Right now, my primary browser for basic web surfing is the Tor-BB. This is pretty good, however I just read an article suggesting that it has been significantly compromised by the (US)government. http://cryptome.org/2013/08/tor-users-routed.pdf

This is old news. It has been known for a while, but now that I know the ease and probability/accuracy of it being relevant, I would like to know of solutions.

If you know of a way to beef up anonymity beyond that of regular tor, please share here. This thread exists for those of us who like to leave name fields blank :P

Additionally, relevant ideas for simple, feasable programs and scripts are also welcome. Once I learn scripting, I may implement some.

So, if anyone knows of ways to beef up online anonymity please share them.

Now that the general idea has been posted, here are some obvious ones to share with all of you:

disable scripts in your browser. The TBB comes with a plugin(NoScript) for that, but the plugin is set to enable them by default.

Another one is probably to connect to tor through a proxy. This can be configured when first starting tor, or by clicking the onion button.

Obviously, if you can help it, avoid your home network, monitored networks, the same network too often, and use Linux (Tails is supposed to be a great choice) instead of Windows, though this may not be feasable for everyone.

I also read somewhere about the ability to connect to a proxy, vpn, or ssh into a server of some sort from the other end of tor. I have yet to try this, but it sounds legit.

Another solution is to try finding or using another anonymizing network such as i2p, but I have yet to dig very deep into this, and hear that it may actually be a downgrade instead of an upgrade.

However, I am probably forgetting a number, and there are probably more sophisticated answers that I am also forgetting.

Please share them. :)

Unless you HAVE a nation-level adversary after your data, Tor is good enough for you. HOWEVER, THAT IS THE WRONG PLACE TO START.

If you really want to be anonymous, you need to begin with good opsec. Separate your anonymous activities from all other parts of your life. Buy a different computer. Use Tor. Browse from internet cafes selected a random from a large pool. Use different username/password combos. Don't post or use ANYTHING related to your regular life. Don't visit the same sites. Don't browse at the same time. Does that sound too hard? Do you really need that much opsec?

There is no magic sauce for making you anonymous. It's hard work and one slip-up will compromise it. Anyone that tells you otherwise is either uninformed or is trying to sell you something worthless.

If you're curious, I recommend reading up on opsec. Look at some case studies.

>>3 Yes, because based on recent news, with governmental and corporate entities alike infringing on the privacy of individuals in needless, widespread, and legally ambiguous ways, my threat-model has evolved into "trust no-one unless trustworthy, or you have to."

So, yes, I am assuming a nation-level adversary for the purposes of computer-security.

Opsec sounds like a good start. If I had the money to spend on a car and a second computer, I certainly would do those parts. Good reminder to upgrade my uname and pwd combos though. Some of them probably could use an upgrade.

>>4 You can use a password manager to make your passwords extremely secure pseudo-random strings of numbers and letters. I use one myself and it has proved quite secure.

I have already exposed too much on the Internet to adopt an anonymous practice. I'm not on Facebook or social media, though, and I don't own a cellphone, so the information that can be acquired through me is limited in those respects.

>>5 That sounds like a good idea to an extent, but it also means that you won't be able to remember passwords as easily due to less practice. Though it sounds great for the idea of tying your passwords to a single device, thus simplifying the opsec mentioned in >>3 .

Since you mentioned cell phones, here's how to travel with a cell phone, while not being tracked:

Wrap it in aluminum foil or remove the battery.

This will allow you to keep a phone for emergency calls while not being tracked very readily. Keep in mind, removing it from the foil or putting the battery back in will make it trackable again.


Also, just because most of your current data is out there, doesn't mean that your future data is all compromised already.
Just having an email address or social media account with one of the big providers doesn't mean that the government needs to know that you read 1984 and stuff from wikileaks.

Even if they have all of your data already, as a political statement, I'd still make it a pain in the rear for them to keep getting it. Sort of like the second ammendment advocates who practice open carry, you should assert your right to privacy.

>>6 In my opinion, we look at password security in the wrong way.

I don't think you should be able to remember any of your passwords. It makes them completely insecure, more so than having them stored somewhere by using a password manager. Passwords should be like physical keys; you can't reproduce your key off of your memory of its shape.

