Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid
Because of the NSA revelations, as well as due to the many doxxings I've seen recently, for a while I've thought that I'd like to minimize my footprints online.

I know about basic things, like using apps like DoNotTrackMe and VPN as iPredator (not related to sexual predators), but not much more than that. Obviously, I also understand that things like Facebook, Gmail, etc. involve some personal information.
Basically, imagine I'm Edward Snowden. What tools should I use?


Thanks!

False Edit: For whatever it's worth, I'm not planning anything illegal.

Adbot
ADBOT LOVES YOU

Rhymenoserous
May 23, 2008
The way most people get doxxed is they spread their e-mail address and a common username around like herpes.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Rhymenoserous posted:

The way most people get doxxed is they spread their e-mail address and a common username around like herpes.

Yeah, I don't do that either. Nor do I do anything online I'd be ashamed of having associated with my name, but the question remains.

Goatse James Bond
Mar 28, 2010


I've made a huge mistake.

Until I looked at the thread I had a brief, fleeting moment of hope that it was started by Brian Boyko.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

GreyjoyBastard posted:

Until I looked at the thread I had a brief, fleeting moment of hope that it was started by Brian Boyko.

BrianBoyko:

I would like to be anonymous online. What do you suggest?

Brian Boyko (brianboyko.com, a Brian Boyko publication)

Zogo
Jul 29, 2003

Non Serviam posted:

Because of the NSA revelations, as well as due to the many doxxings I've seen recently, for a while I've thought that I'd like to minimize my footprints online.

Use different usernames on different sites.
Don't crosspost pictures of yourself on multiple sites as they could be reverse image searched.


Who are you trying to hide from? If you want full privacy from everyone just trash all your electronic devices. The Obama administration has been spying on heads of state from powerful countries with impunity. Elements in the US government have the means to spy on each other as well. Random civilians using tinkertoy programs have no privacy online.

Non Serviam posted:

Basically, imagine I'm Edward Snowden. What tools should I use?

Well, he fled the country.

Blowmonkey
Jan 9, 2005

Just cause you got the monkey off your back doesn't mean the circus has left town.
If you're trying to hide from regular people, most of the suggestions already in the thread will work fine.

If you're trying to hide from the government, you can't.

Hell, just by posting this thread you will have failed.

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer
It's possible, but the amount of effort required for you to obscure your identity from an ordinary web company is immense. Hiding from the NSA is not likely to be possible. Asking this question under the guise of protection against doxxing is about on par with claiming you want to concealed carry so that your daughter doesn't get raped walking down the street.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

adorai posted:

It's possible, but the amount of effort required for you to obscure your identity from an ordinary web company is immense. Hiding from the NSA is not likely to be possible. Asking this question under the guise of protection against doxxing is about on par with claiming you want to concealed carry so that your daughter doesn't get raped walking down the street.

So nobody here has an answer? Cool

Mister Kingdom
Dec 14, 2005

And the tears that fall
On the city wall
Will fade away
With the rays of morning light
If you post using somebody's WiFi anonymously, how could they track you down?

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Mister Kingdom posted:

If you post using somebody's WiFi anonymously, how could they track you down?

My forums account is 100% traceable, by my email.
As I said, I'm just curious as to how to try to leave as little traces as possible while browsing the Web.
What I know is, for example, not to use the same browser where you're logged in on facebook or Google to do your regular browsing.

PT6A
Jan 5, 2006

Public school teachers are callous dictators who won't lift a finger to stop children from peeing in my plane
If someone is interested in what you're doing, there's almost nothing you can do to evade them completely. If you're worried about someone in the future being interested in what you've already done, you have a lot less to worry about. Even people doing things that are outright illegal don't get caught because their Internet history is being combed over by some NSA supercomputer, they get caught because it's essentially impossible to hide from someone who has a reasonable idea you're doing something illegal and wants to catch you doing it.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

PT6A posted:

If someone is interested in what you're doing, there's almost nothing you can do to evade them completely. If you're worried about someone in the future being interested in what you've already done, you have a lot less to worry about. Even people doing things that are outright illegal don't get caught because their Internet history is being combed over by some NSA supercomputer, they get caught because it's essentially impossible to hide from someone who has a reasonable idea you're doing something illegal and wants to catch you doing it.

I'm not hiding anything illegal, it's more of a general question.

