How to Get Started Being Anonymous
How to Get Started Being Anonymous
Ever since we first published How to Keep Your Conversations Safe From the NSA (which just got updated today with even more services, by the way), we’ve fielded requests for more details: How do I get secure email? How do I use Tor? How do I make my computer safe? This post is an attempt to answer a few of those questions and at least get you started. There’s no way to answer all of them in one article, and anyone who says that there is, should be swiftly ignored because they’re full of crap. There is no magical one-stop-shop. It’s an ongoing process of learning and growing, and applying layers of security combined with strict mental discipline.
In addition, we’ve continued our research into how, exactly, to become more anonymous. We’ve read every article, paper, and discussion we can get our hands on. We’ve hung around the security forums and paid attention to questions that others asked, and the rare answers given out by more advanced users. We’ve even tested a lot of the tools ourselves. What we found is that some of the programs and tools we mentioned in our first article, quite frankly, won’t actually help you. We also found that there’s one solid, undeniable fact about getting back your privacy (at least, what’s left of it):
All the tools in the world will not help you if you are not willing to change your behavior as well.
This is a lesson that even we struggle with here. It’s hard, we get it. We make mistakes too. You have Facebook and Twitter accounts, and families who clamor for photos, and friends who want to know what you’re up to. Unfortunately, with one status update, one check-in, one careless email, you can destroy whatever progress you’ve made. If you’re not willing to browse the web differently, change how you use social media, and perhaps even put down a few dollars, you might as well stop reading, go back to Facebook, and continue doing what you’re doing. You can’t be helped, and you should probably also quit whining about the NSA tracking you. For the rest of you, who care enough to take some action, read on…and keep in mind, this is really just a very basic setup.
Let’s assume that you want to construct the following VERY basic situation for yourself:
– Private email that only you and your intended recipient read.
– Internet access that is relatively safe from intrusion, at least for certain activities.
– The ability to visit websites without being tracked or logged.
Sounds simple and reasonable, right? Let’s get started.
First off, the internet access. Bottom line is, you need a VPN, or virtual private network. We’ve already gone over this here.
TorrentFreak.com compiled a list of VPN providers that actually take privacy seriously. They asked four questions of several providers, forcing them to go on record about what logs they keep, what jurisdiction they operate under, and how they deal with requests for information. The best one was Private Internet Access. PIA offers VPN IP addresses from all over the world. If you would rather look like you’re in Romania instead of at your desk in Muncie, Indiana, then you can do that. It is $39.95 for an entire year.
We’ve tested it, and it’s well worth the forty bucks. In fact, while logged in with some of the European IP addresses, Google will show up in that country’s native language because it thinks that’s where you are. The downside to this is that you may not be able to watch Hulu or Netflix while logged into it, and Pandora will also give you an error. The upside is that if you use the Toronto server, you can watch all kinds of Canadian TV, which is arguably better than American TV anyway. Same with BBC—if you’re logged into the British servers, the world of English TV is now open to you.
So now you’ve got private internet. Now you need a secure browser. Enter the world of Tor. The Tor Browser Bundle is an often misunderstood piece of open source software that offers a layer of protection when browsing the internet. It can do this because Tor is actually a free network made up of volunteers who man over 4,000 relays. The short version is that Tor encrypts your data multiple times, and then sends it through a virtual circuit of relays. Each relay only decrypts enough to see the next relay in the string, and passes its data on to that next relay, which decrypts the next layer, and so on. The end result is that by the time your request for a website actually gets to the destination, the last relay sends the information back through the circuit without even knowing your IP (which, if you followed the VPN instructions above, isn’t even you anyway!). There’s no noticeable drop in internet speed that we noticed, although in some forums it’s been mentioned as being present to a small degree.
Let’s recap. You had an original IP address, which we then hid behind the VPN, so now you have a “new” IP address that shows you as being somewhere else in the world. We’ve now added Tor onto that, so the end result is that you show a third IP address that is also somewhere else different than the VPN—and changes every 10 minutes or so. Someone tracking you by the visible IP will only see your Tor exit point, or node. If they somehow manage to backtrack that path (which probably will not happen unless you screw up in ways I’ll explain in a minute), they’ll end up at your VPN address. Dead end here, since we already established that the VPN maintains no logs. They don’t know who you are, when you use their service, or what servers you connect to. Keep in mind that even the NSA admitted in an internal presentation that “Tor Stinks” (for them, that is). They “will never be able to de-anonymize all Tor users all the time,” but “with manual analysis we can de-anonymize a very small fraction of Tor users.”
