An updated guide to internet privacy and anonymity

Welcome to my domain

Internet privacy, anonymity, and you.

Rule 1: There is no such thing as being fully anonymous. Privacy and anonymity are not the same thing.
Rule 2: Know your threat level
Rule 3: Dont drive yourself crazy

Intro: My background is IT. I hobby in privacy and anonymity. I have used just about privacy/anonymity tool out there. I am by no means an expert, but would say I have enough understanding to help the users of this community. I will keep this as short and sweet as possible. It will require basic understanding of networking and computer technology. I'm going to be providing high level overview, then answer questions as needed to specifics.

Step 1: Understand that by using the internet nothing is truly anonymous. There are ways to completely or nearly completely mask yourself but would require such measures as to be useless to 99.99% of people.

Step 2: Know anonymity is the state of being unidentified to others. Privacy is the state of controlling who sees your information.

Step 3: Realize how far you're willing to go to protect your mask. Are you willing to only use the internet from public places and never mix up your online identities? Do you require such a level of protection?

Ok now that is out of the way lets get deeper into it.

VPN: Useless. Almost no company (which is actually your largest threat) tracks by IP anymore. They change too frequently and are poor identifiers. With that said it IS still an identifier. So while i say its useless realize I say that to get you to understand its not the catch all you might think. I still recommend masking your IP with VPN or proxy.

However where this becomes more important is seeing your data. Pick who you want to see your data. Your ISP or your VPN provider. This will come down to who you trust more with your data as this is the true advantage of using a VPN. By using a VPN your ISP who can and does regularly snoop on your traffic cant see it. But this does mean your VPN provider now can see your data. To be clear neither can see any data if your connection is encrypted between you and the website. See the little lock icon on your browser near the url up top? That means your connection is encrypted. The only thing they can see is the time/date and url of the website your visited. But trust me thats enough sometimes.

TOR: Great if used correctly. Just as bad as, if not much worse than, the clearnet if not. TOR is an anonymity tool. Meaning its used to hide your identity but will not do so you if you don't use it correctly. There is way too much to cover in short detail here but the basics are if you use TOR, dont use any website, service, or client that you would normally use on the clearnet. You MUST keep the two separate from one another.

Encrypted email: Probably the number thing you can do to help yourself is get an email provider that allows you to PGP encrypt your emails. For the purpose of ease of use and ability to just hop in and start using it a provider like Protonmail is good to go. They cant see your email body even if they wanted to, and cannot give that over to law enforcement. What they CAN SEE and can/do give over to law enforcement is the time it was sent, who it was sent to, and the subject line. This is true of every encrypted email provider.

Bitcoin: Likely everyone already knows this but bitcoin or really any cryptocurrency is not anonymous. There are ways to cover your tracks but honestly this is not my forte. I can say like everything else related to anonymity, it depends on how well you use it. It also depends on your threat level. Do you really stand out amongst the bigger fish?

Disclaimer: I don't condone using this guide or information contained within for use for illegal acts. All discussions are theoretical and hypothetical. Any direct discussion of or examples I give in relation to said possible illegal activity is for educational purposes only.

I will leave you with this, to help shock you into realizing how easy it is to be identified, what email address did you use when signing up to this forum? If you used the same email you use for everything else congratulations, you just doxxed yourself. At least to the admins to this website and any protentional 'hacker' that cracks the security of this forum.

Please feel free to ask more direct questions so I can help get you on the right track.
 
'Quickstart' Guide:

*disclaimer I recommend a lot of proton services because I trust them in so far as they provide good services that are fairly user blind*

Get a email forwarder service like simplelogin. This will mask your real email address. Great for signing up for services and websites and not exposing your identity and login credentials. You MUST generate a new email address AND password for each website/service you sign up for or its useless.

Get a privacy oriented email provider and have this new email address be the one your email forwarder above sends all your emails. Notice I said privacy oriented not anonymity oriented. Because if its a paid service you generally have to give up your real information to pay. There are some services out there that accept crpyto in a manor that keeps anonymity intact.

Get a password manager. Trust me youre going to need it. Bitwarden is one of the best IMO as you can chose to host in the cloud or locally. Locally is far more secure, but far less convenient. Personally I use the cloud.

Get a VPN provider you 'trust' knowing none of them can be trusted. Also know that if the website you're using is encrypted that cant see what you do on the website itself, but can see you were there and at what times. This is important because meta data can be gathered and used against you. But if you use an offshore based VPN it can under certain scenarios protect you against authorities having the ability to get that data. Unlike your ISP which must comply with US Federal law.

Honestly these three things alone will cover 99.9% of people to cover themselves to a degree which is reasonable protection. Not against law enforcement mind you, if youre being targeted specifically. But will protect against mass netting, and reasonably prevent someone from being able to easily identify you. If you practice good OPSEC.
 
Secure comms

Signal or element chat

Signal: E2E (end to end encrypted) chat. Neither the company nor anyone else can read the contents of the messages if you're sending messages to someone else also using signal.

Element chat: P2P & E2E group chat. It's both peer to peer and end to end encrypted. Meaning there is no central server. No singular point of failure. Downside is it's slow to update messages.
 
What's your opinion on Mullvad VPN? It's the only one that accepts cash in mail for payment, has a no logs policy too.
 
What's your opinion on Mullvad VPN? It's the only one that accepts cash in mail for payment, has a no logs policy too.

As far as I know they are good to go. Unless something has happened recently I am not aware of. Always check with Google for any related news to any provider you use once in a while to make sure.

But yeah their pay model is impeccable for anonymity.

As far as logs. Literally every single VPN provider has logs I don't care what they say. They may be limited in what data is collected. And it may be only kept for a short time. But they ALL have logs.

But realize logs do not mean they know exactly what you're doing. Any site or service you connect to that is encrypted between you and their servers is likely protected. The only data they can collect is time/date and which site you went to.
 
Mullvad has a browser now.
Maybe but I would trust something like icefox far more. To be fair I have not looked into but almost every new browser is either based of Firefox or chrome. And by based off I mean runs the same engine. They are basically just reskinned.
 
Mullvad is the only vpn to get a recommendation from thatoneprivacyguy - this was years back but nothing that I know of has changed. They are a 15 eyes country though, which is why they have no logs except for your account number. So if you use monero or cash, nothing could be tied back to you from the vpn. Another good one is OVPN.

Protonmail is not secure they’ve been caught handing data over to governments before . But they’re the most known that we can all agree on. Skiff is more secure for email.

Mullvad browser was just released and it is almost as good as tor for the clear net. Regardless of what browser you use, you’d reduce your risk 99.9% by disabling Java at all times. This breaks a lot of websites though. And remember to always run your browsers in safest mode.
 
Mullvad is the only vpn to get a recommendation from thatoneprivacyguy - this was years back but nothing that I know of has changed. They are a 15 eyes country though, which is why they have no logs except for your account number. So if you use monero or cash, nothing could be tied back to you from the vpn. Another good one is OVPN.

Protonmail is not secure they’ve been caught handing data over to governments before . But they’re the most known that we can all agree on. Skiff is more secure for email.

Mullvad browser was just released and it is almost as good as tor for the clear net. Regardless of what browser you use, you’d reduce your risk 99.9% by disabling Java at all times. This breaks a lot of websites though. And remember to always run your browsers in safest mode.
Look further into the protonmail situation. The only thing they handed over was the timestamps and subject lines. Don't parrot fake news articles. Every email provider is subject to someone's laws.
Would using AVG VPN be ok as long as you pay anonymously using a prepaid VISA card and provide fake details?
Don't know never heard of them. If that's from the same antivirus company fuuuuuck no.
 
Look further into the protonmail situation. The only thing they handed over was the timestamps and subject lines. Don't parrot fake news articles. Every email provider is subject to someone's laws.

Don't know never heard of them. If that's from the same antivirus company fuuuuuck no.
Yeah it's from the same company.
I don't see how it's much different to other VPNs if you pay anonymously.
Which antivirus do you recommend for your computer, if any?
 
Yeah it's from the same company.
I don't see how it's much different to other VPNs if you pay anonymously.
Which antivirus do you recommend for your computer, if any?
Linux lulz. Be honestly default Windows is fine. And you maybe paying the VPN annon but they can see all your traffic that isn't encrypted and they will be able to fingerprint you.
 