Mister Kingdom
Dec 14, 2005

And the tears that fall
On the city wall
Will fade away
With the rays of morning light

PT6A posted:

If someone is interested in what you're doing, there's almost nothing you can do to evade them completely. If you're worried about someone in the future being interested in what you've already done, you have a lot less to worry about. Even people doing things that are outright illegal don't get caught because their Internet history is being combed over by some NSA supercomputer, they get caught because it's essentially impossible to hide from someone who has a reasonable idea you're doing something illegal and wants to catch you doing it.

I used to post on a now defunct local message board and got into numerous heated discussions with another poster. He claimed to be a "military-trained" criminologist who "made generals tremble in fear". He would repeatedly violate the site's TOS and I would report him resulting in his posts being removed.

He swore I was hacking the site and personally deleting his posts (despite his getting numerous emails from the moderators). He told me was going to "track my rear end down" and "bring my rear end to justice" for violating state and Federal computer commerce laws. He got banned for that one.

That was in 2011.

I'm still waiting.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Mister Kingdom posted:

I used to post on a now defunct local message board and got into numerous heated discussions with another poster. He claimed to be a "military-trained" criminologist who "made generals tremble in fear". He would repeatedly violate the site's TOS and I would report him resulting in his posts being removed.

He swore I was hacking the site and personally deleting his posts (despite his getting numerous emails from the moderators). He told me was going to "track my rear end down" and "bring my rear end to justice" for violating state and Federal computer commerce laws. He got banned for that one.

That was in 2011.

I'm still waiting.

Precisely. He wants to Surprise you.

Mister Kingdom
Dec 14, 2005

And the tears that fall
On the city wall
Will fade away
With the rays of morning light

Non Serviam posted:

Precisely. He wants to Surprise you.

The funny thing is that I posted to the site anonymously (they never verified personal info), but he would always put his website in his signature. I knew more about him than he did of me. He's in his mid-to-late 60s, so he better get to it.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Mister Kingdom posted:

The funny thing is that I posted to the site anonymously (they never verified personal info), but he would always put his website in his signature. I knew more about him than he did of me. He's in his mid-to-late 60s, so he better get to it.

I think hacking and Internet police are pretty common threats in forums.

Mister Kingdom
Dec 14, 2005

And the tears that fall
On the city wall
Will fade away
With the rays of morning light

Non Serviam posted:

I think hacking and Internet police are pretty common threats in forums.

When I challenged him on how he would go about legally getting my info from the site, he just kept saying stuff like, "Yeah, I got you running scared now".

I had a good laugh.

ashgromnies
Jun 19, 2004
the specific term you're loking for is "opsec"

since you were asking about government, here are army guidelines for opsec on social networks: http://www.lewis-mcchord.army.mil/des/OPSEC%20Training/SocialmediaandOPSECbrief1.pdf

ultimately it's pretty difficult to be 100% anonymous, but here are a couple tips:

1) disable java and flash in your browser
2) use ghostery or a similar ad blocker
3) use a vpn or tor. either will encrypt your traffic, however it will be obvious you're accessing either vpn or tor (well, Tor has "pluggable transports" now that make the traffic look like non-Tor traffic but it's theoretically detectable still -- especially since antone can view the list of active Tor relays. Your isp could tell you were connecting to Tor very easily, for example (but probably not what you were accessing on it)). also, there have been Tor deanonymization attacks already, so it is likely to not be flawless. vpn providers have also been coerced into giving up subscriber information. also note that with Tor you are at the whim of relay operators. while any intermediary relay operator can't do much, if the same person owns both the beginning and ending hops it is theoretically possible for them to de-anonymize you. also, if the service you're accessing does not use https, the traffic will be completely visible to the person who owns the last relay.
4) don't use the same names or passwords on different services

you also need to perform an exercise called "threat modeling" to be able to answer this question effectively. what exactly are you trying to avoid when you say you want to be anonymous online? from whom are you trying to remain anonymous, and how are they observing you? are you using networks (office, coffee shop, airport, whatever) that your adversary might be monitoring? are you trying to remain anonymous from service providers? are you trying to remain anonymous from other web users? and which services are you trying to access?

the EFF has a lot of good resources on this as well, for example here is their guide on private email: https://www.eff.org/deeplinks/2012/11/tutorial-how-create-anonymous-email-accounts

ashgromnies fucked around with this message at 03:33 on Mar 27, 2015

ashgromnies
Jun 19, 2004
also, note that if your computer has been owned, you're pretty much hosed

there was just a proof of concept released of overwriting the bios through smm to create persistent exploit regardless of operating system -- meaning even if you reformat your computer or use live CDs it doesn't matter: http://www.se-eng.com/2015/03/uefi-bios-exploited-through-system-management-mode/

and if someone has direct access to your computer they can view wha you're doing very easily regardless of your attempts to encrypt or hide it

don't use windows, that's important too.

