AnonymousOne
27th June 2011, 05:18
As technology continues to advance more and more actions of ours will be organized online. In fact there are many anti-capitalist and anarchist groups that act only online. It is of the utmost necessity in that case that we be secure and anonymous as we undertake actions in Cyberspace.
You can never be truly Anonymous online. There is always a path that can be traced from where you were/are and your target/destination. That path can be straight forward or it can be complex. Your goal is to make it difficult to be tracked. You can use seven, eight, fifty, a hundred, whatever number of proxies and still be traced.
I ask that you read this as it being a work in progress, if you would like feel free to ask questions and I will answer them to the best of my ability. My goal is to make you secure and anonymous online.
The Bare Necessities:
First: NEVER, EVER DO ANY WORK FROM HOME ONLINE.
You want to avoid being traced to a location that you live at. Get out of your house, and go to any place with free wi-fi, or paid wi-fi. Just get away from your house and use someone else's location. That will prevent the FBI from knocking on your door, and instead on McDonald's door. This is one of the only ways to ensure that you will be safe if they trace you all the way back (which can be done).
Second: Use an Anonymizer
There are multiple services that can be used from Tor, to JonDo, to I2P, to Ultrasurf. However for this guide I will only break down two of the most popular, Tor and Ultrasurf.
Ultrasurf:
Benefits: This is a proxy service that also encrypts your internet, it is portable, easy to use and gets you around most blocks and ensures that you are anonymous.
Costs: The maker of Ultrasurf, the Ultrareach Corp., is in part financed by the United States Government. The French security firm Reflet found that the program contained trojans and backdoors that would allow the U.S to trace where you had been. Modified versions of Ultrasurf have been a critical way that Syria's security forces have cracked down on dissidents.
Overall: Not a recommended tool unless you simply want to get around censored websites at work or school that are non-political in nature. If you attempt to use it for security as an activist would be foolish.
Tor:
Benefits: Free, anonymous, sends your traffic through a relay making it more difficult for people to track where you've been. It also has the benefit of choosing certain endpoints. In general I recommend Russia, as Russia does not honor foreign requests for server logs.
Costs: Slower than Ultrasurf, takes a bit more work to set up to fully ensure you're anonymous.
Overall: Probably my first recommendation for an anonymizer.
Third: Spoof the MAC Address:
Before we get into the details let's begin with a simple analogy:
On a local area network, computers exchange
their MAC addresses to identify each other. What is the difference, or
commonality, between a MAC address and an IP address? They both identify
where a frame came from, and where it is heading. However, an IP address can
be easily assigned, and frequently are, to other machines. A MAC address is a
hardware address, and it supposed to be permanent, following the NIC card
wherever it goes. It is like the MAC address is the address for a house, to receive
the postal service mail, and the IP address is like the telephone number. The
“street address” (MAC address) and the “telephone number” (IP address) are
both bound to the same house (computer on the network), but the telephone can
be switched to another home, but the street address will remain the same. Every
computer hooked up to a network uses a NIC card, and is used for identifying
itself on the network.
There is a utility you can download which automatically randomly changes your MAC Address. This utility is called "MadMacs" for PC computers, and is incredibly helpful for remaining anonymous online. There is also the following command for Linux, simply enter this in the command line:
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'
That becomes your random MAC Address, take the output from that and enter the following:
sudo ifconfig en1 ether ""
With the "" being the randomly generated MAC Address
So, now you're at a random public location, they don't know your Physical Address, you're buried deep in the TOR network and your IP is different and even if they trace it all the way back they end up at McDonalds. Now we're feeling more secure.
Fourth: Secure your Email
If you are like the average user your email is either:
@yahoo
@gmail
@hotmail
@live
Now, all of these emails are owend by U.S corporations who would most likely fold under pressure. Email contents are not very secure.
So the first thing you do is you create an account with Hushmail. It's biggest focus is privacy and security which is your goal. Do not be afraid to set up multiple accounts. Every website I'm registered with I have a unique hushmail account for.
Is it a hassle? Yes. But it also helps keep me from being tracked.
However, another solution if you don't want to create a new mail account is to encrypt certain messages that you send with your main email account. This can be done using the PGP system, or Pretty Good Protection. However, this can backfire as Governments and other entities will be more suspicious of your encrypted email and it may end up in them reading email they wouldn't have read otherwise.
So, be smart and at the very least have a separate email for contact with political organization.
