PREVENT IMAGE TRACKING This project is a result of the Joan image tracking hysteria. While arguments can still be made one way or another about lard muffin, the possibility of tracking users by their image posting across threads, and across websites became obvious. Images can be tracked both by their filename, and by their image hash. This can be used to track individual users, and to a much greater extent, the reach 8ch has with the rest of the internet.
This userscript replaces the image upload field on 8ch. When you upload on image using this script, the image is stegged with a small amount of random data, with a random password, changing the files hash. The filename is also replaced with a filename that is unique, but conforms to existing naming standards. This is implemented with a reverse regex, which is at the moment, the iphone filename regex which caused the hysteria in the first place. More regexes should be added in the future. This occurs completely within the browser, and the altered images are not saved (unless you download them again).
I'll re-post the analysis of this tracking problem posted in the previous thread in the next posts.
To install this, install a userscript add-on for your browser first, and then add the userscript with that, the two most common are greasemonkey and tampermonkey. This was tested with tampermonkey.
The userscript uses two 3rd party libraries, one for the stenography, and the other for a reverse regex.
Clearly this needs to be tested further, and additional lensflare and sparkle added, but it seems stable at the moment.
Just fuck off with your bullshit already kike, you're late for temple.
Carson Green
Repost from previous thread. This userscript is implementing Option D. I didn't write this, but I thought it was a pretty good analysis.
A breakdown of image file uploading options: In all cases assume the adversary has a complete and total archive of all threads and images ever posted on each chan. Assume that the adversary is only searching the archives by filename and file hash (no visual similarity searches). Also assume that all file hashes are unmodified by (((CloudFlare))).
Option A An adversary can find every post that's ever included the image with this filename and assume you obtained the image from one of those posts. A list of threads you may have visited or participated in can be made based on what threads the image was posted in.
Option B An adversary can find every post that's ever included the image with this filename and assume that you are likely the individual user responsible for each of those posts (depending on how uncommon the custom static filename is). If the archives return zero results for the custom static filename aside from the file with the same hash that is being analyzed, they can assume with a high degree of probability that every single post associated with that image and filename was made by you. It's possible that someone could have saved the image with the original upload filename (by right clicking one of the image links on 8ch, or manually copy pasting the filename on 4chan when saving the image), but the probability of this is lower than not.
Option C An adversary will be able to find every post that's ever been made with an image having that filename. The hash of the image files found by that search will not match the hash the image file in question. The adversary could guess that you downloaded one of the images returned by the filename search and modified the hash with some program if a manual visual inspection of the images returned by the search matches the image in question, in which case the analysis of Option A generally applies.
Option D An adversary will find zero results for the image in question searching by filename or by file hash. The adversary will not be able to compile a list of posts you may be responsible for and threads you may have viewed or participated in. If the randomly generated filename has a unique pattern, then the adversary may be able to guess that you are using a certain application to anonymize your images, and can search the archives with a regex to find files named with the same pattern. If you are the only user using the software that anonymizes images with that unique naming pattern, then the adversary may be able to assume that you are responsible for every post with an image matching that pattern. The more anons who use the software the more anonymizing the unique filenaming pattern becomes. Note therefore: The strength of this anonymizing technique hinges on the randomness of the filenaming algorithm.
Option E The adversary can find all previous occurrences of the image by file hash, and compile a list of posts you may have saved the file from. Since the filename is unique, no specific posts could be tied to your identity, though the caveats regarding the randomness of the filenaming scheme from Option D apply.
Brandon Walker
...
Ethan Phillips
This has nothing to do with Joan. This was largely disproven with the iphone video proof. The threat of image tracking remains though.
Option F An adversary can find the original post that first saved the image in question to 4chan's server with the original filename in question and assume that you saved the image from that exact post. The adversary can then find every post that's ever included the image with this filename/hash and assume you may be responsible for one or all of those posts.
Option G An adversary will be able to find every post that's ever been made with an image having that filename. The hash of the image files found by that search will not match the hash the image file in question. An adversary can find the original post that first saved an image to 4chan's server with the original filename in question and, if doing a manual visual inspection reveals the image is identical to the image in question, assume that you saved the image from that exact post, in which case the analysis of Option F generally applies.
Ranking image file uploading options from most to least anonymous: Option D Option E Option A Option F Option C Option G Option B
Julian Jenkins
No, we're just done with your cuntish derailing with this shit in near every fucking thread. Kill yourself.
