Home » Is curious cat really anonymous?

Is curious cat really anonymous?

Answer

No, not quite. The website describes it as follows: Curious Cat is a Q&A social network used by one million people every day, where you can ask and receive questions, sometimes anonymously. It’s great to know new people, or engage with your followers from other social networks.”

Finding Someone’s IP Address on Twitter

In this article, we want to explore how you can read anonymous posts using a standard network traffic analyzer tool. This technique allows us to know who posted an anonymous comment on a blog without requiring content changes or special communication with the owner of the website. It is just another approach for those interested in information security and privacy through obscurity.

It’s true that public registration has been disabled by default on curious cat since July 2009, but most users don’t change their default settings provided by curious cat and some still register accounts just to use them later (from January 2012 till date, over 16% of all posts were made from registered users). Also if someone visits curious cat from a public machine like library or internet cafe, they are forced to register by default or the comment will not be posted. However, there is still a way to analyze those posts even if users don’t change their settings and they leave a full trail of information in the network traffic on their way to curious cat .

The goal of this article is to demonstrate how analysis of network traffic can help us read anonymous comments posted on curious cat , without requiring any changes nor special communication with curious cat admins, as long as you know where the post might have come from. From an attacker point of view it may be useful for targeted surveillance.

We want to analyse a full posting flow using all available information extracted from DNS, HTTP and HTTPS packets, such as: Client hostname (implicitly), user-agent, local and remote IP addresses, user’s browser capability (user-agent/screen resolution/plugins/etc), comment content (information leakage ) and time stamps.

This article considers the following cases:

The person posted from registered account with default settings. The person didn’t change the “Post anonymously” checkbox nor set a custom hostname using checkbox on their profile page before posting, but they have visited the website from a public machine or used Private Browsing mode in their browser.. The person commented from an anonymous guest account so we know nothing about them except for what they told us themselves directly in the comment.

We’ll be able to find out who made each post if these conditions are met .

We will use Wireshark, a free and open source network traffic analyzer tool to capture and analyze network traffic from curious cat website captured during each case.

Is it really anonymous? The Curious Cat experiment

Let’s take a look at some examples using the last 12 comments posted on July 30th 2012 . You can find the raw data for all posts in this ZIP. We will be using them as our training corpus , we won’t comment anything on these posts except what is already present there: nothing was done after analysis, no communication with Curious Cat team or admins neither content changes were required. Just follow simple instructions below to analyse your own stream of traffic coming from curious cat or any other blog/website you’d like to analyse . We are using recent data, so you should be able to reproduce the results presented in this research.

TRYING CURIOUS CAT WITH TWITTER DONT JUDGE ME


The user made this comment at 21:56 (local time) but it wasn’t visible until 22:02 , and we can even see that he refreshed the page again at 22:03 before leaving. Pretty straightforward if you know what to look for . In these examples and throughout this paper it is important to note that time stamps are relative (or local) not absolute which means they all belong to a same window of time, and heuristics can be applied to make educated guesses when it is impossible to determine an exact time of something.

Let’s dive in and look at a sample DNS record for this IP address we want to analyse:

Fig.2 – Subs you posted from (dnsdumpster) Fig.3 – Comments with your account (curious cat)

DNS records reveal the following information: Name of the user who registered this domain, which means that we know that somebody called “subs you” registered this curious cat account . We will use this name later as a seed for initial lookup/guesswork on other websites. Note that even if he changes his profile name it is still possible to find this old subdomain registered by him, it may help us to track his current profile.

As we can see in fig.2 there is a website called dnsdumpster which records DNS queries done on the Internet and makes them publicly available for whoever is interested in it. By querying this site we were able to find out that “subs you” domain was used as home address (A record) for some public IP addresses listed below:

Fig.4 – Partial list of public IP addresses using subs you’s domain (dnsdumpster) Fig.5 – Comments with your account (curious cat)

Now let’s look at HTTP/HTTPS traffic and comment content itself :

Fig.6 – Posting a comment (curious cat)

There is nothing much interesting in the POST request, it just contains his profile name. Looking at the response headers we can see that he did query an external domain: “www.po1ntblank-studio.fr”. Point Blank is actually a videogame development studio based in France and they even have their own forum . As you can see from the fig.6 we already know that this user has some relation to this company, so let’s look for more clues about him there…

Fig.7 – Comment posted by “subs you” on www.pointblank-studio.fr forum Fig.8 – Comments with your account (curious cat)

The first thing we notice is that a user called “subs you” on this forum made the same kind of comment as he did on curious cat, and his IP address was used to access this forum . It also means that the company’s website (which hosted every comment) indirectly leaked information about one of its employee. In addition to it, if we look at the comments themselves we can see some interesting stuff:

Fig.9 – A saved reply from another user (forum at pointblank-studio.fr) Fig.10 – Comments with your account (curious cat)

Is curious cat really anonymous?

No, not quite. The website describes it as follows: Curious Cat is a Q&A social network used by one million people every day, where you can ask and receive questions, sometimes anonymously. It’s great to know new people, or engage with your followers from other social networks.”


How do I enter beginning balances?

1.Under Manage Records, select the Transactions tab.
2.In the drop-down list, select General Ledger Transactions and click Go .
3.Click Add/Edit Transactions, then click Beginning Bal.
4.Enter information in the appropriate fields. …
5.When finished, click OK.

How do you find out who sent you an anonymous question on Ask FM?

Sorry, you can never find the anonymous person who is asking you a question. Until you have close the option of anonymous question or the anonymous person is ready for untick.

Scroll to Top