|
The internet and the option of stealth
This is the first in a series of upcoming articles on practical information
that is intended for those in their teens and 20's who are interested in complete
assimilation, although much of this applies to anyone. I am painting
with a broad brush and making some sweeping generalizations in order to try
to raise awareness about as many online security issues as possible. Thanks
to all who have given me helpful input!
For the vast majority of women in our community, deep stealth is never an option,
simply because they will never be accepted as female at the level required.
However, the younger you are, the more likely you'll have the option of stealth
at some level. Having the option of stealth is about control. I'll discuss the
pros and cons of this option separately, but in the meantime, you must decide
early on whether you want to have that option or not.
If you decide you'd like to keep the option of stealth available, you need
to think carefully about how you use the web in order to stay in control of
your options. At first, you won't want people to know about your history until
you're ready to tell them, and afterwards, you won't want personal information
floating around that could get you outed. Pretty much anything you do online
leaves a trail, so it's important to be aware of some of the ways you might
jeopardize the option of stealth.
This article discusses ways to avoid common mistakes that have messed up stealth
mode for some women in our community.
Surfing the web
The very safest option is only using the web to gather
transition information and not using it to interact with others. Even
then, you should take a few precautions to avoid being outed.
Safest option: Your own home computer
- The safest option is to surf on your personal computer
at home, to which only you have access.
- Put a password screen lock on your computer if you live with others. Many
computers come with one of these—check the manual.
- Be sure you securely hide any information you print out or store on disk.
Less safe: Multiple users on a home computer
If you have to surf on a home computer you share with family members or with
a roommate who doesn't know your deal, you should take precautions if you don't
want them to find anything out.
- Some computers let different users each have a password-protected part on
the hard drive. See if that's an option on yours.
- AOL can be a good Internet service provider for multiple users, because
you can have several password-protected screen names. See the section on AOL
below.
- Other Internet service providers might let you set up several different
accounts. See if you can set up your own.
- Most browsers like Internet Explorer or Netscape store different kinds of
files on your hard drive for websites you visit, even if you don't bookmark
them as favorites yourself. To delete these after your web surfing session,
see the tips under "Visiting Websites," below.
- Don't leave anything on the screen when you're done or if you're away from
the computer.
- Be careful printing anything out: don't leave it on the printer or lying
around where others might see it.
- If many people use your computer, don't download files onto the hard drive
which they can find. Save it to a removable disk.
- After you're done, empty your browser cache. The manual or the help menu
should have information on how to do this if you don't know how.
- Be sure to exit the program and shut down the computer when you're done.
This helps purge temporary files stored on your computer when you're surfing.
- A correspondent writes: "Install a secure OS like Windows NT/2000 (your
hard disk must be formatted with the NTFS file system installed!) or Linux
on your PC so you can hide your private stuff from people without the right
password. The Windows 9x password system is completely useless to hide your
personal information. If you don't want to switch from Win 9x, you could use
password protected zip files to store sensitive information, or maybe even
PGP encryption if you want to keep even the FBI, CIA or KGB from finding out
too much about you. Turn off the option in Internet Explorer that stores your
passwords."
Potentially unsafe: computers outside the home
Avoid surfing on a computer outside your home
(like at libraries, work, school, or at a friend's, Kinko's, cafe¨s, etc.) unless
you're certain no one you know will find out. If you have to surf outside the
home, you should only look at stuff that you wouldn't mind if your boss, instructor,
friends, family, classmates or coworkers saw. There's always a chance they might.
Using a work computer is probably the most risky,
for these reasons:
- Some companies monitor employee computer use.
- They might find out what you're researching from clues you accidentally
leave on your computer.
- Most companies have a policy that office equipment is for business purposes
only. They could have grounds to fire you.
- They might discover your plans and use it as an excuse to fire you (it is
perfectly legal to fire someone for being TS in many areas). It might also
give them time to find other reasons to force you out.
I'd be extremely careful using group computers in high school or college if
you aren't out. Word could spread very quickly among fellow students.
If you absolutely must use a computer outside the home, take all the precautions
above for multiple-user home computers.
America Online
Since many peopleuse AOL, I thought I'd
mention a couple of things.
AOL has the advantage of having millions of users, so you're virtually anonymous
when surfing via AOL.
Each user on an account can have a separate screen name and password.
Remember, others will be able to see your screen name (including those at home),
so
- Don't pick a screen name or pseudonym that identifies you as transsexual.
- Don't put any info in your online profile that might get you outed. There
was a case in 1998 where a gay sailor in the U.S. Navy was discharged based
on information traced through his AOL profile.
- Don't post to proprietary AOL bulletin boards or chat rooms without considering
the consequences.
- Log off and quit after each use.
In November 2001, a reader sent some important tips on saved AOL emails:
While AOL is easy and convenient, there are two ways its password protection
can give a false sense of security.
Although you need a password to sign on to AOL, it is still possible for someone other than the owner of the
account or screen name to read email received or sent on that account (assuming
any such mail is saved in the AOL Personal Filing Cabinet.) When the AOL software
is running, ANY user can switch to any other screen name and read all the
saved email, even without signing on.
This can be made somewhat more difficult by applying password protection
to the Personal Filing Cabinet (PFC.) This feature is under Settings >
Preferences > Passwords. Doing this will require a password every time
the PFC is accessed.
However, defeating password protection of the PFC is a snap for anyone with
the most basic computer knowledge and the determination to read someone else's
mail.
As you probably know, each AOL user's PFC is stored as a file whose name
is the same as the user's screen name, e.g., "myscreenname" or "yourscreenname."
This file is stored in the "Organize" folder under the main AOL
installation. However, the password protection is not applied to the file
itself, only to the user's direct *access* to the file from within the AOL
software. This gives the snooper two simple ways of completely circumventing
this "protection."
