"Uh oh, Subaru's balls might trend"Nekomata Okayu
  • ~1 Week Remains: Local fans of a certain pink lagomorph mold golem are attempting to finalize an anniversary project for her. Last call for contributers & artists, etc. No yabbits allowed.
  • !!!!READ THIS NOW!!!!


    What is hopefully the final server backup has been implemented. I am now starting the closure process of this forum. Main boards will now be locked. The Proctor's Office will remain up solely for technical feedback. Go to the new site in order to post. Barring catastrophic problems, this cloud-based version will close on the 9th of July.
  • IMPORTANT: Users from Russia may need a VPN to access the new server. I need more data to diagnose this problem. Contact me here or on Discord if you have been blocked, so I can tell you what you need to do.

OpSec for Vtubers and general Online Privacy

uquusquad

creator, innovator, artist, idea
Early Adopter
Joined:  Sep 10, 2022
Over the last few years there have been a multitude of vtubers that have managed to facedox themselves, their colleagues, expose their alter ego or just reveal sensitive and/or embarrassing information about themselves in general. The majority of these blunders or "yabs" are usually the result of bad Opsec - Operational Security, and not taking necessary precautions. Notably the Rushia X Mafumafu shitstorm could have easily been avoided with but a bit of Opsec .
This thread is for sharing advice and discussing best practices for maintaining your online privacy and preventing yabs on stream.
I believe non vtuber or streamer related online privacy and security advice should also be discussed here as these topics do overlap.


Lets go through a hypothetical example to illustrate the importance of opsec:
How small blunders can reveal your full doxx ( your name, face and address)
"Oh nyo, I accidently showed my email address on stream! Big deal, what is the worst that could happen?"
Well someone might just take your email address and punch it in here https://haveibeenpwned.com/ .
Now my dear reader did you use a real alter ego email? You didn't use that email to register for any other websites like Twitter, Facebook, Linked in or any games right?
Because these sites might have gotten breached and some info from these site might be out in the public (such as: Browser user agent details, Email addresses, IP addresses, Passwords, Purchases, Usernames, Website activity)
Maybe you were/ are unlucky and you have indeed been pwned ( I suggest you test it out right now, and if you are maybe change up passwords or something lol)
Step two would be to look into actual leaked databases such as https://snusbase.com/ the site may track you, someone recommends using crypto to avoid this(?)
Did you use a different password and/or username for every account on every website you frequent? If no - you are basically fucked, because someone autistic will try to use the leaked password on every known account you own and every account you may own or has a similar name as your username on every damn website imaginable.
And suddenly your linked in, your face, address and name ends up in a thread on kiwifarms. And the worst part is that the person who doxxed you might not even by a hater or malicious actor, he might just as well be an obsessed fan or more likely someone who is just bored and who did it cause he could.
Does this sound alarmist? But that is what has happened to some vtubers discussed in the general thread.


Useful resources
This guide is a good starting point for any vtuber with no idea what opsec is:
This is list of excellent privacy tools :
An excellent privacy guide:
 
Last edited:

The Proctor

Manager Arc Unlocked?
Staff member
Joined:  Sep 9, 2022
The ultimate opsec for a vtuber is closing down every application besides the game and the streaming software and only interacting with chat or non-streaming software on another device entirely.

Stop accidentally showing your private Discords on stream, guys.

And STOP using OBS to capture your entire screen. CAPTURE SPECIFIC WINDOWS ONLY. IT'S NOT THAT HARD.
 
Last edited:

electronic elephant

"I am uncontrollable. I cannot be managed."—Vesper
Early Adopter
Joined:  Sep 10, 2022
Also, you should create a new account on your computer to use only for streaming. People have accidentally revealed information because of filenames on their desktop or in Windows Explorer. The best way to stop that from happening is to make sure there are no sensitive files available to be revealed.

(Off the top of my head, a couple of examples are: Fauna's file paths confirming her past identity as lemonleaf, and Nijisanji-nipple-bro Lauren's file names revealing he pirated porn.)
 

agility_

We have some serious streams to discuss 🔨
Early Adopter
Joined:  Sep 14, 2022
And STOP using OBS to capture your entire screen. CAPTURE SPECIFIC WINDOWS ONLY. IT'S NOT THAT HARD.
I thought about this one, I think it was Amiya Aranha who mentioned OBS and dosbox and other programs "don't get along" so that bit of advice doesn't work all the time.
 
