Strong Anonymity on the Internet


How can you be anonymous on the Internet? I mean strong anonymity. So anonymous even the world’s best hackers could not identify you without spending perhaps hundreds of thousands of dollars in investigation expenses or they controlled half the Internet?

Its simple, but would take some time. In short, there’s a layered approach, or as its commonly referred to, defense in depth.

  1. Get Bitcoin in person with CashNOT a credit card online!
  2. Purchase a VPN with Bitcoin. Obviously verify that it has good security practices, non-logging, etc. I would recommend one outside of the US.
  3. Go to a public Wifi Hotspot, such as a coffee shop, during crowded business hours. Do not purchase anything while there.
  4. Change your MAC address prior to connecting to the Wifi network. Throw them off by changing it to the MAC address of, say, Apple if you’re using a Dell or a Motorolla cell phone if you’re using a Gateway. Be creative.
  5. Once online, connect to your VPN in a Virtual Machine – not directly from the base machine.
  6. Connect to Tor.
  7. Over Tor, find and connect to an exposed or public proxy server. You can do this over Proxychains.
  8. Finally….Connect to your site of choice…

Each layer has a specific and relevant function, protecting you in layers, each of which is quite formidable by itself. Lets work backwards…

Explanation:

The throw-away public proxy allows you to pick the country of origin that the exposed public-site sees. There are two assumptions. First, that its already compromised, monitored and bugged. Second, that others besides you are using it, so the actual source connecting to any particular site is hard to verify without logging every connection. If you target is in the US and the proxy is in China, the cyber-war between the two keeps you safe.

Tor is Tor. Enough said there. I will say, however, that with enough resources and time, it is possible for a government or extremely wealthy organization to control the Tor network. One can only hope that numerous organizations and governments attempt to do this, canceling out each other’s efforts. Having said that, unless you’re doing something truly horrible for prolonged periods of time, its unlikely that law enforcement will waste their potential ability to break Tor on you. But if they did…

The VPN anonymizes you in the event that Tor is ever compromised. Given that multiple users are likely running Tor, VPN connectivity over a widely used node is crucial. At this point if someone has gotten this far, I would be concerned. Very concerned. But your VPN account was itself purchased through untraceable means, so law enforcement cannot simply look at purchase histories and logs. That should help you sleep at night. But hypothetically if they did…

Your next layer is the public hotspots. They are widely used and extremely transient. Your spoofed MAC should conceal your laptop model and the fact that you didn’t purchase anything will afford you a final layer of plausible deniability – “Why would I show up somewhere and not purchase anything?” – As I write this, it occurs to me that it might also be useful to arrange for something to be purchased half-way across town with your credit card so you have a receipt “proving” you were elsewhere. Why not?

Yes, its still traceable…

Some will read this and say “Yes, yes, but technically speaking, with enough time, money and dedication even this can be traced.” Well…yes…but consider the financial and political costs involved. Unless you’re doing something truly terrible or really offensive to a government, they’ll call it “untraceable” after step 2.

Thoughts?

Advertisements