~ Anonymity lore for beginners ~
         To Noanon    For beginners
Last updated: October 2006
Check your client header right now!

[Old elementary anonymity steps for beginners]
[More recent elementary anonymity steps for beginners]
[When posting on Usenet]
[When they dare to spam you (and you have some spare time)]
[When you search]
[Anonymity essays]
"Recently, I 've changed the way I connect to the net. I was in a highly unsafe LAN, with many potential sniffers doing their job. As you see, the problem was a big one, since proxys are not a solution (sniffers get the trafic anyway), obscuring was too crude and painful for the amount of traffic I generate and I couldn't get NNTP proxys to work. The tool that actually made me feel so very happy is Tectia SSH Server/Connector. I installed the server on a trusted PC outside the LAN, and the connector on my PC. So, what happens is that the connector transparently encrypts ALL traffic and sends it to the server. Then data come back in a simillar way. And as a bonus, you can keep using your proxys :)

Anyway, I am too happy with this. I hope it helps people out there!!"
Kriton

Elementary anonymity steps for beginners

How d'you begin a "crash-course" in anonymity lores for beginners? Ah! Parum tuta per se ipsa probitas est! Let's just be frank and direct... let's use a lore... sort of...

"Yep!" - said fravia+ - "so you want to understand why anonymity is important? Easy, just read on:... I believe that each time ANYBODY asks you for some personal info you should by all means do a mix from the following": Yep!" - said fravia+ - "this is but the beginning..."


More recent elementary anonymity steps for beginners
(October 2006)

Fravia's relative guide to anonymity  

    "Fravia's relative guide to anonymity" or "no need to be 'too' paranoid"

    -----------------------------------------
    RULES
    1) buy pc cash elsewhere (not with cards and not where they know you)
    2) wardrive in another part of the town, not the one you live in
    3) download only, or if you upload, upload only anonymous things or PGP encrypted stuff
    4) rotate your wifi card mac address at every access point: I use "Macmakeup"
    5) use wardriving laptop ONLY FOR THAT, no personal data whatsoever on it (or use a live LinuxCD à la Knoppix and/or a USB stick. Boot it with no access to your harddrive)

    TECHNIQUES
    1) Find speedy, beefy first wifi accesspoint with netstumbler: there are so many unprotected at all that you don't even need to fire a wep-packets-analyzer/cracker à la Kismet.
    2) connect, browse, download, you may even let , (still using opera and proxomitron, he) some shields down: javascript, java, the whole bazaar : who cares? It's not you. Is "he".
    3) ISP "A" will register everything "he" does.
    4) work half an hour, download the helluja out of it, upload with care
    5) Note that your "host" may have his own log files on the router, but -usually- this is still not a problem since most people do not change the password of the router so that "admin" and "password"|"passwd" is always worth a try in order to get admin access to the current hotspot router and delete the logfile.
    6) walk ten meters, change access point
    ISP "B" will register everything "another he does".
    work half an hour, download the helluja out of it
    walk ten meters change access point
    ...rince and repeat at leisure

    Reformat hard disk every week just in case, or even better: the moment you buy the computer immediately create an image of the clean system and store it somewhere (like a DVD). Every now and then you erase (3-7 passes) the hard disk and then copy your clean system partition back. Doesn't take much longer than formatting and is even more secure.

    next day another part of the town, or another town :-)

    and so on...

    Note that it can still be a good idea to ADDITIONALLY use TOR TUNNELING tools à la Torpark, for instance mounted on a USB stick.

    Note that it can still be a good idea to ROUTINELY check what's going on "under the hood" during your connections with a good sniffer à la wireshark (ex-ethereal).



