Operating Securely

 

Operating Securely

Extracted from the Technical Anonymity Guide
    
Never operate from a location associated with you. There are attacks against Tor that can reveal your IP address. If your public IP address is revealed as your home or business then you are immediately identified. By operating from somewhere not associated with you, this will ideally only reveal your general location.
    
Be conscious of being tracked in public. There are technologies that make it easy to track people in public. Automated license plate recognition (ALPR) systems have been deployed on many police vehicles as well as by private companies. These systems use computer vision to extract the text of license plates. The license plate is associated with the location it is spotted at, effectively tracking any vehicle that is seen. There also exists a company Persistent Surveillance Systems that monitors large areas using high powered cameras attached to airplanes. This allows their customers to rewind on the movement of an area, tracking vehicles and people back to their source. Given these technologies and their limitations, it is best to travel more than 15 miles from any place associated with you, in a vehicle that cannot be tied to anyone you know. Consider using public transportation, though there are likely cameras monitoring both the vehicles and the stations. Bicycles and mopeds that do not require registration are a great solution. So may be a hired car in which you can pay cash.
    
Do not wear your regular uniform. Many people have a limited wardrobe. If what you wear can help narrow you down, (e.g., the person in Sometown, USA who wears all black) it is critical to wear different clothing while operating. Also cover any recognizable markings on your body, including tattoos.
    
Leave your personal cellphone at home. Cellphones connect to many different companies during normal operation. Most significantly, the cell service provider for coverage and the operating system manufacturer for system analytics and built-in services. Any applications on the phone could also collect data. Each time the phone connects to a cell tower during normal operation, it should be assumed that the connection is logged and that your phone has then been associated with that location. There are also IMSI catchers that act as fake cell towers and collect a log of phones in that area. With all these technologies it is very easy for your phone to place you in a location at a specific time. It is best to simply leave the phone behind or disable it by removing the battery. Turning it off when you are operating can lead to a correlation between your phone being down and operations taking place. It should instead be kept in a plausible location that indicates normal use.
    
Keep the battery removed from the burner phone when it is not in use. Malware has been known to fake the phone off-state. In order to make sure that any phone is in the off state the battery should be removed.
    
Only turn on the burner cellphone at locations that are not associated with you. Given the nature of the burner phone and its strong connections to your anonymous accounts, ensure that it is never turned on in a location associated with your real identity.
    
Never call anyone associated with you from the burner cellphone. Given the metadata that is collected in regards to who is in contact with whom, calling someone you know can link that phone to a social graph associated with you.
    
Store your devices securely when they are not in use. The Raspberry Pi is not configured to have an encrypted disk. This means that an adversary who gains physical access to the SD card can modify it arbitrarily. As well, physical implants could be installed on the laptop and the adapters (WiFi or Ethernet) could be replaced with dummy devices designed to call out to your adversary. Due to these physical attacks it is critical to store the devices in a reasonably secure and tamper evident manner when they are unattended.
    
Never log into accounts that are associated with your anonymous identities without Tor. It should be assumed that every site is logging the IPs associated with each account. Even a single login can circumvent the protection that Tor provides, revealing general information about your location and operations.
    
Never log into your personal accounts at the same time or from the same systems as your anonymous accounts. If logged in at the same time a correlation can develop between the two accounts. It should also be assumed that a system could be compromised. Logging into a personal account from a compromised system would give an adversary a direct revelation of who is operating on the system.
    
Be conscious of advertisements and cookies that track users between sites. While this tracking does not directly reveal your identity, it can associate operations or remove separation between multiple identities that are being managed. You should take the necessary measures to avoid being tracked online while operating. This can include regularly clearing cookies, installing adblocking software, and disabling JavaScript where possible.
    
Dissociate from yourself any cryptocurrency that is linked to your real identity. There are very few ways to acquire a cryptocurrency without revealing pieces of your identity to some entity. Purchasing in person will allow the person you are purchasing from to see your face. However unlikely, this person may be an agent of your adversary. Bitcoin ATMs will have a camera and require your burner’s SMS number (this also associates a picture of you with your burner number). Mining can reveal your IP address as it is a rather stationary activity. Connecting to a mining pool via Tor is a good option but Tor users’ IP addresses can be revealed by an attacker with sufficient resources. Given these constraints, you should always utilize mixers before spending your coins. Using multiple mixers is advisable in case the mixer you use is controlled by your adversary.
    
Manage multiple plausible identities that would be investigated if your machine becomes compromised. Many people sabotage their own attempts at anonymity by using pieces of their real name as a username or a username that is associated with them in real life. In order to avoid this pitfall, it is suggested that while operating you work under an assumed identity.
    
Change out your hardware. Given the possibility of compromise, and the contamination that can occur if any device you use becomes associated with you in real life, it is important to change devices. For example, using a burner cell phone to purchase Bitcoins from an ATM will associate that phone number with your picture. That phone should be considered compromised after such a usage and a new phone should be purchased.
    
Don’t make friends. Getting friendly and sharing details about your life will destroy your anonymity. Do not attempt to make personal connections when operating.