Docstoc

How To Hide Your Digital Identity Online

Document Sample
How To Hide Your Digital Identity Online Powered By Docstoc
					Digging Deep
The Anonymity
World
 -   A Perfect Solution For Being Anonymous

_________________
Chintan Gurjar (@chintan_gurjar)
Vikas Roy
                             Index
 i.    Introduction
          a. Which information can server grab from your system
             when you visit them
          b. Hack yourself before going outside for hacking
ii.    Picking The Right VPN & Proxy Servers
          a. Tracking Cookie Scenario & POC
          b. VPN & Proxy Servers
               1. proXPN
               2. JonDonym
               3. HIMACHI Setup
               4. Ultasurf
               5. Myths & Realities About TOR
               6. OpenProxy
               7. PAC files
               8. Setting Proxy To Tools
iii.   Use of Encrypted Emails and Chat Services
          a. Email Encryption
               1. GPG
               2. PGP
               3. sbwave Email Encryption
               4. hushmail Email Encryption
          b. Instant Chat Encrytion
               1. X-IM Encrypted Instant Messaging
               2. PSST Encrypted Instant Messaging
iv.    Find your real time trackers
          a. Introduction
          b. What is collusion?
v.     Incognito Mode Of Browser
           a. Truth about incognito
           b. Limitations In Incognito
           c. How to use in various browser
 vi.    Is Google Tracking A Big Issue For You?
           a. Google Privacy Ethics Information
           b. Data we give Google directly
           c. Data we give Google indirectly
                1. Logs
                2. Geo Location
                3. Device Information
                4. Unique Application Number
           d. How to stop Google Tracking?
                1. Use of Plugins
                2. Best Plugin list
                3. Do Not Track Plus - Information
                4. Disconnect – Information
vii.    Is Social Media Tracking A Big Issue For You?
viii.   The Uniqueness Of Your Browser
           a. PANOPTICLICK Project
           b. Normal Data Collection
           c. Detailed Data Collection
           d. Purpose of this project
           e. Live Testing of Uniqueness of Browser
 ix.    Fake Identity Generators
           a. Why important?
           b. General Tips
           c. Reference Book – HOW TO DISAPPEAR
           d. Site Links To Generate Fake Identity
 x.     Alternate Device Connection
 xi.    Removing Metadata From Media Files
xii.    Use Of Disposable Email Service
          a. Introduction
          b. Advantages of Temporary Email Services
          c. Site Links
xiii.   Clearing Tracks From Physical Device
          a. Ways of Removing Traces
               1. Peter Guttman‟s Method
               2. Tool –Eraser
               3. DOD Method
               4. Darik‟s Boot and Nuke Project
               5. Physical Destruction Method
               6. Other Tools
xiv.    Cryptying Data
          a. Introduction
          b. Types of Encryption
               1. Communication Encryption
               2. Database Encryption
               3. File/Folder Encryption
               4. Hard disk Encryption
          c. File/Folder/Harddisk Encryption Tools
          d. Communication Encryption Tools
          e. True Crypt
               1. Information
               2. Future
xv.     Things To Do With Your Real Account
xvi.    Understanding log files for clearance
          a. Introduction
          b. UTMP
          c. BTMP
          d. WTMP
            e. LastLog
            f. Linux Server Log File Information
xvii.    Firewall importance for being anonymous
            a. Introduction
            b. What hacker does?
            c. When firewall is needed?
xviii.   Use of Anonymous Operating Systems
            a. Introduction
            b. Benefits of this OS
            c. Specification of this OS
 xix.    Using OccupyOS live CD
            a. Introduction
            b. Benefits of this OS
 xx.     SSH Tunnel
 xxi.    Things To Do When You Are Under Suspect
The information given in this guide is only for educational
purposes. The author is not encouraging the reader to use these
techniques to break the law of cyber world. While anonymity is an
important thing, Author encourages people to use this in positive
activity in which any law should not be broken. Author will not be
responsible for any kind of misbehave done with the help of this
guide.
                           Introduction
Basically my aim is to provide you the information that if you are
going to hack something, just before that wait for a while and
check whether your system can be hacked or not? This paper is
all about those points which can help you out to hide your online
identity weather it is on social media, after hacking, before
hacking or under suspect by cybercrime investigators. Do not use
this article for BlackHat activities. Defacing is not everything. One
day when you will grow up, you will realize that you were a kid
who was doing SQLi, XSS, rooting servers for mass defacing and
all that.
It is true that you are not a bad guy. But there are some people in
the world (Hackers, l33ts, Geeks, Noobs, Forensics or cybercrime
investigators), who can keep on looking your activity, when you
are the suspected Vitim,
  • It is not the only matter of being suspected victim, but some
    individual also like to hide their real identity in order to get rid
    of the spammer & scammers. So this is the reason that why I
    am inspired to write this paper on topic "HOW TO BE
    ANONYMOUS ONLINE."
  • I have done research in this particular topic to find the best
    solution to stay anonymous in this digital complex world.

