Jump to content


Photo
- - - - -

Staying anonymous


  • Please log in to reply
2 replies to this topic

#1 sk3l1t0r

sk3l1t0r

    SCRiPT KiDDie

  • Members
  • 25 posts
  • Country:
  • Gender:Male
  • Location:San Diego, CA

Posted 11 January 2011 - 07:50 PM

Hello all, I know its important to stay anonymous whenever your online doing..whatever. I just want to discuss different ways to keep your identity hidden and lets say you might theoretically need to cover some tracks that you have made as well.

First off, i'm pretty new to programming and binrev itself but i have been doing as much research as possible. I found that http://www.the-cloak...rfing-home.html can hide your IP for free while you surf the web but i am unsure of how exactly this is done, it also is only good i think for an hour or so then you have to wait 6 hours before you can use it again... and im not paying for any service. I also disable alot of the web options in my tools tab on my browser (i.e. store history box, usage statistics to google, prefetching to load web pages, my location, bookmarks, auto fill, and everything on the share tab) i also delete everything in my browsing history (temp files, form data, etc..) but i know this is all basic stuff to do. I'm not too sure what i would need to do to be able to use proxies or even better proxy chain, so any discussion on this would be great insight to me.

http://www.anonymizer.com/ would be great if you didnt have to pay..paying also leads a paper trail right to you if FEDS look through your bank account.


http://www.inetpriva...proxy/index.htm looks ok as well but once agian these vampires want MONEY! i dont know much about them anyway so i will have to come back to this and investigate. website is put together poorly and looks pretty vulnerable..hhmm might have to play around here actually..but later.

http://mute-net.sour...kStartGuide.php looks like a good file sharing site to go through but im not too sure if having my computer as a node linked with thousands of others is such a good idea..im not too sure but sounds like i could get compromised. but they also do teach you the technical and legal aspect of what they are about. I love that they have a similar concept as Shawn Fanning except that they covered their tails.

As for covering tracks..i really have no idea. I just want to start a theory on what others would do. ok scenario: You are on a website and you just happen to be able to bruteforce your way in through the front door maybe by SQL injections or social engineering. So now your in and lets say its a retail site that sells downloadable software. Now that you control it you change prices to the software to make them free to download as soon as you press the button. You ofcourse dont download anything...at first anyway. whats done is done and you get out. how exactly would you cover your tracks so that you wouldnt get into any trouble later on for this? sorry if this was pretty bland but i really dont feel like typing out everyhing i would do to get into a web page and all the technicalities of this, like i said this is all theory... and plus.. thats alot of typing and i dont think you want to read that much nor do i want to type that much on the forum. also sorry if my knowledge isnt great, im new still.

Alright please type anything you have to say on these subject.

#2 phaedrus

phaedrus

    Gibson Hacker

  • Members
  • 90 posts
  • Gender:Male

Posted 12 January 2011 - 07:04 AM

I use a vpn for hop1 that I pay for vpn service with a offshore provider for simply to get my packets out of the local country and Im fully aware that I leave a paper trail for paying with it so it cannot be considered completely anonymous at that stage even though they do not log details of your connection. I mostly do this to avoid the local gov and isp peeking at my web browsing habits and places im reading research on rather than to block any completely illegal stuff. I do this because Im not too sure nowadays what constitutes illegal, is researching keys and tracking exploit lists considered ok? its simpler to just not expose yourself to the question. With regard to free, remember your trusting the privacy gateway to not be logging your stuff for their own purposes, mitm attacks, sniffing of logins etc. You'd be crazy to trust a "free" provider you found on google one day to just do the right thing with no bad intent, all out the goodness of their hearts.

After endpointing somewhere more torrent and privacy friendly, Im free to chain in multiple hops for proxy servers , use TOR, use a anonymous shell located somewhere unfriendly to the target machines juristiction, ssh tunnels etc. Or multiple/all of the above depending on how sensitive something I am researching is. The more hops the more latency but the more security, and useage of some of them will get them closed so they are an asset to be used sparingly at times. Anything can be traced with enough funds if you piss off enough people with enough money, its a question of making it so painful and requiring so much effort for each hop that the trace is only done for things which are above the level of what you perform down the tunnels.
I control my vpn chain from a dedicated machine which doesnt navigate externally at all, but maintains a firewall ruleset that only forwards from the local lan when the vpn's are established, the vpn goes down, the packets go to /dev/null that way there is no "ooops" moments when a tunnel falls over and the tools carry on regardless.

The browsing machine itself is seperate. I dont use the same machines for research as for forums etc so I can filter the traffic on source ip. So for example to come here Im ok with leaking my UA strings but on the research box its tied down to leak nothing and built from day 1 like this. No information in the gekos field of the users, odd usernames, encrypted drives, cookies from facebook etc. I dont use the same pseudonyms/email accounts or anything cross machine either.

The only one that really irks me for privacy is /b on 4chan, because the whole basis of 4chan and b/ is supposed to be anonymous, yet almost every known anon proxy out there is banned. Occasionally I want to comment or see something on there so I hunt down something they havent got in their blacklist but its a pain and usually within a day or two its in their blacklist once ive used it almost as if they see it in the logs and make a special point to add it to the blacklist. I have to ask myself, what is moot up to? the non anon anon board? what ulterior motive is going on behind the scenes???

I have to add Im not a bot herder, nor involved in any way with botnets. I imagine the above would work for a C&C network access too with additional obstifucation if that was your thing, but I like to sleep at night.

#3 Volt

Volt

    Will I break 10 posts?

  • Members
  • 2 posts
  • Country:
  • Gender:Male

Posted 05 February 2011 - 08:34 PM

The only one that really irks me for privacy is /b on 4chan, because the whole basis of 4chan and b/ is supposed to be anonymous, yet almost every known anon proxy out there is banned. Occasionally I want to comment or see something on there so I hunt down something they havent got in their blacklist but its a pain and usually within a day or two its in their blacklist once ive used it almost as if they see it in the logs and make a special point to add it to the blacklist. I have to ask myself, what is moot up to? the non anon anon board? what ulterior motive is going on behind the scenes???


I'm a month late, but I suspect that it's so that they can ban users by IP. How else could they handle rule-breaking? I'm guessing that they don't log activity because there's so much of it, but yeah, there's a window of when a thread is alive that you aren't *really* anonymous. Not sure how quickly threads die in /b/ since I almost never go there.

I would *love* to increase my anonymity online, but the hassle of treating each proxy endpoint as an adversary is so much. I accidentally went to eBay once over Tor while I was logged in to my account. No serious consequences, and I've since made sure I explicitly restricted the traffic that goes over proxies, but I still get nervous about what else I could be leaking.




BinRev is hosted by the great people at Lunarpages!