Method 1:
To read my mail, rename the "myscreenname" file to "yourscreenname"
(after first deleting or renaming "yourscreenname" to avoid a
name conflict.) Then when you run AOL (signing on isn't necessary) and switch
to "yourscreenname," opening the PFC will open the renamed "yourscreenname"
file. Could it be any simpler than that? Glad you asked!
Method 2:
Not only is the PFC *file* not password protected (again, and as we just
saw, only direct access to it from within AOL is protected), it can also
be read by any text editor. In Windows, the easiest way to do this is to
add a "txt" extension to the name and then double click it. Voila!
It immediately opens in Windows Notepad. There will be a lot of junk in
the file, but ALL of the mail saved in the Personal Filing Cabinet, including
dates and senders' email addresses, is right there and can be read as easily
as you are reading this right now.
Not to be paranoid here, but, well, wait a minute.... we WANT to be a bit
paranoid here, don't we?
Point is, if someone was out to get the goods on someone else, an AOL password
is no more than a speed bump on the road to "Gotcha!"
The only way around this that I can think of (other than not saving any mail
to the PFC, which undermines email as an information resource) is a "super
sign-off procedure" where you move the PFC file out of its proper folder
each time you leave the computer. Or you could make it unreadable by AOL or
other programs, e.g., by manually compressing it in a password protected zip
file.
Let's hope for a time when such paranoia is the stuff of ironic nostalgia,
rather than real, day-to-day anxiety.
Visiting websites
As I mentioned at the top, this is the safest way to get information. Just
make sure the site is legit. In recent years, there have been several fake teen transsexual
sites put up by pathetic scumbags. Sometimes these sites have erroneous
advice, but usually they want you to email them. If you aren't sure if a site
is the real deal, contact me, and I'll see what I can find out.
Remember, not only can people monitor you from your end, but website owners
can monitor you from their end. For instance, I can tell when someone visits
my sites from a corporate site. If you are worried about this, you can surf
the web safely through several systems. I like the SamSpade safebrowser option, although it lists source code
and not images. For text-based sites, this is good.
Not secure: The Google search engine has a “Cached”
option at the end of the entry. A reader wrote in 2002: "Regarding the
recommendation to use Google cache to browse websites: That does not prevent
your visit from being logged by the website in most cases. If the website contains
images, you are still loading those images from the website rather than from
Google."
As a general rule, don't order stuff, sign website guestbooks, fill out forms,
take polls, or respond to phone numbers on websites.
Bottom line: surfing websites is generally quite safe, but only you can decide
what level of precautions is right for you.
Parental controls and monitoring software
If you are reading this page, you probably are not being blocked by parental
controls, but some computers may not let you visit this site. In addition, your
parents may have software installed that allow them to see where you have been
going online. It's important to be careful if you think they will respond badly.
A reader writes:
I have Norton Antivirus 2004 and it likes to block the website and put it
under my blocked content under parental control. Here's the message:
Norton Internet Security has blocked access to this restricted site.
Site: http://www.tsroadmap.com/
Blocked categories: Sex Education/Sexuality
If you think this web site is incorrectly categorized, visit the Symantec
Internet Security Center to report it. I'm positive that AOL or any other
parental control would block your site.
Anoymous Proxy may be a way to get around business or family computer filters
but there will still be the trace of the proxy URL.. So I think the proxy
would be more for kids who need to visit these websites under anonymity. Though
alot of parental control blocks proxy's as Annoymous Proxies so it is very
hard to find a good one. I use www.amegaproxy.com I get so much bandwidth
and I can maybe read information for an hour or so.
I also found that if I look the page up on Google then click the cache link
you can visit an older version without it being blocked.
Purging your web browsing history after a session
In most browsers you can set your hard disk cache to 0. This
will keep your computer from storing files from pages you have visited, but
you still have to do something about that pesky history file, though.
A reader wrote with ways to purge the History file most browsers
keep:
There's a functionality on almost all browsers that logs all
sites you visited during say the last 20 days. It's called history and the
sites visited can be listed by pressing CTRL-H on most browsers. What appears
in the address bar when you are typing something comes from this list.
Its data is most compromising thing stored in a computer.
To clean it in MS Internet Explorer, you go to:
Tools > Internet Options > General
and press the Clear History button.
In Netscape Navigator you press CTRL-H, mark what you want
to hide and press DEL.
In Opera you have a wonderful option called Delete private
data that clean EVERYTHING. You should recommend this browser.
You should put this on your site and warn the others. History
is the easiest way to discover what others are doing in the Web.
A reader writes with an additional security tip:
With respect to "deleting" browser cache and history files: For
maximum security, you may want to further suggest that users concerned with
the discovery of sensitive information after a web session may want to consider
not only deleting cache and history files--which remain on the hard drive
after a delete operation and can be resurrected and restored by many disk
recovery utilities)--but to also use a disk wiping utility to overwrite these
files so that they cannot be recovered. I use a freeware program called "Sure
Delete" to perform this task; there are many other similar products available.
Alternate browsers
In addition to Opera, you might consider looking into GhostZilla.
A reader writes:
There's a new program out called GhostZilla. Its a web browser except it
hides itself within another program. This can be useful if you
want to appear to be running Word, but actually you're running a browser.
It's complicated and I don't funny understand it <w> but it
seems to work just fine.
http://www.ghostzilla.com/
What's more intereting is that Ghostzilla produce a CD based browser that
doesn't keen any history on your computer at all. Sadly, there is a charge
for this (about 10 bucks), but someone may find a use for it.
Interacting with others
Many people have found support, friendship and good advice by interacting with
others online. However, some have also been outed or attacked by those they
met online. If you decide it's worth the risk to interact with others online,
there are still some precautions you should take.
You've probably seen this basic list before. Think of the web as a bunch of
strangers in a park. You shouldn't give strangers any of the following:
- Birth name
- Chosen name
- Street address
- Phone number
- City or State
- Employer, school, church
- Friends' names
- Social security or credit card numbers
- Hobbies or activities which might identify you
- Name of therapist, support group, clubs you go to, etc.
