Dean
Latest posts by Dean (see all)

As a reader of Cryptorials it is probably fair to say that, for whatever reason that is exclusive to you, you’ve taken an interest in cryptocurrency. You may be an anarchist romanticizing the idea of a financial tool to “disrupt the status quo,” or maybe you’re just a progressive early adopter, ready to usher in the era of a global economy. For me, it was the apparent privacy of bitcoin. After being on the receiving end of identity theft in 2013, an experience with effects that still continue to resonate, the idea of a global recorded-yet-anonymous online payment method was eagerly welcomed.

A disaffiliation between my irregular and normal financial transactions was a good starting point for me, but the more I’ve fallen into the rabbit-hole of research about online anonymity, the more exhaustive the scope of reality has become.

In 2016, privacy is not a natural right.

Mass surveillance and data preservation are no longer just lofty plot themes from 1984, ladies and gents. They’re ill-defined legislation under the guise of national security. And it’s not just policymakers deciding how best to classify the masses; big corporations are licking up your trail of cookie crumbs too. Whether it’s Google Analytics mapping your traffic habits, Facebook Ads hypothesizing your income, or any other third party, thousands — if not millions — of dollars are to be made by following your every move.

What’s worse is that this isn’t a new discussion; you probably realized you were being tracked when a banner ad for some product you were this close to purchasing began to appear on multiple unrelated places across multiple devices. And yet for some reason, you continue to use their offerings and be their target.

What I have learned from my experience is that anonymity is a luxury. If you are using a service for free, you are actually paying the price with your personal information. Now I sure as hell don’t want something, whether it be a person or an algorithm, quantifying details about me everytime I connect to the Internet. And as members of the community who will drive cryptocurrency to mass adoption, I can’t help but assume you feel similarly.

The decade-long question of “Can you really be anonymous online?” can be debated back and forth until the end of time, but what it really boils down to is your definition of anonymity. If you just want to avoid being tracked, there are settings you can change and extensions you can employ in order to achieve a substantial level of privacy. But if you’re looking for anonymity while part of a social network or online community, you’re facing a different kind of challenge entirely.

Speaking in generalities, here’s my best guess at what it takes to remain anonymous for the long term, without your online identity exposing your real one.

Tor

The Onion Router commonly known as “Tor” is a godsend for anonymity advocates. While most people will immediately think about the private browser when they hear the name, it’s actually a much more robust project. With APIs, an encrypted network infrastructure, and large a knowledgebase for developers and privacy advocates, Tor is an entire open-source system dedicated to helping connections remain anonymous.

In short, Tor scrambles the data being transported to and from your browser through a series of layers (like an onion!) called nodes, making it extremely difficult for anyone to see which websites you’re visiting or what specific device you’re using.

It’s worth noting that certain privacy flaws still exist with this online privacy tool, primarily with the exit nodes. A Tor exit node owner can monitor and modify any traffic that runs through their network, effectively breaching all security protocols in your quest for anonymity. The answer for this security weakness is a VPN (which we’ll get to shortly). Faults aside, it remains one of the best methods to remain anonymous online when combined with these other recommendations.

VPN

Similar to the private Tor browser, a virtual private network (VPN) anonymizes your Internet connection. A VPN allows users to create a secure Internet connection on a public or unsafe network. While connected, all online activity goes through an encrypted virtual tunnel between the host device (client) and the VPN provider’s servers. Now, VPN can be used for geo-spoofing for Netflix and Hulu, and as of late that’s what it has been most known for, but VPN + Tor browser used together make users virtually untraceable. A VPN is able to compensate for that pesky exit node issue in Tor. As far as VPN providers go, there are a TON of them, both free and paid and we already discussed what happens when you get something for free. You’ll want to look for a service provider that offers multiple servers around the world, offers shared IP addresses (as opposed to static) and has a strict policy on logging. I’ve been using IPVanish VPN for almost a year now, and I haven’t had any major issues. One of the main reasons I even started with IPVanish is because they take Bitcoin for a payment method. Plus they have mobile apps so you can protect your stuff on-the-go. You don’t even have to use a real email address for signup so…bonus!

Settings Checklist

Many of the plugins and extensions you have running in the background to make YouTube videos appear or provide webpage functionalities are doing more harm than good. It’s an exhaustive list of settings to tinker with and items to disable or remove entirely, so I’ll just get right into it:

JavaScript

JavaScript is a programming language used extensively on the web, but it’s also capable of leaking identifying info. While it’s designed to communicate information about a device to a web server in order to optimize a user’s experience, (think screen resolution size, operating system, etc.) that information can easily be collected and exploited by trackers. If total anonymity is your end-goal, then this is one of the more difficult things you’ll have to give up. Most websites depend on JavaScript for better visual performance, so you’ll see the effects of blocked JavaScript right away. On the other hand, if you’re not ready to rip the bandage off entirely, web browser extensions like NoScript and ScriptSafe allow you to pick and choose the websites that are given permission to run JavaScript in your browser. So you can have your cake and eat it too.

WebRTC

WebRTC is an API that supports video chatting, voice calling and file sharing straight from the web browser. Understandably, it’s pretty handy to have around instead of booting up Skype or Oovoo (does anyone still use Oovoo?) to chat with long-distance friends and family. Unfortunately, a browser with WebRTC enabled can also leak your IP address, even if you’re connected to an IP-masking VPN. If you’re running Firefox, enter about:config into the search bar and set media.peerconnection.enabled to “false.” If you’re running Chrome, install the WebRTC Block add-on to hide your real IP address if you’re using a VPN. Sadly, Google won’t allow Chrome to turn WebRTC off entirely — you can blame Google Hangout & Voice for that.

Plugins

Even without WebRTC or JavaScript leaking your browser details, your online identity can be endangered by your plugins. If you’re truly committed to remaining anonymous, avoid running plugins altogether. But similarly to the issues you’ll run into with JavaScript (or the lack thereof), your entire online experience can be kneecapped by disabling every plugin. To combat this, try configuring your browser to require approval in order to run a plugin.

Cookies

Surely you’ve heard of cookies before, and not the chocolate chip kind. Virtual cookies are pieces of code stored on your device by a website to provide a more personalized experience. Some are helpful, like the ones that save shopping cart selections, even when you’ve wandered off the website. Others are more intrusive, analyzing your activity to shill products and generate clickbait. You can simply delete these straight from your web browser in your general preferences, or you can go the extra step and get an app to nuke the last of ‘em. I like CCleaner for that, and I’m sure you will too — it’s super effective.

While this won’t do much to protect your online anonymity, it will make it harder for websites to understand your viewing habits.

Product Alternatives

Anonymity is very difficult to achieve because the majority of companies either look to advertising for key revenue, or because they aren’t privacy-minded. Many of the services that we use day-in and day-out, like email, social media, search engines and image storage are all tied to a big company with the incentive to intrude. Disconnecting from those services entirely and moving into a cave isn’t a realistic option, but using alternative, privacy-minded services is easy to do. PRISM BREAK is a directory of private applications and services that compare to the household names you’re familiar with for all sorts of devices. So you can try DuckDuckGo instead of Google Search or Kolab Now in lieu of Dropbox. You’ll be glad you did.

It’s important to reiterate that at an individual level, each and every one of these methods of anonymization can be conquered. Still, the more of these practices you employ, the harder it will be to identify you.

By investigating into global data retention practices, or reading through a company’s privacy policy, you’ll be quick to conclude that the default state of Internet privacy is a wreck. And by default, it is; the people who track us and hack us for a living bank on that fact. But if you’re willing to work hard, you can experience the next best thing to absolute Internet anonymity.