Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,264
- Points
- 113
Tor
The list of anonymity tools would not be complete without the Tor network. This network is made up of volunteer nodes around the world and is synonymous with anonymity. Tor is short for The Onion Router. The network allows you to encrypt your traffic and, every time you connect to a web server, route that traffic through randomly selected hosts before it reaches its destination.There are dozens of ways to use Tor on different devices. The most popular is Tor Browser. You need to install a Firefox-based application on your Windows or Mac computer to access the web anonymously. On Android, try Orbot. There is no official support for Tor on the iOS platform, but the Onion Browser seems like a decent option.
Tor has several disadvantages, most notably its slow access speed. This option is not suitable for watching videos or downloading torrents. You can surf the Internet, and that's where Tor's capabilities end. Volunteer resources are scarce for faster access.
Secondly, although your internet traffic will be encrypted and cannot be traced, the ISP will be able to tell that you are using Tor. This may raise his suspicions, since Tor is often used for criminal activities. Your ISP can cut your internet connection speed, send a warning, report you to the authorities, even if you did nothing wrong.
For this reason, use obfuscation tools like Obfsproxy with Tor, enable VPN when working with Tor, or do both at the same time. Obfsproxy is a Tor project that makes encrypted traffic appear unencrypted so as not to attract too much attention. VPN will be discussed below.
Finally, there are rumors that the US government is good at analyzing Tor traffic, resulting in several arrests. One of those arrested was the Dread Pirate Roberts from Silk Road. Rumors claim the government is monitoring activity on multiple Tor nodes. There is no specific evidence.
Live OS
The browser is suitable for keeping you out of the way of advertisers and for occasional visits to DarkNet. However, if you want complete anonymity, the nuclear option is required. While no one can track your Tor Browser activity, you probably have a lot of applications running in the background. These are programs for working with text, video players, various managers that send data to the Internet. Authorities are believed to be using unencrypted Windows error reports to find people. Windows 10 contains a lot of tracking software, all of which are enabled by default.You can turn off all of these settings and uninstall all your apps, but this is not a practical solution. It is better to use a live operating system instead. It is installed from a USB stick or DVD. By changing a few settings in your computer's BIOS, you can start a completely independent operating system from media.
The official living operating system of the Tor project is Tails. All internet traffic, not just in the browser, goes through the Tor network. The system leaves no traces on your computer and all instant messages, emails and files are encrypted. It's easy to work with and has foolproof protection.
If Tails doesn't suit you for some reason, Whonix is another option. It is an independent living operating system. There is a virtual machine in your real operating system. It has all the advantages of Tails, it also uses the Tor network, and no IP address leaks are possible. You just need a powerful enough computer to run the virtual machine and the setup process is quite complicated.
Other options include Kali, Qubes, and ZeusGuard. Search for information on them to find out more.
VPN without logs
VPNs encrypt all traffic on the device and route it through an intermediate server to the desired point. Your real IP address is hidden and outside observers, including your ISP, cannot monitor your traffic.Most VPN providers use public IP addresses on their servers. Dozens, hundreds and even thousands of people get the same IP address. As a result, it is almost impossible to track the activity of a particular person among such a large number of people.
VPNs are built for privacy, not anonymity. You shouldn't use a VPN exclusively if you want to really hide. Confidentiality and anonymity are often confused, but there is an important difference. Anonymity means that no one can identify you. Privacy means that no one can see what you are doing.
Using a VPN requires a certain degree of trust in the provider and its servers. Few VPN providers have their own server infrastructure. Your traffic is encrypted on your hard drives and remains encrypted until it arrives at its destination. For a short time, your activity is visible to the VPN provider.
For this reason, it is recommended to work with providers that do not keep logs. This means that the provider does not store information about the content of users' traffic. If the provider is telling the truth about the lack of logs, this is a plus.
In reality, not everything is so simple. Some ISPs promise no logs, but retain some metadata. Depending on how anonymous you want to be, this can be important. The metadata does not contain information about your traffic, but it may contain information about when you used the VPN, how long, how much data was transferred, even your real IP address. Always read the privacy policy of the VPN provider for details like this.