Email
A good rule: Never email or post anything you wouldn't
want everyone to see if it were taped up at work or school.
I recommend using either AOL or a “throwaway” web-based email address
from Hotmail, Excite, Yahoo, or Google. Don't choose an email address containing
identifying information, like your chosen name, your area code. Don't pick something
that identifies you as transsexual. Pick the name of a celebrity you like, or
a flower, or something like that.
A correspondent adds: "Web based email services have the advantage that
they don't store all messages locally. Just don't forget to clear the browser
cache after you're done reading."
Probably the safest form of online interaction is private email correspondence
with well-known people in the community. Here's a list of women (besides lil'
old me) who I feel can be trusted to give reliable advice and will not divulge
any personal information about you:
Especially recommended contact for teens:
Other helpful women:
* recommended
Almost everyone in the second group didn't transition until after 25 and are
obviously not exercising the option of deep stealth, but some of us are for
all intents and purposes living lives where many people don't know their status.
For instance, Lynn was stealth for over 30 years, but was then outed when pioneering
computer work she did prior to transition was uncovered. She then chose to go
ahead and be open about her past. Personally, I have a sort of "don't ask,
don't tell" policy going on, where my history is never discussed at work
or with non-trans people unless I want to. However, I'm obviously not
hiding it, either.
In addition, most of the women listed above are in contact with numerous women
who maintain even deeper levels of stealth (i.e., not out online).
Use caution when emailing someone. Many people claiming
to be transsexual, especially those claiming to be "transkids," are not.
People pretending to be transsexual could run the spectrum from relatively harmless
middle-aged wannabes engaging in fantasy role-playing to dangerous sexual
predators.
Anyone pretending to be transsexual has the potential to to be problematic,
just in different ways. The "harmless" types who are "just having
a little fun" have been known to dole out advice as if it were based on
their personal transition experiences. I consider this a serious problem. This
type of behavior is nothing compared to the tiny handful of pretenders who deceive
young women for exploitative purposes, but it's a problem nonetheless.
Keep in mind that some of the people attracted to transsexuals
are themselves transgender or transsexual. Only a tiny handful of transgender
and non-transgender transfans are predatory, but it's good to understand that
some transgender folks who want to help are doing so because they secretly
hope they might score a little action with you. And a few "helpful"
women are far more interested in scoring than in helping.
If you're asking a question, try to do it without divulging personal information.
Some email programs store your correspondence where anyone can read it, so
be sure to find out where your letters will reside if someone shares your computer.
This has been expanded into a separate article. For tips on interactng online with others, as well as a list of transsexual forums, please see Transsexual forum list.
Calling and meeting people from online
Be very careful calling or meeting anyone who is aware of your TS status. A
good rule of thumb is not to call anyone unless someone trusted whom you have
met in person will vouch for the person who wants to meet you.
I don't recommend calling people you meet online unless you are absolutely
certain of their identity and sanity. There are a lot of people in the community
who may want to be your friend and meet in person. Most will not pass, and a
few are emotionally disturbed.
Do not speak to someone on the phone until you have emailed for a while.
Remember, once you call someone, they will have your number and will be able
to call you back.
Do not call from home if you live with others.
Do not call from work if you aren't out at work.
Only meet someone after you've emailed and spoken on the phone long enough
to be satisfied the person is not a kook.
Another good rule of thumb is to meet people close to your own age, since it's
more likely you'll have things in common.
Meet in a public place, but not where you might run into people you know. Early
on, I met a couple of people who were not as passable as they claimed and I
was getting clocked left and right by association.
As I mentioned in the section on email, be aware they might be attracted to
you. This is true for TSs, as well. Generally, the older the TG/TS, the more
likely this will happen.
After you're full-time and done with SRS etc., I suggest trashing your old
email account, username and Internet service provider and starting over.
Putting up your own website? Consider ALL the risks
I do not want to discourage you from sharing information and experiences with
others, but I would strongly advise against putting up
your own website if you plan to keep the option of stealth. I have met
too many TS women who did not carefully consider this decision. After an initial
attempt to be out and proud and all that, they later decided to pull back entirely
and took down their sites. Unfortunately, it's very hard to put the genie back
in the bottle. Once your personal information and real name are out there, there
will always be a record somewhere. And you'll never know when it will
come back to haunt you. Others may link to your stuff, take stuff from your
site and put it out there, etc. Search engines may keep you listed for years.
There's even a site called archive.org that maintains permanent copies of old
websites. Forever. There will always be a record of anything you post on the
web, so you must very carefully consider the risks before
putting yourself out there.
I have a deep stealth friend who did a `zine a few years ago chronicling some
of her life. Somebody put it online, and now it's floating around out there
both physically and in cyberspace with her full name and everything.
If you do decide to put one up, even one that makes no mention of your TS status,
it is possible for people who knew you before to make the connection.
In my own case, I recently had a weblog of "weird" sites link to
my facial feminization photos. This led to a deluge of unwanted visitors from
outside the community to this site. I ended up moving my photos because of it,
and thought seriously about taking them down altogether. You may not feel this
way when you first start doing a site, but over time, these sorts of things
can really start to wear on you. You get to the point where you have a plain
old ordinary life, but people think all this is some big freak show. If you
want to keep your TS status a private matter, you'd be smart to keep it off
the Internet and out of the public eye.
Safest option: anonymous information submitted to another site
If you want to put up info that can help others, I suggest submitting it to
an established site where it won't be linked to you. Simply strip your submitted
information of personal details and contact information that might identify
you.
