|
Because of the NSA revelations, as well as due to the many doxxings I've seen recently, for a while I've thought that I'd like to minimize my footprints online. I know about basic things, like using apps like DoNotTrackMe and VPN as iPredator (not related to sexual predators), but not much more than that. Obviously, I also understand that things like Facebook, Gmail, etc. involve some personal information. Basically, imagine I'm Edward Snowden. What tools should I use? Thanks! False Edit: For whatever it's worth, I'm not planning anything illegal.
|
# ? Mar 26, 2015 16:10 |
|
|
# ? Mar 28, 2024 23:37 |
|
The way most people get doxxed is they spread their e-mail address and a common username around like herpes.
|
# ? Mar 26, 2015 16:29 |
|
Rhymenoserous posted:The way most people get doxxed is they spread their e-mail address and a common username around like herpes. Yeah, I don't do that either. Nor do I do anything online I'd be ashamed of having associated with my name, but the question remains.
|
# ? Mar 26, 2015 16:59 |
Until I looked at the thread I had a brief, fleeting moment of hope that it was started by Brian Boyko.
|
|
# ? Mar 26, 2015 17:55 |
|
GreyjoyBastard posted:Until I looked at the thread I had a brief, fleeting moment of hope that it was started by Brian Boyko. BrianBoyko: I would like to be anonymous online. What do you suggest? Brian Boyko (brianboyko.com, a Brian Boyko publication)
|
# ? Mar 26, 2015 18:13 |
|
Non Serviam posted:Because of the NSA revelations, as well as due to the many doxxings I've seen recently, for a while I've thought that I'd like to minimize my footprints online. Use different usernames on different sites. Don't crosspost pictures of yourself on multiple sites as they could be reverse image searched. Who are you trying to hide from? If you want full privacy from everyone just trash all your electronic devices. The Obama administration has been spying on heads of state from powerful countries with impunity. Elements in the US government have the means to spy on each other as well. Random civilians using tinkertoy programs have no privacy online. Non Serviam posted:Basically, imagine I'm Edward Snowden. What tools should I use? Well, he fled the country.
|
# ? Mar 26, 2015 22:55 |
|
If you're trying to hide from regular people, most of the suggestions already in the thread will work fine. If you're trying to hide from the government, you can't. Hell, just by posting this thread you will have failed.
|
# ? Mar 26, 2015 23:15 |
|
It's possible, but the amount of effort required for you to obscure your identity from an ordinary web company is immense. Hiding from the NSA is not likely to be possible. Asking this question under the guise of protection against doxxing is about on par with claiming you want to concealed carry so that your daughter doesn't get raped walking down the street.
|
# ? Mar 27, 2015 00:31 |
|
adorai posted:It's possible, but the amount of effort required for you to obscure your identity from an ordinary web company is immense. Hiding from the NSA is not likely to be possible. Asking this question under the guise of protection against doxxing is about on par with claiming you want to concealed carry so that your daughter doesn't get raped walking down the street. So nobody here has an answer? Cool
|
# ? Mar 27, 2015 01:41 |
|
If you post using somebody's WiFi anonymously, how could they track you down?
|
# ? Mar 27, 2015 01:51 |
|
Mister Kingdom posted:If you post using somebody's WiFi anonymously, how could they track you down? My forums account is 100% traceable, by my email. As I said, I'm just curious as to how to try to leave as little traces as possible while browsing the Web. What I know is, for example, not to use the same browser where you're logged in on facebook or Google to do your regular browsing.
|
# ? Mar 27, 2015 02:10 |
|
If someone is interested in what you're doing, there's almost nothing you can do to evade them completely. If you're worried about someone in the future being interested in what you've already done, you have a lot less to worry about. Even people doing things that are outright illegal don't get caught because their Internet history is being combed over by some NSA supercomputer, they get caught because it's essentially impossible to hide from someone who has a reasonable idea you're doing something illegal and wants to catch you doing it.
|
# ? Mar 27, 2015 02:13 |
|
PT6A posted:If someone is interested in what you're doing, there's almost nothing you can do to evade them completely. If you're worried about someone in the future being interested in what you've already done, you have a lot less to worry about. Even people doing things that are outright illegal don't get caught because their Internet history is being combed over by some NSA supercomputer, they get caught because it's essentially impossible to hide from someone who has a reasonable idea you're doing something illegal and wants to catch you doing it. I'm not hiding anything illegal, it's more of a general question.
