Skip to content

Advanced Internet Privacy (Paranoia-Level)

May 5, 2013

As I mentioned in my previous Basic Internet Privacy blog post—you are being watched, tracked, and spied on constantly. No this is not a joke, however the form this sort of spying takes is more passive than active and often consists of data mining via collecting IP addresses and timestamps. Passive internet spying methods are used to collect data and analyze it to find the source of problems after they have occurred in order to “correct” (punish) them. Passive internet spying methods are normally easy to avoid; they are designed to monitor massive streams of data and neglect outliers—those few who actively provide misinformation in order to protect their anonymity. These passive methods are frequently used by advertisers and service providers—who in turn provide their data to the government. A simple VPN (Virtual Private Network) or proxy and a few adjustments to your temporary internet file & cookie settings can protect you from these passive methods quite well. However it is important to note that a VPN or proxy can also turn into a passive spy by recording your real IP address and timestamp; this data can then be used to circumvent your anonymity by connecting your real IP address to an event at a specific time. So choose your VPN or proxy carefully.

The focus of this post regards methods to avoid being actively tracked and spied on. Out of the three groups I mentioned earlier (the government, advertisers, and other people) only two are likely to be problematic—the government and other people. I am American, and in America our legal system views people as innocent until proven guilty. So, for the sake of me-not-aiding-criminals, I shall also assume that you are innocent; if you’re not, then here’s the door.

All active methods have one main goal: To sniff out your identity. Of course the government tends to have the secondary goal of finding evidence to convict you of some crime, but that is irrelevant since such evidence could only exist if you were guilty of some crime and you are not guilty because you did not exit via the door as previously commanded. So you should not be concerned with hiding or concealing any sort of evidence from the government. Although some encryption software could do a pretty good job with that.

When you access the internet there are identities that you take up and discard by creating usernames and switching IP addresses; and then there is YOUR identity that exists as a link between your body and at least one of these disposable identities. The goal is to prevent your identity from being linked to these disposable identities and thus maintain your anonymity. Your identity exists in two places regarding the internet: On your computer and in the data you post on the internet that can be consolidated into individual profile(s). These two places can be further divided into subcategories. Your identity exists on your computer as data that can be retrieved from physical access and remote access to it. Physical access identifying data is retrieved from physically monitoring your device and can exist as anything from a camera positioned to watch what you type to a keylogger physically installed in your keyboard. These risks tend to concern real-life personal privacy more so than anything related to the internet; furthermore these are not things that can be detected or prevented with software. So this is not the appropriate venue for their discussion. Remote access identifying data exists as anything from a webcam screenshot of your pretty little face to personal information like passwords or usernames that you have stored in a text file on your hard drive. This data is not normally accessible by anyone but yourself, unless you have a virus like a RAT that provides a 3rd party with remote administrative access to your computer. These viruses are often picked up from peer to peer filesharing technologies, like torrenting or even downloading a file that someone uploaded for you. Social engineering is one of the largest holes in your security, trust no one. Thoroughly scan any files that were not distributed from a reputable source using multiple anti-virus programs. The purpose of using multiple anti-virus programs to scan is the fact that these viruses/Trojans/malware are updated frequently to avoid scans. Each anti-virus program uses a different scan and updates their database at varying intervals, so by using multiple scans you increase your odds of detecting anything malicious; one program I recommend is Anti-Malware Bytes.

The information you willingly post on the internet is probably the largest hole in your security. Many people, including myself, enjoy using the same username across multiple platforms. Some people don’t like memorizing multiple usernames; others use the same name to garner efame. There is one golden rule to follow: Information on the internet is forever. Unless you are actively controlling your identities, they will begin to form connections. Perhaps a VPN subscription for username Mw15beye paid with Bitcoins from wallet X and username Verse bought Bitcoins for wallet X. Now any (thorough) sleuth can determine that usernames Mw15beye and Verse are controlled by the same person; and if those Bitcoins were purchased with a credit card or paypal account with legitimate information you have just been successfully connected to both of these identities. This is an extreme example that is only likely to be used by the government; a far more likely problem is being doxed. This term was coined on Reddit (it is banned there) and is the practice of gathering all available data from social media and other profiles in order to expose a person’s identity. More often than naught this just involves googling a few names; the majority of people have links between their various online identities that can easily be found through search engines. Controlling and partitioning information is important. This means different usernames, different payment methods, different colloquialisms, different misinformation, and different IP addresses über alles. This is a monumental task for even the most organized person. The best way I have found to automate the partitioning of this information is AHK_L; track your IP addresses and based on those IP addresses automatically sort out your misinformation.

The basics of anonymity all involve programs doing all the work; the advanced techniques mostly rely on the user. The human element is by far the weakest in this equation. The main point to take away from this post is that you need to control your information if you want to remain anonymous.  Otherwise you’ll end up like this guy who gave a little and got taken for a ride.

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: