How to be completely Anonymous online


This is what happens when you visit slashgeek.net. It informs three other website of your presence. This is not something I consciously and intentionally did to track you down and record all your steps and every little clicks you make. This is the end result of having a mid-level, somewhat functional, website. Yes I could remove all the analytic/social media codes and it would stop tracking you but it wouldn’t make the site much functional for majority of the users.

But this is nothing compare to amount of tracking and sharing of information some of the big sites do. Try it yourself with Collusion for firefox. As you visit more site you will soon find yourself stuck in web of trackers which knows your every step and click; and by the end of the day probably knows more about your habit and patterns than you yourself do.


But some people don’t actually mind being tracked. They would rather have advertisers give them relevant ads and search engine give them relevant results and websites give them relevant content. But this post is not about them, this post is about the minority of those who take their privacy really seriously.

Privacy is not cheap.

I don’t mean this only in the monetary sense. Total anonymity comes with a cost. The cost of speed, functionality, relevancy, eye-candy etc. You can’t have all. You have to make a choice that is not open to compromise.

When you visit a website, the site can have your location based on the ip address of your ISP (Internet Service Provider). The ISP has logs of your internet connections and browsing data which they sell to the highest bidder. The websites you visit usually have (at the minimum) analytic that logs your browsing pattern; which includes the search term you used to visit the site, the browser you are using, your IP, your operating system, your location, your time, the outgoing links you are clicking, the duration you spent on the site, when was your last visit. Among other things. The social media widget track the contents you are reading and the people you are sharing it with (among other things). The dynamic ads knows the search term or the incoming link you used to visit the site and the contents you are reading and then gives you ads based on these information.

Obviously some people might have a problem with this.

There are level of anonymity you can have. Are you trying to to be anonymous because you don’t like being tracked or you pose a threat to a subversive government or maybe you are a secret super spy trying to stay under. For each case there is a need for different level of precaution. We are going to look in to some of the best anonymity practices out there.

DOs & DON’T for paranoia level anonymity


    DON’T

    use Tor, exclusively. Tor is usually the goto service for people looking for easy peasy anonymity. Tor gives you anonymity (to a certain extent) but doesn’t always protect your privacy. To make it harder/safer to identify you, go for: You -> VPN -> Tor. At the end of the day your exit Tor node can still see your data so it might be a good idea not to use tor when going through password protected sites you care about. Yes, it most likely will make your browsing excruciatingly slow and have google (or other services) throw you captchas for every once in a while. To avoid google annoying you, try You -> Tor -> VPN but this is much harder to configure.

     

    DO

    setup your own VPN server. Don’t go for third party VPN providers even if they claim to purge logs. Get a VPS server not located in your country. Cheap, high and fast bandwidth vps are a dime a dozen. Don’t stick with one Vps, for long. Change every month, nuke/reset your vps before you leave. You should also look into mode of payment for your VPS that doesn’t reveal your personal information.

     

    DON’T

    use Google. Its hard to replace Google as a good search engine. Google is in the business of following your every step. They spend a lot of money and does in-depth research to find better ways to track you and they are very good at it. Instead use DuckDuckGo, their privacy reputation is pretty solid. Their search results are not so bad either. You could also try Ixquick as a second option.

     

    DO

    use Firefox. For me, its not a choice based on fanboyism, I much rather like Chrome if privacy is not an issue. The choice of Firefox is for two reasons: The organization behind the browser is non-profit and the main reason being the privacy extension choice for firefox is much better (and have more control) than chrome. The three must install Firefox extension for privacy are:
     

      Ghostery: Ghostery sees the “invisible” web, detecting trackers, web bugs, pixels, and beacons placed on web pages by Facebook, Google Analytics, and over 800 other ad networks, behavioral data providers, web publishers – all companies interested in your activity.

      NoScript: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.

      Adblock Plus: The add-on is supported by over forty filter subscriptions in dozens of languages which automatically configure it for purposes ranging from removing online advertising to blocking all known malware domains.

    This is pretty much the safest anonymous setup you can get. It might be slow, hard and time consuming to setup but if you are worried about your privacy and anonymity then you shouldn’t mind doing the extra work.





Feel free to follow us on Facebook and Twitter or just subscribe to our RSS feed.



  • http://www.technoslab.in Manish

    I use this: me -> vpn -> website. Thanks for telling about those ff extensions.

  • anonymous-shanonymous

    HTTPS Everywhere, from the EFF, is another extension to use

    • Dan

      That has very little, if anything to do with anonymity, only privacy.

  • browserid

    Don’t forget that you can be identified uniquely by your browser as well. If you use the same browser on Tor and then on your home internet connection, the two can be linked. More about browser fingerprinting here: https://panopticlick.eff.org/

    You should use separate browsers for separate activities. You can also do this by installing virtualbox and multiple OS’s and separate your browsing that way.