Which information Can Server Grab From Your Machine
When You Visit It
Generally when you visit server or site, it has an ability to
grab much information about you. In sometimes people do
not want to leave their traces on the server or site. But
before digging into the solution of anonymity lets have
some information about the server that which type of
information it collects from user. There are many types
such as:
           http_HOST – in which it will keep the log of
       their own website that a person has visited on
       this host by some ***.***.***.*** IP address.
           http_CONNECTION – It also keeps the track
       of the connection established as well as
       connection close and timeout information in his
       log of any IP address.
           http_USER – AGENT – such as Mozilla/5.0
       apple web kit, chrome 18.0.1025.3
           ACCEPT - It will check for the all accepting
       methods      of   http     such      as    text/html,
       application/xhtml+xml, etc.
           ACCEPT_ENCODING – which are the
       encoding methods? For example Gzip, deflate,
       sdch etc..
           LANGUAGE – Which language the browser
       and the computer system is accepting such as
       en-US,en;q=0.8 etc..
           CHARSET – It defines the character
       encoding which are going to be used for any kind
       of form submission.
             COOKIE - It will also keep the track of those
        cookies which are to be stored at client side.
             IP – Obviously your IP Address is going to
        track.
             PORT – On which port you are using service
        will also be going to track.
These all were the information of your HTTP request
query. Apart from this server may have an ability to take
out your ISP connection, IP range of that ISP connection,
Geo-location, Net Name and much more? These are just a
very small example that I have shown that who can track
you and which information can be tracked of you form
someone. But its deeper there is a lot more..
This is the reason that I am inspired to write this paper.

 So now, don’t you think so that you really need a

 privacy | Safe | Anonymous Environment on the

                        internet!!!?
Hack Yourself Before Going Outside For Hacking
     As I have said earlier that you have to check yourself that
are you secure? Can anybody hack into your system? There are
many ways of checking this, but here I am pointing out some of
the basic but very effective ways of it.

   Beware from kids, who are using keyloggers to hack you into.
    Download any keyscrambler to prevent keyloggers.
   Also keep in mind that close your all unused ports which are
    open.
   Do not uses windows firewall, if you use keeps it up to date
    else disable it and use your own firewall.
   Install and run Malwarebytes to check if you are infected by
    malwares or not.
Firewalling your ports is most important, because nowadays most
of the attacks are done through the network layer not on the
application layer. There will be a plenty of ports on your machine
which will be on listening mode. To illustrate this lets have an
example of printer. Printer ports are always open and on listening
mode that some signals will come from the network‟s any
computer or outside network‟s computer and then they will start
their job. Hacker can exploit this through giving commands to your
printer to do their jobs.
To solve this problem you must have a firewall installed on your
system. If you are connecting internet through a router, then there
will be a firewall in router default. Just make sure that, that firewall
is enabled. Else you can have from internet to download and
install. ‟Personal Firewall‟ is the best firewall ever I have
experienced. It is firewall software which has best protection.
Personally I don‟t use antivirus for different reasons. Infectors can
create FUD (Fully Undetectable) virus which may have an ability
to bypass your antivirus. And they may have a power of deleting
your all documents, files and folders without knowing you. If you
are a programmer and hacker, use Linux based system more.
They are much secure compare to windows systems.



Picking the Right Choice of VPNs and Proxy Servers
Now a day‟s all websites are having TRACKABLE COOKIES.
What is that - They are the type of cookies which enable the
website?
It is happening because they can obtain normal or sensitive
information from visitors to the owner of the website. If you want
to prevent yourself from being tracked then use Norton Internet
Security or Norton 360. It prevents all cookies which are tracking
cookies.

                        That’s CooL…Buddy :D

  • If you need a more upper level security of your identity, then
    start using public proxy and Virtual private networks. It hides
    your identity and makes you someone else instead of really
    who you are. Proxy is just one intermediate between you
    and the website, where VPN is provides multiple anonymous
    sessions by giving you a single IP through various routing in
    multiple tunnels. It also prevents the website to grab
    information about you that from where you are accessing
    that. So VPN is my recommendation for you.
ProXPN is the best ever I have seen yet.
 • Benefits : Good Technical Support
               : Cheap Value
               : High Speed
 • Main Advantage: Their Free VPN service is also 128 bit
   encrypted. Their Paid service provides 2048 bit Military
   Encryption with 24/7 Support.

                   128 Bit Encryption!!? I Like it……

   JonDonym is another good service for being anonymous. It
    is designed in such way that people can have their own
    reserve environment. It provides confidentiality, speed,
    international spread servers, secure browser, anonymous
    activities, and protection against website profiling. It has a
    unique technology for being anonymous online. It serves
    encrypted communication.

        Jonny Depp + Van Dam = Jon Donym :D hahahahhaa

  • One can setup his own VPN at his home with the help of
    HIMACHI. There are lots of tutorials available on the internet
    that how to set up our own VPN with HIMACHI. So Go and
    Give it the shot. (Strong Recommendation)
  • Another great tool is ULTRASURF. Students and some
    people use this tool where there are blocked websites in the
    restricted area. So this tool has an ability to bypass those
    protocols and open the website.
                  -> Sometime WAF administrator comes to know
that this guy is using ultrasurf. So it bans the ultrasurf.exe process
in his or her firewall.
                 -> But this is the main advantage of this tool. It
doesn‟t‟ come in package there is only one executable file name
ultrasurf.exe and it also don't require installation. It runs directly
with the double click. So if we rename that file suppose chintan.exe
and if we run then it will again bypass the firewall. Because there
will be new service create on server named chintan.exe. So it is
very handy because to ban all time different service created by the
user is hard. So it works every time!!
Myths And Reality About TOR
Many people believe that TOR is the best project for being
anonymous. No doubt that it provides great anonymity for online.
But there is one downside of that on which I want to focus. When
you use TOR, first it connects to you to the TOR node.
                      (Attacker) -> TOR -> Website
Then you surf the web, but at the end of the surfing, when you exit
from TOR node none site will grab information about you but as
you have exited from TOR node and your internet connection is
still on. So there can be a log generated into your ISP server about
your IP that it has connected to TOR network. So ultimately our IP
recorded into our ISP‟s log.
Yeah, it is true that the sites we have surfed won‟t have our data,
but if we have done anything wrong in that site and they will start
investigation, then from our ISP recorded we can be caught.
Solution
                 (Attacker) -> VPN -> TOR -> Website
It is very logical and clear way of being still anonymous by routing
your TOR through VPN. It prevents your ISP for making a log that
you are using TOR. They won‟t be able to know that attacker is
using TOR, because in their system our final VPN‟s Log will be
gone.


There is another benefit of this technique. It also prevents TOR
from identifying that that is there behind the VPN. If anyone will
able to crack the TOR, he will assume that this is the real IP
address of the person, but it won‟t. It will be the VPN‟s IP address
through which real attacker is connected.