Linux lulz. Be honestly default Windows is fine. And you maybe paying the VPN annon but they can see all your traffic that isn't encrypted and they will be able to fingerprint you.
Guyfawkes, in order to sound credible you’re gonna have to be honest about protonmails history - this is as bad as it can get:


This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist's IP address and browser fingerprint to Swiss authorities. This move seemingly ran counter to the well-known service's policies, which as recently as last week stated that "by default, we do not keep any IP logs which can be linked to your anonymous email account."

After providing the activist's metadata to Swiss authorities, ProtonMail removed the section that had promised no IP logs, replacing it with one saying, "ProtonMail is email that respects privacy and puts people (not advertisers) first."



That was sept of 2021. The activist was subsequently arrested. Protonmail guaranteed no log of IP address and made numerous advertisements regarding privacy. This turned out to be completely false.

Which brings us back to your credibility - this is common knowledge in the infosec, tech, and IT worlds writ large. But you downplayed it and only specified time stamps and subject lines while waving off my assertion as fake news.

Was this a genuine mistake?
 
Last edited:
Guyfawkes, in order to sound credible you’re gonna have to be honest about protonmails history - this is as bad as it can get:


This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist's IP address and browser fingerprint to Swiss authorities. This move seemingly ran counter to the well-known service's policies, which as recently as last week stated that "by default, we do not keep any IP logs which can be linked to your anonymous email account."

After providing the activist's metadata to Swiss authorities, ProtonMail removed the section that had promised no IP logs, replacing it with one saying, "ProtonMail is email that respects privacy and puts people (not advertisers) first."



That was sept of 2021. The activist was subsequently arrested. Protonmail guaranteed no log of IP address and made numerous advertisements regarding privacy. This turned out to be completely false.

Which brings us back to your credibility - this is common knowledge in the infosec, tech, and IT worlds writ large. But you downplayed it and only specified time stamps and subject lines while waving off my assertion as fake news.

Was this a genuine mistake?
Yeah you're correct I had forgotten the exact details of what was turned over. However I still don't personally hesitate to use them because I take precautions to prevent IP and browser fingerprint tracking.

But all hosts are compelled by their host countries laws. You will not find an email provider that truly offers actual no logs of any kind due to the nature of servers and IT infrastructure. No matter what is advertised.

Again I would need to reread everything involving that case but as I recall he wasn't arrested directly because of that information, I believe he had also been posting in the clear other stuff and made some really stupid opsec mistakes. Not that excuses protonmail. Does it sour their reputation? Yep. But they are tried over years and if this is their biggest scandal I'm ok with it. Also considering and taking I to account law enforcement is not the only way your info gets out, and as far as I am aware they do not sell data or have had any data breeches.

So no in my opinion it's not nearly as bad as it can get.
 
Your intel chip collects and transmits everything before you're on the internet, dude.

I'm so tired of listening to ppl that think they know what they're talking about, talk or, type.
 
Your intel chip collects and transmits everything before you're on the internet, dude.

I'm so tired of listening to ppl that think they know what they're talking about, talk or, type.
I'm well aware of the ME engine and there is no proof yet it actually does that. So right back at you.
 
Welcome to my domain

Internet privacy, anonymity, and you.

Rule 1: There is no such thing as being fully anonymous. Privacy and anonymity are not the same thing.
Rule 2: Know your threat level
Rule 3: Dont drive yourself crazy

Intro: My background is IT. I hobby in privacy and anonymity. I have used just about privacy/anonymity tool out there. I am by no means an expert, but would say I have enough understanding to help the users of this community. I will keep this as short and sweet as possible. It will require basic understanding of networking and computer technology. I'm going to be providing high level overview, then answer questions as needed to specifics.

Step 1: Understand that by using the internet nothing is truly anonymous. There are ways to completely or nearly completely mask yourself but would require such measures as to be useless to 99.99% of people.

Step 2: Know anonymity is the state of being unidentified to others. Privacy is the state of controlling who sees your information.

