As Scotty remarked in Star Trek, the more complicated the plumbing the easier it is to clog up the pipes.
I like my privacy. I also like my anonymity. This isnt just because I don’t want junk mail. Given todays political clime, you can get a ‘friendly visit’ from all sorts of badge-wearing goons just for having a last name that sounds funny or for reading the ‘wrong books’. So, for me privacy is important…not because Im doing anything wrong, but because nowadays not doing anything wrong is no guarantee that ‘the powers that be’ will leave me the hell alone.
So….
The internet is useful. It allows me to communicate ideas and messages to and from LMI. It also gives me access to huge amonts of knowledge. So far, accessing the internet anonymously is fairly easy…I can use a library computer, go to Kinkos and use theirs, or even slip into a WiFi hotspot somehwere with a laptop. no muss, no fuss. I can even walk into some mom and pop ISP and plunk down $200 for a year of access and not have to show ID. Getting websites and ordering things online, thats a different story. See, credit cards are the preferred medium on the internet. Makes sense, trouble is that it isnt nearly as easy to scam your way into a credit card as it used to be. Hypothetical – lets say you want to register www.leavemealoneplease.com . Youre going to use this website to spout off about how displeased you are with the .gov and maybe even communicate with like minded individuals through it. So far so good. Now, because you dont want to get painted with the ‘possible terrorist’ brush and maybe be ‘temporarily detained’ without a trial you want to get this domain name anonymously. No prob, you can lie on those little questionaires from the online register/hosting sites (like Yahoo! for example). Trouble is, how do you pay for it? Yahoo! doesnt take cash. You certainly dont want to use your credit card, which has your name and other data attached to it. Hmmmm.
Once you have that means of communicating taken care of, how do you stay in touch by phone with your new friends (and safely in touch with old enemies)? You would never use the phone in your house. Payphones are okay if you dont use the same one too often but it makes getting calls tough. Voice mail services are okay, but what about just getting a cell phone? When ive had them in the past, they never ask for ID but they sure want a credit card to make sure they get paid.
Technology to the rescue.
Im in Albertsons today and they have a little rip-off coin counting kiosk. This kiosk, for a whopping 9%, will convert your mason jar full of change into ‘real money’. Ok, if youre too lazy to count out and roll coins I suppose its worth it. But here’s where it gets interesting. It also sells prepaid Mastercards. Dwell on this. You use it like a credit card, right? Accepted wherever Mastercard is accepted, right? Simply dump $110 in quarters into this thing and have it give you a $100 prepaid Mastercard.
Thus the scenario to get perfectly anonymous website and email:
Go to local mom and pop ISP. Hi, Im moving here in a month or so and need to arrange to have a local dialup account. I dont have a local address yet but heres the startup cost and a years service up front. You now have local ISP and an email account. Maybe even some storage space. Log into Yahoo! or similar service and get an email account. Go to their domain registry service. Register your domain, pay for it and its monthly fees using your prepaid card. Recharge the card at the kiosk every so often to keep up on payments on webservices. Yahoo! sends the confirmation message to your new email account at the mom-n-pop ISP. You reply and confirm and now have your Yahoo! email. The need for the mom-n-pop ISP is pretty much gone. Yahoo! sends the confirmation of your new domain to your Yahoo! email. So, now you have email that you can access from anywhere and a domain that has absolutely no way to be connected to you. I suppose the powers that be could go to mom-n-pop ISP and what would they say? A pysical description? Like they remember every face they see. And since you access from Kinko’s or the library or the computer lab or any of a dozen other places that don’t really ask for ID they’d have to sit a guy there all day waiting for you to show up and get fingered. Use WiFi hot spots and you’d be pretty much uncatchable.
But you still wanna call your buddies rather than email, right? No problem. Prepaid phone cards were the old way. Prepaid cellphones are the new. Theyre all over the place and with your completely-untraceable-to-you prepaid cashcard you can pay for the service online, using your totally anonymous email and internet access, or at any of the handy kiosks in WalMart. Just make sure no cameras get a good look at your face and you’d be home free.
I think this would work. I know the part with the mom-n-pop ISP would work. I did it last year and simply paid the startup and the first months fee and did what I needed and let it lapse.
Interesting possibilities.
Untraceable Internet is pretty easy to come by thanks to WiFi… living here in the suburbs, there’s half a dozen “open” (i.e. “not really open but I could open it right up given a couple days) wireless hotspots in range.
