Guide for Stealth, Privacy & Anonymity Online - E-mail, Browsers, Modems, Wi-Fi, LANs

Last Updated - 5/1/2015

Updating as time permits.

If you have any questions, please post below. If you have a specific question (i.e. questions about a type of router and its settings), you can PM me.

Subject:
Comprehensive guide to providing anonymity online. While noting that nothing is 100%, this guide will provide you the most up-to-date settings, software, and applications to make it virtually impossible to detect your location, thereby securing your identity, and (double) encrypt your e-mail(s). These products, procedures, and settings provide a layer of protection that is overkill for an end user of a product (gear) such that the forces to be wouldn’t expend its resources on you, but rather the supplier/source.

Rational:
Some of the content in the subsequent paragraphs is just good practice and will protect you during your day to day activities online. However, this thread is specifically focused on the need for ultra stealth and anonymity when you’re purchasing gear, having source discussions, or any other activities you don’t want traced back to you that would ultimately incriminate you (and the recipient of your conversations). I estimate that this is between 1% - 10% of all your online activity. I’ve distilled this down to the essentials and provided links to the software/applications/instructions.

Basics:

Cell Phone:
Never use this for stealth. As of the last update, TOR browsers are not available for cell phone Operating Systems and are the first line of defense for online anonymity. Also, you'll need a VPN and adjust your settings (turn OFF cellular and GPS, etc. - each phone, and even software/firmware versions are vastly different such that I don't even want to chance it. Also, Google this, "Edward Snowden iphone".

Modem/Router/Wi-Fi
1) Change the password of the router/modem, and if possible, the username. (Write it down!)
2) Change the default modem login IP address (Write it down!)

*This is in the format of xxx.xxx.xxx.xxx (i.e. 196.168.001.001, also the same as 196.168.1.1; zero's are ignored. I suggest using something like 938.947.466.372 (utilizing no zero's).
*Also note, when you change this IP address, your router/modem may need you to type the NEW IP it into the browser.

3) Change the default modem SSID to something unique
4) Enable Security Mode

Note: use the highest encryption available on your modem (unless a device in your home is not compatible).

5) Firewall – Set to highest level, but may prohibit VOIP such as Skype.
6) (Optional) Change from DHCP Hosting to Static IP’s - make a table of all listed devices connected by either the devices name and/or MAC address.
7) If available, hijack or connect to your neighbors Wi-Fi.

Computer/Laptop
Rename your computer something random and not associated to you, style of life, favorite team, etc. (Use something like: "Oil Change" or "User1")

Scope:
As a general rule, utilize VPN and E-mail providers who do not have extradition treaties with the US (or the country in which you reside). Additionally, it’s even more secure if the country hosting the VPN and E-mail servers is physically in, and operated/owned by a county which diplomatic relations are strained or non-existent (in the US, as of the date edited/posted, this would be Afghanistan, Russia, North Korea, China, etc.). Point-in-case, popular encrypted email providers like Hushmail (based in Canada), Safe-mail.net (based in Europe), and VPN service provider www.hidemyass.com (also based in Europe) were all served court orders by the aforementioned country of the service provider, due to a strong armed US tactic and strong diplomatic relations. As you can see, the trend is that you want service providers to have operations and hardware in a country with weak diplomatic ties to the US….or your country of origin if not a US citizen.

(Optional) Virtual Portal Network (VPN). If your decide to use one, and you are required to pay, use Bitcoins.

E-Mail: Do not use Safe-mail.net nor Hushmail.com.
Utilize an encrypted e-mail provider in Russia or China. This one is popular in the Darkweb circle: https://tutanota.com/ , although a few others exist. Tutanota.com is great because not only does it encrypt, but the sender needs a second method to communicate the password/key to even open the e-mail.

