Jump to content

Welcome!

Sign In or Register to gain full access to our forums.




Photo

How To Stay Anonymous (An old guide)

anonymous vpn proxy security ip address tor

  • Please log in to reply
No replies to this topic

#1 MONGOLO

MONGOLO

    delete cookies ?!

  • Members
  • PipPipPipPipPip
  • 1,234 posts
  • Location///\\\ FreddyLand (comical)

Posted 30 April 2013 - 03:09 AM

this was posted by TheSexyPenguin on another website, it was originally written by Kyek for the Hackulous forums back in 2009, there is still a ton of great information for everybody here on AppAddict in 2013.

----------------------------------------------

 

"A guide from way back in the day. I hope those of you that are
significant enough take it seriously. Before Hackulous finally went
stable for a while, we had various issues with anonymity including the
creator of this guide's identity being revealed. It's a bit old so some
stuff might need to be updated. Feel free to add something that you
think is important."

-TheSexyPenguin, 14 February 2013
 
How to Stay Anonymous on the Internet
[from the Hackulous forums]

A guide from your friendly

neighborhood Kyek


Why are you writing this guide, Kyek?


Recently, some unknown newcomers to our scene have posted propaganda to our

forums, claiming to be hackers who can get into Apple's E-mail, claiming to

work for Apple, or a multitude of other things. Some of these people I've been

able to very pointedly disprove, but others.. well, it's anyone's guess as to

whether they're telling the truth or not. Most likely, they're just pissed-off

developers who spent 15 minutes on google digging up a little dirt, and want to

scare everyone away.



The problem is, two of these posters have been able to find the real names of

two of our crackers, and because of this many crackers are running off

screaming, claiming they'll never crack another app. This drives me nuts,

because that's exactly what these people want. And so, I'm writing this guide

to give tips on how to protect yourself in our scene, showing you how to make

it near-impossibly hard for anyone to figure out who you are in real life.


How this guide works


There are always extra layers of security you can add, giving yourself more and

more protections. So, I'll be describing things in terms of "levels".

"Level 1" is the most basic stuff you can do, Level 2 is what you can

do if you're not satisfied with the little bit of protection level 1 gives,

Level 3 is what you can do to protect yourself even more, etc. Just keep going

until you're comfortable


Let's begin!


LEVEL 1: This isn't MySpace

What: Take the precautions

necessary to make sure that YOU aren't giving yourself away.


Why: It might seem harmless to

post a picture of yourself, or even more harmless to post one where you're

blurry or masked in some way. But even the most vague picture can give an

internet detective your general build, which can go a LONG way to figuring out

who you are -- or more importantly, which of their suspects isn't you.


How: Just be smart. In this environment,

it's easy to get comfortable and trust people, but just don't do it. Anyone can

be whoever they want on the internet -- even the Hackulo.us staff will attest

that I don't give them any hard information about myself. DON'T post pictures,

DON'T give out your iTunes info so other people can crack your apps, DON'T even

tell cute personal anecdotes about this one thing that happened to you when you

were little. If someone trying to figure out who you are has it narrowed down

to a handful of people, finding out which ones were hit by a car when they were

8 (assuming you told a story like that) is pretty trivial.


LEVEL 2: Use a new identity

What: Create a new identity not

linked to you or any of your other internet handles in any way.


Why: Three total people in our

scene have had their real names and other information discovered, and ALL

SOMEONE HAD TO DO TO GET IT is use Google. All it takes is ONE reference

somewhere on the internet -- even if that reference has since been deleted (you

can view webpages from previous dates, remember) -- linking your handle to your

real name, or another E-mail address, or ANYTHING, and your real info can be

found. You need something new.


How: The first step is to

choose a new username. Here are some good guidelines:


  • Something

    not related to you in any way. If you're into track at your high school,

    trackstar89 is a really shitty choice. Anything containing your

    first, middle, or last name is also a HORRIBLE choice.
  • Something

    that is NOT completely unique -- you want a name that other people have

    used before. If you're good, you'll choose one that only a few other

    people have used so there's not much chance of anyone else in this scene

    having that name.
  • Something

    WITHOUT NUMBERS. Even if the numbers mean nothing to YOU, they make the

    name more unique and can be used to rule out other people -- letting

    people find you by process of elimination. Just stay away from numbers.
  • Do

    not use crazy capitalization. You might think bAJiNGO or BajingO is cool,

    and maybe other people call themselves Bajingo on other forums, but

    finding one with the exact same capitalization is a dead giveaway.
  • Something

    that turns up other results in Google. Whether it be someone else's last

    name, a common noun ("Ovenmitt", "Hothands",

    "Bellybutton"), or something else, don't let your new username

    be the only thing that comes up in google search results.

