How To Remain Anonymous Online
How To Remain Anonymous Online
How To Remain Anonymous Online
%AR&I&': The information contained in this guide is for educational and protection purposes only. Under no cases does the author condone or encourage the use of these techniquest to break the law or evade law enforcement. While anonymity is a powerful tool, I encourage you to use it responsibly.
Introduction: There are many reasons why you might want to create an anonymous identity online. Perhaps you re a whistle!blower funneling information about your organi"ation to the police or a reporter, maybe you re a political activist who could suffer unspeakable persecution if your true identity were to be know, or maybe you re #ust a run!of!the!mill citi"en who values privacy and believes that no one but you should have access to your private data and communications. Whatever your reasons for wanting to remain private, this guide will give you the steps to effectively create and use a completely anonymous online identity. (oose li)s sin* s+i)s: $efore we get started, let me say a word about talking to people. %veryone loves to be social. We value our friends and we don t want to be constantly paranoid that someone is out to get us. $ut remember that everyone you tell about your anonymous identity is one more person that can be compromised or turned and, in turn, compromise you and your security. &ow is the time to be paranoid. &ever discuss your anonymous identity with anyone who knows your real identity and never discuss any details about your real identity with anyone while using your anonymous identity. 'eep the two completely separate. (ou might be sitting there thinking )my friends are cool. They would never compromise me* they re loyal+. That might be true now and it might remain true in the future. $ut I personally know of several cases where people have been sent to #ail by their ,loyal friends after the friend decided to turn on them after a fight. Why e-pose yourself to the risk. 'eep your mouth shut/ ,+e im)ortance o- o)en source: 0pen source software is software where the underlying computer code is provided by the developer to anyone who wants to review it. 1ontrast that with what is known as ,proprietary software 2like 3icrosoft Windows, 0ffice, most Windows software, etc4 where the code is not available for you to inspect. The truth is you have no reason to trust a software developer with your privacy. If you have no way to verify that what they say is true, you can never know if the software does what it says it does and that you are even protected at all. 5or all you know, that ,unbreakable encryption program you #ust paid 678 for could have a back door built in that lets law enforcement in whenever they want. It might not but, the point is, you #ust don t know unless you can e-amine the
Page 9 software code yourself. That s why I recommend using open source software e-clusively for your anonymous identity. :nd I don t mean #ust ,user land software like encryption tools ! I mean everything from the operating system up. If you are forced to run 3icrosoft Windows, learn how to run ;inu- in a virtual machine and use that for your anonymous identity. If you re not using open source software from the ground up, don t do anything anonymous because, chances are, you re not nearly as anonymous as you think you are. ,+e ,ools o- t+e Anonymous Identity <urprisingly, creating an online identity is remarkably easy. It s because it requires a bit of work to use it effectively that most people never bother. 3ost people have the belief that if they aren t doing something ,wrong then they don t need to be anonymous. This is a lie governments and law enforcement around the world have sold to the population and it couldn t be more false. <o let s assemble all of the tools we need to create our new identity then we ll move on to actually creating and using it. . !ownload and install .ot+ ,or and I"/ ,or and I"/ are anonymi"ing systems that allow anyone to surf the Internet or use Internet services like chat, email, and the web, completely anonymously. While both serve a similar purpose, there are some places where you will have to use one or the other 2most I=1 networks, for e-ample, ban Tor users4 so it s important to have both installed and ready for us. >ownload and install the )Tor $rowser $undle+ from the following location? http?@@www.torpro#ect.org >ownload and install I9P from? http?@@www.i9p.de $oth software packages are available for Windows, 3ac, and ;inu-, but keep in mind our discussion about open source software earlier so I again encourage you to use ;inu-, even if it s #ust through a virtual machine.