Not safe: restricted access site
You may think it unlikely that your web page will be found, but many people
and companies regularly do searches on names and other identifying information,
so if the search engines index your pages, they may be found by an audience
you didn't intend. Limiting access can reduce, but not eliminate, this sort
of risk. Access to web pages can be controlled in a number of ways:
- Limit what the search engines can index
- Control access by IP address
- Allow access by password only
Not safe: your own domain
If you do decide to do a site, I advise bringing it out anonymously and without
pictures of yourself or identifying information. If you do decide to do a personal
site, I recommend doing it through AOL, GeoCities, etc. rather than having your
own domain (like janedoe.com). If you do decide to set up your own domain, you
might consider a name that's relatively anonymous, like genderpeace.com, rather
than using your own name.
No matter what name you choose, if you register a domain, your personal information
will be a matter of public record. A reader writes:
I was just looking at your Internet Safety page and there is something that
I think should be added to the page - registering your own domain name. The
registration records for all domain names are available for querying at http://www.netsol.com/cgi-bin/whois/whois.
As you already know, it is prudent to get a PO Box and not use your real name
and phone number in the registration info.
Very true. I've had people call me at work and hang out near my house looking
for me because of information they found in my domain registration. As I said
earlier, a website can greatly jeopardize any chances of going stealth.
Excluding robots and crawlers
There are two ways that can help reduce but not eliminate the chance your site
will be archived by a search engine:
- Through the robots.txt file. This standard can be found at http://www.robotstxt.org/wc/robots.html
- Through a less known and not frequently used robots exclude html meta tag.
It is possible to make a request to many search engines and archives to with
the specific url path page(s) and/or url path directory to be excluded. Note
that they may review these requests for legitimacy, as there is no way to
be absolutely sure that someone other then the author is making the request.
A reader writes:
It is still possible to be stealthy and exposed on the net. Here are a few
pointers on how to have a site but avoid crawling/archiveing/indexing.
1) most crawlers do not know how to get passed a password so a simple front
page that requires a password to click through will stop almost all crawler/archivers.
Heck, you can even print the password on the page since the robots that crawl
are all really dumb! This trick is really simple and gets your front page
indexed but nothing underneath!
2) You can also use a Secure Server. That is, a server that encrypts and uses
the https headers. A robot that is a good netizen will not crawl an https
site (secure server site).
3) Then there is robots.txt. To use robots.txt it must be located in the root
directory which means you must control the root directory of the domain. This
is not practical for sites like geocities.com where a site is really a subdirectory
and the author has no control over the root directory of the site.
4) There is an html meta tag called <meta no-archive>. This does not
work really well because the crawler/archiver has to read the page in the
first place to find the meta tag. Many crawler/archivers do not try to parse
html while crawling and the meta tag is found later during post processing
for links. The result is that one page, the page with the <meta no-archive>
probably gets saved, however, a well behaved crawler will not follow links
on that page.
Those are the most common ways to make your site part of the dark matter of
the web! (oh yes! dark matter, black holes, supernovas you name it and there
is an example of it on the web!)
Even if you get the robots, you can't stop those humans
The problem I've had has not been with robots, but with humans. People will
print stuff out, make copies on their hard drive, mirror your site, or steal
your text and images outright for whatever reason they see fit. Trust me.
I am a very open and giving person, but I am amazed how people will steal your
content and put it wherever they want. Even members of our own community (like
that Brit scumbag Crissy Wild) sometimes have no qualms stealing from us for
their own benefit.
Try not to include personal information that could be used to identify you.
Photos
Never NEVER put up or email photos of yourself
until you have carefully considered ALL the risks. Once they are
floating around, they are going to be floating around the web FOREVER.
No lie. And they could end up anywhere.
I know two women who were not out at work who got outed because they had personal
sites with photos that linked them to transition-related materials. Never put
up anything you wouldn't put up on a bulletin board at work or school, or on
a telephone pole on a busy street.
Even someone you trust might decide to forward it to someone, after which your
photos could go anywhere.
I especially recommend not sending out any sexually suggestive photos, as these
tend to get circulated among transfans, TGs and others and can end up anywhere.
People have taken photos of mine and:
- Created bogus identities using my photos
- Put them on sex sites
- Identified me as transsexual without my knowledge or permission
- Manipulated them in PhotoShop in sexual ways.
If you do decide to float your photos out into the cyber universe, don't put
up photos with others in them (esp. other women in the community), unless you
have their permission. I used to have up some photos of friends, but people
stole them from my site. Even the ones who weren't transsexual were getting
lewd comments via email to me.
Make sure the names on your photos don't have identifying information, like
"christine.jpg" or "ts.gif." Also, make sure the photo itself
doesn't have any information, like the license plate number of your car, your
house address, etc.
If you plan to keep the option of stealth, I strongly
suggest NEVER sending out any photos. I cannot emphasize this enough.
How to minimize an existing web presence
I got the letter below from an early transitioner:
I just read your article on having the option of going stealth,
etc. It terrified me. I am 19 years old and almost fully transitioned, and
no one but my family and girlfriend knows about me being transsexual. Except
for online. I never even thought about this. I had a whole bunch of chat contacts,
my e-mail out everywhere, and worst of all, a webpage, containing my name
and pictures of me. Right away I deleted my webpage and all of the chat services
I'd been using. Now, the question I am asking: Is there anything you can recommend
that I do to reverse what I've already started? If you could please help I'd
appreciate it. Thank you very much.
Step 1: replace website(s) and change email address(es).
That's replace, not remove. One problem that happens when
you abruptly take down a site is that regular visitors and those with whom
you were chatting might start asking questions online, like "Have you
seen a young TS named ____ with the email janedoe@carelesstransssexual.com ? She has disappeared." or "A friend's website at www.iamayoungtranssexual.com
is gone. Jane had some great TS pictures like the one I've attached below.
Does anyone know where I can reach her?" This of course only adds more
information linking you and your TS status online.
The best way to avoid having people ask about what happened
is to put a very brief note up on your old site, saying "I have taken
this site down to protect my privacy. I hope you will help me with this by
not sharing my photos or personal correspondence with others." Don't
mention anything about your TS status etc.
If you'd like, you can add a line like: "Those wishing
to contact me can reach me at: janedoe@throw-away-email.com." Set up
a throwaway web-based address and don't use it for correspondence, just closure.
