"Anonymity" & the Internet' - help?

[foofoolame]

Hello all! im going to be asking probably some of the most FAQ's regarding personal home networking privacy and what we call thee Internet.


What are peoples position regarding anonymity and browsing the internet? i realize there will never be true anonymity but i just want to be able to give myself the best shot.


From using VM's with 'Tails distro, personally created or paid VPN(PIA ect) following, onion routing as an alternative to either personally or paid VPNS.


These are just some of my thoughts on what im considering/read.

i realize primarily Linux would be the preferred method of any internet activity but i would especially like to hear for windows as well.


Thanks!

[cooper]

My position is that unless you require it you shouldn't bother trying to achieve it because no matter what they will find you if they want to.

So basically all you can do is make it harder for 'them' to find you and in doing so make it harder (more cumbersome, slower) for you to go about your business.

Which brings us to the interesting part of the question: Why do you want to be anonymous on the internet? What are you trying to achieve that, you feel, is impossible without remaining completely invisible to the outside world?

Note that even if you have a legitimate need to be anonymous, in general this means you will be anonymous for just that, and nothing else. So if you were to buy, say, concert and/or cinema tickets, or go to your banking website to pay for that VPN you use, you'd do so without being anonymous. The big difficulty lies in keeping your anonymous activities and your non-anonymous activities separate. This is very, very hard.

[whitenoise]

I think besides from technical issues such as cookies and browser tracking there is also the fingerprint of your web behaviour. You visit certain sites again and again, certain services of your computer may connect to sources in the internet and so on. Really to cover all aspects is very hard indeed. You can deactivate cookies, okay. Tails is trackable via browser information. I guess one has to generate a browser signature that has as less individual data as possible, meaning not to delete all entries but to see, what is the most common setting so there are lots of other users that use the same setting, too.

Then as Cooper said, separating anonymous and non-anonymous activities is important (if possible at all). Theoretical for every website you could assign yourself a new IP address so a single IP assignement to you cannot collect enough data to classify it a fingerprint. You probaly also could do it the other way around and add fake behaviour to your normal web behaviour. This could be done by an automatically script that has a huge list of garbage websites and here and then sending requests there. I would not really trust the last solution as relevant data probably can become extracted by simple statistical analysis. If the websites you regularly visit stick out they have a pattern. To make this work the frequency of visiting regular websites has to be as high as the frequency of random websites so the 'true' signal can hide in the 'noise'.

Be aware that there are probably other mechanisms to track you, too.

[digininja]

This has been discussed quite a bit over the recent months, dig back through some old posts and you'll find my opinions on the difference between anonymity and obscuring your IP address and, like Cooper and whitenoise say, why it is very hard to be truely anonymous.

[cooper]

https://forums.hak5.org/index.php?/topic/35133-3g-dongles-and-customer-names/page-2#entry260823

[foofoolame]

https://forums.hak5.org/index.php?/topic/35133-3g-dongles-and-customer-names/page-2#entry260823

thank you all for the responses, i will be checking the link you posted.

[kpoeticg]

It's impossible to remain completely anonymous and be "100% SURE" about it nowadays. I'd say VPN + TOR + Proxychains is your best shot, but TOR's nowhere near as anonymous as it used to be. No idea what percent of exit nodes is actually feds now, but i bet it's a high number. I don't wanna go into a rant about the N$4/Trapwire/Datamining, but we live in an age where everything that you're paranoid about the government doing is 10 years late and now Google and Facebook actually have all that technology too. It's one big circle-jerk of trading/selling data

If you're worried about things like keeping your CC & Banking info safe, buy Lifelock. If you want privacy, my best advice would be to start researching time travel maybe.... Everything that Anonymous was fighting for years ago is already in the past and too late to do anything about. If you really wanted to be anonymous you'd have to be an excellent criminal that stole your computer, uses a giant proxychain of the 30 nearest wifi signals you can hack before you even open your browser, never use google/facebook/twitter, keep electrical tape over the camera of every phone and laptop you own.... I mean even the Amazon Fire Tv STB has a microphone in the remote designed so you can never turn it off.

It's sad to say that it's best to just accept it. If google wants to sell facebook and fbi proof that i watch porn and know how to use linux, good for them. I just do my best to stop buying products made by companies that profit off of spying.on me. The only exception is the fact i'll always have an Android phone so google will always get my business there. But other than that, if i know a company is making money off of data-mining me, i'm not also gonna give them MY money by buying their products.

