Anonymous Browsing
Anonymous Browsing, Hide my IP, Tor, Privacy, Proxy Servers and Best VPNs
(https://www.udemy.com/course/the-complete-cyber-security-course-anonymous-browsing/)
Learn a practical skill-set in staying anonymous online
and maintaining total privacy against even a well-resourced global adversary.
Learning Goals and Objectives
- VPNs and Tor Routers
- Off-site connections -Â Hotspots and Cafes
- Proxies - HTTP, HTTPS, SOCKs and Web
- Secure Shell (SSH)
- Operating Systems - (ex: Tails, Qube Os)
- OPSEC - Operation Security
- TOR
- I2P - The Invisible Internet Project
- Mobile, Cell Phones & Cellular Networks
- Bulletproof hosting
- Censorship Circumvention
Definitions
OpSec
> Operational Security
This refers to the actions and behaviors you perform to enforce and maintain security and anonimity.
Privacy is about maintaining confidentiality and keeping secrets.
Anonimity is nobody knowing who you are but potentially seeing what you do.
Amity is keeping your actions and activities separate from your true identity.
pseudo anonymity is when you wish to maintain an alias for social media or online forum.
This is aimed at Freedom Fighters journalists, whistleblowers, the repressed, and others without justice needing serious privacy and non atributtion.
âThere is not a magic way to trace people [through tor], so we typically capitalize on human error, looking for whatever clues people leave in their wakeâ - James Kilpatrick, HSI Agent
âMost people donât have the discipline to never make a mistake,â âThe avarage person is too worried about doing their business to never make a mistakeâ - James Kilpatrick, HSI Agent
Basic OPSEC failures is not about decrypting your encryptations, or finding you through tunnels and anonymity.
People are usually caught because of activities they performed in the early stages and tie back to their real identity not realizing the internet never forgets.
Many people have two identities online.
One professional and one personal. And there is often associated separate security domains for these.
I personally use a personal e-mail for personal accounts, and then have a professional laptop for business emails.
How might your personal oppinions affect your carreer?
With practices such as bringing your own laptop to work, or using a business laptop for personal use,
what are the consequences of posting, viewing, or creating this sorts of content that you wish to do freely?
Do you want to mix colleagues with friends and family online?
Do you have distinct private activity that you donât want to be associated with your real identity?
Do you perform anthipaties that law enforcement agencies or nation states have laws against in order to sucessfully manage your privacy anonimity and pseudo anonimity online?
If yes,
You need an identity strategy in order to deal with those sorts of things.
Identity strategy.
I see there being six main strategies that I can think of for dealing with contextual identities online.
You may find out that youâve already got an identity strategy but never really thought too much about the detail of how you are implementing it.
Open
Avoidance
Audience
Content
Compartmentalization
Custom
Estabilishing Cover
Cover means caracter or identity, It is the person who will be responsible for your actions. This is the person that takes the heat when the walls start closing in.
Using anonymizing services, establish the accounts you need. Establishing fake twitter, facebook, gmail, and whatever accounts you need for your private anonymous activity relating the new alias you are establishing.
Create suporting evidence to your alias. For inspiration, look at the site fakenamegenerator.com
If you login via a fake google account, you can view full social information, itâs not just a name.
Make sure that if you use VPN x with Virtual Machine Y, always use that to access your alias.
If you wish to always stay anonymous, create an entire person you can enbody so that you never make a mistake of referencing something personal to yourself.
Become that alias. It is essential for good opsec. Proper Planning and practice prevents piss poor performance.
One mistake in timing implementation configuration can be enough.
When you can set up professional level cover without contamination is when you can move on.
How to DELETE yourself from the internet and become a digital ghost.
Step 1: Preliminary Requirements
Go through each email you can think of that youâve used in the past 10 years.
Youâll want to recover them if youâve lost access, so that you can access other websites you may have signed up to using them.
Step 2:
Deleting old accounts from forgotten services
Use the search function on your e-mail and look for phrases such as âSign upâ or âWelcomeâ
Recover account and login into each service that pops up (that you received a sign-up email) from
Step 2b:
Now look around the service for a delete account function, google around by searching
ââdelete accountâ + "
If there isnât one, google or look around for a support e-mail to request for them to delete your account.
