Jump to content
The Corroboree
mimzy

Staying off the radar

By mimzy, in Legal Matters

Recommended Posts

mimzy   

mimzy
Posted

 

 

Recently I have become concerned about the vast amount of information that companies like phone & internet providers, google, financial institutions and government collect on my movements, communications and purchases. For the most part I assume that my anonymity is guaranteed by the vast amount of data collected, there simply aren’t the resources to scrutinise it all. However, most of this data is there for good and if I were ever unfortunate enough to give these institutions a motive to look at my data, there would be things there that would not incriminate me, but perhaps arouse suspicion, i.e. searches related to entheogen use, propagation, extraction etc.

 

 

I'm fairly internet savvy, I avoid using my real name, I use several email accounts for different purposes, I rarely buy anything online and recently I have begun to use Tor browser. Ideally I'd like to maintain a completely separate identity on the net, but this isn’t always possible. Would anyone like to share the measures they take to protect their anonymity online and in day-to-day life, if at all? Perhaps I am just paranoid. I would be particularly interested in hearing from old-hats in the community who have managed to stay of the radar. How have you done it? Has anyone had situations where data has been used against them in legal cases?

 

  • Like 3

Share this post

Link to post
Share on other sites

Scrubby   

Scrubby
Posted

I don't think it would be in anyone's best interests to describe how they "stay off the radar"... Especially here in a publicly accessible forum.

  • Like 6

Share this post

Link to post
Share on other sites

quarterflesh   

quarterflesh
Posted

and which government organization do you work for?

  • Like 5

Share this post

Link to post
Share on other sites

qualia   

qualia
Posted

only way to stay anonymous on the internet is to not use it.

  • Like 4

Share this post

Link to post
Share on other sites

qualia   

qualia
Posted

also don't use tor, many security holes

Share this post

Link to post
Share on other sites

at0m   

at0m
Posted

also don't use tor, many security holes

Could you elaborate?

Biggest issue with using tor to access the 'clearnet' is exit nodes can view your packets (what site you're visiting, what data you're passing through and it's passing back, etc). Perfectly fine for non-identifying stuff (Dodgy searches and such).

That and Javascript. Disable that shit instantly.

Regarding the topic though... it's not really possible to stay off the radar online without disconnecting entirely. Even then, others may post things about you on Facebook or something.

Things like Bitcoin, VPN/proxy, Tor, GPG, using as few "cloud" services (Dropbox, Google docs, gmail, etc) as possible, and using free & open source software (see https://prism-break.org for some great examples) will make it much harder for them to link things together beyond reasonable doubt.

  • Like 1

Share this post

Link to post
Share on other sites

qualia   

qualia
Posted
Could you elaborate?

not in any great detail. i just read sometimes it's not the hardest thing in the world to find someones ip

that and the recent pedophile sting for people accessing websites through tor, makes me think twice before using it,

Share this post

Link to post
Share on other sites

at0m   

at0m
Posted (edited)

not in any great detail. i just read sometimes it's not the hardest thing in the world to find someones ip

that and the recent pedophile sting for people accessing websites through tor, makes me think twice before using it,

As far as I'm aware, there's no vulnerabilities in tor itself - there are definitely ways to deanonymize someone using it though but they almost all rely on either the person 'leaking' connections to their real identity OR, as I mentioned above, javascript based methods. The latter is easily solved by completely disabling javascript though, which should be done anyway.

The exploit in the 'sting' (which effected far more than pedo sites as FH was one of the main hosts for .onions) was pretty scary but as far as I'm aware only effected the Tor Browser Bundle running on Windows with javascript enabled.

Don't entirely rely on Tor, but it's not as bad/scary/vulnerable as some agencies would like you to believe. The biggest thing to come out of that 'sting', imo, will be the fear surrounding it.\

edit: sorry OP. Despite what it looks like, I'm not here to hijack the thread :)

Edited by at0m

Share this post

Link to post
Share on other sites

mimzy   

mimzy
Posted

I think precisely the opposite Scrubby, we need to be discussing this at length. Nobody is asking you outline methods for importing nefarious things, but simply the best way to maintain online/ in life anonymity. Being as anonymous as possible protects us all, not just the individual. Tor and VPN's have their weaknesses but they're much better than letting it all hang out in regular browser.

Quaterflesh - case in point. You don't know who I am, and I don't know who you are... and that's the best way to keep it, hence this thread.