Chances are if you have a reason to hide something it's already not a secret. That's my opinion on the subject anyway....

This is a good video on the topic of how far gone anonymity is

(Ok i ranted a little, sorry =P)

[barry99705]

Being anonymous on the internet is only slightly harder than catching a left handed unicorn.

[foofoolame]

It's impossible to remain completely anonymous and be "100% SURE" about it nowadays. I'd say VPN + TOR + Proxychains is your best shot, but TOR's nowhere near as anonymous as it used to be. No idea what percent of exit nodes is actually feds now, but i bet it's a high number. I don't wanna go into a rant about the N$4/Trapwire/Datamining, but we live in an age where everything that you're paranoid about the government doing is 10 years late and now Google and Facebook actually have all that technology too. It's one big circle-jerk of trading/selling data

If you're worried about things like keeping your CC & Banking info safe, buy Lifelock. If you want privacy, my best advice would be to start researching time travel maybe.... Everything that Anonymous was fighting for years ago is already in the past and too late to do anything about. If you really wanted to be anonymous you'd have to be an excellent criminal that stole your computer, uses a giant proxychain of the 30 nearest wifi signals you can hack before you even open your browser, never use google/facebook/twitter, keep electrical tape over the camera of every phone and laptop you own.... I mean even the Amazon Fire Tv STB has a microphone in the remote designed so you can never turn it off.

It's sad to say that it's best to just accept it. If google wants to sell facebook and fbi proof that i watch porn and know how to use linux, good for them. I just do my best to stop buying products made by companies that profit off of spying.on me. The only exception is the fact i'll always have an Android phone so google will always get my business there. But other than that, if i know a company is making money off of data-mining me, i'm not also gonna give them MY money by buying their products.

Chances are if you have a reason to hide something it's already not a secret. That's my opinion on the subject anyway....

This is a good video on the topic of how far gone anonymity is

(Ok i ranted a little, sorry =P)

its OK TO RANT!! i love rants, thats how i know im getting someones honost opinion.

i was thinking, tails linux on VM<(VPN(private internet access ect)/My own onion router using pi 2, tor browser.

does anyone want to collectively save up our bitcoins and buy a large island landmass and we can start everything over? :p

[digininja]

You could buy Sealand http://en.wikipedia.org/wiki/Principality_of_Sealand

[kpoeticg]

its OK TO RANT!! i love rants, thats how i know im getting someones honost opinion.

i was thinking, tails linux on VM<(VPN(private internet access ect)/My own onion router using pi 2, tor browser.

does anyone want to collectively save up our bitcoins and buy a large island landmass and we can start everything over? :p

It's funny you say that about the island, cuz i was gonna make a joke about buying a boat and becoming a pirate in my rant =P

The thing about TOR is it really is an effective proxy except in the 2 most important places, checking in and checking out. Checking out is the point where you're vulnerable and why the government started creating their own exit nodes. And there's nothing you can do to change your odds of getting a "legit" exit node. Otherwise darknet wouldn't be darknet, it's random. So chances are, if you're constantly using TOR to block yourself, SOME of those times, a federal agent that had no idea who you were before, now has a .cap file with whatever you were doing there.

So there's 2 perspective's, mask yourself by using TOR for EVERYTHING, so the fact that you're there doesn't mean your doing something bad. Which would take forever to do anything cuz TOR=SLOW

Or.... Use it VERY sparsely so hopefully you won't catch a fed exit node. I personally haven't used it since the first raid on Silk Road, and even then i just browsed around the forums a few times cuz i was curious.

"i was thinking, tails linux on VM<(VPN(private internet access ect)/My own onion router using pi 2, tor browser."

If you can find a logless VPN company it would help, but most companies cooperate with the fbi, it's just how it is. So you really need to think how bad you need to keep your activity private. If you could find the most trustworthy VPN company in the world and exit through them....

I don't know you, and i don't judge people, but your considering doing alot of stuff that in the end would probly keep your info from everybody except the people you're trying to hide from. If you're doing something on the scale that the N$4 would be interested, you're not hiding from them. There's no scenario, it's just how it is.

