Hi,

please can You share your recipe for staying anonymous on the internet?

Here is interesting one:

Local computer anonymity


For anonymity i think its good idea to use Linux distribution proven to be opensource and privacy targeted. Installation should by luks-dmcrypt encrypted. And one can also use Truecrypt hidden volume to store sensitive data. Non encrypted areas will be either read only or regularly/automaticaly eares by secure file deleting (overwrite). Example SW that clelans history and defined folders by secure deleting is CCleaner. Computer can also have automatic screen locking, Bios password. Encrypted containers (ie Truecrypt) should be regularly and automatically synced to remote server so the data are not lost in case ones computer is lost.

Internet data transfer anonymity

Next thing is Tor browser bundle. Most of the anonymity OSes using this web browser. But please note that data that are transferred thru the Tor are decrypted on the Exit node (last server in the chain) so this server owner can read sensitive data like passwords!!! And it is said many times there are thiefs who own Exit nodes for this purpose. It is same like when one do not use any encrypted proxy/secure tunnel/VPN. Internet service provider and all people on the way may capture transferred data too. So one is unsafe unless remote website support HTTPS. If HTTPs is used, data are encrypted all the way to the destination webserver that is delivering webpage. To secure data transfer from local hacker or ISP, solution can be setting up shadow socks proxy software on the VPS or Dedicated server (preferably in different country than one which may be interested to discover ones identity). ShadowSocks allows all (even UDP) traffic encryption, but one have to buy the server anonymously to increase privacy (Tor browser + anonymous payment like Bitcoin funded by coinjoin service like Bitmixer.io or Tor's Helix). Bitcoin alone (without coinjoin/mixing service) is not anonymous as BTC transactions are world readable. Some people using PerfectMoney.is. On the socks server, one should setup history, log cleaning to maintain VPS free of any IPs. Identity of the VPS user can be then revealed i assume only by someone physically in datacenter and intercepting traffic on the VPS.

E-mail identity

Next thing is e-mail. There search at google: Tor hidden e-mail. Example i tried mail2tor.com which i quite trust. Offcourse you access such service via Tor so they dont know what is your real IP. Moreover you use multiple email addresses so multiple online activities are not tracked to one single email identity.

Passwords

At the end, very important is not to use single password for everything. Password should be based on random string. If you have to save passwords and sensitive info., do it in an encrypted way, for example using opensource KeePass.

Stop using services that you registered with real IP or ask them to be cancelled.



What do you think?