Encryption for E-Mail:
Hands down, use PGP (which stands for Pretty Good Privacy). Use this link https://www.gnupg.org/download/index.html

Browser:
TOR Browser is the only browser at this juncture: https://www.torproject.org/projects/torbrowser.html.en
A TOR browser is an Internet communication method intended to enable online anonymity. Read the homepage where is says "Tips On Staying Anonymous " - this is behavior modification required from your typical browsing practices.

Tails:
Basically, it's a mini operating system and software on a USB or similar (SD card for example). Not required, but lets you destroy all data with one hit from a hammer.

#1, change the color, the 2nd part is hard to read.

Why never use a cell phone? I know you cant change a lot of the properties on it and it wont be 100% stealth but setting up a VPN and using a TOR browser would help, wouldn't it?

Quote:

---

Originally Posted by lovbyts

#1, change the color, the 2nd part is hard to read.

Why never use a cell phone? I know you cant change a lot of the properties on it and it wont be 100% stealth but setting up a VPN and using a TOR browser would help, wouldn't it?

---

Fixed/Edited. See above.

There is a new Android app called Scrambl3 for encrypted cell phone comms. It supposedly is based on NSA's 'Fishbowl' technology, which they reverse-engineered from a technical specifications document NSA released in 2012. Obviously, the phones on both ends of the conversation must be running the software.

The way these things tend to run, I doubt Scrambl3 will be the last, or the best, but at least it's a beginning. It bears mention that TOR originally was developed by DARPA.


If you're not a fan of Linux, and don't want to be stuck with running if full time, you can make a bootable TAILS thumb drive with Pen Drive Linux's universal USB installer for occasional use. Provided your PC's BIOS supports booting from USB (as most do), just plug in the TAILS thumb drive and reboot to the USB drive. TAILS comes with TOR/Firefox and Gnu's PGP encryption by default.


De-Google your life: it’s worth the hassle if you value your privacy

Quote:

---

...Google’s search engine, email and other products are fast, intuitive and reliable – but they’re not free.

Instead of cash, people pay Google in kind: with their identity, their behaviour, their habits and their preferences. Google collates and analyses this user data on a global scale, sells it to advertisers and, according to Edward Snowden, more than occasionally gifts it to US and other intelligence services....

---

Some people think the earth would cease revolving if they had to give up Google's search engines. Use Search.Disconnect.me instead, essentially an anonymous proxy for Google search. There's also a Disconnect Search plug-in for Chrome and Firefox.

You can ditch Google but still use Chrome by switching to SRWare Iron. Chrome is open-source (with a BSD licensing agreement) and there are several alternatives with differing focuses based on Chrome's source code. My fave, SRWare Iron, is Chrome with all of Google's snitch-ware removed. Works pretty much like 'regular' Chrome, all your favorite plug-ins and what-not still work, except it doesn't rat on you.


There's no fixing Gmail's security holes, unless you encrypt.

Quote:

---

"There is what I call the creepy line. The Google policy on a lot of things is to get right up to the creepy line and not cross it."
-- Google CEO Eric Schmidt

---

If Schmidt thinks reading my Gmail isn't already leagues beyond creepy, his creepy meter is FUBAR.

c00lio

What do you think of the TextSecure app?

https://whispersystems.org/
Moxie Marlinspike: The Coder Who Encrypted Your Texts - WSJ

From what I understand, if both parties are using it and both parties delete the text thread, you're totally safe.
They also have an app called RedPhone for calls. Again, both parties have to be using it.

Quote:

---

Originally Posted by Dr. Anabolic Review

Last Updated - 5/1/2015

Updating as time permits.

If you have any questions, please post below. If you have a specific question (i.e. questions about a type of router and its settings), you can PM me.

Subject:
Comprehensive guide to providing anonymity online. While noting that nothing is 100%, this guide will provide you the most up-to-date settings, software, and applications to make it virtually impossible to detect your location, thereby securing your identity, and (double) encrypt your e-mail(s). These products, procedures, and settings provide a layer of protection that is overkill for an end user of a product (gear) such that the forces to be wouldn’t expend its resources on you, but rather the supplier/source.

