There are lots of people who want to stay anonymous online, and lots of reasons they want to do this. Staying anonymous on the internet isn't easy, and it's probably possible to trace almost anyone with enough time and resources. A lot of people think that they're completely secure with just one method of cover. For example, a lot of people thought anyone using the Tor network was nearly untraceable, but then things like this often cast doubt on just how secure these networks are. Unless you are extremely worried about being traced or you're just very paranoid, this article will probably not be practical or necessary, but hopefully still makes an interesting read.
There are several networks to choose from, the 3 most popular being Tor, FreeNet and I2P (Invisible Internet Project). Each of these are different and all have positive and negative points, so they're all best suited for a separate purpose. One negative of most anonymity networks is the speed, which is normally drastically reduced compared to normal browsing. This Null Byte article explains more about each of the networks and the best way to use them, and this article explains even more about Tor and I2P.
In places where no anonymity networks are available, a circumventor can be used as a simple but less secure substitute. One I often use is Stupidcensorship.com, but lots of people have their own favorites.
Most people use pseudonyms online and fake email addresses, but is this enough? Normally the answer is yes, but to be really secure you should:
- Ensure the email address is created using the same pseudonym as any other accounts.
- Ensure all accounts rely on a security question rather than an alternate email address, and if you're really paranoid, don't use a real answer or the same password as any personal accounts.
- Avoid using sites that require a phone number. If you must use one, then don't use your real number, and if the number requires verifying, I would recommend buying another cheap phone and SIM card registered with the pseudonym and fake details, or borrowing somebody else's phone if you're sure they wont get in trouble.
- If you're going to pretend to be somebody but you don't want anyone to know that you're not who you say you are, then DON'T use a photo from the internet. It is a 10 second job to search Google using that image and see instantly that you're lying, although most people don't know how to or bother doing this.
- Avoid using a webcam or streaming media because it's much easier to trace somebody while doing things like.
This may seem like a stupid section as a home computer on a secure network is always most secure and best for staying anonymous, right?
Wrong. Not always. Often this is true and if you do use your home network, then you should make sure that it is secured with a password and that no devices you don't know about are connected to the network. Also, use an anonymity network to mask your computer's details.
Another way to stay anonymous is to access the internet through a public machine, e.g. an internet cafe. A library wouldn't be the best of places because you often have to show a library card to use the machines and this could be used to identify you. These kinds of precautions are completely over the top except in extreme circumstances, but so are most of the steps in this article. As long as you use fake details to login to each website and don't do anything that could identify you, then in some ways a public computer is better for staying anonymous because even if anything you did was traced to that machine there are hundreds of people that could've potentially had access to it other than you, which means you remain fairly anonymous.
This makes staying anonymous even more difficult and staying 100% anonymous is probably impossible when purchasing online, especially if purchasing physical goods rather than downloadable products. To remain as anonymous as possible online you should:
- Pay using PayPal, but a new account with fake details and a prepaid card, preferably one which can't be linked to you. If you can't use a prepaid card, another option is to run a completely normal auction on eBay for a product you actually sell to someone else, so that somebody who has never had any contact with you ends up paying money into your PayPal account in a way that is not suspicious or linkable to you. Of course, the eBay account should be created with fake details and the item should be dispatched with a false return/sending address.
- Download items in as secure a way as possible. This is one of the times I would recommend a public computer and removable media like a CD, because it's much easier to trace somebody with a sustained connection, e.g. during a download or video chat.
- Don't get any goods delivered to your home, have it delivered to somewhere that can't be linked to you but where you can collect it, preferably without being required to show ID.
- If you're going to use your own payment card, then remember it isn't as anonymous as a prepaid card or fake PayPal and it will show on your bank statement. This is important if you're attempting to buy a gift for a partner or anyone else with access to your statement, although if you're just buying a gift then you can ignore almost all of these steps.
I don't know quite what you could buy which would require you to stay this anonymous online and I do not endorse buying or selling nuclear weapons, bombs, drugs or anything else illegal.
- If possible, access any anonymous accounts from as many different places as you can, so long as they're not all clearly linked like family member and friends homes. Accessing the accounts from different places will make tracing you even more difficult.
- If your anonymous accounts don't involve money and it doesn't matter if they're used by others, then put the username and password on sites like BugMeNot.com for other people to use, then if someone else logs in and gets traced then it shifts suspicion onto them and away from you. But just logging into an account isn't enough evidence to get them into trouble (I hope). Obviously use a fake account to upload these accounts to the database.
- Don't access personal accounts in the same sessions as an anonymous account, if possible. It would be better to use a separate device for anonymous accounts, and reassigning a new IP address to your device before accessing a personal account won't do any harm.
- Think about everything you do while trying to remain anonymous, don't mention locations, names or old jobs. One slip can make all these precautions pointless.
- There is no way of stopping "shoulder surfing" other than keeping your eyes open, try to stay anonymous physically as well as online.
I don't endorse illegal activities.
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.