                          TOR Mtanr …. ;)




                 THE          ONION      ROUTING


Use Open Proxies more. It is nothing but indirectly requesting the
page rather to open websites directly. For an example, if you want
to open www.website.com then your browser will contact proxy
and then it will open www.website.com in your browser. It can
give you very beginning level protection. But good for the learners
who wants to use proxy server. As there are pros of this
technology, there are also cons of Open Proxy. It should be used
very carefully. Sometimes they want to spy on you and your traffic
so they provide open proxy to those fools who use it. They are not
giving us their proxy servers, these servers are accidently open
by sysadmin or system administrator. Sometimes these servers
are not intentionally open. When system admin feels that there is
a heavy load of the server since it is used by many people it
opens server. Not all sysadmin are good. Who are spying on you
can harm you much. They can report the activity whichever you
were doing using their proxy and it can go to anywhere to disclose
you. Keep in mind that all the data passing through those
proxy servers are being read. So setup a higher level
anonymity and then surf the internet.
But from all these VPNs and Proxy Serves, JonDonym is the best
service.

   Using PAC ( Proxy Auto Config ) Files is also a nice and
    handy option. This files are generally called as *.PAC file
    which contains a JAVASCRIPT. It allows user to
    automatically choose the proxy server for fetching given URL
    or the host. Mainly Javascript function used in this PAC file is
    “FindProxyForURL”. This JavaScript function returns the
    string of many access methods with speciation. Pac files
    were designed by Netscape in 1996. It was first come into
    use in Netscape Navigator 2.0 version. The JavaScript
    function FindProxyForURL has 2 arguments such as URL
    and host which is denoted by FindProxyForURL(url,host); Url
    contains the given URL and the hostname derived form the
    URL. Here is the simple syntax PAC file function.
   function FindProxyForURL(url,host)
               {
     return “PROXY given_proxy.website.com:8080;DIRECT”;
               }
Example :
   function FindProxyForURL(url,host)
                {
      return “PROXY hidemyass.technolust.com:8080;DIRECT”;
                }

To use this service you need to find PAC file online. You need to
find the website on which they are providing Proxy Automatic
Connection. They will provide a link to the PAC file which will be
like this http://www.technolust.com/Automatic_proxy/proxy1.pac
This is just an example. Then you need to open your browser‟s
proxy setting window, I am just showing you of Firefox rest of the
browser you are clever enough to find out. Some proxy will be
paid so they will ask you for the registration and all that shitty
things. But my point is you know the technology behind this so it
will be easy to make our own JavaScript Pac files to be
anonymous while surfing. Now you know the technology behind
this so you can start coding of your own JavaScript and you can
make your best PAC file.
                      This how it works.
Whas ir shir PAz PAz PAz…  U made me remind of something you
know what did u remind me !!? THIS
When the matter of proxy concerns, the browser is not only one
thing that will save you from being tracked. You need to set the
proxy for all chat clients, players that you usually use for listening
music online. Here I am just going to take some name of the
important tools in which you have to set proxy for being
anonymous online while chatting and interacting with other
people. Those are windows media player, mIRc, yahoo
messenger, MSN messenger, AOL instant messenger, Mozilla
Thunderbird and much more. Do not forget to set your proxy in
your all chat clients. And for that keep just one thing in mind. The
tool, whichever is interacting with internet, set proxy there.



Use of Encrypted Emails & Chat Clients
You can be under monitored by your email ID too. So it is easy to
setup one more complexity to them who are spying on you. Let‟s
encrypt our emails and send-receive to our mate. Even though
your opponent will be able to hack your email id, then also he
cannot read the message because it is encrypted. General
method/formula is that some sites which are giving this type of
service provide you to encrypt your message on their site with
one key. And after that you have to send message. Now you have
to provide that key to your mate to decrypt the message. One
should provide that key physically or by call not by computer
medium. Four free and best services for this type of encrypted
mails are as follows:
  1. GPG - This is GNU version of Pretty Good Privacy which is
     also known as PGP. This is very good crypto system which
     is directly used through he command prompt. It can be also
  used by shell script. It supports many algorithms such as
  DSA, RSA, AEC, 3AES and much more. It has better
  functionality over PGP and PGP 2. It can be used as a filter
  program too.

2. PGP – It is known as Pretty Good Privacy in which many
   baniaries and sources comes which provides much effective
   encryption to email, files and all your sensitive stuffs or data.
   You can use this to encrypt your emails. It provides end-end
   protection for your email encryption.