Only give out your new email if you're ABSOLUTELY CERTAIN of the other person's
identity (i.e.: met them in person). Eventually you get rid of that email
address, too.
Step 2: Assess the situation.
A: Do a search on Google (http://www.google.com). This will show if anyone has a website up containing information
about you. Search the following terms:
If you do find your site indexed in Google, look at the cached
version. That's what people will be able to see until you get it erased.
B: There is a way on Google and others to "nuke"
your own website off their search engine if necessary. For more, see: http://groups.google.com/remove.html
C: If someone else has your personal info listed on a website,
send them a VERY NICE letter explaining the bind you're in, and VERY NICELY
ask them if they would help you by removing the information.
D: Do the same advanced search on Google Groups (http://groups.google.com/advanced_group_search).
E: For good measure, you can do the same search on a few other
search engines, too.
If the people you were emailing and chatting with were real
transsexuals, they will probably understand and respect your desire for privacy.
However, a lot of people online are fakes, psychos, etc. Sometimes they don't
understand or care about the need for stealth.
How to minimize an existing presence on newsgroup archives
On September 18, 2001, Google sent the following message regarding
their automated USENET archive removal tool:
We now offer an automated removal tool for posts made to Google
Groups. This will provide users with more direct control over their posts
and ensure that all nuke requests are processed in a timely manner.
If the post/posts you wish to remove were made from your current,
active email account, please go to: http://services.google.com:8882/urlconsole/controller and follow the instructions to remove a post.
If the post/posts that you wish to remove were made from a
email account which is no longer active or accessible to you, please follow
the instructions found at http://groups.google.com/googlegroups/help.html and include a note in your email to us that tells us that you are
unable to use the automated tool.
Laura wrote of her first-hand experiences purging approximately
6,000 USENET posts from the Google archive in September 2001:
First off, removing messages from Google requires a rather
interesting process to confirm you are the actual author of a message. This
requires you to follow their rules *to the letter* or you will simply be ignored.
Also if you want to remove large numbers of messages (more
than about 50) you will have to make personal contact with them and give them
a good confirmation of your identity. I did this by sending them an e-mail
with a password in it they could demand I say to confirm that I am the same
person who sent the message and then I made phone contact with them about
3 days later, gave them the password, and explained why I wanted my stuff
removed.
Their phone number is: 1-650-330-0100
Once satisfied with my identity and intentions they have proven
to be a very cheerful and helpful bunch. But there are technical complications...
Google, at present can only remove *single* messages and then
only when you can supply the *exact* message ID. Unlike Deja they have not
implemented "Nuke All By Sender" in their administrative scripts,
so they can't dump everything from a given address in one pass... but they
tell me they are working on it.
If you have a large number of messages in the archive (I had
6,000) removing them all is one hell of a big job. I've been at it every day
for a month.
Once you've established their agreement to remove your messages,
you have to compile lists of the message IDs you want deleted and e-mail them
to them. They will then run a script which removes the messages on your list.
Building the lists this takes a long time since the only place
the message ID is visible is in the "Original Format" of each message.
This means you have to do a search, click on the message, click on "original
format" cut and past the ID into an e-mail and then back out to your
search list and do the next one. It takes about an hour to harvest 100 IDs.
Then you run into another complication... their searches bail
after 1000 messages. So you have to take out the first bunch before you can
get to the next. But, once you start deleting, their scripts only search till
they hit a missing messages and then they bail... so be ready to spend a LOT
of time searching the Archive, using as many different advanced searches as
you can think of, to get them all.
The smart money, if you don't want people finding your stuff
in a newsgroup archive is to either:
I recommend staying off newsgroups.
An ounce of prevention is worth a pound of cure. Even if you request your posts
not be archived, there's nothing stopping someone else from copying your post
into their and making it part of the permanent archive where you can do nothing
to remove it.
Letters from readers who've been outed via the Internet
Below are a few of the stories I've gotten from readers since
I first put my web safety page. Certain identifying information has been edited
or removed.
Letter #1
I didn't see this listed, but it happened to me, so you might
want to include it in your safety tips.
I corresponded with a man for awhile and finally decided to
meet him at his office -- he really seemed very nice. Turned out, he was actually
nice, but also a bit too snoopy. Later, when he e-mailed me, he knew who I
was and had my address and birthdate and no telling what else. Scared the
hell out of me!
He finally told me he had gotten the tag number from my car
and run it through publicdata.com and bingo! And why? He said he was just
curious as to who I was and felt he had the right to know, especially since
it was public data, anyway.
No harm came of it, and since I did know where his office
was, I doubt he intended any harm.
Got lucky that time... live and learn.
Sound the alarm to your readers!!
Letter #2
From a reader who transitioned in her mid-twenties [personal
details edited for privacy]
The one thing I wish I had done differently, and which goes
with your thoughts on Internet security, is change my last name as well as
my first name. In order to maintain family support and support at work, I
had pressure not to change my surname--people couldn't understand why I would
want to just because I changed my gender--I wasn't a different person after
all, they'd say, etc. etc. Unfortunately, in the world of the Internet, no
information truly disappears. As my last name is somewhat uncommon, I've run
into a few situations where people have searched on my last name and then,
using what they know about me already (school graduation, date I was licensed
for my job where I live, old newspaper clippings from my hometown from high
school of old things) were able to find out lots more info about me than I
thought was available. This is not something everyone does--in truth, I'm
lucky that my appearance does not raise many questions--but it's happened
twice in the last two years (including one romantic situation, which became
difficult as a result and could have proved disastrous). So anyone transitioning
young and hoping for true stealth would be well-advised to change both of
their names, even if their parents or friends or work colleagues recommend
against it or don't understand why they are doing it.
[I agree with this recommendation. For more details, see
my section on choosing a name.
