this post was submitted on 13 Feb 2024
94 points (100.0% liked)

the_dunk_tank

15897 readers
1 users here now

It's the dunk tank.

This is where you come to post big-brained hot takes by chuds, libs, or even fellow leftists, and tear them to itty-bitty pieces with precision dunkstrikes.

Rule 1: All posts must include links to the subject matter, and no identifying information should be redacted.

Rule 2: If your source is a reactionary website, please use archive.is instead of linking directly.

Rule 3: No sectarianism.

Rule 4: TERF/SWERFs Not Welcome

Rule 5: No ableism of any kind (that includes stuff like libt*rd)

Rule 6: Do not post fellow hexbears.

Rule 7: Do not individually target other instances' admins or moderators.

Rule 8: The subject of a post cannot be low hanging fruit, that is comments/posts made by a private person that have low amount of upvotes/likes/views. Comments/Posts made on other instances that are accessible from hexbear are an exception to this. Posts that do not meet this requirement can be posted to !shitreactionariessay@lemmygrad.ml

Rule 9: if you post ironic rage bait im going to make a personal visit to your house to make sure you never make this mistake again

founded 4 years ago
MODERATORS
KiaKaha@hexbear.net
wantonviolins@hexbear.net
itsPina@hexbear.net
MiraculousMM@hexbear.net
corgiwithalaptop@hexbear.net
VILenin@hexbear.net
blashork@hexbear.net
replaceable@hexbear.net
EmmaGoldman@hexbear.net
InsidiousTrackers@hexbear.net
94
Celebrating Vaush’s innovative and stunning achievement in infosec (hexbear.net)
submitted 1 year ago* (last edited 1 year ago) by WhyEssEff@hexbear.net to c/the_dunk_tank@hexbear.net
35 comments fedilink hide all child comments
 

I was initially just going to make a comment about this on the other post on the broader topic, but I’m in so much awe that I am compelled to make this its own post. I need to document this. This is a case study.

When I first heard about this, I assumed what happened was he had his porn folder open prior to the stream, forgot about it, and accidentally minimized a window to reveal it. I haven’t gone looking for the clip, I don’t care to see the images no matter how low-res they are displayed, but from what I’ve gathered second-hand it’s so much more incompetent.

His porn folder was, as far as I’ve gathered:

  • In his desktop folder
  • Had zero nesting
  • On his stream PC

This has had me thinking for the past day-and-a-half how many options he had access to if he wanted to create any single degree of separation between his work computer and his fetishistic material. Let’s assume he’s absolutely not going to budge on client-side hosting of his porn. Let’s also framework this in a counterfactual where this isn’t creepo or even morally-ambiguous shit he’s hiding, just embarrassing if aired out publicly, so that I can comfortably rant about basic infosec without feeling like I’m running defensive for his tastes and what was actually found in his porn folder.

There are so many things he could have done to obfuscate/disconnect/distance it so that he would have had a lower risk of exposing his hentai to the world. I am a hobbyist infosec gal. I am an amateur infosec gal. Here are all the ideas I have come up with so far:

  1. Create another account for stream purposes on his computer that only has access to your user directory and move the porn out of it (FREE)
  2. Add N levels of nesting to the folder so that you can easily bail if you accidentally click it on stream (FREE)
  3. Move the folder to an obscure, barely-used folder (FREE)
    • I use Mac primarily, but I know the Windows file structure. Vaush. You are not using Paint3D. The 3D Objects folder is right there. Why is it on your Desktop.
  4. Put it on an encrypted disk image (FREE)
    • Fuck, just put it on a disk image, even that's an attempt at obfuscation (FREE)
  5. Make sure the porn that you have in the folder on your desktop called TO BE SORTED is sorted away into deeper-nested folders, you know, before you start streaming (FREE)
  6. Hide the folder by checking the ‘Hidden’ option in the Attributes menu, accessed by right-clicking on the folder (FREE)
  7. Hide thumbnails. Force list view in File Explorer. According to my Destiny-adjacent high-school friend that called me to talk about this shit, some of the images had what they depicted in the title. Simply don't have the files named in an explicit manner, which could be accomplished in multiple ways, like:
    • Manually renaming them after you download them which takes approximately as much effort to do as moving the file from your Downloads folder to your TO BE SORTED folder (FREE)
    • If you're downloading them programmatically (e.g. using gallery-dl) you can most likely configure it to name the files by post ID instead of what I assume is their title, which is at least obfuscated to a degree (FREE)
    • Use a schtask (Windows cronjob) (UNNECESSARILY COMPLICATED AND YOU HAVE TO LEARN POWERSHELL [EW] BUT IF YOU ABSOLUTELY NEED TO HAVE IT ON YOUR STREAM PC DESKTOP AND CANNOT BE BOTHERED TO SORT OR HIDE THE PORN IT IS A FREE OPTION) that either:
      1. Autosorts the named pornography out of view. Vaush. Buddy. The folder is called TO BE SORTED. I’m assuming the sorting is categorical. You could easily regex that. If they aren’t depicted in the title and thus cannot be regexed, then hiding thumbs solves the exposure potentiality.
      2. Renames files in the folder to an encrypted version of the file name. If you want to manually sort it, then why are you maintaining file names in the first place. Have that shit run the file’s name through even just base64 encryption. You can have it decrypt automatically when put in a sorted folder with another schtask.
  8. Buy an external SSD for it (YOU HAVE THE MONEY)
  9. Buy a laptop for it (YOU HAVE THE MONEY)

