Are You Paranoid Enough Online? 4

Posted by JD 08/05/2013 at 22:00

Turns out that nobody is paranoid enough when it comes to their internet use.

Even the most paranoid people, who use TOR have discovered that TOR isn’t enough.

I’ve been paranoid for years and years, not because I have anything to hide, my life is relatively boring. Mostly it is because I believe in the US Constitution and the right to privacy that is included by the 4th Amendment therein. Without a judge signing a warrant based on probable cause, what I do is nobody’s business.

If you haven’t read the full Constitution since High School – take 5 minutes and read the main part again now. It is a simple outline for governments written in plain English. I dare say – genius.
It isn’t perfect. I’d change the election laws by forcing term limits, prohibit campaign contributions except from 1 human individual to another human individual, prohibit contributions unless the person contributing can legally vote in THAT elections, and I’d add clearer privacy rights across all forms of communications taken place in private. I’d add that government employees can be recorded in any way while they are working, except where safety is a concern.

So it turns out that I was paranoid about the wrong things, at least if you read my blog articles. I’ve been paranoid about the US Government for years, just didn’t think it was a good idea to post those thoughts to the internet. We will see if there is any impact to my international travel based on this.

  1. Defron 08/06/2013 at 17:48

    Very well said! I’ve always been proud of the fact that the state I live in (California) explicitly says I have a right to privacy in the State constitution. I won’t comment on the rest of the state’s aspects, but I am proud of the fact it’s explicit in declaring a right to privacy instead of just implying it.

    Those burned by the TOR network attack weren’t nearly fair enough if they were after true anonymity. The full exploit needed multiple pieces: Javascript enabled, using the ESR version of Firefox, and doing so all on Windows. I don’t use the TOR network since I haven’t ever felt the urge to, but if I did I’d not be doing any of those things while using it. I actually read something after this incident of a method of routing all traffic for a virtualbox VM through the TOR network. If I ever feel the need for complete anonymity in the future, I’d probably go that way.

    Funny coincidence: one of the words in my recaptcha was “political” :P

  2. JD 08/06/2013 at 19:39

    So, if I were going to try to be completely anonymous online, how would I do it?

    What I would NOT do:

    • Use my normal computer
    • Use any computer in my house
    • Use my work computer
    • Connect to any online account I’ve ever used
    • Use my neighbor’s open WiFi
    • No drive to a store where traffic cameras exist (anywhere along the way)
    • Use free wifi in any location with security cameras
    • Use any dialup or cellular data; folks don’t have any idea how much tracking happens on those networks.

    What would I do?

    • Setup a computer just for anonymous use
    • Spoof the MAC address for all network devices involved; Use a viable MAC, but definitely NOT the MAC for your computer and NOT the MAC likely to be inside your computer.
    • Walk or take public transit to location with WEP/Open WiFi
    • Use a network from nearby, not directly inside the expected building. Network devices have logs, so we really want to leverage low-end network devices for the first hop, so the logs are not retained.
    • Run the smallest, single purpose OS with very few browser add-ons + Tor; the goal is to appear like as many other computers as possible, but not be non-secure while doing this.
    • Leverage computer systems in different countries – preferably those without good ties to my home country; I’d hope through as many different countries as possible.

    There you have it. It is a bunch of hassle, just to appear anonymous online. For a small prank, it is overkill, but for anything serious, it might not be enough.

  3. Mish 09/01/2013 at 10:42

    I can recommend a tool to check a proxy for anonymity holes
    http://proxytester.org

  4. JD 12/18/2013 at 17:38

    See http://usnews.nbcnews.com/_news/2013/12/17/21943608-harvard-student-tried-to-dodge-exam-with-bomb-hoax-fbi-says#comments Using TOR alone is NOT enough.