-1

With all of these news stories about the government reading emails and snooping information from other sources, what are ways to minimize or eliminate an organization's ability to actually track and measure you?

How to become anonymous through email? IP addresses? Password management?

My initial thoughts were to set up a private VPN, accessible only with a private key, which could be used to host my email and encrypt whatever information I should be encrypting. And using something like KeePass for my password management. Bitcoins for purchases?

This question is a good start, but I'd like to dive a bit deeper into potential implementations.

Also, I realize anything I give google, or Facebook, or twitter will be public (even if they say they wont give my info out), but I'm curious about deterring people from snooping on my activity that is not public.

Community
  • 1
bwvoss
  • 11
  • You cannot minimalize what is already out there and having established a pattern of use on the web, it's pretty hard to become invisible. What you're currently doing might be hidable for a period of time. Stripping metadata by VPN, TOR, etc work to an extent, but there are metadata leakages at the endpoints. – Fiasco Labs Jun 11 '13 at 18:21

2 Answers2

0

A VPN does nothing you described. It still is a known end point and since most VPNs don't delay information, it is still easy to see the information going in and out of them and link it to a user if you have visibility to enough routers along the way.

TOR with packet delaying is your best bet at true anonymity on the Internet, though even it is limited if a sufficiently large number of nodes are controlled by an attacker and are able to collude.

If you only desire your communication contents to remain secret rather than the fact that you communicate, it is far easier to do things like run your own mail server that will only talk on TLS protected connections, but this will greatly limit the number of e-mail addresses you can talk with.

Application level encryption such as PGP can also work well when you need to communicate across mail servers that don't support TLS, though more actions have to be taken by the client receiving your message.

AJ Henderson
  • 41,896
  • 5
  • 63
  • 110
0

So, we could talk about VPNs, PGP, tor, etc....but please consider this:

The bottom line here is all those tools may 'flag' you and next thing you know, all of your data is recorded. So what? The data is encrypted! Well, the traffic can still be captured and decrypted later. One day clusters of computers will be powerful enough to decrypt it all. But, let's get on with a suggestion.

You have a lot of fundamental things to consider.

For example - even if you use tor, you can still be tracked via your browser fingerprint. You have certain plugins installed, and in a certain order, and so on. The EFF has a tool to show you this -

https://panopticlick.eff.org/

That is only your browser...there are still applications like Skype, IM, etc. also reporting to some server somewhere. They must all have unique usernames or similar IDs. These will be linked up on the backend with collaborating companies.

FWIW, bitcoins are trackable too - https://en.bitcoin.it/wiki/Anonymity

2 cents.

Admin
  • 41
  • 3