07/06/2013

facebook does not test its code sufficiently and has leaks as a consequence

Facebook blamed the data leaks, which began in 2012, on a technical glitch in its massive archive of contact information collected from its 1.1 billion users worldwide. As a result of the glitch, Facebook users who downloaded contact data for their list of friends obtained additional information that they were not supposed to have.
http://mobilebeta.reuters.com/facebook-admits-year-long-d...

so if you read this, you think, how is it possible that they didn't see this during the testing of their code and their functionality, if those tests would have been done as they should have been done, than they should have seen it and there wouldn't have been a bug

and secondly how do they know how many numbers and addresses were inappropiately downloaded and how can they put a specific number on it - except if they can see who downloads how much contactdata and from who (a scary thought for privacypeople but Facebook is scary)

Permalink | |  Print |  Facebook | | | | Pin it! |

privacymovie : enemy of the state

the guy is a bit paranoid but the main rule he lives by is that nothing should be used of the digital or other infrastructure so that no traces are left

google search site:youtube.com enemy of the state full film

one example

Permalink | |  Print |  Facebook | | | | Pin it! |

Turkey wants to forbid fake accounts on facebook and twitter

Deputy Prime Minister Bekir Bozdağ said many fake accounts had been set up and that this should be prevented. “If someone is opening up an account, everybody should know the person who opened the account. When we look into the recent incidents, there are many fake accounts opened for someone else. They don’t know this. Tweets are being sent from those accounts. Provocations are being done against people. To avoid all these things, there are some regulations being made to make this place used correctly. Regulations will be shared with the public when the time comes. There will be investigations about what kind of preventive measures are taken into consideration both in Turkey and internationally,” he said.

http://www.hurriyetdailynews.com/fake-social-media-accounts-to-be-prevented-turkish-deputy-pm.aspx?PageID=238&NID=49189&NewsCatID=338

this is like China and Iran, real examples of virtual or real democracy worthy of a country that wants to become a member of the European Union

use a proxy and log in your social accounts from another country, so when the providers are obliged to adapt those laws (or being threatened with closure) they can not enforce these rules on you because you seem to be logging in from somewhere else (place another country in your profile (and city and language)

you are a virtual exile in fact

Permalink | |  Print |  Facebook | | | | Pin it! |

Turkish government wants to ban Twitter

“Twitter doesn’t have a legal basis in Turkey. They take ads but they do not pay tax in Turkey. It should establish a company compliant with the Turkish Commercial Code, like Facebook and YouTube,” the ministry officials told daily Hürriyet. Protestors are being held in custody for “inciting riots and conducting propaganda” on Twitter, and these custodies have been criticized as being contrary to the law. Amid these disputes, the ministry has indicated it is likely to examine Twitter’s activities in Turkey more closely.
http://www.hurriyetdailynews.com/twitter-to-be-adjusted-a...

If you can't beat them the legal way, than you can try to beat them where it hurts most, in their business

so the Turkish government is blackmailing Twitter because they were not only being used to coordinate the protests but they were the main communication channel during the protests and they aren't getting the identities of even the people who were arrested

remember this country wants to become a member of the European community and should therefor respect the European convention on Human Rights

Permalink | |  Print |  Facebook | | | | Pin it! |

07/05/2013

China can see any encrypted connection or file on its infrastructure according to stratfor

stratfor which lost all of its memberfiles and emailboxes to antisec-lulzsec in their latest enormous hack (although it was commandeered through a FBI informer Sabu) was-is the biggest private CIAlike operation on a worldwide scale (although most of her contacts don't necessarily know they are involved in such an operation because it looks like business-intelligence/consultancy except those that are paid for their information or invited to conferences around the world)

INSIGHT – CHINA – Cloud Computing – CN64

Date 2011-02-15 20:51:29
From michael.wilson@stratfor.com
To analysts@stratfor.com
Others Listname: mailto:analysts@stratfor.com
MessageId:
InReplyTo: 4D5ACE22.2000406@stratfor.com

Text
**In response to what we just wrote on the CSM

SOURCE: CN64
ATTRIBUTION: Professional hacker
SOURCE DESCRIPTION: Owns his own internet security company that consults
with companies globally including China
PUBLICATION: Yes
SOURCE RELIABILITY: A
ITEM CREDIBILITY: 1
DISTRIBUTION: Analysts
SPECIAL HANDLING: None
SOURCE HANDLER: Jen

