To interact with this page you must login.
Signup
What are the best ways to leak information anonymously on the Internet today? Please detail the extent of the achieved anonymity and what would have to happen to compromise it.
Please detail the extent of the achieved anonymity and what would have to happen to compromise it.
technology
understand
It is impossible to be truly anonymous on the internet.
--------✂--------------------------
Below you will find out why I don't trust the supposedly anonymous browsing methods, and why they're not really 100% anonymous.
SSL Certificates have been compromised. Wikileaks doesn't trust them, and Verisign root keys have previously been hacked.
They are that padlock you see in your web browser, to show that your internet requests are encrypted and not being transmitted among the tubes plaintext.
Tor is a red herring made up by the US Government and then open sourced as a honeytrap. People are fooled by it. Yes the webmaster won't have your identity, but the ISP will be able to use network route analysis to find yours out, revealing your ip address.
Tor works by routing your traffic though several servers (A-K-H-D-B) instead of A to B. Explain to me how that is anonymity (unless you live in the Middle East)?
Virtual Private Networks work by exchanging your ISPs internet connection with one from the VPN provider, preferably based in another country. Once you pay them your monthly fee, you have no guarantee that they will conceal your identity if ever their local government subpoena's them. This is why a VPN carries risk. Any VPN company can be subpoena'ed by any worldwide government.
A British LulzSec hacker got caught by being too foolish and idiotic to read the TOS of British VPN HideMyAss, to read that it prohibited illegal activities such as hacking, and would retain logs and willingly comply with subpoenas. Would your country's VPNs do the same? I recommend you get a Swedish or Russian VPN, as Sweden has excellent freedom of speech and privacy laws, and Russia is anti-US. Refer to TorrentFreak for advice on finding a VPN. http://torrentfreak.com
And by the way, all VPNs keep logs! If they say they aren't keeping logs, they are lying. How can a VPN keep logs, and at the same time manage to block and throttle people using their service? That doesn't add up. They may not log your credit card or name, but they do log something.
Would you go to prison for 2 years, over a VPN?
The RIP Act or RIPA
What is the RIPA Act?
The Regulation of Investigatory Powers (RIP) Act sets out the government's plans for how the security services can monitor and access communication over the internet. It passed into law hours before the Commons rose for its summer break and has now come into force.
Why is it so controversial?
Critics say the act is a gross invasion of privacy which will scupper e-commerce in Britain; the government argues it is necessary to crack down on internet crime and paedophilia.
What are the key areas of controversy? The first is "black box" interception. Security services, such as MI5, will be able to monitor people's internet habits through the collection of "communications data". This data is not website or email content, but users' "clickstream" - the websites and chatrooms they visit and the addresses of emails they send and receive. If security services suspect criminal activity, they request a government warrant to intercept and decode internet content.
The second key controversy is the legislation's reverse burden of proof. If intercepted communications are encrypted (encoded and made secret), the act will force the individual to surrender the keys (pin numbers which allow users to decipher encoded data), on pain of jail sentences of up to two years. The government says keys will only be required in special circumstances and promises that the security services will destroy the keys as soon as they are finished with.
http://www.guardian.co.uk/world/2000/oct/24/qanda
http://en.wikipedia.org/wiki/RIP_Act#Powers
http://en.wikipedia.org/wiki/RIP_Act#Controversy
Proxies are like a VPN but less anonymous. They work like an intermediate between you and your ISP, of which it acts as the third wheel like an interpreter, of which both you and your ISP talk to the proxy, but not to each other, and the proxy passes the message along back and forth.
There are 3 types of proxy servers and I've forgot what they're called. Regular ones show your IP Address on the down-low. The other ones hide your ip but let slip to the websites that you're using a proxy. The highest ones hide both your ip and the fact that you're using a proxy and are called an elite proxy. I don't know how to check type, proxies fall into, forgot and would have to check.
So all of these anonymity methods for using the internet, are not really anonymous.
SSL Certificates
Tor
VPN
Proxies
Botnets
I also would avoid using botnets. A botnet is a group of computers which are infiltrated/infected with spyware, who are slaves to do the hacker's bidding. When Lulzsec and Anonymous want to bring down websites with DDOS attacks, they use botnets - their slave group of 100s of websites - to carry out the attacks unknowingly.
If Tor can't be trusted, why should you use a Botnet? Can you guarantee that their traffic will go anonymised to you, when they receive instructions from you?
Beware of Packet scanning
For those that don't know what packets are, it is a bit of information that transfers down your telephone (or broadband) line when you use the internet. It's the data that transfers through the wires. If someone on your street is browsing the internet using an unprotected hotspot (without a password), you can easily snoop (listen in) on their internet traffic. If they are not using https:// websites with the padlock, and are typing in their passwords, you with hacking software, can get their passwords.
This is why Facebook now wants you to use Secure Browsing. Now your passwords are encrypted over the air as you login to Facebook.
You can do packet scanning with hacking software, to get other people's passwords. Now think about this for a second? Could your ISP, or your government (data retention and sharing laws), scan your packets.
If you live in Britain, you'll notice that The Pirate Bay has been blocked. However, only Virgin Media is the ISP who has decided to block the website by scanning the packets. Think about this for a second. ISPs are now given the authority to scan your packets.
Couldn't the government do the same?
Did you know that everyone who followed @wikileaks on Twitter, has been subpoenaed by the US government? No joke!
They've scanned my shit.
Let's not forget that democracy does not exist in America, and it is run entirely by corporations. If America has a choice between what is profitable and what is ethical, they will always choose what is profitable. What would happen if America was run by corporation?
Also CISPA has passed in America. Consider the Privacy Policy to be dead. Wiretapping and information sharing FTW.
So what is left?
