Anonymous Internet 101
Here's some info for you all about staying anonymous on the internet. Tools & shit you need, &c...
First, understand that YOU WILL NEVER, EVER, BE SECURE.
This is written for people who know how to use a computer but need pointers to the applications that make the internet more fun. If you do not know how to use a computer, forget about it. Don't drive the Indy 500 if you can't operate a manual gear box, you'll get yourself into a lot of trouble.
Nothing you do can make you 100% anonymous, consider yourself always busted by the National Security Agency (NSA). The NSA maintains several internet wiretaps that preform "deep packet inspection" along with other techniques to monitor the entire electronic commination of the United States and possibly the whole world. The NSA is currently building a $2 Billion dollar data center in Utah that will generate petabytes (1,000 terabytes) of data in less than a week, and might generate that much data in a single day. This is only one of the many secret and not-so-secret facilities in the United States. For perspective, this NSA data center is 4 times more expensive than Microsoft's, and probably has 6 times the computing power of Microsoft, Yahoo, Facebook, and Google - all combined. So, consider yourself totally screwed from the get-go.
The NSA regularly shares information with the Department of Defense (DoD) and the Central Intelligence Agency (CIA), though these groups tend to focus on external threats (versus domestic terrorists). However, it is well documented that the FBI collaborates and shares information with the CIA, DoD, and other groups. Information certainly flows up the ladder of intelligence community - but if you have any chance of being anonymous - you better hope that it doesn't flow down as quickly.
So, how do you become anonymous-enough on the internet?
Here's an analogy for you non-nerds: think of the internet as a highway (or a series of tubes), from this I will draw many parallels to internet communication.
1) Start with Tor. In the highway example, Tor hides your destination. In nerdier terms, Tor runs your data through multiple other Tor servers and users, basically bouncing your data all across the globe to a series of locations before it arrives at the final destination. If you're taking the Highway from Portland, it would be like taking Highway 26 to Bend Oregon, and then cutting West to Salem instead of just taking i-5 south. It confuses the shit out of people trying to track you, and it slows you down considerably.
Download and run the app. If you can't figure it out, you probably shouldn't be involved in this sorta game. Information technology moves very quickly, and you have to stay on top of it. You must look at IT as a hobby, you must read about it, keep up with it, understand it. If you don't, consider yourself busted.
2) Don't connect from your home network. Go to an open, free, wireless access point. The more anonymous spot the better. If you live in Portland, take a trip to Eugene or Seattle, or learn how to remotely connect to another computer (VPN). Either way, your personal computer should not be hooked up at your personal network - the farther away the better. In the highway example, your IP address is like the license plate on your vehicle. It's assigned by where you are connecting to, and it's possible to track the IP back to one location. Tor will help you disguise your IP to some degree, but you're better off just connecting to another network entirely.
2a) Consider an SSL proxy or VPN. Unless you know someone, you're going to have to pay for VPN services. I recommend CryptoHippie.com - but the service costs $275 a year. Well worth it, if you need it. You can Google "Free SSL proxy" and fund a whole bunch.
3) Change your MAC address.
A MAC address is a serial number written into the hardware of your computer. Think of it as the VIN number on your vehicle. The only solution here is software, and there's lots of options. If you do not change your MAC address, you are busted.
If you combine 1, 2, & 3, that's usually enough to keep you from being busted by local law enforcement, but there's no guarantees. Bradley Manning was using Tor, SSL, and SFTP to send data to wikileaks. These combined technologies got him past the US Department of Defense's monitoring.
4) Beware of your operating system. In China, the government requires that all PC's have spyware installed on them to monitor their citizen's internet use. It should be assumed that the US government would go through the same, and that China and the US likely install monitoring kernels on all computers. Apple/Mac Computers and Windows computers are most certainly compromised, though there may be some hope with Linux and others. In the highway example, you can change your everything about your vehicle, but if you OnStar installed, they'll have a GPS location on you the whole time. You've got to ditch Microsoft and Mac.
5) Change your internet behavior, and do it regularly. Stop using Facebook. Stop using your real name on the internet. Stop posting pictures of yourself on the internet. All of that will be used against you. If you are going to use social networking, realize that everything you post, do, and view is recorded. This information is tabulated together to create complex behavioral analysis. Private companies have created a billion dollar industry built solely on creating internet analysis of consumer behavior. The CIA and other government agencies fund this technology, because they're using computers to predict the future (seriously, http://www.ted.com/talks/bruce_bueno_de_mesquita_predicts_iran_s_future.html ). It is a best practice to utilize fake identities on the internet, and to change them regularly. The only benefit to using your real name is the credibility associated - but you shouldn't believe anything you read on the internet. **"Believe nothing that you hear and half of what you see."**
6) Use SSL encryption whenever possible, or an SSL proxy (remember, google "Free SSL Proxy"). SSL hides your destination from your internet provider (like Comcast). Comcast routinely offers up information to law enforcement without a court order or warrant, and they provide internet for most residential and small businesses in this area. Secure websites include most email providers, but you can find them in strange places, note the "S" following "http", this denotes a secure connection. Check out Google's: https://encrypted.google.com/ - that's a good homepage for web surfing, though when you leave the secure connection (by clicking a link), you're busted.
7) Be aware Content versus Context. What is a better method of being anonymous? A) Sending an encrypted email from a compromised email address, or B) sending a unencrypted email from an anonymous address? Sometimes it's best to get off of email and digital communication entirely, and depend upon good-ole snail mail and the United States Postal Service.
With these techniques it's possible to run Skype, Mozilla, and other file transfers to increase your ability to act anonymously on the internet, but it is not full proof. Nothing is full proof, remember? You are busted from get go, and if you write/post/do something that makes people very unhappy, they won't forget and will always look for you.
I'll probably write a 102 or 201, but I might not. Only 1% of people are computer "hackers" by any term, and it requires a computer hacker to be proficient at any of this, or to have a use for any of this. The only other folks who use this info are journalists. Trying to build a wall between your real identity and the internet is very difficult, and almost unnecessary. Long before the internet, the KGB and the FBI/CIA had no problems sniffing out subversive groups and subversive people. All of our phone calls are monitored, all of our purchase, and even (if not especially) the readers of this post. Thankfully, we do not live in a world of ThoughtCrimes, and information is still somewhat free - but when that time comes, they'll already have a file on people like us.
contribute to this article
contribute to this article
add comment to discussion
view discussion from this article