Step 2c:
For some services, you may want to purge all content and messages before you delete the account, as the account may be archived and a hacker or external entity may access this information at a later date.
Thatâs something to bare in mind.
Step 3:
Checking if your information has been compromised already.
Now you should have a list of all your usernames and all the services, ranging from streaming services to e-mails.
You need to use something called boolean searches to properly use Google to locate this info
Step 3b:
You need to google your account name â<account_name>â Sometimes maybe your account name + password like so:
â"
Step 3c:
You should see possibly pastebin links or underground databases publicly accessible on the internet, or possibly leaked private information.
This is normal. It happens to a lot of services.
Note down what passwords/information was compromised.
Step 3d:
Some database leaks are a bit more private and are still being shared/sold in private circles, but you can use this website: [https://haveibeenpwned.com] To check if youâve been compromised, so you can change your live information to be different..
Step 4:
Removing yourself from Google.
So now youâve deleted your Facebook accounts, but when you google your name and location using boolean searches, there is cached information/links about yourself.
There is a solution for that, called the Google Console.
Step 4b:
You can use Google Console at:
https://google.com/webmasters/tools/removals
You can request for them to delete/update their search engine (which usually takes months organically) to remove those cached results if you provide a link to each. Go through various google searches and do this
Step 5:
Protecting yourself against Google legally tracking you (for the most part). You should be disallowing Google to legally touch any of your data Here you can go through each of Googleâs services:
https://myactivity.google.com/activitycontrols?pli=1
Step 5b:
Protecting yourself against other services
Any other services you wish to use, you need to strip down the privacy settings to the absolute core.
If you want to use Facebook, make sure you make it almost entirely private, so people canât access private photos.
Step 6:
Deleting old e-mails
Now youâve just access to your old e-mails, itâs time to delete them too.
Delete any e-mails you no longer need access to DO NOT DELETE E-MAILS YOU MAY NEED IN THE FUTURE.
If you do need them, change security questions and password.
Step 7:
Securing accounts
You should be REGULARLY changing your passwords on services every 6 months
Why?
Because new hackers gain access to new databases daily, and theyâll start using that information to brute force, or in the future, to personally attack you.
Step 7b:
Do NOT use any passwords similar to each other.
Hackers are smart. Especially when itâs a personal attack.
They will easily combine your old passwords with your home address, or date of birth to accomplish finding your password to something they need.
Once they are in, some services will give them access to EVERYTHING and itâs damn near impossible to get them out after they are in.
Good news is a lot of services are updating this, so that you can only have one session active at once.
Before you never knew who was in.
Step 8: PROTECTING your internet connection.
You should be using a VPN when using the internet.
DO NOT use a VPN when dealing with banking services or anything confidential, but do use it when publicly surfing the internet.
Using DuckDuckGo in combination with this will help
Step 8b:
Using a VPN that has no logs.
You need to make sure your VPN has had a PUBLIC audit to ensure that it has NO LOGS.
This means that it has no record of what you have used their internet connection for.
And when you use a VPN, itâs hard for your ISP to know either.
Step 9:
USING Burner accounts
You should be using burner accounts on known intrusive services such as Google by using a fake name and information.
This is LEGAL and you should do it to avoid having your information data mined across services.
Step 10:
REGULARLY deleting your internet content.
You should be regularly deleting your tweets and old photos.
This data can be used against you to cross-reference your accounts and find more personal information.
Hackers will find a target and analyze them for months.
Step 10b:
Hackers will use your old internet information to do some of this analyzing in retrospect to piece together who your social circle is to find a vulnerability.
Anyone can be attacked. You just havenât been a target yet.
Defend yourself through prevention.
Step 10c:
Donât believe me?
This is nothing. Very simple with the tools EVERYONE has access to today.
Step 11:
Basically all âbackground checkâ websites have a a way to opt out. A basic Google search for that company will give you the link.
This is something that needs to be revisited as they aggregate data from the original sources like USPS.
Step 12: