Being Anonymous on the Internet

From SkyWiki
Jump to navigation Jump to search

This is a well-thought-out guide on internet anonymity, security and privacy detailing everything on how companies and hackers can spy on you and how you can prevent it. Introduction

This guide focuses on improving your security, privacy and anonymity. Email

First before your password.

Email is one of the leading, never dying methods of authentication and personal identity. Everyone has a personal email account for business inquiries or school. Not many people use email for communication with their friends unfortunately, that job is now done by messenger programs which we will be discussing later.

When talking about privacy and security we can bring the topic of email providers. There's a bunch of providers, most popular being Gmail, Yahoo Mail and Outlook. The problem with these providers is that they log and store all of your incoming and outgoing email transmissions. Gmail was targeting ads based on the content of your emails for quite a long time[1].

There's a few privacy-centered alternatives such as:

   Protonmail.com
   Tutanota.com
   Posteo.de
   Mailbox.org

These services claim to protect you from surveilence and offer an ad-free experience. There's the saying, "if the service is free, you are the product" which may apply to the first two providers. The last 2 require payment but they are very cheap, 1 euro per month.

If you want to protect your privacy further you should consider using GPG encryption. Messaging

What do you think when the term "messaging" is mentioned? Facebook Messenger? Whatsapp? Snapchat? Discord?

Well, those might be messaging apps, but you know what they aren't? Private.

These services are hosted by someone (a company) and they require money to keep offering services. If they are free, where do you think they're getting their revenue? Offering ads is not sufficient, most resort to selling your data. Alternatives

Here are a few alternatives you might want to try. You can host your own server or you can use public ones that are open for registration.

   XMPP
   IRC
   Mumble
   Matrix

There are a few programs that don't need to be hosted by someone, the program itself provides it's own servers which might make it less secure and private as you can't check the data coming through and audit the server's security. Some of these services are:

   Signal
   Telegram

The first one, Signal, has been audited by security professionals and recommended by Edward Snowden. Many more known figures are mentioned on their homepage. The only problem is that it requires a phone number. My research has led to the conclusion that they decided on that choice because it would make it easier for people to switch to Signal.

Telegram is known to be primarily used by hackers. It was also known that ISIS used it to communicate[2]. It claims to be encrypted but the encryption is home-brewed and nobody can verify it's security.

If you really need to use Telegram, you can anonymize yourself by using a burner SIM or getting a phone number from the internet from various websites and setting a passphrase to your account so nobody can log in. VPN

Don't buy NordVPN. Hating on something that's popular might look like a bias, but it would be very effective to mass-advertise a honeypot, wouldn't it? Their services has had breaches before[3]. There are many rumors circulating that go deep, for example the real residence of the company. But that's a rabbit hole you'll have to follow yourself.

VPNs are a pretty open protocol you can host on your own by buying a VPS and it will cheaper than most VPNs you'll find on the internet. Most VPNs are used for piracy not privacy/security, most people don't care about protecting their privacy and they don't plan to. Most websites are already encrypted using HTTPS, if a VPN claims that your data is unencrypted and the VPN encrypts it for you, that is not true, every website with a green padlock (HTTPS Encryption) is already secure and your ISP or attackers can't see the content on those websites. All VPNs do is hide what websites you visit from your ISP. If you use a VPN now you're forwarding that information to their service which might not be that different from your current ISP. Not all VPNs are bad, but look out for free VPNs, they are known to be the best baits for data mining.

It might also be a good idea to avoid using VPN services (or any services for that matter) that are in the UK or the USA.[4] Good VPN providers

   PIA (Private Internet Access) has been tested in court to not be logging user data.[5]
   Mullvad "Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report published at cure53.de." [6]

Web browsing

If you want a secure and private web browsing experience you should first get a secure and private web browser.

Your options are:

   Firefox
   Chromium
   Ungoogled Chromium
   TOR Browser

Firefox is highly customizable and backed by the non-profit organization Mozilla. It's history with promoting open source and privacy-focused software is quite lengthy.

Chromium is an open source alternative to Google Chrome. Google Chrome's base is Chromium, and with the addition of some proprietary features makes Google Chrome.

Ungoogled Chromium uses the advantage of Chromium's open source model by removing (almost) everything Google related, hence the name "Ungoogled" Chromium

TOR Browser is just a forked version of Firefox with a lot of privacy enhancements and a built-in connection to the TOR proxy. I would not advise you use TOR Browser or TOR for sharing files, streaming or anything network intensive. Extensions

   uBlock Origin
   HTTPS Everywhere
   Privacy Badger

Informative websites

   privacytools.io
   prism-break.org
   https://www.theverge.com/2017/6/23/15862492/google-gmail-advertising-targeting-privacy-cloud-business ↩︎
   https://www.vox.com/world/2017/6/30/15886506/terrorism-isis-telegram-social-media-russia-pavel-durov-twitter ↩︎
   https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/ ↩︎
   https://www.privacytools.io/providers/#ukusa ↩︎
   https://torrentfreak.com/private-internet-access-no-logging-claims-proven-true-again-in-court-180606/ ↩︎
   https://www.privacytools.io/providers/vpn/#vpn ↩︎