    One last thing – your MAC address uniquely ids your hardware, so if you are connecting at a coffee shop or another public wifi spot, they can log the MAC addresses that connect to your routers. So spoof your MAC address too.

    • John Crissman

      No. MAC addresses don’t go over routers. I guess you’ve never looked at actual ip traffic to see this.

      Nobody knows your MAC address on the Internet. To anyone outside your network your MAC address shows as theist router before their device.

      • Kevin

        Yes.

        Hey smarty pants, read the message again. The coffee shop/public wifi DOES see your MAC address. Coffee shops have cameras. You’re connecting to their router. Sure, the MAC doesn’t go out on the internet, or even past the router. That’s not what the person was stating.

        • sadsad;l@yahoo.com

          Not all coffee shops/wifi hot spots have cameras.

        • Caspin

          Has anyone in the history of the world ever been busted for file sharing via camera footage from coffee shops is the question

      • Mark

        An Ethernet frame (which contains the source MAC address) is encapsulated by layer 3 devices like routers. If you do a packet capture on the router, you can see the source MAC without problem. It’s a basic principle of how L2 switching interacts with L3 routing. If you’re going to make a statement about how a fundemental and well-defined protocol stack operates, make sure you know what you’re talking about next time :)

        • Someone

          Uhm. No. Not unless you’re doing L2-in-L3 tunneling.
          Your source MAC will reach the first router, after that it’s forgotten. The IP-packet will be forwarded to the next hop with a new L2-header that contains the source MAC of the first router and the destination MAC set to the address of the next hop router.

        • bug

          You can be busted if they trace all the other servers back to the first router and then your mac address is available. That is why you don’t want your mac address viewable or your face.

    • Brian

      I assume this isn’t the case for the tor browser (basically firefox) and other firefox clients?

  • Grump

    “The ISP has logs of your internet connections and browsing data which they sell to the highest bidder.”

    I work for an ISP. Logging customer browsing data is resource intensive because it requires breaking apart packets and reading the headers, rather than just routing them. ISP’s implement DPI (deep packet inspection) to throttle torrents and stop spam because there is value there, bandwidth costs money. Thankfully torrents and spam have certain signatures that make them easier to track than without breaking apart headers sent by every user. DPI is a failure point and is often avoided unless necessary. Even if we did track that information, we wouldn’t sell it. No customer information is handed over unless legally required to do so. I suggest you read your ISP’s privacy policy on what they collect and who they may send it to. Suggesting all ISP’s do this is fear mongering ignorance.

    • potatoadmin

      Uh! Which country? In USA its required by law to store logs for ISPs:

      http://news.cnet.com/8301-31921_3-20084939-281/house-panel-approves-broadened-isp-snooping-bill/

      Even before that:

      “A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any “record” in their possession for 90 days “upon the request of a governmental entity.”

      As for ISP selling user logs. Its one of those industry open secret. Happens more often than you would think.

      http://www.theregister.co.uk/2008/02/25/phorm_isp_advertising/

      http://www.wired.com/threatlevel/2007/03/does_your_isp_s/

      • Grump

        Did you read the article you posted?
        “customers’ names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses”
        Where does that say web traffic? A lot of companies would go under if they were required to store all web traffic initiated by the customer. It sounds easy, but its extremely expensive to to. It’s not your ISP storing your web traffic, its the places you visit that store your traffic. So if you post illegal content on facebook, facebook will have your IP address, and the ISP can be subpoenaed for the IP owner’s information. Granted, some ISPs do webhosting for themselves or other businesses, and that information would be logged too. As the other two articles state, some ISPs sell that information, but its a very small piece of their customers total web traffic.

  • LurkerUrker

    Iron from SRWare http://www.srware.net/en/software_srware_iron_download.php is a Chromium based browser without the privacy concerns that Chrome has. It does run all the extensions for Chrome.

  • Sam

    Cool post, I like the ff extentions but still you are leaving a trace. Best way I know is to buy prepaid phone with cash and tethering it then you are off the grid %100. Somebody correct me if I am wrong.

    • Sam

      You also need to buy a used computer from a garage sale etc. Or they can trace your MAC :)

  • Anonymous

    If you really care about privacy, why don’t you use a two-click solution for your share buttons?
    The site would then stay “functional” for the “majority” of your users, but the real majority (who doesn’t use those buttons) won’t be tracked.

  • Fp444

    I am usin a program that is called Super hide IP.Do you recommend it?Am I anonymous on the Internet?

    • Yourisp

      Fred Peterson
      1731 West 34th Ave
      Eugene, Oregon 97405

      Blood Type: B+
      Favorite Color: Orange
      Nemesis Vegetable: Beets

  • Dan

    Hi,

    I’ve been using Hide My IP
    After review the article i need to do alot more apparently

    Thanks
    Dan

  • jason
  • Headphone Halo

    If you are worried about the organization behind Chrome you can always download the source code for Chromium and compile it yourself. I suppose you still wouldn’t be able to audit 3gb of source but still.