 It works on a base of Public Key Encryption in which there
  are 2 keys generated at a time while encryption. One key is
  for you and 2nd is for your receiver. Means one message
  which is encrypted with your key can be decrypted with 2nd
  key which your receiver has.


                 Its simply outstanding !! :D 

3. sbwave Email Encryption - This service allows us to send
   and receive emails through web media. Generally this type
   of service is used for personal messages not for big security
   issue.

4. Hushmail Email Encryption – This service can encrypt your
   data up to 1024 bit public key which is a good security level.
   It also allows encrypting your email attachments too.
  5. X-IM Encrypted Instant Messaging : This is a simple tool of
     instant messaging which encrypts your messages which are
     passing through your system to your mate.

  6. PSST Encrypted Instant Messaging : This provides the same
     service as above but this is for linux and windows both.




Find Out Who Are Tracking You – Real Time Tracking
Your Trackers
In this cut throat competition, the number of the advertisement
companies gone high. They are into money making policy this is
the reason that you are being targeted often and often by their
advertisements. Whenever you visit any site, from your HTTP
request, the site on which you have visited is making other sites
aware of your coming. After that they will receive the HTTP
request header and they will send advertisement on you.
Directly it is impossible to see that if you visit one website, then
who are tracking you. You need to run some code in your browser
which will enable you to see those advertisements‟ origin website.
There is one beautiful add-on for Firefox named Collusion. The
reason that why I am giving so much importance to this add-on is
that this add-on is created by Mozilla. It shows your real time
trackers. It gives us the graphical representation of your
information which is share by the host you visit and the
advertising companies which gets the information of you by your
host. Downloading and installing is as simple as you know here is
the graphical representation that how it tracks the trackers.
Here is my browser‟s screenshot, to illustrate the working of this
                           add-on.
Incognito Support of Browser For User
Incognito mode helps user to browse the world anonymously.
Truths about Incognito
          • It doesn‟t store Webpages‟ information which you
            have surfed on the internet as well as the cached
            files.
          • It also doesn‟t keep downloading history recorded if
            you have downloaded something then.
          • Cookies will be automatically deleted when you close
            the browser.


Limitations in Incognito
     • If you sign in into your Google account then your
       subsequent web searches will record the information in
       Google Web History.
However, Google allows us to pause our Temporary Google Web
History Tracking, but won‟t you feel so much irritating if you also
want to keep history!!


     • More over a user should not forget that, Google will not
       keep history when you are in Incognito, but the website
       you visited always keeps the log of the record of the
       visitor.
     • In addition to that, every ISP is keeping the track record of
       its user. And some people like to use secure DNS so they
       use Google‟s DNS System which is


                   8.8.8.8   ,   8.8.4.4
        So, This DNS system is going to keep an eye on you.



  • So Where the FUCK this Incognito is going to use! ?

       • This feature is going to help you at your home to save your
          ass being fucked by your (Angry Young) DAD after you
          have bqowrtd a PORN rist….. :P



Use Incognito In
  • Internet Explorer | Firefox = Ctrl+Shift+P
  • Google Chrome | Opera = Ctrl+Shift+N

              Thankr buddv wily bt wandv foq mt…

Is Google Tracking A Big Issue For You?
Now a day‟s world has become more digitalized. There are so
many websites starting from any small store websites to big
corporate company website. They will also send you the advertise
by watching on your browser history and other factors to
determine that what you are looking for on the internet. Advertise
comes to us by keeping our browser history information, our
HTTP headers, cookies collection in our browser and much more.
Google has accepted that, it‟s Google Chrome Browser Tracks
the users. What Google collects from the users? It has 2 basic
different approaches for collecting data.
  1. Data that we give us to Google – Directly
           In many sites it requires to login with Google
            account, so it is quite obvious that your data like
            name, email and all the data will go to Google. Also
            the site information that you visit will be also go to the
            Google. Thus it tracks directly.

  2. Data that It grabs from our system’s running services –
     Indirectly

   Logs: When someone uses services of Google or content
    provided by Google, it automatically grabs information about
    user and store it on their server logs. Detailed data has
    been stored to the server such as …



               o How the user has used the service or content or
                 website
               o Cookies which can identify user‟s browser by
                 Google
               o Telephony information of user.
               o Device event information such as…
                    System crash
                    System activity
                   Browser Language
                   Browser Fonts
                   Time Zone of your computer
            o IP-Address

 Location Information: If you use the location based Google
  service, Google may track your location information. It may
  be tracked by the GPS signals transmitted by mobile, tablet.
  You might be tracked by sensor data of your device, WI-FI
  access points as well as the nearest cell towers.

 Device Information: It may gather data of our device such as
  OS info, Hardware info, unique device identifiers, mobile
  network information which also includes the phone number
  of the user.

 Unique Application Number: Now days every application,
  plugins, or operating system you install in your system
  contains a unique number which we called it as VERSION.
  So these numbers may be tracked by Google.

 How To Stop Google Tracking?
     There so many ways of avoid Google Tracking but here
     are some of effective ways mentioned used now a days
     by all to stop Google Tracking.
Use of Plugins:
By the use of the plugins it will stop the HTTP header coming
from the website to track your browser and system information.
          List of the plugins:
               1.    Keep My Opt-Outs
               2.    Do Not Track Plus (Strong Recommendation)
               3.    Disconnect (Strong Recommendation)
               4.    Ghostery
               5.    RequestPolicy
               6.    TrackerBlock
               7.    Priv3
               8.    NoTrace
               9.    TrackerScan
               10.   ShareMeNot
               11.   Beef Taco


Using Do Not Track Plus - PLUGIN
This is a program created by Abine Softwares. If you visit any
website let‟s suppose to say www.facebook.com then there are
lots of websites in backend who are tracking you. This DOES
NOT TRACK PLUS mechanism will block all those tracking site
who believes sharing is caring. This will block all those sites
who are tracking you when you visit any website. When you install
this Add-on to your browser it will put small add-on to the right
side of your browser. Then you do your regular surfing. After
sometimes if you click on it, it will show you the numbers with the
details that how many websites made an effort to track you down.
And from those efforts, how many are blocked. It will also tell you
that which were those companies tried to track you. This tool will
also show you the total no. of blocks have been taken place. In
first few days of the use, it will block around 1600 tracings. The
program is highly recommended by CNET. It has 580 tracking
technologies.




You can download this from:
www.donottrackplus.com/downloading.php




Thas’r pqtssv awrm dudt…  I likt is…  TRAzC mt…. IF vou zAN
                               !!!!

  Disconnect: - PLUGIN
         This is also a plugin like other but this plugin is created
  by a former Google Engineer, BRIAN KENNISH. This is open
  source plugin. Functionality of this plugin is very simple. It
  blocks the tracker scripts from the various websites on which
  you visit. It has also variety of tools such as Disconnect for
  CHROME, for SAFARI. It has also these tools for various
  social networking sites such as Disconnect for Facebook
  blocking, for twitter blocking and Google blocking.

      yolz…Instqtrsing, Uring a plugin so pqtvtns Googlt so sqa{k ur,,,
          and that plugin is even created by Google engineer !!!!
                      Strange but true !!! :D hahahah


Is Other Social Media Tracking A Big Issue?
                  Yes Certainly, It‟s a Big Issue.

Not only the Facebook, but I am damn sure that every social
media is tracking your each and every move online. The Plugin
DNT+ ( Do Not Track Plus ) has identified that Facebook is has
more than 200 trackers( Advertising Companies & Much More )
who are watching your activity online. These trackers can come to
your browser in a manner of cookies, iFrames, Javascrit, flash
and much more. Cookies are the elements which come to your
browser and thus it comes to your system. It anonymously tacks
your background and current interest and passes those signals to
the advertisers who want to target you. This is all about social
media as well as Facebook direct advertisement methodology.

If you do not go to Facebook or other social media then you can
be targeted with Facebook‟s LIKE button, Google+ +1‟s button,
Twitter tweet‟s button and much more.
       yts shtm do shtiq woqk…whv would I rhould pav more attention
                               to this issue ?

