That’s really the million dollar question. This post aims to answer that question and provides some methods that will get you there.
There’s the “good guys” – somewhat technically savvy and non-savvy Internet users who are looking to safely browse, email and communicate with others without being hacked or becoming victim to malware.
Then there are others, not necessarily the bad guys, but those of a different mindset – the very technical savvy, the hackers who prefer to use the Internet in an anonymous fashion to guard their online identity and activities.
Lastly, there are the “bad guy” themselves – the spammers, child-porn distributors & collectors and the pirates who are looking to protect themselves from discovery and law enforcement.
So what could these three groups have in common? They all, to one extent or another, are looking for ways to retain their anonymity on the Internet.
Is it possible though? One at first might say it is impossible to be 100% anonymous on the Internet. Sure, ISP’s, hosting & webmail providers and others will roll over and provide details for a customer (real name, email address, IP address(es) signed on/up with, location data) to law enforcement, but I’m still convinced that if you combine a number of practices, software and other technologies; you can indeed remain 100% anonymous – you just have to be diligent and and to some extent anal-retentive about it. You also need to determine if it’s worth it. We won’t be getting into that aspect of it since that is for you to decide. So let’s further discuss what we can to do to remain anonymous.
TOR: I realize it’s been argued that this method isn’t always the safest bet, but when used in conjunction with a private VPN service and a few proxies (and depending on who’s wireless you’re connecting on), it can be pretty damn safe and anonymous.
What Is It? The Onion Router (or TOR as it’s called) provides alternate paths to the Internet by way of TOR nodes; proxies which are essentially other TOR users’ computers. Traffic is encrypted and usually traffic data isn’t stored. your original IP address/online location is masked and presented as the TOR node’s information.
How Would Someone Use It? A typical Internet users who isn’t hacking or participating in illegal activities, would probably be able to get by with TOR alone. Hackers would be smart to combine this with a VPN service, proxies, and going through multiple nodes or computers (like PC’s that are used in botnets) going over an Internet connection that is wireless – like coffee shop/a nearby neighbor’s wireless or a smartphone data connection.
Law Enforcement Reliability? For all intents and purposes, if you plan on doing anything questionable, this shouldn’t be the only method you use. Some have questioned TOR’s ownership, claims as ludicrous as it being CIA funded. Regardless, don’t make this your ONLY method of anonymity. At a minimum, law enforcement can subpoena the owner/operator of a TOR node and force them to turn over connection information of yours. Consider this - it separates ”where you are geographically” from “where you are going” as you are web browsing.
What Is It? Virtual Private Networks are the staple for many large organization’s communications. They allow remote connection to a network with a connection that is encrypted and typically not susceptible to sniffing attacks. When choosing a VPN service, please consider the following:
* The credit card/debit card/online money account you use to pay for the service and who it’s tied to.
* The email address you register your service under.
* The VPN provider’s policy on privacy. This is probably the MOST important to note as a majority of companies will turn over information to law enforcement if subpoenaed. Still, there are quite a few out there who aren’t bound to the United States laws, subpoenas or pressure and will refused to provide identifying information. CryptoCloud is one such service. iPredator is another.
Remember these two vital things: You get what you pay for & remember to mask your initial connection and associated details (such as email address/IP address) as much as possible when you sign up for any service – the less they have to provide to anyone about you, the better!
How Would Someone Use It? Again, your typical Internet user may not have a whole lot to gain from it other than strongly encrypted traffic and hiding your original location. A hacker on the other hand now has a service at their disposal that will allow access to multiple anonymous connections to the Internet from various places around the world – many outside of US jurisdiction. A hacker may establish a VPN connection first to hide their original IP connection address and ISP. Once the VPN connection is established, they would possibly route their traffic through either multiple proxies (such as TOR nodes) or via other PC’s which may already be under their control.
Wireless (Prepaid broadband/Or Someone Else’s Wireless):
What Is It? This is a no-brainer. If you truly are looking to remain anonymous, doing anything questionable should never be done from your own home’s network.
How Would Someone Use It? Some choose to get a prepaid broadband adapter/mobile phone with data that was paid for with a gift card or pre-paid debit card. Others choose to use a local open wireless access point. Then there are the few that go to lengths to crack a weak encryption scheme on someone’s access point in the area and use that. Coffee houses, nearby businesses and neighbors all make good places to connect from.
Things To Consider:
1. If you are using a computer and expect anonymity, refrain from leaving open shares on your computer with any identifying information (tax returns, documents, photos, etc) in the shares. Also consider what your PC is named.
2. Clear cookies/cache/web history in the event someone is able to remotely access your PC.
3. Desktop firewall installed/configured on your machine
4. Consider using a zombie (if you have one) to connect through some of the named methods above.
5. True anonymity really comes from hiding your real identity. Use multiple online handles and never post or speak publicly via these online handles when you DON’T expect anonymity or privacy.
6. If you get wrapped up in a “flame-war” online it’s best to lead others to believe you are someone completely different. Consider using Google Voice #’s registered to throw-away GMail addresses.
7. Lastly, also consider purchasing a truly anonymous email address. Many can be bought for around $50 and store very little to no data on you when you register. Things like Hushmail should be avoided if you intend on pursuing things that may be considered “underground”.
I’m sure there are MANY things I’ve either forgotten or left out, but this is just the basics as far as I’m concerned. As long as a person is careful and doesn’t boast arrogance or allow their ego to overwhelm judgement then they should be able to retain their online anonymity for as long as they need to.