I imagine the challenge is that there are plenty of people who would use Tor to create hundreds, if not thousands accounts not personally linked to them, if they are able.
Whereas if you wanted just one anonymous Twitter account badly enough, you could get a burner prepaid cell phone using cash (make sure to not turn it on at home or at work).
Twitter as well. Try to make a new account in an incognito window without providing your phone number and you'll either be stopped from completing initially or find the account blocked before you've interacted in any way.
And if we're talking about real anonymity, lots of the internet is blocked off if you use TOR, whether by the site itself or some cloudflare or whatever CDN or hosting service.
Twitter's statement is consistent with your experience, given the empirical reality that Tor IPs generally "exhibit spam-like behavior" way more often than the average Internet user's IP. Note that Twitter's statement says nothing about anonymity as an end-to-end goal, only the technical ability to use Tor. And, as always, you can buy a burner phone.
What would a good solution for this be? Any anonymous proxy would quickly be used by people who want to spam Twitter. (So, among other things, this means that Twitter running a hidden service isn't directly useful.) Could a proof-of-work or rate-limiting system allow building a proxy that couldn't be practically used by spammers?
This doesn't really solve the problem. But it does make it a pain in the butt for me to just create an anonymous account to bitch about random stuff on, which I've tried over TOR before and they don't make it easy. If I am highly motivated to create fake account, I'll create a fake account through a burner or more some service like twilio.
I think anonymous accounts should be expensive (in terms of time) to set up. Anonymity and pseudonyms are important for those who need to whistleblow or are from oppressed groups so the possibility absolutely needs to be preserved. But what isn't needed is cheap throwaway accounts that can be used for abuse and then discarded as soon as they are banned.
If to sign up anonymously you had to do something, a quiz or play through a game that took about 30 minutes then that would reduce the rate of account creation for abuse. If you were prepared to give a real phone number (and use it for verification) then you could bypass the task and get an instant account but obviously any ban would apply to the phone number not just that particular account.
It's actually tricky enough to setup an anonymous account on Facebook or Twitter. They essentially extort and harass you asking for a phone number, and if you don't provide it: no account for you. And for those crying 'Burner phone!'. Where I live you have to register your legal name and have it attached to the SIM card. And then there's the cellphone masts that record your phone's interactions and proximity, so it's a hard problem. Anonymity is hard.
As for encryption, does this mean we can't do online banking if it's outlawed?
Tor is amateur hour. The Feds can easily deanomymize things where a server is up 24/7 servicing requests.
The author of this article is also very wrong: Anonymity is not on a spectrum. It’s all or nothing. Like a Mario game where any mistaken encounter makes you start over (and that’s if you don’t get in trouble for what you did).
First step is to understand that any system could be bugged. Every IRL confidant could sell you out. Every keyboard could have a keylogger, etc. Every store could have a security camera. Phones are giving out their MAC numbers to every cell tower and wifi radio. They now have chips you can’t turn off, and so forth.
You should also assume there is no such thing as an “anonymous” account and that every service COULD sell out whatever information you gave it. (Yes, even Telegram or ProtonMail, however unlikely that may be.)
The below is a playbook for how to become truly anonymous. Continue to live your everyday life but the below is only for your “anonymous” identities, which you can gradually bootstrap as a hobby:
The first thing you do, therefore, is bootstrap your identity by taking advantage of unlinkability that is available to you. Buy a bunch of Android phones on Craigslist for cash, for example. (Or pay a homeless guy to buy a phone in a store for you.) Do not use SIM cards at all, only WiFi. Never take photos, etc. Keep your phone off or in a faraday cage until you use it. For extra points, always use it through a VPN on WiFi at home, which you purchased using the accounts below:
Then make an anonymous google account on the Android phone. Make some ProtonMail accoung usinf such an anonymous Google account. Now you can bootstrap from email addresses.
Buy some Google Play gift cards and download some apps to get a second number. Now you can bootstrap from a phone number. Sign up to Telegram, Signal and other accounts using this. Now you have end to end encrypted messaging.
Frankly, though, realtime messaging is a bit of a luxury to continue to stay in normie world. To stay truly anonymous, you should continue to:
1. Schedule posts and mail send/receive at random times. Do not ever use realtime audio or video because it might be recorded. You might make an exception for early days of your projects when people would have no reason to go out of their way to record you — just to give them confidence you’re a real person. But afterwarss, stop doing that. Let the people build your movement for you.
2. Never mention your anonymous identity or projects from your real one, and vice versa. This means your anonymous identity MUST NEVER have confidants or colleagues IRL. Build up a network of colleagues who are “fronts” for what you do. Eventually you can step back and let the movement do things for you.
3. Pay and get paid in cryptocurrency. Have smart contracts send you the money (think Richard Heart’s Hex origin address, but actually anonymous).
4. You will only ever be able to spend the crypto on paying people for services and DeFi protocols. You can never cash out to fiat, because the IRL purchases catch up with you when they follow the money. There is a surprising amount of online services you can spend $97 million dollars on, while staying anonymous ;-) If you really do need to spend money IRL (because you went broke somehow in your everyday life) then you can cashout using cross-chain bridges and Monero to pay for goods. But still, never get ostentatious wealth IRL!
5. The weakest link then becomes your writing or coding style. Never publish any code or writing, let others do it for you. Make your communication to others from your anonymous identity sufficiently different than anything saved later would not identify you (this is the weakest link, but you can consider “playing a character” when speaking to others).
6. Any private keys that you used to sign your messages can be periodically published in some conspicuous place, effectively giving you plausible deniability about all your previous and future posts. It’s hard to prove a negative (that no one else has access to your private keys before your public disclosure.)
Sadly the anonymity part (at tleast as meant a few years ago) is not true anymore...