In concept this article is factually correct that it is possible (although
the word “clouds” is probably not ideal – “cloud network” is better).
Some might say things like “Well we only use SSL/TLS connections to the
machines, and we have XYZ security in place to prevent direct tampering.”
The problem is if the site is located within China, the Chinese
governments can still intercept and see SSL/TLS encrypted traffic because
they have root certificates in the browser. Once something is in the
physical hands of the enemy there is virtually nothing that the end
company can do. That is especially true if they manage the infrastructure
and don’t just provide hosting. Overall I think it’s a bad idea for
everyone but China. But I’m sure they’d say the same regarding the NSA’s
spying activities, https://www.eff.org/nsa/hepting So it’s a bit like the
pot calling the kettle black.


Jennifer Richmond
China Director
Director of International Projects
richmond@stratfor.com
(512) 744-4324
http://www.stratfor.com

Related Links:

http://wikileaks.org/gifiles/docs/1126742_insight-china-cloud-computing-cn64-.html

Permalink | |  Print |  Facebook | | | | Pin it! |

06/22/2013

the 200 internetcable interception echelon spynetwork and P2P traffic

We hear every so many days that the P2P download traffic on the web is more than half, that cables and services are breaking down because of it and so on

well the first really objective numbers are now possible because there has never been such a filtering and intercepting operation on any scale every before (and it wouldn't even be legal to do it - except by extra-legal services under the umbrella of antiterrorism)

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%.
http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secr...

for administrators of big networks this also shows that you can reduce your traffic with at least 30% if you block this kind of traffic (which means no upgrades of proxies, firewalls, monitors, routers, antivirus, backup, ......)

Permalink | |  Print |  Facebook | | | | Pin it! |

04/25/2013

#belgoleaks first set sent

passwords

open servers

lists of users

open configuration settings

cert and privacycommission (not everytime) have been informed

the first set is gone

next week we will start publishing some of them

others will be archived in the leaks or insecure belgium lists

there are also fundamental questions that we have asked

Permalink | |  Print |  Facebook | | | | Pin it! |

04/24/2013

follow the small #belgoleaks

we will not send masses of mails to the cert and the privacycommission

we will send a few mails in which several problems or findings are taken together

but the small daily belgoleaks in which you will find

* old published emails and logins from Belgians (for example on pastebin)

* listings of emailadresses that are published

* information that is available in txt format while normally you should have to copy it one by one

* interfaces that we shouldn't see

* adresses and other information that people seem to have given themselves

* websites that are hacked

* non strategic websites with no ssl protection or one that is badly configurated

* websites that are not falling under the Belgian jurisdiction even if many Belgians use it

* dataleaks with only a few belgians

and so on

will be published here

https://www.diigo.com/list/mailforlen/insecure-belgiumweb...

https://www.diigo.com/list/mailforlen/leaks?order_by=0

We will not publish here

* access to passwords

* recently published pastebin and other publications of logins

* non-strategic dataleaks but which may have a commercial impact

these will be published on friday or wednesday when the CERT has had enough time to contact them to correct the situation - or close the site down (in maintenance)

Permalink | |  Print |  Facebook | | | | Pin it! |

#belgoleaks privacycommission receives identity of biggest dataleak ever in Belgium

Ransomhacker Rex Mundi had access to half a million data about Belgians in september 2012 (if you type Rex Mundi in the searchform you will find all the information about that and other incidents)

He wanted to publish the data on a friday but as we found that a bad idea we were able to convince him to say which was the victim (so they could take immediate action before somebody did something else), to get into contact with the official handlers of the case and to not publish the information of the (innocent) victims.

At that moment we were totally alone and we tried to do the right thing but we weren't covered by any handler, contract as 'cybervolunteer' or 'law'. We took an enormous risk in doing this, but the possibility of having information about thousands of Belgians on the web on a friday was too big a risk (even if some said that that would have been better to advance security - which may be right but can you look all those innocent victims in the eye afterwards ?)

We never divulged the name of the victim on this blog nor to the press - even if they were very curious. We didn't want to start a panick nor to bring it down.

