In June 2013, Edward Snowden shared classified information with The Washington Post and The Guardian. It said that the American secret services were doing total surveillance on people all over the world. «It is becoming more and more difficult to be anonymous» – hacker group Cicada 3301 declared this in 2012. But what if a person needs to hide, and he is not a computer geek? Read the step-by-step instructions in this article.
Anonymity and pseudonymity
Before diving into the technical part of the task, it is necessary to understand the purpose of hiding. Anonymity implies a single statement about any information, as in the case of Snowden: someone has told the world something and has «dissolved». To remain anonymous is simple: enough not to make mistakes, which will be listed below. Pseudonymity means creation of alter ego, to which the person plans to return a long period of time. «To keep a virtual» – this was called a pseudonymous activity – much more difficult, because the human factor every day increases the risks that the user will make a mistake somewhere.
Why are we not anonymous on the Internet
The digital footprint might be active and passive. Active one is a message or publication, for example, on a social network. A passive digital trace is created when information about the user is collected without his knowledge, for instance, during a visit to the site. The IP-address is a unique numerical identifier of a device in a computer network. It can be used to get approximate information about your location (country, city, zip code, ISP), restrict access to specific sites or servers, and run a DDoS attack. What should be done to completely anonymize activities on the Internet?
Invisibility Cloak
One of the most reliable ways is Whonix, which was used by Edward Snowden. Technically, a new operating system – Linux – appears on the computer, which exists separately from the main one and runs Whonix. Its system consists of two virtual machines connected via an isolated network. The first, Whonix-Gateway, runs exclusively through Tor and acts as a gateway or an artificial server. The second, Whonix-Workstation, is a workstation that connects to the Internet. Thus, all network connections are possible only through Tor: neither malware nor super-user rights can cause IP address and DNS leaks.
Installation
- First you need to download VirtualBox and unpack the package. Next, you should install Whonix. It is important not to open the system after downloading, as it has an extension .ova what is the format of the virtual machine file.
VirtualBox’s main window - Starts VirtualBox and imports Whonix via the «Import» button.
Whonix is installed. It is important to specify that a unique MAC or WIN address for network adapters is generated each time.
Creating new MAC or WIN addresses is necessary to improve security. This setting forces Whonix to create a new network address for each site. - The menu includes two machines: Whonix-Gateway and Whonix-Workstation. You cannot access the Internet through the server: the gateway isolates the workstation, but it works with open Internet traffic. You must run the server part first, and then the working part.
Whonix system settings window. Here you can change the operating memory, graphics processor, audio input and output devices using by the virtual machine.
During the installation process, an error «Kernel driver not installed (rc= -1908)» may occur on MacOS computers. It is solved by admitting the «Oracle America, Inc» software in the system settings of security and safety. If you have any other problems, you should look at the detailed guide about installing Whonix.
A window appeared on the computer with the system desktop. At this stage, Internet traffic is fully protected and isolated. Now you should pay attention to the factors that can compromise your security.
Basic mistakes
- The phone collects personal information even in «brick» mode when the device is off. The device needs to be disposed of, and it is better to send a phone by courier to another city: it will help to confuse the tracks. Don’t turn on your new phone in places you’ve been before, especially at home.
- You need to buy a corporate SIM card. Each smartphone has a unique IMEI-code, which is permanently registered in the database of the mobile operator after inserting the SIM card, so you need to use it only on a new device.
- Do not set the password fingerprint or Face ID. In 2019, so unlocked the phone of the owner of the telegram channel «Prometheus». Biometric identification is much less effective than the password.
- You can only use cash. Purchases made with bank cards give geolocation or just report online activity. If a person presents his documents anywhere, it will also compromise his location.