Last edited by a moderator:

Godzilla1984

Well-known member
Early Adopter
Joined:  Sep 12, 2022
I thought about this one, I think it was Amiya Aranha who mentioned OBS and dosbox and other programs "don't get along" so that bit of advice doesn't work all the time.
You'd be surprised what website-side software can run in the OBS Browser.

Edit:
Their best X of Y year posts for VPN's and the like are good.
 
Last edited:

Fucking YTs

I just want to annoy people in peace.
Early Adopter
Joined:  Sep 11, 2022
You'd be surprised what website-side software can run in the OBS Browser.

Edit:
Their best X of Y year posts for VPN's and the like are good.
I've used Private Internet Access, NordVPN, Adguard VPN, & ProtonVPN. The only one I can safely recommend is ProtonVPN, it's way more expensive (or at least it was), but it was the only one to kept up with my 1 gigabit connection reliably. It also has good practices.

All of them are "OK", I'd just try and keep an eye on ever changing privacy practices and if it can keep up with your Internet speed.
 

Kazuma

Well-known member
Early Adopter
Joined:  Sep 10, 2022
I've used Private Internet Access, NordVPN, Adguard VPN, & ProtonVPN. The only one I can safely recommend is ProtonVPN, it's way more expensive (or at least it was), but it was the only one to kept up with my 1 gigabit connection reliably. It also has good practices.

All of them are "OK", I'd just try and keep an eye on ever changing privacy practices and if it can keep up with your Internet speed.
Mullvad and Windscribe are really good. Mullvad is 5 euro a month and right now you can get 3 years of Windscribe Pro for $69 on StackSocial.

Found a tool called Dangerzone. It lets you convert a unsafe file into a safe pdf.

Also found a metadata cleaning tool called exifcleaner
 
Last edited:

Saelith

inundated retardation
Joined:  Sep 20, 2022
I've used Private Internet Access, NordVPN, Adguard VPN, & ProtonVPN. The only one I can safely recommend is ProtonVPN, it's way more expensive (or at least it was), but it was the only one to kept up with my 1 gigabit connection reliably. It also has good practices.
mullvad is pretty decent aswell, though they may be a honeypot considering how weirdly they operate.
 

Banana Hammock

Born to Sneed
Early Adopter
Joined:  Sep 9, 2022
I've used Private Internet Access, NordVPN, Adguard VPN, & ProtonVPN. The only one I can safely recommend is ProtonVPN, it's way more expensive (or at least it was), but it was the only one to kept up with my 1 gigabit connection reliably. It also has good practices.

All of them are "OK", I'd just try and keep an eye on ever changing privacy practices and if it can keep up with your Internet speed.
Does it really? From what I can find online, ProtonVPN has pretty average max speeds, compared to some others. Not that I can speak from experience, since I "only" have 100 mbps download speeds.
 

The Rrat

Phoneposting, Rat-loving menace
Early Adopter
Joined:  Sep 9, 2022

Saelith

inundated retardation
Joined:  Sep 20, 2022
WDYM by this?
Mullvad says they keep logs for 3 months
They accept several different ways of payment that are anonymous/pseudonymous
And they dont use emails (except for recipts) or passwords, just account numbers you input into their client/openvpn rsa keys
And they dont do the anonymity grift

I feel like its too good to not glow a little
 

Banana Hammock

Born to Sneed
Early Adopter
Joined:  Sep 9, 2022

Lesbian Solid Snake

Pettan Hag Supremacy
Joined:  Sep 19, 2022
Is it necessary/ a good idea to have a separate steam account for streaming? Some games I've noticed show your steam username when you open up the menu and I don't particularly want to change my steam name and have my normie friends ask questions. But I suppose it's better for opsec to make a new one
 

Hff201

Pippa Fan, Failed Normalfriend
Early Adopter
Joined:  Sep 13, 2022
Is it necessary/ a good idea to have a separate steam account for streaming? Some games I've noticed show your steam username when you open up the menu and I don't particularly want to change my steam name and have my normie friends ask questions. But I suppose it's better for opsec to make a new one
Absolutely, even if you change the name on the account it's likely you have some kind of baggage tied to it that'd give you away, like an old review or a piece of in-game content. I imagine having a separate account for the vtuber persona would also make things like multiplayer streams easier as you won't have to give out a personal account to viewers who want to play with you.