The more tracking request on your website you will get the much
your website will load slowly. When you get these types of
trackers there will only few ones who will come up with a new
window (Popup) in which once you fill the information they will
take and go away. But popups are not coming regularly in fact
they are coming once in a blue moon. So rest of the services are
only running in backend so why not to block it to save your
bandwidth and get the high speed data transfer without
interception. Not all cookies come up with some certain aim. Not
many but almost all will be hidden, it will just sent your information
to the other advertisers that what is your geo location, where you
have visited and what is your username where you visited.
So this is really an issue that has to be solved for not only the
Facebook but all the social networking sites.



The Uniqueness of the Browser
Generally people believe that they are securing their web surfing
by not allowing all sites, their information by disabling cookies.
However it is completely wrong. It is helpful but only 10%. So
what comes in rest of the 90%? When we visit the website, it may
have capability of fetching your browser‟s data as well as your
system‟s data such as configuration of your system, OS version
and name, Fonts installed, Browser name and version, how much
and which plugins you are using etc... Panopticlick is one project
in which it identifies the uniqueness of client‟s browser. It assures
client that the data which will be collected will be in anonymous
form. From the data it can be measured that how unique your
browser is or how much your browser is predictable.


Normal Data Collection:
   Computer Configuration
   OS
   Browser Information
   Plugin
Detailed Data Collection:
   User agent string of browser
   HTTP accept headers
   Color Depth of screen
   Screen resolution
   Time zone set at the client side
   Fonts installed to the computer
   Yes No information of (Cookies, Super Cookies, JavaScript)


Purpose of this project:
By testing the browser, we can identify that how much my system
or browser is track able. Which information does my browser
shares with the sites which I visit? So we can fix that.
Live Testing:
For live testing of the uniqueness of your browser go to below link
                   https://panopticlick.eff.org/




                  Click on the “Test Me “Button
Then it will show all the information about your browser and
system. Their privacy policy also gives us the same information
as EFF but in a proper way and manner.
                  http://www.stayinvisible.com/


Apart from this „Stay Invisible‟ project is also very handy and
helpful to check how much your browser and system is unique.



Fake Identity Generators




  Do you want to be a Jason Val Kilmer !!? His Movie came in 2012
 namtd Fakt Idtnsisv… xhaqtd wish u..mav vou ltaqn r0mshing fqom
                               is….
  • Being anonymous is not an easy task. It won‟t help you out
    in every forms of the web. So in those cases you need to
    register on website or you need to create your Fake Identity.
    This is very interesting and real world way to make fool web
    forums.
If you are caught in the act and you want to disappear from the IT
as well as real world, then there are some ways with which you
can do this.
     • Reducing your social connections.
     • Throw Plastic Cards, Use Cash More.
     • Remove Word –Truth from your dictionary – Start Lying at
       each and every stage of your life.


     • Find and use people to work behalf of you in legal matters
       – Buying home, Car – Selling Home, Car - it is also called
       incorporation in which people hire someone who handle
       all the assets of him or her.

For this you will require social engineering skills. In which you will need
 to manipulate people, make them trustworthy towards you and then
you can exploit them with the proper use of shtm :D ….( HOT Tip –
                        Pick Females for this  )
Deep reading of this book may help you in technical as well as
non-technical way.




There are so many websites who can create your fake Identity.
Some of the most preferred by all is mentioned below.
  • www.fakenamegenerator.com – For Advance Use
  • www.kleimo.com – For Basic Use
Alternate Device Connection
Always use someone else‟s connection of the internet. It is the
best way to hide your ass. Because logically it is more secure.
When you are connected to your nearest cafe‟s, schools‟ and
library‟s connection, you are login into the website using their IP
address. Not your own one. So it is completely anonymous.



Removing Metadata From Media Files
If you are doing blogging, then certain things you must keep in
mind. Use your fake identity and email whiles you are doing
blogging. You ignore using flash and JavaScript contents.
Specially, you should avoid analytics and advertisements.
Some people post their videos and pictures online which they
have taken form their digital camera. Do not forget to remove
metadata from your media files. Metadata contains a lot of
information of your system, OS, Username and much more. Many
cameras as well as new phones which are having digital camera
inbuilt, they are leaving their signatures in terms of data collection
of their device info and pic info. When you post those photos
online anyone with some 3rd party tool can extract your Meta data.
And for that FOCA is very good tool, which you already know.
Thus your identity can be breached.




