Can You Be 100% Anonymous?

One of my readers recently emailed me and asked if you could be “100% anonymous” online. I think that it’s possible, but you need to take a lot of steps.

To be honest, I’m not 100% anonymous at present, so maybe I’m not the one to ask, but I’m in the process of researching it.

Tor All the Time?

If you use Tor for all of your internet browsing needs, that’s a good start, although even Tor has its weaknesses. At the very least, you would have to get accustomed to it being a little slower than your standard browsers (Chromium, Firefox, etc.). That’s a tradeoff for the anonymity part.

Tor, at present, is improving its cryptography, which is a good thing! If you read Tor Onion v3 Hidden Service, it explains a bit more about the v3 onions (the ones with 56 characters). Although I’m sure some people just find 56 characters to be an annoyance, it actually has to do with the fact that they have better cryptography.

As the post above points out:

Onion v3 is the new next-generation Tor Onion Services specification. The most noticable change is the increase in address length, however Onion v3 uses better cryptography, ECC (eliptic curve cryptography) rather than RSA, and has an improved hidden service directory protocol.

https://www.jamieweb.net/blog/onionv3-hidden-service/

Now, there’s been a debate about whether or not you should use a VPN with Tor. This came to mind in part because I talked to someone on MadIRC this morning who said he was “using Tor, a VPN, Tails, and a virtual machine.” From this description, you’d think that the user was either a spy or involved in something criminal, but according to him, neither was the case.

As Matt Traudt (who actually works on the Tor Project) points out in his blog, a VPN and Tor aren’t necessarily a positive thing, particularly if you don’t understand the reasoning behind it: VPN + Tor: Not Necessarily a Net Gain. In fact, I’m glad I referenced this post again because of the fact that Mr. Traudt apparently updated it recently.

He goes into detail about some of the reasons why you might want to use a VPN. For instance, if Tor is blocked in your country:

For whatever reason, Tor is blocked for Alice. Maybe her company has a really strict firewall or her country has a super strict firewall. But apparently the firewall wouldn’t block a VPN.

Alice should try using a Tor bridge first. A bridge is simply an unlisted Tor guard relay. If she was getting blocked because she was trying to connect to an IP known to be a Tor relay, this would help.

Source: Traudt, Matt. (2016, August 28). VPN + Tor: Not Necessarily a Net Gain.

I’m also aware that some people use a VPN in order to hide their Tor usage from their ISP, which Traudt also addresses:


First, Alice should consider whether or not her adversary is even capable of extracting information from her ISP. Is what she’s doing even illegal where she lives? Is it embarrassing? To what lengths will her adversary go (or can her adversary go) in order to figure out who she is? If Alice is just trying to hide an embarrassing habit from her spouse or circumvent her incompetent country’s censorship, hiding her Tor usage may not even be necessary.

Furthermore, if Alice isn’t really up to anything bad, by not hiding her Tor usage, she helps reduce Tor’s bad stigma. Many people use Tor for a wide variety of reasons. And if Alice believes Tor usage is enough to get her on a list of potentially bad people, she should be proud of that fact. She’s not bad, and she’s lowering the quality of that list. If everyone used Tor, everyone would be on the list, and the list would be worthless.

Source: Traudt, Matt. (2016, August 28). VPN + Tor: Not Necessarily a Net Gain.

This isn’t intended to say that you’re forbidden from using a VPN; it’s only pointing out that you don’t have to be so paranoid as to hide your Tor usage unless you really are using it for something unscrupulous.

What About Tails?

Tails, which I’ve also mentioned in passing, is a live OS based on Debian GNU/Linux. If you’re unfamiliar with it, I suggest going to their site and reading the documentation: Tails – About

In essence, if you use Tails, then all of your software connects to the internet through Tor. As their site also points out, if an application tries to make a direct connection to the internet, this will be blocked for security purposes.

This is another important point to remember about Tails:


Tails is configured with special care to not use the computer’s hard-disks, even if there is some swap space on them. The only storage space used by Tails is in RAM, which is automatically erased when the computer shuts down. So you won’t leave any trace on the computer either of the Tails system itself or what you used it for. That’s why we call Tails “amnesic”.

What Else?

To really be more anonymous, you would have to abstain from using most (or all) social media, in particular, the “big boys” like Facebook, or at least the ones that collect the most data. It’s reasonable to assume that practically all social media sites retain some data on you.

