In This Tutorial
- Browser Security
- Local Net Security
- Encryption/Logs
- Virtualization Software/liveUSB
- IP Address
What You Will Need
- A brain
- A computer
- The ability to read
- Wireshark (not absolutely necessary)
- Linux. There's already plenty of Windows tutorials out there.
- No Jews Allowed...
- Ok fine Jews
::Let's Get Started!
First of all, I realize that there are already a few anonymity tutorials in our
wonderful Anonymity section. However, I realized today that they are incredibly
generic and are practically duplicates of the hundreds of other generic
tutorials out there littering the net. So, I decided to write one that is a
little bit more inclusive. I would also like to add that there is not one
tutorial out there that will provide you with absolutely all the information
you will need to be 100% anonymous. In fact, I don't think that you even can be
100% anonymous. Keep that in mind, and always be paranoid.
Browser Security
Chaining 35 proxies won't do you any good if you overlook other aspects of
being anonymous. As far as I'm concerned there's a few keys points to browser
security.
User Agent:
If you don't already know what this is then you should probably come back to
this tutorial later in life. But just in case:
"The term was coined in the early days of the Internet when users needed
tool to help navigate the Internet. Back then, the Internet was (an
actually still is) completely text-based, and to navigate the text, text
commands needed to be typed into a keyboard. Soon tools were developed to
be the users 'agent', acting on the user's behalf so that the user didn't have
to understand the cryptic commands in order to retrieve information.
Today, nearly everyone uses a web browser as their user agent." - http://whatsmyuseragent.com/WhatsAUserAgent
Obviously this can be indentifying, specially if you have a rather unique one.
In older versions of Firefox you were able to go into the about:config and
permanently edit your user agent. I don't think you can do that now. So
instead, I would recommend getting an add-on to take care of this. There are
plenty of them, but my favorite one is Override User Agent because
it seems to have the most choices. Everything from Safari to Opera to Internet
Explorer to Mozilla to Mobile user agents. Shit, you can even make it appear as
though you are a Google Bot. Too easy.
You can do this in most major browsers and it will almost always come in the
form of an add-on.
Something that was brought to my attention by proxx is that a network admin
could potentially discover that you are being dishonest about your user agent
via the TTL values of the packets. TTL stands for 'Time to Live' and is
responsible for limiting the number of hops of a packet. This prevents the
packets from floating around for eternity to explain it in a mundane way. So,
an example would be that you are using a Windows user agent and spoofed it to
be a Linux user agent. It would be possible for the net admin to analyze the
TTL value and determine that it was changed and when.
A link provided by proxx might help to explain some of this: http://www.binbert.com/blog/2009/12/default-time-to-live-ttl-values/
It would be a safe bet to keep your windows user agents windows, and your linux
user agents linux. You can easily spoof the TTL values in linux, perhaps using
iptables.
Referer Url:
This one seems to be rather overlooked. This is an HTTP header field that can
be used to track your path from page to page. This one is also a simple fix. At
least in Firefox. All you have to do is, once again, go to the about:config and
search for network.http.sendRefererHeader. Once you've found it just set it to
a value of 0. That takes care of that. You can also use the add on RefControl.
In Chrome you can check this out:
https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin?hl=en
If you are using Internet Explorer then..... Well then you should just go away.
Cookies:
Cookies are used to track your web activities. Don't think that just because
you are using Tor you are safe from this. As usual there is a plethora of
add-ons that you can use. You can also set your browser to not accept cookies
from sites, however, you may find that you won't be able to access certain
sites if you do this. At least make sure that you remove cookies when you are
done with you session. This can be done in Firefox > Prefs > Privacy >
Show Cookies > Remove All Cookies. Obviously that's for firefox. In
Chrome I think it's something like, Chrome > Tools > Clear Browsing Data.
For Opera it would be Settings > Preferences > Advanced > Cookies.
For those of you who don't know there is such a thing as long-term cookies.
Otherwise known as LSO's(Local Shared Objects). These are flash cookies. As far
as I know they aren't removed when you do the cookie removing steps I mentioned
above. You can handle these by getting the add-on called BetterPrivacy.
