Having your privacy anonymous online is incredibly hard to achieve unless you know how to look after yourself in the digital world. I’ll show you how to achieve a high level of privacy, that you can use straight away to keep your online activity private. Here are 8 steps to being almost completely anonymous online.
In a sense, anonymity and privacy aren’t about closing the door when you go to the bathroom. For an individual, it might be about personal autonomy, political liberty or just protecting yourself in the digital world. For enterprises, employees privacy mitigates the risk for social engineering attacks, even blackmail. For example, the more an attacker can learn about key people within an organization, the more targeted and effective they can make their attacks. For that matter, educating employees about how to protect their privacy, should be a core principle of any security awareness program.
I’m here to tell you that you can take specific steps to protect your privacy or that of your organization’s employees, but in return, they require energy, time and some technical know-how.
Anonymity vs Privacy
I’m a big fan of the universe and believe it or not, the universe believes in encryption. A wise man once said, “Because it is astronomically easier to encrypt than it is to brute force decrypt. The universe does not appear to believe in anonymity, however, as it requires significant work to remain anonymous”.
The world is using privacy and anonymity interchangeably and this is correct. An encrypted message may protect your privacy, as only you and the receiver can decrypt the message and read it. But did you know, that encryption does not protect the metadata, and therefore, your anonymity, who you’re talking to, when, for how long, how many messages, the size of attachments and the type of communication (text message? email? voice call? voice memo? video call?), You may have thought that this information was decrypted but it’s not. All this information is easily discoverable by sophisticated hackers with a mass surveillance apparatus, which is most these days.
The word ‘Online’, in this modern world, is now meaningless. In fact, meatspace and cyberspace have become merged. We once lived in the ‘Real World’ and went ‘Online’. Now we live in the ‘Online World’, and technology like geotracking on mobile phones, facial recognition in public places, and other types of modern technology, means that no amount of ‘Online Anonymity’ will help you if your meatspace self is not also anonymous, which honestly, is nearly impossible these days.
Here are a few steps to being almost completely anonymous online.
Use Encrypted Software and Apps
Some people may have heard the saying, “Use Signal, use Tor”, and even though this combo is a great start for your online anonymity, it still won’t take down your opponent completely. Signal is one of the best encrypted messaging apps and lets you send text messages, and voice memos as well as voice calls and audio calls. Even though on the outside it looks and feels like any other messaging app, but in its coding uses encryption that, to the developers best knowledge, not even the National Security Agency can brute-force. Now that’s an app to start off with.
You’re probably asking yourself now, what about the metadata? Well, any network-level adversary can tell that you’re using Signal, and if your adversary is the U.S or Five Eyes, they have mass surveillance access to all Signal traffic and know who is talking to who, when and for how long. The creators of Signal are already aware of these technical limitations and are researching methods to push the boundaries of what’s possible. Metadata resistant communication is still an unsolved, cutting edge technical research problem. Even though to date, Signal is the most secure, easy to use messaging app available. It offers marginally more anonymity than any other apps, compared to Imessage, and WhatsApp. But please don’t rely on it for strong anonymity, though it’s still questionable, whether anything provides strong anonymity these days.
A recent alternative that has been in development for a few years is Telegram, which is known to offer secure encryption services through the app. Also, a great feature that Signal doesn’t include is that Telegram is cross-platform, so for instance, you can have it on your mobile device, and PC at the same time.
2. Tor Browser
Tor, the largest, most robust, and most effective metadata-resistant software project. Even though the Tor project does great work in the space of metadata resistant, the technical limitations of how much anonymity Tor can achieve have been evident for researchers for some time. No clear fix or replacement looms large on the horizon.
The Onion Router, also known as Tor, is specifically optimized for low-latency web browsing, and only supports TCP (not UDP), so downloading torrents is a bust. Another downside is that Tor won’t work when accessing many larger sites, as these sites block access via Tor.
Even though I’m sugar-coating Tor, it does not guarantee complete anonymity, even for web browsing, but it is the best thing we’ve got at the moment. Similar to so many things these days, Tor is dual-use. For instance, the same technology journalists use to research stories anonymously, is also used by criminals to do bad things. So when you hear someone complaining about the ‘Dark Web’, just kindly remind them that because bank robbers drive getaway cars on the motorways, it doesn’t mean we propose the idea of banning cars on the motorway.
If you want to keep your anonymity online as private as possible. The Tor Browser should be the first browser choice for your PC and mobile devices. There is an unofficial app for IOS called the OnionBrowser which offers a Tor Project- endorsed version.
3. VPNs Don’t Make You Anonymous Online
VPNs are not anonymous, there is absolutely nothing anonymous about using a VPN. Honestly, forget what you have heard about VPNs because they do not offer any form of anonymity, I just want to get this point across.
