Ways of de-anonymization of community leaders and Vkontakte applications
All the described methods were sent to Vkontakte via hackerone, but Vkontakte decided that these methods are not problems. The decision was made 6 months after changing the status of the report to Triaged. I tried to convince, but did not see the answer.
Many of the links shown will not work for you, since they are different for everyone.
On the community video page there is a “Downloaded” tab, which displays only videos downloaded from a computer. If community videos are limited, the Downloaded tab shows the videos that executives downloaded. The problem is that direct links to videos contain the bootloader ID. By looking at identifiers you can de-anonymize managers.
An example on the created community: vk.com/club143400909
')
It is also possible to deanonymize the head of the cover from a video from another source (youtube, rutube, etc.). The link to the cover contains the identifier of the first uploader of this video on vk.com, i.e. this method can be deanonymized only if you know that the video was uploaded by the manager and he was the first. This could be the result of a contest or something else.
The problem is the same. A direct link to the audio record contains the loader ID. Nowhere is it displayed, the audio recording is added from the search or downloaded from a computer, therefore, this method can be deanonymized only if the supervisor has downloaded the audio recording. Such audio recordings can be distinguished (recording of ether from the radio, etc.).
An example on the community vk.com/meduzaproject
Direct link to the document contains the loader ID. Knowing that the document uploaded by the supervisor can be deanonymized. Many people upload information about contests and group rules.
If the document is an image, then you can de-anonymize for a small copy.
This method can be combined with other methods. A direct link to the downloaded image contains the end of the bootloader ID. You can get a list of all community members and select those who have the same end. If the community is small, then most likely the result will be 1 page, if it is large, then a few, but there will definitely be a leader. You can also de-anonymize the author of the post if the post has a downloaded image. If the community is large and as a result of the selection there are a lot of identifiers, then you can get a list of clicking “I like” entries and select them (all of a sudden the author clicked).
In the application settings, you can download the 16x16 application icon, which, after downloading, receives a link that contains the admin page identifier. The link to the icon always displays the identifier of the main administrator, even if the icon was loaded by a non-principal administrator, and another user is a manager with rights. Also, by opening the application administrator, you still open the application community manager, since the group in the application settings can be set up if you are the manager in it.
Reference: pp.userapi.com/cDigits/uAdministrator_ID/name.gif
Many of the links shown will not work for you, since they are different for everyone.
Deanonimization of community leaders
Through videotapes
With limited access, only editors and administrators of the community can add new videos.
On the community video page there is a “Downloaded” tab, which displays only videos downloaded from a computer. If community videos are limited, the Downloaded tab shows the videos that executives downloaded. The problem is that direct links to videos contain the bootloader ID. By looking at identifiers you can de-anonymize managers.
An example on the created community: vk.com/club143400909
')
We pull a direct link or hls-stream to the video: vk.com/video-143400909_456239017
Direct link: cs632300.userapi.com/4/u237115941/videos/5115525024.240.mp4
Hls stream: cs632300.userapi.com/video/hls/4/u237115941/videos/5115525024/index-f1-v1-a1.m3u8
We see that the head - vk.com/id237115941
An example on the community: vk.com/meduzaproject (they allowed)
Video recording: vk.com/video-76982440_456239236
Direct link: cs632603.userapi.com/1/u1564856/videos/84c5da2b5a.240.mp4
Head: vk.com/id1564856
Video recording: vk.com/video-76982440_456239231
Direct link: cs632606.userapi.com/3/u464017/videos/7ec04da5ac.240.mp4
Head: vk.com/id464017
In total, 4 managers were found for all video recordings.
It is also possible to deanonymize the head of the cover from a video from another source (youtube, rutube, etc.). The link to the cover contains the identifier of the first uploader of this video on vk.com, i.e. this method can be deanonymized only if you know that the video was uploaded by the manager and he was the first. This could be the result of a contest or something else.
Video: vk.com/video-143400909_456239018
Link to the cover: pp.userapi.com/c836123/u237115941/video/l_5881cb5e.jpg
We see that the head vk.com/id237115941
Through audio recordings
The problem is the same. A direct link to the audio record contains the loader ID. Nowhere is it displayed, the audio recording is added from the search or downloaded from a computer, therefore, this method can be deanonymized only if the supervisor has downloaded the audio recording. Such audio recordings can be distinguished (recording of ether from the radio, etc.).
Audio recording in the community vk.com/club143400909 : Melodies - Karelo-Finnish polka
Direct link: psv4.userapi.com/c815220/u237115941/audios/eb9137fb510b.mp3
We see that the head vk.com/id237115941
An example on the community vk.com/meduzaproject
Audio recording: “Medusa” - How to find out how much Sobyanin's “wine glasses” cost?
Direct link: psv4.userapi.com/c613316/u1564856/audios/1cb08ff13792.mp3
Head: vk.com/id1564856
Through documents
Direct link to the document contains the loader ID. Knowing that the document uploaded by the supervisor can be deanonymized. Many people upload information about contests and group rules.
An example on the created community vk.com/club143400909
Document: 1.ts
Direct link: cs7064.userapi.com/c812339/u237115941/docs/c134bbccadba/1.ts
If the document is an image, then you can de-anonymize for a small copy.
Document: G.png
Link to a small copy: pp.userapi.com/c812235/u237115941/-3/m_56c1679b77.jpg
We see that the head vk.com/id237115941
At the end of the identifier
This method can be combined with other methods. A direct link to the downloaded image contains the end of the bootloader ID. You can get a list of all community members and select those who have the same end. If the community is small, then most likely the result will be 1 page, if it is large, then a few, but there will definitely be a leader. You can also de-anonymize the author of the post if the post has a downloaded image. If the community is large and as a result of the selection there are a lot of identifiers, then you can get a list of clicking “I like” entries and select them (all of a sudden the author clicked).
Direct link to the group picture: pp.userapi.com/c836123/v836123941/2362f/5TA-jc1s8Q0.jpg
End ID: 941
The head of the community vk.com/id237115941
Direct link to the cover of the community vk.com/meduzaproject :
cs7064.userapi.com/c639129/v639129017/92f9/itZoAG-k1GQ.jpg
End ID: 017
Head: vk.com/id464017
Deanonymization of the main application administrator
In the application settings, you can download the 16x16 application icon, which, after downloading, receives a link that contains the admin page identifier. The link to the icon always displays the identifier of the main administrator, even if the icon was loaded by a non-principal administrator, and another user is a manager with rights. Also, by opening the application administrator, you still open the application community manager, since the group in the application settings can be set up if you are the manager in it.
Reference: pp.userapi.com/cDigits/uAdministrator_ID/name.gif
Source: https://habr.com/ru/post/325840/
All Articles