> Companies can still track me, my data's still out there.
It's not all or nothing. Like any security (and confidentiality is one of the three pillars of security), there's no perfect solution but you can make it more costly for attackers. A few things that help for little cost:
* Use a pre-paid phone plan; don't give your identity to the telco. (Maybe not possible in all countries.)
* Use a VPN and/or Tor. Protect your browsing habits from your ISP.
* Use an ad-blocker or something like uMatrix to stop most tracking
* Pay for things with cash when possible. If it was invented today, we'd all be impressed with the technology: Complete trust between strangers, anonymous financial transactions - all implemented in paper; no encryption needed.
* Use one of the many anonymous, confidential communication services for chat, text and voice.
But I agree that the answer in the law, not technical means.
Don't let leaks make you nervous. It's worth presuming your account info will be leaked at some later date, and there are precautions you can take to dampen the blow it has on you. For example, use prepaid credit cards instead of bank-issued ones. That way if your CC ends up on some underground carder forum, it has $0.00 in the balance (and the card can't have a negative balance). Services like privacy.com offer these.
Use burner phones, disposable email addresses. Always poison the well with fake names. Never give out your real name to any service, even if the service demands it. Religiously use Tor for any sensitive topics (Like politics, health). Religiously use DuckDuckGo.
Don't use social media and lock down your browser to limit fingerprinting. Your remaining big threats are phone apps and traditional data brokers profiling your credit card usage. Cut out all unnecessary apps, block everything else with a firewall and pay cash. You will then be far more opaque to the private surveillance apparatus than most first-worlders.
"I don't like being profiled and tracked as I go around the Internet"
Nobody does, so don't provide identifiable information.
You are always being tracked on the Internet. Get over it. Nobody is interested in you personally, just your aggregate patterns of behavior with millions of others. Your only solution in-line with your personal philosophy is to go off-the-grid and live in a tree house in Borneo. Anything else is just half-assed conspiracy rantings for the purpose of getting attention by drawing an arbitrary, useless, but terribly noticeable line in the sand that requires you to inconveniencing others.
There's a terribly obvious two part solution to your problem (with an optional third)
1) Use your browser's incognito mode/private browsing mode so tracking you becomes hard/impossible
2) Don't provide your real information when creating accounts, they don't need to know your info, so don't provide it. I can count the number of sites I've provided real information to on one hand, and all of them were e-retailers so I can have them ship me something.
3) (Optional) In the event that you are important enough for somebody to bother being interested in your on-line shopping habits, surf behind VPNs then TORs then Proxies. Your experience will suck, but it will be a multi-m/billion dollar national government level effort for somebody to personally identify you that way. It's good enough for the intelligence agencies of the world, it's good enough for you.
"I believe that pay-walls should not be in front of free information."
and fill it out with whatever information you feel like, it doesn't even have to be your real info (mine isn't), and boom, you've provided nothing of value to Google and you can access an entire universe of information while making your philosophical point that information wants to be free and that you are specifically important enough for anybody to care about what you are doing. You even get a free email address!
Even better share that login with your friends, get lots of people using the same account. Provide so much noise in the tracking logs that it's impossible to tell your specific information anybody else's. And since you'll be doing this all from behind a few VPNs, TOR and various other obfuscation and encryption technologies, you'll be able to finally, at long last, surf safe and read that post on Google groups.
? Don't be so lazy about your own privacy. You are the source of most of their data from where you ate last night to what movie you're watching tomorrow. So stop doing that.
? Populate the surveillance database with junk data by being unpredictable each and every day. Make it more difficult and expensive to build a profile about you.
? Use TOR for your web browsing.
? Make everybody aware of the issues and why they are important and get them to spread the message further.
One thing I noticed out of many of the list items given in the post here:
> Only use Tor
> Always use a VPN
> Never use Google -- only DuckDuckGo
> Disable JavaScript on your browser
> Watch all incoming and outgoing network calls regularly and scan for abnormalities
> Encrypt your laptop and any external drives
> End-to-end encrypted communication only
> Don't use Gmail -- use ProtonMail
> Never pay with cards. Use cryptocurrencies.