Even a few VPN providers with a real lack of logs require customer trust. There is no way we can verify whether the provider is telling the truth or not, and how it will react to a request for data from government agencies. For maximum anonymity, use a VPN concurrently with Tor. Avoid VPNs in the United States and Europe, where privacy laws and government intelligence agencies may put your anonymity at risk.
Use Tor Browser in conjunction with a VPN to make tracking twice as difficult. VPNs can be manually configured on live operating systems like Tails.
VPN without logs
UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN, HideMyAss, iVPN, HideME, inCloak, EarthVPN, PureVPN. The first 7 services leaked their logs, while the rest simply do not hide their presence and often cooperate with the FBI.VPNs encrypt all traffic on the device and route it through an intermediate server to the desired point. Your real IP address is hidden and outside observers, including your ISP, cannot monitor your traffic.
Most VPN providers use public IP addresses on their servers. Dozens, hundreds and even thousands of people get the same IP address. As a result, it is almost impossible to track the activity of a particular person among such a large number of people.
VPNs are built for privacy, not anonymity. You shouldn't use a VPN exclusively if you want to really hide. Confidentiality and anonymity are often confused, but there is an important difference. Anonymity means that no one can identify you. Privacy means that no one can see what you are doing.
Using a VPN requires a certain degree of trust in the provider and its servers. Few VPN providers have their own server infrastructure. Your traffic is encrypted on your hard drives and remains encrypted until it arrives at its destination. For a short time, your activity is visible to the VPN provider.
For this reason, it is recommended to work with providers that do not keep logs. This means that the provider does not store information about the content of users' traffic. If the provider is telling the truth about the lack of logs, this is a plus.
In reality, not everything is so simple. Some ISPs promise no logs, but retain some metadata. Depending on how anonymous you want to be, this can be important. The metadata does not contain information about your traffic, but it may contain information about when you used the VPN, how long, how much data was transferred, even your real IP address. Always read the privacy policy of the VPN provider for details like this.
Even a few VPN providers with a real lack of logs require customer trust. There is no way we can verify whether the provider is telling the truth or not, and how it will react to a request for data from government agencies. For maximum anonymity, use a VPN concurrently with Tor. Avoid VPNs in the United States and Europe, where privacy laws and government intelligence agencies may put your anonymity at risk.
Use Tor Browser in conjunction with a VPN to make tracking twice as difficult. VPNs can be manually configured on live operating systems like Tails.
DNS without logs
When you enter a URL into your browser's address bar, a request is sent to the DNS server to find the IP address that matches the specified URL. Even when using a proxy like VPN, these DNS queries can be sent outside of the encrypted tunnel to the default server. By default, DNS queries are usually sent and recorded on the closest server of your ISP.If this happens while you are using a VPN, it is called a DNS leak. Many VPN providers offer DNS leak protection whereby all Internet traffic, including DNS queries, goes through the VPN. These providers usually run their own DNS servers, which don't record which sites you visit unless they promise to keep no logs.
Even if the VPN advertises DNS leak protection, this statement can only apply to IPv4 leaks. IPv6 DNS queries can still be sent over the network by default and seen by web servers and ISPs. It would be nice if more and more VPN providers use IPv6 DNS servers, but for now, the best solution is to disable IPv6 in the internet settings on your device. Here is a tool to check for IPv6 and IPv4 DNS leaks.
If your VPN provider does not have DNS leak protection, or if you do not use DNS at all, try choosing a public DNS service without logging. You can change the DNS settings on the device so that requests do not go through the server of your provider. DNS.WATCH or OpenNIC servers are recommended.
Temporary email
To remain anonymous, you cannot log into your existing accounts. Meanwhile, many websites and apps require you to sign in to your account. This is where temporary email addresses can come in handy.Several services offer free fake and temporary email addresses. It is recommended to use Guerilla Mail without registration and messages. There is a password manager here to remember the passwords associated with these accounts.
For longer term untracked email addresses, ProtonMail may be considered the best option. It is an open source end-to-end encryption service that uses web and mobile applications without disclosing sensitive data. Unfortunately, new users must be invited because the server is limited. ProtonMail works on the basis of donations, moreover, it is blocked in the Russian Federation.
If you don't want to wait for an invitation, Zmail is an alternative. Here you can send letters from fake addresses.
Never use your real email address when trying to remain anonymous. Don't even read emails or log into your account. If you want to send an encrypted email from a temporary address, you need to configure new PGP or S / MIME keys.
