Anonymous Maximus - What would you do?

[iTpHo3NiX]

TLDR;

I don't feel like reading all the shit mostly mainly because I simply don't care. But I guess I'll post a normal setup.

Buy a reputable no log VPN, PrivateInternetAccess is a good choice. They support bitcoin payments as well as gift card payments (amazon, Walmart, Starbucks, etc). They also do not keep logs of anything. This is your first line of defence. The only system that should see your computer exposed is your VPN. It is obviously preferable to not use your home internet, rather highly populated areas with minimal Cameras and decent hot spots. Now that that's out of the way buy a bunch of cheap 8gb USBs, load up various nix distros, maybe a few Kali, a few tails... A different os for different purposes. Obviously if you run persistent you're stupid. So at this point we're Disposable OS - Hotspot (I guess a Mac spoofer) - VPN. Using tails I believe the web browser has extensions like noscript, HTTPS everywhere, etc. And that's good to browse the web. If you really want you can add in TOR and browse the deepweb.

In the end nothing is 100% anonymous but you can make it extremely difficult. Hide you USBs around, like a nice spot near your favorite hotspot locations. Don't forget to use your computer for regular browsing and have windows on it, keep it completely segregated. Nothing suspicious, Facebook, porn, personal emails, etc. The Disposable USBs are there for the other shit. Never sign up for anything with your real name with an alias email. For example:
Your real name is Thomas Abernathy. You have 1337.gh0st for a handle. You sign up for online banking with 1337.gh0st@gmail.com you just exposed a stupid mistake. Instead you have alias/alias email and real name/real name email. Never mix the 2 or you're going to have trouble when you piss off the wrong person and they go doxing.

[BlackWasp]

TLDR;

I don't feel like reading all the shit mostly mainly because I simply don't care. But I guess I'll post a normal setup.

Buy a reputable no log VPN, PrivateInternetAccess is a good choice. They support bitcoin payments as well as gift card payments (amazon, Walmart, Starbucks, etc). They also do not keep logs of anything. This is your first line of defence. The only system that should see your computer exposed is your VPN. It is obviously preferable to not use your home internet, rather highly populated areas with minimal Cameras and decent hot spots. Now that that's out of the way buy a bunch of cheap 8gb USBs, load up various nix distros, maybe a few Kali, a few tails... A different os for different purposes. Obviously if you run persistent you're stupid. So at this point we're Disposable OS - Hotspot (I guess a Mac spoofer) - VPN. Using tails I believe the web browser has extensions like noscript, HTTPS everywhere, etc. And that's good to browse the web. If you really want you can add in TOR and browse the deepweb.

In the end nothing is 100% anonymous but you can make it extremely difficult. Hide you USBs around, like a nice spot near your favorite hotspot locations. Don't forget to use your computer for regular browsing and have windows on it, keep it completely segregated. Nothing suspicious, Facebook, porn, personal emails, etc. The Disposable USBs are there for the other shit. Never sign up for anything with your real name with an alias email. For example:
Your real name is Thomas Abernathy. You have 1337.gh0st for a handle. You sign up for online banking with 1337.gh0st@gmail.com you just exposed a stupid mistake. Instead you have alias/alias email and real name/real name email. Never mix the 2 or you're going to have trouble when you piss off the wrong person and they go doxing.

That's kind of shitty that you didn't read a lot of the other posts because you'd realize that most of what you said was already written by other people. Nevertheless, the rest of it was pretty insightful. I have two questions about your input though.

Firstly, I  wonder about the wisdom of using a live boot *nix USB on another computer that you use regularly. Wouldn't that run the risk of exposing other information when you use it for browsing? Furthermore, wouldn't that run the risk of exposing the distro or its content if the computer was ever analyzed?

Secondly, could you elaborate on this part a bit?

Obviously if you run persistent you're stupid.