We have now informed the privacycommission of the name of the victim of the breach so it could invite the victim to hear if it has taken enough measures and has implemented enough procedures and has now enough resources to make sure that this doesn't happen again and that if something happens they may be able to respond better and be able to do what is in the new guidelines from the privacycommission

and don't ask, we promised not to divulge the name, we hope that at the other side, they will be better than the NMBS and won't have the same problem again this or next year

ok half a million data is not the same as 1.4 million (although there were many doubles in it) with the nmbs but we know that a part of that data is really in the hands of probably russian hackers and the victims were not informed and we are even not sure that enough is done to be sure that this doesn't happen again (this is why we infom the privacycommission now)

because if you are hacked, you will be attacked again untill you are hacked again

Permalink | |  Print |  Facebook | | | | Pin it! |

#belgoleaks privacycommission receives new list of users (libraries for example) of RRN as login

We have sent the privacycommission as an answer to their letter a new list of services that use the RRN as a login

It are mainly public services from cities (like libraries and recreationservices) that are sometimes delivered by some serviceproviders and for libraries for example are based upon WOPAC.

THe problem with the RRN is that if we want to keep that weak UID a bit safe we have to limit the distribution of it on the internet and through unsecured systems

we haven't send a list of all the services who ask in a form for the RRN without proper protection because that list would be too long and it would be more productive to publish securitynorms if you want to ask for the RRN of something (and in my book it is better to ask for such specific information after a secured wall and not on the public part of a website - another advantage is that you can send and backup this information in a seperate environments that are protected by different securitytools according to the degree of protection that is needed)

we know that the ball is now running and we will be patient :)

maybe it would be a good idea to work with the organisations that regroup all of the cities so they could inform their members of the new standards and controls

Permalink | |  Print |  Facebook | | | | Pin it! |

#belgoleaks if some belgian webservice asks for your RRN as a login, let us know

In the last post we mentioned that the Privacycommission has intervened in a few specific cases in which your RRN was used as the identifier for your LOGON to a website or webservice.

THey have stopped this kind of practice which means that you may not use this anymore.

If you are confronted with this kind of practice, please contact us so that we can collect this information, verify it and forward it to the privacycommission so that further action can be undertaken (and eventually formalised and generalised)

#belgoleaks is also your business because it is to prevent the leakage of your data

Permalink | |  Print |  Facebook | | | | Pin it! |

#belgoleaks Privacycommission intervenes to stop use of RRN as single sign on

#belgoleaks is the sole name of the different anti-leak and nosecurity Operations (the old OPS) that were hold before

one of these operations was the #OPRRN about the use of the RRN as unique identifier as single sign. THe RRN is a unique identifier of each person like the SSN in the US but the number has so many known identifiers in it that only 4 numbers are unknown (and even that)

the privacycommission is responsable for a the use and the rules and security of RRN by administrations and private firms and even if there was a debate in which several persons thought that the number should be public the majority thought that the risks of letting everybody use this number for everything were too great because the number is too weak as an identifier (it is too easy to find it) and also because the front- and backoffices have much too often not enough security and encryption to safeguard them

but meanwhile organisations were using more and more the RRN numbers or asking it in unsecure forms (even without logon and without ssl)

some even went further and used the RRN number as a sole identifier (libraries and sport clubs do this)

Today I have received an official answer from the Privacycommission which says that in the specific cases that I have mentioned concrete actions were taken but maybe it is time for the Privacycommission to state clearly itself that you can NEVER use the RRN in a login and that the RRN can not be asked on a public form and that if the organisation wants to have the RRN that this has to be done after authentification and in a secure environment and that these data - as other identifiable and important data - has to be encrypted and so on....