Hammond was a friggin beast, and he still caught 10 years. You think he wasn't doing everything possible to hide his actions? How about Sabu? Yes he's a punk-ass-snitch, but at one point he was an extremely intelligent cyber criminal... Probly one of the only "Criminals" out of everybody that he sent to prison ironically. I forget which member of the Lulz boat that stayed using other people's wifi -> TOR, so they ended up following the wifi signals to pinpoint where his bedroom was to prove it was him. Literally the wifi frequencies in the air....

I mean it's possible to be a ghost "hacker" MAYBE, but not an anonymous person who uses the internet.

If you were trying to get away with stuff, i mean, laptops that can in no way trace back to you or anyone you know buying them. Getting prepaid wifi cards from some magical place that doesn't have security cameras....Never hacking from the same location twice.....stealing like a new laptop every week or month and bleaching the data daily just in case... You'd have to be pretty dedicated to it. If they're looking for you, it only takes one slip. Log into you're email from your home computer one time by accident cuz you forgot it was your "other" account, that's it, they know you now. Please understand "EVERYBODY" i'm speaking hypothetically here for the sake of conversation.

I love to learn about security, but i really don't do anything that would piss off the government. So i can't give you first hand experience how to evade. I've read some great articles about OP-Sec and seen some great speeches about it.....I mean, you need to understand, this conversation where having now, by tomorrow Google, Facebook, Amazon and any other interested parties will probly have it logged on their server. If you're interested in getting away with something, you've already exposed yourself by posting here without being anonymized. It's like leading 2 lives that can never in any way intersect. Its risky, and don't sound fun. If you wanted to be a black-hat, it's your seperate identity that has no connection to you.

For instance like alot of the Anonymous members who got locked up, had no business being arrested in the first place. Except they pissed off the government. Some of them cats really were freedom-fighters trying to help. It's still crazy to me that the biggest criminal amongst them flipped in an hour and got no jail time.... If you check out that vid i posted earlier, that guy actually works for the government. He references a book called like "5 crimes a day". He says there isn't a person in the world, that if he's targeting you he can't find at least 5 crimes a day he could charge you for. Like even your grandma.

So if you're like coming from the perspective of like, "this" or "this" seems like a good hustle, i wouldn't recommend it. And if you're gonna do something, don't try to get rich.....hypothetically. If you're not worth anybodies time......maybe

Even Kevin Poulson got caught, and he WORKED for them.

This is a white-hat forum tho, and i feel like i'm bordering on violating TOS...

[foofoolame]

It's funny you say that about the island, cuz i was gonna make a joke about buying a boat and becoming a pirate in my rant =P

The thing about TOR is it really is an effective proxy except in the 2 most important places, checking in and checking out. Checking out is the point where you're vulnerable and why the government started creating their own exit nodes. And there's nothing you can do to change your odds of getting a "legit" exit node. Otherwise darknet wouldn't be darknet, it's random. So chances are, if you're constantly using TOR to block yourself, SOME of those times, a federal agent that had no idea who you were before, now has a .cap file with whatever you were doing there.

So there's 2 perspective's, mask yourself by using TOR for EVERYTHING, so the fact that you're there doesn't mean your doing something bad. Which would take forever to do anything cuz TOR=SLOW

Or.... Use it VERY sparsely so hopefully you won't catch a fed exit node. I personally haven't used it since the first raid on Silk Road, and even then i just browsed around the forums a few times cuz i was curious.

"i was thinking, tails linux on VM<(VPN(private internet access ect)/My own onion router using pi 2, tor browser."

If you can find a logless VPN company it would help, but most companies cooperate with the fbi, it's just how it is. So you really need to think how bad you need to keep your activity private. If you could find the most trustworthy VPN company in the world and exit through them....

I don't know you, and i don't judge people, but your considering doing alot of stuff that in the end would probly keep your info from everybody except the people you're trying to hide from. If you're doing something on the scale that the N$4 would be interested, you're not hiding from them. There's no scenario, it's just how it is.

Hammond was a friggin beast, and he still caught 10 years. You think he wasn't doing everything possible to hide his actions? How about Sabu? Yes he's a punk-ass-snitch, but at one point he was an extremely intelligent cyber criminal... Probly one of the only "Criminals" out of everybody that he sent to prison ironically. I forget which member of the Lulz boat that stayed using other people's wifi -> TOR, so they ended up following the wifi signals to pinpoint where his bedroom was to prove it was him. Literally the wifi frequencies in the air....

