- Oct 19, 2018
- 186
- 50
Changing your online identity back and forth is an important skill BHatters obtain through
1)Trial and Error
2)Research
3)Mentorship and Peer Reviews
I wanted to create this thread so we can all share exactly what is detected, ways around it, and what we've all learned from trial and error.
So from my years of experience pertaining to the topic, I will provide my own 2 cents on it, my own method, and periodically update on the topic upon new discovery.
:My 2 Cents:
Although it is a much needed skill, it is strongly dependent on which platform you are trying to bypass as they have different security measures in place.
In this thread, I will be targetting Paypal as from my own experience, they have proven to have one of the strongest if not THE strongest security measures.
The identifiers that Paypal look at is way more detailed than platforms such as Google, Microsoft, and even some Banking Providers.
When it comes to IP, this in my opinion, is the easiest to evaluate and produce. To skip most of the intro to IP and its correlation to online identity, it is quite simple, just get a residential proxy (it does not need to always be static as IPs nowadays are dynamic as long as you're using residential proxies from the same city).
The more important parts of IP is making sure it does not leak as there are many leakable sources on your browser. Java, Flash, Canvas, WebRTC, even your Browser's version. This can all be fixed with a few changes in your browser and plugins or add-ons.
Paypal uses all this to evaluate the risk, including cookied IP and DNS.
:My Method:
This method may not be usable for many because of the resources needed, but because Paypal looks at your HDD #, it becomes extremely difficult to maintain a sustainable account.
Which is why I create Windows 10 VMs that only connect to residential proxies of the city I need. This method is simple and allows bypass of Device Identitifers, IP Identifiers, and Browser Identifiers.
Another method is to get a new phone just to hold accounts and use your service provider, never connecting to wifi. Although this is full proof, I would only recommend doing this if you have multiple accounts to manage, such as Paypal, Adwords, Ebay, etc.
:To be Continued:
My next update will hopefully be within this week or the next, as I will list all the Device Identifiers that I currently know of and how to bypass them all.
I hope this helps you and inspires you to contribute to the thread where I have lacked.
1)Trial and Error
2)Research
3)Mentorship and Peer Reviews
I wanted to create this thread so we can all share exactly what is detected, ways around it, and what we've all learned from trial and error.
So from my years of experience pertaining to the topic, I will provide my own 2 cents on it, my own method, and periodically update on the topic upon new discovery.
:My 2 Cents:
Although it is a much needed skill, it is strongly dependent on which platform you are trying to bypass as they have different security measures in place.
In this thread, I will be targetting Paypal as from my own experience, they have proven to have one of the strongest if not THE strongest security measures.
The identifiers that Paypal look at is way more detailed than platforms such as Google, Microsoft, and even some Banking Providers.
When it comes to IP, this in my opinion, is the easiest to evaluate and produce. To skip most of the intro to IP and its correlation to online identity, it is quite simple, just get a residential proxy (it does not need to always be static as IPs nowadays are dynamic as long as you're using residential proxies from the same city).
The more important parts of IP is making sure it does not leak as there are many leakable sources on your browser. Java, Flash, Canvas, WebRTC, even your Browser's version. This can all be fixed with a few changes in your browser and plugins or add-ons.
Paypal uses all this to evaluate the risk, including cookied IP and DNS.
:My Method:
This method may not be usable for many because of the resources needed, but because Paypal looks at your HDD #, it becomes extremely difficult to maintain a sustainable account.
Which is why I create Windows 10 VMs that only connect to residential proxies of the city I need. This method is simple and allows bypass of Device Identitifers, IP Identifiers, and Browser Identifiers.
Another method is to get a new phone just to hold accounts and use your service provider, never connecting to wifi. Although this is full proof, I would only recommend doing this if you have multiple accounts to manage, such as Paypal, Adwords, Ebay, etc.
:To be Continued:
My next update will hopefully be within this week or the next, as I will list all the Device Identifiers that I currently know of and how to bypass them all.
I hope this helps you and inspires you to contribute to the thread where I have lacked.