For the dutch speaking people

Permalink | |  Print |  Facebook | | | | Pin it! |

04/22/2013

#belgoleaks 1 the internal open Admin systems tesamen.org

above we could change the password

here we can change the date of birth - we didn't

we could see and change anything we wanted

it is now only seeable in Google cache

and as the administrators say that there was and is no problem, we have proof of the Google Cache of 25th of march showing what we could do but didn't effectively do

but if you seen the links and the information, than you know that there is much more to it and much more that could be found out

the cert was informed last week but tried to descredit me with some journalist who luckily knows that I am not playing around. More dangerous is that the CERT was saying that they didn't control my information that I send to them because otherwise they would be breaking the law, which is implying that I am breaking the law, which I am not because I change nothing, I log in to nothing and I only use Google to find the information

this means privacycommission that these are all public dataleakages

Permalink | |  Print |  Facebook | | | | Pin it! |

04/18/2013

hacked and dumped http://www.europeanspermbank.com

http://pastebin.com/2peZTrSx

info@europeanspermbank.com      0b2699059648ed3bdfd61687e0a6fb8c
d.eigenbrodt@arcor.de   9091d30ec0bb749382558d7066bafff4
kerrogn@hotmail.com     ce0b40140c9b35e51dd5df2cf94a7bb9
janne@europeanspermbank.com     c9bdcfc820a71413f7b2e9337379dbf8
+49 302946494   c76fd392edf11a053d3cb385cf3f75a1
rosellinis@yahoo.com    fabe6af2d5624e6a98c2ba363f49107c
dedeunddani@arcor.de    865ab997c73e3595347880b591fa6ead
abigail007@live.fr      f80c211bf2b7e7441c73c22f46d7f4cb
lydia.klikovac@yahoo.fr         75ede9ac4137be7e537a40267d64205b
heikos39@arcor.de       cd91b3acd65ffd61d794ffa156470e04
berglindbaldurs@hotmail.com     f167b08778e525d231a693656abf2794
lottebuc@hotmail.com    722f96d992476169f96a9d79ac1fc6dc
roz.firth@hotmail.co.uk         d08a6a194942f0955f4227edcbc1cc99
sis2008@web.de  0b58fe1eeaed86825b2b520944a25f40
Feli.Schurian@gmx.de    efd3bdd023e0238b7f7a58e00781fcce
s.sjong@online.no       48e0790e206efbaa2c0be02067f770ed
s.sjong@online.no       48e0790e206efbaa2c0be02067f770ed
anj_cowan22@hotmail.com         f20bd6531bb5975c29f700de4af7fa26
 
in flemish we would call this 'een druiper'

Permalink | |  Print |  Facebook | | | | Pin it! |

belgian public leak 3 http://www.hardwareshop.eu hacked and dumped

http://pastebin.com/4DxypkGm
 
http://www.hardwareshop.eu/nl/zoek.php?id="><script>alert("ESCOBAR.BLACKER")</script>
Host IP: 188.93.83.2

there are md5 passwords for the logins

and these are a part of the members of which the accounts are compromised- the emailaddresses have been altered

Address         City    Zipcode         Email
Brugstraat 93   Aalter  9880    kurt.v@t
Wiedauwkaai 6   GENT    9000    dirk.dekeys dv-cons
Frans Van Ryhovelaan 325/327    Gent    9000    jurgen
ST.-Elooistraat 81      Merelbeke       9820    info@g
Herlegemstraat 89       St. Amandsberg  9040    alain.m
St Elooistraat 81       Merelbeke       9820    info
Begijnhoflaan 452       Gent    9000    els.bracke
Zandstappenstraat 63    Schoten         2900    emanue
Ruiseleedsestraat 3b    Aalter  9880    peter.van
President Kennedypark 30        Kortrijk        8500    Tree
Victor Oudart Street, No7       Brussels        1030    s
Knokstraat 19   RUISELEDE       8755    nico.dep
Vossekotstraat 46       MEULEBEKE       B -8760         annic
Kortrijksestraat 398    WAARDAMME       B -8020         koee
Hille 18B       ZWEVEZELE       B -8750         filiptech.be
Hoge Wei 1      ZAVENTEM        B -1930         dirk.van.hooyd
Leopoldlaan 202-204     MIDDELKERKE     B -8430         tania
Frans Van Ryhovelaan 325        Gent    9000    norepl
Sint-Godelievedreef 20 - 1ste verdieping        Brugge  8310    coordin
Schoolstraat 54         ZWEVEZELE       B -8750         stockpla
Bedelfstraat 11         WINGENE         B -8750         info@van
Industrielaan 4         MALDEGEM        B -9990         info@alu
Rijselseweg 162         Voormezele      8902    servic
Marialoopsesteenweg 2H  TIELT   B -8700         diet
Beernemsesteenweg 61    WINGENE         B -8750         kri