Zogo
Jul 29, 2003

Mister Kingdom posted:

If you post using somebody's WiFi anonymously, how could they track you down?

Cookies
Packet analysis
Wireless MAC address of the device

PT6A
Jan 5, 2006

Public school teachers are callous dictators who won't lift a finger to stop children from peeing in my plane

Zogo posted:

Cookies
Packet analysis
Wireless MAC address of the device

This is what I was talking about earlier. If someone was actually looking for your activity, and had at least some basic information about you, you're going to have a very, very difficult time hiding your activity completely. However, it would be nearly impossible for someone who's pissed off at you right now, let's say (or investigating you for a crime) to take that information and re-build your past browsing history to learn about your transsexual adult baby fetish to doxx you with.

ashgromnies
Jun 19, 2004

Mister Kingdom posted:

If you post using somebody's WiFi anonymously, how could they track you down?

if you're talking about these forums, they're all over HTTP so on un-switched networks or wifi networks it's super easy to view everything you post or steal your session cookie

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

PT6A posted:

This is what I was talking about earlier. If someone was actually looking for your activity, and had at least some basic information about you, you're going to have a very, very difficult time hiding your activity completely. However, it would be nearly impossible for someone who's pissed off at you right now, let's say (or investigating you for a crime) to take that information and re-build your past browsing history to learn about your [b] transsexual adult baby fetish [\b] to doxx you with.

That's a relief.

So what good practices do you recommend?

Mister Kingdom
Dec 14, 2005

And the tears that fall
On the city wall
Will fade away
With the rays of morning light

Zogo posted:

Cookies
Packet analysis
Wireless MAC address of the device

But if it came right down to it, wouldn't they have to have physical possession of your computer for proof?

ashgromnies
Jun 19, 2004
you're all stupid as poo poo

PT6A
Jan 5, 2006

Public school teachers are callous dictators who won't lift a finger to stop children from peeing in my plane

Mister Kingdom posted:

But if it came right down to it, wouldn't they have to have physical possession of your computer for proof?

In a legal sense, probably. In a potential candidate for doxxing sense, no.

Rhymenoserous
May 23, 2008

Non Serviam posted:

Yeah, I don't do that either. Nor do I do anything online I'd be ashamed of having associated with my name, but the question remains.

And people have answered, if you want the 100% way to do it just unplug your computer and kill anyone you see with a smartphone out.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Rhymenoserous posted:

And people have answered, if you want the 100% way to do it just unplug your computer and kill anyone you see with a smartphone out.

Did you wake up on the wrong side of the bed or something?

ashgromnies posted:

you're all stupid as poo poo

Did you two assholes wake up on the wrong side of the bed or something?

ashgromnies
Jun 19, 2004

Non Serviam posted:

Did you wake up on the wrong side of the bed or something?


Did you two assholes wake up on the wrong side of the bed or something?

I just made an effort post to actually try to be helpful then someone posts

Mister Kingdom posted:

But if it came right down to it, wouldn't they have to have physical possession of your computer for proof?

Right after, which is directly related to the need for "threat modeling" like I said in my post, which OP still hasn't done, and, well, gently caress it. OP clearly doesn't care about what they're asking enough to actually put thought and exercise into it, so it's not rewarding to try to help them.

Alder
Sep 24, 2013

Non Serviam posted:

That's a relief.

So what good practices do you recommend?

In the past I had a lot of free time and thought about this for fun. Basically, it's useless as NSA and Google already own our souls. However, this hasn't stopped me from being careful anyways.

1) Never use public services like Gmail. Host your own email servers.
2) Never join social networks. Delete all your old inactive accounts.
3) Secure all forms of communications between you and the other person. Yes, that means you need to "educate" all your friends/family. Good luck.
4) Build your own PC. It's fun and you can prevent companies from spying on you or installing backdoors. Never buy pre-made tech/laptops too.
5. VPN your internet. Don't visit shady sites as Google will track you based on your unique cookie ID. Yeah, Incognito is a lie :v:
6. Don't use a smartphone. Cell phone companies can track you via call records/towers. Keep a pre-paid Nokia instead.
7. Religiously Google your IRL name, handles, and ID to see if anyone posted relevant info. I suggest 3-5x a month to be sure there's no public record of you out there. Never upload photos and ask everyone to never do that same if it contains your face somewhere.
8. Leave America and move to idek. However, keep in mind if you renounce your American citizenship you lose access to the Bill of Rights. There's nothing stopping the CIA/FBI from kidnaping you on your vacation too. Oh well.