I hope I don't have to tell you guys to clear your history or use Private
Browsing. Oh! and one more note that I'm not going to make a title for. Be aware
of the Desktop and Web Browser extensions you are using. For example, weather
monitoring extensions could be very bad because they may transmit zip codes or
address information to get local weather reports. Many people overlook this.
Hiding your IP won't matter if you overlook this.
Other good add-ons:
Adblock Plus - Can be used for Firefox, Chrome,
Opera and Android
HTTPS Everywhere - Encrypts your communications
with over 1000 websites. Unless you're taters I'm sure most of you are already
using this.
Ghostery
- See what's tracking you on a site to site basis. Block them if you wish
TrackMeNot - I really like this one. This one spoofs your
searches. For example, currently it looks like I'm browsing for: dogs
When instead I might be browsing: How to be a terrorist
No
Script - Oh come on.
Startpage:
Also, for those of you who don't like Google for obvious reasons, check out Startpage.
It sends your searches to their own server before actually sending it out to
the web to help hide who's searching. It's alot like Ixquick except that it
yields better results. They don't log your IP.
Local Net Security
If you aren't worried about your local network identifying your machine then I
wouldn't worry about this section. Still, it's good to know.
MAC Address:
Your MAC address is a 48bit hardware identifying address which is part of your
network card. Everyone has one and they are all unique. Again, this doesn't
cross router boundaries so there are many situations when spoofing this doesn't
matter. There are a few ways to spoof this. This first way being manually. The
basic syntax for this is:
ip link set wlan0 down < to bring down the interface temporarily, otherwise
it won't work
ip link set wlan0 hw ether ff:ff:ff:ff:ff:ff < don't use that one idiot
Snayler reminded me that in Debian based systems you can run:
ifconfig wlan0 down <to bring down the interface
ifconfig wlan0 hw ether ff:ff:ff:ff:ff:ff
Then you have to reconfigure the interface. Simply running ip link set wlan0
up(or ifconfig wlan0 up) won't work.
The easier way is just to do this with macchanger.
Code:
macchanger
--help
Code: Usage: macchanger [options] device
-h, --help
Print this help
-V, --version
Print version and exit
-s, --show
Print the MAC address and exit
-e, --endding
Don't change the vendor bytes
-a, --another
Set random vendor MAC of the same kind
-A
Set random vendor MAC of any kind
-r, --random
Set fully random MAC
-l, --list[=keyword] Print known
vendors
-m, --mac=XX:XX:XX:XX:XX:XX Set the MAC XX:XX:XX:XX:XX:XX
Generally I prefer to do macchanger -r wlan0. Don't forget to run ip link set
wlan0 down first. If you want to run this at startup you could write a little
bash script and symlink it.
Code:
ln
-s /etc/init.d/script.sh /etc/rcX.d/K10script.sh
For those systemd users I created a tutorial not too long ago on exactly how to
do this here.
DHCP:
Many people are aware of the MAC address and that spoofing it might be a good
idea. Not everyone considers this though. You dhcp client will often transmit
some information when requesting an IP address. Much of the time this only
includes your hostname and MAC address(which you now know how to spoof). Unless
your hostname is:
twinkletits@hackingboxDumbassvilleOregon123herpderpLane
Then you should be fine.
Unfortunately, at least in the case of dhcpcd for you Gentoo and Arch users, it
transmits a hell of alot more. It will transmit your hostname, dhcpcd version,
kernel, OS and architecture. This is known as your vendor class id. Which is
obviously very identifying. This can be taken care of by editing your
/etc/dhcpcd.conf file.
So, for example instead of having your actual hostname and vendorclass id be
transmitted you can change it to whatever you want. Now, here's where you might
want Wireshark. Set your filter to bootp and send out a DHCP request.
Take a look at this DHCP Request packet.
Notice where it's highlighted and it says Vendor Class ID. That is extremely
identifying information. As you can see I'm using Arch linux with Genuine
Intel. You now know my exact kernel and dhcp version. Underneath you can see
that my hostname is machine. However, when I append these lines to the bottom
of /etc/dhcpcd.conf:
Code:
hostname
imatransvestite
vendorclassid isc-dhclient-V3.1.3:Linux-2.6.32-45-generic-ubuntu:x86
And now we send out another dhcp request.