I mean it's possible to be a ghost "hacker" MAYBE, but not an anonymous person who uses the internet.

If you were trying to get away with stuff, i mean, laptops that can in no way trace back to you or anyone you know buying them. Getting prepaid wifi cards from some magical place that doesn't have security cameras....Never hacking from the same location twice.....stealing like a new laptop every week or month and bleaching the data daily just in case... You'd have to be pretty dedicated to it. If they're looking for you, it only takes one slip. Log into you're email from your home computer one time by accident cuz you forgot it was your "other" account, that's it, they know you now. Please understand "EVERYBODY" i'm speaking hypothetically here for the sake of conversation.

I love to learn about security, but i really don't do anything that would piss off the government. So i can't give you first hand experience how to evade. I've read some great articles about OP-Sec and seen some great speeches about it.....I mean, you need to understand, this conversation where having now, by tomorrow Google, Facebook, Amazon and any other interested parties will probly have it logged on their server. If you're interested in getting away with something, you've already exposed yourself by posting here without being anonymized. It's like leading 2 lives that can never in any way intersect. Its risky, and don't sound fun. If you wanted to be a black-hat, it's your seperate identity that has no connection to you.

For instance like alot of the Anonymous members who got locked up, had no business being arrested in the first place. Except they pissed off the government. Some of them cats really were freedom-fighters trying to help. It's still crazy to me that the biggest criminal amongst them flipped in an hour and got no jail time.... If you check out that vid i posted earlier, that guy actually works for the government. He references a book called like "5 crimes a day". He says there isn't a person in the world, that if he's targeting you he can't find at least 5 crimes a day he could charge you for. Like even your grandma.

So if you're like coming from the perspective of like, "this" or "this" seems like a good hustle, i wouldn't recommend it. And if you're gonna do something, don't try to get rich.....hypothetically. If you're not worth anybodies time......maybe

Even Kevin Poulson got caught, and he WORKED for them.

This is a white-hat forum tho, and i feel like i'm bordering on violating TOS...

very awesome, in-depth post my friend! yeah i used tor browser to create disposable email which sucked trying to pass captcha when creating my account for this site. its all a charade of interconnectivity and not being able to see the bars in front of us. the internet was never created for privacy, online banking, personal information to be anonymized ect.. its just scary the times we live in and the direction that technology as a whole is going. let alone all the specifics. yeah swartz documentary was truely sad. im not doing anything more than the average american i guess you could say. if there was something i was doing wrong it is asking questions, not being complacent with whats happening in the world, and formulating my own take on the world and what purpose my life is to impact it for the greater good. and those are beliefs worth dying for.

[digininja]

Why did you use the Tor browser to register? You seem to be connecting in without it now so invalidates using it in the first place.

[foofoolame]

Why did you use the Tor browser to register? You seem to be connecting in without it now so invalidates using it in the first place.

because i was trying to seperate my true me from this me. but as just this information/conversations concerned its nothing earth shattering and no more conscpicuous than the rest of my past online preferences.

i was asking in general, what are some ways on tightening up my personal security. not specifically for this forum how can i anonymously converse this information to you all. more or less, yes your right. it invalidates the purpose, its the principle of how much effort vs. the goal/point of why your trying. my goal here is just to aqquire information. behavior patterns can be manipulated everyday. who knows, i could stay off technology for a year, change address, have someone else buy a computer in cash for me, and wardrive on wifi and not connect to a single non-secure/tor browser or site.

[digip]

wardrive on wifi and not connect to a single non-secure/tor browser or site.

So long as no one knows you do this, the machine you use has no HDD/Storage, run off live media, and the MAC address is always spoofed, and you never talk to anyone you know, never login to your accounts, and never do anything that can identify you, then yes, you might become more difficult to find, but once someone gets to you in some form and can identify you, all you become then is a moving target they have to predict where you are going to next. It's not impossible, but it's damn near impossible unless you have no one in your life and go it alone forever with no way to tie you to anything you do and are in the real world. Once you cross that boundry, it is then just a matter of how much time and money does someone have to waste on trying to go after you, and unless you are wanted for murder or some large crime, for the most part no one will bother to look for you. You'd need to make an impact that warrants the effort to go after you really, which is why kids in groups like anonymous get popped since they are attacking credit card data, personal and government information that impacts companies, military or such, and when they come looking, they'll put someone down, even if it's the wrong person in the process. It's like first rule of fight club. Don't talk about fight club. Second you do, all shit hits the fan.

