this was posted by TheSexyPenguin on another website, it was originally written by Kyek for the Hackulous forums back in 2009, there is still a ton of great information for everybody here on AppAddict in 2013.
"A guide from way back in the day. I hope those of you that are
significant enough take it seriously. Before Hackulous finally went
stable for a while, we had various issues with anonymity including the
creator of this guide's identity being revealed. It's a bit old so some
stuff might need to be updated. Feel free to add something that you
think is important."
-TheSexyPenguin, 14 February 2013
How to Stay Anonymous on the Internet
[from the Hackulous forums]
A guide from your friendly
Why are you writing this guide, Kyek?
Recently, some unknown newcomers to our scene have posted propaganda to our
forums, claiming to be hackers who can get into Apple's E-mail, claiming to
work for Apple, or a multitude of other things. Some of these people I've been
able to very pointedly disprove, but others.. well, it's anyone's guess as to
whether they're telling the truth or not. Most likely, they're just pissed-off
developers who spent 15 minutes on google digging up a little dirt, and want to
scare everyone away.
The problem is, two of these posters have been able to find the real names of
two of our crackers, and because of this many crackers are running off
screaming, claiming they'll never crack another app. This drives me nuts,
because that's exactly what these people want. And so, I'm writing this guide
to give tips on how to protect yourself in our scene, showing you how to make
it near-impossibly hard for anyone to figure out who you are in real life.
How this guide works
There are always extra layers of security you can add, giving yourself more and
more protections. So, I'll be describing things in terms of "levels".
"Level 1" is the most basic stuff you can do, Level 2 is what you can
do if you're not satisfied with the little bit of protection level 1 gives,
Level 3 is what you can do to protect yourself even more, etc. Just keep going
until you're comfortable
LEVEL 1: This isn't MySpace
What: Take the precautions
necessary to make sure that YOU aren't giving yourself away.
Why: It might seem harmless to
post a picture of yourself, or even more harmless to post one where you're
blurry or masked in some way. But even the most vague picture can give an
internet detective your general build, which can go a LONG way to figuring out
who you are -- or more importantly, which of their suspects isn't you.
How: Just be smart. In this environment,
it's easy to get comfortable and trust people, but just don't do it. Anyone can
be whoever they want on the internet -- even the Hackulo.us staff will attest
that I don't give them any hard information about myself. DON'T post pictures,
DON'T give out your iTunes info so other people can crack your apps, DON'T even
tell cute personal anecdotes about this one thing that happened to you when you
were little. If someone trying to figure out who you are has it narrowed down
to a handful of people, finding out which ones were hit by a car when they were
8 (assuming you told a story like that) is pretty trivial.
LEVEL 2: Use a new identity
What: Create a new identity not
linked to you or any of your other internet handles in any way.
Why: Three total people in our
scene have had their real names and other information discovered, and ALL
SOMEONE HAD TO DO TO GET IT is use Google. All it takes is ONE reference
somewhere on the internet -- even if that reference has since been deleted (you
can view webpages from previous dates, remember) -- linking your handle to your
real name, or another E-mail address, or ANYTHING, and your real info can be
found. You need something new.
How: The first step is to
choose a new username. Here are some good guidelines:
not related to you in any way. If you're into track at your high school,
trackstar89 is a really shitty choice. Anything containing your
first, middle, or last name is also a HORRIBLE choice.
that is NOT completely unique -- you want a name that other people have
used before. If you're good, you'll choose one that only a few other
people have used so there's not much chance of anyone else in this scene
having that name.
WITHOUT NUMBERS. Even if the numbers mean nothing to YOU, they make the
name more unique and can be used to rule out other people -- letting
people find you by process of elimination. Just stay away from numbers.
not use crazy capitalization. You might think bAJiNGO or BajingO is cool,
and maybe other people call themselves Bajingo on other forums, but
finding one with the exact same capitalization is a dead giveaway.
that turns up other results in Google. Whether it be someone else's last
name, a common noun ("Ovenmitt", "Hothands",
"Bellybutton"), or something else, don't let your new username
be the only thing that comes up in google search results.
