In our previous installment of Cyberpunk Life Hacks, we discussed anonymous snail mail.
Today we’ll be discussing anonymous web browsing. First let’s get the low-hanging fruit out of the way. If all you want is for your girlfriend or roommate not to find all that furry porn in your browser history, that’s easy. Just delete both your history and your bookmarks, and call it a day. If you want to sign up for something that requires email verification but don’t want to receive spam or associate it with your real address, use a disposable email service that doesn’t require registration, like guerilla mail. If you want casual, reasonable levels of privacy from man-in-the-middle observers, you can use a web proxy server or Tor.
That’s all well and good, but what about when you want to be truly anonymous?
Take a Second to Not Be an Idiot
In that case, it becomes important to understand how big data correlation works. If you log in to your email or bank account, the providers of those services keep a record of those logins. If you log on from one particular device, they keep a record of that device. For example, you’ve probably noticed that the first time you logged in to your mobile banking account from your desktop computer, the system recognized that you were logging in from a different device and asked you to verify your identity.
They’re able to do this because both your operating system and your hardware come with unique identifiers. Every networked device you own has a unique MAC address hard-wired into it that distinguishes it from any other device. And this is just one piece of identifying information among many.
Imagine that you wisely maintain multiple email accounts with different service providers in order to separate your professional and personal lives. On Monday, you log in to your Gmail account for work, and then on Tuesday you use a personal Microsoft Outlook account to sign up on reddit to engage in political trash-talking.
Congratulations! You’ve just failed forever.
It’s All Connected, Man!
Why? Let’s say that two years from now, some totally unaffiliated third party buys reddit and sells their accumulated user and log data to Google. At that point, Google knows that all the trash-talk you posted to reddit was posted by somebody who logged in using a specific hardware device. And they already have years of logs associating that same device with your work email.
Those two “separate” identities have now been successfully correlated and will remain correlated forever.
Even if you smash your computer and never log into any of those accounts again, everything that was ever done from them will remain as data that can be correlated by anyone who has access to it and will stay that way until the end of time. Who’s to say that future employers ten years from now won’t be retroactively looking at that information when deciding who to hire?
Think very carefully about this. Your web searches and device logins from years ago are probably still sitting around in a log somewhere. Using a web proxy today doesn’t mean that somebody can’t retroactively deduce that the person who accessed a specific web proxy service that they paid for with a specific credit card is probably the same person who accessed their social media account from that same device. Also, it’s probably the same person who bought those pink bunny slippers on Amazon with the same credit card. Simply hiding some of your activities doesn’t grant you anonymity if those activities can be correlated with everything else.
Seven Steps to Avoid Being Tracked
In order to remain anonymous, it’s not enough to maintain separate identities. You have to completely eliminate any trails of correlation between them. You want to be anonymous on the internet? Here’s how to do it.
Step 1: Buy a used tablet from your local classifieds like a hardcopy newspaper, pennysaver, craigslist, etc. Do not buy through an online retailer like Amazon or Newegg. Find a seller you can visit in person and hand them cash. You don’t want there to be an online or credit card record of this transaction.
Step 2: Do not sign on to any pre-existing account of yours of any kind whatsoever from this device. Not your email, not reddit, and definitely not social media. Don’t sign on to anything. Create fresh new accounts for anything you want to access under generic names that have no connection to you. If you have to pay for something, buy a prepaid gift card from your local grocery store, pay cash for it, and do not swipe your grocery store rewards card when you buy it.
Step 3: Never sign on to any account that you access on the tablet from any device other than the tablet. If you so much as check your anonymous tablet-only email address from your home computer even once, you’ll create a permanent trail that could be used at some hypothetical future date to connect everything–past, present, or future–on that tablet to you.
Step 4: Never plug that device into any other device you own. Do you recharge your phone by plugging it into your computer? Stop doing that. The hardware addresses of that device might be logged, or you may have mail syncing enabled, etc. Instead, get a cheap USB portable wall charger and use that.
Step 5: Never sign up for internet access or phone service on that device. This would necessarily create a billing trail and associate the device with your credit card. Instead, exclusively use public wifi and not the wifi connection in your house. Plenty of public venues and businesses offer complimentary wifi.
Step 6: Avoid repeat visits to the same places. If you always access wifi from the same location, it will be easy to stake the place out until you show up again. Favor large venues when possible. Always remember that public places are likely to be under constant video surveillance.You don’t want somebody two years from now to notice that Mr. Leet Hacker accessed something he shouldn’t have while connected to wifi at Starbucks and then have two years worth of footage of you showing up every Tuesday. Instead, swap locations regularly, park outside your wifi source, and experiment with their connectivity range. You may still be able to connect 50-150 feet away from the building while sitting in your car, hidden behind dozens of others in a parking lot.
Step 7: From time to time, engage in deliberately misleading online activities to make it more difficult to corroborate correlations through behavior. For example, do web searches on the tablet for porn you don’t like and activities that don’t interest you. Spend time playing YouTube videos in languages you don’t speak about hobbies you don’t have and vacation spots you have no interest in visiting. You don’t have to watch these videos, just make a point of letting them play. Establish patterns of behavior that don’t match those you exhibit on devices that are publicly associated with you. This way, even if someday you mess up and leave a trail that correlates the two identities, you’ll appear as two different users who shared the same device. Just like you’re not the same person you bought the tablet from.
Big data is powerful. But if you’re smart, it’s possible to fight it.