[foofoolame]

So long as no one knows you do this, the machine you use has no HDD/Storage, run off live media, and the MAC address is always spoofed, and you never talk to anyone you know, never login to your accounts, and never do anything that can identify you, then yes, you might become more difficult to find, but once someone gets to you in some form and can identify you, all you become then is a moving target they have to predict where you are going to next. It's not impossible, but it's damn near impossible unless you have no one in your life and go it alone forever with no way to tie you to anything you do and are in the real world. Once you cross that boundry, it is then just a matter of how much time and money does someone have to waste on trying to go after you, and unless you are wanted for murder or some large crime, for the most part no one will bother to look for you. You'd need to make an impact that warrants the effort to go after you really, which is why kids in groups like anonymous get popped since they are attacking credit card data, personal and government information that impacts companies, military or such, and when they come looking, they'll put someone down, even if it's the wrong person in the process. It's like first rule of fight club. Don't talk about fight club. Second you do, all shit hits the fan.

thank you for your imput! yeah, thats a sad life to live. but even more sad that to thee extent one would have to go to NOT be a variable or a piece of data to analyze/trace and profile.

i more or less am just trying to learn more about security thats all. my a+ and even now net+ classes obviously briefly skimmed over that because it wasnt the foundation/course meant to be taught. once i get to sec+ and have some hands on with some labs/vms ill start feeling more at ease. you can never learn enough, nor have the time to but its what effort can i put into learning the most core fundamental/crucial bits of information within the period of my prime intellectual mind.

[HyperAlpha]

I have skimmed and read a couple of things...I could be wrong here and there.

TOR as it was is no longer secure the FBI has shutdown the silk road and if not other website's and is monitoring traffic most computer hackers are going to the other platform.

Which I forget is called since its been so long since I have used a Dark net which basically use's PEER to PEER connections to make a unique anonymous link to the dark net and is what most people are using now and using a IRC function host to host to be able to talk about business or other related things.

The only reason you should be using a VPN or anything like that is if you are doing illegal business or wanting to find illegal business or finding top secret documents/knowledge. There is about 400 websites that require some computer hacking knowledge to access them last I checked which was a hell of a long time ago.

There is a point of wanting to protect privacy and just going completely offline because you are trying to steal information.

----------------------------------------------------------------------------------------------------------------------------------------------------------

If you are trying to go completely anonymous make sure you use software that doesn't have to pay to get because then your bank and everything will see that unless you use bitcoin and cyberghostvpn is a good VPN to use since they accept bitcoin as a currency.

[foofoolame]

I have skimmed and read a couple of things...I could be wrong here and there.

TOR as it was is no longer secure the FBI has shutdown the silk road and if not other website's and is monitoring traffic most computer hackers are going to the other platform.

Which I forget is called since its been so long since I have used a Dark net which basically use's PEER to PEER connections to make a unique anonymous link to the dark net and is what most people are using now and using a IRC function host to host to be able to talk about business or other related things.

The only reason you should be using a VPN or anything like that is if you are doing illegal business or wanting to find illegal business or finding top secret documents/knowledge. There is about 400 websites that require some computer hacking knowledge to access them last I checked which was a hell of a long time ago.

There is a point of wanting to protect privacy and just going completely offline because you are trying to steal information.

----------------------------------------------------------------------------------------------------------------------------------------------------------

If you are trying to go completely anonymous make sure you use software that doesn't have to pay to get because then your bank and everything will see that unless you use bitcoin and cyberghostvpn is a good VPN to use since they accept bitcoin as a currency.

thanks for the post, yeah i just want privacy thats all. and just to understand security from an IT stand point as ive passed my A+, im in Net+ and will be doing Sec+ after my mcsa/mcse on the Microsoft vendor specific side. also considering doing ecouncils ENSA<CEH<LPT but those are just fancy smancy stuff id be happy for just sec+ and alot of lab/virtual hands on stuff in my house.

heres what ive looked at for vpn from PIA https://www.privateinternetaccess.com/blog/2012/04/how-to-buy-bitcoins-anonymously-in-the-us-instantly/

[cooper]