I supposed there is a certain level of information I am comfortable sharing with the government. I am only trying to protect myself against individuals or corporations who are trying to get my information to sell it or use it against me. I supposed I figure a nation-level adversary is too big to avoid without bringing on a lot of inconvenience, perhaps too much to justify what might happen should they get information about me.

I think I'm anonymous enough and limited enough in my activities that there is not a large amount of information that can be discovered or inferred from me. Take Google for instance: based on my Google searches, Google+ profile, and Chrome history, they incorrectly guessed my age, sex, first and second language, and listed almost all of the possible interests I could have. I consider this a testament of my anonymity, given that Google, while not the biggest, is a very large buyer and seller of information.

Plus, I don't have to be perfect to be safe. All I have to accomplish is being more secure and anonymous than the next person, which is really what IT security is all about. Look at Google Chrome, for instance: when I discuss reasons for using whatever internet browser you use with people I know, security is virtually never a factor. They don't care that Google is obviously mining data, all they care about is it's faster or better than Firefox. Same goes with Facebook, people just don't seem to care that their information is obviously not secure and is clearly being sold out. I'm much more security conscious than most people I know, and I know there are many more like them using Facebook and other services like it. I suppose I don't see a benefit from being more anonymous than I already am.

If I really wanted to be anonymous, I wouldn't even own a computer.

>>7 In the name of pure password strength, you'd be right, however this leaves a backdoor that I am wary of. Any breach in the security of the password's container compromises the password.

Simply, Your 1024 bit password of uncrackability then runs the risk of being copied or downloaded. Furthermore, it is also vulnerable to drive failure.

I like the idea of memorable, but hard to guess passwords, as they are only beaten by rubber hosing, in which case, you were screwed from the start.

As the US still tries to keep up appearances sometimes about the 5th ammendment, it seems safer to gamble against rubber hosing than against the simple finding of your removable media(yes, you can store decryption keys on usb keys, and it may make a great form of secondary authentication). Not only that, but the US legal system has also so far held physical keys to be unprotected by the 5th, but memorized passwords are.

Therefore, whether you prefer mental passwords or physical keys is user preference, but it definitely makes for a good combination.

Another useful foundation for privacy is to build upon a legal framework. By this I mean know your rights, so that you can deter over-zealous police, and know what won't work so well.(don't bother encrypting in the UK for example.)

Good starts include reading the constitution (of your home country, and of any country you plan to visit.), as well as looking up videos, laws, and cases which seem relevant to any measures and situations that you think could be relevant.

Flex your rights has great videos on how to tell a traffic cop that you don't consent to searches.

>>8 The manager I have requires one master password. This would be the password you remember, but it's only one. A human can remember one very strong password, but remembering 100 very strong, unique passwords is near impossible, and having to make them memorable by a human is what makes them insecure.

My password manager is stored on a cloud, and it is accessible from anywhere with an internet connection. I have set it so I can only log in from within 100KM of my location. I also have a 60 character master password to gain access to all my passwords. I am pretty sure my manager encrypts my passwords with my master password, so even if they are hacked, they'd still need the key, or a quantum computer, or thousands of years. Of course, there is always beating me senseless with a rubber hose, as you mentioned.

A scary number of people have never read the constitution that I know. It's really sad that the government can pretty much do whatever they want to some people, and they'd be none the wiser.

I don't know what you mean about not encrypting in the UK, would you mind explaining what you were talking about?

>>9 I also use a password manager, I think it's a really good idea. There are many studies that show people are not as unique as they think they are, and most people develop a lot of predictable patterns with their passwords. I can't imagine remembering a lot of passwords for all my accounts online, and most people I know use the exact same password for almost all their accounts. I am glad I don't do that, because the insecurity of a password manager is far below the insecurity that results from recycled passwords, at least in my opinion.

>>9 The uk made it a felony to not decrypt your data for the police. Therefore, encryption would only protect you from nosy friends and computer thieves. Since thieves are more interested in the hardware.

>>10 Yes, but those patterns mostly belong to those who don't know or care. Ie, people who like the password "12345."

Personally, I believe that a few solid 40-50 character passwords with careful management and specific extensions for any given service could be strong enough to survive a certain amount of reuse (though it should be avoided).