Any number of these options being employed would be enough of an attempt at infosec to at least afford you an argument against whether you are entirely incompetent. Vaush, you are on the internet. You are extremely internet-brained. ‘Homework folder’ is pretty much a ubiquitous meme. Nesting folders is the most easily accessible and obvious infosec advice given to anyone on the internet.

I want to reiterate the situation here. Vaush is a public figure. Vaush displays his computer screen for hours at a time as a profession. Vaush has already been accused ad nauseam of airing out the exact sexual inclinations he accidentally revealed to the point where there are double-digit item masterposts chronicling material over a span of years to inform people of these tendencies, posts that have existed for years prior to this incident.

And this motherfucker had his porn folder on the desktop of his stream PC, two errant clicks away from exposing his porn to the world over the multiple hours a day he streams.

This wasn’t an accident. This can’t be classified as an accident. I refuse to award this the nomenclature of ‘accidental’. This was a statistical eventuality. This is active malpractice. I’m in awe niko-wonderous

top 35 comments
sorted by: hot top controversial new old
[–] drinkinglakewater@hexbear.net 45 points 1 year ago (3 children)

I think what's funnier is that he had his LITERAL TAX DOCUMENTS in the same folder

[–] WhyEssEff@hexbear.net 46 points 1 year ago* (last edited 1 year ago) (1 children)

putting all the private stuff that I don't want people to see in a catch-all folder on my desktop on my stream pc which i show to other people professionally for a third of the day i-love-not-thinking

[–] alexandra_kollontai@hexbear.net 15 points 1 year ago

I love not thinking!

[–] hexaflexagonbear@hexbear.net 24 points 1 year ago

Sending the entire folder to his accountant because it's the accountant's job to sift through it.

[–] Sopje@hexbear.net 19 points 1 year ago

There aren’t any tax documents in that folder.

[–] RION@hexbear.net 35 points 1 year ago

I had better infosec for porn than him when I was 13. Simply incredible

[–] ReadFanon@hexbear.net 28 points 1 year ago* (last edited 1 year ago) (1 children)

I came across an uncomfortable hot take somewhere online.

Maybe it's just because I'm autistic and I take things literally. Maybe it's because the thumbnails were already damning enough as it is that I didn't imagine beyond that (can you blame me?). Maybe it's because I'm not nearly as smart as I pretend to be. Maybe it's all 3 at the same time.

Whatever the truth of the matter is, in his infamous folder there was another one titled something like "tax stuff".

The hot take:

There wasn't tax stuff in that folder. There was never anything to do with tax in that folder. That was the folder that even he felt uncomfortable giving its rightful name to.

I wish I could go back to when I was young and naive - yesterday was a simpler time.

[–] GarbageShoot@hexbear.net 3 points 1 year ago

I mean, if he has actually illegal material, that might be where it is, but he's also a fucking streaming aristocrat so it's not like he doesn't have tax stuff to keep track of.

[–] Findom_DeLuise@hexbear.net 26 points 1 year ago

Tacoma is weeping

[–] Yurt_Owl@hexbear.net 25 points 1 year ago

This reminds me of when i found a friends porn folder within about 2 seconds of logging onto his PC. Located basically on the c drive with a name like "definitely not porn".

I was helping him migrate his data to a new drive as well and somehow didn't think I'd find it???????