Regarding TOR, for accessing the internet proper you basically get a secure line to the exit node, but beyond that anybody can see the traffic. So long as this traffic doesn't identify you in any way, shape or form, there's nothing to worry about. The smart thing to do is to have a dedicated machine somewhere in your house other than where you typically go about your computer-y things. This is a psychological barrier if you will - being in a different setting when you use the TOR box will help reinforce the idea that you shouldn't be doing your 'normal' computer-y things here. You can use personally identifying services from your TOR box, such as email, IM, twitter, even facebook. BUT you must be aware that no information provided here must refer to your real identity. You can't (re)tweet similar things (or worse, retweet your other identity's tweets), you can't like similar stuff (or worse, like your other identity's posts), etc. Basically, you need to focus as much as you can the online activity you do on your TOR box on the one thing you actually need the TOR box for. If you don't want the email account you access from your TOR box to end up being linked to the twitter account you use from your TOR box, use a different email address for registering (duh) and reboot your Tails distro before doing so, so you end up with a new TOR session for this activity. If you want to use these things simultaneously, acquire an additional machine to function as a TOR box, or run your batch of TOR boxes from a VM. Make sure the various VMs are rediculously easy to keep apart. Basically, try to have it that each VM on login goes straight into the application you want to use from that TOR box. If you receive a web link (via email, twitter or what have you) and you really want to click it, don't copy-paste the link to your general web browsing TOR vm but open it from within the TOR vm in which you received the link, otherwise it might happen that the two separate sessions can be linked and 'they' would be one step closer to identifying you.

Moving on, when you talk to people about anonymity, they tend to leave out real life. Which is BAD. You must never ever admit to knowing anything you did from your TOR box. In fact, nobody can know you even have a TOR box and if you can make them believe you never use TOR, all the better.

If you performed some amazing hack, you can't tell anybody about it. It never ceases to amaze me the amount of stupid people that feel a need to brag about the crime they got away with and, in doing so, get caught. Like this idiot. Another example was a few years ago here in .nl where a large group of people were arrested for street racing. The police, when interviewing them, said they had the whole thing on tape and could identify everybody easily so it would look better if they just confessed. Only 1 guy held firm and claimed he was innocent. He was the only one to not go to court over this because it turned out the police interrogator lied - there was no tape of the street race but now there were quite a few taped confessions...
If you do something illegal online and you feel you must do so using some nifty handle (something like, say, deface a website), you use that handle ONCE AND ONLY ONCE! The smart money is on not using a handle at all.
If you do something illegal simply to impress others, MOVE THE FUCK OUT OF YOUR MOM'S BASEMENT AND GET A FUCKING LIFE! If the only way to impress your friends is to do something illegal, you need better friends.

And finally, just because something is illegal doesn't mean it's wrong. There are plenty of lists to be found online of stupid laws, drafted in a time when pissing in a bucket was the pinnacle of technological achievement, that make some truly weird things illegal. For instance it's illegal to mispronounce the name Arkansas. Know what you're doing. Know why you're doing it. Understand the law and how it applies to you and be willing to accept the consequences of your actions.

Edited May 16, 2015 by Cooper

[digip]

MOVE THE FUCK OUT OF YOUR MOM'S BASEMENT AND GET A FUCKING LIFE!

​for the win..lol

[foofoolame]

Regarding TOR, for accessing the internet proper you basically get a secure line to the exit node, but beyond that anybody can see the traffic. So long as this traffic doesn't identify you in any way, shape or form, there's nothing to worry about. The smart thing to do is to have a dedicated machine somewhere in your house other than where you typically go about your computer-y things. This is a psychological barrier if you will - being in a different setting when you use the TOR box will help reinforce the idea that you shouldn't be doing your 'normal' computer-y things here. You can use personally identifying services from your TOR box, such as email, IM, twitter, even facebook. BUT you must be aware that no information provided here must refer to your real identity. You can't (re)tweet similar things (or worse, retweet your other identity's tweets), you can't like similar stuff (or worse, like your other identity's posts), etc. Basically, you need to focus as much as you can the online activity you do on your TOR box on the one thing you actually need the TOR box for. If you don't want the email account you access from your TOR box to end up being linked to the twitter account you use from your TOR box, use a different email address for registering (duh) and reboot your Tails distro before doing so, so you end up with a new TOR session for this activity. If you want to use these things simultaneously, acquire an additional machine to function as a TOR box, or run your batch of TOR boxes from a VM. Make sure the various VMs are rediculously easy to keep apart. Basically, try to have it that each VM on login goes straight into the application you want to use from that TOR box. If you receive a web link (via email, twitter or what have you) and you really want to click it, don't copy-paste the link to your general web browsing TOR vm but open it from within the TOR vm in which you received the link, otherwise it might happen that the two separate sessions can be linked and 'they' would be one step closer to identifying you.