Andrew Torres
example of posting the same image twice, this obviously completely bypasses the duplicate image block.
It's in the meta, in QTDDTOT, in topics completely unfuckingrelated. This crap is done like your retarded coalburning slut you tried to force. Kill yourselves and stream it back on kikechan.
Kevin Evans
legitimately kill yourself
Jeremiah Nguyen
Samefagging won't help you nor did anyone mention sperging. I'm talking SHILLING, cunt.
It should be noted that this locks the browser up for 1-2 seconds while it stegs each image. I couldn't find a way around this. Javascript is not fast and the browser doesn't multi-thread scripts on the same tab.
You can also only steg one image at a time, though you can add multiple, you just have to add them individually. This is a symptom of the steg library being used. There's probably a way around this with extreme javascript spaghetti, but dealing with 8ch was enough for the moment.
Hey. Is there a way you can run your images on your HDD to be converted into randomized tracking info?
It would be nice if you could schedule randomization of your data.
Cooper Mitchell
You should ask back on leddit, that's where these jew fucks organize.
Hunter Campbell
Anyone legitimately concerned with their datas and randomness should head to Zig Forums.
Jose Hill
This was discussed further along in the previous thread, but to mitigate this the idea is that you use existing name standards, so that if someone where to search for the filename using a regex, they get as many false positives as possible. IE the iphone regex, which is the only regex the script is using at the moment, will not only flag posts using the script, but every single person using an iphone.
Once more regex's are created, this will be further mitigated. The script is setup to pick a regex at random, and you can easily add your own at the top of the script, in the variable "rand_regexes". Just add it into the list.
Henry Morgan
Thanks OP I just started running it. Seeing how irate this thread is getting the shills it must be legit
No one gives a fuck about your diabetic beef curtains joan
Dylan James
Excellent work user, I will check out your script shortly. I'm the user who wrote the image anonymization analysis you reposted here. Really glad someone has followed through to develop this into something usable.
CIA/NSAniggers already buttblasted that their imageboard deanonymization software is getting kicked in the cunt.
just forgot about something, should be fixed soon and I can still update the ghostbin. if you post a mp4, webm, or gif, it will break the script this is obviously not catastrophic, it's a userscript, just disable it if you want to post a video or gif. it'll probably break with the png equivalent of gif too.
OP IS A FAGGOT FOR CREATING A DUPLICATE THREAD WHEN THE OTHER ONE IS NOT EVEN FULL YET See:
Robert Turner
this is a completely separate topic. joan was disproved unless she's shitposting with an iphone. this thread is not for discussion of joan, this thread is for preventing image tracking.
Parker Gutierrez
This software tool has nothing to do with the Joan GUID filename hoax/hysteria, and it deserves its own thread so that anons can learn about this anonymization software.
Landon Campbell
What is this? i haven't been to Zig Forums for a couple weeks.
Evan Carter
What if, instead of randomly generating filenames, it pulls from a list of previously used file names, but randomly selected + hashed?
Not only would it anonymize, but it obscures the tracing by throwing the scent onto random posters in the past?
You would have to compile a DB of all image names in 4plebs and abroad, then store it in the browserPlugin (regular updates or git), or make a call every time it posts (not recommended)
Tyler Moore
Oy vey but it's different because (((reasons)))!!one!one1
Ayden Turner
Just disable javascript, or better yet use Lynx or something else without javascript and other botnet.
Caleb Price
4pleb has a mean rate limit. 1 request every 10 seconds. This would also require a central server to host the initial database. If the old filenames were hashed then it wouldn't much matter what the filenames were unless someone hit it with rainbow tables.
I had considered adding a regex for 8ch filename's though, same for 4chan. that would match a ton of other images. I would bet the iphone regex, along with the 8ch regex (sha256 hash, i would just make a regex and do it random though, not actually hash anything) and 4ch regex, would cover 90% of all posts. the goal here is to make it impossible to isolate filenames coming out of this script or in general. if you wanted to make a regex to search for them it would match everything.
this won't do anything to prevent image tracking.
Also remember CloudJew MITM's the images now too for (((performance))) reasons. There's nothing stopping them from inserting watermarks into the image as well, and they have everything 8ch does, ip address, user-agent, the entire fingerprinting package.
