The Art of Anonymity ___________________________________________________________________________________________________ // None of that "I collaborated a bunch of sources I found online!" // This tutorial for educational purposes only ::In This Tutorial - Browser Security - Local Net Security - Encryption/Logs - Virtualization Software/liveUSB - IP Address ::What You Will Need - A brain - A computer - The ability to read - Wireshark (not absolutely necessary) - Linux. There's already plenty of Windows tutorials out there. ::Let's Get Started! First of all, I realize that there are already a few anonymity tutorials in our wonderful Anonymity section. However, I realized today that they are incredibly generic and are practically duplicates of the hundreds of other generic tutorials out there littering the net. So, I decided to write one that is a little bit more inclusive. I would also like to add that there is not one tutorial out there that will provide you with absolutely all the information you will need to be 100% anonymous. In fact, I don't think that you even can be 100% anonymous. Keep that in mind, and always be paranoid. ::Browser Security Chaining 35 proxies won't do you any good if you overlook other aspects of being anonymous. As far as I'm concerned there's a few keys points to browser security. User Agent: If you don't already know what this is then you should probably come back to this tutorial later in life. But just in case: "The term was coined in the early days of the Internet when users needed tool to help navigate the Internet. Back then, the Internet was (an actually still is) completely text-based, and to navigate the text, text commands needed to be typed into a keyboard. Soon tools were developed to be the users 'agent', acting on the user's behalf so that the user didn't have to understand the cryptic commands in order to retrieve information. Today, nearly everyone uses a web browser as their user agent." -http://whatsmyuseragent.com/WhatsAUserAgent Obviously this can be indentifying, specially if you have a rather unique one. In older versions of Firefox you were able to go into the about:config and permanently edit your user agent. I don't think you can do that now. So instead, I would recommend getting an add-on to take care of this. There are plenty of them, but my favorite one is Override User Agent because it seems to have the most choices. Everything from Safari to Opera to Internet Explorer to Mozilla to Mobile user agents. Shit, you can even make it appear as though you are a Google Bot. Too easy. You can do this in most major browsers and it will almost always come in the form of an add-on. Something that was brought to my attention by proxx is that a network admin could potentially discover that you are being dishonest about your user agent via the TTL values of the packets. TTL stands for 'Time to Live' and is responsible for limiting the number of hops of a packet. This prevents the packets from floating around for eternity to explain it in a mundane way. So, an example would be that you are using a Windows user agent and spoofed it to be a Linux user agent. It would be possible for the net admin to analyze the TTL value and determine that it was changed and when. A link provided by proxx might help to explain some of this: http://www.binbert.com/blog/2009/12/default-time-to-live-ttl-values/ It would be a safe bet to keep your windows user agents windows, and your linux user agents linux. You can easily spoof the TTL values in linux, perhaps using iptables. Referer Url: This one seems to be rather overlooked. This is an HTTP header field that can be used to track your path from page to page. This one is also a simple fix. At least in Firefox. All you have to do is, once again, go to the about:config and search for network.http.sendRefererHeader. Once you've found it just set it to a value of 0. That takes care of that. You can also use the add on RefControl. In Chrome you can check this out: https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin?hl=en If you are using Internet Explorer then..... Well then you should just go away. Cookies: Cookies are used to track your web activities. Don't think that just because you are using Tor you are safe from this. As usual there is a plethora of add-ons that you can use. You can also set your browser to not accept cookies from sites, however, you may find that you won't be able to access certain sites if you do this. At least make sure that you remove cookies when you are done with you session. This can be done in Firefox > Prefs > Privacy > Show Cookies > Remove All Cookies. Obviously that's for firefox. In Chrome I think it's something like, Chrome > Tools > Clear Browsing Data. For Opera it would be Settings > Preferences > Advanced > Cookies. For those of you who don't know there is such a thing as long-term cookies. Otherwise known as LSO's(Local Shared Objects). These are flash cookies. As far as I know they aren't removed when you do the cookie removing steps I mentioned above. You can handle these by getting the add-on called BetterPrivacy. I hope I don't have to tell you guys to clear your history or use Private Browsing. Oh! and one more note that I'm not going to make a title for. Be aware of the Desktop and Web Browser extensions you are using. For example, weather monitoring extensions could be very bad because they may transmit zip codes or address