Anonymous Maximus - What would you do?

[BlackWasp]

Humans tend to make mistakes, that' why humans are the weakest link, and whatever your level is you should worry about errors from your side being leet or a toral noob, human error has the same impact. And that's very true for anonymity, most high profile "hackers" were catched because of human error, like soemone said saying how's the weather were u are is compromising, also your writing type, typos, profile picture all of this help to profile u. This isnwhy most of the "big hacks" interpreters were catched due to this and not due to misconfigured VPN, WiFi Hotspot or proxychains.
So human behaviour is key and always always worth mentioning, and 100% that u are subject to it too, saying that  human error is not a variable for u is a huge mistake

You seem to be forgetting the multitudes of people getting away with crimes consistently everyday (not just computer related) that know enough to keep their fucking mouth shut. It's not rocket science. It's as simple as being careful what you put out there.

[khofo]

You seem to be forgetting the multitudes of people getting away with crimes consistently everyday (not just computer related) that know enough to keep their fucking mouth shut. It's not rocket science. It's as simple as being careful what you put out there.

I never denied that, all that I am saying is that it's an extremely important aspect, that definitely is worth talking about.

[white-knight]

You seem to be forgetting the multitudes of people getting away with crimes consistently everyday (not just computer related) that know enough to keep their fucking mouth shut. It's not rocket science. It's as simple as being careful what you put out there.

I think trying to stay anonymous online and the steps to stay anonymous to commit a crime and not get caught would differ alot .. 

[proxx]

I think trying to stay anonymous online and the steps to stay anonymous to commit a crime and not get caught would differ alot ..

Well said.

It all depends on you basically , make it harder thus it costs more money to fuck with you.
When you are not that important noone is really gonna give a fuck and/or go through all the trouble.
ISP's tap because they are required to by the gov, at least here and I know more countries where this is the case.
As soon as there is a trail between you and the endpoint over which you send/receive data  you could be fucked if someone wants to fuck you.
Thats a lotta fuck but it looks about right to me.

[Trogdor]

Your anonymity level is mostly determined by how closely you are being watched(assuming you have made no previous fuck-up). If the govt wants someone in particular they will probably find him no matter how badass he is. Being anonymous also involves keeping your shit low-profile.

[BlackWasp]

I never denied that, all that I am saying is that it's an extremely important aspect, that definitely is worth talking about.

I don't disagree. I'm just think this point has been beaten to death and basically goes without saying. Literally almost every single person in this thread has mentioned it. It's important, but that's really the most basic OpSec / NetSec principle out there.

I think trying to stay anonymous online and the steps to stay anonymous to commit a crime and not get caught would differ alot .. 

I understand that I'm the new guy here and I see there's obviously a consensus forming, but I actually disagree with you and @proxx. At the end of the day, whether you're breaking the law or just trying to shop on amazon anonymously, you're going to be applying the same principles, using the same techniques, and relying on the same knowledge base of hardware, protocols, and computer science. Granted, Proxx is correct in saying that committing a crime "anonymously" ultimately comes down to not being worth the money that one would have to expenditure to catch you, but that's also true of remaining anonymous in general.


My greater point about crime was not to draw a distinction between remaining anonymous when breaking the law and remaining anonymous for privacy's sake. Rather, my point was that the finger wagging and eye-rolling impression I'm getting from certain individuals that "you're inevitably going to just volunteer personal information about yourself online because you're going to be that careless, and you're stupid to think you wouldn't" is absolute bollocks. This is to say that people engage in major crimes all the time and more often than not actually get away with it (3/5 of all major crimes are unsolved), and it's just as easy as keeping your mouth shut.


So maybe my rep will go down and I understand I'm disagreeing with the group, but I think the point still stands regardless.

[/size]
[/size]
[/size][size=78%]quote author=proxx link=topic=20584.msg108605#msg108605 date=1435768670][/size]
ISP's tap because they are required to by the gov, at least here and I know more countries where this is the case.
As soon as there is a trail between you and the endpoint over which you send/receive data  you could be fucked if someone wants to fuck you.





This is mostly true, but I it isn't that simple. The types of records that ISPs hold aren't as thorough as people would like to imagine for several reasons. Mainly, ISPs have no desire to store that much data because it's expensive and requires a lot of equipment. The government and NSA are getting ISPs to hold records and helping them with it, but it isn't like every website and every datagram is unencrypted and printscreened. Also, those records aren't there forever.


The greater point @proxx is making is correct. Basically if you give them reason to watch you, then you can expect that they will do so very closely. However, if you aren't a terrorist, costing some company a ton of money, uploading gigs of illegal content, or hacking government computers, they're not going to waste resources spying on your account and they're really not going to care.