Share this post

Link to post
Share on other sites

Scrubby   

Scrubby
Posted

I respect your opinions and curiosities mimzy, but personally i am hesitant to enter into a detailed discussion on my personal safeguards and such...... Call me paranoid i guess :wink:

Share this post

Link to post
Share on other sites

at0m   

at0m
Posted

Linux on a raspberry pi with all of the data on an SD card. Never leave it running. Can easily be broken or hidden.

Regarding the part in the linked post about keyloggers: If they've gotten that far, you're screwed. Sure you can encrypt images you've drawn in MSpaint but what about when you type your passphrase in to unlock your key? what if they also have screen recording/monitoring?

Share this post

Link to post
Share on other sites

Dreamwalker.   

Dreamwalker.
Posted

part of an article from

is a really informative news source...free of westen bias/propagana.........they have done a lot of coverage on the issue.............but i don't really see real alternatives.........

"A scan-free email service?

So what are your alternatives if you want email privacy? The news is not encouraging. All of the major providers scan email contents for commercial purposes and may be compelled to pass on information to the government. There are anonymous email providers, but it is doubtful whether any of them can guarantee complete protection against a determined intelligence agency.

These providers include Tor Mail, FastMail, Send Anonymous Email, Anonymouse, Mailinator, Anonymous Speech,Hushmail, Send Email, Hide My Ass!, and Guerrilla Mail. This list is indicative, not exhaustive and makes no recommendations.

"As Márquez observes, humans have an implicit need for privacy. He goes so far as to say that each of us has a secret life, one that we reveal to no-one and which is the expression of our essential self – perhaps our best self.

It is vital to realise that privacy on the internet is an illusion. All we have is the relative privacy of knowing that our words are mixed in with a trillion other words.

Read more at:

Share this post

Link to post
Share on other sites

paradox   

paradox
Posted

i'm with scrubby & quarterflesh.. is this thread not rather ironic? our privacy is so important, lets tell the entire internet about how we stay private :rolleyes:

no offense mimzy but this thread from some random internet user that has 10 posts at this forum is incredibly suss.

this forum is filled with gentle friendly gardeners with no desire to break the law or hurt anyone & yet it is under constant surveillance by government authorities because of some misguided correlation with 'drugs'.

why should this be discussed here at length? so people who have a desire for anonymity can tell the authorities how they achieve it so they can be hacked by them?

theres plenty of info right across the interweb about such things. if you've learned something that you think is worthwhile & want to share, why not start a thread about it & help people out instead of asking people to divulge their secrets to a random internet stranger?

if you're not an agent you're doing a good job of coming across like one & not a very sophisticated one at that.

  • Like 4

Share this post

Link to post
Share on other sites

Sonny Jim   

Sonny Jim
Posted (edited)

this is what i have learned in recent years and it shocked me.

a root-kit (also called a boot sector malware? or something similar) can be easily sent to any computer on the internet via an email using FREE AND VERY POWERFUL online services such as Single Click http://www.uvnc.com/products/uvnc-sc.html

it's kind of like the normal windows remote access (which is also something that can be easily exploited) but you can't turn it off and it is undetectable, unless you monitor your ports in command prompt with the netstat command or run a search with a directory cleaner but I am not an expert so can't advise further.

In other words, a bad person (someone you piss off on a forum, ex girlfriend, state overlords etc) can log into your computer from anywhere in the world and see what you are doing on it and also use your internet connection and also processor cycles.

Single Click dos not involve the opening of an attachment to infect the victim with the root-kit just a "single click" on an email....as far as i know but every I.T type person I talk says that is impossible.

there are more powerful ones that are also online and free that claim to allow a remote administrator (hacker/low-life) view encrypted online banking pages whilst the unsuspecting victim does their online banking.

edit:

spelling, clarity and to add that when I say it is undetectable, I mean that it doesn't show up with most virus checkers because it's not a virus...or something like that...or maybe changes to the boot sector can't be found by most virus checkers. Anyway, I really hope someone here can add to the subject of root-kits and internet security.

Edited by Sonny Jim

Share this post

Link to post
Share on other sites

at0m   

at0m
Posted

this is what i have learned in recent years and it shocked me.

a root-kit (also called a boot sector malware? or something similar) can be easily sent to any computer on the internet via an email using FREE AND VERY POWERFUL online services such as Single Click http://www.uvnc.com/products/uvnc-sc.html

it's kind of like the normal windows remote access (which is also something that can be easily exploited) but you can't turn it off and it is undetectable, unless you monitor your ports in command prompt with the netstat command or run a search with a directory cleaner but I am not an expert so can't advise further.

In other words, a bad person (someone you piss off on a forum, ex girlfriend, state overlords etc) can log into your computer from anywhere in the world and see what you are doing on it and also use your internet connection and also processor cycles.