Additionally, password manager will not hold your disk encryption password, as that has to be input before booting. Therefore, you will also either need a usb-key key or to remember two large passwords.

a useful page on password strength:
https://en.wikipedia.org/wiki/Password_strength
It is probably a good idea to try to match your encryption and password strength. (ie, use a 43 character case sensitive string of random characters with aes256 encryption).

>>11 The problem is if the services you use are insecure, your password strength becomes irrelevant. Reusing, in part or in whole, passwords across different accounts on different sites is so insecure because of the services themselves. If one company gets hacked, more than one of your accounts is in jeopardy.

The average person cannot remember more than a couple unique 40-50 character passwords, unless it is a sentence or something equally insecure. I have enough trouble remembering my 60-char master password for my password manager, I can't see myself knowing 5 or 6 of them.

I really have to say, people don't take security anywhere near serious enough. It's gotten to the point where people are using the same stupid passwords they have used since grade school, as >>10 mentioned, and that password may be good, but Neopet's IT security is not. It makes me equally angry and sad how little people care about something so obviously important. Stating the obvious of course, but it really makes me sad.

You also assume I have encrypted my disk (I have not). I encrypted my laptop's hard drive, since it was more likely to fall into enemy hands, but my desktop is more lackluster in terms of security features like UAC and encryption.

If you wanted to specifically target me, you'd have no problem. If you were mass targeting many people, you would move on from me to other, easier prey. That is all I hope to accomplish.

>>12 Fair enough. Even with case-specific extensions (adding an extra few words that are site spedific), with this argument, a number of 50 character passwords could be reduced to 16 or less.

So far the list is:
tor/i2p
password manager and individual strong passwords
opsec
legal baselines
blocking cell phone location tracking(tin-foil/battery-removal)
encryption

Another one that fits in with opsec is physical security.
Opsec focuses on guarding the open display of sensitive information and avoiding giving off subtle hints about it.

Physical security in this case is tied closely with opsec and is also quite important. Use a laptop tether cable to connect your computer to something too heavy to take with it. When taking your laptop with you anywhere, bring a bag or backpack to make it easier to carry and keep your eye on it, even in the bathroom.

Never share storage media with sensitive documents unless you particularly trust the other party, don't lend your phone to strangers.

Ones that matter against police, in the slowly encroaching mission creep in the US is to lock your car behind you when told by the officer to get out of it. If told to roll down your window, only do so a little bit so they're less tempted to fabricate the smell of drugs (they're not my thing, but that doesn't mean that cops never lie either).

Simply put, if you can't keep your eyes on it to defend it, lock it up.

>>13 Physical security is almost more important than everything else, because if someone has physical access to your computer, almost all of these measures are made irrelevant. Interestingly enough, there was a discussion about this in News and I wanted to bring it up here. There was a proposed bill in the US to make kill-switches a legal requirement in phones. The kill switch would essentially wipe your phone clean on the press of a button.

What do you think about that? Do you think kill switches are a viable option for anonymity?

>>14 Yes and no. For anonymity against thieves simply stealing your phone, yes. Against corrupt government, law enforcement, and snooping employers, no. Furthermore, the concept of willingly accepting backdoors such as killswitches seems a little bit risky and like bad precedent. Who's to say that XYZ vendor won't also include a read-data backdoor. Furthermore, kill-switches, while good against thieves, are bad against people who want to watch the world burn.

By the way, I just found what might be a TOR upgrade. Whonix looks like it might be a start.

>>14 Kill switches are way too dangerous. If an engineer can program a way to remotely access or wipe your phone, that means the government and other criminals can have the same capabilities as you. I don't think they present more advantages than disadvantages. They are a risk in themselves, maybe even a higher risk than a thief seeing your data.

Does anyone know of a good free email service that has decent privacy and encryption support (through thunderbird with enigmail counts)?

Additionally, does anyone know which tor-based mailing services are best? Tormail was compromised by the FBI, and I don't know their current status.

Another useful set of tasks would be to randomize your hostname, mac address, and ip address. Through tor, these are protected, but that doesn't keep all routers in between you and the entry node from seeing you. (or protect from timing attacks)

The arch wiki has a great page on MAC spoofing.