It's a huge waste of time but a interesting what-if game. Also, you will have to break all the cameras in the store(s) as they probably have your likeness recorded.

Alder fucked around with this message at 21:51 on Mar 27, 2015

Zogo
Jul 29, 2003

Mister Kingdom posted:

But if it came right down to it, wouldn't they have to have physical possession of your computer for proof?

For proof of what? To do what?

Alder posted:

4) Build your own PC. It's fun and you can prevent companies from spying on you or installing backdoors. Never buy pre-made tech/laptops too.

More and more hardware itself has backdoors and other monitoring abilities built-in.

Alder posted:

8. Leave America and move to idek. However, keep in mind if you renounce your American citizenship you lose access to the Bill of Rights. There's nothing stopping the CIA/FBI from kidnaping you on your vacation too. Oh well.

Also,

https://youtu.be/2u6KdHmoMbw?t=20s

Mister Kingdom
Dec 14, 2005

And the tears that fall
On the city wall
Will fade away
With the rays of morning light

Zogo posted:

For proof of what? To do what?

If you were supposedly doing something illegal, wouldn't the authorities have to have physical proof on your computer?

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Alder posted:

In the past I had a lot of free time and thought about this for fun. Basically, it's useless as NSA and Google already own our souls. However, this hasn't stopped me from being careful anyways.

1) Never use public services like Gmail. Host your own email servers.
2) Never join social networks. Delete all your old inactive accounts.
3) Secure all forms of communications between you and the other person. Yes, that means you need to "educate" all your friends/family. Good luck.
4) Build your own PC. It's fun and you can prevent companies from spying on you or installing backdoors. Never buy pre-made tech/laptops too.
5. VPN your internet. Don't visit shady sites as Google will track you based on your unique cookie ID. Yeah, Incognito is a lie :v:
6. Don't use a smartphone. Cell phone companies can track you via call records/towers. Keep a pre-paid Nokia instead.
7. Religiously Google your IRL name, handles, and ID to see if anyone posted relevant info. I suggest 3-5x a month to be sure there's no public record of you out there. Never upload photos and ask everyone to never do that same if it contains your face somewhere.
8. Leave America and move to idek. However, keep in mind if you renounce your American citizenship you lose access to the Bill of Rights. There's nothing stopping the CIA/FBI from kidnaping you on your vacation too. Oh well.

It's a huge waste of time but a interesting what-if game. Also, you will have to break all the cameras in the store(s) as they probably have your likeness recorded.

OK, I see what the problem is.
I didn't mean to be absolutely anonymous, just to minimize the Internet footprint. I didn't mean something to the level of "I'm a fugitive" :p
Do you have any more suggestions?

Zogo
Jul 29, 2003

Mister Kingdom posted:

If you were supposedly doing something illegal, wouldn't the authorities have to have physical proof on your computer?

Oh that's a different issue from being anonymous.

No, they don't need physical proof/evidence to make an arrest. There's been blunders where agencies mixed up IP addresses and arrested the wrong person and ruined a persons livelihood only to admit mistake years later.

In murder cases I think they've prosecuted people just on google searches when no physical evidence existed.

Jolly Green Giant
Dec 13, 2004
Jolly Man

Zogo posted:

Oh that's a different issue from being anonymous.

No, they don't need physical proof/evidence to make an arrest. There's been blunders where agencies mixed up IP addresses and arrested the wrong person and ruined a persons livelihood only to admit mistake years later.

In murder cases I think they've prosecuted people just on google searches when no physical evidence existed.

Still no threat model... What information do you have and who are you protecting it from?

If you're just trying to not get your cc info stolen then that is a totally different issue (probably impossible, just get a card with good fraud protection and protection if your cc info is stolen).

Anne Whateley
Feb 11, 2007
:unsmith: i like nice words

Alder posted:

7. Religiously Google your IRL name, handles, and ID to see if anyone posted relevant info. I suggest 3-5x a month to be sure there's no public record of you out there.
I think google is going to be able to put some things together if you frequently google "legal name" "nickname" "username1" "username2"

Depending on what you need to do, best idea is to go to a nonobvious public library that doesn't require login for computer access and doesn't bother with security cameras, tracking of computer timeslots, etc. Bonus points if it also has a warrant canary.