  • anonymous

    don’t forget about “device fingerprinting”
    https://panopticlick.eff.org/

  • teh_DUDE

    Remember those Google street map cars? Well they weren’t just taking nice photos of the outside of your house, they were also sniffing your SSID. Allow this site to use your location and prepare to pass a brick. http://htmlfive.appspot.com/static/whereami.html
    I’m currently using a VPN and that red pin is about 10 feet from my house.

    It’s probably not just the Google cars that collected this data but anyone nearby who had their GPS turned on on their smart phone with wifi also on picking all those SSIDs out of the air, this information is saved and now they know where you are (give or take a few feet).
    Best thing to do now is to change and hide your routers SSID and restrict your wifi card to viewing only your home network with a few netsh commands.

    My spoofed MAC is currently 00-B0-0B-1E-50-00

    Tinfoil is currently 3 for the price of 2 at your local store.

  • Mike

    “Yes I could remove all the analytic/social media codes and it would stop tracking you but it wouldn’t make the site much functional for majority of the users.”

    What do you mean “much functional”? You could remove all of that stuff and it would not degrade the experience for the majority of you users- that stuff is there for YOU.

  • Moobie

    Does anyone have a suggestion for a email cloud-based account that doesn’t track your content and sell to advertisers?

  • anon28814

    I think OP don’t understand how Tor works…

  • AMBROSCUS

    Excellent article!

    I was planning of writing a similar post on my blog. I guess I’ll link to this and expand on it. I’m surely interested in creating my own VPN using a vps. Will look that up.

    I agree that https everywhere is an excellent addon for Firefox. Ghostery, Adblock and noscript are priceless.

    Just to emphasize the obvious here: for anonymize your traffic but does not encrypt it. For encryption and to keep sensitive information confidential use point to poor encryption with vpns. Using both is a plus but will cause dramatic speed reduction.

    Keep up the good posts!

  • sean

    Check out RequestPolicy and Priv3 as well. Priv3 is similar to Ghostery, while RequestPolicy blocks /ALL/ off-site requests by default.

    Using these plus AB+ and NoScript, you can pretty much take back control of your data.

  • Nari

    There’s more than just that.
    for example if you are running an IM or email client in the background it might be trying to connect with a screen name that can be tied to you.
    if you’re using the same browser you do normal stuff with there may be cookies for specific sites saved.

    if i really wanted to disappear i’d use a throwaway operating system i didn’t use for anything else, ideally a linux live CD or something that is incapable of storing history. I’d screw with the browser headers to send a random operating system, browser version, etc each time so i couldnt be tracked as “that guy who uses this OS on this screen resolution on this browser with these addons. I’d use public or unprotected wi-fi a significant distance from where i lived, and not ever go inside; for example accessing a coffee shop wifi from a half-block away while in the car so my face wouldnt show up on security cameras.
    Spoof my MAC address so it wouldnt show up in their logs, then connect to a VPN in a third-world country that i had purchased with bitcoins or some other anonymous currency and go from there to tor, then use HTTPS through tor to the site i was interested in…
    Then if you’re trying to do anything public on that site, like say make forum posts criticizing your oppressive government, you need to be careful not to leave grammatical clues that will lead people back to you. One way I thought of to “scrub” your writing is to run through an automatic translation service from English to Russian, then Russian to Japanese, then Japanese to Lithuanian, then to Arabic, then Chinese, then back to English. It’ll look like your native language isnt english, there’ll be all kinds of synonym replacement, etc.

    :)
    Otherwise it was a good article.

    With Love!
    Nari

    • Anonymous

      Hahahaha, genius.

  • anon

    >Ctrl+F
    >Ghostery
    >2 result in article
    Stopped reading there.

  • alex ber

    Thanks for a good article. I use PirateRay with protected and encrypted SSH channel, and for now I don’t have any issues with it. And it is not expensive at all, just $ 4.99/ month. What I like is that I can use it both in the browsing , and when downloading to stay anonymous. 2 in 1 solution.

    • Anonymous

      Posting this comment as “alex ber” may not be the best idea, unless that isn’t your real name.

  • Howart Smith

    I use Hotspot Shield free VPN to be anonymous Online.

  • anon

    “try You -> Tor -> VPN but this is much harder to configure.” -> You can do it with Whonix. If that does make sense is another question. I think Whonix OS is most anonymous currently.

  • sadsaisafnsan

    1. Buy laptop from individual in another city or state that you don’t usually or never go to, don’t give your real name or let them see your license plate. Also, make sure there are no camera’s that can see the exchange, buy in cash don’t get fingerprints on the cash.
    2. Go to a free wifi and don’t be filmed.
    3. spoof the mac address.
    4. use livecd or something like that.
    5. use tor or something like tor.
    6. use vpn
    7. don’t use real names or aliases that you have ever used before.

space invader