Guide Marcus guide to staying anonymous on the web.

[SimpCity]

Here is Maarcus guide to stay anonymous on the world wide web.
I took his explanation from another post and inserting it here so more people find it.

Please, Log in or Register to see links and images

"There's a few things to note about my article though:

Doesn't cover how to deal with file metadata.

Doesn't cover how to deal with storage and encrypting media.

Is heavily biased on my personal experiences (at least the providers of various services that I've linked).
I still think it's a good starting ground for people to read through, but I highly recommend searching for other sources and make your own opinion based on multiple articles."
//Marcus

 

[fang]

Please note that becoming fully anonymous on the internet is a really difficult task and is not achieved without any compromise on your end.

Also, it always depends on "From who do i want to hide?", for example:

If you try to hide from the government then it's not a good idea to buy a SIM card online. They could easily track your purchase via the bank and link the SIM card to you. If the Website who sells SIM cards is not that privacy focused then the information could also easily leak into the hands of whoever asks for it. Not to mention that phone location triangulation (locating your phone via signal strength of nearby telephone poles) and usage habits could even link phone numbers to you without your knowledge.​

Source: anonymousplanet's

Please, Log in or Register to see links and images

(links to cryptpad with the pdf)

What i recommend if you are paranoid to leak something and want to stay anonymous (for example a video):

- Resize it, compress it, change the codec and name of the video
- Remove metadata with mat2
- Use a VPN and a different browser or even a different OS with a VPN
- Be sure to not link yourself to the leak (e.g. buy it from a small, not-so-active shop and leak it right after the purchase)
- Upload it without regret


-Fang



Extra for tech nerds:

Please, Log in or Register to view quotes

The best tool for removing metadata, which even the privacy-focused Tails operating system uses, is currently mat2. (

Please, Log in or Register to see links and images

)
I have seen .jpg images with 4+ MB of metadata (!), which, if removed, not only saves storage but also removes traces from you and previous owners.

Please, Log in or Register to view quotes

The simplest tool and answer would be to use VeraCrypt (

Please, Log in or Register to see links and images

). You can create containers as files or even encrypt your whole hard drive / USB. It is not recommended to encrypt your whole PC with this as the encryption could be slowing down Windows' performance (according to online users).
But: If you just want to hide files from your roommate then creating an encrypted .zip archive or setting a PC password is also more than enough.

 

[fang]

Metadata is always present on a file.

The minimum metadata you have is the file creation date, the file name and the filesize.

Metadata is basically "data describing the data", so everything about a file that is NOT the file itself.

As an example a .mp4 video:

Filename = Metadata​

Creation date of the file = Metadata​

Video = Data​

Sound = Data​

Content Creators could, for example, write YOUR name into the metadata. If they see it somewhere on the internet publicly uploaded and the metadata wasn't changed then they could know that you uploaded it.

There are also other ways to manage "anti-distribution".
For example the hash of a file. A hash is an ID of your file. If you have exactly the same video as i have then the hash of our 2 files will be the same. This means a content creator could create "different files" for everyone who buys it and then track them that way.
Another example: Hiding an ID in the video's data. You can hide for example a password inside an image. This is quite a big topic, so read the Wikipedia instead:

Please, Log in or Register to see links and images

Please, Log in or Register to view quotes

They probably don't track back the IP but the user instead. This way, for example with onlyfans, it's quite easy to make out the person because a user who bought something has his bank (and thus his real name) linked. Im even unsure if people actively use metadata to track people, because if it would work it would be very effective and most people would've been banned already.

Please, Log in or Register to view quotes

The metadata is on the file itself. If you buy it and upload it to your private filehoster (where only you can see it) then it's legal in my opinion. It is only not allowed to redistribute content you bought on these sites, but not to back them up in a "cloud" for only yourself.

Please, Log in or Register to view quotes

A video / image file can't and won't notify anyone. As far as i know some content creators have automated google searches or even employees who scan the internet for leaks and dmca's them.

 

[fang]

Please, Log in or Register to view quotes

You can use the following to remove metadata of every file in every folder of your current directory:

Please, Log in or Register to view codes content!