--AJ]
Letter #3
From another reader who transitioned in her mid-twenties
[personal details edited for privacy]
I wish I'd been given the sound advice you share, not so much
because I've been outed by the web (which has happened only once thank God
-- oh if I could only expunge USENET!), but because I innocently shared enough
information early on to eventually get my phone number tracked down and calls
from someone spooky within driving distance of my house, as well as a couple
of other unpleasant experiences being recognized by persons unknown while
on the west coast (long, creepy story). Oh, I also got contacted by a woman
on the east coast last year who told me a "friend" she'd met online
had been using pictures of myself I'd posted a while back. I wrote her "friend"
but, unsurprisingly, never got a response. I should have pursued it with the
ISP from the email or something, but life interceded. Anyway, I'm sorry these
things happen and the world has four jerks for every decent person. Internet
users beware I suppose.
Letter #4
From another reader who transitioned in her mid-twenties
[personal details edited for privacy]
I just wanted to comment on something you have on your very
informative site regarding stealth and the Internet In my mid-20s when I was
transitioning I found the usenet group alt.support.srs. I needed information
very badly and posted messages, foolishly signing my first and last name to
them (yeah, that was dumb). I figured the messages would be on the board a
short while then they'd scroll off after a week or so. The messages I posted
came back to haunt me recently.
I'm in my late twenties now and post-op. I rarely tell anyone
I'm ts. Anyway, I met a guy and we started seeing each other. Even though
we were intimate, I felt no need to tell him of my Ts background (some people
would not be cool with that, but I didn't feel it was relevant to our relationship
at the time). Well, he's a computer type and, knowing I'm into theatre, decided
one day to see if he could find any of my theatre reviews online. He plugged
my name into the search engine at dejanews and viola - messages I posted like
three years ago came up...messages asking about SRS, FFS, and all that other
stuff. Well, the next time I saw him he was acting kind of weird. I asked
him what was wrong and he finally said he saw some messages posted under my
name, from my old college to a transgender support group. I was totally freaked.
I had NO idea they had archived those messages. At first I kind of played
dumb but felt guilty and admitted that it had, in fact, been me. We talked
about it and, despite being rattled and distant for several days, he is fine
with everything now (and frankly, its a relief to have him know about my past
and be ok with it, but I would have liked to have told him myself instead
of having him find out that way!)
I managed to get them (Google who now own the dejanews) to
remove my old messages. Luckily my boyfriend is a nice person and good-natured.
If it had been someone else, who knows how he might have reacted. By signing
my name on that newsgroup I was unknowingly putting myself in potential danger.
I just thought I'd share that story because Internet privacy
is a very real concern if you want to do stealth. Something I posted years
ago came back to haunt me!
Letter #5
A funny thing happened the other night. I was at a club Monday
night having a great time dancing, drinking, flirting, etc. And this one guy
was showing big-time interest. Then a strange thing happened... We eventually
went outside to talk, and after some small talk, he said, "Hey I know
you. I saw your profile on Yahoo." I'm like, "What???" He's
like, "Yah, I liked your pics." I went quiet on him and wasn't sure
what to do. He told me not to worry, cause he wasn't gonna out me to anyone.
Besides, he said it would be in his best interest not too, cause he found
me attractive & had his image to uphold with the other guys...
I asked him why he hadn't responded to my ad, and he said
he never really thought about dating a Ts but that it would probably be too
wierd anyway. He said he just stumbled across the ad one day and thought,
"Pretty girl, but too bad she's a dude." But after he and I met
by chance and in person, he said I seemed like a perfectly normal chick &
never would've guessed the Ts part if it weren't for my personal ad... So
we kinda hooked up for the rest of the night and might go out again! He was
a great kisser!!
An example of a potentially bad situation not turning out
so bad. I never thought I'd actually meet anyone in real life, outside of
dating, who would make a connection between some obscure yahoo profile and
me. Kinda scary... The world is too small of a place sometimes... I think
it's time to take the personal ad down. Besides, so far, it's only been good
for bringing the freaks out of the woodwork, and I doubt I will meet my dream
guy on the Internet anyway. :-)
Other reader tips
I got the note below in December 2002:
I was reading your article about Internet Security and keeping your identity
safe. I work in IT, so I thought I'd pass on what I know in case someone finds
it useful.
Running Windows? Try the opera browser (www.opera.com) it can be set to throw
away all cookies, what sites you've been to and empy it's
own cache when you exit.
Evidence Eliminator is a paid for product, but you can get fully working
copies of it from Computer magazines (if you're lucky).
There's also a freeware program that performs a similar function - you can
get that from http://www.securitysoftware.cc/apps.html
Have a look for "wipeout".
If you plan on doing a reasonable amount of email - consider an extra email
client to Outlook Express. Eudora, Pegasus, etc are all good
email clients and you can hide them away on your computer to reduce risk of
being caught in the act.
I received this in August 2003:
Web browsers:
I use Mozilla Firebird (http://www.mozilla.org/products/firebird/) as my
web browser. It's cache/cookies/history are easily cleared with a couple mouse
clicks.
Web-based email services:
I would NOT use Hotmail, Yahoo, Excite, AOL, or anything else that offers
web-based email services. Your login is secure with Hotmail for example, but
any email you read can be monitored. (Snort, http://www.snort.org, run that
on your computer while surfing the web and all sorts of things will be turned
up) I'm sending this from a Hushmail.com account, with an automatically generated
email address, reading my email over 128-bit SSL and then further encrypted
by 2048-bit security for anyone sending me an encrypted email. The subject
line might give something away, however.
AIM, MSNIM, YahooIM, etc.:
These are easily monitored, just like HTTP traffic can be. Jabber (http://www.jabber.org/)
can run over SSL can connect to the AIM, MSNIM, YahooIM networks, keeping
your side of the communications secure.
Registering your own domain:
GoDaddy.com offers privacy-protected domain name registrations for only $9.00
extra a year. They simply put a valid front company in your WHOIS record.
