Guest User

Untitled

a guest
Oct 31st, 2010
558
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. How to Stay Anonymous on the Internet
  2. A guide from your friendly neighborhood Kyek
  3.  
  4. Why are you writing this guide, Kyek?
  5. Recently, some unknown newcomers to our scene have posted propaganda to our forums, claiming to be hackers who can get into Apple's E-mail, claiming to work for Apple, or a multitude of other things. Some of these people I've been able to very pointedly disprove, but others.. well, it's anyone's guess as to whether they're telling the truth or not. Most likely, they're just pissed-off developers who spent 15 minutes on google digging up a little dirt, and want to scare everyone away.
  6.  
  7. The problem is, two of these posters have been able to find the real names of two of our crackers, and because of this many crackers are running off screaming, claiming they'll never crack another app. This drives me nuts, because that's exactly what these people want. And so, I'm writing this guide to give tips on how to protect yourself in our scene, showing you how to make it near-impossibly hard for anyone to figure out who you are in real life.
  8.  
  9.  
  10. How this guide works
  11. There are always extra layers of security you can add, giving yourself more and more protections. So, I'll be describing things in terms of "levels". "Level 1" is the most basic stuff you can do, Level 2 is what you can do if you're not satisfied with the little bit of protection level 1 gives, Level 3 is what you can do to protect yourself even more, etc. Just keep going until you're comfortable :)
  12.  
  13.  
  14. Let's begin!
  15.  
  16. LEVEL 1: This isn't MySpace
  17. What: Take the precautions necessary to make sure that YOU aren't giving yourself away.
  18.  
  19. Why: It might seem harmless to post a picture of yourself, or even more harmless to post one where you're blurry or masked in some way. But even the most vague picture can give an internet detective your general build, which can go a LONG way to figuring out who you are -- or more importantly, which of their suspects isn't you.
  20.  
  21. How: Just be smart. In this environment, it's easy to get comfortable and trust people, but just don't do it. Anyone can be whoever they want on the internet -- even the Hackulo.us staff will attest that I don't give them any hard information about myself. DON'T post pictures, DON'T give out your iTunes info so other people can crack your apps, DON'T even tell cute personal anecdotes about this one thing that happened to you when you were little. If someone trying to figure out who you are has it narrowed down to a handful of people, finding out which ones were hit by a car when they were 8 (assuming you told a story like that) is pretty trivial.
  22.  
  23. LEVEL 2: Use a new identity
  24. What: Create a new identity not linked to you or any of your other internet handles in any way.
  25.  
  26. Why: Three total people in our scene have had their real names and other information discovered, and ALL SOMEONE HAD TO DO TO GET IT is use Google. All it takes is ONE reference somewhere on the internet -- even if that reference has since been deleted (you can view webpages from previous dates, remember) -- linking your handle to your real name, or another E-mail address, or ANYTHING, and your real info can be found. You need something new.
  27.  
  28. How: The first step is to choose a new username. Here are some good guidelines:
  29.  
  30. * Something not related to you in any way. If you're into track at your high school, trackstar89 is a really shitty choice. Anything containing your first, middle, or last name is also a HORRIBLE choice.
  31. * Something that is NOT completely unique -- you want a name that other people have used before. If you're good, you'll choose one that only a few other people have used so there's not much chance of anyone else in this scene having that name.
  32. * Something WITHOUT NUMBERS. Even if the numbers mean nothing to YOU, they make the name more unique and can be used to rule out other people -- letting people find you by process of elimination. Just stay away from numbers.
  33. * Do not use crazy capitalization. You might think bAJiNGO or BajingO is cool, and maybe other people call themselves Bajingo on other forums, but finding one with the exact same capitalization is a dead giveaway.
  34. * Something that turns up other results in Google. Whether it be someone else's last name, a common noun ("Ovenmitt", "Hothands", "Bellybutton"), or something else, don't let your new username be the only thing that comes up in google search results.
  35.  
  36.  
  37.  
  38. Using me as an example, Kyek has nothing to do with who I am, at least five other people on the internet use it, it has no numbers, it's a real last name so it turns up on Google, and "Kyek Pa" is the name of the board-breaking test in various forms of martial arts, so that comes up in google too.