|
# ? Mar 27, 2015 02:16 |
|
PT6A posted:If someone is interested in what you're doing, there's almost nothing you can do to evade them completely. If you're worried about someone in the future being interested in what you've already done, you have a lot less to worry about. Even people doing things that are outright illegal don't get caught because their Internet history is being combed over by some NSA supercomputer, they get caught because it's essentially impossible to hide from someone who has a reasonable idea you're doing something illegal and wants to catch you doing it. I used to post on a now defunct local message board and got into numerous heated discussions with another poster. He claimed to be a "military-trained" criminologist who "made generals tremble in fear". He would repeatedly violate the site's TOS and I would report him resulting in his posts being removed. He swore I was hacking the site and personally deleting his posts (despite his getting numerous emails from the moderators). He told me was going to "track my rear end down" and "bring my rear end to justice" for violating state and Federal computer commerce laws. He got banned for that one. That was in 2011. I'm still waiting.
|
# ? Mar 27, 2015 02:30 |
|
Mister Kingdom posted:I used to post on a now defunct local message board and got into numerous heated discussions with another poster. He claimed to be a "military-trained" criminologist who "made generals tremble in fear". He would repeatedly violate the site's TOS and I would report him resulting in his posts being removed. Precisely. He wants to Surprise you.
|
# ? Mar 27, 2015 02:36 |
|
Non Serviam posted:Precisely. He wants to Surprise you. The funny thing is that I posted to the site anonymously (they never verified personal info), but he would always put his website in his signature. I knew more about him than he did of me. He's in his mid-to-late 60s, so he better get to it.
|
# ? Mar 27, 2015 02:40 |
|
Mister Kingdom posted:The funny thing is that I posted to the site anonymously (they never verified personal info), but he would always put his website in his signature. I knew more about him than he did of me. He's in his mid-to-late 60s, so he better get to it. I think hacking and Internet police are pretty common threats in forums.
|
# ? Mar 27, 2015 02:46 |
|
Non Serviam posted:I think hacking and Internet police are pretty common threats in forums. When I challenged him on how he would go about legally getting my info from the site, he just kept saying stuff like, "Yeah, I got you running scared now". I had a good laugh.
|
# ? Mar 27, 2015 02:51 |
|
the specific term you're loking for is "opsec" since you were asking about government, here are army guidelines for opsec on social networks: http://www.lewis-mcchord.army.mil/des/OPSEC%20Training/SocialmediaandOPSECbrief1.pdf ultimately it's pretty difficult to be 100% anonymous, but here are a couple tips: 1) disable java and flash in your browser 2) use ghostery or a similar ad blocker 3) use a vpn or tor. either will encrypt your traffic, however it will be obvious you're accessing either vpn or tor (well, Tor has "pluggable transports" now that make the traffic look like non-Tor traffic but it's theoretically detectable still -- especially since antone can view the list of active Tor relays. Your isp could tell you were connecting to Tor very easily, for example (but probably not what you were accessing on it)). also, there have been Tor deanonymization attacks already, so it is likely to not be flawless. vpn providers have also been coerced into giving up subscriber information. also note that with Tor you are at the whim of relay operators. while any intermediary relay operator can't do much, if the same person owns both the beginning and ending hops it is theoretically possible for them to de-anonymize you. also, if the service you're accessing does not use https, the traffic will be completely visible to the person who owns the last relay. 4) don't use the same names or passwords on different services you also need to perform an exercise called "threat modeling" to be able to answer this question effectively. what exactly are you trying to avoid when you say you want to be anonymous online? from whom are you trying to remain anonymous, and how are they observing you? are you using networks (office, coffee shop, airport, whatever) that your adversary might be monitoring? are you trying to remain anonymous from service providers? are you trying to remain anonymous from other web users? and which services are you trying to access? the EFF has a lot of good resources on this as well, for example here is their guide on private email: https://www.eff.org/deeplinks/2012/11/tutorial-how-create-anonymous-email-accounts ashgromnies fucked around with this message at 03:33 on Mar 27, 2015 |
# ? Mar 27, 2015 03:26 |
|
also, note that if your computer has been owned, you're pretty much hosed there was just a proof of concept released of overwriting the bios through smm to create persistent exploit regardless of operating system -- meaning even if you reformat your computer or use live CDs it doesn't matter: http://www.se-eng.com/2015/03/uefi-bios-exploited-through-system-management-mode/ and if someone has direct access to your computer they can view wha you're doing very easily regardless of your attempts to encrypt or hide it don't use windows, that's important too.
