The U.S. government seems to have a dizzying array of programs, both already running and in the pipeline, to gather vast amounts of data on virtually everyone, store that data for who knows how long, and do who knows what with it. One thing they’re doing is data mining, looking for “suspicious” patterns in the data trying to find potential threats. Not only does data mining not work, there’s a chance it could identify you, even if you aren’t doing anything wrong.
Other countries are already putting in place even more Orwellian surveillance on their own citizens. And some countries, as we all know, arrest, torture and kill dissidents or anyone they just don’t like.
Fortunately, there are things you can do to protect yourself from all of these threats.
I called this article “Advanced online privacy protection” because it reveals things about keeping yourself safe and anonymous online which are little-known, except to the bad guys. It’s about time the good guys got hold of some serious protection.
When people get serious about keeping themselves anonymous online, they almost always stumble across Tor. They install it, turn it on, make sure it’s working, and forget it. Then they’re surprised when the jackbooted thugs catch them anyway and haul them off to be tortured and killed. Simply using Tor is not enough to protect yourself.
There are different threat models which necessitate different processes and different ways of using Tor and other privacy tools. I’m going to take a look at three of the threat models and explain what you need to do, in addition to using Tor, to reasonably protect yourself from the threats. It’s possible I haven’t thought of everything, and it’s possible I may be wrong. If you believe I’m wrong, feel free to leave a note below and we’ll talk about it. And if you somehow think that we don’t need privacy, consider that the U.S. might never have come to be without it.
I assume that you already have some knowledge of Tor and Privoxy and that you have already installed them. If not, go do that now and come back. Be sure to read the Tor FAQ, especially the section on anonymity.
The first thing I am going to recommend, regardless of the threat you wish to protect against, is that you use separate browser profiles, separate user accounts, or even separate computers, for your unprotected Internet usage and your protected Internet usage. For most people, it should be sufficient to use separate browser profiles. You can set this up using the Firefox Profile Manager, and in fact, you can run both profiles in separate windows simultaneously.
If a breach of anonymity means imprisonment, torture or death, you should also encrypt everything on your computer using some sort of deniable encryption and preferably an encryption key which you don’t know and is easy to lose or destroy, such as a random string stored on a USB flash drive. Encrypting your computer, unfortunately, is beyond the scope of this article, but there are plenty of resources on the Internet for this.
The first threat model to address is that of a criminal who is looking to gain your personal information in order to commit financial or other crimes. Tor can only provide limited protection from this threat model, as the threat is directed toward an unencrypted network stream or a server outside your control whose storage is not encrypted. Even so, here are a few tips for protecting yourself.
All Web sites to which you would provide such information should already be encrypted. Look for the lock icon on your browser, and make sure the lock icon isn’t broken, unlocked or showing a red line through it; if it does, then the encryption is weak and should not be trusted.
Aside from that, the primary individual threat is if someone obtains your password. Never use the same password at more than one Web site, as many sites store the passwords unencrypted, and if someone obtains your password from one site, they could use it on any other site where you used the same password. Never use the password that the Web site assigns when you first register your account. Always change it to something else. It’s okay to let the browser remember your passwords, but only if it provides a master password which encrypts all of your saved passwords. (Firefox provides this capability, for instance.)
This is the threat model which applies to most users: your Internet Service Provider watching everything you do and making a record of it, which is turned over to government officials on demand. Tor excels against this threat. While Tor, and any low-latency anonymizing network, have weaknesses, they generally require the attacker to be monitoring you from multiple points on the network. If you use Tor against this threat, the only thing the ISP can record is that you have made encrypted connections to a few hundred other Tor servers.
However, you may run into trouble if you use a very large ISP. Consider the possibility that you use Tor, and someone else who is a subscriber of the same ISP runs a Tor server. There is a chance that your traffic would exit from that Tor server and the ISP would then be able to record it. If they are actively monitoring you, they may be able to tell, based on timing, that you originated the requests, especially if the ISP is running the Tor server themselves with the express purpose of monitoring its users. The chance that you would be discovered rises the more you use Tor to contact the same sites, so your best bet here is to use the ExcludeNodes torrc directive to blacklist any Tor server on any network owned by your ISP.
Weaknesses in any anonymizing network, including Tor, may make you vulnerable to a very determined and resourceful attacker who can monitor the Internet at multiple dispersed points as well as launch attacks on the Tor network itself. This category generally includes many government intelligence agencies, and may include some government internal police agencies. Consider that the U.S. Department of Justice has funded research (PDF) into how to attack anonymizing networks such as Tor. That research contract is now being handled by the Department of Homeland Security. What do you expect they want to do to anonymizing networks?