Take a look at my vendor class id and hostname now. Be aware there are alot of
local services that may transmit your user and hostname. TCP ident lookups, FTP
logins, perhaps telnet are examples. Generally it's a good idea to not have a
unique or identifying user and hostname.
Encryption/Logs
NOTE: This information up to the Paranoid Encryption
category is largely taken from the Arch Wiki. However, it is not copy/paste.
There are a few kinds of encryption.
Stacked Encryption:
This is a when an encrypted filesystem is stacked on top of an existing
filesystem. This causes all files written to the encrypted folder to be done so
"on the fly" before being written to disk.
- eCryptfs
- EncFS
Block Device Encryption:
This, on the contrary, is written below the filesystem layer to make sure that
everything written to a certain block device is encrypted.
- dm-crypt + LUKS
- Truecrypt
Example Encryption Schemes:
1. Simple Data Encryption -
Would include an encrypted folder in /home. Might be encrypted in EncFS or
truecrypt.
2. Simple Data Encryption(external device) -
Would include an entire external device encrypted with Truecrypt.
3. Partial System Encryption -
Would include the home directories encrypted, perhaps with eCryptfs. SWAP and
/tmp separate partitions encrypted with dm-crypt + LUKS.
4. System Encryption -
If using Truecrypt you can't do this in Linux.
5. Paranoid System Encryption -
A rather clever idea. The entire hard drive is encrypted with dm-crypt + LUKS,
and the /boot partition is on a separate USB stick. You would have to be
freshly installing to do this because I highly doubt that any of you set up your
/boot partition to be on a separate USB stick. This way, you can't even boot
the OS without the USB.
Be sure that anything sensitive you may have you NEVER put in an unencrypted
area. I recommend always having at least an encrypted folder, if not an entire
device, on an external drive. That way it is entirely off of your computer. I
you accidentally happen to save something in an unencrypted area, don't think
that deleting it is good enough. Every *nix should have a built in shredding
command.
man shred
Code:
NAME
shred - overwrite a file to hide its contents, and
optionally delete it
SYNOPSIS
shred [OPTION]... FILE...
DESCRIPTION
Overwrite the specified FILE(s) repeatedly, in
order to make it harder
Usage: shred [OPTION]... FILE...
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.
Mandatory arguments to long options are mandatory for short options too.
-f, --force change permissions to allow writing if
necessary
-n, --iterations=N overwrite N times instead of the default (3)
--random-source=FILE get random bytes from FILE
-s, --size=N shred this many bytes (suffixes like K, M, G
accepted)
-u, --remove truncate and remove file after overwriting
-v, --verbose show progress
-x, --exact do not round file sizes up to the next full
block;
this is
the default for non-regular files
-z, --zero add a final overwrite with zeros to hide
shredding
--help display this help and exit
--version output version information and exit
I would recommend at least using the u and z flags. If you want to shred the
contents of an entire directory you can run this command:
'find -type f -execdir shred -uvz '{}' \;'
Logs:
Logs can let someone know what you have been doing on your system. Some common
places for logs and temporary data in Linux are:
/tmp
/var/tmp
/var/logs
/home (hidden files and folders)
I would be careful about what you go doing in these directories. Destroying
certain files could do serious damage to your operating system. Something else
I would watch out for is your swap partition. Data could be saved here if you
happen to use swap. This data could be retrieved even though you may not be
aware of it. If you have the RAM I would recommend not even making a swap
partition. Alternatively, you could mount your RAM and swap as /tmpfs and they
will be cleared at shutdown. You can easily do this in your /etc/fstab. Certain
*nixes already have this as default.
If you are thorough(paranoid) enough, you could always write a bash script to
run in place of your shutdown command. I don't know how many of you use the
terminal to shutdown but if you don't you could always edit whatever shutdown
button you use to run your script.
Here's an example script:
Code:
#!