(If that doesn't work correctly try to execute "shopt -s globstar" beforehand to enable the **/* syntax)

To recursively encode videos in your current folder and subfolders (the encoded name will be ending with .mp4.mp4):

Please, Log in or Register to view codes content!

Or if you only want to do it for the current folder you are in you can also use (names the encoded files _xxx.mp4):

Please, Log in or Register to view codes content!

Please, Log in or Register to view quotes

If you want to read about privacy and security I also recommend the following websites:

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

For testing privacy:

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

(browser fingerprinting, scroll down and check if you are unique, if yes its bad)

 

[fang]

Im not an expert on this ofcourse, so don't blame me if something unexpected happens.

I think the steps above should be enough. A few extra hints:

• Don't leak something that you bought via a "comission" (= dont leak something only you can have)
• Don't use the same username here as on the platform of purchase. (Also, don't use a username that can easily be linked back to your other accounts or social media)
• For anonymity i would now recommend "Tor browser" instead of a VPN. (Source:
  Please, Log in or Register to see links and images
  )
• I would, ofcourse, not recommend to login anywhere for uploading your file.
• If i saw it correctly gofile offers uploads without login.
• Use a "freshly cleaned" browser, for example incognito mode or a reset Tor Browser. (Cookies and browser-fingerprints, for example by being logged in to your google account, could give away your identity)

If you are using linux: I use the following 2 commands to re-encode the video and remove it's metadata:

Please, Log in or Register to view codes content!

 

[fang]

As far as i know, some arguments:

1. Mullvad

You send them the money per mail. They have no information about you except maybe user name and password. They don't know your name, your email, your adress, they know nothing about you. If they get hacked or have to disclose information to the police they can give them nothing. (if the police even know that username belongs to you, the person)
Mullvad is also in Sweden, which means the data privacy laws are different and more relaxed.
It also has a "no logging" policy, which means they could not give anyone logs of what you did online.

2. Norton

You have an account, email, maybe even more details about you. If they get asked by the police to hand over information they do it immediately without even thinking twice. All the logs of your online adventures, when you accessed what website etc., gets handed over to anyone who asks. This is also because Norton sits in the United States, which is a red flag for privacy and anonymity.
You can google "5 eyes" for more information on america and it's data privacy. (Spoiler: There is none. The state is probably already getting everything from Norton with a gag order like Microsoft, Lookup "lavabit" on Wikipedia for a story about this exact scenario)

That's why Tor Browser gets recommended. The Tor network makes you more anonymous than a VPN can and it's also free.


EDIT: Norton may have better reputation, but it also depends on "from who do you want to hide?". If you live in the USA then Norton is a bad choice, the state can get any information about you at any time. (Same if you do illegal stuff) If you just want to hide your browsing habits from your dad or some script kiddies who hacked the public wifi then Norton is enough.

 

[tom307]

Please, Log in or Register to view quotes

It doesn't seem like OF stores any metadata related to the user. Was talked about in this thread. If you're very worried take a high quality screenshot of the image that way no metadata could possibly be transferred.

 

[huelian2]

Please, Log in or Register to view quotes

The word you looking for is "video steganography":

Please, Log in or Register to see links and images

The concept dates back to ancient times. Spies use this a lot, like hiding info in microdots in documents. But any lossy compression that does not change quality very much is enough to destroy the data.

I did see content creators saying they were doing this on a per-customer basis to trace leakers. But if you only apply a bit of blur, compress the video a bit and reencode it with another codec, you will destroy this information. If you are paranoid, blur and compress it a lot then feed the result to an AI upscaler. This also eliminates noise in the image. Dumb steganography does generate noise in the image, which could explain why I started to see so many video files which were large yet had a lot of visual noise.

Smart steganography would be harder to see but a lot more difficult to implement. For each image they would have to create a map of where each pixel goes, to hide pixels among others of similar colours. But that is even less robust against blurring. Seam carving is yet another option to destroy this info.