  39.  
  40.  
  41. LEVEL 3: Get separate accounts for your new identity
  42. What: Get a new E-mail address, paypal account, or anything else you need for your new identity
  43.  
  44. Why: Remember what I said earlier? All it takes is ONE association of your new identity to something else real to give you away. The second you use your real E-mail with your new identity, you're in danger.
  45.  
  46. How: This one's pretty self-explanatory. Choose an online webmail provider that keeps your information as anonymous as possible and doesn't link your account to anything real. I highly recommend Gmail, as long as you do not give Gmail a secondary E-mail address when you sign up. Once you have your new E-mail, use it to register for websites you'll be using with this identity. Appulous, Hackulous, any other iPhone forum, Paypal.. If you have your own iPhone site under your new identity but you pay for it with your real credit card or paypal account, you are not smart :D. Remember, NOTHING associated with your scene identity can be used for anything other than that one identity!
  47.  
  48.  
  49. LEVEL 4: Dedicate a new web browser to your identity
  50. What: Get a new web browser that you use ONLY for things associated with your new identity.
  51.  
  52. Why: Because logging out of a website with one account then logging in with a different one links the two identities. If I can tell when you do it on Appulous or Hackulous, Google, Yahoo, paypal, or any other site will CERTAINLY know about it. Also, some sites require cookies -- but will use those cookies to track who you are whether you're logged in or not. The only way to keep your new identity completely separate is to give it its own web browser.
  53.  
  54. How: Simple! Download a browser different from what you use normally -- If you're addicted to Firefox, get Flock. It's based off of Firefox and can run almost all Firefox extensions. Other great choices are Safari, Chrome, or Opera. Just make sure you ONLY use this browser for your secret identity, and NOTHING else!
  55.  
  56.  
  57. LEVEL 5: Use a proxy
  58. What: Get a base level of anonymity so that your real IP address isn't shown (even to admins) when you go to a website.
  59.  
  60. Why: All websites, with very little exception, log your IP address and your connection time when you visit a site. This includes every link you click on the site, every post you make, etc. This information can be subpoenaed by the court, meaning if someone REALLY wants to find you, they can -- no questions asked. The least you can do to protect against this is use a proxy so that the IP that shows up isn't yours.
  61.  
  62. How: There are a few different kinds of proxies. Many of you are familiar with the kind you go to with your web browser, type in the address of another site, and your target site loads through their proxy page. Not all of these are anonymous, but they're enough to get the job done if all you're after is a basic level of security. Another kind is an IP address that you physically enter into your web browser's settings, so that any page you go to normally will be loaded through it. These are much better, but harder to find.
  63.  
  64. You can find many of those two kinds of Proxies listed on Proxy.org. But don't be pulled into a false sense of security here -- if someone really really wants to find you, they can go back to the proxy you used and demand to know who was using their service through that IP address at a certain time. Not all proxies keep these logs, but those that do can burn you.
  65.  
  66.  
  67. LEVEL 6: TOR
  68. What: Taking the idea of proxying to a new level, TOR can be used to anonymize your internet connection
  69.  
  70. Why: Online proxies work, but they're not reliable and there's no guarantee that they're actually anonymous. Some even share your real IP address with your destination site anyway! The easiest (and most free) way to make sure you're anonymous is to use TOR -- a network of computers that bounce your connection around and make it nearly impossible to trace it back to you.
  71.  
  72. How: TOR is a free service, though please consider donating if you use it. Go to http://torproject.org and if you know what's good for you, take the time to read about TOR and how it works because just installing the Mac or Windows client isn't enough to protect you. You have to make sure it's connected and reroute your browser to connect to sites THROUGH it, and you need to disable certain flash and javascript that's capable of finding your real IP address anyway. The downfall of TOR is that it can be slow, so casual browsing with it on can be a bit of a pain. Most sites (like forums) only log your IP address when you post something, though, so you can turn TOR on when you want to post and keep it off otherwise. Most other proxies can't be used while you're using TOR, but that's ok -- TOR is better. Use other proxies for casual browsing, if you can.