Rational:
Some of the content in the subsequent paragraphs is just good practice and will protect you during your day to day activities online. However, this thread is specifically focused on the need for ultra stealth and anonymity when you’re purchasing gear, having source discussions, or any other activities you don’t want traced back to you that would ultimately incriminate you (and the recipient of your conversations). I estimate that this is between 1% - 10% of all your online activity. I’ve distilled this down to the essentials and provided links to the software/applications/instructions.

Basics:

Cell Phone:
Never use this for stealth. As of the last update, TOR browsers are not available for cell phone Operating Systems and are the first line of defense for online anonymity. Also, you'll need a VPN and adjust your settings (turn OFF cellular and GPS, etc. - each phone, and even software/firmware versions are vastly different such that I don't even want to chance it. Also, Google this, "Edward Snowden iphone".

Modem/Router/Wi-Fi
1) Change the password of the router/modem, and if possible, the username. (Write it down!)
2) Change the default modem login IP address (Write it down!)

*This is in the format of xxx.xxx.xxx.xxx (i.e. 196.168.001.001, also the same as 196.168.1.1; zero's are ignored. I suggest using something like 938.947.466.372 (utilizing no zero's).
*Also note, when you change this IP address, your router/modem may need you to type the NEW IP it into the browser.

3) Change the default modem SSID to something unique
4) Enable Security Mode

Note: use the highest encryption available on your modem (unless a device in your home is not compatible).

5) Firewall – Set to highest level, but may prohibit VOIP such as Skype.
6) (Optional) Change from DHCP Hosting to Static IP’s - make a table of all listed devices connected by either the devices name and/or MAC address.
7) If available, hijack or connect to your neighbors Wi-Fi.

Computer/Laptop
Rename your computer something random and not associated to you, style of life, favorite team, etc. (Use something like: "Oil Change" or "User1")

Scope:
As a general rule, utilize VPN and E-mail providers who do not have extradition treaties with the US (or the country in which you reside). Additionally, it’s even more secure if the country hosting the VPN and E-mail servers is physically in, and operated/owned by a county which diplomatic relations are strained or non-existent (in the US, as of the date edited/posted, this would be Afghanistan, Russia, North Korea, China, etc.). Point-in-case, popular encrypted email providers like Hushmail (based in Canada), Safe-mail.net (based in Europe), and VPN service provider www.hidemyass.com (also based in Europe) were all served court orders by the aforementioned country of the service provider, due to a strong armed US tactic and strong diplomatic relations. As you can see, the trend is that you want service providers to have operations and hardware in a country with weak diplomatic ties to the US….or your country of origin if not a US citizen.

(Optional) Virtual Portal Network (VPN). If your decide to use one, and you are required to pay, use Bitcoins.

E-Mail: Do not use Safe-mail.net nor Hushmail.com.
Utilize an encrypted e-mail provider in Russia or China. This one is popular in the Darkweb circle: https://tutanota.com/ , although a few others exist. Tutanota.com is great because not only does it encrypt, but the sender needs a second method to communicate the password/key to even open the e-mail.

Encryption for E-Mail:
Hands down, use PGP (which stands for Pretty Good Privacy). Use this link https://www.gnupg.org/download/index.html

Browser:
TOR Browser is the only browser at this juncture: https://www.torproject.org/projects/torbrowser.html.en
A TOR browser is an Internet communication method intended to enable online anonymity. Read the homepage where is says "Tips On Staying Anonymous " - this is behavior modification required from your typical browsing practices.

Tails:
Basically, it's a mini operating system and software on a USB or similar (SD card for example). Not required, but lets you destroy all data with one hit from a hammer.

---

Thanks for taking the time to write this up!

I got an email with tutanota, got TOR, and set up a PGP
I've been using a VPN, IPVanish, I've been told it's a good one?
I may mess around and make a tails later when I have time

Much Appreciated!