As far as the intelligence community is concerned, Executive Order 12333 is pretty much where all the "We're going to spy on everything you do" mentality comes from.

[white-knight]

I guess its good to be paranoid and try to protect yourself any way you can.


But to protect yourself 100% would be to live in a bubble. To protect yourself fully online you would have needed to know to do it before you ever got on the internet. when i started using it i was young didnt know shit about watching what i do. I was about 13 when i first got online .


Most people bitch about they have no anonymity online while they post every pic and action they do on social media.


Not only are we watch by the Government but even by retailers. Now even stores track what you buy and what you look at so they can try to push items you might like to buy. Ive read that somehow the stores even follow ur cell signal to see what you stop to look at as your searching through the store .. dafuq  ..


So even if you remain 100% anonymous online the things you do offline will probably still be tracked back to your online activity somehow.


* this is just a thought but  If you buy a computer to use at home just because you are using 10 ways to not be tracked online, how do you know you arn't being watch from the hardware prebuilt inside that may  have some backdoor in it or naughty firmware in your wifi driver ..


just an opinion  tho .. im not in the Security Field or know what the fuck im talking about anyways  [size=78%] [/size]

[0E 800]

I understand that I'm the new guy here and I see there's obviously a consensus forming, but I actually disagree with you and @proxx. At the end of the day, whether you're breaking the law or just trying to shop on amazon anonymously, you're going to be applying the same principles, using the same techniques, and relying on the same knowledge base of hardware, protocols, and computer science.

You shop online anonymously? How does that work? Seriously.

[sh4d0w_w4tch]

I guess its good to be paranoid and try to protect yourself any way you can.


But to protect yourself 100% would be to live in a bubble. To protect yourself fully online you would have needed to know to do it before you ever got on the internet. when i started using it i was young didnt know shit about watching what i do. I was about 13 when i first got online .


Most people bitch about they have no anonymity online while they post every pic and action they do on social media.

This is really well put.  +1  Maintaining a high level of anonymity on the internet is going to be way to cumbersome to be worth it.  If you want to be anonymous for literally everything you do online, not just an identity, then you can't even have any computer turned on near where you live or work.  The way to go is decide on a level of anonymity that you want to maintain and create an opsec plan on how to maintain it.

For myself I created a whole new identity.  For billing I use prepaid cards.  It feels like overkill and I've really over done it.  One advantage it does confer is prevention of privacy leaks that will inevitably happen.  If you distribute something like an app, your privacy can get leaked in the receipt.

Eric S. Raymond says on his page about becoming a hacker that real hackers don't hide online because they want to promote their accomplishments.  Being anonymous and publishing all your work is going to limit your career because you can't publish the same tools and exploits under two different names and stay anonymous.

When I was in high school I thought it was one of the stupidest things in the world to use your real name on the internet and I didn't understand at all why any intelligent person would do it.  I get it now, but I advise never interacting with other users under your real name.  You should go to a pub if you want friends, as a lecturer put it.  There's too many lunatics out there and too many people you know are going to be gullible enough to believe anything they say.

Don't use social media because you're just going to spray information about yourself that can be used in harmful ways even if it isn't obvious.

You don't want finger wagging, but it's going to be near impossible for you to have bulletproof anonymity.  If you're not a criminal, an online identity with no connection back to you and basic technical measures to hide your identity will be enough.

Previous use of the internet will reduce your anonymity.  If you've been using an identity that could be compromised then the only thing you can do is create an entirely new identity that has no connection to any other identity you have used.  Your name should not reflect personal interests and you must avoid old behavior patterns.

You shop online anonymously? How does that work? Seriously.

You can't.  Yet another reason why remaining 100% anonymous all the time is foolish.

You can for some services, but not completely.  7-11 will have a video of me buying a prepaid card.

[0E 800]

You cant be anonymous and also be a tax paying citizen.

Having a valid regular use online presence is important.
IE: social media, shopping, banking

Keeping your personal identity separate from your malicious online identity is key.

 
Illegal activities:
Don't piss where you sleep.
Don't script your activities (keep it random)
Don't use the same WIFI AP
Use a throw away laptop
Use throw away id.
Do not reuse the same id.
Do not sign up for anything.
Do not use passwords that you use for your personal shit.
Do not store information.
Do not email.
Do not talk about fight-club.