I got his dads old mac as well and his porn was on the desktop in a folder called "netscape navigator" which gave me a small chuckle

[–] Rojo27@hexbear.net 23 points 1 year ago* (last edited 1 year ago)

I knew to do most of these things back when I was a horny teen saving porn on the family computer. Maybe he didn't feel the need to really hide it since he's an adult, but considering what the content was maybe he should have had an inkling of shame and forethought. Whatever, he deserves what ever consequences are headed his way, if anyshrug-outta-hecks

[–] sexywheat@hexbear.net 23 points 1 year ago (3 children)

I'm a bit out of the loop on this one. What happened exactly? He opened his porn directory during a live stream?

[–] alcoholicorn@hexbear.net 31 points 1 year ago* (last edited 1 year ago) (1 children)

The anarcho-NATOist who regularly defends pedophilia and bestiality accidentally opened a folder called "TO BE SORTED" on his desktop during a live stream.

spoilerit contained drawn CSAM and horses, some of which may have been AI generated.

dead-dove-3

[–] Infamousblt@hexbear.net 24 points 1 year ago

To the surprise of literally nobody, the guy who defends disgusting things is a disgusting guy. hillary-apartment

[–] Gucci_Minh@hexbear.net 20 points 1 year ago* (last edited 1 year ago)

I'm not very caught up either but from what I can gleam from unhinged reddit posts the clown opened his folder of anime CP on stream? Basically confirming all the allegations that he was a pedo, but anyone who wasn't a clown defender knew that already from how much he defends pedophilia.

[–] WhyEssEff@hexbear.net 16 points 1 year ago (1 children)
[–] sexywheat@hexbear.net 15 points 1 year ago

Yeah I saw that post already but even in the original reddit post nowhere does it indicate what actually happened.

Everything I know about Vaush I have learned against my will, including his existence.

[–] Sopje@hexbear.net 22 points 1 year ago

Sometimes it helps fucked up people to clear their conscience if they do their fucked up shit openly. I am convinced that somewhere in his mind this creep wanted to get caught

[–] sir_this_is_a_wendys@hexbear.net 21 points 1 year ago (1 children)

Wow. I have like 10 times greater infosec for my diary as Vaush does for potential career ending/possibly illegal items. I'm also some nobody with like 400 Instagram followers, not a huge internet personality with lots of potential enemies.

[–] casskaydee@hexbear.net 17 points 1 year ago (1 children)

I knew a tech contractor once who was fired when it was discovered he was storing sexy lingerie and bikini pictures in a subfolder named "broads" on his user folder on the work network shared drive.

[–] neo@hexbear.net 21 points 1 year ago (1 children)

You know how most criminals are total idiots? Or like the people who actually download cp are both disgusting perverts and idiots? And that idiocy is how they get caught? I don't really know who Vaush is, but this situation, which I am learning about now, reminds me of that.

[–] GrouchyGrouse@hexbear.net 13 points 1 year ago

Yep. The criminals that get caught tend to be the ones that aren't careful because they are new and naive or have gotten sloppy and complacent.

[–] Rom@hexbear.net 20 points 1 year ago* (last edited 1 year ago)

Watching the stream I don't think nested folders (points 2 and 3) would have prevented this. In the stream he right clicks and saves an image from a web browser, and the file explorer window that pops up to choose a destination defaults to the last folder the browser had saved a file to. Even if that folder was nested 20 deep or was in an obscure location, it still would have been displayed just the same.

All the other points listed would have worked, though. As long as the browser could no longer access that folder for whatever reason (or if he had the forethought either to save a file to a different folder beforehand so the first folder the browser opened up would be that one instead, or just move the porn elsewhere) then he wouldn't have outed himself like that (presuming his Downloads folder did not contain files he wanted to hide). Testing it myself with Firefox, if the last-saved folder is no longer accessible (in my case I dismounted the encrypted partition that the folder is on) then it will default to the system Downloads folder.

[–] Philosoraptor@hexbear.net 19 points 1 year ago

I don't really know anything about V*ush except that he's a creep and a dipshit, but what are the odds that this was intentional for one reason or another? Either because he gets off on making other people think about his sexual proclivities (seems at least plausible based on what I've heard about his past behavior) or for something other reason? I've never watched one second of his stream and absolutely never plan to, so I have no idea how plausible that explanation is, but it would at least explain the apparently braindead dumb level infosec failure here.

[–] AssortedBiscuits@hexbear.net 17 points 1 year ago (1 children)

I thought about this yesterday, and I still think the best way is to have a dedicated streaming account with limited access. It seems like only Linux content creators are tech savvy enough to do this even though creating another account is so easy. But there's work to do to make it less likely you're air out something that you don't want to air out:

  1. I would disable access to the streaming software for all non-streaming account. This is to prevent accidentally streaming with your porn account.