/bin/bash
# Truncate all files in /var/log
find /var/log -type f exec sh -c '> "{}"' \;
# Clear any other log files you deem necessary
cat /dev/null > ~/.cache/config/openbox/openbox.log
cat /dev/null > blahblah.txt
shutdown -h now
Then you can set your script to an alias:
Code:
alias
shutdown='/path/to/bash/script/shutdown.sh'
And add that to your ~/.bashrc. This way all you have to do is open a terminal
and run 'shutdown' and you clear all your logs before shutdown. Simple.
Virtualization Software/liveUSB
To be quite honest, I wouldn't worry TOO much about logs. A better idea is to
just not do anything illegal on your main OS. There are alternatives.
Virtualbox/VMware:
A good idea is to install some anonymity based OS(or any OS for that matter) in
a virtualization software of your choosing. Doing this keeps alot of sensitive
information such as logs and whatnot off of your main OS. Think of it as
keeping all your dirty underwear in one tiny basket. I'm not going to teach you
how to create a virtual machine here because, it's fucking easy. What I will say
is that if you are going to do this you should do it the right way. My
recommendation is to follow these steps:
1. Encrypt an external device. Preferably not a USB. You'll probably need
something with more room.
2. Before you create the virtual machine, plug in your external and unlock
it(since you encrypted it).
3. Set the path of the virtual machine in your settings to the path of the
encrypted device. Doing so will make it so that the only way to access your
virtual machine is if the device is plugged in and unlocked.
4. For extra security use a couple of keyfiles. Use a few jpegs or mp3 files on
yet another external device. That is, if you're paranoid enough . Some good operating systems for
doing this might be:
- Virtus (although it runs on Ubuntu 11.10 so maybe
not)
- Whonix
Whonix is built specifically for Virtualization software. You can not install
this on your actual computer. Due to the way it's built DNS leaks are
impossible.
liveUSB:
Using virtualization software is good practice. However, it IS still on your
actual computer. Yet a safer way would be to create a liveUSB. You can do this
with UNetbootin, LinuxLive USB Creater(LiLi) or the dd command.
dd if=/path/to/iso of=/dev/sdX
Create it with no persistence. What is persistence you ask? Persistence is when
any settings or modifications you make on a liveUSB stay, or, persist
every time you start up the liveOS.
The downside to creating a USB with no persistence is that everytime you decide
to boot it up, any settings you may wish to have(such as many of the settings I
mentioned in the tut so far) will have to be done every single time. However,
the upsides I think outweigh the downsides. Basically, a liveUSB with no
persistence is like booting into a fresh install of an operating system every
time. So on those warm summer days where you feel like talking a relaxing walk
to the public library, sitting down with a cool drink, and hacking the gibson,
you can! Just pop in your liveUSB and hack away! Ok, don't really do that. But
you get my point. This way when you are done you just yank the thing out and
the next time you boot it up it will be like nothing ever happened on the
liveUSB. If you are going to do anything really serious, this is a good option.
Good operating systems for this might be:
- Privatix
- Liberte
- Tails
Really though you can use any operating system you want. These are just some
examples of anonymity based operating systems.
IP address
Ok ok fine. I'll talk about hiding your IP. I'm not going to go quite as in
depth as I may have with the other sections of this tutorial because this is
only one part of being anonymous that people get too hung up on. Not that it's
not important. People seem to think this is all you have to do to be anonymous
though, and they are wrong. But, it wouldn't be a complete anonymity tutorial
without this part now would it?
Proxies:
Wikipedia says: "In computer networks, a proxy
server is a server (a computer system
or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A
client connects to the proxy server, requesting some service, such as a file,
connection, web page, or other resource available from a different server and
the proxy server evaluates the request as a way to simplify and control its
complexity. Today, most proxies are web proxies, facilitating access to
content on the World Wide Web."
Ah yes. Proxies. Some of them log, and some of them don't, but how the hell do
we know which ones do and don't? Hard to tell really. There are a few main different
kinds of proxies.
- Transparent Proxies: Simply put, a transparent proxy is no good for doing
anything illegal. You Ip address is logged and shown. Although these may have
the advantage of being a bit faster.
- Anonymous Proxies: These hide your IP address. One downside is that anything
you may connect to can probably tell that you are using a proxy. Which may
cause problems for you in many cases.
- Elite Proxies: These hide your IP and may hide the fact that you are using a
proxy at all. Which can be beneficial. These often times will be the slowest.
WARNING: Never assume that any proxy is not logging.
Even if they say they aren't.
A good thing to look at is the country it is in. You should never use a proxy
that is in the same country as you. If you've done something worth trying to
track you down for, LE won't have any trouble doing so if you used a proxy in
your country. What you want to do is figure out which countries have the best
privacy laws. Or which ones have the worst so you can avoid them. As far as I
know, Sweden has very good privacy laws. China or North Korea however, have
shitty ones. The US isn't really the best for internet privacy either. So
choose wisely.
Another thing to look at is the different kinds of protocols a proxy may use.
Two of the most important ones are HTTP Proxies and SOCKS Proxies. People end
up using HTTP proxies by default much of the time.
SOCKS Proxies are lower-level then HTTP Proxies. SOCKS uses a network handshake
to send information about a connection. The SOCKS proxy then opens a
connection, perhaps through a firewall. HTTP Proxies are transported over TCP
and forwards an HTTP request through and HTTP server.
Some SOCKS Servers include:
- Dante
- ss5
- Nylon
- sSocks
A simple Google search will yield you some up to the minute proxy lists.
VPNs:
Wikipedia says: "A virtual private network (VPN) extends a private network and the resources contained in
the network across public networks like the Internet. It enables a host computer to send and
receive data across shared or public networks as if it were a private network
with all the functionality, security and management policies of the private
network.[1] This is done by establishing a virtual point-to-point connection
through the use of dedicated connections, encryption, or a combination of the
two."
There's a major difference between proxies and VPNs. That difference is
anonymity vs. privacy. The best way I can explain this is that anonymity means
that someone is sticking his dick in all of the birthday cakes, whereas
privacy means that Timmy is in the room with all the birthday cakes, but no one
knows what he's doing in there. Keep in mind:
proxy == anonymous(more or less)
VPN == private(Virtual PRIVATE Network)
Generally you can guess that the paid VPN's are going to be more reliable than
the free ones, given that you aren't an idiot who paid for it with your
personal credit card and your real name. Again, be aware of where the VPNs are
located. So if you are in the US, maybe don't use openVPN for anything illegal.
Their headquarters are located in California.
Tor:
I refuse to talk about Tor.
Proxy Chaining:
All I can say here is proxychains. It's a very useful tool and it's easy to
use. With this tool you can chain proxy to proxy, proxy to VPN, proxy to VPN to
Tor(if you want), proxy to proxy to proxy to proxy to proxy to VPN to proxy.
But let's not get to excessive.
You will need to take a look at /etc/proxychains.conf. There isn't a manpage
for it, all the directions you need are located in the config file. Basically
what you do is add whatever proxies or VPNs you may want(make sure to note the
IP and the port number) and you add them after this part:
Code:
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050
The proxies you add should be in this format:
Code:
type
host port
So for example:
Code:
socks4
198.10.23.100 80
Then you run the proxychains program.
Code:
proxyresolv
targethost.com
Final Notes
This tutorial was inspired by all of the generic, useless, copy/paste anonymity
tutorials out there. You know which ones I'm talking about. The ones that say:
"Here's a link to CyberGhost and what VPN's are, here's a proxy list, use
Truecrypt, make sure to clean up with CCleaner, watch out for Viruses, here's
some links to antiviruses. Full anonymous!"
To all those tutorials out there, thank you for motivating me to write this.
This one's for you.
As I've said before, there is no one tutorial out there that will make you completely
anonymous. Being completely anonymous is next to impossible. You can take as
many precautions as you want but if the NSA is looking for you it doesn't
matter how secure your Truecrypt password is and how many keyfiles you have. If
you are important enough they won't really need to crack your password. They'll
just beat it out of you. Besides many of the techniques I've outlined, being
anonymous is common sense. Don't link you real email with you hacker identity.
Don't talk about crimes you've commited. Use SSL with IRC. If you are going to
do anything really serious, don't do it from home. Don't do it from your
personal computer. Best of luck to all of you. Hope you gained something from
this tutorial
------Credit goes to--- -----LUCID----
