Is it possible to use a PC anonymously online?
This is not an attempt to answer the question of why someone would want to achieve online anonymity. If you are reading this, you have your own reasons or are curious as I am about the possibilities. I outline a number of assumptions at the beginning, which have warranted extensive writings on their own. I also list what I like to call “Rabbit Trails” along the way; tangents which take us away from the main goal but can impact the result.
Assumptions:
*US based – I’m based in the US, and am writing from that perspective. The NSA is keeping a copy of everything you do online. The data center in Utah isn’t there for looks.
https://www.eff.org/nsa-spying
https://www.theguardian.com/world/2013/jun/14/nsa-utah-data-facility
*Everything you do online is being monitored at some level – From ISP, to browser fingerprinting, to the online service itself.
*We’re trying to avoiding censorship and monitoring from every government.
*Perfect OPSEC can be achieved – People are people, limiting mistakes to zero is admittedly difficult.
*Use anonymous accounts and email addresses. For example, use services like Guerrilla Mail to sign up for the VPN. Never use an existing account connected to you. Use burner phones.
*Choosing a laptop over a PC for mobility.
*Physical security of the laptop is maintained at all times (nobody is able to physically tamper with the laptop).
*Secure VPN configuration – There is a long list of configurations that need to be made in order for the VPN to behave correctly (anonymously). This is going to vary between VPNs, but in general: IPv6, DNS service, IP binding, and firewalling.
Acquiring the Laptop
*The laptop should not be associated to you in any way. This means acquiring via cash or pre-paid credit card.
Rabbit Trail #1: Acquiring the pre-paid credit card
1. The credit card must be obtained using cash.
2. It must be obtained without showing or scanning an ID.
3. It must be obtained in a location that is free from video monitoring. Very difficult. Even most small shops have video systems for theft deterrent. Most small shops will only keep the video for a short time due to limited storage. Waiting for a period to use the card should overcome the temporary existence of the video.
*Intel based processors: Back doors like IME have been well documented over the years. While there are mitigations for things like IME on some of the older processors, newer Intel processors should be assumed to have similar issues. AMD is not a panacea either, but seems to me the better alternative.
https://fossbytes.com/amd-ryzen-epic-cpu-backdoor-13-critical-vulnerabilities/
*Hard coded MAC address on Intel wireless network adapter. This can be overcome with software, but I don’t want “Intel Inside.”
Rabbit Trail #2: You need to be in complete control of the network adapters in your machine. Most laptops have a button that “disables” the wireless adapter, but what exactly is being disabled and how do you know for sure? What if you forget to push the button? Since we’re going to open up the machine to examine the hardware anyway, let’s remove the laptop’s Intel wireless adapter while we’re in there. Purchase an Alpha (or similar USB wireless adapter) to use instead. Using an outboard device like this gives you a physical step that guarantees awareness and control.
Acquiring the Software
*So we have our fresh laptop and now we need software. If you said Windows, stop reading this and leave now.
Rabbit Trail #3: We opened our laptop earlier to remove the wireless adapter. Let’s change out the HDD/SSD while we’re in there.
*We need to acquire the software online in most cases. You might be able to use an older copy of a distro for installation and then update, but updating to the current version from there is not always possible.
*How to acquire a fresh copy? Our best way of accessing the internet with the smallest fingerprint right now is going to be via Tor. I’m not arguing that Tor is perfect or can’t be broken, but at this stage it is our best option.
*We’ve acquired the software, verified the signature, installed it (offline), and fully encrypted the drive and placed a password on the BIOS (a good idea if possession is lost).
Acquiring the VPN
*Purchase the VPN using the pre-paid credit card from Rabbit Trail #1. Again, using a disposable email address.
Rabbit Trail #4: Which VPN? I’m looking for a few things: based outside the US, based in a country that has privacy laws in place and appears to respect them, doesn’t have a history of inter-government cooperation, and does not keep logs. I have my own favorite and a bit of research will get you there.
Where to Get Online?
A few options here. The only rule is that your network adapter never touches your personal network. Even a “no log” VPN typically has connection logs. I’m not going to expand on any of these and will leave it to the reader to decide the implications for their situation.
*Free Wi-Fi is available at almost every restaurant, coffee shop, and at many businesses.
*Find a WEP encrypted network and use it. You’d be amazed (dismayed?) at how many of these still exist in 2021.
Methods Used While Online
*VPN always
*Proxy chains – I’m routing through at least Russia and China, possibly one or two more along the way.
https://linuxhint.com/proxychains-tutorial/
Conclusions
A lot of work admittedly! As with most security topics, there are many things that have to be done right to achieve excellent (I pause to say ‘perfect’) security. Only one slip needs to be made to break OPSEC:
https://www.schneier.com/blog/archives/2013/10/silk_road-au.html