Using me as an example, Kyek has nothing to do with who I am, at least five

other people on the internet use it, it has no numbers, it's a real last name

so it turns up on Google, and "Kyek Pa" is the name of the

board-breaking test in various forms of martial arts, so that comes up in

google too.



LEVEL 3: Get separate accounts for your new identity

What: Get a new E-mail address,

paypal account, or anything else you need for your new identity



Why: Remember what I said

earlier? All it takes is ONE association of your new identity to something else

real to give you away. The second you use your real E-mail with your new

identity, you're in danger.


How: This one's pretty

self-explanatory. Choose an online webmail provider that keeps your information

as anonymous as possible and doesn't link your account to anything real. I

highly recommend Gmail, as long as you do not give Gmail a secondary

E-mail address when you sign up
. Once you have your new E-mail, use it

to register for websites you'll be using with this identity. Appulous,

Hackulous, any other iPhone forum, Paypal.. If you have your own iPhone site

under your new identity but you pay for it with your real credit card or paypal

account, you are not smart biggrin.png. Remember, NOTHING associated with your

scene identity can be used for anything other than that one identity!



LEVEL 4: Dedicate a new web browser to your identity

What: Get a new web browser

that you use ONLY for things associated with your new identity.


Why: Because logging out of a

website with one account then logging in with a different one links the two

identities. If I can tell when you do it on Appulous or Hackulous, Google,

Yahoo, paypal, or any other site will CERTAINLY know about it. Also, some sites

require cookies -- but will use those cookies to track who you are whether

you're logged in or not. The only way to keep your new identity completely

separate is to give it its own web browser.


How: Simple! Download a browser

different from what you use normally -- If you're addicted to Firefox, get

Flock. It's based off of Firefox and can run almost all Firefox extensions.

Other great choices are Safari, Chrome, or Opera. Just make sure you ONLY use

this browser for your secret identity, and NOTHING else!

MONGOLO'S TIP - YOU CAN USE A PORTABLE VERSION OF YOUR FAVORITE BROSWER TO HAVE TWO INSTANCES OF YOU FAVORITE BROSWER!

 

LEVEL 5: Use a proxy

What: Get a base level of

anonymity so that your real IP address isn't shown (even to admins) when you go

to a website.


Why: All websites,

with very little exception, log your IP address and your connection time when

you visit a site. This includes every link you click on the site, every post

you make, etc. This information can be subpoenaed by the court, meaning if

someone REALLY wants to find you, they can -- no questions asked. The least you

can do to protect against this is use a proxy so that the IP that shows up

isn't yours.


How: There are a few different

kinds of proxies. Many of you are familiar with the kind you go to with your

web browser, type in the address of another site, and your target site loads

through their proxy page. Not all of these are anonymous, but they're enough to

get the job done if all you're after is a basic level of security. Another kind

is an IP address that you physically enter into your web browser's settings, so

that any page you go to normally will be loaded through it. These are much

better, but harder to find.



You can find many of those two kinds of Proxies listed on Proxy.org. But don't

be pulled into a false sense of security here -- if someone really really wants

to find you, they can go back to the proxy you used and demand to know who was

using their service through that IP address at a certain time. Not all proxies

keep these logs, but those that do can burn you.



LEVEL 6: TOR

What: Taking the idea of

proxying to a new level, TOR can be used to anonymize your internet connection


Why: Online proxies work, but

they're not reliable and there's no guarantee that they're actually anonymous.

Some even share your real IP address with your destination site anyway! The

easiest (and most free) way to make sure you're anonymous is to use TOR -- a

network of computers that bounce your connection around and make it nearly

impossible to trace it back to you.


How: TOR is a free service,

though please consider donating if you use it. Go to http://torproject.org

and if you know what's good for you, take the time to read about TOR

and how it works
because just installing the Mac or Windows client

isn't enough to protect you. You have to make sure it's connected and reroute

your browser to connect to sites THROUGH it, and you need to disable certain

flash and javascript that's capable of finding your real IP address anyway. The

downfall of TOR is that it can be slow, so casual browsing with it on can be a

bit of a pain. Most sites (like forums) only log your IP address when you post

something, though, so you can turn TOR on when you want to post and keep it off

otherwise. Most other proxies can't be used while you're using TOR, but that's

ok -- TOR is better. Use other proxies for casual browsing, if you can.