What do you mean run presistent? Do you mean using an actual installed version of a distro is stupid as opposed to always using a liveboot? Or do you just mean generally. I apologize, but I'm not fully picking up the context of what you're getting at.

[Trogdor]

DeepCopy I completely agree that a no log VPN is necessary, however I saw an article written by the CEO of PrivateInternetAccess in which he flamed the WiFi Pineapple and hackers alike. He then ended his article by stating that his service is the only reliable defense against the Pineapple. I can't find the link right now. I previously used the free and paid versions of CyberGhost VPN(bitcoin payment available). They are both quality services, and claim not to keep logs. However, the free version uses the PPTP protocol which is extremely insecure(lots of VPNs still use this). And beware of services which use every client's connection as a server for other users, such as Hola VPN. You're very likely to be busted for other people's shady activities. Just remember that no VPN will ever retain your privacy when presented with a court order. Yes BlackWasp I believe he meant an installed OS as persistent.

[iTpHo3NiX]

Persistent is a live usb that saves changes. I know most of what I said has been said before, but instead of interjecting myself into the differences in opinions, I simply posted mine.

And optimally yes you don't want to use the same computer. There's nothing new going on here. Just my opinion for doing minor illegal shit.

Anyways a healthy level of paranoia isn't bad as well.

@Trogdor
The wifi pinapple should be flamed, did you not hear about defcon? Isn't that good in a vpn that it can protect your traffic from devices like that, especially when using hotspot which are prime places for devices like a pineapple?

[BlackWasp]

@DeepCopy

Thanks for your input. Paranoia is my middle name.

[Trogdor]

@DeepCopy I'm not promoting the Pineapple, I'm just trying to show that this company is fairly anti-hacking. Yes, there was a 0day found at DefCon, but don't almost all connected devices have some type of vulnerability?

[iTpHo3NiX]

@DeepCopy I'm not promoting the Pineapple, I'm just trying to show that this company is fairly anti-hacking. Yes, there was a 0day found at DefCon, but don't almost all connected devices have some type of vulnerability?

Exactly why a VPN is good, esp. Good ones like PIA. They encrypt traffic so even if you're connected at least it's encrypted. Whether PIA is anti-hacking or not, I can't think of a single provider that is going to advocate Hacking, especially a service that's meant to protect you from that. Can you name a VPN provider that's like "hey use our services to hack government sites and spam the internet. Please Abuse our services"

[Trogdor]

@Deep haha that's true, but lots of people will use VPNs for hiding *insert shady shit here* while thinking that they're safer. Sure it may be better than using your own internet connection, but people put way too much trust in companies.

[BlackWasp]

@Deep haha that's true, but lots of people will use VPNs for hiding *insert shady shit here* while thinking that they're safer. Sure it may be better than using your own internet connection, but people put way too much trust in companies.

That's kind of my thought on the VPN. It seems like paying money is way too much of a hassle for the relatively basic "protection" they're providing.

[Trogdor]

And you're likely to make a tiny unavoidable mistake that completely gives you away. That's not to say that anonymity shouldn't be attempted; it's extremely important in modern times.

[BlackWasp]

And you're likely to make a tiny unavoidable mistake that completely gives you away. That's not to say that anonymity shouldn't be attempted; it's extremely important in modern times.

What kind of mistakes would you be referring to?

By its very nature, a mistake is avoidable in my mind. 

[Trogdor]

Any number of things. For example disabling noscript to enable functionality of a site will surely leak your true IP.

[BlackWasp]

Any number of things. For example disabling noscript to enable functionality of a site will surely leak your true IP.

Interesting.

I guess, when all is said and done, it comes down to whether or not what you're doing is attracting enough attention of people for them to bother spending money on tracking you down.

[Trogdor]

That's a very good point. Thank you for initiating a really quality, in-depth thread.

[BlackWasp]

Not bad for my first post, huh?

This seems like a cool community and I have a lot to learn, so I'm going to just hang around here, read, and ask questions.

You know, if I don't get v& in the meantime.