Welcome to a tutorial on the basics of staying "anonymous". From the movies you see a hoodie-wearing figure in a cyber cafe using public wifi and "an all in one tool" for not getting caught, and using a RAT (Remote Access tool). Well, its not that simple. There are some great OSs for anonymity and for those who think about using pen-testing, here are links to some great tools and add-ons:
Now we move on to OS based privacy -
- Firefox: https://www.mozilla.org/en-US/firefox/products/
- In my opinion firefox is a must for all who are security conscious and for those who love developing and debuging
- No scriptIt is a must have for anyone who wants better control of your web experince and it blocks pictures, videos, and any multimedia that can bemanipulated to get your identity. It's an automatic feature in TOR which I'll talk more about later.
- UblockThis, in my opinion, is a great tool that blocks pop-ups and banner ad's and makes my web experience more enjoyable on sites plagued with them, like the pirate bay or practically any website nowadays.
- Is a mix between unblock and no script but it has its uses. It shows a list of content that's automatic and other content and blocks. It will you allow it to be seen unlike ublock and no script it lists where, how, and what is going on behind the scenes.
- Hide my ass (add-on and site)It's a great free VPN that allows you to look up blocked content on any public wifi and in your home. It works well on ios, android, and windows mobile versions, but it is a little buggy and slow due to the ads. It allows you to look at adult content but as far as looking up important or " secret" items don't trust it. I only added this for newbs looking for a free VPN.
- Duck Duck Go
- is a search engine that won't store, track, or save history.
The following is a basic guide to stay anonymous based on my research and tools listed:
- TAILS ( the live incognito live system)
- Tails is a live CD or USB operating system that uses TOR as its main internet source but comes with an unsafe browser to login in to capture portals at any public wifi. It comes with the ability to use a camouflage win xp or win 7 desktop theme. As so, it doesnt attract attention if you're in a hurry to leave weather you're about to get noticed or you're done, simply pull the usb out or eject the cd it is supposed to wipe the ram and its traces. However, if you're on your own computer, I would advise you to make sure you always boot using the cd or usb and remove your hdd and ram to be 100% safe nothing was saved. It is also important to note that if your planning to save anything, make sure you boot with persistanece. It uses luks encryption, which is military grade. Only use it if you plan to leave traces on your usb. DVD has little room for persistance and only if it's DVD-RW. If it's DVD-R, which I recomend, simply becuse DVD-RW can store items not intended to be stored on that media, DVD-R is a one and done deal. Once an iOS is burnt to it, it becomes non-writable ( no traces ). Tails also automatically spoofs your mac address.
- Kali Linux
- Made by Offensive Security and the makers of Backtrack Linux and Exploit database, I'll be talking about this gem later. If you frequent my posts and want to know more about it, please visit their website. I could ramble on and on about its uses and its security analysis but to stay on topic, I must move forward.
- Liberte Linux
- Is a Gentoo-based OS hardened by grsecurity/PaX and is an amazingly 192 mb in size and comes with features, one of which is spoofing. It can spoof your mac like Tails but unlike Tails it uses the cms cables communication standard which, unlike pop 3 or penguine emails, is fully encrypted from start to finish using Tor and HTTPS. It is a serverless email client.
- Never use your name, nick name or any info that can identify you.
- If you want to stay anonymous, never use your real email or even one associated with you for a temp email go to ttps://www.guerrillamail.com. If not applicable, create a fake email account with Google, MSN, etc. and use all false information.
- If you are a collective or team, only use people you can trust.
- Do not use youtube, facebook, or other social media. If I have to say it - PLEASE DON'T SIGN IN WITH YOUR ORIGINAL INFO!
I hope you found this useful, and as always if you want to add anything I may have missed, please comment below.Thanks!