Anonymize your online footprint

May 30th, 2020
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.40 KB | None | 0 0
  1. Anonymize your online footprint
  3. Whether you are protesting in person or working in digital spaces (or both) covering your browsing habits, metadata, and search histories is important. These can be ordered as evidence, or can expose others even months or years later. Even without a court order or direct governmental surveillance, your data history can be bought from aggregate services, both legally and illegally.
  5. On the internet, you are tracked. You are tracked everywhere you go, whether by your ISP, advertisers, cookies, or the site itself. This will be your IP address (a unique identification number per network), where in the world you roughly are, other places you have been on the internet, and often what social media accounts you hold. Even just the browser you use can tell someone who you are because of the ‘headers’ your computer sends, called a Browser Fingerprint. Because there are only so many combinations of hardware and software, you may have a unique “fingerprint” simply because your computer’s particular combination is rare. See:
  7. Personal privacy on the internet has been eroded from all sides, including advertisement and commerce, weak government protections, hacked databases, products and services which leak your information (via selling it or accidentally and ambiently). But also, the internet was never really made to be anonymous. It takes work anonymize your information.
  9. ~~~
  13. On phones / other smart devices:
  14. Turn off your phone or leave it at home
  15. Police can track phones through cell towers - this can confirm your presence or identify you later
  16. Messages can also be intercepted by “stingrays”, which pose as cell powers ->
  17. If you use Android, leave it at home - they have a history of being hacked by police- >
  18. If you have an old/spare/burner phone, consider bringing that instead- even without a sim card, having an empty phone that can connect to wifi and bluetooth might be helpful.
  19. If you do bring your phone
  20. Think about what you have stored on it and if it could put you or anyone else at risk. Delete contacts and messages as needed.
  21. Back up your data, in case it is lost.
  22. Set a difficult passcode
  23. NOT face or thumb Id, not a year or all one number in a row
  24. Turn off home screen notifications - don’t let anything show without unlocking your phone.
  25. Set your phone to go to lock screen extremely quickly
  26. Turn on airplane mode, which will keep your phone from broadcasting.
  27. Make sure that Airdrop isn’t on.
  28. If you lose your device or it is confiscated:
  29. Revoke access & log out of applications remotely
  30. Changing your password to accounts can sometimes force a log-out
  31. Or you can do it manually per account- search “<service name> revoke access for devices”
  32. Use Signal or other encrypted messaging systems to communicate
  33. Police can still surveil metadata (when you’re sending messages to, when) but not the actual contents of an encrypted message
  35. TURN OFF LOCATION SERVICES!! This will keep you from attaching GPS coordinates to photos.
  36. iphone ->
  37. android ->
  39. On taking photographs:
  40. Photographs can be extremely useful, but:
  41. Take photos without unlocking your phone
  42. Do not take pictures of anyone that could be identifiable
  43. If you capture a person in a photo, BLUR OR BLOCK THEM OUT
  44. After you take pictures, screenshot them to remove exif data
  45. Exif data stores information on the image such as shutter speed, if a flash was used, date and time, and GPS information. See- >
  46. This can be evidence - don’t post something directly, but screenshot the image so that information is overwritten.
  47. After you screenshot the photograph, delete the original.
  48. IF YOU POST PHOTOS/INFORMATION ON THE INTERNET, know that this is saying that you were there. Never tag anyone else without their express consent or discuss private plans in a publicly visible space.
  50. On keeping yourself from being identified:
  51. Wear a bandana/mask, sunglasses, and cover any identifying features, especially tattoos.
  52. Don’t wear clothes that have identifiable logos on them, or that are unique. Stick to solid colors, or all-black.
  53. Don’t buy stuff, and if you do use cash! Credit cards / digital payments are immediately traceable.
  54. Bring a change of clothes for after the protest, or if you have to get away quickly.
  55. Bike or walk if you are able - License plate readers may be in use.
  56. Regarding CV Dazzle ( ): this is cute and cyberpunk and folks like to share it, but it is not as effective as just blocking your face. AI gets better every day, and if you’re still identifiable to a human you’re still at risk. If anything, colorful facepaint might might you more identifiable.
  58. ~~~~
  62. If you’re doing research or online activities that shouldn’t be tracked to you, here are some ways to cover yourself, ordered roughly from least to most difficult/serious.
  64. Use Firefox -
  65. Firefox just got a recent upgrade with increased tracking blocking and other data protections, especially over Chrome.
