How to stay anonymous on the internet

[CUK77]

Part 1 - How do you get caught?
Your PC will send a request to websites you visit asking the website to return a page to you. Your IP address is contained within that request.

All IP addresses across the globe are assigned to organizations by region registries. In other words, if you are using a Virgin Cable internet connection, your IP is associated to Virgin Cable.

Therefore, if you commit something illegal on a website, the website and the authorities will know to contact Virgin Cable to request information pertaining to you.

Part 2 - How do you not get caught?

Simple! In 2 ways:
1. By accessing the website from a different IP address.
2. By making it as tricky as possible to pin the action on you.

Let's start with the first way.

There are multiple ways to access a website from a different IP. We have VPNs, HTTP Proxies, Socks, RDPs and more. Each have their pro's and cons. None is perfect.

For example, HideMyAss is one of the most popular VPNs in the world. But they are well known to collect logs on your activity. In other words, when you access a website via their VPN then the website does not know your IP. But hide my ass DOES. Therefore, the website needs to just ask HideMyAss and they will tell the website your IP happily.

There are VPNs that DO NOT LOG your IP. These are rare, so I won't share them here. But if you research you will find them.

Anything that is free is normally bad. I have a saying.. You pay peanuts then you get a monkey. Why would someone give you a free SOCKs or VPN? Would you give one out for free if you paid for it?

So what's the best option? The best option is called Chaining.

Part 3 - Chaining
Chaining means linking lots of methods together. Here's what it looks like without chaining.

Your PC ----> Website

Here's what it looks like WITH chaining.

Your PC ---> SOCKs server ---> openVPN server ---> paid for vpn server ---> website

Part 4 - taking it to the next level
Research the following.

1. Running a 'live cd' from a disposable USB PayPal. Encrypt the LiveCD.
2. Mac spoofing
3. Buy a 3g/4g dongle using cash. Only connect to the internet via this.
4. Hosting your own openVPN servers to hop traffic between countries

Any questions about this stuff ask away!

 

[Carding]

Anonymous quick reference guide. Types of encryption and traffic protection, choice of software.​

It doesn't matter what reasons you choose to encrypt what you send over the Internet. This may be a concern for the secrecy of personal data, an attempt to circumvent the prohibitions of a particular state, or other motives. In the modern world, ordinary people have a good choice of cryptographic protocols and programs that implement them. In this article, we will go through all classes of such solutions (even if many of them are widely known), discuss reliability, and see what implementations are available.

Proxy servers
Proxy servers are the most affordable way to anonymize traffic: they are cheap and widely distributed. Their principle of operation is very simple: a proxy is a postman who delivers envelopes with letters instead of you, carefully erasing the sender's name, and returns the answer personally to you.

Initially, this technology was designed to protect internal corporate networks from the rest of the Internet (employees got access from the internal network to the Internet through a gateway), but it was historically the first way to anonymize traffic.

How the proxy server works.
Working through a proxy, the computer redirects all its requests through an intermediary (proxy server), and the intermediary, posing as your computer, requests data from sites. Proxy servers are highly specialized, so each type of Internet connection has its own proxy type. For example, there is an FTP proxy for FTP (File Transfer Protocol). We will analyze three types of proxy servers in detail.

HTTP and HTTPS can only work with HTTP requests, and the only difference between them is that HTTPS encrypts the transmitted data, while HTTP does not. Therefore, HTTP proxies are not recommended for use, they can only change the IP address, and they are unable to protect data. Also, be careful when choosing the proxy server itself, as some of them will not only not protect your data, but may also reveal your identity.

INFO
Pay attention to the server type-transparent proxy or anonymous proxy. The first ones won't hide your identity!

Using such a proxy is not difficult: find a server on the Internet or create one that you can trust, and open the browser settings (network access), enter the data.

The SOCKS type is used in applications that either don't use HTTP and HTTPS, or don't have built-in proxy server support. Unlike the previous type, this one will not publish your IP address a priori, so you don't have to worry about anonymity. However, SOCKS itself does not provide any encryption, it is just a transport Protocol. To apply it, there is, for example, the Shadowsocks utility.