Live in a shitty country, want to tweet the truth without your government finding out and treating you like Assange? Just use tor, make a social network account and publish the truth!
And the reality? Every cloudflare based site first gives you a long and hard captcha. Then you try to register an account, and again, one of thoss arkose labs[0] captchas. Then after rotating the 7th image in the right orientation, you finally get your twitter/facebook/instagram/whatever account... you try make a first tweet/..., bam, your account closed, you need to verify with a phone number. You buy a disposable prepaid sim card, risk exposing yourself, and again get banned. A bunch of services even block tor exit nodes directly by IP.
Yeah, sure, you can run a hidden service, and all three users, that know how to use tor and find that address will see your writings, but reaching wide audiences is impossible.
yeah, i know it's just a rant, but it's a pain still
Have you actually tried to set up an anonymous gmail account recently? Because I think you'll find that it is borderline impossible. Gmail's algorithms end up requiring SMS authentication when you're working over tor, which essentially deanonymizes you or requires the additional step of getting a burner phone for SMS; neither of which is good and probably will get you on all sorts of lists...
Here’s my plan: Tor browser inside a Linux VM running on a computer that is connected to Mullvad VPN. No private messaging on Twitter whatsoever. With anonymous account, I plan to not provide any personal details, so even if someone has access to “my” data it won’t do anything. Still think it’s a bad idea? Curious to know your thoughts. Thanks!
It is extremely easy to create an anonymous number already, let alone a gmail account. A friend of a friend daisy chains anonymous numbers with physical burners for a "proxy" effect.
So.. I'd suggest a project of mine. Full disclosure, you require more than one burner device. Ultimately you'll want a VPN you can trust. Also - it depends how much your anonymity is worth to you, and your relative cost. Similarly - to whom do you want to be anonymous?
I wanted to create a fully digital individual. My goal was to go from end to end. I bought (in cash) a prepaid credit card. I used said prepaid credit card to sign up to the VPN, paying for 3 years - under the assumption the card is burned. With said VPN I created a paid for email account with a trusted service (not gmail or office). I used said email to sign up with a VOIP provider, to receive a telephone number that could receive SMSes.
Then, I signed up for a twitter, and a domain. Use the above to set up a corporation with nominee shareholders in the jurisdiction of your choice, same with bank account. Congratulations - you can now buy your certificate.
Now, using the funds of the corporation do everything above again - such that you're able to tie the corporation's CC to the outcomes.
There's a lot more - but this is a reasonable start.
This may be illegal where you live. At the very least, depending on how you use the above there are tax implications.
Ooof, yeah. I was trying to make a new, purely anonymized identity. Went through an anonymized bitcoin VPN with TOR on top. Registered an email through Protonmail.
Pretty much no social media platform will accept Protonmail as an address without also having a phone number.
Got banned from Discord within 3 hours, literally all I'd done was send three friend requests and join one discord. My IP was rotating and I then needed to have 2-factor authentication (and protonmail wasn't allowed, I needed that phone number).
So, I went out and bought a burner phone, cash, with a 1-year prepaid account. Got it setup over a wired proxy with all radios turned off. Now at least I had a Google account! (they also require a phone number)
And Discord proceeded to reject it, because I needed to have a 'real' phone number from a major carrier.
I essentially needed to craft an entirely new identity if I wanted to be truly anonymous. It was eye-opening how invasive and pervasive the 'track you down to a real identity' accounts have become.
You need to be very naive technologically to believe it is trivial to have an “anonymous” Facebook account.
This probably it is only possible if you use a burner phone bought cash without a SIM card and use exclusively public WiFi hotspots.
Not related to Tor, but food for thought regarding anonymity...
Quite a few people online wear multiple masks. You're that wonderful professional on linkedin with your full name on display, the ideal grandson on Facebook, but also a Twitter shitposter and toxic gamer under the disguise of anonymity.
Its worthwhile to consider the anonymous version of you. I'm imagining that it won't take long before a few dots can be connected. Not by the FBI, surely they already can, but as a public service. AI reverse engineering your clicks, writing style, whatever other input.
Meaning, if there's a "socially less accepted" version of you, do worry. It seems inevitable to me that they ultimately get linked back to your true identity.
And to be clear, this isn't just about a burner account to let off some steam. Anonymity is also used to freely criticize employers, political ideas, the establishment in authoritarian regimes, and it's an essential defense for people/groups that are often the target of harassment.
To illustrate how easily this can go wrong, recently a giant Twitter dump resurfaced. It turned out to be a cleaned up 2 year old file, but it did send a lot of people into a moral panic. Specifically, some made the mistake to link their real identifiable email address to their burner account.
The bottom line is that anonymity is fragile and unlikely to last.
I believe one can achieve quite strong anonymity given sufficient effort. The effort is probably more trouble than most people are willing to make in most circumstances. Often people want precisely to engage in social activities on line with their primary identities visible.
A lot of smart people have put a lot of effort behind projects like Tor and Torbutton. https://www.torproject.org/torbutton/ Having some expectation that they can be effective when used properly does not make one a fool.
Could be anonymous but still keep the unique phone ID and boot/hide disruptive users. Users probably want anonymity at a far weaker guarantee than, say, Tor offers.
Try being truly anonymous on the Internet these days. It's near impossible. Most online vendors won't accept pre-paid credit cards. Many email providers require you to provide a phone number or another email address as "verification".
Even posting on forums is difficult, because while Tor is decent for fetching data, some websites blacklist Tor IP addresses (or, even if they don't, there's a chance you may be sharing an IP address with someone who was banned from a forum).
Whereas if you wanted just one anonymous Twitter account badly enough, you could get a burner prepaid cell phone using cash (make sure to not turn it on at home or at work).
reply