[toutankhamoun.c]

So this is the first time i post in this forum, im been in this board for a while now and i found this topic interesting. Secrecy became the biggest problem, and for most tweakers  hackers curious programmers and whistleblower its becoming harder to hide their identity.
So i've been concerned about anonymity for years now and about how to leave the minimum trace in the internet.
So from my point of view for started you need to plan that adapt depending on the location the type of hardware and software used.What i always do is get 2 spare pci wireless card for the my machine and i take off the original and replace with a new one (i keep the original one for normal use).
Then comes the software part so a live cd is recommended (tails).
A foreign hosted server where we setup the vpn (not from home of course)
Try using public wifi (or crack some) and change location often.Or you can build this box called proxyham i just discovered a day ago and it seems a promising project that really got my interest and here is the link for the article
http://www.wired.com/2015/07/online-anonymity-box-puts-mile-away-ip-address/
Here what i think of for now and if there critics or advices im happy to hear them x)

[Darkvision]

Ill hop on the boat.

The question here is hardly techical in nature since we can simply not know what lies beyond the horizon, security is fundamented on trust.
Since we trust the wrong stuff we are fucked.
Let SSL be an example , it has come forward that SSL auths where forced to give up the key's  etc etc.

To truly gain anonymity one will have to make sure that one can trust every single shackle in the chain.
This is simply not possible with untrusted hardware/software and infra.

Fully revised opensource hardware/drivers/software/infra would make for a good start.
Good to note that this is not completely out of reach.
(just a mindfart; a rasp with selfwritten OS/drivers and some self designed proto to use the wireless interface would approach the problem quite well)
Non of this is practical.

In the last year or 2 openSSL has been turned upside down and some serious flaws came forward, large scale code revisions turn up even more, more will show.
This is happening in broad daylight, just imagine what is going on behind the scenes and who could have known etc.
They discovered a couple of 'illegal' taps placed by the NSA among others on seriously large routing points, this is hardly suprising but this and the stuff about SSL being fucked pretty much means you just dumped x years of unencrypted data in the hands of others.
bank details/passwords etc etc etc.
What I am trying to say is that info about you is all over the place and this highly conflicts with being 'anonymous' , to be anonymous you must not have an identity.

Some say you are fucked when you plug the cable , I think you are fucked anyway.

I was talking with someone not to long ago about this(ha he remains anonymous no one knows he is my dad!), and told him much of this...said yeah you can do more....and that it wont matter soon anyway. MASSIVE data centers are going up everywhere(cough google) video records from stores are being stored for longer and longer and longer periods of time. How soon till facial recognition screws you? (assuming you try to go anonymous at say starbucks 3 states away). Because eventually, business like walmart will realize that their is money to be had in that video, some of whcih they are already doing, other things that they WILL do eventually, like identify shoplifters, share that data with other stores..and have them do the same. because money baby! think RIAA..but applied to your local grocery store. The more business share that data, or leave it open to sale(and the gov can just fucking buy it ...) it doesnt matter what the "laws" on reasonable search are, when they are getting it from a 3rd party for a price. The cameras installed are getting better and better, and many of them can read what is on your computer screen. How long till THAT gets searched...and mind you im just barley touching the envelope, of how dead privacy is. So yeah being truly annon? not really possible. But "good enough" well its talked about all over here.

Also, to digress some, but because its important: considering the above, and other things, hiding your MAC IS a good idea. because your mac is very very likely to identify you. Just like an ip range, MAC addresses are identifiable. it will tell them WHO the manufacture is of your piece of gear, they can then go to said vendor and say hey which store did you sell this too? Oh best buy.hey best buy this MAC just blew up Harlem, we dont miss it per say, but we still need to catch him, would you terribly mind checking the purchase date of the machine that matches that MAC, and send us the video too? How long till your name is on the news? Which is why, if your going to do something "bad" enough to go through the trouble of super paranoia id recommend going with a flat out burner PC. Build a psu/converter/battery into a briefcase with monitor and keyboard and the like. slot for a ras pi+ wirless card. and when your done each time torch both components, put in new ones.

One last point: forget big citys-cameras everywhere. what you want is some smaller city with few cameras, but big enough not to notice that new car driving through, and find open wifi somewhere and do it that way. But still travel hours, use a pringles can to connect from several blocks away, bla bla bla--still probably gonna get caught if its really really bad.

[deviant_sheep]

I'm sure there are a handful of services like this on the web, but i just found this one and it reminded me of this thread.   http://ip-check.info

Try it with no proxy / tor and all your settings in "non-paranoid" configuration.. enable javascript etc (not  flash though, don't even install that garbage)  then try it using tor browser with noscript enabled etc in a live os etc...

Interesting just to see the possibilities and dangers of browser leaked data.

[dotszilla]

I'm sure there are a handful of services like this on the web, but i just found this one and it reminded me of this thread.   http://ip-check.info

Try it with no proxy / tor and all your settings in "non-paranoid" configuration.. enable javascript etc (not  flash though, don't even install that garbage)  then try it using tor browser with noscript enabled etc in a live os etc...

Interesting just to see the possibilities and dangers of browser leaked data.

nice.. very cool site, im messing with it and using different settings right now, checking the results.. very interesting.. thanks