  73.  
  74.  
  75. LEVEL 7: Anonymous VPN
  76. What: Run your entire internet connection through an encrypted pipe to another computer that doesn't log your connections. If this sounds confusing, it's not -- read on :)
  77.  
  78. Why: As incredible as TOR is, it's slow and has a few vulnerabilities. For real anonymity, you run it through a VPN. VPN stands for "Virtual Private Network" and it's nowhere NEAR as complicated as it might sound at first. When your computer connects to a VPN, it's opening a highly-secure connection with a server (everything that passes between you and it gets encrypted), and that server agrees to handle all your internet traffic for you. So when you go to a website, your web request gets encrypted, sent to this other server somewhere in the world, and that other server gets the website, encrypts it, and sends it back to your browser. It's completely transparent -- meaning, it works 100% behind the scenes and you wouldn't even know you're running one.. except when you go to whatismyipaddress.com, it tells you you're living somewhere very far from where you actually are, and the IP address it shows you is not yours ;-)
  79.  
  80. Be careful, though: Most VPNs log EVERYTHING. If Apple tells a VPN that a certain IP address at a certain time has been engaged in copyright infringement, chances are that VPN will look into their logs and tell them exactly who you are. What you need is a VPN that DOESN'T log their connections, so not even a court order can turn up your identity.
  81.  
  82. How: The process is very easy, but the down side is that there are no truly anonymous VPN providers that are free. BUT, some are as cheap as just a couple bucks a month, so as long as you can get that, you're in business. Just google "anonymous VPN" and start searching for good ones to use, and ALWAYS remember to check for recent reviews to make sure you won't get cheated. For example, Relakks.com used to be fantastic in its day, but it only works for about 20% of its paid users now and there's basically no support for it. Just remember: you can never be 100% sure that the VPN isn't logging your connection, though, so use TOR *THROUGH* your VPN connection for sensitive tasks!
  83.  
  84. Another great thing about VPNs: Your iPod/iPhone can use them! It *is* technically possible for a program to be able to tell when it's being cracked (by detecting when it's being launched by a debugger) and then reporting back to the author's website -- so being on an anonymous VPN protects against that too! Though, for those of you who can't get a VPN, just disconnecting from Wifi and letting it make that call over Edge or 3G is better than nothing. No, turning on airplane mode won't help, because it can just save the call for the next time you have internet access.
  85.  
  86. We recommend: http://www.perfect-privacy.com/
  87.  
  88.  
  89. LEVEL 8: Don't use your own internet
  90. What: Piggyback off of a neighbor's wireless, or even better, take a laptop to a cafe or fast food restaurant with free wi-fi.
  91.  
  92. Why: Your connections can never be traced back to your home internet connection if you're not using your home internet connection!
  93.  
  94. How: Obvious level is obvious! Stealing your neighbor's internet isn't usually a great way to go (after all, if it ever gets to the point where police are coming for you, you're bringing them right next door.. that sucks for you), but it's better than using your own. Even better is going to a McDonalds, Panera Bread, local hotel lobby, local coffee shop, Starbucks, or a library. It might not be convenient, but it's dang hard to beat. I don't recommend this without a VPN, though. Even a free, non-anonymous VPN like http://www.anchorfree.com/ in these areas is fine -- just something that can stop people from snooping your connection. And remember, that VPN can be used on your iPhone too!
  95.  
  96.  
  97. That's all folks!
  98.  
  99. So stop being scared, stop running away, and realize that all you need to do is use your brain a little to protect yourself. Even just getting as far as level 1 would be an improvement for most of our active members, and getting up through level 4 will give the common user MORE than enough protection -- and it only takes 10 minutes to do!
  100.  
  101. Have you already messed up and used your favorite I-use-this-name-everywhere internet handle here? Then it's not too late! Just start over with a new name and don't tell ANYONE, not even your internet "friends" here that you've never met in real life, what your old name was or what you did. Then you can take part in our great scene again, but with the security of knowing how hard it is to find you now.
  102.  
  103. Cheers, and be safe in 2009!
  104. Kyek
RAW Paste Data