Executed correctly, you can be 100% anonymous with these methods, but you can't be an idiot about it. The fact that you didn't know that anonymity is impossible online, and that those 2 methods can be done 100% anonymously, indicates how you might fail leaking information anonymously, using these methods. Don't be an idiot and top up using an ATM machine, go cash in hand, and don't get caught on CCTV, and change your sim card every 2 days (worked for a journalist in China).
--------✂--------------------------
Data Retention Policies and Subpoena Requests
All telecommunications companies such as ISPs and telecommunication networks store logs of all phone calls, texts, and internet usage for a minimum of 6 months. There are certain [terrorist] buzzwords that if you say them on the phone, the FBI will start tapping into your phone calls. Mobile phones also log your location, even with the phone turned off. You would have to turn it off.
BBMs used to be anonymous, but not anymore. I know someone who went to court over them, and he now knows that the government has access to them.
My friend knows someone who's been told off by a British Telecom operator, for swearing too much in their phone calls.
Don't get me started on Facebook. That's funded by the FBI and CIA. They can track you any time for any reason. They've also blatantly tracked people I know.
Ever wondered what a Facebook subpoaena looks like?
http://gizmodo.com/5900015/what-facebook-sends-the-cops-when-your-account-is-subpoenaed
Ever wonderered what a Facebook subpoena request looks like? http://cryptome.org/isp-spy/facebook-spy.pdf
Ever wondered wha ta Yahoo! subpoena request reveals?
http://cryptome.org/isp-spy/yahoo-spy.pdf
Google is the only technology company that sticks their middle finger up to the government. They refuse to disclose information to the government on many occasions.
I forgot to mention that emails aren't anonymous either. They transmit your ip address in the headers. The email provider might even even keep logs. Try to find yourself an anonymous email provider, and see what happens.
The Dreaded CISPA
Since the internet blackout, SOPA and PIPA is dead now that the MPAA and RIAA have learnt that going after the billion dollar internet companies wasn't going to work. Now they have made them exempt of legal trouble, and taken the burden off them. Imagine every privacy policy on the internet being classed as void, and all participating companies sharing your personal data with each other.
That's what CISPA is, and the Senate has secretly passed it now.
Make sure you read this! This is scary!
http://torrentfreak.com/why-cispa-sucks-120412/
http://www.guardian.co.uk/world/2000/oct/24/qanda
RIPA? PIPA? SOPA? ACTA? CISPA? Someone switch it to SIPA and POPA. Protect Online Piracy Act. Protect Intellectual Piracy Act.
Also CISPA has passed in America! Consider the Privacy Policy to be dead. Wiretapping and information sharing FTW.
Combine that with David Cameron (politician)'s plan to monitor all social networking and email communications, by even scanning the packets of your communications (not just the domain names), which he got straight after the riots, and you know that things are going to go bad. This is as part of the Justice and Security bill.
http://www.guardian.co.uk/world/2012/apr/01/government-email-social-network-surveillance
http://www.guardian.co.uk/media/2012/apr/02/internet-companies-warn-government-email-surveillance
http://www.guardian.co.uk/law/poll/2012/may/29/justice-security-bill-poll
http://www.guardian.co.uk/law/2012/apr/04/clarke-defends-secret-courts-plans-clegg
The next time there's a protest, social networks will be cut off.
The Illuminati must be happy. The New World Order is falling into place. Get ready for the one world government.George Orwell's 1984
Miscellaneous
Do you hate WebWasher? Do you hate McAfee Smartfilter? I run the only proxy website in the world, that successfully bypasses it, along with the notorious Generic Body Filter. In fact that got created just for my site, but nobody knows who made it. It also lets you use Facebook at schools/work. When technicians monitor internet logs, they find the site and keep it unblocked, as I have obfuscated what it exactly is to prying eyes.
WikiLeaks are currently working on a 100% secure leaks submission system, that will be completely impervious to network analysis.
Steganography
And that's exactly what Al Qaeda did, and got caught for it.
Deniable Encryption
According to Wikipedia...
In other words, I could record you having sex (lol), and you torture me because you want the password for an encrypted file you've found on my computer. I would then give you a fake password of _____ porn, and then when you're gone I would keep the real sex to myself. I would be off the hook.
There is also a deniable file system (alternative to NTFS/FAT32), that allows files to be stored on a hard drive, in such a way that there is also a "ghost file layer" of which encrypted files are stored on the hard drive, without any evidence that files are stored on it. Rather than every cluster of free space on the hard drive be shown as a - symbol, it is instead given a 0 or 1.
Bitcoin Is Not Anonymous
Ars Technica reports the biggest Bitcoin hack so far at the time...
As Bitcoin is anonymous with irreversible payments and disposable Bitcoin addresses, there is no police to call about the theft.
The bitcoins were worth half a million dollars.
The next day.
Even Wikileaks donations can get traced!
Here are some tips of staying anonymous when shopping with Bitcoin, which shows how even with Bitcoin, anonymous payments is hard to do.
--------✂--------------------------
Extradition Requests Don't Mess About
Look at New Zealand citizen Kim Dotcom, who got a search warrant and assets frozen illegally. Most of the world is America's bitch. When America carries out an extradition request, they typically get what he wants. A British student who ran TV Shack (tv links site) is facing extradition to America for encouraging piracy infringement, despite linking (not distribution) to warez not being illegal under British laws.
The Sad Fact
You'll have to figure out your own way to transmit messages to other parties anonymously. If I reveal my own system here, people will copy it, and it will get popularised and locked off. I keep my exploits to myself. Be inventive.
There is a question here called You are a spy in a 1st world country (which is hostile to your own country) and you must deliver a set of intelligence reports back to your home country over the Internet. The data is 20 GB in size (compressed). How would you do this to avoid interception of the message, personal identification and any video surveillance?
Could you answer it?