Cryptocurrencies
If you want to make an anonymous purchase or donate money, cryptocurrencies are better than credit cards or payment systems like PayPal. Which doesn't mean you just have to open a Bitcoin wallet on major exchanges like Coinbase and start spending money.There is a misconception that Bitcoin is always anonymous. In fact, the nature of blockchain is such that every transaction is tracked and verified. These publicly available records can be analyzed by linking your wallets and transactions to your identity.
By analyzing the activity that anyone can see on the public blockchain, the reviewer can associate your identity with all your wallets and transaction history. As a result, Bitcoin may even be less confidential than a bank account.
To get around this, use wallets that change address after every transaction. It will be more difficult to track them down. Also use Bitcoin mixing services, where your money is put into a common pool with other people's money and mixed before the payment is sent to the recipient.
The hardest part is buying bitcoins anonymously, as this requires real money. Private transactions and peer-to-peer exchanges like LocalBitcoins will provide maximum anonymity when receiving cryptocurrencies.
Remember that Bitcoin is not the only cryptocurrency, although it is the most popular. There are many other cryptocurrencies like Litecoin, DarkCoin, Dogecoin.
Search engines
Google tracks your every search query. It doesn't matter if you use Tor, but it is still advisable to find another search option.For example, DuckDuckGo. It is one of the most popular search engines and does not monitor user profiles. It can be set as the default search engine in your browser.
DuckDuckGo is a completely independent browser, so the results will not be as complete as Google. Fortunately, it is possible to get results from Google without Google itself.
StartPage removes personally identifiable information and performs every search on Google for you. No user activity records are kept. All search results are displayed with a link to the proxy below them, allowing you to go to any site through the proxy while maintaining confidentiality.
File transfer
There are times when you need to send someone anonymously a file that is too large to attach to an email. For example, you want to publish some documents, but no one knows that you did it. In this case, uploading files to Dropbox will not be enough.FileDropper is a simple and convenient solution where you can upload up to 5 GB of data without registration. WeTransfer is another option that allows you to upload up to 2GB of data without registration. In such services, you can upload files and send links to them.
Remember to visit these sites using Tor and share links using temporary email or other anonymity methods. The site can collect information about visitors, even if registration is not required.
Choose browser extensions carefully
Tor Browser has little support in browser extensions for a good reason. Advertisers are tracking users in an increasingly sophisticated way. One of the most advanced surveillance methods is fingerprinting. By collecting information about your web browser, what extensions are installed, what device you have, in what language, etc., companies create your profile.It's even better than an IP address. You can reboot your router or enable VPN and your IP address will change. In this case, you will have the same computer or mobile device, the same processor and memory, browser and other defining characteristics.
Many extensions help maintain privacy. Among them are ABP, Disconnect, Privacy Badger, HTTPS Everywhere. However, they also contribute to the formation of fingerprinting profiles. This is one of the reasons why it is difficult to remain anonymous in popular browsers like Firefox or Chrome.
If you want to test how well the browser protects you from surveillance, check out the Panopticlick website. This tool from the Electronic Frontier Foundation (EFF) details how an ad agency can identify your browser with a unique fingerprint.
In addition to fingerprinting, browser extensions can communicate with servers without you noticing. They can potentially record metadata that can identify you and your online activity.
Encrypted communication
In addition to e-mail, you may want to hide the traces of sending messages and calls. Encryption is more about privacy than anonymity. Even if the message is encrypted, the sender and recipient can be identified. However, there are a few things you can do to achieve anonymity.Signal is the most popular encrypted voice calling app for smartphones. There is also instant messaging here. Users can verify the identity of their contacts by comparing key fingerprints.
There are many free and private options for encrypted text and multimedia messages. TorChat uses peer-to-peer encrypted messages on the Tor network. There is no need for installation and you can run applications from a USB flash drive. Alternatives include Pidgin and CryptoCat.
Encrypted backups
Even if you remain anonymous, you still need to back up and store large files. Sometimes it is required to give access to them to other people. Stay away from Google Drive and Dropbox as there is no privacy protection like encryption and no anonymity.It is best to make backups locally on an encrypted external hard drive. Crashplan offers a free version of its program for this.