SOCKS4 and SOCKS5 are different server versions. I strongly recommend using the fifth version, as it has many features and is more secure. For example, it supports using a username and password, and DNS queries. And it's even better to use Shadowsocks — this is SOCKS5 on steroids. There is also powerful encryption, traffic hiding, and the ability to bypass various blockages. There are clients for both your computer and smartphone that allow you to stay protected all the time.

To start using SOCKS in your usual programs, you don't need anything special. In Firefox and uTorrent, this feature is built-in and available in the settings. There is a Proxy Helper extension for Google Chrome. You can use universal programs like SocksCap or ProxyCap.

A list of many free HTTP, HTTPS, and SOCKS proxy servers can be found either by searching or on Wikipedia.

VPN
VPN (Virtual Private Network) was also not originally conceived as a means of protecting and anonymizing traffic. Its goal was to connect computers to a single network, even if they are located many kilometers from each other. The key feature was that VPN connections were always protected by encryption, as they were used in corporations and allowed connecting several branches to the head office.

VPN has two modes: connecting two local networks to each other via the Internet and connecting a separate computer to a remote local network (remote access). The latter served as the basis for a non-commercial, personal version. Data protection in a VPN connection is provided by two techniques that are often used together:

• PPP (Point-to-Point Protocol) is used for protection at the data link level, i.e. at the lowest possible level. Its task is to provide a stable connection between two points on the Internet, as well as provide encryption and authentication.
• PPTP (Point-to-Point Tunneling Protocol) is an extension and extension of PPP. For this Protocol to work, two connections are established — the main one and the control one.

Due to the fact that this Protocol was invented back in 1999, its security leaves much to be desired. None of the encryption methods that work with PPTP are stable. Some of them are subject to decryption even in automatic mode. That's why I don't recommend using PPTP. This Protocol has serious vulnerabilities in both authentication and encryption and allows an attacker to quickly open the channel and gain access to data.

A newer way to create a connection is another Protocol built on top of PPP — L2TP (Layer 2 Tunneling Protocol). The purpose of this Protocol is not so much to protect the connection, but to completely regulate the communication process of computers on the network. This Protocol, in addition to creating VPN connections, is also used, for example, to connect ATMs to Bank offices, which serves as a certain guarantee. Although it is worth considering that L2TP does not have its own encryption.

L2TP does not protect the data itself transmitted within it. For this purpose, the IPsec (IP security) Protocol is usually used. It is designed to protect the contents of IP packets and thus can encrypt any type of connection. For a VPN, of the two possible modes, only tunnel mode is used, which protects not only the data of the transmitted packet on the network, but also its headers. This means that the sender of the data will not be visible from the outside.

IKE и IKEv2 (Internet Key Exchange) - strong encryption algorithms and protection of data transmitted over the information channel. It is used exclusively with IPsec, as It is its protective layer - it is thanks to IKE that data in the connection remains under lock and key. In General, these algorithms served as the basis for the development of all modern tools and utilities for creating VPN connections, but it's time to talk about what to choose from.

With the spread of SSL and TLS, the PPP Protocol was extended to SSTP (Secure Socket Tunneling Protocol) and in this form, it works not via an open connection, but via SSL. This ensures strong encryption and packet loss protection. But keep in mind that SSTP was developed at Microsoft, and Microsoft cooperates with governments, so you can only trust SSTP with this in mind.

OpenVPN is the most popular solution for creating a secure connection. This Protocol is open and provides the most serious protection, so you can trust it. Setting up a connection is unlikely to take more than a couple of minutes.

SoftEther is a multi-client for working with both the protocols described above, including OpenVPN, and with its own, no less secure than OpenVPN.
Comparison of VPN protocols.

Tor
Tor (the Onion Router) is one of the best tools for ensuring anonymity on the Web. The scheme of operation implies three-fold data protection and anonymization of traffic.