Christopher Perry
Do you mean unaltered file hash but a random filename from an image with the same hash? That would be the same as options A and F (assuming you're grabbing the filesnames from an archive of 8ch and 4chan). The benefit with grabbing the random previously used filename is that the analysis of where the image came from would be totally wrong (e.g. they'd guess which thread you grabbed it from or they'd think you're the user who originally uploaded it with the unique filename, if applicable).
This would be a good option to have eventually, and was actually a explored a bit in the Joan thread when ideas were being brainstormed for the image anonymization script.
Option D still provides the greatest level of anonymization, though the random existing filename option would have the benefit of disguising the fact that you're using the anonymization script (this would perhaps be its greatest benefit).
Why not turn their shit into digital spaghetti instead?
Cooper Cooper
Reminder that this is a paid jewish shill. Reminder that it says every single image uploaded from a phone or tablet is magically a tracking device. Reminder that it’s a fucking lunatic who doesn’t know how filenames work. Report the spam every time you see it.
Ryan Ross
Any chance we can just get moderation to integrate an "anonymize" type option for posting? Which impacts both filename and hash. Sorta simplifies adoption and throws a big wrench into this entire tracking premise.
Isaac Smith
I'm surprised he didn't accuse you of shopping it
Aiden Rogers
Any chance you can shut the fuck up about things you don’t comprehend? It’s not a fucking tracking device. Here; have some images that you will scream autistically about because of their filenames.
How do people track me since I never post images, or webms, and my preferred insults change every few months?
Jonathan Mitchell
reminder this is what happens when you don't read the OP and mindless spam to derail the thread because your a jew calling other people jews
THIS IS NOT AND HAS NOTHING TO DO WITH THE JOAN IMAGE TRACKING SCRIPT This is literally the opposite of the joan image tracking script. every filename at the moment that comes out of this script when you use it would be flagged by the joan image tracking script, because it's using the iphone regex to create the filenames.
Cooper Mitchell
Read the OP you mouth breathing faggot, this script has nothing to do with the Joan GUID tracking hoax/hysteria. This script is prevents your posts from being tracked across threads/boards based on the filename and hash, a known security vulnerability.
You'll have to ask codemonkey to implement it: >>>/sudo/
Michael Powell
you're annoying. go away.
Owen Perry
So… explicitly acknowledges the existence of the shitposting AND is about it. Got it.
Not an argument. Eat shit, paid shill.
Thomas Myers
You glow in the dark.
Brandon Harris
Unless you want some site visitors to be tracked, you'd do the scrambling on the site or sub. full/pol/ isn't that high traffic on image uploads so should be doable.
Isaac Gray
-did CM have to go along with the naming convention big sister is attempting to achieve/catalog? -or, are the filenames we're seeing from big sister unique, as a result of she and her team of lardass, land whale plebbit glow in the dark nigger faggot volunteers posting them here?
Logan Bennett
8ch filenames are sha256 hashes the supposidly "joan" filenames are iphone filenames, which was proven with video evidence from multiple people with iphones. if you want to anonymize your images and prevent tracking the best way is to have those filenames blend in with everyone elses, which unironically is matching either the 8ch filename or the iphone filename scheme's. "fatnigger 25" does not blend in. If you create a regex to match 8ch filenames or iphone filenames your going to flag half of the site, which isn't useful.
the idea of this script is to have multiple regex's, I just need more examples of common filenames to create more regex's for them. it's already designed so that you can add your own. if you want it to spit out fuckjews_XXXX just add the regex.
Lincoln Reyes
THANK YOU OP! This is what I've been searching for a while now.
Through collecting texts for a year or two and analyze the texts for style, grammar, and content similarities. From these similarities profiles are created and a specific profile (i.e. a single poster) would be associated to certain posts that contain that profile. Also, a few months does jack shit, plus your insults may change, but the other stuff you type won't.
Robert Gutierrez
...
Jacob Garcia
I don't know, I'd say I'm pretty versatile. I like to think I change up my rhetoric enough to fly under the radar. I also don't harp on the same topic incessantly. I'll jump from topic to topic every few days to weeks. Basically the only realm I'm reliably in is right-wing. My tone will change, my rhetoric will change, my usernames change, my emails change etc. They could just track me through IP though, but I've never made myself a threat to anyone, so that would be a waste of time. Come to think of it, I only post on here and youtube. As the years go by my presence on the net gets less and less.