Using me as an example, Kyek has nothing to do with who I am, at least five
other people on the internet use it, it has no numbers, it's a real last name
so it turns up on Google, and "Kyek Pa" is the name of the
board-breaking test in various forms of martial arts, so that comes up in
LEVEL 3: Get separate accounts for your new identity
What: Get a new E-mail address,
paypal account, or anything else you need for your new identity
Why: Remember what I said
earlier? All it takes is ONE association of your new identity to something else
real to give you away. The second you use your real E-mail with your new
identity, you're in danger.
How: This one's pretty
self-explanatory. Choose an online webmail provider that keeps your information
as anonymous as possible and doesn't link your account to anything real. I
highly recommend Gmail, as long as you do not give Gmail a secondary
E-mail address when you sign up. Once you have your new E-mail, use it
to register for websites you'll be using with this identity. Appulous,
Hackulous, any other iPhone forum, Paypal.. If you have your own iPhone site
under your new identity but you pay for it with your real credit card or paypal
account, you are not smart . Remember, NOTHING associated with your
scene identity can be used for anything other than that one identity!
LEVEL 4: Dedicate a new web browser to your identity
What: Get a new web browser
that you use ONLY for things associated with your new identity.
Why: Because logging out of a
website with one account then logging in with a different one links the two
identities. If I can tell when you do it on Appulous or Hackulous, Google,
Yahoo, paypal, or any other site will CERTAINLY know about it. Also, some sites
require cookies -- but will use those cookies to track who you are whether
you're logged in or not. The only way to keep your new identity completely
separate is to give it its own web browser.
How: Simple! Download a browser
different from what you use normally -- If you're addicted to Firefox, get
Flock. It's based off of Firefox and can run almost all Firefox extensions.
Other great choices are Safari, Chrome, or Opera. Just make sure you ONLY use
this browser for your secret identity, and NOTHING else!
MONGOLO'S TIP - YOU CAN USE A PORTABLE VERSION OF YOUR FAVORITE BROSWER TO HAVE TWO INSTANCES OF YOU FAVORITE BROSWER!
LEVEL 5: Use a proxy
What: Get a base level of
anonymity so that your real IP address isn't shown (even to admins) when you go
to a website.
Why: All websites,
with very little exception, log your IP address and your connection time when
you visit a site. This includes every link you click on the site, every post
you make, etc. This information can be subpoenaed by the court, meaning if
someone REALLY wants to find you, they can -- no questions asked. The least you
can do to protect against this is use a proxy so that the IP that shows up
How: There are a few different
kinds of proxies. Many of you are familiar with the kind you go to with your
web browser, type in the address of another site, and your target site loads
through their proxy page. Not all of these are anonymous, but they're enough to
get the job done if all you're after is a basic level of security. Another kind
is an IP address that you physically enter into your web browser's settings, so
that any page you go to normally will be loaded through it. These are much
better, but harder to find.
You can find many of those two kinds of Proxies listed on Proxy.org. But don't
be pulled into a false sense of security here -- if someone really really wants
to find you, they can go back to the proxy you used and demand to know who was
using their service through that IP address at a certain time. Not all proxies
keep these logs, but those that do can burn you.
LEVEL 6: TOR
What: Taking the idea of
proxying to a new level, TOR can be used to anonymize your internet connection
Why: Online proxies work, but
they're not reliable and there's no guarantee that they're actually anonymous.
Some even share your real IP address with your destination site anyway! The
easiest (and most free) way to make sure you're anonymous is to use TOR -- a
network of computers that bounce your connection around and make it nearly
impossible to trace it back to you.
How: TOR is a free service,
though please consider donating if you use it. Go to http://torproject.org
and if you know what's good for you, take the time to read about TOR
and how it works because just installing the Mac or Windows client
isn't enough to protect you. You have to make sure it's connected and reroute
your browser to connect to sites THROUGH it, and you need to disable certain
downfall of TOR is that it can be slow, so casual browsing with it on can be a
bit of a pain. Most sites (like forums) only log your IP address when you post
something, though, so you can turn TOR on when you want to post and keep it off
otherwise. Most other proxies can't be used while you're using TOR, but that's
ok -- TOR is better. Use other proxies for casual browsing, if you can.