Because everyone expects VPNs to be on the list of anonymity tools, I’m going to let you in on the truth behind them and what they really do. So, all a VPN does is move trust from your original ISP (Internet Service Provider), or if your travelling, maybe your hotel or airport WIFI network, to someone else’s server. There are many legitimate security reasons why using a VPN is a great idea, but anonymity is not at all on that list. One tip I would suggest if using a VPN is to try and connect to Switzerland servers, as they have the best privacy laws in the world.
Unlike Tor, which bounces your network traffic through three Tor nodes spread entirely across the internet, which makes it very difficult, but not impossible, for an adversary to see what you’re doing. Using a VPN simply shifts your traffic from your ISP(at home) or a coffee shop WiFi (on the road) to the VPN’s servers. In a nutshell, means the VPN provider can see all your traffic. Meaning that an adversary that gains control of the VPN’s server, either by hacking them or by serving the VPN provider with a court order, can also see all your traffic.
Don’t get me wrong, using a VPN is great, so use them. I would rather use the more trustworthy ones, like for me I use, ProtonVPN, then your dodgy local coffee shop WiFi network, but keep in mind that they offer zero anonymity.
4. Zero-Knowledge Services Help To Be Anonymous Online
Did you know that Google reads every email you send and receive? Even Office 365 scans everything you write and DropBox opens and examines everything you upload. And all three companies, among other companies, are PRISM providers, per the Snowden documents, meaning they cooperate with mass surveillance programs. Think… if Google can see it, so can people in Washington D.C. I guarantee you have no privacy on any of these services.
In this day and age, we can’t fully trust that the service provider hasn’t been backdoored. A DropBox alternative called SpiderOak, based in the U.S, states that it uses zero-knowledge file storage. Protonmail, (my go-to mail server and VPN service), is based in Switzerland, also advertises zero-knowledge email and claims that its mathematically impossible for them to hand over your email to a third party.
Out of these providers, I use SpiderOak, Protonmail and ProtonVPN, I would also recommend switching from your current providers. However, I do suggest doing your homework before switching, but the field of zero-knowledge file storage is an encouraging sign, and one worth keeping an eye on.
Read: What Is A Proxy?
5. Think Twice Before Posting Online
Privacy is about autonomy, the idea that you choose to share what you want to share and to keep private what you want to keep private. Like if there is something going on in your life that you don’t want the entire world to know, then posting about it on social media, for the entire world to see, may not be the best idea. Don’t you think?
There are two sides to the concept of sharing everything online in your personal life. The older generations cringe at the idea of sharing all their information online for the entire public to see. Whereas the generation that grew up with mobiles phones and tablets think that under sharing is a problem and that oversharing is normal. There really is a time and place for everything, and deliberately sharing things you want the world to see should clearly have a value to it.
Consider this, even though sharing a particular detail about your life may not appear sensitive on its own. But taken in aggregate with many other personal details that have been published in the past, can add up a picture that you might hesitate to put onto a hostile internet.
You could say publishing on social media today is more permanent than chiselling hieroglyphics in stone. So think twice before you consider posting anything personally.
6. Double Check Those App Permissions
As you can guess, mobile apps, for both Android and IOS, always tend to request way more permissions than they actually need to function, and are frequently caught extracting personal details from users phones and sending those details back to the app maker in highly inappropriate ways.
Does that random app really need access to your microphone? And for what for? Is it going to record everything you say? What about your location? Why does it need your location? Is it going to be tracking you? And what about your contacts? Does the app really need to know all your contacts? What for? Remember when smart TV came out and was reportedly recording families in their homes? Be aware!
Android or IOS do not make it easy for you to change permissions of apps, but if you dig through your settings and turn off unneeded permissions, you will improve your anonymity. I also recommend an android device when it comes to handheld devices, as they are more open-sourced, and IOS are extremely limited.
7. Ad Blockers
Nowadays, one to one advertising networks watch you, to better target their ads specifically to you. Tracking your every move online and increasingly, in meatspace is the business model of huge chunks of Silicon Valley. Google and Facebook are two of the largest players in this space, and they track you all across the web and into meatspace, even if you don’t have an account with either, and also even if you arent logged in.
So, installing an ad blocker is no miracle cure, but having a shield is better than having nothing at all when it comes in invading enemy hordes. I use AdBlock on all my browsers and has a great reputation.
8. Don’t Bother With Any Home Assitant Device
If you’re really, truly value your privacy and anonymity, then for the love of god, remove your home assistant device (Amazon Echo, Google Home, etc). Think again, these always-on digital devices are poisonous to privacy and anonymity, and there is no way around making them less privacy-invasive.
The development of such devices makes clear the collaborative action problem. It really doesn’t matter if you decide to purchase one of these devices or not. If all your neighbours own them and use them, then really your own privacy is ‘Asta La Vista, Baby’. Even if your neighbours have Apple watches that record everything that happens, then even your movements in meatspace will also be recorded and tracked.
The 8 technical tips for keeping your privacy almost completely anonymous online are more of a temporary sealant for the gaping gap. I advise you to use them, but please be under no illusion that they will 100% protect your privacy. These tips are more of a starting to point.