Now, a visible watermark is just stupid because then you can just cover or blur the watermark. I would expect that a visible watermark is both a marketing tool to fool creators and a honeypot to make you feel safe after you destroyed it while they are tracing you some other way. Like if they are making each copy unique at the content level: rotating a bit, zooming a bit, applying some iterations of seamcarving, etc. But then again, we can mess their junction tables by doing the same kind of things. Imagine bacteria reproducing with a high mutation rate.

However, the clock is ticking for them, because there are already brothels of sex dolls getting more demand than brothels of people in the same places and there is already AI capable of generating realistic images, video and audio of people doing things and speaking. Realistic not only graphic-wise, but also physics-wise. Or unrealistic, if that is your thing (Japanese guys who like tentacles, I am looking at you). Soon any simp will be able to build his own porn and his own sex partners.

 

[hanumania]

Please, Log in or Register to view quotes

So happy to see someone not shilling for one of the big corporate VPNs (or just being ignorant about it).
As you say Mullvad and Proton are both very good, I would throw in AirVPN, a nonprofit based in Italy, run by Italian net neutrality hacktivists.
I've been using them for years and they take the stuff very very seriously.

I can't believe NordVPN is a top VPN, as they were caught not actually providing VPN services (fake vpn) and selling user data years ago. It's hard to read this stuff because they own a lot of the review services (including "trusty" outlets like PC Magazine).

keep up the good fight.

 

[fang]

Please, Log in or Register to view quotes

Depends on what you want. Do you want to be anonymous?

If yes then use the Tor Browser instead of a VPN. A VPN does not provide anonymity.

I would only recommend a VPN if you want extra privacy from your ISP (Internet Service Provider), public wifi or while Torrenting.
The recommendations shifted a bit, right now in june 2022 they are (according to privacy sites and my own testing):

1. Mullvad
2. IVPN
3. ProtonVPN

Mullvad and IVPN accept cash via mail, which means even they do not know who you are if you simply pay per postal.

 

[shallowcrack]

Regarding forensic tracing of copyright materials; what about hex editing? Is it possible for every download to be tagged individually with info tying it to the person who downloaded the file from a studio? I've encountered files that had hex data ID because no matter what I did to the file, it always reported where the file came from. I opened the file in a hex editor and found the offending text.

 

[fang]

To stop apps from collecting your data you should disable any and all permissions they use in the settings.
On android you can easily do that in the apps settings. Try to use f-droid apps instead of playstore ones, they are open source and care about your privacy.

You can use firefox or duckduckgo, any browser except chrome will be OK if you are afraid of chromium.

If you are annoyed by ads its good enough to set a custom dns in the connectivity settings.
The first one i found by searching "dns adblock" is "quad9".
On android you can simply go to settings, connectivity, further settings and then on "Private DNS". There You can enter e.g. "dns.quad9.net" and it should from then on automatically block every ad, sometimes even in phone games.

If you want to go even further install grapheneOS or LineageOS (aka. a custom android rom) and do not use the playstore at all.

EDIT:
I do not recommend a VPN. What does it provide for you?
If you use Instagram and look at the pictures of someone, instagram will know that, no matter VPN or not.
A VPN does not help you become anonymous if your phone is tied to you and every app you download is tied to your google account.

 

[bruizeh]

Please, Log in or Register to view quotes

I have a few expensive PPV'S I am willing to share, will these steps suffice? I've never really leaked anything before and just worried about my ass getting handed to me if I do share. Any good filehost recommendations and/or VPNs?

 

[hrhrhrhr]

Another website with information on this subject is

Please, Log in or Register to see links and images

, it has many subpages about different topics related to security/anonymity in one way or another, after all there can be data mining in many different contexts, but for a start more aligned with OP's request you might want to check the page about browsers (and other websites linked from it), it's the first one in the article list. Another related website is

Please, Log in or Register to see links and images

Please, Log in or Register to view quotes

Do you know whether there's a way to use that command in bulk? Something such as re-encoding all files in a folder.

 

[AnonmiseR]

Thank you Fang, that made a lot more sense.

 

[fang]

Please, Log in or Register to view quotes

What are you afraid of? From who or what do you want to hide?