When posting on Usenet
by fravia+
Never, never, never use a working email address.
When posting news items use a From: or Reply-To: address like the following ones:

This will frustrate spammer programs, that are actively grepping email addresses on usenet. There are LISTS of grepped email addresses that are sold by the spammers' masters to the stupid zombies that really believe they can make money that way.
[127.0.0.1] and localhost are synonyms for "the current host". If you're lucky the first two addresses will cause a bounce on the sender's machine as it tries to deliver to the non-existent user bounce. The last two addresses will cause the spam to be delivered to the email administrator of the machine sending the spam. If you're lucky that will be the ISP and not the spammer themselves.
In general use different email for different activities (one for real life, one for posting on usenet group A, another one for posting on usenet group B and so on. There are so many "free" email providers that you can have an infinite number of addresses, using the real one to 'pick' from those that you are using on the web - through pop for instance - and never using it directly.
Note however that ALL 'free' email addresses do use the data and the content of your mail for 'insider trading' and statistical building purposes (that's the real reason they offer you email for "free", duh) so never use these email for sensible data (never use the web for sensible data, for that matter), and learn to use pretty good privacy just in case (version 5 is the last one without backdoors and works fine on windoze).
So that you can be contacted make sure your posting body includes a signature that gives a working email address, in an encoded form - to confuse automated address collectors that scan news article bodies as well as article headers.
Here some good examples:
And so on... have fantasy, screw the spammers.

See also Hostile environments for email address gathering spiders

When they dare to spam you
(and you have some spare time)
by fravia+

Another good technique with commercial spammers if you have time enough is to retaliate, wasting as much of their time and resources as you manage to do. This wont help you much, but it is great fun. Use their toll-free telephon number and tell them you want to buy whatever gods / tits / cars they are selling. Chat a lot, let them call back you, let them send you a representative. Then just change your mind.
If you are good at social engineering you can get some real email addresses out of them ("...mmm, hey Liza, how can I reach you in a hurry if I decide to buy another item -just like the one I'll now buy for myself- for my buddy Charlie?"). If you manage to get a spammer's real working email address it's the jackpot! You can then slowbomb him for the eternity.
Alternatively just flood them with order made using bogus credit card numbers and faked identities: let them deliver their goods to a big house full of people that barely speak english and where at least 200 individuals have the name -say- "Chan" you purposedly used to reserve the goods (or whatever name/immigrant combination applies to your country). They'll go nut because they will never be able even to understand that somebody simply retaliated.
There are a lot of tricks you can devise to drive the commercial spammers nut if you have enough time, phantasy and dedication, but imo the best approach (the same you should use when commercial bastards dare to phonecall you) is to immediately look like you are falling for the trick ("...mmm, well, yes, thanks a lot, come to think of it I desperately need a new mortgage-insurance special packet..."), luring them into sending you a representative, if possible carrying all the way a very heavy or very cumbersome box / catalogue / documentation of whatever useless crap he's selling (choose accordingly when you order), that you of course wont buy once he finally arrives (you wont even appear at the meeting place for that matter) because you have simply "changed your mind". Don't laugh at them, don't curse them, don't let them understand you are playing with them: just let them convince you to fix a second rendez-vous: drive them nut (and try once more to get some real & working emailaddresses out of them :-).
Believe me, they will hate this approach, especially if you ordered the "megabigasupraoption" of whatever crap they are selling and thus lulled them into being all excited for their "commercial kill", thinking they had finally managed to fish a zombie. La va sans dire that you should choose for these meetings the most inconvenient time for the spammers, picking weird or far away located places (or expensive restaurants :-) where you will anyway never show up.

In practice, when you search

A good idea would be to chain proxies. See the anonymity lore section.
See also Anonymous surfing through other services and especially Corto's bag of web-tricks
Use (and study) Anonykid's "proxy chaining" forms, that encompasses all the above.

Anonymity essays

[Staying Anonymous in 2002] (by Woodmann ~ January 2002)
[Wolf in sheep's clothing] (by Oh Yeah ~ June 2002)
[How to walk the 'net without kicking yourself later...] (by Angela Natiash ~ January 2003)
[Internet Relay Chat Anonymity] (by Kane ~ February 2003)
  1. [shino_an.htm]: Anonymous E-mail using remailers
    by shinohara, March 2003
    "A person should learn how to use remailers to send E-mail anonymously. If you just want to send simple E-mail anonymously (no attachments, only text) and not expect an answer, you can do that by using free Web based remailers"   part of the [Anonymity lore for beginners] section.
in fieri, of course... what about helping instead of just leeching? :-)
Back to noanon

(c) 1952-2032: [fravia+], all rights reserved, reversed, reviled, revised, revoked and reverted