Step 3: Realize how far you're willing to go to protect your mask. Are you willing to only use the internet from public places and never mix up your online identities? Do you require such a level of protection?

Ok now that is out of the way lets get deeper into it.

VPN: Useless. Almost no company (which is actually your largest threat) tracks by IP anymore. They change too frequently and are poor identifiers. With that said it IS still an identifier. So while i say its useless realize I say that to get you to understand its not the catch all you might think. I still recommend masking your IP with VPN or proxy.

However where this becomes more important is seeing your data. Pick who you want to see your data. Your ISP or your VPN provider. This will come down to who you trust more with your data as this is the true advantage of using a VPN. By using a VPN your ISP who can and does regularly snoop on your traffic cant see it. But this does mean your VPN provider now can see your data. To be clear neither can see any data if your connection is encrypted between you and the website. See the little lock icon on your browser near the url up top? That means your connection is encrypted. The only thing they can see is the time/date and url of the website your visited. But trust me thats enough sometimes.

TOR: Great if used correctly. Just as bad as, if not much worse than, the clearnet if not. TOR is an anonymity tool. Meaning its used to hide your identity but will not do so you if you don't use it correctly. There is way too much to cover in short detail here but the basics are if you use TOR, dont use any website, service, or client that you would normally use on the clearnet. You MUST keep the two separate from one another.

Encrypted email: Probably the number thing you can do to help yourself is get an email provider that allows you to PGP encrypt your emails. For the purpose of ease of use and ability to just hop in and start using it a provider like Protonmail is good to go. They cant see your email body even if they wanted to, and cannot give that over to law enforcement. What they CAN SEE and can/do give over to law enforcement is the time it was sent, who it was sent to, and the subject line. This is true of every encrypted email provider.

Bitcoin: Likely everyone already knows this but bitcoin or really any cryptocurrency is not anonymous. There are ways to cover your tracks but honestly this is not my forte. I can say like everything else related to anonymity, it depends on how well you use it. It also depends on your threat level. Do you really stand out amongst the bigger fish?

Disclaimer: I don't condone using this guide or information contained within for use for illegal acts. All discussions are theoretical and hypothetical. Any direct discussion of or examples I give in relation to said possible illegal activity is for educational purposes only.

I will leave you with this, to help shock you into realizing how easy it is to be identified, what email address did you use when signing up to this forum? If you used the same email you use for everything else congratulations, you just doxxed yourself. At least to the admins to this website and any protentional 'hacker' that cracks the security of this forum.

Please feel free to ask more direct questions so I can help get you on the right track.
This aint my main email but how does the doxxing yourself part works if i use my main email
 
'Quickstart' Guide:

*disclaimer I recommend a lot of proton services because I trust them in so far as they provide good services that are fairly user blind*

Get a email forwarder service like simplelogin. This will mask your real email address. Great for signing up for services and websites and not exposing your identity and login credentials. You MUST generate a new email address AND password for each website/service you sign up for or its useless.

Get a privacy oriented email provider and have this new email address be the one your email forwarder above sends all your emails. Notice I said privacy oriented not anonymity oriented. Because if its a paid service you generally have to give up your real information to pay. There are some services out there that accept crpyto in a manor that keeps anonymity intact.

Get a password manager. Trust me youre going to need it. Bitwarden is one of the best IMO as you can chose to host in the cloud or locally. Locally is far more secure, but far less convenient. Personally I use the cloud.

Get a VPN provider you 'trust' knowing none of them can be trusted. Also know that if the website you're using is encrypted that cant see what you do on the website itself, but can see you were there and at what times. This is important because meta data can be gathered and used against you. But if you use an offshore based VPN it can under certain scenarios protect you against authorities having the ability to get that data. Unlike your ISP which must comply with US Federal law.

Honestly these three things alone will cover 99.9% of people to cover themselves to a degree which is reasonable protection. Not against law enforcement mind you, if youre being targeted specifically. But will protect against mass netting, and reasonably prevent someone from being able to easily identify you. If you practice good OPSEC.
And also What good is a VPN if the ISP can still know you cause of the datas and stuff,,,
 

Sponsors

Latest posts

Back
Top