Putting fake information into a WHOIS file for a domain could be grounds to
get it removed.
This also came in during August 2003:
Just reading your safety tips, maybe there is another one you could add.
It's a very sad case, I corresponded with a woman like myself (I transitoned
finally in 1974) and we got to know each other. She was married, and just
her husband knew about her.
She liked hopping around the internet and sometimes even disclosing her past.
One guy got her even in such a state of believe in his true interest into
all things TS, so she sent him a pic of her with minimal blackening of her
face. Because, as she believed him, he was from another city several 100 miles
away from her own (which she wisely had not disclosed to him).
However, after some days there was something strange goin on in her circle
of friends. And on one evening her husband came back full in arms, a friend
has not openly told him about his wive being a former TS but had made strange
comments.
So, to keep that letter short, finally she found out that this man, she sent
the picture, not being from a city far away but living just some houses away
from them. He used that city because he was born there and wanted to hide
his wherabouts for unknown reasons.
And now my advise: had she put his emailadress into Google, she would have
found out his adress, as I have shown her after she has told me all that story.
NEVER EVER believe a stranger ANYTHING online. Check her/his email. put the
name(s) into the search form and/or any personal information she/he may have
given.
For her it's too late, her husband left her because he could not stand all
that whispering around him anymore.
A reader wrote in July 2004, "I just had to offer an addendum to your
series on internet safety and privacy, because it comes from personal experience.
Please feel free to use it if you can. I think it is pertinent, especially since
the 9/11 incident."
Ever since 9/11, the world is a different place. People are more cautious,
protective and scared. Governments and Corporations are working harder than
ever to stop the flow of important information out of their companies, and
also to stop the flow of unwanted items back in. Hackers and cyber spies are
working extra hard as well; some to steal government and corporate secrets,
others just to break into websites and information storage spots, just for
the sake of saying they can (a power play). Some employees are even paid to
sneak information out of places. As a result, many organizations have hired
information “security specialists,” whose sole purpose is use an
arsenal of tools and countermeasures to monitor and stop this type of activity,
and hopefully prevent it from happening in the first place. Sounds like international
espionage, doesn’t it? It is ;). Specialists are armed with unique tools
and certifications, and one of them is called a “sniffer.” These
little utilities (usually software programs) are designed to track pieces
data flowing in and out of places, and also track where it is going, and where
it started. It has been said that Safe Surf sites can avoid this sort of thing,
but not entirely.
For example, let’s say you work at the West Coast Widget factory. While
they can’t see what you are sending, if you are behind their security
firewall, they can see that you spent some time using a safe surfing site,
and that could arouse suspicion. What’s more, today’s sniffers and
snoopers are getting to where they can actually decipher some of that data,
so if you are sending personal information, it might be readable, if they
wanted to. This goes back to the notion that any public place is at risk.
So we should all surf from home, right? That way all I have to worry about
is my family, right? Maybe not. Online services (like America Online), and
Internet Service Providers (ISP’s), since 9/11 and the Oklahoma City
Bombing incident, have taken steps to make sure that their customers are not
going to contribute to that sort of thing in the future. New laws have allowed
them some leeway to implement such monitoring to an extent. “Great, you
say, this means no place is safe…” Well, yes and no; there is some
hope (read on). When you log in from anywhere, you get a unique number (the
ubiquitous Internet Protocol, or IP address). This may be just within your
internet company, or it may be a unique world number. And if you have one
of those nifty router firewall things, you are not immune either, because
it still has one that the internet company gives it. Ever had one of those
popups that shows you your IP address and tries to sell you some bogus protection
software? “WARNING: you are broadcasting 123.456.78.90!” That’s
the number (the popups are mostly silly jokes, by the way). You can also visit
http://www.whatismyip.com, if you want to know what it is.
Don’t freak out yet, there is more. Safe surfing sites sometimes act
as “proxies,” and act on your behalf to send a pretend IP address
to make it look like you are in Norway when you are in New York. But remember,
the site itself that you are browsing through can see your IP address too,
so make sure you trust that safe site as well. IPs are unique out on the net,
and specific ranges of numbers are unique to certain companies. So if you
are with blahblah Internet, that number tells whoever may see it that you
are in that part of the world, IF they can figure it out. If you log into
irc or a chat program, it’s sometimes easy to tell generally where you
are, because sometimes it will show as blahblah@int.internetcompany.net, or
part of your IP address (which is safe) and so forth. Well ok, so that gives
a vague, sometimes 10 state range of where you could be since the internet
company can be very big, and AOL is everywhere. The problem is if someone
has your IP address, programs and utilities that do a thing called route tracing
can follow a piece of data over the internet, back to where your IP address
is. Suddenly they can see the town I am in, and the internet company I am
using. Now consider that and the fact that internet companies can monitor
the data going between you and their service, and THEY know exactly who you
are (or who is paying the internet bill, right down to the street address).
Ack!
Well, remember I said there was hope? While AOL is probably the best at tracking
data like this (they can log AIM chats too), as they are an online service,
regular internet companies can too. BUT, remember what they are looking for
is in relation to matters of national and international security, not our
personal health concerns. *phew* AOL simply cannot afford the time and people
it would need to watch everything, so you are going to be safe for the most
part. Everything on the internet has a trail, but if you don’t arouse
suspicion, no one will ever bother to care. Most individuals don’t care
either, unless you are doing something suspicious. But maybe there is something
to be said for those random internet cafés and libraries after all.
This is the most important: especially if you are young, please “Watch
what you say,” no matter where you log in from. If you start using words
like “Anarchy,” “Bomb,” and “President,” particularly
in the same sentence, their little monitoring software might wake up and wonder
what is going on. Then again, if you WANT attention, well, that just might
be a good way to do it J. But it’s not that likely if you use yer noggin’.
You have to decide what you want to share, just don’t get carried away
like I did (see below). Also remember that almost all messenger chat programs
and emails can be logged by the company or service offering them. This includes,
AIM(icq) as I said, but also, MSN, Yahoo Messenger, Jabber, irc, (and others)
and even mobile phone TXT messages.
