I posted this question yesterday but wasn’t very detailed or specific so i didn’t really get a specific answer. Let’s try this again.
Let’s say my mission is to download a torrented software or sensitive document and I dont want any 3 letter agencies being able to track me, or for the isp to have much information to give in case of a warrant. Ive been putting time into thinking, what could be the most annonymous way to do this and I think I have a pretty good idea, but I’d like to know if you guys see any holes in this.
Lets asume I’m not currently a suspect. I buy a used laptop from Craigslist and pay cash. I take out the hardrive and throw it away. I’ve never used this computer to connect to my home internet.
I use that laptop at a coffee shop that doesn’t use security cameras to run tail/tor on a bootable usb and ensure the "spoof mac address" is selected. Protonmail doesn’t require another email to set it up or any personal information so I create one and leave the coffee shop.
Now I’ve found xfinity has hotspots all over the place and where I live i could easily ride my bike 5 miles to an empty field and hide behind a tree to connect using the "free 1 hour" which requires an email and that’s it. No traffic cameras along the way. I connect with tail/tor and spoof Mac address again. I dispose of the laptop.
I know this might sound like overkill 😂 my goal is to understand the best way to have the closest thing to 100% anonymity. Any holes in this? Anything I can do to be more secure?
I use USB tethering on an Android 10 mobile to access internet on my laptop. I use Tor browser (TB) on laptop and keep my OS (a Linux distro) on laptop patched for security vulnerabilities. At times I need to consume certain content from websites which I don’t want any intermediary to know about.
Can my mobile device see what data I am requesting and receiving other than that I am connected to a Tor entry node and passing data to it back and forth?
Here’s what I have in mind:
- I enter
security.stackexchange.com in TB’s URL bar in laptop
- TB establishes a secure connection and sends my request to Tor network.
- My telecom provider, the first potentially hostile intermediary I usually think of can see only that I am connected to Tor network. For scope reduction of this question, let us become ignorant and assume that my ISP or any intermediary further down does not have the capability to either see my original request or link it back to me.
So far, reasonably good. But, the first intermediary seems to be the Android 10 device itself. How can I be sure that my Android 10 device cannot know what data I am requesting and receiving other than that I am connected to Tor?
I am concerned because my mobile device is potentially hostile in my eyes. I do not know the capabilities of the baseband OS (which some state sponsored entities may exploit), don’t know the vulnerabilities of my Android 10 device which has vanilla Android fused with proprietary code. My mobile device is also at the mercy of its OEM which may not provide security updates for it in future.
I’m studying Tor and Onion Routing and I don’t understand how it preserves anonymity if the Internet routing is still done using public ip addresses.
Let’s suppose we have the following Tor circuit: Tor Browser -> A -> B -> C -> Server. If someone follows the traffic from relay to relay then the anonymity is broken. Even though it uses 3 layers of encryption the routing is done by public ip addresses which are in clear text in the ip header.
Or when the server responds back it sends the packets to the public ip address of C. Some authority could follow to route from the server to C to B to A to the client and knows that the client is communicating with the server.
Can anyone say if I’m right? Or the entire security of Tor is based on the fact that no one can ever control all 3 relays (or statistically is very improbable)?
If you are using a vpn for anonymity you can allow cookies when you surf the internet but you must delete them once you close the browser to get complete anonymity. Is this correct?
Or is it that just allowing cookies removes anonymity?
I wonder if it’s better to standardize or randomize data for anonymity. For example, think of browser fingerprinting. If you standardize every parameter, you would have all browsers returning the same user-agent, the same installed fonts, the same window size, etc. Every browser would appear to be the same as the others, so it would be anonymous (except for the source IP of course). The other approach is randomization: every browser will randomize the data for every request, so for example the user-agent will keep on changing every time (or pretty often anyway) and might be chosen from a large set of common user-agents, or maybe even randomly generated. The same goes for all the other parameters, including window size, etc.
I think there’s basically no difference between these two approaches, except that maybe randomization might confuse the tracking systems a bit more, causing a little bit of damage by polluting their data. It might also be easier to spot any small differences between standardized data, while randomized data might be more difficult to analyze, at least at first, before the trackers have figured out a way to remove the noise.
I want absolute anonymity online without anyone being able to track me down or sites I have visited, are TOR nods secure, and if you use VPN would this mean eventually if someone wanted they could track the exit tor nod and then your vpn back to you, or you’re totally secure ? does it result in 100% security, are you safe from government of united states of america or not
So let’s assume the following:
1. A host machine running a clean BSD-based OS that has no backdoors, malware, spyware or other potentially de-anonymizing harmful software.
2. One home internet connection from an ISP that keeps a close eye on potential Tor usage. The connection is being shared by a couple other devices and people.
3. One solid VPN provider that resides in a non 14 eyes jurisdiction, doesn’t have a record of collaborating with intelligence agencies, offers stable servers in a multitude of locations, employs a zero-logs policy running everything from RAM memory and doesn’t even ask for account names or emails.
Payment was done through bitcoin.
There’s no DNS leakage
Internet is blocked in case of connection failure
Traffic monitoring shows that every packet is indeed being routed by the VPN
4. A standard whonix setup(gateway, workstation) running as virtual machines on the host using VirtualBox
5. A list of 1000 socks5 proxies which may or may not have their activity monitored and logged by a potentially hostile 3rd party which will be used at browser-level to access a website
So we have the following schema
Machine -> Home connection/Personal IP -> VPN IP -> Tor -> Firefox ESR with a Socks5 Proxy-> Website
These are my questions:
1. Is there any way in which the ISP can know that we are on Tor and/or using Whonix.
2. Could ‘website’ ever find out what the originating IP address really was?
3. Is there any way to correlate what happens at the ‘website’ level with the originating IP address/connection
4. Would using a public internet connection instead make a big difference in the anonymity of the setup?
I am newish to security but I have looked a lot for the perfect way to stay fully anonymous while all data is encrypted. Let’s say someones a whistleblower or trading government secrets, how could he wander of freely around the Tor network without being spotted (it’s just an example), or anyone else who wishes too. My thoughts…
Tor over VPN Gives me a great advantage to hide data and the fact that I’m using Tor but if I would hit a bad exit node, he could find sniff my METADATA and see all content of the data because VPN has already decrypted the message. No Good!
VPN over Tor. Gives me a great advantage to hide data from exit note and impossible to see METADATA. But the disadvantage that my ISP can see everything, and no protection from any spying TOR exit nodes. No Good!
VPN over Tor over VPN? Possible to then hide my METADATA and encrypted data from both exit note and ISP? Not sure and didn’t find anything about it.
How about using a VPN to work over Tor on Tails? Would I need to create my own VPN servers around the world?
Let’s say I would pay via crypto and anonymously for the VPN server. Maybe shared IP address?
I feel like I’m on the right track to find full anonymity and privacy solution via Tor, but I’m not sure. I hope some of you can help an average Joe to understand how most experienced hackers would hide their asses.
Cheers, and thanks!
I am struggling to find the most reasonable methodology to use when attempting to preserve user anonymity for those uploading files to IPFS.
Please take a look at this transaction link of bitcoin :
My bitcoin address is :
You can see all of my transactions by this link :
My friend address is :
But you can’t see all of his transactions by this link :
What is this address :
And why is it undetectable?
How can i hide my transactions from others like that address?