2010-03-17 01:58:41 UTC
This is a simplistic way to achieve good anonymity and privacy on the Net. It is primarily aimed at
newbies. More advanced users may prefer their own methods.
You need both anonymity and privacy. These are inter related but not the same. Let's start with
It is imperative that your ISP cannot usefully monitor your activites whilst online. This means
that even if they actually try and monitor you (through a legal Warrant for example) they will learn
little or nothing at all of your activities. You will need your usual ISP for non critical browsing
and Emails, etc.
But for anonymity, use a wireless hotspot. These are all over the place nowadays. If you have an
iPod you can download an app that will find one in any area of the world.
You will need a small laptop bought for cash. You never use it to access the Net using your normal
ISP. All files you download, are later copied across to your similarly configured desktop.
If you wish to use one laptop for everything, meaning normal usage through your ISP, then you will
need to partition it into 3 parts. The first partition is your usual one for non critical usage.
The second and third are for your secret files. If you prefer to use two separate computers, then
you only need to partition it into 2 parts.
You will need to have dual booting set up. If you use a Macbook, use Boot Camp (details on the
Apple Website). If you use Windows or Linux, you will need to manually install aanother operating
system into the second partition. The most important thing about this second boot is it must never,
ever access the Net via your ISP. For maximum safety instal Linux, or buy a second copy of Windows
for cash. Activate this copy of Windows by using a wireless hot spot, or activate from a public
phone in the next city. Do not activate using either your ISP or your home telephone. This is
because all incoming calls to activate are logged by Microsoft for future reference and available to
LEA for tracing a user.
The third partition is for privacy, which is dealt with further on.
Your second partition will never again (after activation) have direct contact with the Net. So
there is no need to install anti virus (which will try and call home, anyway). You should disable
all parts of the program that are required to dial out or access the Net. Use Control Panel to find
these. In Win XP it is in Network Connections. Just disable everything.
You will need a copy of VMWare workstation 7. This can be justified by using it to create a clean
copy of Windows or Linux somewhere on your system. Perhaps on the second boot drive, or wherever.
Use your imagination. You must be able to justify having this program. Thus there must be a normmal,
possibly encrypted partition or external hard drive available that it can access to justify its
presence. To mimimise logging, install a cache cleaner, for example CCleaner. This is not perfect,
but will hopefully destroy your VMWare logs.
Now onto privacy.
Install Truecrypt on your second boot partition. Then use it to encrypt the whole of the third
partition. Or you could use an external drive. USB drives are far slower than using an internal
partition. After Truecrypt has done its bit, put some non contentious adult porn, or whatever you
wish that is legal, into this first encrypted partition, or use it to justify having VMWare by
installing another operating system within it. Now create a hidden encrypted partition. To preserve
plausible deniability it is absolutely essential that you can show why it is impossible to open this
partition. In the US you may be able to successfully argue it is priviliged information. But the
way the world is going and definitely if you live in the UK, you must show why this partition is
impossible for anyone to access.
This is done by creating several header keys, using Truecrypt, and copying them in a damaged form
onto a flash drive. To damage them open in Notepad and just input a few white space characters, or
just destroy the second half (or the first) of some of these header keys. Now fill the drive with
some backup files, music or legal pics, programs or whatever. Whilst this data is being written,
pull the drive out of your USB slot. This should irreparably damage the drive. If it doesn't try
again and again until it does. Sometimes the drive will drop from, say, 2 Gigs back to just 200 megs
or so. Perfect. You claim this flash drive contains the only key files for your Truecrypt hidden
partition. Even if forensics do recover the drive, the keyfiles will still show as damaged. You
could deliberately damage some pics or programs to reinforce this idea.
Naturally there will be a way for you (and only you) to access this Truecrypt encrypted hidden
When you are creating this partition choose several files to be used by Truecrypt as keyfiles. I
suggest 6 or more, plus a long passphrase. These files can be backups of your legal photo
collection which you have already put on the second boot partitiion. This further justifies this
partition as a secure backup for your photo shots, or your iTunes music. Because it is only for
backup there is no need for an Internet connection.
Next you use VMWare Workstation to install a client Windows (or Linux) operating system onto yoour
Truecrypt hidden partition. This is simplicity itself with version 7 of Workstation. There are
several cheaper alternatives. Maybe you already use one or have a preference. Fine. Just as long as
it never writes anything of your hidden operating system back onto the the host partition page file.
With Workstation 7, choose Edit, Preferences, Memory, and ensure that "Fit all virtual machine
memory into reserved Host RAM" is enabled. This is vital. I would not use the Windows freebie
version, as nothing that Microsoft does can be trusted, especially when it comes to logging things
Most important: Use a different login user name and password. Make absolutely sure that you never
input any personal info into this copy of Windows. This means you should never use your Credit Card
for any reason. Even if an attacker manages to penetrate this system whilst online, they will not
find anything of use to them to identify you.
How does this all fit together?
You will boot into your second partition. You then use Truecrypt to open your hidden partition. Now
you start VMWare and use it to boot into the client Windows installation within your hidden
partition. If you have been successful, everything you do from now on is truly private. Nothing
should be written to the host computer (your second boot partition) paging file and all VMWare logs
should be trashed by CCCleaner. Just remember to run it everytime you close your virtual Windows
system. If you are using a small laptop as a drone, you can copy all your new material, postings,
etc, onto your home desktop at your leisure. Naturally, it will be similalry configured with a
second boot partition, VMWare and Truecrypt.
You can now install all your favorite programs for viewing pics, etc. But first, most important
download (using a wireless link) the latest version of Tor. Get the complete Windows (or whatever)
package. Next install Firefox as your default browser onto your guest Windows operating system. Now
install Tor with the Torbutton, which comes with the Tor download package. Tor will also install
Privoxy. This helps to screen out any damaging info that your system might try and send. However,
if you have taken my advice there will be nothing that will be traceable on the system to send out
You will need an antivirus program. Google for a freebie. Do not use your CC to buy any programs
that you intend using in your private folder.
If you install any other programs which have the capability to access the Net, ensure they are all
configured to route through Tor as proxy. For example, if you choose to install Flashget (strongly
recommended) you should set it to route only via Tor. Go Tools, Options, Proxy, Add. On the Title
line type: Tor, then click on Socks5. Now input 127.0.0.1 on the Server line and 9050 on the Port
line. Click, OK and again OK. Before using in anger, check to see if you can access the Net when
Tor is not enabled. If you can, check your configuration. The same test should also be performed
Some Important Notes!
1. Common sense dictates that this file must be stored within your hidden partition.
2. Remember, this is only a guide. If you know of a better way to achieve anonymity and privacy, use
it. Better still, tell us all how you do it.
3. Newbies are always joining the Net.I believe it is our solemn duty to help them. Remember, we
were all newbies once.
4. My pgp key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 9.0b1
- -----END PGP PUBLIC KEY BLOCK-----