We still have the problem of email, which brings me to the first Way You Can Screw Up. We talked last week about How to Use Tor Anonymously, and here’s where some of that comes into play. The do’s and don’t of Tor are pretty simple, and we won’t repeat the previous warnings here. However, we’ll expand on them.
If you want to stay anonymous, do not ever use Tor to sign into any account you’ve ever signed into without Tor. Tracking people is a puzzle. Say you sign into Facebook from your unsecure laptop at one IP, and then you read this article, installed a VPN and Tor, and right around the same time next morning, another IP in Romania somewhere is signing into your Facebook. The third day, an IP in Canada signs in. It doesn’t take a genius to see that you just ruined your whole anonymity, and a smart analyst will put those pieces together.
Remember that Gmail account that you’ve had forever that is Your.Name@gmail.com? It’s a big, black hole of NSA surveillance. Every email you’ve ever sent or received has been cataloged and stored. In short, if you want to keep that Gmail account for junk mail, fine. But do not, ever, ever, ever, use Tor to sign into it. In fact, if you’re smart, you’ll have one whole other computer that only uses Tor and nothing else. Back to the email question. You have several options. As we’ve stated before, Countermail is the best one, but we also suggest making a few accounts in places like Safe-mail.net or Torbox. Once again…as soon as you email someone with a Gmail account, guess what? Everything you said just got logged.
“So what’s the point of Tor if I can’t visit any of my normal websites?” you might ask. There are a LOT of reasons to use Tor.
– You want to go to gunbot and check out ammo prices or make a purchase (with your anonymous and legal credit card).
– You want to look for, or conduct, a private legal gun sale.
– You want to read the Snowden documents for yourself.
– You want to visit sites on prepping, survival, etc.
– You want to visit forums about security or privacy.
– You want to read uncensored, unfiltered news, especially from countries that control their state-run news agencies.
– You want to visit any one of the hundreds or even thousands of hidden sites only accessible with Tor, including tutorials, books that may be banned, etc.
– You want to discuss all the ways that the Obama administration sucks without wondering if the NSA is keeping track of all the cuss words you use
– Many, many more reasons
A lot of criminals and disgusting people like pedophiles use Tor as well, and navigating “Onionland,” as it’s called, requires some careful attention to detail so you don’t end up in the wrong place—kind of like going to an unfamiliar city. But it’s also used by whistleblowers (Forbes has a hidden service only reachable by Tor if you want to leak documents, for example), people in repressive regimes, and even American patriots who are trying to find others of like mind without getting targeted for an IRS audit.
In short, if you’ve ever wanted to visit a site, make a comment, engage in discussion, or download a file and wondered if someone saw you, or if you’ll get in trouble, you can use Tor for those things. If you want to hang out in hidden hacker forums and learn about how they target people and how to protect against it, you can use Tor. If you want to find documents on literally any subject you can possibly think of, you can use Tor (Don’t open those documents while you’re connected to the internet, though!). Just remember:
– When you’re on Tor, you are not you. You have no real name, you are only your handle. You have no gender. You have no location, you have no job, you have no personal life. You do not have a spouse, kids, house, or vehicle. You have no talents, no tattoos, no piercings, no distinguishing marks. You have no pets, possessions, or religion. Every single detail that you share, becomes a part of a profile someone who is paying attention can build on you. If you love to make small talk, stay off Tor. Heck, stay off the internet. 😉 The upside of all of this work is being able to network with others who believe the way you do (however that “way” is), being able to read what you want, say what you want, and visit the sites or download the files you want.
In a future article, we’ll look at how to set up a virtual machine (a computer within a computer) and apply yet another layer of security, as well as how to use your normal websites without leaving a trail of facts about yourself for anyone who’s looking. In the meantime, get your VPN, and Tor, and some decent email.