Page 7 <pend some time reading how both tools work until you re comfortable that you can and have properly set them up for your use. It s not too hard but it s vital that the tools be working correctly for the ne-t step. ". 0tart t+e ,or so-tware and t+e anonymous .rowser t+at1s included The Tor browser bundle comes with a special customi"ed version of the 5irefo- web browser that s ready to use anonymously. 0nce you click on the ,start!tor icon in the Tor directory, it will set up an anonymous connection and then automatically launch the secure browser. This is an important note so dont skip past this section: it is important that you only use the Tor browser for anonymous things. Under no circumstances should you ever check your personal email, bank account, or anything connected with your real identity while anonymized. It is imperative that you separate your two identities as much as possible. ven one slip up could completely compromise your security and make this entire e!ercise useless. When the secure browser starts, it will automatically take you to a web page that will tell you if Tor is working properly or not and will give you the Internet address you appear to be coming from. If everything is working then you re completely anonymous while using the secure browser. Important security note: your anonymity "#$% applies to the secure browser&& #o other browser on your computer is safe e!cept the browser launched by Tor. ven if you use 'irefo! as your regular web browser it is not secure unless it is started by Tor. !tra paranoia note: It is always a good idea to check which country owns the I( address you are assigned. )aving an I( address outside of the United *tates, +anada, or ,estern urope can greatly increase your security. %ou can find out what country your I( address is located in by doing a -oogle search .in your anonymous browser/ for 0ipwhois and using one of the tools in the search results. If you want another I( address, shut down Tor and restart it. +ontinue this process until you get an I( that is acceptable. 0nce you re familiar with Tor, it s probably a good idea to learn how to anonymi"e any of the Internet programs like chat that you use. This will allow you to communicate in a variety of ways without having to reveal your real
Page A identity. The Tor manual e-plains how to do this pretty easily. =ead it. 3. Create an anonymous email address I ve investigated different email providers to determine which ones are the easiest to remain anonymous using. (ahoo 3ail comes out on top for a number of reasons. 5irst, it does not require any real personal information. B3ail, for e-ample, requires a real mobile phone number which complicates the process greatly. With (ahoo 3ail, you can use completely bogus information and be totally anonymous. <o the ne-t step is to point your anonymous browser to http?@@mail.yahoo.com and click the link to create a new account. It is important that you use completely bogus information here and any information you use should have absolutely no connection to your real life. That means no real birthdays, no real first, middle, or last names, nothing. 5ake everything/ :nd, for Bod s sake >0 &0T be dumb enough to use your real "ip code, city, or state 2or even country4 while setting this account up. I like to use a postal code and city in whatever country my current anonymous IP is from. Cust a nice touch. :lso, do not use a real recovery email address. If you ve ever touched something in real life, don t touch it in your anonymous life, period. 0nce your anonymous email address is set up, be sure to create a file somewhere on your computer with all your ,personal information in case you need to do a password recovery. We ll encrypt this file later so there s no worry about a compromise. Important security note: 1emember the rule to never cross your anonymous and real lives. # 2 1 ever ever check this new email address while not anonymized. # 2 1 ever ever send email from that address to your real life email address or one that was created when you werent anonymized .or the reverse/ and # 2 1 ever ever send email to real life friends. 3ll of this +"4(1"4I* * %"U1 * +U1IT% 3#5 +3# $ 35 T" %"U1 1 3$ I5 #TIT%&& If you 2 1 do any of the things I 6ust mentioned, abandon the email address immediately and go through the process of setting another anonymous one up. This one will become useless.
Page D 1ongratulations/ (ou now have a completely anonymous email address. It will remain completely anonymous as long as you follow the advice above. 3. 0et u) an anonymous Bo2.net account $o-.&et is a fantastic service that allows you to store up to 9B$ of files 2each file can be up to 9D3$ in si"e4 for free. It s a great way to securely e-change files with others in an anonymous way if it s set up correctly. 5irst, make sure you re in your anonymous browser and go to http?@@www.bo-.net <ign up for a free account using completely bogus information again. It s 0' if you use the same information you used to set up your (ahoo account since these two accounts will be tied together anyway. When asked for your email address, remember to use the new anonymous address and &0T your real email address or any you created while you were not anonymi"ed. 0nce you ve completed the sign!up process, you will be required to validate your new account. Cust go to your (ahoo mail account 2again, in your anonymous browser4 and do the validation. %asy as pie. (ou now have a secure way to share files with others. Cust remember &%E%= upload a file to the $0F.&%T account unanonymi"ed. If you do it even once, scrap the account and start over. This will also mean you need to set up a new anonymous email account as a correlation could now be made by an investigator. 3. !ownload and install 'nu/' 4t+e '&5 /rivacy 'uard6 (ou ve probably heard of PBP. It s an encryption program that allows you to encrypt files and email so that they can only be decrypted by either the intended recipient or by a specific password. BnuPB 2BPB4is an open source implementation of PBP that is fully compatible with the commercial version of the software but with no potential deliberate back doors/ 0nce you ve installed BPB, you will need to create a new encryption key pair. %ach encryption key has two parts? a public key which you share with anyone you communicate with and a private key that only you have access to.