As described in the name itself, Tor uses so-called onion routing: your data is the core of the onion, and its protection is the layers around it. So, each of the intermediate Tor servers removes its own layer of protection, and only the third, last of them, takes out the core and sends a request to the Internet.

How your computer works on the Tor network.
The entire system is supported by thousands of enthusiasts around the world who fight for human rights and privacy. Thanks to this, each individual site builds its own chain of intermediate Tor servers, which provides complete protection: each site is a new identity.

A big plus of Tor is the stability of its work and a great concern for anonymity: thanks to the diligence of many specialists, it works even in China, a country that is widely known for its strict approach to blocking and punishments for circumventing them.

To make life easier for users, the developers created Tor Browser, based on Firefox, and improved it with add-ons that prohibit sites from following you. For example, HTTPS Everywhere forces websites to use encryption, and NoScript disables the execution of scripts on the page, effectively prohibiting the collection of any user data.

You can download Tor, as well as the browser that comes with it, on the official website of the Tor Project.

DPI
Unfortunately, all these tools may be useless if your provider started blocking with the use of DPI (Deep Packet Inspection) - a system for deep analysis of network traffic. The purpose of DPI is to discard anything that does not look like an ordinary person working on a regular computer, that is, to block any suspicious activity. And all methods of anonymizing traffic are a priori suspicious, so programs often crash or refuse to work in principle.

But you can also fight this. There are add-ons for almost every feature described to protect the communication channel that helps you bypass the vigilant eye of DPI analyzers. For example, Shadowsocks has built-in DPI protection and pretends to perform a normal connection to a remote server.

OpenVPN itself is easily distinguishable, but stunnel also allows you to bypass packet analysis. Stunnel disguises the VPN channel as an SSL connection, which looks harmless: it can also be a simple browser that accesses the site via HTTPS. This makes it difficult to block such a tunnel. If you overdo it, you can block everything altogether.

TLS-crypt, a mode introduced in OpenVPN version 2.4 that encrypts VPN traffic, also helps bypass DPI.

The creators of Tor Browser are specifically working on bypassing DPI analysis tools. When connecting to the Tor network, you can use transport-a layer that provides an unobstructed connection to the first server of a secure network. This transport can either be selected from the list (these are public servers), or you can get a personal one on the official Tor Bridges website.

Best of all, obfs4 shows itself - it is an obfuscator that mixes the transmitted data so that it cannot be detected on the network. DPI usually skips such packets because IT can't guess what's inside.

There are also several programs that try to cheat packet analysis in one way or another, for example, by breaking them into small parts or changing the headers. These include GoodbyeDPI or Green Tunnel with a simple graphical interface - they do not hide either IP or data, but bypass blocking.

The Streisand project can be considered a cardinal solution . its Russian description is available on GitHub. This is a lifesaver in the world of data security. This utility takes just a few minutes to deploy and configure several data protection services on a remote server at once, as well as provide detailed instructions on them.

Result
To preserve our Internet security and anonymity, many technologies of various levels have been invented. Some of them are time-tested, while others help against the latest methods of censorship. Thanks to this, we can still remain invisible, we just need to remember to use this opportunity.

xakep.ru

 

[Jollier]

Lesson on online anonymity for carding​

In this article, I will describe the algorithms for working with proxies, VPNs, and others in the simplest possible language. This is necessary for understanding, so as not to load anyone with professional slang and complex terms that can easily be omitted or replaced with simple analogues.

1. How VPN and SSH tunnels work.
VPN and SSH tunnel are very similar things in the algorithm of operation. Tunnels are even called a poor man's VPN. It all works like this: when connecting to a VPN, an encrypted communication channel is created, and all data on the VPN is transmitted encrypted with the SSL 1/2/3 version protocol. Maybe you can even find a VPN with TLS encryption on the Internet. And every time you press Enter in the address bar of your browser, the request is sent not to the site that you entered in the address bar, but in encrypted form to the VPN.