Permalink | |  Print |  Facebook | | | | Pin it! |

read facebook profiles and postings without loggin in thanks to Google cache

step 1  look up in Google  for example  site:facebook.com  hotmail.be (or any other emailaddress) 

TD Objektiv | Facebook
www.facebook.com/TDobjektiv
3 dagen geleden - Email or Phone, Password. Keep me logged in. Forgot your password? .... tdobjektiv@hotmail.be. Photo: Model: Iris Geuens Locatie: Fotostudio MUA: TD ...

than you click to see an example of the site

you will see this appear next to it

TD Objektiv | Facebook

www.facebook.com/TDobjektiv - In cache

than you click on In cache

and you see this

 

than you scroll down and you see the rest of the postings

and maybe they have put this to public and this is their way of making publicity but maybe not everybody knows that their facebookpostings are set to OPEN for Google and the rest of the world

but you can add whatever searchterms you would like to find specific public profiles, postings, friends or links without logging in to anything and leaving no trail whatever because you google cache is your proxy (and if you use a proxy yourself they can't even do anything with the Google logs)

Permalink | |  Print |  Facebook | | | | Pin it! |

(sponsered) Privacycommissie publiceert nieuwe aanbevelingen

Naar aanleiding van een stevig aantal “high-profile” gegevenslekken, waarover ook uitgebreid bericht op deze site, heeft de Privacycommissie een nieuwe set aanbevelingen rond informatieveiligheid gepubliceerd voor eenieder die gegevensverwerkingen uitvoert en daarbij met computerbestanden werkt.

 

In het begeleidende artikel op de site van de Privacycommissie benadrukt zij dat concrete beveiligingsmaatregelen voor iedere organisatie specifiek beoordeeld en geïmplementeerd moeten worden in een zogeheten informatieveiligheidsbeleid. Er is echter een gemeenschappelijke basis die voor iedere organisatie – die persoonsgegevens verwerkt – geldt en die de Privacycommissie door deze nieuwe aanbeveling nog eens extra in de verf wil zetten: de privacywet, meer bepaald de artikelen die handelen over informatiebeveiliging en de verantwoordelijkheden die daarmee gepaard gaan.

 

De aanbeveling leunt aan bij de reeds bestaande referentiemaatregelen en richtsnoeren alsook de ISO27002 norm en geven heldere aanknopingspunten voor de opzet van een effectief informatieveiligheidsmanagementsysteem en informatieveiligheidsbeleid.

 

Waar de Privacycommissie tot op heden steeds een louter adviserende rol heeft rond de bescherming van persoonlijke levenssfeer gaan er steeds meer stemmen op om de Privacycommissie een minder vrijblijvende rol te geven. Dit in navolging van bijvoorbeeld de ICO (Information Commissioners Office, de Engelse Data Protecton Authority (DPA)) die geregeld het nieuws haalt met boetes aan ziekenhuizen, politiediensten en gemeenten als gevolg van persoonsgegevenslekken.

 

Een daadkrachtigere Privacycommissie kan overigens sneller werkelijkheid worden dan gedacht: de aankomende Europese verordening rond de bescherming van persoonsgegevens dreunt gestaag doorheen de Europese legislatieve molen naar een verwachte ratificatie vóór de Europese verkiezingen in juni 2014. Eén van de aspecten die deze verordening bekrachtigt is de mogelijkheid van DPA’s om boetes uit te delen.

 

Overzicht van de publicaties door de Privacycommissie omtrent informatiebeveiliging:

 

http://www.dp-institute.eu/privacycommissie-publiceert-ni...

Permalink | |  Print |  Facebook | | | | Pin it! |

04/17/2013

public belgian leak 1 ? Hacked & Leaked Data jcpapillon.be By GrenXPaRTa

http://pastebin.com/u0RWmuVE  17th of march

when we go to the site it is still in Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group (6 years old that is)

but the number of users that are mentioned on the site "Totaal aantal berichten 255 • Totaal aantal onderwerpen 108 • Totaal aantal leden 40 • Ons nieuwste lid is Lien"

while the hackers says that he has 1286 logins (and there are some Lien in that list

or the site had an archive list of all the old members and in 13 years they had 1286 logins in total

or there is dummy data and other data between these because the hacker knows that the other hackers will test all the logins in the list no matter where they come from (some also are doubles)

so maybe the privacycommission should ask them to research this and confirm this or not

Permalink | |  Print |  Facebook | | | | Pin it! |

your cookies will not die if you don't delete them yourself

It means that the cookie/session ID for an authenticated session is available even after the session has been terminated. There are examples where cookies can be accessible to hijack authenticated sessions. And these cookies are days (sometimes months) old. As a result, someone can successfully access accounts that belong to individuals from different global locations. Even if they would have logged-in/logged out many a times, theirs cookie would still be valid.

