Guide to Anonymity, Security and Anti-Forensics

[0poitr]

Thanks. I always looked forward to something like this. A nice guide. +1

The IPFuck plugin is great. As its info page hints, three http headers supply host identity information(including ip address). Which are VIA, X-Forwarded-For and Client-IP
There are some more or maybe just aliases of them as I found on the web, but they seem to serve similar purposes.

    HTTP_CLIENT_IP
    HTTP_X_FORWARDED_FOR
    HTTP_X_FORWARDED
    HTTP_X_CLUSTER_CLIENT_IP
    HTTP_FORWARDED_FOR
    HTTP_FORWARDED

I found the specs of VIA here : http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (14.45)
and a draft RFC of X-Forwarded-for here : http://tools.ietf.org/html/draft-petersson-forwarded-for-02
Couldn't find a RFC for client-ip though but a google search reveals some cisco and other manufacturers' documentation on how to modify that header.

So, after a bit of research, my conclusion is X-Forwarded headers are troublesome for anonymity if they are maintained properly throughout the route. Usually, using IPfuck with a medium anonymous proxy (public proxies with high anon are often very slow) should be able to hide the actual client address.

Here, I found some websites that check how much info can be gathered from your browser requests.

• https://panopticlick.eff.org/index.php
• http://browserspy.dk/headers.php (Especially, check the IP address, http headers and proxy info pages.)

Funny thing is, when you use ipfuck with no proxy, whatsmyip.com checks the headers(which is spoofed) for your actual ip and the takes the content of the REMOTE_ADDR header (which has your original address) as the proxy server's ip. Try it.

[rapture]

Post edited, thanks Fur and 0poitr.

[lucid]

You know what, no offense to OP but I'm really sick of these generic Anonymity guides. They are all the same.

1. Proxy

2. VPN

3. Tor

4. Encryption

5. Disk Wipe

6. Virus

7. Don't talk about stuff to people

This one and the one that is stickied which I personally think should be unstickied in particular. I think I'm going to write a more comprehensive, less generic one that I want to be stickied. This shit gets annoying.

[Stackprotector]

You know what, no offense to OP but I'm really sick of these generic Anonymity guides. They are all the same.

1. Proxy

2. VPN

3. Tor

4. Encryption

5. Disk Wipe

6. Virus

7. Don't talk about stuff to people

This one and the one that is stickied which I personally think should be unstickied in particular. I think I'm going to write a more comprehensive, less generic one that I want to be stickied. This shit gets annoying.

I am looking forward to that

[lucid]

Will you sticky it if I do.....and it's good? I'm going to get started today.

[Stackprotector]

Will you sticky it if I do.....and it's good? I'm going to get started today.

If it's worth sticking

[lucid]

If it's worth sticking

Well, take at look at it do YOU think it's worth sticking?

[rapture]

No problem, I replied at your guide, very nice and descriptive.

imho, to get anonymity section productive, it should not be circulating in one topic which can be understood with just a single thread.

[Averagegenius]

Thanks a lot! Im new to hacking so this was very useful.

[Feyd]

I think it is worth mentioning that disk encryption is useless if you get raided while the drive is decrypted and if you don't have any special software that unmounts or powers of the disk before the forensics team have done a full copy.

If you store your files in a removable drive, hide and take it away off the scene (make sure they wouldn't see).

I guess you can call this an attempt to solve the problem I mentioned but seriously, don't expect the police to be THAT incompetent.

[proxx]

I think it is worth mentioning that disk encryption is useless if you get raided while the drive is decrypted and if you don't have any special software that unmounts or powers of the disk before the forensics team have done a full copy. I guess you can call this an attempt to solve the problem I mentioned but seriously, don't expect the police to be THAT incompetent.

Thats an interesting concept.
Making the disk useless upon 'cracking' gonna think about that for a little.

[Feyd]

Thats an interesting concept.
Making the disk useless upon 'cracking' gonna think about that for a little.

If a forensics team uncovers an encrypted hdd they will make a raw copy first thing. They won't start cracking away trying to break the encryption. With a decent algorithm and a sufficently good password this won't matter much however.
If it is found decrypted they will ofc also make a copy in which case you are screwed if you don't manage to power of or unmount the drive.

[proxx]

If a forensics team uncovers an encrypted hdd they will make a raw copy first thing. They won't start cracking away trying to break the encryption. With a decent algorithm and a sufficently good password this won't matter much however.
If it is found decrypted they will ofc also make a copy in which case you are screwed if you don't manage to power of or unmount the drive.

Yes exactly.
Use being screwed in your advantage.
They have to read from the disk to copy it.
There is the entry point, HDD's have firware , memory and ARM cores these days.

[Feyd]

Yes exactly.
Use being screwed in your advantage.
They have to read from the disk to copy it.
There is the entry point, HDD's have firware , memory and ARM cores these days.

That true. I've long thought about how to do such a dismount or whatever but never bothered to try to implement it. Would be a an interesting thing to look into.
In Truecrypt there is also the option to create a special partition (or whatever it is) that you can decrypt with a second password to provide you with plausible deniability in case you get forced to hand over your key.

[lucid]

In Truecrypt there is also the option to create a special partition (or whatever it is) that you can decrypt with a second password to provide you with plausible deniability in case you get forced to hand over your key.

You are thinking of the Hidden Volume option. Basically, you create a volume which has two passwords. One password opens up the volume in which you put a bunch of crap that wouldn't actually get you into any trouble, and the other password would open up the volume that has all your kiddy porn on it. LE wouldn't be able to tell that there is a hidden volume because the free space of any volume is filled with random data. The hidden volume would look just like this.