|
# ? Mar 27, 2015 03:37 |
|
Mister Kingdom posted:If you post using somebody's WiFi anonymously, how could they track you down? Cookies Packet analysis Wireless MAC address of the device
|
# ? Mar 27, 2015 04:57 |
|
Zogo posted:Cookies This is what I was talking about earlier. If someone was actually looking for your activity, and had at least some basic information about you, you're going to have a very, very difficult time hiding your activity completely. However, it would be nearly impossible for someone who's pissed off at you right now, let's say (or investigating you for a crime) to take that information and re-build your past browsing history to learn about your transsexual adult baby fetish to doxx you with.
|
# ? Mar 27, 2015 05:05 |
|
Mister Kingdom posted:If you post using somebody's WiFi anonymously, how could they track you down? if you're talking about these forums, they're all over HTTP so on un-switched networks or wifi networks it's super easy to view everything you post or steal your session cookie
|
# ? Mar 27, 2015 05:50 |
|
PT6A posted:This is what I was talking about earlier. If someone was actually looking for your activity, and had at least some basic information about you, you're going to have a very, very difficult time hiding your activity completely. However, it would be nearly impossible for someone who's pissed off at you right now, let's say (or investigating you for a crime) to take that information and re-build your past browsing history to learn about your [b] transsexual adult baby fetish [\b] to doxx you with. That's a relief. So what good practices do you recommend?
|
# ? Mar 27, 2015 08:47 |
|
Zogo posted:Cookies But if it came right down to it, wouldn't they have to have physical possession of your computer for proof?
|
# ? Mar 27, 2015 13:24 |
|
you're all stupid as poo poo
|
# ? Mar 27, 2015 13:28 |
|
Mister Kingdom posted:But if it came right down to it, wouldn't they have to have physical possession of your computer for proof? In a legal sense, probably. In a potential candidate for doxxing sense, no.
|
# ? Mar 27, 2015 14:43 |
|
Non Serviam posted:Yeah, I don't do that either. Nor do I do anything online I'd be ashamed of having associated with my name, but the question remains. And people have answered, if you want the 100% way to do it just unplug your computer and kill anyone you see with a smartphone out.
|
# ? Mar 27, 2015 15:33 |
|
Rhymenoserous posted:And people have answered, if you want the 100% way to do it just unplug your computer and kill anyone you see with a smartphone out. Did you wake up on the wrong side of the bed or something? ashgromnies posted:you're all stupid as poo poo Did you two assholes wake up on the wrong side of the bed or something?
|
# ? Mar 27, 2015 17:23 |
|
Non Serviam posted:Did you wake up on the wrong side of the bed or something? I just made an effort post to actually try to be helpful then someone posts Mister Kingdom posted:But if it came right down to it, wouldn't they have to have physical possession of your computer for proof? Right after, which is directly related to the need for "threat modeling" like I said in my post, which OP still hasn't done, and, well, gently caress it. OP clearly doesn't care about what they're asking enough to actually put thought and exercise into it, so it's not rewarding to try to help them.
|
# ? Mar 27, 2015 20:21 |
|
Non Serviam posted:That's a relief. In the past I had a lot of free time and thought about this for fun. Basically, it's useless as NSA and Google already own our souls. However, this hasn't stopped me from being careful anyways. 1) Never use public services like Gmail. Host your own email servers. 2) Never join social networks. Delete all your old inactive accounts. 3) Secure all forms of communications between you and the other person. Yes, that means you need to "educate" all your friends/family. Good luck. 4) Build your own PC. It's fun and you can prevent companies from spying on you or installing backdoors. Never buy pre-made tech/laptops too. 5. VPN your internet. Don't visit shady sites as Google will track you based on your unique cookie ID. Yeah, Incognito is a lie 6. Don't use a smartphone. Cell phone companies can track you via call records/towers. Keep a pre-paid Nokia instead. 7. Religiously Google your IRL name, handles, and ID to see if anyone posted relevant info. I suggest 3-5x a month to be sure there's no public record of you out there. Never upload photos and ask everyone to never do that same if it contains your face somewhere. 8. Leave America and move to idek. However, keep in mind if you renounce your American citizenship you lose access to the Bill of Rights. There's nothing stopping the CIA/FBI from kidnaping you on your vacation too. Oh well. It's a huge waste of time but a interesting what-if game. Also, you will have to break all the cameras in the store(s) as they probably have your likeness recorded. Alder fucked around with this message at 21:51 on Mar 27, 2015 |
# ? Mar 27, 2015 21:31 |
|
Mister Kingdom posted:But if it came right down to it, wouldn't they have to have physical possession of your computer for proof? For proof of what? To do what? Alder posted:4) Build your own PC. It's fun and you can prevent companies from spying on you or installing backdoors. Never buy pre-made tech/laptops too. More and more hardware itself has backdoors and other monitoring abilities built-in. Alder posted:8. Leave America and move to idek. However, keep in mind if you renounce your American citizenship you lose access to the Bill of Rights. There's nothing stopping the CIA/FBI from kidnaping you on your vacation too. Oh well. Also, https://youtu.be/2u6KdHmoMbw?t=20s
|
# ? Mar 27, 2015 23:47 |
|
Zogo posted:For proof of what? To do what? If you were supposedly doing something illegal, wouldn't the authorities have to have physical proof on your computer?