  66. Don’t install plug-ins you don’t trust, but do install plug-ins that help keep your data safe -
  68. UblockOrigin
  69. No software without a privacy statement that you believe -
  70. Even stuff you download to your computer that isn’t online can send information
  71. No Dropbox
  72. They are a very anti-privacy company. Use for filesharing.
  73. No Googling things, use DuckDuckGo -
  75. Use Incognito mode
  76. Not honestly a solution, but confuses some tracking.
  77. Burner accounts
  78. Always make a new email with no info for new accounts.
  79. Use a fake name
  80. This is legal and you should do it to avoid having your information data mined across services.
  81. Turn off location sharing on your computer -
  84. Never pay with a credit card, use a third party like Paypal, or cash or bitcoins are better
  85. Delete cookies and browsing history a lot.
  86. Turn off Javascript - this is a bummer but really helpful,
  87. Use the Tor Browser
  88. Tor browser - >
  89. Tor makes your traffic semi-anonymous by routing through nodes around the world.
  90. This is how you access the darkweb but you don’t have to go to darknet sites, just use Tor for regular browsing.
  91. There are also other browsers/systems, like Freenet and I2P.
  92. Use a Proxy or a VPN (or both)
  93. A Proxy hides your IP address makes it look like you’re somewhere else, but don’t encrypt your data. Good for lowstakes things.
  94. A VPN also makes your IP looks like it is coming from somewhere else, but is significantly more secure.
  95. More-> What is the difference between a VPN and a Proxy?
  96. Some Proxys:
  99. You can read more about VPNs and pick one out here:
  100. Expect to pay for a good VPN, though some have free versions.
  101. You need to make sure your VPN has had a public audit to ensure that it has no logs, aka no record of what you have used their internet connection for.
  102. Use Proxygambit -
  103. Use an anonymizing OS-
  104. A virtual machine that resets on boot, running on (secure) portable media. You want an encrypted key with Tails or ZeusGuard, or even Windows To Go. Assign a random DHCP address on start. Iron key is a good place to start - > /
  106. Once you’re all set up, check against DNS leaks -
  110. ~~
  113. And need to button up your online presence in case of identify theft/ hacking/ harassment/ threats/ etc (thanks @somenerdliam from Twitter for some of these links):
  115. Search your old emails
  116. Go through each email you can think of that you've used
  117. You’ll need access to them so that you can access other websites you may have signed up to using them.
  119. Delete accounts from forgotten services
  120. Use the search function for each email account and look for "Sign up", "Welcome", etc.
  121. Recover and log in to each service.
  122. Purge any content and messages, as the account may be archived even after its ideleted.
  123. Make a note of your username, password, the service, and email used
  124. Delete the account.
  125. If you can’t find where, search "delete account" + "<service>". You may have to email support.
  126. If you remember being on other sites, go to those sites and enter all your old emails in the recover password box.
  128. Check if your information is already public
  129. Now that you have a list of usernames, emails, and services, see if these are part of a data breach anywhere
  130. Search on Duckduckgo/Google/other search engine for your email and account names.
  131. You will potentially find pastebin links or databases with leaked information. Note what usernames and passwords show up.
  132. Many databases are not indexed by search engines: use to check when and what is public.
  133. If anything shows up, this is the first priority to change or delete!
  135. Remove old information from Google
  136. Even if you delete old accounts, there is cached information about them.
  137. Use the Google Console to request them to delete/update their search engine (which usually takes months organically) to remove those cached results. You have to provide a link to each.
  139. Don’t let Google track you
  140. Here is where you can go through each of Google's services. Turn them off for every account you have.
  141. You can see (and scrub) your old activity here:
  142. You can report content for legal removal here:
  144. For every service you use, strip down privacy settings to the core.
  145. What is possible will change service to service - it is safer to not have an account, but be sure to change your settings where possible.
  146. Facebooks is particularly bad, but if you do want to use Facebook make sure all of your information is set to private so people can't access photos and information about you.
  148. Delete old emails
  149. After you’ve gone through your old emails for signups, etc, you should delete them.
  150. This is not for stuff you will need in the future, but for personal information that could be used against you or embarrass you.
  151. If you think you might need these emails, make sure to change your security questions and password.
  153. Secure account practices
  154. Change all your passwords regularly, at least a few times a year.
  155. New databases are sold or leaks happen daily.
  156. Never use the same password, passwords that are similar to each other, or personal information in your passwords.
  157. Its easy to guess where an underscore or 0 might go to edit a password. There are even programs that run through password permutations automatically.
  159. Delete your old content regularly
  160. Delete tweets and old photos. If you are a personal target, this information might be studied intensely.
  161. Be careful of posting about your social circle and folks who are physically near you. Even if you have tight data practices, your neighbor might not- and if a hacker knows they are your neighbor, they also know where you live.
  163. ~
  165. More links -
  172. ~~
  174. I’m not an expert - if you have additions or corrections, @ this thread on twitter:
Add Comment
Please, Sign In to add comment