Jordan Ramirez
(1) they're going to know you used this script (2) they're going to use reverse image searches, not the hash
I already talked to you about all of this, you retard. I was the main one posting about developement in that thread. but, you insisted on charging along headstrong on your own without listening. well, guess what, have fun putting all the effort in on a userscript that doesn't work and that no one will use. congrats dumbass
Dylan Young
anyone who uses Overchan can go into preferences & tick pic related
More power to you mate. Style changes take a little practice and mental work. Either you're genius or you've been doing this for a while and have a decent system set up. I'd probably should start this as well. Everything worth doing and being in life is outside, away from the internet.
Carter Robinson
a regex for what this script puts out for filenames would also flag every single iphone/ipad poster. once I add the 8ch filename(sha256hash) it'll flag far more. it fits in far better than your Zig Forums folder filenames.
nothing can stop that if they're actually analyzing the images themselves, but it requires for more processing power and it requires having an archive of every single image posted on 8ch, which is expensive. meanwhile 8ch will give you every md5 and sha256 hash via the json api in 30 seconds, that is not expensive to obtain.
Colton Carter
So this is why you wont take it to Zig Forums? You can't get them to stop laughing long enough to tell you you're a fucking retard?
Juan Harris
4plebs has a limit but they have a copy of all their archives in Web.archive.org. Many many TBs We just need the image names. We can't make the hashes match obviously.
Yes have the script randomly pick a file name from a text file/array of previously used file names (similar to how 4plebs has the most used images stat)…..
Take an image, steg, rename it to a random old file name, (strip exif), and post.
Ian Scott
this script doesn't use that method, that's far easier to detect. this doesn't append data to the file, it actually steg's the image with random data encrypted with a random password (encryption is probably redundant but it felt wrong leaving the password blank)
Carter Cruz
i didn't think about that, that should be added to the script.
Jeremiah Perry
Exif is always forgotten until after you've pressed reply. Even though some boards strip most exif, you can still get the image maker used, or guess the device type it came from (if they didn't strip it already but why take that chance)?
Maybe even build a debug mode/feature that allows you to preview he image before submitting it. (Pops up a window showing the current EXIF, new filename & hash).
It would be annoying for every post but a nice debug/verify feature for the paranoid and devs.
Luke Adams
what happens when every user buys a burner phone to post the identical image with a unique filename, which is then assigned an 8ch unique hashable filename? … or … how about this? anons do not have to agree to anything, sign a contract, make a promise, etc … but they will for a specific period of time post the exact same image with a different name; where the image is slightly modified to make the image size different, with a completely unique name derived from the script? does this make sense to (You)? It makes sense to (Me). (((They))) say that they have unlimited storage capacity. Let's find out together. Let's do something historical. Let's do a DataStorm
Jack Hughes
Don't need a hosted DB if it's just a dictionary of the file names for sending their AI in goose chases.
Maybe even randomly spoof the exif data instead of just stripping every time?
Brody Bailey
Exactly mkay! You chicken-fried roast beef mkay pussy-looking fat lard ass cunt. Not that there's anything wrong with mkay, being a chicken-fried roast beef pussy-looking fat lard ass cunt mkay
Fuck off back to half, kike. You'll never be white.
Camden Stewart
kek
Caleb Rodriguez
pick one you infantile twit
lolno stupid
I already told you this was another one of the flaw in your logic, you fucking retard
EVERYONE IGNORE THIS AUTISTIC FAGGOT
Dylan Hernandez
Just hypothetical, would it become slower or faster to:
Have it upon opening the browser (or tab), create 10-100 transparent images with invisible dots randomized across it.
And then when a photo is selected to send, perform a merge/flatten the selected image with the generated transparent template which would effectively change the signature?
Similar to a command line image manipulation with irfanview, maybe even utilizing irfanview on the back end?
(Maybe too much and not possible or worthwhile, but just a thought)
Nathaniel Rodriguez
just ignore this autistic faggot. i spent hours and hours like a week or two ago going over all of this in a thread and actually doing some coding and he just ignores everything and runs off on his own doing his own dumb bullshit. he's a retard and no one is going to use his shitty javascript
Nolan Moore
All of these are probably AI posters. Same style and they always mail2sage while during a D&C tactic, calling everyone else a ((kike))
Adrian Allen
I've never seen this thread before shlomo, your code must be shit.