LEVEL 7: Anonymous VPN
What: Run your entire internet
connection through an encrypted pipe to another computer that doesn't log your
connections. If this sounds confusing, it's not -- read on
Why: As incredible as TOR is,
it's slow and has a few vulnerabilities. For real anonymity, you run it through
a VPN. VPN stands for "Virtual Private Network" and it's nowhere NEAR
as complicated as it might sound at first. When your computer connects to a
VPN, it's opening a highly-secure connection with a server (everything that
passes between you and it gets encrypted), and that server agrees to handle all
your internet traffic for you. So when you go to a website, your web request
gets encrypted, sent to this other server somewhere in the world, and that
other server gets the website, encrypts it, and sends it back to your browser.
It's completely transparent -- meaning, it works 100% behind the scenes and you
wouldn't even know you're running one.. except when you go to
whatismyipaddress.com, it tells you you're living somewhere very far from where
you actually are, and the IP address it shows you is not yours ;-)
Be careful, though: Most VPNs log EVERYTHING. If Apple tells a
VPN that a certain IP address at a certain time has been engaged in copyright
infringement, chances are that VPN will look into their logs and tell them
exactly who you are. What you need is a VPN that DOESN'T log their connections,
so not even a court order can turn up your identity.
How: The process is very easy,
but the down side is that there are no truly anonymous VPN providers that are
free. BUT, some are as cheap as just a couple bucks a month, so as long as you
can get that, you're in business. Just google "anonymous VPN" and
start searching for good ones to use, and ALWAYS remember to check for recent
reviews to make sure you won't get cheated. For example, Relakks.com used to be
fantastic in its day, but it only works for about 20% of its paid users now and
there's basically no support for it. Just remember: you can never be
100% sure that the VPN isn't logging your connection, though, so use TOR
*THROUGH* your VPN connection for sensitive tasks!
Another great thing about VPNs: Your iPod/iPhone can use them!
It *is* technically possible for a program to be able to tell when it's being
cracked (by detecting when it's being launched by a debugger) and then
reporting back to the author's website -- so being on an anonymous VPN protects
against that too! Though, for those of you who can't get a VPN, just
disconnecting from Wifi and letting it make that call over Edge or 3G is better
than nothing. No, turning on airplane mode won't help, because it can just save
the call for the next time you have internet access.
We recommend: http://www.perfect-privacy.com/
LEVEL 8: Don't use your own internet
What: Piggyback off of a
neighbor's wireless, or even better, take a laptop to a cafe or fast food
restaurant with free wi-fi.
Why: Your connections can never
be traced back to your home internet connection if you're not using your home
How: Obvious level is obvious!
Stealing your neighbor's internet isn't usually a great way to go (after all,
if it ever gets to the point where police are coming for you, you're bringing
them right next door.. that sucks for you), but it's better than using your
own. Even better is going to a McDonalds, Panera Bread, local hotel lobby,
local coffee shop, Starbucks, or a library. It might not be convenient, but
it's dang hard to beat. I don't recommend this without a VPN, though. Even a
free, non-anonymous VPN like http://www.anchorfree.com/ in these areas is fine --
just something that can stop people from snooping your connection. And
remember, that VPN can be used on your iPhone too!
That's all folks!
So stop being scared, stop running away, and realize that all you need to do is
use your brain a little to protect yourself. Even just getting as far as level
1 would be an improvement for most of our active members, and getting up
through level 4 will give the common user MORE than enough protection -- and it
only takes 10 minutes to do!
Have you already messed up and used your favorite I-use-this-name-everywhere
internet handle here? Then it's not too late! Just start over with a new name
and don't tell ANYONE, not even your internet "friends" here that
you've never met in real life, what your old name was or what you did. Then you
can take part in our great scene again, but with the security of knowing how
hard it is to find you now.
Cheers, and be safe in 2009! (2013 )
[all credit goes to Kyek] [thanks to TheSexyPenguin] [Posted by MONGOLO to AppAddict April 2013]