  2. Obvious don't call your porn account "Porn Account." Choose an innocuous name. This is so if any file that's created in your porn account doesn't have "Created by Porn Account" as part of its metadata.

  3. The streaming account needs to only be able to view files within its user directory like you've said. Going to any other folder like Windows should be blocked.

  4. The streaming account needs to have its access to settings and other diagnostic tools like task manager disabled. This is so if the coomer brained user has installed various H-games, they don't accidentally spill the apps installed on their PC which would include the H-games. Disabling task manager is so they don't reveal that they have more accounts than the streaming account logged in (Task manager has a users tab that lists all the users logged in to the machine along with the services being run for each account). I'm sure there's ways through group policy to restrict what services the streaming account can see, but better safe than sorry.

  5. I would just not have a taskbar either since you can accidentally leak the name of your other Windows accounts, and I would go so far as to disable the start menu since there's an edge case where installing an H-game on your admin account might create a menu option in your other accounts including the streaming account. Instead of constantly checking if your start menu is okay to stream, just disable it.

  6. To handle the edge case of the H-game installing shortcuts on the desktop of the streaming account, you could set up a script that basically deletes all shortcut files (so files with extension .lnk) that aren't part of a pre-approved list. But what if you accidentally open your recycle bin on stream where people can see the potential H-game shortcut? There are ways around this as well. The easiest I could find is the recycle bin has an option where files that arrive there get permanently deleted instead of being retained by default.

The end goal is the streaming account should be almost like you're in kiosk mode that's only able to run software by clicking desktop shortcuts of the particular app you want to run. Anything that's not on the desktop including default diagnostic tools is off limits.

[–] WhyEssEff@hexbear.net 24 points 1 year ago* (last edited 1 year ago)

Yeah, just having an account called “Vaush” for streaming and “Ian Kochinski” for everything else is probably the easiest, most innocuous, most outwardly disregardable way he could have hid it. I’m just fascinated that there was no attempt to hide it. It’s just there. On his desktop. Two clicks away strangelove-wow

[–] hexaflexagonbear@hexbear.net 16 points 1 year ago

I have a messy desktop, but waa smart enough to clean it and hide my bookmarks tab when teaching an online course. Although I once did have to crop my lecture video not to reveal my browser tabs. Hope my students assumed it was something like porn and not chapo.chat

[–] VILenin@hexbear.net 11 points 1 year ago

I don’t want to hear about pedophile man, please just lock him up and never talk about him again

[–] RyanGosling@hexbear.net 10 points 1 year ago* (last edited 1 year ago)

No, I think it was an accident. I mean when you’re rich, have dumbass fans and friends who shield you, probably an informant for the FBI to avoid convictions for related crimes, and virtually no punishment from the streaming services or authorities. At that point you don’t really give a shit about any of it because no one else seems to care.

Plus, more technical criminals have been caught for the same reasons. There was a guy who breached a psychology clinic and demanded ransom. After too few people were paying, he decided to release the entire database online. But the thing is that he uploaded his entire home folder instead of just the database, so cops just dug through the folder and found identifying information. Elsewhere, a notorious music leaker was arrested because he was frequently chatting on discord and had paid services (a swatter got arrested for the same opsec failure, but after 2 years of activity). And remember Ross Ulbricht? Dude had no technical knowledge and built a drug empire (with the help of contractors), and he was caught because he asked for Onion programming advice on the clear net while using his real name.

[–] Galli@hexbear.net 8 points 1 year ago

It's not an accident, it's limited hangout.

[–] RETVRNTOFOLDER@hexbear.net 6 points 1 year ago (1 children)

Unfortunately, I think the most important point to note is that the biggest threat to InfoSec is deeply unserious people.

The folder in question was not a desktop issue - it was his default download folder for his browser. Not only were the images in question still in a default download location, but the actual destination for them was a subfolder of the default download location. As if this were not bad enough, he had apparently been doing a special stream type where he knew he would be downloading images as part of it.

This man was "saving passwords in a desktop text file named allmypasswords.txt, and letting other people access his terminal unmonitored" levels of infosec liability. With everything involved, it really seems like regardless of the consequences of the error, he is confirmed at best a useful idiot. He was given DNC member platforming while the stuff that he talked about should have already disqualified. I know a checked out employee's behavior when I see it.

[–] GarbageShoot@hexbear.net 2 points 1 year ago

People talk about cloud storage, but I can just post my passwords as a Facebook status and have it for free

[–] RNAi@hexbear.net 6 points 1 year ago

Weird flex but ok

[–] Des@hexbear.net 5 points 1 year ago

damn girl