|
# ? Mar 27, 2015 23:55 |
|
Alder posted:In the past I had a lot of free time and thought about this for fun. Basically, it's useless as NSA and Google already own our souls. However, this hasn't stopped me from being careful anyways. OK, I see what the problem is. I didn't mean to be absolutely anonymous, just to minimize the Internet footprint. I didn't mean something to the level of "I'm a fugitive" :p Do you have any more suggestions?
|
# ? Mar 28, 2015 00:16 |
|
Mister Kingdom posted:If you were supposedly doing something illegal, wouldn't the authorities have to have physical proof on your computer? Oh that's a different issue from being anonymous. No, they don't need physical proof/evidence to make an arrest. There's been blunders where agencies mixed up IP addresses and arrested the wrong person and ruined a persons livelihood only to admit mistake years later. In murder cases I think they've prosecuted people just on google searches when no physical evidence existed.
|
# ? Mar 28, 2015 00:24 |
|
Zogo posted:Oh that's a different issue from being anonymous. Still no threat model... What information do you have and who are you protecting it from? If you're just trying to not get your cc info stolen then that is a totally different issue (probably impossible, just get a card with good fraud protection and protection if your cc info is stolen).
|
# ? Mar 28, 2015 05:30 |
|
Alder posted:7. Religiously Google your IRL name, handles, and ID to see if anyone posted relevant info. I suggest 3-5x a month to be sure there's no public record of you out there. Depending on what you need to do, best idea is to go to a nonobvious public library that doesn't require login for computer access and doesn't bother with security cameras, tracking of computer timeslots, etc. Bonus points if it also has a warrant canary.
|
# ? Mar 28, 2015 06:09 |
|
Non Serviam posted:OK, I see what the problem is. You're ignoring people giving you good advice and answering earnestly, and they're justifiably losing their patience. ashgromnies posted:what exactly are you trying to avoid when you say you want to be anonymous online? from whom are you trying to remain anonymous, and how are they observing you? are you using networks (office, coffee shop, airport, whatever) that your adversary might be monitoring? are you trying to remain anonymous from service providers? are you trying to remain anonymous from other web users? and which services are you trying to access? You need to answer this before anyone can actually advise you.
|
# ? Mar 28, 2015 06:23 |
|
Pyroxene Stigma posted:You're ignoring people giving you good advice and answering earnestly, and they're justifiably losing their patience. Zogo posted:Who are you trying to hide from? If you want full privacy from everyone just trash all your electronic devices. The Obama administration has been spying on heads of state from powerful countries with impunity. Elements in the US government have the means to spy on each other as well. Random civilians using tinkertoy programs have no privacy online. I'm not trying to hide from anyone in particular. It mostly deals, as I mentioned before, in being as secure as possible in a situation where nobody is actively trying to find me, and without actually having to eliminate all my electronics. Thanks ashgromnies posted:the specific term you're loking for is "opsec" Thanks for the link. To answer your question, nobody is actively observing me (to the best of my knowledge), so it mostly deals with regular traces left in routine browsing etc. What I see is that there's obviously not a simple answer like "use this, this and this program, avoid these practices, etc. "
|
# ? Mar 28, 2015 14:08 |
|
|
# ? Mar 28, 2024 23:37 |
|
Zogo posted:More and more hardware itself has backdoors and other monitoring abilities built-in. Fine, we're all going to prison. Together At least we'll be in good company too. Anne Whateley posted:I think google is going to be able to put some things together if you frequently google "legal name" "nickname" "username1" "username2" True, maybe I should Bing it. Or DuckDuckGo. But they all are terrible search engines. The library keeps records of your searches, you know, because they have a ISP which is *gasp* connected to the government. Basically, if the US govt wants you to disappear there's nothing you can do to stop them @OP: Stop doing illegal things. There's no escape from America.
|
# ? Mar 28, 2015 16:24 |