Fifth: Securing the OS
We've secured your anonymity online. Your computer is essentially untraceable as long as you've done everything correctly. However, let's say your computer ends up in the wrong hands. If you have anything on your main OS, or on your Hard Drive you are incredibly screwed. You can format a hard drive seven times and the data can still be reliably recovered.
So what is the solution for the individual concerned about security?
The answer, is Tails:
Using Tails on a computer doesn't alter or depend on the operating system installed on it. So you can use it in the same way on yours, the computer of a friend or one at your local library. After removing your Tails CD or USB stick the computer can start again on its usual operating system.
Tails is configured with a special care to not use the computer's hard-disks, even if there is some swap space on it. The only storage space used by Tails is the RAM memory, which is automatically erased when the computer shuts down. So you won't leave any trace neither of the Tails system nor of what you did on the computer. That's why we call it "amnesic".
All internet connections automatically go through the tor system using Tails.
As I can not link, please go Google or search for "Tails + Tor" and burn the ISO to a DVD.
Changing Your Behavior Online:
Step One: Multiple Usernames
You would not believe just how easy it is to track someone down if they use the same username over and over again. I guarantee you if someone reuses a username frequently I can find you their name, phone number, address, facebook, emails, etc.
Of course you think, I'm on RevLeft it won't show my email, I'm totally safe. You are wrong.
Let's say you operate a blog or twitter, that you link to as your homepage. I can find an email from that. Or I can simply do a username search using http://www.pipl.com and from that I can find accounts associated with that username. Seriously, go try to track yourself down. You'll be surprised with just how much information you can find. I can check the accounts using some basic info that I can find from the information you give on RevLeft. If you say you're a Hoxhaist/Anti-Revisionist/Maoist-Marxist-Leninist I can use that and the info you give on the other profile to confirm identity.
In fact, the easiest way to prevent being tracked and found
Step Two: Multiple Emails
You don't need to connect everything to the same email. In fact this is one of the worst things you can do. It once again acts as a verification thing. If I can go on your FB, and I can see the same two emails listed I know I've tracked down the right person.
If you want to have a separating between your professional life and your political life, use multiple emails. Otherwise if you say, have a linkedin account where you outline where you've worked your name, where you went to college, when you were born, when you left college, where you went to work etc. I know what more about you than I should.
Where it gets even slicker is if I have your email, but not an address or location is I can send an email to you pretending to be whoever or say that I'm looking for something. If you respond, I get your IP Address, and if you're not using any kind of proxy I have your location.
You can never be truly Anonymous online. There is always a path that can be traced from where you were/are and your target/destination. That path can be straight forward or it can be complex. Your goal is to make it difficult to be tracked. You can use seven, eight, fifty, a hundred, whatever number of proxies and still be traced.
I ask that you read this as it being a work in progress, if you would like feel free to ask questions and I will answer them to the best of my ability. My goal is to make you secure and anonymous online.
The Bare Necessities:
First: NEVER, EVER DO ANY WORK FROM HOME ONLINE.
You want to avoid being traced to a location that you live at. Get out of your house, and go to any place with free wi-fi, or paid wi-fi. Just get away from your house and use someone else's location. That will prevent the FBI from knocking on your door, and instead on McDonald's door. This is one of the only ways to ensure that you will be safe if they trace you all the way back (which can be done).
Second: Use an Anonymizer
There are multiple services that can be used from Tor, to JonDo, to I2P, to Ultrasurf. However for this guide I will only break down two of the most popular, Tor and Ultrasurf.
Ultrasurf:
Benefits: This is a proxy service that also encrypts your internet, it is portable, easy to use and gets you around most blocks and ensures that you are anonymous.
Costs: The maker of Ultrasurf, the Ultrareach Corp., is in part financed by the United States Government. The French security firm Reflet found that the program contained trojans and backdoors that would allow the U.S to trace where you had been. Modified versions of Ultrasurf have been a critical way that Syria's security forces have cracked down on dissidents.
Overall: Not a recommended tool unless you simply want to get around censored websites at work or school that are non-political in nature. If you attempt to use it for security as an activist would be foolish.
Tor:
Benefits: Free, anonymous, sends your traffic through a relay making it more difficult for people to track where you've been. It also has the benefit of choosing certain endpoints. In general I recommend Russia, as Russia does not honor foreign requests for server logs.
Costs: Slower than Ultrasurf, takes a bit more work to set up to fully ensure you're anonymous.
Overall: Probably my first recommendation for an anonymizer.