I have always been called “too trusting,” and I realized how much
one day. I was lonely, and had wanted soo much to reach out to someone, anyone
almost, so I trusted a little when I should have waited. Suddenly I was informed
there was a doctored picture of me on a smut site. I had been taken advantage
of, and ended up losing my job, not to mention a lot of friends, and ended
up going into hiding for a while, all because I was a bit too naieve. I had
used a safe surfing site, and an IP proxy, deleted my browsing history, all
of it, and I thought I was completely untraceable. I was wrong. Both at home
and at work, I was still visible. In fact it was someone (a then friend) who
was a moderator on a message board I visited. Turns out this person also happened
to work at my then internet service, (I had no idea). Message boards often
record the IP number to make sure it’s the right person logging in, which
is perfectly in the board’s rights to do so. But in this case, it was
over the line, and taking that login and home IP number back to the ISP, got
a match. I was humiliated, and the rules of respecting privacy were broken.
I could have made something out of it, but I was stuck because I didn’t
want or need that kind of publicity. The course in common sense has only one
class period, and I learned fast. And this was before 9/11 even happened.
Some years later, I still needed people to talk to, and decided that I could
trust people here, and so I am back, but a lot more timidly now, and with
more street smarts. I have decided to take that risk once again.
More hope to allay your fears: Consider that ANY type of communication can
be misinterpreted, gossiped, lied about, etc. That’s just life. The internet
does allow for more misleading stuff, but it’s still communication, so
the basic common sense rules apply. And when you talk to someone else, phone,
in person, or on the net, there will always be some inherent risk. I learned
this the hard way, even though it was an extremely rare occurrence. Here is
a good rule of thumb, if it feels wrong, DON’T. Common sense is an oxymoron.
Other web resources
The following excellent links were submitted by my clever deep
stealth readers.
TOR (http://tor.eff.org/)
There is also a program called TOR http://tor.eff.org/ that you could have a look at. It defends users against traffic analyzing. Protecing against sites that tries to profile internet usage.
SamSpade (http://www.samspade.org)
This site has several great tools, but the best for surfers is their safebrowser
option. It opens a page through their website, so there is no trace back
to you. This browser lists source code and not images, though. That means
you'll get the text, but you'll also get the code that formats the web page,
which can make it hard to read. For text-based sites, this is good, but
you will not be able to see any photos. To see a page as it's laid out,
I suggest looking at the cached version of a page through Google's search
engine. This is only available for pages catalogues by Google, though.
Fravia's Pages of Reverse Engineering
(currently available at: http://www.anticrack.de/fravia/noanon.htm)
Encription for the Masses (http://www.e4m.net/)
The Freedom Project (http://freedom.gmsociety.org/)
is maintained by the George Mason Society
Identity theft protection
Identity theft is the fast-growing crime in America and is tightly linked to
the concerns listed above. I know a woman in our community whose identity was
stolen, and the perpetrators got ahold of all her personal information, including
old name, addresses, etc. It is extremely important to protect your privacy
whenever possible.
A corporate attorney sent the following out to the employees in his company.
1. The next time you order checks have only your initials (instead of first
name) and last name put on them. If someone takes your checkbook they will not
know if you sign your checks with just your initials or your first name but
your bank will know how you sign your checks.
2. When you are writing checks to pay on your credit card accounts, DO NOT
put the complete account number on the "For" line. Instead, just put
the last four numbers. The credit card company knows the rest of the number
and anyone who might be handling your check as it passes through all the check
processing channels won't have access to it.
3. Put your work phone # on your checks instead of your home phone. If you
have a PO Box use that instead of your home address. If you do not have a PO
Box, use your work address. Never have your SS# printed on your checks. (DUH!)
You can add it if it is necessary. But if you have it printed, anyone can get
it.
4. Place the contents of your wallet on a photocopy machine, do both sides
of each license, credit card, etc. You will know what you had in your wallet
and all of the account numbers and phone numbers to call and cancel. Keep the
photocopy in a safe place. I also carry a photocopy of my passport when I travel
either here or abroad. We've all heard horror stories about fraud that's committed
on us in stealing a name, address, Social Security number, credit cards, etc.
Unfortunately I, an attorney, have firsthand knowledge because my wallet was
stolen last month. Within a week, the thieve(s) ordered an expensive monthly
cell phone package, applied for a VISA credit card, had a credit line approved
to buy a Gateway computer, received a PIN number from DMV to change my driving
record information online, and more.
But here's some critical information to limit the damage in case this happens
to you or someone you know:
1. We have been told we should cancel our credit cards immediately. But the
key is having the toll free numbers and your card numbers handy so you know
whom to call. Keep those where you can find them
2. File a police report immediately in the jurisdiction where it was stolen,
this proves to credit providers you were diligent, and is a first step toward
an investigation (if there ever is one). But here's what is perhaps most important:
(I never even thought to do this.)
3. Call the three national credit reporting organizations immediately to place
a fraud alert on your name and Social Security number. I had never heard of
doing that until advised by a bank that called to tell me an application for
credit was made over the Internet in my name. The alert means any company that
checks your credit knows your information was stolen and they have to contact
you by phone to authorize new credit.
By the time I was advised to do this, almost two weeks after the theft, all
the damage had been done.
There are records of all the credit checks initiated by the thieves' purchases,
none of which I knew about before placing the alert. Since then, no additional
damage has been done, and the thieves threw my wallet away this weekend (someone
turned it in). It seems to have stopped them in their tracks.
The numbers are:
Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
Conclusion
I've discussed a range of security options from basic safety to complete paranoia.
I recommend taking considerable caution if you think stealth will be an option.
What you do online now may have lasting consequences and can be a source of
regret during transition and even long, long after you've been stealth.
Have fun, learn lots, but be careful, OK?
|
