I’m trying to browse the internet via the Tor Network and stay completely anonymous while doing so. I want absolutely nobody to be able to know my IP address, location, or any personal data.
I’ve already asked around on other subreddits and so far I’ve collected the following information:
-Use Tails OS
-Use a Network Bridge
-Use a Public Wifi (if I want nobody to know that I’m even using Tails tough apparently this is only sometimes necessary for things that require absolute anonymity)
-Turn off JavaScript
I was also adviced to go on the subreddit r/Opsec to get further information on how to protect my privacy, especially in terms of what I actually do while browsing anonymously. I thought this was just reffering to not sharing any personal data but apparently there’s more to OPSEC than that. I’m still not quite sure what is meant by that, is there anything else I should do or avoid besides not logging into public accounts anywhere?
In short, I am looking for a way to make it practically impossible to be able to tell who I am based on what I do online. I wanted to ask if anyone could give me any further technical requirements/advice and what I need to make sure to do while browsing anonymously to ensure my privacy.
There is a company that sells a metadata of internet traffic bought from many ISPs. e.g. Team Cymru. Team Cymru claims to cover 93% of the world’s internet traffic.
Worse still, Team Cymru can sell its products to private companies. If your ISP or upstream ISPs have bought netflow data from Team Cymru and are using it, your traffic through the VPN or proxy is practically unmasked by the ISP.
Moreover, in this scenario, even Tor may not be able to help you hide from your ISP, since the ISP can almost be considered a global passive adversary.
This means that what was once thought only possible for three-letter agencies is now relatively easy for private companies to do.
Depending on the country you live in, this kind of correlation analysis may be implemented to deter crime or for other reasons.
I2P and NymTech can be effective in preventing these attacks. However, these technologies are more inconvenience than Tor, or it remains unclear to what extent they can withstand real-world threats, as they are new technologies.
Most existing anonymous networks leave open the scenario of a potential threat if an adversary takes full advantage of a relatively large resource (leaving aside the feasibility of that scenario). Since complete anonymity is hard to achieve, compromises may need to be made regarding your needs.
There’s no such thing as fully anonymous. The only thing you can do is make a persona that disappears in time. Be normal, be boring. If someone wants to find you, they will.
Connect to the internet via someone else’s router (a cafe or another home for example). The worst-case scenario, if they trace your IP, is they will only know “it was someone connecting from this cafe or home”.
You can connect via TOR. This is not a guarantee that you will stay anonymous though, because if the bridge relay and exit relay or god forbid all three relays are owned by the same person, they can trace the traffic back to your IP. I don’t think it’s likely that all three relays will be owned by one person, but it could technically happen.
Connect via a VPN. This is still risky though. Because you must be sure that the VPN service does not log traffic. The problem is, you can’t. How do we know that VPN service X are not logging our traffic just because they claim so?
Connect via a proxy server (or even better via several chained proxy servers) so it appears that you are sending the traffic from their IPs. However, this is only useful if you are sure those servers are not logging your traffic.
Use Linux. Because you have 100% control over what is logged or not. Who knows exactly what Windows or MacOS would log that you aren’t aware of or don’t have control over?
Never use any information that can be traced back to you. That includes your credit cards, name, phone, your regular emails or address and so forth.
Don’t use Google Chrome, Edge, Safari or any other browser owned by some big corporation. They might log stuff that you aren’t aware of and don’t have control over.
Use anonymous email services. Don’t use Gmail or Outlook for example or any email service that requires you to enter any personal information or owned by some big corporation.
If you are going to buy something online, use crypto currencies. Buy the crypto coins through a service where you can remain anonymous, of course and not forced to enter personal information. You could send money the old school way and just send money in cash in a letter. This is probably the safest way. Don’t think they could trace that. How would they?
Always make sure you are using encrypted protocols like HTTPS (not HTTP) etc. .
Metadata, which consists of information about the data itself, can sometimes be used to indirectly identify individuals. The metadata you leave online can include various details such as the time and date of your online activities, the devices you use, your location, and more. When this metadata is analyzed and correlated with other data, it can potentially lead to the identification of individuals.
(Sorry for the late reply) But this will only happen if my ISP has a reason to check what I do on Tor, right? Can they really see everything I do if they just buy it from someone who has the traffic? Is there any way to prevent this? Or do Companies like Team Cymru really always have this much data, no matter how much you imrove your proxy? Could a Network Bridge maybe help since it hides the fact you’re using Tor from your ISP?
There’s also a book I heard that’s really good called “Extreme Privacy, what it takes to disappear”. I have not read this yet but it’s on the to do list
Even then, you will be in databases, some with access (paid or not) from internet. Various govt agencies sell your data, data brokers still will collect from banks and stores, credit agencies will have a file on you, etc.
Welcome to r/TOR where we answer questions relating to Tor rather than assuming what we can’t know about their use case or privacy model. Maybe they’re in a country that has high restrictions and getting caught reading certain types of literature available on Tor means going to prison. Maybe they’re a journalist trying to avoid getting snagged by the Russian government. Or maybe they’re just trying to buy/sell drugs. Either way, not our business, nor our place to criticize their perceived threat model, only our place to answer their questions within the spec provided
You have the privilege of living in a free country. Nothing everyone has this. Some countries you can be killed for expressing opinion or just having a religion. Even some countries that are free can suddenly change.
It’s like in the movies the proxy is switching so fast and the signal is bouncing all over the place and you have like a 60 second window before you disconnect because longer than that and you are caught !!!
Yea, it would make it extremely difficult . The metadata alone wouldn’t be enough. It would be combined with other information they would gather, assuming you were a high value target. I’m gonna go out on a limb and say that’s not the case in your situation . So it sounds like your setup is good opsec. You could use a separate device for your dark surfing. Don’t ever use it to log into an account that could in any way lead back to you. Strictly for DM surfing.
the internet …