2. Dedik (RDP), VPNs are not means of anonymity.
Many people think that connecting to a VPN from hide.me, they become wild anonymous users.
For example, are you sure that the person who provides VPN services, his company and he is located in another country?

3. VPN without logs and cleaning logs on Dedik.
It's no secret that various illegal forums promote different VPN services that promise no logs.
With dediks, in fact, the same persimmon. Only there is also added the factor that you will never know the exact number of places where logs are written on your specific server, whether there is some hidden pool there, and whether logs are written over the Dedik itself. And no software that "cleans logs after you log out" will help you.

4. How the police will find you hiding behind a VPN or VDS.
For starters, when they set up the IP from which the alleged crime was committed, they look at which country that IP is from. If not from your network, then they will find out the IP address during COPM, which in a given period of time sent packets (the same encrypted ones that I described in the SUBTITLE about VPN) to the IP address from which the violation occurred. So, if an inexperienced user committed an offense, then almost direct evidence appears against them already at this point.

5. SSL Hacking.
SSL encryption, which is used by almost all VPNs and tunnels, was hacked. This means that the traffic that you drive through the VPN can no longer be considered encrypted at all, and anonymity is lost.

6. TOR.
Many people try to solve all the problems of TOP. And there are a number of problems here. I would say diagnoses. And the name of this diagnosis is illiteracy. First, you will never hide from the site that you are sitting through the TOR, the onion network is open, and the browser settings are also burning you.

The second is that TOR output nodes are often logged by the holders of THESE same nodes. I just want to say that using TOR, I can easily steal all your authorization data (from a bitcoin wallet, for example). Or blackmail you with the content of your requests that you sent from the TOR. You didn't go through the bulbous browser to see funny pictures, did you?

The principle of operation of THOR is similar to an onion, which is why the logo is not a hammer, but a bow. Requests through the TOR browser are transmitted from 1 repeater (the principle of retransmission in the TOR is similar to the principle of cellular towers in GSM operators, these are ordinary computers of activists who allowed the TOR to use their computer as an intermediate or even final point in multi-layer TOR requests. Such computers are called nodes, or repeaters).

7. Fingerprints.
Various good and not so good sites have a lot of ways to identify your computer even when you have cleaned all cookies, reinstalled the browser 20 times, and finally go through a virtual machine. All these things are called fingerprints. For example, the unique number of your processor. This is the simplest one. And there are also fingerprints based on a set of fonts, and I even saw somewhere a fingerprint that identifies users by a computer mouse. They all have different reaction speeds and other parameters. I don't remember all the details, but if you're interested, Google it.

8. Double VPN.
A VPN chain can consist not of a single VPN server that you join, but of two, three, or four (these are Double, Triple, or Quadro connections, respectively) connections. They are more stable, and they are no longer affected by the trick described in paragraph 4, when the police simply looked at which IP was accessed from the VPN IP and calculated who was hiding behind it.

Do you want to escape from the Internet? Then there are more stringent methods that need to be applied in particularly critical situations. While some people are attracted to online fame, for others it can become a heavy burden. Completely removing yourself from the Internet is not always possible, but by following these instructions, you can definitely be close to it.

9. Think carefully about your decision before continuing.
Much of what is suggested below cannot be undone. This means that you will lose all information and traces of your online presence, and in some cases you will not be able to restore your account using the same name and email address. These are drastic measures, and they should be applied on their merits.

• Think about what made you come to this decision? Was it because of individuals stalking you online? Was it an isolated unpleasant experience? Or do you feel an overabundance of it in your life? Make sure that you have a complete understanding of the problem before you start solving it.
• Are there other aspects related to this issue, such as using a different mailbox than the main one? For example, if your current email address creates unpleasant associations on the Internet, could you create a separate mailbox for purely business purposes, such as sending resumes, creating professional accounts, etc.?
• In fact, you may not even remember all the sites where you once registered.