information to get local weather reports. Many people overlook this. Hiding your IP won't matter if you overlook this. Other good add-ons: Adblock Plus - Can be used for Firefox, Chrome, Opera and Android HTTPS Everywhere - Encrypts your communications with over 1000 websites. Unless you're taters I'm sure most of you are already using this. Ghostery - See what's tracking you on a site to site basis. Block them if you wish TrackMeNot - I really like this one. This one spoofs your searches. For example, currently it looks like I'm browsing for: dogs When instead I might be browsing: How to be a terrorist No Script - Oh come on. Startpage: Also, for those of you who don't like Google for obvious reasons, check out Startpage. It sends your searches to their own server before actually sending it out to the web to help hide who's searching. It's alot like Ixquick except that it yields better results. They don't log your IP. ::Local Net Security If you aren't worried about your local network identifying your machine then I wouldn't worry about this section. Still, it's good to know. MAC Address: Your MAC address is a 48bit hardware identifying address which is part of your network card. Everyone has one and they are all unique. Again, this doesn't cross router boundaries so there are many situations when spoofing this doesn't matter. There are a few ways to spoof this. This first way being manually. The basic syntax for this is: ip link set wlan0 down < to bring down the interface temporarily, otherwise it won't work ip link set wlan0 hw ether ff:ff:ff:ff:ff:ff < don't use that one idiot Snayler reminded me that in Debian based systems you can run: ifconfig wlan0 down <to bring down the interface ifconfig wlan0 hw ether ff:ff:ff:ff:ff:ff Then you have to reconfigure the interface. Simply running ip link set wlan0 up(or ifconfig wlan0 up) won't work. The easier way is just to do this with macchanger. Code: here. DHCP: Many people are aware of the MAC address and that spoofing it might be a good idea. Not everyone considers this though. You dhcp client will often transmit some information when requesting an IP address. Much of the time this only includes your hostname and MAC address(which you now know how to spoof). Unless your hostname is: twinkletits@hackingboxDumbassvilleOregon123herpderpLane Then you should be fine. Unfortunately, at least in the case of dhcpcd for you Gentoo and Arch users, it transmits a hell of alot more. It will transmit your hostname, dhcpcd version, kernel, OS and architecture. This is known as your vendor class id. Which is obviously very identifying. This can be taken care of by editing your /etc/dhcpcd.conf file. So, for example instead of having your actual hostname and vendorclass id be transmitted you can change it to whatever you want. Now, here's where you might want Wireshark. Set your filter to bootp and send out a DHCP request. Take a look at this DHCP Request packet. Notice where it's highlighted and it says Vendor Class ID. That is extremely identifying information. As you can see I'm using Arch linux with Genuine Intel. You now know my exact kernel and dhcp version. Underneath you can see that my hostname is machine. However, when I append these lines to the bottom of /etc/dhcpcd.conf: Code: Virtus(although it runs on Ubuntu 11.10 so maybe not) - Whonix Whonix is built specifically for Virtualization software. You can not install this on your actual computer. Due to the way it's built DNS leaks are impossible. liveUSB: Using virtualization software is good practice. However, it IS still on your actual computer. Yet a safer way would be to create a liveUSB. You can do this with UNetbootin, LinuxLive USB Creater(LiLi) or the dd command. dd if=/path/to/iso of=/dev/sdX Create it with no persistence. What is persistence you ask? Persistence is when any settings or modifications you make on a liveUSB stay, or, persist every time you start up the liveOS. The downside to creating a USB with no persistence is that everytime you decide to boot it up, any settings you may wish to have(such as many of the settings I mentioned in the tut so far) will have to be done every single time. However, the upsides I think outweigh the downsides. Basically, a liveUSB with no persistence is like booting into a fresh install of an operating system every time. So on those warm summer days where you feel like talking a relaxing walk to the public library, sitting down with a cool drink, and hacking the gibson, you can! Just pop in your liveUSB and hack away! Ok, don't really do that. But you get my point. This way when you are done you just yank the thing out and the next time you boot it up it will be like nothing ever happened on the liveUSB. If you are going to do anything really serious, this is a good option. Good operating systems for this might be: - Privatix - Liberte - Tails Really though you can use any operating system you want. These are just some examples of anonymity based operating systems. ::IP address Ok ok fine. I'll talk about hiding your IP. I'm not going to go quite as in depth as I may have with the other sections of this tutorial because this is only one part of being anonymous that people get too hung up on. Not that it's not important. People seem to think this is all you have to do to be anonymous though, and they are wrong. But, it wouldn't be a complete anonymity tutorial without this part now would it? Proxies: Wikipedia