Moving on, when you talk to people about anonymity, they tend to leave out real life. Which is BAD. You must never ever admit to knowing anything you did from your TOR box. In fact, nobody can know you even have a TOR box and if you can make them believe you never use TOR, all the better.

If you performed some amazing hack, you can't tell anybody about it. It never ceases to amaze me the amount of stupid people that feel a need to brag about the crime they got away with and, in doing so, get caught. Like this idiot. Another example was a few years ago here in .nl where a large group of people were arrested for street racing. The police, when interviewing them, said they had the whole thing on tape and could identify everybody easily so it would look better if they just confessed. Only 1 guy held firm and claimed he was innocent. He was the only one to not go to court over this because it turned out the police interrogator lied - there was no tape of the street race but now there were quite a few taped confessions...

If you do something illegal online and you feel you must do so using some nifty handle (something like, say, deface a website), you use that handle ONCE AND ONLY ONCE! The smart money is on not using a handle at all.

If you do something illegal simply to impress others, MOVE THE FUCK OUT OF YOUR MOM'S BASEMENT AND GET A FUCKING LIFE! If the only way to impress your friends is to do something illegal, you need better friends.

And finally, just because something is illegal doesn't mean it's wrong. There are plenty of lists to be found online of stupid laws, drafted in a time when pissing in a bucket was the pinnacle of technological achievement, that make some truly weird things illegal. For instance it's illegal to mispronounce the name Arkansas. Know what you're doing. Know why you're doing it. Understand the law and how it applies to you and be willing to accept the consequences of your actions.

thank you!! appreciate the clarification on tor and using it better. and perhaps the greatest quote so far haha.

[foofoolame]

so in summary lets see:

at a random point in time purchase computer/laptop with cash from non-corporate/chained store. such as a local mom and pop store; wearing clothes/costume i normally wouldnt wear in case their cc cameras are uploaded/accessible by 8ig 8rother..

purchase vpn anonymously using bitcoins

enter no incriminating data whatsoever on the device

connect randomly at different wifi locations/wardrive everytime i want to use it

use tails live cd always

(this only applies to the device/personality i want to remain more secure)

[overwraith]

Military surplus stores sometimes carry computers which you can pay cash for. The one I usually visit doesn't seem to have any cameras on the inside.

One thing I wonder is if one could give away or sell hacked "routers" etc which could forward your data. Would probably be pretty obvious though.

[digip]

One thing I wonder is if one could give away or sell hacked "routers" etc which could forward your data. Would probably be pretty obvious though.

That is actually an interesting though. If you made pre-configured routers with a VPN service installed, DynDNS setup and maybe even a TOR relay built in, you decentralize everything by somewhat putting it in the hands of others. Only problem I see with this, how do you accept payment for these routers and how do you ship them. Ideally if you had control over other routers and were logging in remotely from free wifi hotspots you get two benefits. one, free hotspot use for the normal anonymity profile persona you use, while 2, having access to a large chained network of routers that are deployed which you can use for whatever you want to route a set of tunnels through. This is all cyberpunk in theory more than reality since you'd have to plan this out and have the money for the mass deployment, but I don't doubt to some extent this is in part why governments intercept devices in route to companies so they can backdoor them and get in where they want, only in this case, we'd be using them for access control to our own tunneled WAN mesh of affected devices.

[overwraith]

I am glad you liked the idea, I don't know how somebody would shroud the fact that they were giving people hacked hardware. Perhaps you sell to store of some kind, but your main operation is the producer, which would periodically fold up shop change names, or move operations elsewhere. The thing you would have to try to prevent is the consumers from being able to look on the news for recalls, etc, there would need to be a lot of different router cases, to fool people into thinking they did not have one of the hacked routers, but on the inside the hardware is all the same. I am not sure how people go about shrouding their business operations from the government that would be something to ask somebody who knows economics/businesses/etc.

If you wanted to do something like this legally, some already are trying with things like TOR routers etc, you could perhaps build your code into the router and advertise it as a service, "IP address shrouding features".