 

Though the cookie expiry date is mentioned still the cookies are valid post log-out. Why do the websites keep the cookie active even if the user has "logged out" and closed the session? Worse, when the same has been done a hundred times! Why do they keep ‘all the sessions maintained’ even when the log-out page has been accessed? I can’t think of a valid justification, and thus it makes a vulnerability. Now, let us go through some famous websites that are vulnerable –
https://www.wtfuzz.com/blogs/old-cookies-die-hard/

so you will have to delete your cookies yourself daily if you don't want to run the risk that some virus of online script will scrape your cookies and use them for real logins in your real accounts

Permalink | |  Print |  Facebook | | | | Pin it! |

dns.be wins a battle, but nothing more than that

as the champagne flows in the offices of dns.be after it has become clear that the proposals of minister Vande Lanotte have been efficiently blocked by their partners in the government, the reformers have not retreated or given up, but will only await the first big incidents to refer to this shortsighted conservative defensive attack against their proposals as the reason that these incidents can happen

which incidents are we talking about ?

* cybersquatting : anyone in the world can buy whatever domainname under .be without any verification (except once in a while of the emailaddress - which may be a general one and not necessarily one linked to the ISP or a firm). Some porn or malwaredistributor can buy whatever name who has gone broke or who has forgotten to pay in time for their domainnames

* botnethosting : botnets need real domains that will pass enough filters to keep on collecting the information from the infected hosts, update their viruses and give them new instructions. One way to do that is to have websites with the domainextension of a low-risk country (like Belgium) or from trusted domains like .edu. Even if dns.be says that it is monitoring the number of .be domains in the listings of securityservices that monitoring is far from complete.

* spamhosting : what is important for botnets is also important for spammers who also need 'trusted' domainextensions to host their spam for their fake products, pharmacies and so on. THese are clearly illegal services but dns.be doesn't clearly implement the local Belgian laws (for example when sellling domains for pharmacys or gambling services) which gives these crooks a window of opportunity

which problems are we talking about ?

* identitytrust : it is important that visitors of a website should be sure that the website is being owned and operated by a known firm, organisation or person and that they are authorized to operate such a website under such name. With webservices it would be easy to install already some filters and controls without going back to the days of declarations and other paperwork dns.be likes to refer to (playing in fact foul with the facts)

* real price : the goal should not be to sell more more more domains at ever lower prices (for the resellers) but to have a high quality domainzone with trusted domains that are monitored and defended by tools and security-installations. Dns.be itself shows in her statistics that the price for their domains (for the resellers that is) is way too low - which means that the possible and necessary investments in resources and materials are not easily made available

* no community input or oversight : dns.be is in the hands of a small bunch of organisations like beltug (the fathers of the .be domain in fact) and of the resellers which are their main area of intrest. I don't think that they are discussing much about the societal and economic impact of their choices. I don't think they have a naysayer who looks at an issue in every possible way - even if it doesn't please the stakeholders. There is no real internetcommunity or political or other oversight of dns.be and the choices they are making.

and why is this so important

Your domainname is your digital identity and your digital identity should only be available to you. Just as nobody can get my real name nobody should be able to get my digital name and the same goes for a school, a firm, a business, a trademark. Point final.

Because if this is not the case, it ends in blackmail and extorsion. If you don't buy your name under an ever increasing number of domainextensions you may have the risk that anybody can buy your name and can do whatever he wants with it (except from presenting himself as if he was you and this is what the visitors to his site will suppose to be be the case).

This has nothing to do with nationalisation or the other laughable ideological cheap tricks that were played during this debate. It has everything to do with the premise that your digital identity online is only available for you because you are the only one who can be you in real life and in the digital world.

Permalink | |  Print |  Facebook | | | | Pin it! |