Single Click dos not involve the opening of an attachment to infect the victim with the root-kit just a "single click" on an email....as far as i know but every I.T type person I talk says that is impossible.

there are more powerful ones that are also online and free that claim to allow a remote administrator (hacker/low-life) view encrypted online banking pages whilst the unsuspecting victim does their online banking.

edit:

spelling, clarity and to add that when I say it is undetectable, I mean that it doesn't show up with most virus checkers because it's not a virus...or something like that...or maybe changes to the boot sector can't be found by most virus checkers. Anyway, I really hope someone here can add to the subject of root-kits and internet security.

Far from true, to be honest.

Firstly, a root kit is something used to HIDE other applications at a system level - thus keeping it out of the process monitor. MOST root kits can be detected by anyone who has a clue.

The application you linked to is a completely legitimate one. It's used for remotely viewing a customer's computer so you can easily fix stuff without having to walk them through the steps they will likely mess up. It can be used maliciously, yes, but you'd be an idiot to. It'd be like wearing an enlarged version of your drivers license as a shirt whilst you rob a liquor store.

Additionally, you have to download and run the application for it to do anything (unless the person sending it to you has knowledge of certain 0-days and a very specific knowledge of your setup. Webmaill or desktop client, xp or 7, etc)

The "Single click" refers to a single click on the downloaded file. Though even then, it's more likely a double click.

You're making them out to be a lot easier/simpler than they are but yes - there are others out there that can do far worse things. Rip stored passwords out of your browser, key log, screen view, monitor traffic, browse your files - anything you can do, it can do better. The vast majority of these though are either already detected by anti-viral software (Don't be "that guy" who doesn't use any...) or flat out don't work.

In short: Be weary of the internet and it's nasties but if you use common sense and caution, you're fine.

PS: Linux.

Promise I'm still not a thread hijacker :(

  • Like 1

Share this post

Link to post
Share on other sites

mimzy   

mimzy
Posted

No offence taken Paradox (well actually some offence taken). Everyone should be concerned about who might be on the other end of user accounts. I am- hence this thread. Baseless accusations however are not helpful and somewhat hurtful. Whilst I have not made many posts, I have been a user here for a while. I choose read threads more than participate in them because I don't have much experience, and if that is akin to being a cop, then this really isn't the forum for me. If you cared to look back through the posts I have made, you will see that I have only ever tried to engage in this community in contructive ways.



We are talking here about maintaining anonymity, not importing 4kgs of heroin (yes that should get the AFP government data miners going). I feel safer now behind Tails. As I said before, and perhaps you didn't understand the concept, but there is so called herd-anonymity; the more anonymous everyone is, the safer we all are. Do you really think any of these technologies are new to law enforcement agencies? That's somewhat dellusional. They might be helpful to new to people like me though.


Share this post

Link to post
Share on other sites

mimzy   

mimzy
Posted

Got it. Root kit=fucked.

Share this post

Link to post
Share on other sites

Sonny Jim   

Sonny Jim
Posted (edited)

well actually atom,

I can't see anything you have written that really disputes what I have said.

the fact singleclick is a "completely legitimate one" is what makes it soooo dangerous.

and no it is not risky to do so as the people who did it to someone I know used proxies to hide where they where coming from. Every time a trace was done it just linked back to some park of vacant lot in the USA.

this is not just hear say, I have been witness to this kind of attack. rootkits can be so powerful they are difficult to even uninstall- re install windows in some cases. Like with single click.

"completely legitimate one" yes but are you really that trusting to think only your friendly system admin will be using it.

It is used to steal people internet and processor cycles from masses of people all day every day...I have found.

I post this because people need to beware and internet forums are rife with this kind of shit. Like I said I am not am expert at all and maybe it is not just open the email...that's what it says on the site. How it hapened to my friend was that he opened a pdf file sent to him by a "friend" on a medical research/desease support forum. The pdf was a full text medical journal article relevant to forum discussion but it waas some how infected with Single Click.

edit: sorry, I hope it reads better now.

Edited by Sonny Jim

Share this post

Link to post
Share on other sites

Sonny Jim   

Sonny Jim
Posted (edited)

i have found that the useful info on root-kits is kind of hidden on line and there are also many dismissive answers posted online in forums when people ask about illegal remote access and it always comes from people who claim to "have a clue" about computers.

my friend also got a similar response from I.T staff at his internet service provider when trying to ask for help to get Single Click off his computer.

it's weird, they tried to tell him it wasn't happening as well.

Edited by Sonny Jim

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Legal Matters
×