says: "In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Today, most proxies are web proxies, facilitating access to content on the World Wide Web." Ah yes. Proxies. Some of them log, and some of them don't, but how the hell do we know which ones do and don't? Hard to tell really. There are a few main different kinds of proxies. - Transparent Proxies: Simply put, a transparent proxy is no good for doing anything illegal. You Ip address is logged and shown. Although these may have the advantage of being a bit faster. - Anonymous Proxies: These hide your IP address. One downside is that anything you may connect to can probably tell that you are using a proxy. Which may cause problems for you in many cases. - Elite Proxies: These hide your IP and may hide the fact that you are using a proxy at all. Which can be beneficial. These often times will be the slowest. WARNING: Never assume that any proxy is not logging. Even if they say they aren't. A good thing to look at is the country it is in. You should never use a proxy that is in the same country as you. If you've done something worth trying to track you down for, LE won't have any trouble doing so if you used a proxy in your country. What you want to do is figure out which countries have the best privacy laws. Or which ones have the worst so you can avoid them. As far as I know, Sweden has very good privacy laws. China or North Korea however, have shitty ones. The US isn't really the best for internet privacy either. So choose wisely. Another thing to look at is the different kinds of protocols a proxy may use. The main kinds of proxies you will here about are SOCKS proxies and HTTP proxies. SOCKS proxies are lower-level then HTTP proxies. SOCKS uses a network handshake to send information about a connection. The SOCKS proxy then opens a connection, perhaps through a firewall. HTTP Proxies are transported over TCP and forwards an HTTP request through and HTTP server. One simple way to look at it is that HTTP proxies are web-based(obviously), and SOCKS proxies are machine based. Rooting a multitude of SSH servers and chaining them would be an example of a SOCKS proxy topology. Some SOCKS Servers include: - Dante - ss5 - Nylon - sSocks A simple Google search will yield you some up to the minute proxy lists. VPNs: Wikipedia says: "A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two." There's a major difference between proxies and VPNs. That difference is anonymity vs. privacy. The best way I can explain this is that anonymity means that someone is sticking his dick in all of the birthday cakes, whereas privacy means that Timmy is in the room with all the birthday cakes, but no one knows what he's doing in there. Keep in mind: proxy == anonymous(more or less) VPN == private(Virtual PRIVATE Network) Generally you can guess that the paid VPN's are going to be more reliable than the free ones, given that you aren't an idiot who paid for it with your personal credit card and your real name. Again, be aware of where the VPNs are located. So if you are in the US, maybe don't use openVPN for anything illegal. Their headquarters are located in California. Tor: I refuse to talk about Tor. Proxy Chaining: All I can say here is proxychains. It's a very useful tool and it's easy to use. With this tool you can chain proxy to proxy, proxy to VPN, proxy to VPN to Tor(if you want), proxy to proxy to proxy to proxy to proxy to VPN to proxy. But let's not get to excessive. You will need to take a look at /etc/proxychains.conf. There isn't a manpage for it, all the directions you need are located in the config file. Basically what you do is add whatever proxies or VPNs you may want(make sure to note the IP and the port number) and you add them after this part: Code: 3proxy which was posted by ande quite awhile back. There is also Botnet proxies if you feel like coding yourself a botnet if that's your thing. This is outside the scope of this tutorial however. ::Check Yourself Sites http://whatsmyuseragent.com/ http://www.whatsmyip.org/ http://www.dnsleaktest.com/ ::Anonymous Emailing - SilentSender - Send Anonymous Email - GuerrillaMail - DeadFake - Mailinator - Melt Mail ::Final Notes This tutorial was inspired by all of the generic, useless, copy/paste anonymity tutorials out there. You know which ones I'm talking about. The ones that say: "Here's a link to CyberGhost and what VPN's are, here's a proxy list, use Truecrypt, make sure to clean up with CCleaner, watch out for Viruses, here's some links to antiviruses. Full anonymous!" To all those tutorials out there, thank you for motivating me to write this. This one's for you. As I've said before, there is no one tutorial out there that will make you completely anonymous. Being completely anonymous is next to impossible. You can take as many precautions as you want but if the NSA is looking for you it doesn't matter how secure your Truecrypt password is and how many keyfiles you have. If you are important enough they won't really need to crack your password. They'll just beat it out of you. Besides many of the techniques I've outlined, being anonymous is common sense. Don't link you real email with you hacker identity. Don't talk about crimes you've commited. Use SSL with IRC. If you are going to do anything really serious, don't do it from home. Don't do it from your personal computer. Best of luck to all of you. Hope you gained something from this tutorial.