> Turn off all location services from your laptop and phone
Is that these can actually be solved with technology in a way that these are thedefault and popular behavior (as TLS 1.3 is in HTTPS).
So it's important that we realize that these technologies (or something like them) are important anddesired by everyone, but just need a bit of development to work. Https and signal are great examples. Many of my parents and grandparents are on signal now, because it's better than most other apps (whatscrap, Facebook msg, imsg, etc). Is the Loki network and Session better? Sure. Of course. But grandparents aren't using it yet because not everyone they know is on it yet like signal, just the tech knowledgeable, or many of their grandchildren.
But ultimately, None of this should require any effort whatsoever.
The rest of the points about concealing your name or not is more obviously a choice by the user, as they have to provide it knowingly - so it's less of an issue because they're more likely aware of their choice.
> Don't buy domain names
I'm not sure I understand this one - anyone have an explanation?
Because it is always possible you will fail your Tor discipline, I would add some defense-in-depth aspects, in case your browser is compromised and your network address is revealed.
- Use separate hardware. A cheap laptop and a cheap phone.
- Burn the receipt and chuck the packaging.
- Cash. Pay in cash.
- Buy from small stores with no CCTV, or better yet, from people like migrant workers.
- You can buy stored value cards (debit cards) without ID, and some you can load with cash at ATMs. (Also good to buy from travellers.)
- Once you have a debit card you can pay for data without going to a store.
- If you turn on your Wifi tethering and other devices are in range you have created an event in their logs. Just use a cable. If you must, change the SSID regularly and use Android 6 which has MAC randomisation. Never have any other SSIDs saved, especially not your home network.
- Turn the phone off when not in use. Removing the battery is advisable.
- Don't connect to 3G near your home or work or where there is pervasive CCTV or not many people.
- If your commute is logged (via your cellphone, number plate recognition / tolling, personally identified public transport like Oyster cards) then your location can be correlated against when your persona was online.
- It might seem that transmitting from different locations is a good idea. But not really, it gives a more unique history.
- Run Tor on the laptop. Run nothing on the phone, its just a radio.
- If you want to use Signal, get another burner phone.
- Invest in some numbered wafer seals or tamper bags. Keep your kit in them when cached.
- Don't tell fibs to federal agents. Record all interactions with them.
I guess I shouldn't use a VPN, because that might look like I have something to hide. Using cash? No way! If I use cash I might look like a criminal. Leave my cell phone at home? No way, I wouldn't want to be suspicious, would I? I need the government to surveil me every second of every day, because if they don't, maybe I'm a criminal.
At what point do you say enough is enough, and embrace the idea that you should minimize your digital footprint whenever possible?
Basically, you can't avoid being surveilled without radically altering your lifestyle. If you did, then it'd be something like:
0. Don't use a cell phone.
1. Don't use Google.
2. Don't use Skype or any other VOIP or telephone service.
3. Don't use social networks.
4. Don't use electronic money, including the bank account you are presently being paid in to.
5. Don't use individually booked international flights or ships.
6. Don't use email.
7. Don't communicate regularly with the same set of people. If you must communicate, do it either using steganography or in brief and without revealing any identifying information (spelling, voice, writing style, etc.)
Yes, that has always stopped me from doing some things, I would like to do covertly and aren't exactly ok. But there is no safe way to do it. How do you make sure that you won't get into traffic accident when going on mission or returning from it. It would be really nice to hear how you make roads 100% safe.
I'm also too security oriented and been monitoring this field for over 15 years. So I know how hard it is to be absolutely anonymous. I also know that my Finnish & English aren't exactly textbook examples, so I can be profiled easily out even if I would be technically 100% anonymous.
I always surf the web from virtual container which is fully reset after each session. I also don't ever process, email, im, web, archives or what ever on host system. I also have completely separate (hardware), similarly safe configuration for handling PGP/GPG encrypted messages, which is connected only via serial-link so I can view the ASCII armored payload before sending it for processing. Anything else than ascii armored payload isn't being sent over that 7 bit link ever.