Speaking of games showing Steam names on-screen (and since it's the spooky season), I feel I should mention The Dark Pictures Anthology games do this on the title screen. If you're a chuuba lurking who's thinking of streaming them for Halloween this'll be something to think about.
 

PassiveUnaggressive

Well-known member
Early Adopter
Joined:  Sep 9, 2022
Is it necessary/ a good idea to have a separate steam account for streaming? Some games I've noticed show your steam username when you open up the menu and I don't particularly want to change my steam name and have my normie friends ask questions. But I suppose it's better for opsec to make a new one
Steam family sharing, no need to buy most of your games again
 

Johnny Jambalaya

BlueSharkTV alt account
Early Adopter
Ward Security
Joined:  Sep 15, 2022
Steam family sharing, no need to buy most of your games again
I know there are a few games that don't play nice with Steam family sharing but I assume this is what most vtubers use.
 

uquusquad

creator, innovator, artist, idea
Early Adopter
Joined:  Sep 10, 2022
found this article titled "How to Protect Yourself as a Streamer: Privacy on Twitch"
https://archive.ph/TsfL9 .
It goes over many things already mentioned in the guide above, although there are a few basic tips worth pointing out to anyone new to streaming, I believe - (even if they are quite obvious):
- don't click on every link - it could be an IP -logger/ grabber
- don't let alexa dox you like for example asian andy
- don't react when someone reveals personal info about you in chat, have a policy to remove anything that looks like personal information about any person
- when you share your screen you can use the brave browser to disable third party cookies, ads and other stuff to avoid geo-targeted ads and some other things.


Also if you are a vtuber and want to do a handcam stream, a cosplay stream , a cooking stream or a whatever stream, and the camera only shows your body from your neck or chest down ...
DO NOT
UNDER ANY CIRCUMSTANCES
PERFORM A NARUTO RUN!

 
Last edited:

IonProxy

God's Strongest Emmote (Emmperially Bestowed)
Joined:  Apr 26, 2023
Reviving this thread to add some not-so-vtuber related but still very welcome content about privacy
About a week ago, Michael Bazzell, ex-glowie and (to my knowledge) one of the few people on Earth that are able to completely disappear from the face of the internet on a whim, has done just so. He had a podcast in which he discussed various privacy and security topics, the soundcloud of this podcast is now completely scrubbed off. Thankfully, you can still download his content through this gofile link, this torrent file or the magnet link below. Each episode's accompanying notes still persist on the website.
Code:
magnet:?xt=urn:btih:3c21f5f3a8e4fe2319617c9df6548b02ecab20ac&dn=The%20Privacy%2c%20Security%20and%20OSINT%20Show%20-%20Ep%20001-305&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80&tr=udp%3a%2%2ftracker.opentrackr.org%3a1337%2fannounce

e: if the links don't work, please tell me so I can update them
Additionally, here are some of the author's books that might help start your journey towards better privacy
These books are easily found online but I reckon a quick link is better than their godawful download speeds
- OSINT Techniques
- Extreme Privacy : Mobile Devices
- Extreme Privacy (more US-centered than the former)

Now allow me to indulge in my favorite pastime : being a paranoid schizo
You already made a password manager and it handles all your password needs, right ? Humor me for a sec and wear this tinfoil hat...What if someone has access locally or remotely to your password file and bruteforces access to it, what then ? A catastrophy is sure to ensue. The malicious actor has access to every account you have on that file. Is there a remedy for it ? Well, I wouldn't pitch this like a jew if there wasn't...
The answer is salting your passwords
Lemme provide an example:
Suppose your favorite password you've been using since you were online is dragon123
let's also suppose your random generated password is nhud1i1D7WMg9kOx
you store the random generated password in your manager, but when comes the time to register to your favorite furry website, you input the password as

dragon123#nhud1i1D7WMg9kOx

the first part is a password you can always remember, it's the salt
the second part is a separator you chose, it's constant and easily memorable as well
the third is the actual password you have in your manager
This way, whoever get's a hold of your master file doesn't have your password, since you're merely storing one part of the entire thing. This method is also used when storing passwords in databases, mostly known as hash salts.
 
Last edited:
Top Bottom