Anonymous Maximus - What would you do?

[BlackWasp]

I've been browsing the community for a while, and this particular subforum retains my interest more than any of the others. As privacy quickly fades into a thing of the past, I've become very interested in preserving anonymity for its own sake. After reading all of the advice, I feel that I'm somewhat confused as to how to remain the most anonymous browsing the web. So far, I've heard...

"It's impossible to stay anonymous - period."

"Oh man, just use TOR / VPN / TAILS / WhoNix / Public Wifi and you're 100% anonymous."

"You can stay relatively anonymous by mixing as many layers of anonymity as possible."

"If you mix too many layers in an attempt to remain anonymous, then you're maximizing the amount of things that could go wrong and reveal yourself."

"Just buy a computer, use it, smash it, and then throw it away dawg."

Of course, while there's some truth to all of these ideas, they really seem to be a series of competing philosophies of privacy as opposed to any thorough method. I have no expectation that someone will spoon-feed me a fool proof method (nor would I want that), but I think the best way to find what I'm looking for is to get a survey of people's thoughts on the issue by asking a hypothetical question:

Suppose you wanted to browse the internet privately. In your ideal scenario, what would you do to remain as anonymous as possible?

[dotszilla]

just to browse the internet.. load up TAILS on usb, spoof youre MAC maybe and your good.. now pen testing is a whole diff ballgame.. plus dont sign in your email or social media with the same proxy you use to do something illegal ( that should go without saying), and dont ever post or say anything that can later be traced to you, like if your a male or female, if its snowing where you at.. little things you say can connect you to certain places and thats how most people get found.. just look at the whole LULZsec thing, besides sabu snitching, the only other way they found em is through shit they posted about themselves...

[Trogdor]

I would just add 3 things to dotszilla's response: noscript, https everywhere, and make sure your box is completely clean.

[Trogdor]

Haha that's about as useful as switching your user agent, unless it's a wireless attack against filtering.

[dotszilla]

Spotted the noob!!

right.. you forgot to put the MAYBE i wrote.. and why dont you contribute to the post instead of trying to call people out on stupid shit.. instead of talking shit maybe you can explain to people why changing youre mac is sucha bad idea, since youre so smart.. and i didnt see you post what you would do, like the thread suggests..
i hate people that act like they know everything, you just sound ignorant as fuck by calling somebody a noob.. when in all reality youre the noob..

P.S  if you are connecting at a coffee shop or another public wifi spot, they can log the MAC addresses that connect to their routers, hack from there without spoofing and youre in trouble. So spoofing your MAC is not as useless as you think...
heres a link too smartass:
http://www.quora.com/What-are-the-advantages-of-MAC-spoofing

[khofo]

If the NSA wants to know where u are u are pretty much fucked and should find refuge in an embassy, otherwise I guess the thread: Art if Anonymity is stickied, that's the best there is.

Remember that each harware is unique and thus using any pc/laptop is identifying, I am not sure that if tails does prevent this but I doubt it, so basically destroy throw the laptop after you've done what u have to do is the best.

But in general if you are ont this forum asking this question u are not up to something the NSA or even the fbi cares to know, (or maybe for the FBI). Otherwise tor+not all add ons since having lots of addons on a tor browser is done, since if one is compromised u are basically fucked (law enforcement).
If u are just worrued about privacy from other peers, spams, Google collecting info about u etc.. Just follow the stickied post.
Again u probably aren't up to smth significant enough to track u trhoughly, ao regular anonymity measures are probably enough



P.S: I'll fix grammar etc once on PC

[dotszilla]

make sure your box is completely clean.

if you load TAILS on a usbdrive you dont have to worry about that, since TAILS makes it really hard to save anything to the HD... so there wont be anything to clean..

[Trogdor]

My bad dotszilla - didn't think about mac logging. Even things as simple as screen resolution can reveal your identity to a certain degree. And trying to hide your actions from feds is almost always ineffective, and will probably make them more suspicious of you. TAILS doesn't save to hd, but the unlikely instance of BIOS malware or hardware bugs can't be stopped by TAILS.

[dotszilla]

it does matter, i said maybe i would spoof my mac meaning depending on the situation i might do it, but most likely i wouldnt..

and w.e dude im not gonna sit here and argue with someone that averages 70 posts a year, you prolly just like to talk shit on forums...
2460h1
Posts: 276 (0.278 per day)

P.S. you shouldve explained why you think spoofing mac is useless in the first post, instead of calling me out and looking ignorant as fuck... uuhhh hes a noob cuz he said spoof the MAC ( a noob dont even know how to spoof a MAC) fking tard...

[dotszilla]

My bad dotszilla - didn't think about mac logging. Even things as simple as screen resolution can reveal your identity to a certain degree. And trying to hide your actions from feds is almost always ineffective, and will probably make them more suspicious of you. TAILS doesn't save to hd, but the unlikely instance of BIOS malware or hardware bugs can't be stopped by TAILS.

true true, and no prob...