It's also obvious that I have prepaid dumb phone(s), one for each identity, which are circulated on random schedule. I only use those phones at single location (without other tracking devices), because moving with those would allow linking my (moving) position with my other phone(s). Making it easy to correlate those. Yes, I know this is non-optimum solution, if you're expecting someone to hunt you down. But it's good for generic privacy as long as you don't expect anyone to be there waiting for you.
Getting rid of habits is also very hard and requires huge effort. That single thing (service, program, password, etc), word or phrase you just used, will single you out from larger group.
It is traceable when the appropriate dataset is overlaid on top of it. Ie. IP addresses, known public keys associated with people/organizations. Within itself, you don't know who is sending or receiving.
Anti-censorship is worthless without protection.
Protection comes from anonymity/pseudonymity.
I do something on the network my government doesn't like, they track me down and put me in jail. Great system.
Yes, its almost as if you need to take steps and precautions to ensure that your government cannot track you down. You know where its even easier to trace your transactions and freeze your assets? Your bank account.
Excellent advice. My primary concern is to avoid data leakages to marketers, app developers, and the Googles of the world. My secondary concern is to avoid being caught up in dragnet operations of the sort that the article is reporting.
Trying to evade a governmental body who is interested in me specifically isn't really on my radar at all, in part because I'm not interesting to such bodies, and in part because if that becomes a point of concern for me, then I need to stop carrying any devices that transmit radio signals at all.
I don't really think ordinary people (and rich people TBF) can completely defend themselves against any state player.
Anonymous guides I read mostly recommend Tor, anonymous sim card and purchasing electronics with cash. But I don't think it's going to render any state player's work impossible. I mean if they are really onto you.
On the other side, three char agencies cannot waste resources on every individual, so the best way is to stay out of the radar.
1) get a "burner" cell phone, pay in advance service that isn't tied to you. Use cash to buy "gift card" or prepaid ahead of time for anything you do with this phone or online. Disable location tracking.
2) get a chromebook or other cheap laptop that isn't connected to "you"
Use the laptop and phone for anything you do online. Do not connect to public wifi, or use the accounts on other devices or your personal accounts on these devices.
You should be able to stay relatively anonymous this way. You will have a phone and laptop to run whatever operations/statements or other activities you want to remain private from your real life person.
You may want to go a step farther and use a pre-paid VPN service for all activities as well. But by all means, don't mingle your devices...
Use an ad blocker in your browser. Always use private mode tabs, or clear your cookies frequently.
Set up a cheap VPS, and tunnel all your traffic through it over a VPN. Configure it with your own DNS server. Use a firewall to block all traffic to known tracking services.
Set up your phone to use this VPN too.
Don’t use social media.
Don’t use GMail, GCal, GContacts, etc.
Use ‘+’ extensions on your email to create single purpose addresses that you can track and blackhole.
Don’t disclose your real name, birthdate, phone number, etc, for the online services that you have to use. You can get dedicated phone numbers from eg Twilio for 2FA.
Don’t use loyalty programs.
How far you go here is really just a matter of how much you care. And how much you’re prepared to sacrifice some aspects of modern life.
It's not all or nothing. Like any security (and confidentiality is one of the three pillars of security), there's no perfect solution but you can make it more costly for attackers. A few things that help for little cost:
* Use a pre-paid phone plan; don't give your identity to the telco. (Maybe not possible in all countries.)
* Use a VPN and/or Tor. Protect your browsing habits from your ISP.
* Use an ad-blocker or something like uMatrix to stop most tracking
* Pay for things with cash when possible. If it was invented today, we'd all be impressed with the technology: Complete trust between strangers, anonymous financial transactions - all implemented in paper; no encryption needed.
* Use one of the many anonymous, confidential communication services for chat, text and voice.
But I agree that the answer in the law, not technical means.
reply