Third: Spoof the MAC Address:
Before we get into the details let's begin with a simple analogy:
On a local area network, computers exchange
their MAC addresses to identify each other. What is the difference, or
commonality, between a MAC address and an IP address? They both identify
where a frame came from, and where it is heading. However, an IP address can
be easily assigned, and frequently are, to other machines. A MAC address is a
hardware address, and it supposed to be permanent, following the NIC card
wherever it goes. It is like the MAC address is the address for a house, to receive
the postal service mail, and the IP address is like the telephone number. The
“street address” (MAC address) and the “telephone number” (IP address) are
both bound to the same house (computer on the network), but the telephone can
be switched to another home, but the street address will remain the same. Every
computer hooked up to a network uses a NIC card, and is used for identifying
itself on the network.
There is a utility you can download which automatically randomly changes your MAC Address. This utility is called "MadMacs" for PC computers, and is incredibly helpful for remaining anonymous online. There is also the following command for Linux, simply enter this in the command line:
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'
That becomes your random MAC Address, take the output from that and enter the following:
sudo ifconfig en1 ether ""
With the "" being the randomly generated MAC Address
So, now you're at a random public location, they don't know your Physical Address, you're buried deep in the TOR network and your IP is different and even if they trace it all the way back they end up at McDonalds. Now we're feeling more secure.
Fourth: Secure your Email
If you are like the average user your email is either:
@yahoo
@gmail
@hotmail
@live
Now, all of these emails are owend by U.S corporations who would most likely fold under pressure. Email contents are not very secure.
So the first thing you do is you create an account with Hushmail. It's biggest focus is privacy and security which is your goal. Do not be afraid to set up multiple accounts. Every website I'm registered with I have a unique hushmail account for.
Is it a hassle? Yes. But it also helps keep me from being tracked.
However, another solution if you don't want to create a new mail account is to encrypt certain messages that you send with your main email account. This can be done using the PGP system, or Pretty Good Protection. However, this can backfire as Governments and other entities will be more suspicious of your encrypted email and it may end up in them reading email they wouldn't have read otherwise.
So, be smart and at the very least have a separate email for contact with political organization.
Fifth: Securing the OS
We've secured your anonymity online. Your computer is essentially untraceable as long as you've done everything correctly. However, let's say your computer ends up in the wrong hands. If you have anything on your main OS, or on your Hard Drive you are incredibly screwed. You can format a hard drive seven times and the data can still be reliably recovered.
So what is the solution for the individual concerned about security?
The answer, is Tails:
Using Tails on a computer doesn't alter or depend on the operating system installed on it. So you can use it in the same way on yours, the computer of a friend or one at your local library. After removing your Tails CD or USB stick the computer can start again on its usual operating system.
Tails is configured with a special care to not use the computer's hard-disks, even if there is some swap space on it. The only storage space used by Tails is the RAM memory, which is automatically erased when the computer shuts down. So you won't leave any trace neither of the Tails system nor of what you did on the computer. That's why we call it "amnesic".
All internet connections automatically go through the tor system using Tails.
As I can not link, please go Google or search for "Tails + Tor" and burn the ISO to a DVD.
Changing Your Behavior Online:
Step One: Multiple Usernames
You would not believe just how easy it is to track someone down if they use the same username over and over again. I guarantee you if someone reuses a username frequently I can find you their name, phone number, address, facebook, emails, etc.
Of course you think, I'm on RevLeft it won't show my email, I'm totally safe. You are wrong.
Let's say you operate a blog or twitter, that you link to as your homepage. I can find an email from that. Or I can simply do a username search using http://www.pipl.com and from that I can find accounts associated with that username. Seriously, go try to track yourself down. You'll be surprised with just how much information you can find. I can check the accounts using some basic info that I can find from the information you give on RevLeft. If you say you're a Hoxhaist/Anti-Revisionist/Maoist-Marxist-Leninist I can use that and the info you give on the other profile to confirm identity.
In fact, the easiest way to prevent being tracked and found
Step Two: Multiple Emails
You don't need to connect everything to the same email. In fact this is one of the worst things you can do. It once again acts as a verification thing. If I can go on your FB, and I can see the same two emails listed I know I've tracked down the right person.
If you want to have a separating between your professional life and your political life, use multiple emails. Otherwise if you say, have a linkedin account where you outline where you've worked your name, where you went to college, when you were born, when you left college, where you went to work etc. I know what more about you than I should.
Where it gets even slicker is if I have your email, but not an address or location is I can send an email to you pretending to be whoever or say that I'm looking for something. If you respond, I get your IP Address, and if you're not using any kind of proxy I have your location.