I remember reading about someone committing some crime (stealing something, I don’t recall what) while wardriving, and wondering how he got caught since that’s largely untraceable. Then it came to me… they followed the money. They didn’t catch his wardriving/hacking… they caught him spending his ill-gotten gains, and then figured out how he did it afterwards. If they can do it for criminals, they can do it for anyone they want to do it for.
The prepaid MasterCard does seem good idea for getting around this. It’s hard to get money into the electronic payment system untraceably… even identity-free electronic cash and things like PayPal/Neteller require you to get the money there somehow first, and that usually means traceable EFT/credit card.
Some of those chang machines will pay out in prepaid charge cards? Cool…. 😉
I’ll have to keep my eyes open.
The Albertson’s change kiosk will also give a Starbuck’s card minus the 9% fee they charge. Mmmh, coffee.
If they can do it for criminals, they can do it for anyone they want to do it for.
If youre spending $3,200 for laser range finding gear, maybe. For spending $20 here and there for a month of internet, a couple phone cards, a pair of boots, maybe some beef jerky? I dont think so.
May 3, 2005:
Not to mention that false registration information for a domain name has been grounds for termination of the domain name for years now. See the UDRP.
Good luck finding a mom-and-pop ISP that’ll sell you access without taking contact information as well. The Hollywood Music and Movie Police are happy to make an ISP cough up subscribers’ identities in order to sue for “piracy”, or the Trademark and Copyright Gestapo will sue you or have the site shut down for you using their trademarks or “copyrighted” internal documents on your site. The m*****f*****s at PeTA successfully pulled “peta.org” from a guy running a PROTECTED FREE SPEECH PARODY SITE “People Eating Tasty Animals” on the grounds it was “illegal trademark infringement”. If you really want scary abuse of government power, how about the Motion Picture Ass. of America making a foreign government arrest its own citizen, “DVD Jon”, a Norwegian, for releasing code that decrypts DVDs (which was absolutely 100% fair use reverse engineering to play legitimately purchased DVDs on the Linux operating system)? I’m less worried about the Feds coming to arrest me because I think Bush and a lot of the other people from him on down suck than I am over, say, Mall*Wart or GM or Microsoft getting the government to either criminalize something in order to benefit them, or worse, getting the government to arrest and prosecute me FOR them. The Constitution and Bill of Rights only protect you from the government, not from Corporate America in a civil trial.
Cause, you know, God forbid you attempt to make a copy of something for your own personal use (copy control technology), or to repair something (copy control technology, reverse engineering protection), refill your printer’s ink (cartridges with built-in expiration dates), record something from TV (HDTV broadcast flag), or otherwise use some commercial product in a way the manufacturer does not approve of which might threaten their profits.
Your prepaid credit card still has a number (trackable to the kiosk, possibly with timestamp of when you bought it being recorded). Your prepaid cell phone still has a MIN/ESN pair that’s trackable. Your newest cell phones have E911 GPS built in.
I won’t even get into ECHELON ( http://en.wikipedia.org/wiki/ECHELON ) and Carnivore ( http://en.wikipedia.org/wiki/Carnivore_%28FBI%29 ) (Carnivore being abandoned for **COMMERCIALLY AVAILABLE SOFTWARE**).
This is why Osama and the really smart terrorists use cash money and hand-delivered messages. Hell, the fact Osama had a satellite phone was disclosed by our wonderful government… so Osama, upon finding out we were listening to his phone calls, hurled the sucker out into the middle of the desert.
Onion routing
For that extra degree of indirection.
Of course, who knows what web traffic is attributed to your current IP then.
Shhhh
The mac id on your modem when connected to a hotspot? – Logged and if used somewhere else where you are identified comes back to you. From your home phone? – Your calls are all logged with date and time and number called. Internet cafes? – Only if you use their machine and they keep no records and can’t remember anything about you and don’t have a surveilance camera. Library? – Mine logs who used it by library card. Did that camera on the street see you walk into the cafe?
There is little you can do to protect your privacy. One would know enough about you and your GF just by reading the journals to find you if they had reason. Bad thing is, as soon as you try to hide, they begin wondering why.
Just being in the business your are makes you semi-suspect from the beginning as far as being on a list. Then you add the law enforcement applications, the firearms licenses, and residence in MT complete with emergency shelter and you are really drawing attention. Purchases of survival gear from survival gear companies? USPS packages going out with ammo in them? The list goes on…
I’d keep it all a secret.
Yup, if anybody bothers to complain they can have your whole domain suspended pretty much instantly for failure to provide accurate information. I do it all the time. For spammers using stolen credit cards to buy thousands of domains, this is not a particularly big problem, but if it means dumping quarters in a machine…
Best way to get untraceable internet is stolen WiFi and stolen proxies. Just be careful that the proxy you’re using isn’t actually a honeypot.