Did you have fun coding all of these?
Isaiah Russell
Don't worry he's got a bunch of qike reports to dismiss so he'll be occupied for a bit.
Austin Murphy
that's a good idea, would require far more javascript bloat but whatever, i want to make this as useable as possible.
Funny thing, I tried to make a thumbnail preview, 8ch's content security policy blocks it (can't assign an image source to a blob). The funny part is 8ch tries to generate a thumbnail too, and if you look in your browser's console logs, 8ch's (((content security))) policy blocks their own thumbnail javascript.
intentionally shitposting images is pointless. imagine how much storage it already requires to hold 6 months or years of every single thing posted on 8ch. a 3 day shitposting campaign would be nothing compared to that.
a dictionary of random filenames would be great to have available. it's getting it that would be the issue. the rate limit on 4pleb is terrible, and they're pretty good at blocking tor/vpn.
shut it down
this is sort of what a steg does. i don't see any point of randomly picking a file. creating a bot to shitpost on 8ch is totally outside of the scope of this project. it's possible via webext to use a binary back-end on the system, but calling external programs via userscript is not possible, unless it's a server or something running on localhost. i didn't want to make this a webext unless I absolutely had too, because i'm obviously not putting it on any pozzed app stores, and now that firefox and chrome require signature signing, it's a much bigger deal to sideload web extentions. you have to be running the dev version of the browser. luckily this was possible with a userscript, but a webext with a native backend would be much faster, you'll notice when it's stegging the image it locks the browser tab for a second or two.
i'm open to suggestions but the only thing coming from you is quit trying.
Nathan Rivera
mkay lel mkay. watch them twist n' shout. mkay
Jaxon Mitchell
WHAT?! You underestimate this thing called a 'Datastorm' tho. They have unlimited storage capacity? They can easily only review certain information? They can delete info that does not fit their sampling? Their AI/Al Gore Rhythm is smarter than a chan?
Shitposting campaign for three days would mean nothing because they would just edit out those posts from their DB, or quarantine those days.
(There are dates/times associated with the posts for referencing.. that's the whole point in the security opening)
Jace Rogers
sage
David Wilson
Sounds legit. We should all listen to Kyle; the jew faggit who knows about shit even tho he's a jewfaggit
Lucas Campbell
A smart … nay … an intelligent program does not simply fake filenames but dates, times, file sizes, exif data, ….
Think like a jewnigger. What would a jewnigger do? Three days when? During the 1970's? During the 2050's? AI the fucking AI. Please! Someone with the ability to majorly mindfuck the mindfuckers step in now to do codemajic. This is not a complicated concept
Christopher Martinez
I remember this being a result of iPhone posting, user proved it in one of your threads.
Please stop spreading disinformation
Kayden Hernandez
i didn't know they did that, thanks. it's even in an easy to parse format. that's definitely the way to get filenames. even once I shitfilter for filenames though it's still going to be massive. would probably have to use the browsers local storage, which means more front-end and there would have to be atleast 1 manual data import.
someone cross-posted from 4chan about strange filenames, and some fat cunt talking about tracking anons. the filenames look like what this script is shitting out now, they're all unique id's. After two threads of paranoia it was brought up that these are iphone filenames and proof was posted in the form of screen recordings from multiple user's with iphones. turns out there's a lot of anons with iphones or shills are posting with them, either way there's nothing strange about them except they're coming from iphones. joan is still a cunt but there's likely no sinister plot, these filenames are not unique to joan.
if you actually read the OP this script does literally the exact opposite. filenames uploaded by this script will appear to be iphone filenames, because it's the best regex going at the moment to blend in and make tracking via filename difficult. additional regex's will be added once more filename conventions are identified.
Jaxson Hall
Not necessarily, read the notes for Option D: If the filename generated sufficiently emulates the filenaming pattern of another common image filename pattern, there's no way to tell this script was used.
Then they're going to find every instance of the image ever posted, which is a huge set of posts, the vast majority of which you did not make (assuming anyone has ever posted the same image). The purpose of the script is to disassociate the image you upload with previous posts made by yourself that included that same exact image.
It works and people are already using it. You seem overly emotional over something that you think won't even work, Chaim.