I didn't bother to read this in its entirety before, but just now I noticed this:

Quote:

---

Originally Posted by Dr. Anabolic Review

Last Updated - 5/1/2015

...2) Change the default modem login IP address (Write it down!)[/INDENT]
[INDENT=2]*This is in the format of xxx.xxx.xxx.xxx (i.e. 196.168.001.001, also the same as 196.168.1.1; zero's are ignored. I suggest using something like 938.947.466.372 (utilizing no zero's)....

---

It isn't possible to create an IP address of 938.947.466.372. This is such a fundamental error that I have to presume that either the OP is yanking our chain or he didn't write this but only copied it from somewhere else, and someone who didn't know shit from shinola about networking altered its content.

The reason it's not possible to create an IP address of 938.947.466.372 is that IPV4 is a 32-bit address scheme. Each of the four segments gets one-fourth of the 32 bits meaning they are each (32÷4=) 8 bits in length. Eight bits is why each segment is called an "octet."

So each octet only can represent (2^8=) 256 numbers. And digital devices commence counting at the number zero, not the number 1, so each octet only can represent the numbers from 0 to 255.

So 255 is the largest possible number in any octet.

The reason this is important (other than the fact that your computer knows better and will simply snigger at you if you try to create an IP address of 938.947.466.372) is that private networks only should be using IP addresses from the private networking scheme. There are three blocks of IP addresses that have been designated for private use, the most common being the one that starts with 192.168.0.0 and ends with 192.168.255.255. Note that the last two octets in the latter number are 255, which means that block exhausts every possible IP address that starts with "192.168."

Private IP addresses are meant to be used on, for lack of a better term, "amateur" networks. Private IP addresses are never to appear on the Internet, meaning there is no website on the Internet that uses a private IP address. Whoever manages a private network is free to use any private IP address they care to because nobody cares whether your home network is properly managed because your screw-ups will never spill over onto Internet. At least not so long as you avoid making private use of a public IP address.

Everything on the Internet uses a public IP address, which essentially is every IP address apart those 17 million or so allocated for private use. But the key difference from private addressing is that each individual public IP address is controlled at several different levels but ultimately ICANN keeps track of public IP distribution to assure that there is no duplication.

And each public IP address must be unique for the same reason each telephone number must be unique.

The way private and public IP addresses are kept segregated is by means of gateway devices. The modem you got from Verizon or Spectrum is programmed to understand that it is never to allow a private IP address to get past it and on to the Internet. So when you try to surf porn from your PC with the local IP address of 192.168.1.23, your modem recognizes that any 192.168.xxx.xxx address is private so it performs what's called network address translation on it, changing it to match your gateway device's "external IP address." Your external IP is a public address that your ISP has assigned to the Internet side of your gateway device. And which your ISP, in turn, has been authorized by ICANN to use.

The reason it's in your best interest never to use a public IP address on your home network is that ICANN literally has run out of IPV4 IP addresses. The guys who created IPV4 when there were only a few dozen networked devices in the entire world never envisioned exhausting a pool of roughly 3.7 billion addresses, but we've been rushing headlong toward IP address exhaustion since the sale of handheld devices (smartphones and tablets) exploded. Because of derelict websites there are some few thousand addresses not in active use but your odds of accidentally picking one of those out of the 3.7 billion are millions to one.

So if you pick a random public IP address and it happens to be one somebody else already is using (and odds are millions to one against you), your gateway probably won't NAT it, which more than likely will cause an IP address conflict on the Internet. And I guarantee your ISP will have a case of the ass if this happens.

So don't screw with the base IP address on your router unless you first educate yourself on the private IP addressing scheme and use it appropriately.


Regardless, changing the router's base IP address won't improve your home network's security one whit because IP addresses don't mean shit to any device that isn't already on your network. And if they're already on your network that means either they've got your wireless logon password or they're connected to your network by Ethernet. In either of those cases, IP addresses are the least of your problems because your network already has been compromised.