[proxx]

Girls I had enough , no flaming and fuckin back-on-topic.

[deviant_sheep]

If the NSA wants to know where u are u are pretty much fucked and should find refuge in an embassy,
...
(or maybe for the FBI).

^this basically.  If you've already made enough noise as to have attracted the feds, or worse, the NSA, then its too late for anonymity.  If thats the case, even completely avoiding all electronic communications might not be enough to evade their watch. 

In your question you specified as anonymous as possible, so I'm going to try and think of, and apply as many levels of anonymity as I can think of.   
I would definitely start with booting a live distro, TAILS being the most efficient (most likely) as it has been designed from the ground up for privacy and anonymity.  Next you'll need to configure how you will connect to the outside world.  In this case since we're paranoid, so hop in the car and drive a few hours to a large metropolitan city (if you already live in one, then you might have to drive farther to find  another.) Once youve found a suitable city, purchase a prepaid creditcard with *cash.*    Before heading back home, find an open wifi network, or better yet hack an encrypted network (WEP is easy, WPA(2) with WPS would be a better choice.)  Once your connected to the internet (while booted into TAILS) rent a server, use fake name, address etc and pay with your prepaid creditcard. Make sure your server is located offshore, in a privacy friendly country like iceland, denmark, france or switzerland.  Configure a VPN server and TOR on your new box. Now you can go home.

Now you'll need to purchase a prepaid burner simcard and mobile hotspot, probably would have been a better idea to purchase that before you came home... thats not your fault though, your new to this so I'll let you off on that one.   Immediately once connected to your new hotspot, connect to your vpn and then out from your vpn through tor, to the internet. 

Once on the web,
NEVER use your real name for anything
NEVER tell personal stories or the like.. no matter how arbitrary and generic you think they are.
ALWAYS spread disinformation, make a back story for your alter ego and stick with it. 
NEVER order anything to your home address
NEVER communicate to personal friends or family while using your anonymous connection
ALWAYS disable javascript
NEVER install flash, or JAVA browser plugins
and lastly (because im getting tired)
ALWAYS use tor browser  (as opposed to a common browser set to use tor as a proxy) this is because tor browser emits the same fingerprint no matter what device its installed on so every tor user using a vanilla copy of tor will all give the same fingerprint. browser fingerprinting has  shown to be pretty accurate and  it seems the more you do to try and avoid this the more unique your fingerprint becomes in most cases (i could go into detail but browser fingerprinting is beyond the scope of this rant, but i suggest anyone that isnt familiar to read about it.)

Any way you could basically keep adding inifite layerrs of anonymity but the more you do, the more limitations you will encounter and  the less enjoyable your web experience becomes.  So what I suggest for anyone is to first determine exactly how much privacy and anonimity you require and go from there, and also don't forget that being so quiet on the web can attract attention on its own, so disinformation and alter ego's are a must.  Don't be TOO quiet.

[proxx]

Ill hop on the boat.

The question here is hardly techical in nature since we can simply not know what lies beyond the horizon, security is fundamented on trust.
Since we trust the wrong stuff we are fucked.
Let SSL be an example , it has come forward that SSL auths where forced to give up the key's  etc etc.

To truly gain anonymity one will have to make sure that one can trust every single shackle in the chain.
This is simply not possible with untrusted hardware/software and infra.

Fully revised opensource hardware/drivers/software/infra would make for a good start.
Good to note that this is not completely out of reach.
(just a mindfart; a rasp with selfwritten OS/drivers and some self designed proto to use the wireless interface would approach the problem quite well)
Non of this is practical.

In the last year or 2 openSSL has been turned upside down and some serious flaws came forward, large scale code revisions turn up even more, more will show.
This is happening in broad daylight, just imagine what is going on behind the scenes and who could have known etc.
They discovered a couple of 'illegal' taps placed by the NSA among others on seriously large routing points, this is hardly suprising but this and the stuff about SSL being fucked pretty much means you just dumped x years of unencrypted data in the hands of others.
bank details/passwords etc etc etc.
What I am trying to say is that info about you is all over the place and this highly conflicts with being 'anonymous' , to be anonymous you must not have an identity.

Some say you are fucked when you plug the cable , I think you are fucked anyway.

[Killeramor]

I believe the moment you create anything real on the internet about yourself, you are fucked.

[BlackWasp]

Was not expecting this many replies - thanks everybody for the useful information. I will now address your responses.

First, as a general point, I am not doing anything that should or would attract the attention of the police, NSA, or FBI. I'm actually just a computer science student who is interested in privacy. The most "edgy" thing I do online is lurking various chans. I just feel like the knowledge of remaining anonymous is something important and inherently powerful to have in our contemporary Big Brother society.

 

...load up TAILS on usb, spoof youre MAC maybe and your good..plus dont sign in your email or social media with the same proxy you use to do something illegal ( that should go without saying), and dont ever post or say anything that can later be traced to you..