In general, it is advised to not use any mobile device if privacy is of upmost concern.
Not only does it show your position via triangulation of cell towers but it could also contain backdoors in common apps, example being the reverse engineering of the TT app from someone on reddit a few years back.

 

[hanumania]

Please, Log in or Register to view quotes

The list of things an actual privacy and security focused VPN provide is long.
The first one is obvious: Your ISP cannot tell what kinds of traffic you are creating, where you are going, and cannot inject packets into your sessions. For many users the latter is a very real problem.

If you are logging into Facebook or Instagram, or any of criminal Zuckerberg's products, you have lost the privacy and security battle. Simply put, Facebook\instagram users are the rapetoys of the AI industry.
If I really need to see something on instagram I'll use a scraper like img***/***sed.

"A VPN does not help you become anonymous if your phone is tied to you and every app you download is tied to your google account."" I mean, I'm not sure what you're arguing there. In any case, I don't want this to be derailed. Read Edward Snowden's tips for online privacy. One specific there involves Tor, which you should not be using without a VPN, because you don't want your ISP (or anybody else) knowing that you use Tor. It eliminates the point.

 

[Crocop]

Responding to the aka paranoid (in his own words). Only by the Amount of misinformation posted by him.

Password Manager:
Please, before posting something, at least read its content.

1Password: No, 1Password was not hacked. // Source:

Please, Log in or Register to see links and images

/

Please, Log in or Register to see links and images

As recommended by the

Please, Log in or Register to see links and images

that centralizes leaked password databases. Source:

Please, Log in or Register to see links and images

There has never been a proven data leak. (until now)

LastPass: Who recommended LastPass?

Bitwarden: No, Bitwarden was not hacked.
Source: Just like your 1Password link,

Please, Log in or Register to see links and images

that you didn't read says that Bitwarden has not been hacked. Just read before spreading fake news.
Even the author of your link recommends Bitwarden.

Proton Pass: This was one of the 3 recommendations, perhaps you confused it with LastPass.

Please, Log in or Register to see links and images

VPN's:
See my post, I posted this link, but it was incomplete. I don't know why.

Please, Log in or Register to see links and images

Now that the link is complete, you can learn to interpret semantics instead of limiting yourself to synthetics.

Browsers:
Maybe I don't need to explain why an HTTP without S website seems insecure.
Did you write all this to recommend the 4 browsers I recommended?

Please, Log in or Register to see links and images

DNS:
Again, please read the notes to avoid making further mistakes.

Quad9: ...does not collect or record IP addresses or other data they deem personally identifiable.

Please, Log in or Register to see links and images

Cloudflare: ...does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours.

Please, Log in or Register to see links and images

Please, Log in or Register to see links and images

================================================================
================================================================
Obs.:

Just as OP posting recommends

Please, Log in or Register to see links and images

, these other sites also recommend. So, don't be arrogant to dictate that you have the true truth. You have your way of thinking, and that's fine, it doesn't make others go wrong.

My post was not to teach a class or create a discussion, but a summary of some field expert recommendations. That's why I posted several sources to anyone interested, able to read. Do this next time, read.

The intention is to follow the thinking of Nassim Taleb, we are all exposed, but we can create small barriers to reduce the chances of something wrong to happen. Good luck.

 

[hrhrhrhr]

A

Please, Log in or Register to view quotes

Awesome, thanks :D
The last command didn't work as expected but I'll have a look at the manpages and see if I find something.
Also thanks for the links.

 

[recoveringcoomer]

Please, Log in or Register to view quotes

And sorry for not answering the browser question, I would recommend ungoogled chromium, firefox or librewolf. Firefox has the best settings out of the box for casual usage though so I suggest you use that and disable telemetry in the settings. A lot of people recommend brave but I wouldn't use it for reasons listed

Please, Log in or Register to see links and images

, and I especially wouldn't recommend google chrome since it sells everything you do to advertisers. Some sites support chromium based browsers better and ungoogled chromium does that best. Checking out that website I linked has info on other good browsers I mentioned if you're into that