You can read all the research into anonymity for yourself if you like. And I probably will oversimplify things a bit, and I may give the attacker too much credit, for those of you more familiar with the research than I am. The very short explanation is this: A determined attacker with sufficient resources can find out who you are if you use Tor to contact the same sites too frequently. Current research has not suggested a solution to this weakness which could be incorporated into the Tor protocol.
However, there are two ways you can mitigate this threat or even eliminate it. The first way to mitigate the threat is to limit your use of Tor. I suggested above that people maintain separate browser profiles, separate user accounts or even separate computers for Tor usage and non-Tor usage. In this scenario, you would not use Tor for anything that isn’t sensitive enough to require it, only use Tor for those things for which it is essential, and never cross the two. You would be essentially maintaining a pseudonymous presence on the Internet through Tor, and you must never allow that pseudonymous presence to be associated with your true identity.
The second, and much more effective, way to mitigate the threat is to move. Never use Tor, or indeed do anything sensitive, from your home, workplace, or any other place which can be tied to you. Ideally you need a laptop for this, but using Internet cafés is usually sufficient; distributions of Firefox, Tor and Privoxy exist which fit on a USB flash drive or CD-ROM and can be plugged into any computer for access to Tor on demand. If you must use Internet cafés, do not use any which require you to identify yourself, if possible. If this is not possible (e.g. Italy) you will need to use your own laptop. Using a laptop and open Wi-Fi connections, you can then use Tor completely anonymously. Don’t use Wi-Fi hotspots which require you to pay or even to register, though. Free hotspots are easy enough to find in most countries.
If you are doing something extremely sensitive, consider using a laptop and Wi-Fi, but use any particular hotspot only once, and never return to the same place. This may eventually require you to leave whatever place you are located, but if you’re doing something that sensitive, it’s likely you’ll have to leave sooner or later anyway. Be prepared to spend extensive amounts of time traveling if you are in this situation, and ensure that your travel documents are in order and that you are not wanted by the local authorities; if you are, then I can’t help you.
If you are working against this threat model then you absolutely should have strong encryption on all of your computers. If you are in a country which requires you to surrender your encryption keys on demand, make sure your key is a random bit of data on a USB flash drive which you can easily “lose” if the need arises. Tutorials on the Internet explain how to do this for Linux. I’m afraid I don’t know about Macintosh or Windows. If you need extremely high levels of security, you probably shouldn’t be using either of those in the first place.
Security is a tradeoff. If you try to implement security out of proportion to the threats you face, you will either be unprepared for the inevitable attack, or you will be wasting your time on inconvenient measures you don’t need to bother with. At the same time, if you need more security, you must put up with more inconvenience. Let down your guard, even for a moment, and you’re dead — if not right now, then in a few months when they find you and catch up with you because of a mistake made long ago.
I probably have omitted a few things which need explanation, or have made some sort of error, in preparing this article. If you spot an error or have a question, the comment form is directly below; feel free to use it.
I also have done little to address maintaining privacy and anonymity offline; it’s outside the scope of this article. Some research and a little common sense go a long way here. Perhaps I’ll be able to address this later.
Finally, while civil disobedience has been a time-honored way to get bad laws repealed in the U.S., it’s also been a time-honored way to get yourself killed. While I can’t recommend to anyone that he break the law, whatever it is, I do recognize that sometimes it must be done. Those working for positive change need all the protection they can get, especially when simply speaking in support of change can mean the firing squad.
(2 votes, average: 5.00 out of 5)
Loading ...
Karl Marx would love the popular moves among politicians in various state governments and the federal government to ban so-called "junk" food in schools, and to "put healthy food in" convenience stores and on the tables of those they define as poor. It's a very elitist and arrogant mindset that promotes this ideology, and it needs to be addressed.
Ultimately, the war supporters in Congress prevailed in the vote on the resolution. Still, the vote was significant because it places every member of Congress on the record as supporting or not supporting the unconstitutional, costly, violent occupation of a country that never attacked us. This vote should serve as an important reminder to the American people of where their representatives really stand when it comes to policing the world, empire building, and war.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Anonymous
Apr 17, 2006
I felt compelled to comment, otherwise the terrorists may win. A few suggestions: More links to better, more detailed explanations of what the lock icon really means in your browser; why simply using tor with different profiles isn’t enough to protect you at all (think javascript, java, activex); why “forgotten” encryption keys really mean you just sit in jail until the govt breaks into your drive; and if you’re trying to subvert a global adversary, tor is only one thing you need.
