I was wondering what would it take to be really anonymous on the internet. My first answer would be TOR browser. Of course, TOR by itself is not so safe. Adding a proxy wouldn’t help that much, I guess, because I would still be using the computer from a fixed location. I was wondering - what if I used a 3g dongle and kept changing the SIM card (you can get some of those here in Brazil for free and without any registration forms) on a notebook with a good Linux-based OS and all that stuff… could I become really anonymous on the internet? Of course, as long as I don’t post any data that could lead to myself or do anything STUPID…
In a recent thread on disappearing, Czarcasm linked to an article about a guy who tried to disappear for a month. It’s an interesting article in general, but one of the things he did was to set up a pair of laptops in a small office away from where he was going to be, to help further hide his TOR sessions.
TAILS is a linux OS that runs of a USB memory stick and leaves (they say) no traces so thats a good starting point…net book usb stick and drive round til you find an unlocked WiFi…
What I’ve seen as a list for how to use a “burner” computer is:
Buy a computer with cash from a store old enough to not use digitized (maintained forever) security systems.
Keep the battery physically removed from the computer at all times that you’re not using it.
Use it only at publicly accessible wifi points (without digitized security). Never use the same one twice. Take public transportation (paid for in cash) to and from those locations.
Never access any account or service that can be linked to you. Make up a random email address. Don’t use your name or your pet’s name or your wife’s birthday as a security question.
Use Tor, and, really, any other anonymizing service you can get your hands on.
The idea would be to avoid the NSA.
Regarding TOR: how much shall I protect it to the level where the loss of speed factor will be more important than security?
Just using a laptop not traceable to you and linking via random unsecured wireless networks will make you look like you are random real people. For legal purposes you are a nightmare to find. Not reusing those points is critical. If you keep logging in from the same location any investigative type will find you. Another option is many schools have open wireless for students. Pinning down someones location on a university campus can be challenging.
This is where the accumulated data of the NSA’s data hoarding comes into play.
Consider how they found bin Laden. They built a list of known al Qeda and their phones. Who did they call, and how often? Then it does not matter that you change phones and SIMS - they analyzed what other phones also phoned those same destinations. They knew the points of origin (if not by cell tower, then by city at least).
The fellow who was identified as a ObL courier, and who (contrary to Hollywood and the administration) was not identified even under torture- they identified him based on calls to his family back in Saudi Arabia. The house location was identified when the phone accidentally came on briefly in a brand new location…
So if you want to disappear from the NSA, you have to make a complete break from before. DO not contact people you have contacted. Don’t use the same online identities, the same names or passwords. Depending on how deeply they are looking, don’t frequent the same sites on the internet, basically don’t be a creature of habit. Better yet, stay off the internet and phone system.
You might use Starbucks or whatever for access; but then your identity is recorded on security video. If the powers that be identify you electronically, then they will start collecting security video. Depending on how much they want you, they may stake out a range of open wifi waiting for you. Don’t be a creature of habit - hitting the internet every Monday morning or similar makes you predictable.
Every browsing computer has a fingerprint, depending on what capabilities the installed browser has. If you use something unusual like a USB-Linux, odds are your PC signature may be one in a thousand, which helps narrow things down.
It seems the only solution is to remove yourself from the modern world, like the Unabomber, but without the bomb part. Even then, they eventually caught Eric Rudolph…
Interesting… so using an underground linux version might actually HELP the big guys to trace this computer?
I am worried that with the new Internet laws they will apply here in Brazil will help the teelecomunication companies to actually tax users for services that are now free, such as torrents or whatsapp, for instance. People fear that the big companies might be able to trace this data and tax people based on what they use.
In a way they already do, it’s included in your data allowance.
Now torrents is another area, if we assume for moment people (not us of course) are downloading the latest episodes of Game of Thrones without paying for them then I think the service providers would have a major legal dilemma as to tax the user would be partaking in said illegal transaction.
Now if you are worried that Sony Pictures (or whoever makes the show) was able to track you down and impose a tax on you I would not be too concerned unless the government got involved. A company can’t just tax you, they would have to take you to court and prove actual damages, well in Australia anyway.
That’s the point. With the new laws here in Brazil the companies could for instance tax people for using Whats App. What shall I use to avoid that? TOR is way too slow for downloading, of course. I use unblock-us for my netflix (as I watch it on my TV). Is there something else I could use without losing my speed?
I was imagining a version of torrent where you did not get a packet from the file provider, but rather through a few other participants, mostly your close friends. So I want Game of Hunger Episode VIII - I ask my “friend” who asks his “friend” and so on. the provider only sees his friend asking for it. Each packet goes through the game of post office and you have no idea who the further destinations are unless all intermediate relays are compromised… or you are the NSA and can monitor packet-in-packet-out at all locations.
Of course, the penalty for this is significantly more traffic, but the general idea is “start it downloading, come back tomorrow morning for the results”.
And all traffic would be encrypted (which it should be now) so only someone controlling an endpoint knows anything beyond “it’s torrent and it’s going to my next relay, X”