. The header tells the packet how to find the PC of the person requesting the information, and contains other information that is part of standard Internet communications protocols.
E-mail messages also contain a header. The header contains the IP address of the sender, as well as other information that may get attached to the header along the way, such as spam ratings that anti-spam software running on your e-mail server may apply to the message and other information added by the server. E-mail clients use this information to help identify spam messages [2].
We not only receive headers. We also send headers. According to RFC 821, an e-mail client is to send its domain name in the Helo/EHLO command [3].
Thunderbird
Viewing header information
To view the header information in a Thunderbird e-mail message, select the message, then click on the View menu and select Headers > All. The header information for the message will replace the message in the Thunderbird window.
- The
Return-path
is allegedly the e-mail address of the sender, although that is not a reliable method for identifying the sender because most spammers use any return e-mail address that they can find on spammer’s lists. - The
Received
line is a bit more reliable, because that contains the IP address of the location from where the spam message was sent. That is, of course, unless the spammer hacked into an e-mail server or is using a relay server to disguise the true source of the message.
Anonymising email traffic with torbirdy
TorBirdy is a plugin for Thunderbird. It tries to anonymize your connection (you need to have tor installed, see installing and configuring tor) and deletes and changes several information fields: https://trac.torproject.org/projects/tor/wiki/torbirdy/changes. TorBirdy enforces the preferences it sets and attempts to change them using Thunderbird's settings or the configuration editor will not work as all such changes will be discarded when Thunderbird restarts. This is because the tor project believes that these preferences should not be changed, whether deliberately, by mistake, or due to another extension, as doing so can compromise your anonymity. There are however some preferences that can be changed and they can be accessed through TorBirdy's preferences dialog. Please note that if you are not an advanced user, you should NOT change any setting unless you are very sure of what you are doing. The preferences that TorBirdy changes are restored to their original values when it is uninstalled or disabled.
- Read more in Before using TorBirdy https://trac.torproject.org/projects/tor/wiki/torbirdy#BeforeusingTorBirdy.
- Also note the known issues https://trac.torproject.org/projects/tor/wiki/torbirdy#KnownTorBirdyIssues.
Mutt
Viewing header information
Freeing up disk space
apt
command-line
To delete downloaded packages (.deb) already installed (and no longer needed):
$ sudo apt-get clean
To remove all stored archives in your cache for packages that can not be downloaded anymore (thus packages that are no longer in the repository or that have a newer version in the repository):
$ sudo apt-get autoclean
To remove unnecessary packages (After uninstalling an app there could be packages you don't need anymore):
$ sudo apt-get autoremove
To delete old kernel versions:
$ sudo apt-get remove --purge linux-image-X.X.XX-XX-generic
If you don't know which kernel version to remove:
$ dpkg --get-selections | grep linux-image
bleachbit
Shredding files and deleting data
Even when you erase everything on your hard disk, sometimes it is possible to recover (pieces of) data with forensics software and/or hardware. If that data is confidential, delete files and data securely so that no-one will recover them. Solid State Drives (SSD) may have introduced dramatic changes to the principles of computer forensics ...
When encrypting and compressing files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. There may also be "temp" files left behind. Unless you purge — not just delete — those clear-text files.
Echoes of your personal data — swap files, temp files, hibernation files, erased files, browser artifacts, etc — are likely to remain on any computer that you use to access (encrypted) data. It is a trivial task to extract those echos. A hidden access trap. Purge – not just delete – echoes.
Shredding files
shred
Making deleted data hard to recover
dd
Permanently delete files (including data stored in RAM or swap space)
secure-delete tools
bleachbit
Removing malware
And then of course, there is the possibility of people having visited without explicit invitation, without explicit consent, that may have left things lying about in odd places. And burglars leaving a payload or two to maintain access for continued pillaging and plundering of your private space.
I think my machine is infected. Now what?
Related
References
- ↑ The dangers of metadata, 2008 http://www.textfiles.com/uploads/diz-usp3.txt
- ↑ Spam Filtering for Mail Exchangers http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/techniques.html
- ↑ SMTP Commands Reference http://www.samlogic.net/articles/smtp-commands-reference.htm