LEVEL 7: Anonymous VPN

What: Run your entire internet

connection through an encrypted pipe to another computer that doesn't log your

connections. If this sounds confusing, it's not -- read on


Why: As incredible as TOR is,

it's slow and has a few vulnerabilities. For real anonymity, you run it through

a VPN. VPN stands for "Virtual Private Network" and it's nowhere NEAR

as complicated as it might sound at first. When your computer connects to a

VPN, it's opening a highly-secure connection with a server (everything that

passes between you and it gets encrypted), and that server agrees to handle all

your internet traffic for you. So when you go to a website, your web request

gets encrypted, sent to this other server somewhere in the world, and that

other server gets the website, encrypts it, and sends it back to your browser.

It's completely transparent -- meaning, it works 100% behind the scenes and you

wouldn't even know you're running one.. except when you go to

whatismyipaddress.com, it tells you you're living somewhere very far from where

you actually are, and the IP address it shows you is not yours ;-)


Be careful, though: Most VPNs log EVERYTHING. If Apple tells a

VPN that a certain IP address at a certain time has been engaged in copyright

infringement, chances are that VPN will look into their logs and tell them

exactly who you are. What you need is a VPN that DOESN'T log their connections,

so not even a court order can turn up your identity.


How: The process is very easy,

but the down side is that there are no truly anonymous VPN providers that are

free. BUT, some are as cheap as just a couple bucks a month, so as long as you

can get that, you're in business. Just google "anonymous VPN" and

start searching for good ones to use, and ALWAYS remember to check for recent

reviews to make sure you won't get cheated. For example, Relakks.com used to be

fantastic in its day, but it only works for about 20% of its paid users now and

there's basically no support for it. Just remember: you can never be

100% sure that the VPN isn't logging your connection, though, so use TOR

*THROUGH* your VPN connection for sensitive tasks!



Another great thing about VPNs: Your iPod/iPhone can use them!

It *is* technically possible for a program to be able to tell when it's being

cracked (by detecting when it's being launched by a debugger) and then

reporting back to the author's website -- so being on an anonymous VPN protects

against that too! Though, for those of you who can't get a VPN, just

disconnecting from Wifi and letting it make that call over Edge or 3G is better

than nothing. No, turning on airplane mode won't help, because it can just save

the call for the next time you have internet access.


We recommend: http://www.perfect-privacy.com/



LEVEL 8: Don't use your own internet

What: Piggyback off of a

neighbor's wireless, or even better, take a laptop to a cafe or fast food

restaurant with free wi-fi.


Why: Your connections can never

be traced back to your home internet connection if you're not using your home

internet connection!


How: Obvious level is obvious!

Stealing your neighbor's internet isn't usually a great way to go (after all,

if it ever gets to the point where police are coming for you, you're bringing

them right next door.. that sucks for you), but it's better than using your

own. Even better is going to a McDonalds, Panera Bread, local hotel lobby,

local coffee shop, Starbucks, or a library. It might not be convenient, but

it's dang hard to beat. I don't recommend this without a VPN, though. Even a

free, non-anonymous VPN like http://www.anchorfree.com/ in these areas is fine --

just something that can stop people from snooping your connection. And

remember, that VPN can be used on your iPhone too!



That's all folks!



So stop being scared, stop running away, and realize that all you need to do is

use your brain a little to protect yourself. Even just getting as far as level

1 would be an improvement for most of our active members, and getting up

through level 4 will give the common user MORE than enough protection -- and it

only takes 10 minutes to do!



Have you already messed up and used your favorite I-use-this-name-everywhere

internet handle here? Then it's not too late! Just start over with a new name

and don't tell ANYONE, not even your internet "friends" here that

you've never met in real life, what your old name was or what you did. Then you

can take part in our great scene again, but with the security of knowing how

hard it is to find you now.



Cheers, and be safe in 2009! (2013 wink.png )

Kyek

 

-----------------------------------------------------------

[all credit goes to Kyek] [thanks to TheSexyPenguin] [Posted by MONGOLO to AppAddict April 2013]


  • iChr0niX, Kalenji, Gizzell and 1 other like this







Also tagged with one or more of these keywords: anonymous, vpn, proxy, security, ip address, tor

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users