Die Sexmonster!
Nov 30, 2005

Non Serviam posted:

OK, I see what the problem is.
I didn't mean to be absolutely anonymous, just to minimize the Internet footprint. I didn't mean something to the level of "I'm a fugitive" :p
Do you have any more suggestions?

You're ignoring people giving you good advice and answering earnestly, and they're justifiably losing their patience.

ashgromnies posted:

what exactly are you trying to avoid when you say you want to be anonymous online? from whom are you trying to remain anonymous, and how are they observing you? are you using networks (office, coffee shop, airport, whatever) that your adversary might be monitoring? are you trying to remain anonymous from service providers? are you trying to remain anonymous from other web users? and which services are you trying to access?

You need to answer this before anyone can actually advise you.

Redrum and Coke
Feb 25, 2006

wAstIng 10 bUcks ON an aVaTar iS StUpid

Pyroxene Stigma posted:

You're ignoring people giving you good advice and answering earnestly, and they're justifiably losing their patience.


You need to answer this before anyone can actually advise you.
I missed the post you quoted. My apologies.

Zogo posted:

Who are you trying to hide from? If you want full privacy from everyone just trash all your electronic devices. The Obama administration has been spying on heads of state from powerful countries with impunity. Elements in the US government have the means to spy on each other as well. Random civilians using tinkertoy programs have no privacy online.
I completely missed your post, sorry.

I'm not trying to hide from anyone in particular. It mostly deals, as I mentioned before, in being as secure as possible in a situation where nobody is actively trying to find me, and without actually having to eliminate all my electronics.
Thanks

ashgromnies posted:

the specific term you're loking for is "opsec"

since you were asking about government, here are army guidelines for opsec on social networks: http://www.lewis-mcchord.army.mil/des/OPSEC%20Training/SocialmediaandOPSECbrief1.pdf

ultimately it's pretty difficult to be 100% anonymous, but here are a couple tips:

1) disable java and flash in your browser
2) use ghostery or a similar ad blocker
3) use a vpn or tor. either will encrypt your traffic, however it will be obvious you're accessing either vpn or tor (well, Tor has "pluggable transports" now that make the traffic look like non-Tor traffic but it's theoretically detectable still -- especially since antone can view the list of active Tor relays. Your isp could tell you were connecting to Tor very easily, for example (but probably not what you were accessing on it)). also, there have been Tor deanonymization attacks already, so it is likely to not be flawless. vpn providers have also been coerced into giving up subscriber information. also note that with Tor you are at the whim of relay operators. while any intermediary relay operator can't do much, if the same person owns both the beginning and ending hops it is theoretically possible for them to de-anonymize you. also, if the service you're accessing does not use https, the traffic will be completely visible to the person who owns the last relay.
4) don't use the same names or passwords on different services

you also need to perform an exercise called "threat modeling" to be able to answer this question effectively. what exactly are you trying to avoid when you say you want to be anonymous online? from whom are you trying to remain anonymous, and how are they observing you? are you using networks (office, coffee shop, airport, whatever) that your adversary might be monitoring? are you trying to remain anonymous from service providers? are you trying to remain anonymous from other web users? and which services are you trying to access?

the EFF has a lot of good resources on this as well, for example here is their guide on private email: https://www.eff.org/deeplinks/2012/11/tutorial-how-create-anonymous-email-accounts

Thanks for the link.
To answer your question, nobody is actively observing me (to the best of my knowledge), so it mostly deals with regular traces left in routine browsing etc.

What I see is that there's obviously not a simple answer like "use this, this and this program, avoid these practices, etc. "

Adbot
ADBOT LOVES YOU

Alder
Sep 24, 2013

Zogo posted:

More and more hardware itself has backdoors and other monitoring abilities built-in.

Fine, we're all going to prison. Together :coffee:

At least we'll be in good company too.

Anne Whateley posted:

I think google is going to be able to put some things together if you frequently google "legal name" "nickname" "username1" "username2"

Depending on what you need to do, best idea is to go to a nonobvious public library that doesn't require login for computer access and doesn't bother with security cameras, tracking of computer timeslots, etc. Bonus points if it also has a warrant canary.

True, maybe I should Bing it. Or DuckDuckGo. But they all are terrible search engines.

The library keeps records of your searches, you know, because they have a ISP which is *gasp* connected to the government. Basically, if the US govt wants you to disappear there's nothing you can do to stop them :v:

@OP: Stop doing illegal things. There's no escape from America.

  • Locked thread