10. Delete your accounts.
As already mentioned, you may not remember all the sites where you are registered. The more popular a site is, the more effective it is to remove your personal information from it if you are trying to disappear from the Internet. This won't necessarily clear the deep web's memory of you, but it's a good start. The following list should help you identify your priorities:

• Delete yourself from Facebook.
• Delete yourself from Twitter.
• Delete your howling YouTube account.
• Remove yourself from LinkedIn.
• Delete yourself from Flickr.
• Remove yourself from StumbleUpon.
• Delete yourself from MySpace.
• Delete your PayPal account.
• Delete your account on eBay or any other online auction site.
• Remove yourself from Craigslist and any other advertising site.
• Delete your account on the school, College, or University website, but only if you don't already study there.
• Delete your personal information from all game sites. Yes, this includes all the virtual valuables that you have won and accumulated over the years. Distribute all your items to people who need them, if this is provided for by the site's rules.
• Close accounts in third-party apps such as Hootsuite, Tweetdeck, etc. that are linked to your social media pages and make them easier to use. Don't forget about them.

11. Look for workarounds if the account cannot be deleted.
The rules of some sites do not allow you to completely delete your account, suggesting instead that you simply “deactivate” it (while all your data remains in the system) or abandon it. If there is a real reason for the deletion (for example, witness protection), contact the site Creator or its administrators; as a last resort, you should be able to change your first and last name data to hide your identity. If there is no one to stand up for you, there is another way:

• Delete any truthful information about yourself from your account. If it is impossible to leave the fields blank (or you suspect that your data is still stored somewhere), replace them with frankly fake (Vasily Oppenheimer, Jr.) or hopelessly hackneyed (Vasya Pupkin) options. You should not associate your abandoned page with some poor guy whose name matches the one you specified. Please note that if you enter a non-existent email address, the system will send a confirmation request there, so this option will not work. This pushes us to the next step.
• Create a new email account on the free site. The less your username looks like your real name, the better (for example: jr7_9![email protected]). Also, do not provide truthful information. Don't close this page; if the email address is really that clumsy, you may not remember it later.
• Link the account that is not being deleted to the new mailbox. Confirm the request to change your email address. When the data is changed, make sure that your primary email address is no longer displayed anywhere in this account.
• Delete your new mailbox. Your account that is not being deleted is now linked to a non-existent email address. There is always a chance that someone will choose this particular username jr7_9![email protected] for email and wants to create an account on the same site. Then there will be confusion, but it probably won't bother you too much.

12. Close your personal pages.
If you created sites online, you will have to delete them completely. These include:

• Blogs. If you had a popular blog, remember that fragments from it may have already spread on the Internet. There's nothing you can do about it.
• Blogs in social networks. Many sites offer blogging as an additional option when registering; do not forget about this if you have created such a blog before.
• Groups like Ning, Gro. ups, Yahoo Groups, etc. How well you will be able to leave such groups depends on the other participants.
• Posts on forums. This may be almost impossible on some sites, but try to do your best.
• Articles that you added to specialized sites. Success will depend on the terms and conditions of these sites.

13. Check if you are listed in the phone company's customer list.
If this is the case, ask them to delete your data completely. Do the same for other client databases on the network that may contain your name and other information.

14. Cancel all mailings to your email address.
This should be quite simple and can be done by clicking on the direct link specified in the message text. Follow individual instructions. If you can't find such instructions, please contact the site administrators directly.

15. Delete the Internet search results related to you.
Enter different variations of your name or nickname in the search engine to find anything you might have forgotten, and delete it manually. Keep in mind that search engines display cached data (including mentions of you) from old pages that have already been changed or deleted.it is not in the search engine's interest to display expired information in the results, so they will disappear over time. In some cases, however, you will need to contact the search engine administrators directly for expedited removal.