The offline anonymity would be interesting, as long as you don’t start spouting off about setting up a company in Panama and trusting some govt backed “remailer” service.
Michael Hampton
Apr 17, 2006
Anonymous, I wish you’d provided some of the links yourself; the really good explanations tend to be harder to find, and unfortunately I don’t have nearly as much time as I would like.
I did note that you were using Tor yourself, though. Good show. :)
As for companies in Panama and remailing services, most of them are complete bunk, no longer in operation, or as you say, government fronts. Again, there the really good stuff is very hard to find.
Anonymous
Apr 17, 2006
I felt compelled to reply to the comment, otherwise the terrorists may win. SSL can be easily attacked via MITM, or native SSL exploits as lots of browsers still ship with SSLv2 the default. This is bad. Here’s what CA’s want you to believe. You can purchase a fully valid ssl cert for US$69. All it requires is a working phone number that can view the PIN they show you to confirm your identity.
Are you really anonymous if you just use Tor? No you are not.
An example of how a global adversary plans to defeat the enemy on multiple fronts was discussed here.
As for offline anonymity, or real world anonymity, I’ve found very few resources online for where to look next. Loompanics used to have a few good books around the topic, but they are hard to come by now, and extremely outdated. Things like these books seem plausible. Maybe when you move to the Free State, we could have a drink and start up a FreeState Privacy/Anonymity Group. I look forward to an article on real world anonymity/privacy.
Michael Hampton
Apr 17, 2006
Well, when I move to the Free State, you’ll have to actually find me. I’m afraid I won’t have much luck finding you. (Maybe if I were a government agency…) :)
As for working phone numbers, I can get as many of those as I need.
And the symposium is interesting; but do you know if they specifically addressed encryption or anonymity? None of the presentations seem directly related (though I’ll probably poke through a few of the more interesting ones).
P.S. I edited your post to remove some information which could potentially be used to identify you. :)
Apr 18, 2006
Left Brain Female . . . in a Right Brain World » Carnival of Liberty XLI
Apr 18, 2006
Hammer of Truth » Are ISPs to be Forced to Violate Privacy Protections with an Unfunded Mandate?
Apr 18, 2006
Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)
Jason
Apr 19, 2006
CACert gives you free SSL Certs.
Though it’s not exactly anonymous and secure, I felt it needed to be said. Because paying for SSL Certs is bunk.
Steve Topletz
Apr 19, 2006
Regarding your suggestion of using different profiles, and setting up Tor, I’ve already developed a simple solution: Torpark. You may have heard of it, if not check it out. It is a mobile pre-configured package for windows that runs the latest Tor, Firefox, Portable Firefox, and many security extension. While this is not a comprehensive solution, it is a great tool for those who are less technically savvy.
Regards,
ST
Apr 21, 2006
Virginia Libertarian » Blog Archive » LP Politics: Be Afraid, Be Very Afraid.
Michael Hampton
Apr 22, 2006
Well, that’s easy. You just go look at the list of active exit nodes and see if any are on networks under the control of your ISP.
meeciteewurkor
Apr 22, 2006
Michael,
How does one know if a Tor server is owned by one’s ISP?
Apr 24, 2006
MacManX.com » Blogroll Dive: 4/24/06
Phil
May 11, 2006
why not use sandbaggie?
Aug 04, 2006
Senate ratifies Europe cybercrime convention - Homeland Stupidity
Oct 30, 2006
Google intelligence cooperation reprise - Homeland Stupidity
His Evilness
Oct 31, 2006
(I found this via your link from Google leaping in bed with the spooks.)
Not only does data mining not work,
Careful there. Traffic analysis is a form of data mining, and the whole point of your article is that it works just fine. Mining the content of what people send is probably hopeless on a practical basis, but isn’t theoretically forbidden — and the spooks employ some very clever people.
Michael Hampton
Oct 31, 2006
My point is that data mining doesn’t work to catch potential terrorists. (Bruce Schneier does better than I do at explaining why, so click already.) It works great in other contexts.
Nov 26, 2006
links for 2006-11-26 | .get privacy
Jun 11, 2007
Supporting the Electronic Frontier Foundation - Homeland Stupidity
KS
Feb 12, 2008
so a question!!
what are the other techniques that the ‘agencies’ use to track suspects?
is everything they do based on traffic analysis or is there a bigger picture out there?
how do they trace money laundering etc?
the russians were the worlds greatest at direction finding in the cold war by triangulating positions within 3′ish seconds….
so i recon there is technology out there that would be similar for internet communications.
the best way to protect your self is know your enemy according to sun tsu.
so what do they use? any one know where to start finding out more?