If you want a cloud service, you need a trusted provider. Choose a service like zero knowledge, which allows you to set your own encryption keys. This is available in SpiderOak , iDrive, BackBlaze, Crashplan, which will prevent the ISP from decrypting your files.
If you want to work with Google Drive, Dropbox, or other storage without encryption, you can encrypt your files first before sending them to the cloud.
Webcam Security
It is known that webcams can be activated remotely and spy on users. Mark Zuckerberg and the head of the FBI even put duct tape on them.Malicious applications can remotely activate webcams. Real-time antivirus protection and periodic antivirus scans can help protect against this. If your laptop has an LED that lights up when the camera is activated, make sure that LED is working. If you don't want to tape up the camera with duct tape, cover your laptop when you are not using it.
Securing Your Wi-Fi Router
Many users do not even think about changing the router settings after purchasing it. Unsecured routers can be targeted by attackers. You can intercept traffic, read it, make changes to it. If you are on someone else's Wi-Fi network, it is advisable to use a VPN.If you want to remain anonymous, it is important to change the login and password for entering the router settings, update the firmware, set the most severe encryption level (usually WPA2), restrict incoming and outgoing traffic, disable WPS, disable unused services, check port 32764, enable and read logs, exit the router after shutdown.
iOS and Android are not good for anonymity
If you choose an Android or iOS device based on anonymity, use Android. However, even here, complete anonymity is not available to you.It is much more difficult to maintain anonymity on a smartphone than on a computer. Tor's anonymity tools are not mature enough to work well on mobile devices. Apple and Google are closely related to these devices. You can access onion sites using the Orbot Android app, but that is where your options are limited. There are no official Tor browsers for iOS.
There are no living operating systems with which smartphones can work, like TAILS on computers.
Smartphones have IMEI numbers, MAC addresses, operating system vulnerabilities that cannot be closed and that can be used to identify a specific device when it goes online. Since manufacturers usually make changes to Android, it is difficult to tell what vulnerabilities are in specific devices. Apple and Google can track any iOS and Android device, respectively.
Applications constantly communicate with servers on the Internet, transferring data back and forth. This data allows you to track users. Even something as simple as a software keyboard can be used to analyze activity. Cameras and microphones can be hacked to spy on users. When the device receives a signal from the cell tower, its location is determined. In general, there is a lot going on on Android and iOS that users cannot control.
While it seems pointless to try to make smartphones completely anonymous, you can make them much more private. On Android you can encrypt your device, iPhones are encrypted by default. Using VPN encrypts traffic, you can also set a self-destruct sequence if you enter your password or PIN code incorrectly several times.
Finally, companies like Silent Circle are making Android smartphones with security in mind. For example, Blackphone is fully encrypted and works with multiple virtual phones to categorize data. Silent Circle offers a subscription service for iPhone privacy. As mentioned above, confidentiality is ensured here, not anonymity. The contents of the smartphone will be protected, but it will be possible to find out whose smartphone it is.
Beware of the Internet of Things
The Internet of Things opens up new possibilities for hackers and espionage. Many IoT device manufacturers think about security as the last thing. A simple note of what time of day a smart air conditioner turns on can provide clues about the owner's habits. Critics have warned of the dangers of working with devices like the Amazon Echo, which always listen to voice commands, even when turned off.Depending on your network activity, this could be a threat to the user's anonymity. Use IoT devices with care.
Create a list of necessary measures
No anonymity tool is perfect, not even Tor. This does not mean that they are ineffective. While wealthy corporations or government agencies can spend a lot of time and money analyzing Tor traffic and ultimately find the person they are looking for, it is more likely that the user will make the mistake of impersonating themselves.How can you avoid such mistakes? You can make a list. Whenever you want to remain anonymous online, check the list. Write it down on a piece of paper, but do not write down any logins, passwords or other identifying information here. This is what the list might look like:
- Connect to VPN service without logs
- Go online with Tor Browser / Tails
- Use a DNS server without logs
- Log out of all online accounts after you finish work
- Close all applications and background services with an internet connection
- Disable and block all tracking in the browser and operating system
- Send emails via temporary email
- Register new accounts and log into them via temporary email
- Find information with DuckDuckGo and StartPage
- Mix bitcoins and use third-party wallets