Be prepared that removing yourself from the search engine results may require more thorough work, including paperwork in the real world (for example, Fax messages, etc. to confirm your identity). Top search engines and people search engines that you should check out:

• Google
• Yahoo
• Bing
• White Pages
• US Search
• Intelius
• Yahoo People Search
• Acxiom
• People Finder
• Zaba Search

16. Be polite.
Even if you are driven by anger, fear, or annoyance, don't let it affect the tone of your communication with website managers. They are the same people and will respond to a reasonable request for good reasons. If you want to remove the mention of your name because you are looking for a job, say so; this way, at least, they will know that you have a real reason.
Avoid high-pitched conversations, legal threats (unless they refuse to cooperate and you are actually willing to do so), or other unflattering ways of handling a case.

17. Consider using the services of a company that specializes in removing information from the network.
If you don't want to go through the whole process yourself, you could use a service that will do all the work for you. Of course, you will have to pay, but it will be reasonable if the problem requires a non-urgent solution. Look for a service that:

• It is able to remove information about you from the "deep web", and not just from the main sites.
• (Preferably) has agreements with data providers.

18. Delete your email account.
The method of deletion depends on whether you are using a paid or free service. If you decide to take such extreme measures, please wait until all the other steps described in this article are completed, as you may still need your email address to complete them.

• If the service is free (for example, Gmail, Hotmail, etc.), delete your email by following the site's instructions.
• If the service is paid, contact the relevant company for instructions. Even fully electronic organizations need to be managed by live people who can be contacted.
• Some free email mailboxes are deleted automatically after a certain period of non-use.
• Before deleting your email, always make sure that it contains important information that is worth saving. Transfer all the necessary materials to a flash drive or using another storage method.

19. Clean your computer.

• Delete all session history, cookies, cache, etc.
• Delete your Internet browser if you are so adamant.
• Get rid of your computer if you are willing to go to such extreme measures.

20. Accept the fact that you will not be able to delete absolutely everything.
There may still be some things that can't be helped. In such cases, it is best to accept everything as it is. If the echoes of your virtual life haunt you, you can always pretend that it's not you (especially if you have a very common name).

You should know that in the following cases, deleting references to yourself will be extremely difficult:

• Mentions of you in news, blogs, audio files, etc.
• Interviews that you gave to Newspapers, radio stations, etc.
• Comments left by you anywhere else.
• Your photos uploaded by other users to their albums.
• Photos taken by you and found on other people's websites or blogs.
• Information from government sources that provide for the legitimate provision of public data (except in cases where there is a court decision to delete such information).

Recommendations:

• There are special programs that will help you remove information about yourself from various sites. Find them online.
• Using the whois service or a domain search engine, you can determine who owns a particular website so that you can know who to contact if necessary. This is especially useful when the site doesn't include the owner's email address. Look for "admin email" and "database server" in the specified information.
• If the desire to remove yourself from the network is based on addiction, you might try to get rid of it better than the Internet. Check out the following articles: get rid of Internet addiction
• How to overcome addiction
• If you are really stressed about sharing your name and personal information online and don't know what to do, contact an organization that monitors the observance of private rights, such as the Electronic Frontier Foundation (EFF), for help and advice.
• If the problem is that there is false or defamatory information about you on the web, ask a practicing lawyer for advice.
• Please contact Google webmasters to remove certain pages and sites from the search results. Be prepared to explain the reason.
• Change your name. The advantage is that someone who recognizes you under the new name will not search for information about you using the old one. But everyone you knew before knows you by your old name. Moreover, changing your first or last name will lead to difficulties with the registration of business, legal and other official documents. This is not an ideal solution.

Warnings:

• Be prepared for the fact that some developers will start to grumble and insist on their "right" to leave public information free for public access. Some of them simply don't want to look at the issue from a different angle and take it as a personal insult. Be persistent and contact your lawyers if necessary.
• Some sites use mailing lists that try to push you emotionally and make you stay. Phrases like "all your friends will lose sight of you" are designed to make you think twice; after all, the site doesn't want to lose the customer in you. If you are hesitant, take out photos of your real friends, spread them out on the table in front of you, click on the "Delete" button on the site and call your friends, invite them to drink together and chat. So you will cope with all doubts.
• Remember the rule "what gets into the network once stays there forever". Be careful when choosing the information you are going to share on the Internet. The best treatment is prevention.