This is why I like networks like diaspora, which I mentioned a long time ago on the post Diaspora: Decentralization, Freedom, and Privacy.

As opposed to things like Facebook and Twitter, diaspora doesn’t collect data on you for advertising purposes. I think the internet, in general, is moving toward this sort of model (as with things like Solid).


Many networks use your data to make money by analysing your interactions and using this information to advertise things to you. diaspora* doesn’t use your data for any purpose other than allowing you to connect and share with others.

Source: https://joindiaspora.com

While I realize that it can be addictive to use social media platforms like Facebook, Twitter, and Snapchat, it’s important to consider these alternatives if privacy is your concern.

These are only a few options; I’m sure there are others as well.

So, readers, do you have any additional suggestions? I’m open to hear them.

Advertisements

2 thoughts on “Can You Be 100% Anonymous?

  1. I’ve enjoyed many of your posts/interviews but please don’t make another “To my haters” part 3. You’re a victim of your own ignorance when you think like that. A Real G don’t give a f*ck about no coward ass h*es. You’re a nobody – just like me. You’re probably not a teenager anymore so don’t entertain no lemings

    You’re not wrong *but* this blog post is *only* helpful if one is using Tor *strictly* for ethical/legal purposes. How many % of Tor’s users are “ethical”, everyday-users vs. small time criminals/drug buyers? Who are your readers, really? This is the type of post you share with your granny.

    But what if “100%” anonymity is a *must* for the one reading? Let’s say the reader is using a Windows 10 OS computer (most people do-very few bother with Tails) connected with a standard CPE equipment solution from the ISP. If you install W10 and then connect the computer to internet you’re already caught.. Microsoft has already collected offline Telemetry data – ready to upload to MS’s servers the second you go online. Your ISP already has all your information like MAC address:

    “The compromise of an ISP ACS or the link between an ACS and CPE by unauthorized entities can yield access to the TR-069-enabled devices of a service provider’s entire subscriber base. Customer information and device operation would be available to the potential attackers, including other MAC addresses on client’s networks. Covert redirection of DNS queries to a rogue DNS server might be possible, and even surreptitious firmware updates with backdoor features.[3] TR-069 ACS software has been found to be often implemented insecurely.”
    Source: https://www.wikipedia.com/en/TR-069

    And what about the Global surveillance leaks (2011, 2012, 2013 & 2016/17) showing the actual methodology used by LE in a real world scenario? Tor, VPN’s… everything is there for you to read. Shadowbrokers.

    Give us some real world examples – how did Sabu get caught? He used Tor didn’t he?

    Let’s talk some real *secrets* of the dark like the Realtek backdoors or the rare, lesser known N _SA sound card driver backdoor (oops?)

    If we’re talking 100% anonymity we’re talking for example a custom Windows installation, reverse engineering the motherboard comps/chips (realtek! intel!!), reverse engineering the ISP equipment like the router and extender boxes. MAC Spoofing, Mullvad VPN subscription paid via notrace-btc — connected through shadow socks with IP-leak protection, webrtc blocking & fully tested for DNS leaks. Custom geckobrowser with full canvas blocking etc. If one really know’s what they are doing they can consider dropping the Tor browser (many reasons). VM(s).

    And what about Deep Packet Inspection? I could go on for hours on this subject….. one needs to block passive connections, HTTP persistens nowait configuration etc.

    Don’t take my word for it I’m only guessing based on what I’ve read the past 10 years. I would do it that way but then again I’m not a internet criminal or a tor user, this is all public information but you need to know where to look. Regular search engines like google will give you a hard time finding that juicy info and if you do, they’re not telling you the whole story. Nuff said. English is not my first language so I’m sorry for any mistakes.

    1. Thanks for your comment. You’re right in that I can’t please everyone – with those posts, I was specifically responding to a couple of angry comments that claimed I was helping teenagers to find drugs and that sort of thing. I know that most of this stuff isn’t *secret* anymore given that it’s been featured in mainstream media outlets, but it still seems like there’s a lot of misunderstanding connected to it (for instance, does the average person even know what “deep packet inspection” means?).

      Perhaps in some future posts I could take some of your ideas into account here. I’m certainly not anonymous anymore, given that this blog has attracted a lot of attention, but I still think it’s possible – would take a lot of effort, though.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.