The “Doxxing” of Q, for the Non-Techie
There have been a lot of posts on social media claiming to prove that “Q” of QAnon fame is Jim Watkins, a pedophile pig farmer living in the Philippines. The sources generally cite a bunch of computer jargon and images that few people have the expertise to understand.
That jargon is part of one of the engineering disciplines that make up my boring day job, and I found it interesting to see what people were saying. I’ve never really looked into the whole QAnon conspiracy beyond reading a few of their theories and thinking they’re bonkers… I tried to track down as many of the social media threads and forum posts that I could, and now I’ll try to refine and translate some of what it means, because I think a lot of places are misinterpreting the information.
- The IP addresses. This just shows that both 8kun (which we know for a fact is owned by Jim Watkins) and Qmap are both controlled by the same person/people. Yes, multiple servers and sites can share an IP, but at some point they have to be managed by the same administrator. Plus, we can look up all of the other sites with that IP and all but a couple have 8kun in the name.
Q verifies his identity via a cryptographic signature, or "tripcodes." These tripcode hashes (e.g. CbboFOtcZs ) are based on the DES/crypt(3) encryption algorithm...Tripcode: ITPb.qbhqo -> Password: Matlock
Tripcode: UW.yye1fxo -> Password: M@tlock!
Tripcode: xowAT4Z3VQ -> Password: Freed@m-
Tripcode: 2jsTvXXmXs -> Password: F!ghtF!g
Tripcode: 4pRcUA0lBE -> Password: NowC@mes
Tripcode: CbboFOtcZs -> Password: StoRMkiL
Tripcode: A6yxsPKia. -> Password: WeAReQ@Q
(Above comes from here)
2. Q’s posts are all signed with a cryptographic “tripcode”. Unfortunately for Q, the way they secured it is extremely outdated and insecure. It’s trivially simple to break it and fake the codes. There are websites that will do it for free while you wait.
3. 8kun and Qmap are two of the most attacked websites on the internet. There are pages and forums dedicated to messing with them, not to mention legitimate hacking and denial-of-service attacks. This article from Mashable describes some of the issues they have keeping the site running
5. Apparently, Q is an anonymous person who began posting on the site 4chan, and later moved to 8kun. If the premise were true that Q was an anonymous user who signs onto 8kun, leaves a post, and signs it to verify authenticity, then with the fact that the security is childishly easy to break, you can bet there would be 1000’s of “official” Q messages coming in every second.
But there are not.
6. Allegedly, aggregators like Qmap look for the codes or signals from Q’s posts and consolidate them for people to find. But if anyone can put an “authentic” Q post anywhere, someone at Qmap must know in advance which Q posts are real. This article on News Break gives more detail.
7. Since it’s obvious from #5 that the posts can’t be coming from some anonymous user, and from #6 false signals appear to be filtered perfectly, The messages must be coming from someone who controls the site itself.
8. Therefore, if Jim Watkins controls 8kun and Qmap, he must be Q and creating the posts directly.