Nextpertise - A Journal of Interesting Ideas in Technology
a journal of interesting technical ideas . . .
by Brent Stewart on Wednesday, Apr 5, 2023
What is the best way to be truly anonymous online? Most of the time our concern is about being commercially tracked and having our browsing habits shared (I understand this doesn’t creep everyone out as much as it does me). My kids think I’m paranoid. Just for fun, take a look at Am I Unique and browse through all the different data points that are shared by your browser and can be used to cross-reference and track you. Even paranoid people have enemies.
My personal summary from Am I Unique? is shown to the left. Just like Mom said, I’m one in a million.
Sometimes our need for anonymity goes beyond shielding our selves from spam. When the stakes are higher, revealing an identity could impact a job or put lives in danger. Many people depend on this type of anonymity to circumvent hostile governments or to leak important stories to reporters.
Recipe for Anonymity
Here’s a quick description of how you might approach trying to safeguard your identity. This will guide you through installing Tails. Tails is a standalone operating system that allows browsing through TOR. The machine is clean, so nothing leaks to identify you, the OS is scrubbed every time you boot, the browser is locked down, and TOR passes your traffic through a series of other computers (“nodes”) to obscure your source address.
This kind of concern means that the authorities are either unconcerned or hostile to your situation. I am praying for you!
Don’t trust my advice! I have a reasonable level of expertise, but I don’t do this for a living. My advice is a good starting point, but technology is constantly changing and this may be old when you read it.
I believe Tails by itself is sufficient against non-Nation-State actors. Especially if you have that level of concern, maintain a sense of paranoia and protect yourself in multiple layers. For instance, use this post as a starting point but load the USB stick from a computer in a random location that can’t be associated to you. In all cases, continue to research best practice!
Tails can be installed via USB. If you are in serious danger, this is the best way. You can then take the USB to any computer, boot up from the USB, and further obscure your source.
Tails doesn’t protect against stupidity. Don’t login anywhere or take other actions that may identify you while using Tails. Also, remember that browser crumbs are only one way that someone could be identified. Cameras, visitor logs, and phone GPS are examples of other ways you could be tied to a location at a specific time.
Setting up Tails
In this exercise, I’m going to walk through installing Tails in a VM on Linux, which may be sufficient for run-of-the-mill situations.
First, install KVM. The commands below apply for debian-derived systems like Ubuntu, Mint, or Pop!_OS.
Next, download the Tails ISO or an IMG file which is easier to write to USB. I’d use Etcher to write to disk, but if you haven’t done that part before the Tails website has installation instructions.
If you want to install on a VM, run the Virtual Machine Manager and create a new machine. The device I setup had the following settings:
Generic Linux 2020
2 vCPU, 8 GB RAM (I think you just need 4)
Boot options - boot from SATA CDROM
SATA CDROM - mapped to the Tails ISO in my download directory
Start the VM. The VM window will “capture” your mouse and keyboard - to break out and back to your host machine press the right Win and Ctrl keys. It will boot to a welcome. You may want to set some additional parameters (these will only apply until the next boot).
Under Additional settings, choose the plus and set an Administrative password. This only applies to the session. The “Unsafe Browser” option allows you to sign into a captive portal. Again, that’s another way to identify you so I would just pick another place to connect and turn that off.
Choose “start Tails” to move into a Gnome desktop. It will prompt you to start Tor first thing. You can tell it to connect automatically or “Hide to my local network that I’m connecting to Tor”. The latter choice requires identifying and connecting to a Tor bridge manually. You’ll be prompted to email firstname.lastname@example.org and they’ll help you find a discrete way to connect.
Specifying Tor Exit Node
One problem that you may encounter is that the site you are trying to contact blocks connections from other countries. Since Tor will give you a random exit node, there’s a good chance your traffic will appear to be coming from somewhere else on the globe. My first test put me in Germany, for instance.
If you want to force Tor to exit your traffic in a particular country, open a terminal in Tails and edit the tor configuration file.
sudo nano /etc/tor/torrc
Add these lines to the end of the config file to force traffic to exit in the US.
I’ve included a table of exit codes at the end of this document to help you find the appropriate country.
For an extra level of obscurity, use Browserling. Browserling is a site that will give you a web browser in a Windows VM to test your website. You can also use this to create another level of difficulty to tracing the connection back. Use Tor to connect to browserling, which will spin up a temporary VM (it will take a minute). It’s meant for testing web pages and will only be available to you for a couple minutes, so you might want to prep what you want to send in a text editor and then copy and paste it over.
I hope you don’t need this, but if you do I wish you the best. Hopefully this will give you some ideas where to look and how to protect yourself!