Re: Shhhh
I knew someone would bring this up. With many modern chipsets, you can change the MAC ID of the WiFi card. There are other issues as well. It is technically possible to fingerprint a computer by the services it is running, and how it blocks connections, sequence numbers and other things. Highly impractical though.
If you couple this with hiding in peoples bushes in the suburbs using their wireless connection, you have little to worry about.
From the point of view of law enforcement officials, anonymous WiFi is their largest worry next to steganography. Against which they admit, in the right company, that they are virtually helpless against.
Re: Shhhh
It’s a fairly straightforward process to change a MAC address on wireless NIC. I don’t know about the larger wireless services like T-Mobile, but there are a lot of independent coffee shops running their own wireless networks. I guarantee that these guys don’t know how to maintain logs and even if they did, the rational ones wouldn’t want to. When the fedgov comes knockin’ with a search warrant for all logs related to use on X date, then the best answer is that there are no logs and thus, nothing to search.
Re: Shhhh
Yes, but do they know how to turn off logs that are default-on?
Re: Shhhh
Sure, but who is going to change the mac address everytime they log on? Additionally, given the right governmental push mom and pop logs could be “orderd” on, and as I understand it, under the patriot act the owners could be instructed not to tell you. Now we’re looking for a pattern where a customer who visits the coffee shop uses a new address every time and that sticks out like a sore thumb when most use the same one every time – look for new, unique macs. People forget to think about tracking future use – instead of looking back at a specific transaction on a specific date, we track all current use of a connection that we have had a problem with. Even more to the point, who wants to walk down to the local coffee shop to use the Internet?
Easier to keep quiet about things that you don’t want discovered or that place you in a category that fosters scrutiny when something does happen.
Same thing with RF. It takes very little time to track down a receiver. We
counted on being vaporized when I was in the 255th as a ground radio troup. We practiced ECM for war-time and only turned on when we transmitted or at specific intervals. We also practiced mobility – hanging long wires from various points and moving to those locations randomly – my HF was Pacer Bounce and mounted in Blazers. You could get a decent signal just using the whip mounted on the side. We did need AC to get the full 500 watts out of it, but 100 was enough for most command and control stuff anyway. We also setup our radios away from the main operation and connected with remote units through twisted pair – not great distances, but far enough that if they were homing on our RF the first strike would be a warning for the main operation and not a hit. That was all 15 years ago, too. Who knows what has improved by now for targeting RF sources?
Starting in 1988, that unit was also a part of Blue Lightning, a drug task force on the Gulf Coast. We collected information on the drug trade in ways that most people didn’t think about. Nothing secret, just not common knowledge. If we could do it for drugs, we could do it for any reason. You can’t tap a phone, but you can listen to stray magnetic impulses. You can’t bug a house, but you can listen to the windows vibrate. You can’t go on a person’s property, but you can read a person’s lips with a scope. Now we can track you with a cell phone. We can listen for your unique voice pattern. Nothing that might hold up (or even be brought up) in court, but that’s not the intent anyway – gathering information is the intent. “The BLOC/HIDTA Watch Center is a United States Customs initiative, located in Gulfport, Mississippi. It is a 24-hour/7 day intelligence support center. Analysts provide real-time law enforcement intelligence to all HIDTA initiative and to over 1,700 Customs cross-designated state and local law enforcement officers across a five-state area.”
Ask Leroy Hobbs and D.J. Venus Information was collected on them for five years until a case was strong enough to convict. The government can be very patient when it wants to be.
Re: Shhhh
Generally, they don’t know how to do anything and most wireless access points don’t have enough non-volatile memory to store logs for very long. Logging on a wifi hotspot would have to be very intentional.
Re: Shhhh
Sure, but who is going to change the mac address everytime they log on?
Someone that wants to remain anonymous. It is possible to change a MAC address in such a fashion as to remain relatively unnoticeable. Getting the IEEE OUI correct is the first step. Simply set your OUI to something that matches for Apple Computers and the feds will never suspect you.
Same thing with RF. It takes very little time to track down a receiver.
I hope you met transmitter. One can track receivers, but it’s damned hard. One can also track transmitters, but wifi transmitters aren’t that easy to track. If there’s only a couple of ’em around, then it’s not really a problem, however, the ISM band is full of crap now and tracking anything would likely be a pain in the ass or required very, very specialized equipment.