Love him or hate him, Edward Snowden knew a thing or two about anonymity. In June of 2013, he blew the whistle on the NSA’s out-of-control programs that can target virtually anyone plugged into the digital age. The former CIA employee was working as a contractor for the NSA, where he had access to highly classified documents for many of these general populace surveillance programs. He eventually took off to Hong Kong and released the documents to a handful of reporters. One of these documents was a power point presentation of the NSA complaining about how the TAILS operating system was a major thorn in their side. Naturally, Snowden insisted that the reporters and himself only communicate via the TAILS O/S. He used PGP, which is an encryption method with the highly sophisticated title of “Pretty Good Privacy”, and asked not to be quoted at length for fear of identification via stylometry.
In this article, we’re going to go over the basics of anonymity, and introduce you to methods of staying anonymous while online.
Anonymity vs Privacy
Virtual Private Networks
Let us imagine sending a letter in an enclosed envelope across the country. Once the envelope leaves your house, it’s out in the open. Anyone can see it. Anyone can read the sending and receiving addresses. They cannot, however, see the contents of the envelope, and therefore the information contained within the letter. In this case, you have privacy, but not anonymity.
A Virtual Private Network, or VPN, can provide you with privacy. Like our letter example, the IP addresses of your computer and the server on the VPN side are visible. The data exchanged between the two is encrypted. Remember that a VPN will provide you with privacy, but not anonymity. Many of the LulzSec hackers that we talked about in the first article in this series made use of the popular hidemyass VPN. This kept their activities private from the prying eyes of law enforcement. In order to maintain anonymity, they used fake accounts and paid for the VPN service with anonymous bitcoins.
Going back to our letter example, let us imagine we send the letter with no envelope. The information within the letter is freely available for anyone to read. But we send it in a way that makes it to go through several different places before it reaches its final destination. We do this to the point that it becomes impossible for the receiver to know the sender’s address. They can see the house that sent it to them, but not your house. Now you have anonymity. But because the information within the letter is exposed, you have no privacy.
TOR stands for The Onion Router, and routes internet traffic through various hops between TOR relays in order to hide the origin and destination IP address. But it does not encrypt any data, and anyone who intercepts it coming off the exit relay can read it. They just can’t tell where it came from.
Becoming a Ghost in the Network
You should be asking yourself if you can use a VPN and TOR together, thereby providing yourself both anonymity and privacy. That answer is yes. There are even VPN services that use TOR. The question is in which order – VPN to TOR or TOR to VPN. This is a hotly debated subject, and both have their advantages and disadvantages. Using TOR through a VPN will keep your ISP from knowing you’re using TOR. Using a VPN through TOR will hide your data from the TOR exit nodes. Either way, you should pay for your VPN service with an anonymous form of payment. [Jake Davis], aka [Topiery], the spokesperson for LulzSec, was outed by his VPN when they were pressed by the UK government. If he had paid for his VPN anonymously, it is likely that he would have never been caught. There is one original LulzSec hacker that remains unknown to this day – [AVUnit]. We can only assume that he or she was able to maintain perfect anonymity…a true ghost on the internet.
There are also TOR enabled routers that will send all traffic through the TOR network. If you don’t trust the commercial options, you can always bake yourself an Onion Pi.
Don’t be Stupid
No form of electronic countermeasures to keep your anonymity intact can save you from dumb decisions. A few years ago, a Harvard student emailed a bomb threat to his university. He sent the threat through the TOR network, but used the university’s WiFi system. The FBI simply correlated the time the threat was sent to the only student using TOR at the time. We’re glad he was caught, it’s one thing to want privacy and anonymity, it’s another to abuse those virtues for the purposes of mayhem.
Darknet: A Beginner’s Guide to Staying Anonymous Online, by Lance Henderson, ISBN-13: 978-1481931380