Page G (ou can get BnuPB from http?@@www.gnupg.org ;et s create a key pair now for your anonymous identity. 5irst, drop to your operating systems command line 2<tart!H:ccessories!H1ommand Prompt in Windows and Terminal in ;inu-4 and type the following command? gpg !!gen!key This command calls the BPB program and tells it you want to create a new key pair. The program will ask you a few questions such as your real name and email address 2use the fake name and email address you #ust created4 and a few other things. When you re asked what kind of key you want to create, I recommend that you use the following information? Type of 'ey? =<: @ =<: ;ength of 'ey? A8IG bits 'ey %-piration? 7y :t the present time, A8IG bit =<: keys seem to be unbreakable. We re making the assumption that they will remain unbreakable for the ne-t 7 years which is why we ll have our key e-pire in 7 years, at which time we will re!evaluate if we want to continue using them or create something stronger. (ou will also be asked to create a passphrase for your key. This is very very very important. The only thing standing between your private data and an intruder is your passphrase. >0 &0T use common words, phrases, etc. I recommend you use a string of GA random characters that contain upper and lowercase alphabet, numbers, and special characters. <tore this passphrase somewhere safe so it can t be found. :fter a bit of work, you will have a new key. (ou are now able to encrypt data so that it is inaccessible to anyone, including law enforcement. 5ata encryption note: The same type of password should be used when encrypting data as when creating your key: a random, long string that contains a mi! of characters and no real words. The passwords should all be at least 78 characters but the longer the better. I have personally protected e!tremely sensitive files with 9::;
Page J character passwords. If you need help remembering your passwords<passphrases, well discuss that in the ne!t section. (ou now have a PBP@BPB encryption key!pair. 0ne more step to security. I ll leave it to you to research how to send and receive encrypted emails or handle encrypting and decrypting files. It s all on the BnuPB website in the manual. <pend some time reading it. 7. !ownload and install 8ee)ass 4or 8ee)ass96 'eepass and 'eepassF are programs that allow you to securely store your password. To remain completely anonymous and secure, your passwords need to not be easily breakable. That means long, random, meaningless strings of characters that you can t 2and shouldn t4 remember. <toring them in 'eepass allows you to store them in a secure :%<!K9L bit encrypted store that is currently thought to be unbreakable. (ou can get 'eepass from http?@@www.keepass.info <ince the software is easy to set up, I ll leave you to figure it out. 0ne note though is to make sure you use both a password 2something you can remember but not easily guessable4 :&> a key file to protect your passwords. This double layer of security makes sure your passwords are only accessible to you. it s also a good idea to store both your key!file and your password safe on removable media like a flash drive. This way, it s not even accessible for attack if your computer is ever stolen. !tra paranoia tip: If youre really concerned about protecting your password, encrypt both your key=file and your password safe using -(- and a password that is easy to remember but hard to guess .preferably with some random bits. That means youll need to decrypt both your password safe and your key=file every time before you use them but it might be worth it depending on how secure you need to be.
Page L L Encry)t your anonymous in-ormation -ile (ouMll remember that in an earlier step I told you to save the details of your anonymous email address in a te-t file so you could easily remember details if you needed them. $ecause you didnMt set a recovery email address, if you donMt remember the answers to your security questions and forget your password, you will be permantly locked out of that account. $ut you can use this file for more than #ust your anonymous email account. I use my information file 2which is really #ust a te-t file that I encrypt4 to keep track of my anonymous online dealing. I have identity information, who IMve contacted from what identity, what IMve told them 2if itMs important to remember4, that sort of thing. <ince itMs encrypted and secure, I donMt have to worry about whatMs in it should my computers receive a special visit by law enforcement or a hacker one day. <o take the time to encrypt this file now. There are two ways to encrypt a file in BPB? K4 to a specific key in your security keyring or 94 by password. <ome people like to encrypt files to their own key so they can decode them later but nobody else can even if the file falls into the wrong hands. This is a bad idea because, if you lose acces to your key, you are forever unable to access that file. Cust like your key keeps your data safe from prying eyes, it will also keep you at bay if you donMt have the right key. The second reason I like to encrypt using a password instead of to a key is that IMve read papers that have made the argument that a :%<!9DG key is as strong 2or perhaps a bit stronger than4 a 98AL bit =<: key. <o, for those two purposes, weMre going to encrypt your file using a password 2long, random, at least GA characters of course/4 >o encrypt your file, open a command prompt and type the following command gpg !c NyourOinformationOfilenameH BPB will prompt you for a password which you are free to cut and paste from somewhere else since itMs hopefully too long for you to want to type twice. 0nce youMve entered and confirmed your password, a new file will be created in the same directory as the original and with the same name as the original but with the added e-tension .gpg. That .gpg file is secure, unbreakable, and safe.
Page I &e-t, you probably want to get rid of the original unencrypted file since having it around kind of defeats the purpose of having it encrypted. 0n 3icrosoft Windows there are a few freeware tools that allow you to securely delete a file and I recommend one called :-1rypt. :-1rypt can also encrypt files using :%<!9DG bit encryption so itMs like a swiss army knife of tools. (ou can get :-1rypt from http?@@www.a-cryp.org It comes with a handy guide on how to use it. $asically, right click on the file you want to securely delete and select M<hredM. If it prompts you to specify how many times to overwrite the file, select 9D8. 0n ;inu-, the system has a built in command called shred that accomplishes something similar Powever, I do suggest you read up on shred because there are specific concerns that may need to be addressed if youMre running a #ournaling file system. 0verall, securely deleting a file from your disk is a simple command? shred !u !n 9D8 !" NfilenameH This tells the command to shred the file, wiping it 9D8 times and then filling it with 8Ms and to truncate and remove the file after overwriting. 1ongratulations (ou are now prepared to be completely anonymous online/ (ou have all of the tools you need set up and ready to go. (our privacy and anonymity are completely in your hands now. (ou can now safely go on to connect to and use web services anonymously, share information, and do pretty much whatever you want without fear of reprisal or discovery.
:ou are t+e resistance; you +ave t+e )ower; use it well. <uestions= >ind me on IRC and c+at wit+ me: 0erver: irc.anono)s.ru Room: ?o)new.lood My &ic*name: Anonymous33
How do I connect to IRC= 'o +ere: http?@@87.chat.mibbit.com 1hoose a nickname, plug in the server details an chat/ My Email Address; i- you )re-er to email is anonciti"enQymail.com