I think this is all well said. Running TAILS off USB is something I was a little sketched out about seeing as they found some pretty major security breaches since their most recent update, but I agree with you that it's overall the safest OS to run.


As far as the debate between you and the other member about spoofing the MAC address, I agree with you. Spoofing the MAC address isn't exactly top-notch high speed security, but it should definitely be part of the equation. What the user "2460h1" is failing to recognize is that, in the case of some kind of investigation, raid, getting V&, or whatever, the MAC address of your computer is going to be otherwise identified by any router it touches - including the one you're using. So spoofing shouldn't be a mainline defense, but definitely helps.

I would just add 3 things to dotszilla's response: noscript, https everywhere, and make sure your box is completely clean.

Again, a valid point, although I don't know if there really is such a thing as "completely clean." I've actually never heard of noscript until I got onto this website, so thanks for sharing.

Art if Anonymity is stickied, that's the best there is.

Yes, I plan on reading this. Thank you.

Remember that each harware is unique and thus using any pc/laptop is identifying...

I'm kind of curious how true this. Supposing someone went online and theoretically browsed a webpage, I don't think any identifiable hardware would potentially be identifable besides the MAC address and possibly the screen resolution as available via the user agent.

...Otherwise tor+not all add ons since having lots of addons on a tor browser is done, since if one is compromised u are basically fucked (law enforcement).

I've actually never used or downloaded TOR. I always felt like the amount of faith people put in TOR alone is ridiculious, but you do make a good point.

if you load TAILS on a usbdrive you dont have to worry about that, since TAILS makes it really hard to save anything to the HD... so there wont be anything to clean..

That's actually not totally true, and is one of the things that was one of the security details upgraded in the newest version of TAILS. I don't want to get into specifics, but there are other areas where datagrams are saved besides the ones manually deleted by the distro - not including the fact that older versions of the distro have demonstrably failed in cleaning what they said they would.

TAILS doesn't save to hd, but the unlikely instance of BIOS malware or hardware bugs can't be stopped by TAILS.

This is also true.

If you've already made enough noise as to have attracted the feds, or worse, the NSA, then its too late for anonymity.

Like I said, I would be absolutely shocked if my behavior is enough to warrant any attention from anybody, especially considering what kinds of stupid / screwed up / patently illegal things people post up and / or admit to on some of the forums I've visited. I'm not up to anything crazy.

I would definitely start with booting a live distro, TAILS being the most efficient (most likely) as it has been designed from the ground up for privacy and anonymity.  Next you'll need to configure how you will connect to the outside world.  In this case since we're paranoid, so hop in the car and drive a few hours to a large metropolitan city (if you already live in one, then you might have to drive farther to find  another.) Once youve found a suitable city, purchase a prepaid creditcard with *cash.*    Before heading back home, find an open wifi network, or better yet hack an encrypted network (WEP is easy, WPA(2) with WPS would be a better choice.)  Once your connected to the internet (while booted into TAILS) rent a server, use fake name, address etc and pay with your prepaid creditcard. Make sure your server is located offshore, in a privacy friendly country like iceland, denmark, france or switzerland.  Configure a VPN server and TOR on your new box. Now you can go home.

Thank you for taking the original question seriously. This is probably the best post so far.


On this note, I've never actually configured a VPN. A lot of people seem to think that they're like the greatest thing since sliced bread, but it stands to reason that it leaves more of a trail than the security it provides is worth.

Now you'll need to purchase a prepaid burner simcard and mobile hotspot, probably would have been a better idea to purchase that before you came home... thats not your fault though, your new to this so I'll let you off on that one.   Immediately once connected to your new hotspot, connect to your vpn and then out from your vpn through tor, to the internet.

Once on the web,
NEVER use your real name for anything
NEVER tell personal stories or the like.. no matter how arbitrary and generic you think they are.
ALWAYS spread disinformation, make a back story for your alter ego and stick with it. 
NEVER order anything to your home address
NEVER communicate to personal friends or family while using your anonymous connection
ALWAYS disable javascript
NEVER install flash, or JAVA browser plugins
and lastly (because im getting tired)
ALWAYS use tor browser  (as opposed to a common browser set to use tor as a proxy) this is because tor browser emits the same fingerprint no matter what device its installed on so every tor user using a vanilla copy of tor will all give the same fingerprint. browser fingerprinting has  shown to be pretty accurate and  it seems the more you do to try and avoid this the more unique your fingerprint becomes in most cases (i could go into detail but browser fingerprinting is beyond the scope of this rant, but i suggest anyone that isnt familiar to read about it.)

Excellent post and well stated.

To truly gain anonymity one will have to make sure that one can trust every single shackle in the chain.
This is simply not possible with untrusted hardware/software and infra.

Again, outstanding point. Hence the reason I'm hesitant in respect to VPNs. Especially a service you're paying for.


Thanks everybody for their feedback. I'd like to see this conversation continue, particularly as it pertains to VPNs.