   Here I am showing one example of extracted metadata with
                   FOCA of my own photo.
Thus metadata is very important thing that we can‟t neglect if we
                want to be anonymous online.



Using The Temporary E-Mail Services
There is lots of website who wants your email address for their
spamming. Avoid that kind of spam by implementing your free
non-regular yahoo, Gmail or Hotmail email address. But the real
privacy you will only get by using Disposable Email services. They
are 100% complete anonymous.
Temporary email services are also refereed as disposable email
services. These types of services are real. It is a system of email
spam combating. It is also called as DEA – Disposable Email
Addresses.
Advantages of Disposable Email
      No Authentication Required.
      Provides freedom to choose any name.
      No Protocols.
      Easy access & maintain.
      Hides your real identity.
      Avoids Spam.
      Maintain Anonymity.
My Recommendation for best Disposable mail services are:
     1. www.mailnator.com
     2. www.spamgourmet.com
     3. www.dispostable.com
     4. www.trashmail.net

Clearing Tracks From Physical Device
       Is it like, Do not leave our potty after we do shits !?? 

                   Yes it exactly means like that.
                         OMG !! WTF !!!

A hacker is incomplete man/woman without being paranoid. One
thing that all the hackers must keep in mind is that they have got
everything to lose. So being paranoid is one type of protecting
yourself. Paranoid is a different term from being anonymous.
Being anonymous part contains most of the technical work to
save you from being caught. But being paranoid contains
technical work as well as non-technical work in order to not being
caught. Sometimes hacker wants their work being appreciated by
someone. A good hacker will always think twice before to say
about his work to someone. She/he always keeps in mind that
whom to tell, what to tell, when to tell, and how to tell. Because,
even one mistake can ruin your life.




 YEAH !! I also agree with this. Why to give your enemy a chance to
   fuck your asS !!? Is’r good to watch everything but not to speak
                      anything. Am I RIGHT ?

                     Yes you are 100% right.

                                  :)
Apart from being paranoid, if we talk about the technical terms,
then hacker must keep it data saved somewhere else in portable
device. It will be handy while travelling as well as after the
destruction of data on your desktop or laptop. The best hacker is
that who thinks even the ways of demolishing the data in case of
need.
As I think, if have got some news that Police is finding me and
soon they going to come and catch me from xyz place where I am
there. Then I should have a way to demolish and delete my all
data from my any kind of storage media. It can be a tool to delete
your all data from your clusters even. It can be a noobish but a
working way even. There are many tools which completely
remove the traces of the each clusters of your hard drive.


Ways of Deleting Data | Removing Traces from Storage Media


  1. Use Peter Guttmann’s Method :
         In this method, there are certain patterns which are
         predefined. It overwrites data 35 times with the selected
         patterns. That makes the data uncover able or
         unrecoverable by any tool of data recovery. It is not
         also possible to recover data from magnetic fields as
         well as the disk platter surface.

          Advantage: 100% Assurance of complete deletion.
          Disadvantages: it is time consuming.

                          35 times!!! Mv god…
2. Tool – Eraser (Platform - Windows) :
        This is very nice tool to remove data from the
        counterparts of the hard drive. It works with the every
        windows platform including windows 7 as well as
        windows server 2008. It uses secure erase methods.

       Advantage: Small, Easy to use, Free
3. US DOD Method :
       US Department of Defense have invented a method
       secure deletion of the data. Their method overwrites the
       data 7 times which is very less then Peter Guttmann‟s
       method. However in the matter of time, or in
       emergency, this method is very useful at that time.

                        Warn’s aware 0f this!!!
       For more information visit:
       http://www.zdelete.com/dod.htm

       Advantage: 7 times of overwriting data.
       Disadvantage: less Secure then Peter Guttmann‟s
       Method.


4. Darik’s Boot and Nuke Project :
        This is a boot disk specially designed to wipe out all the
   data from your hard drive. It is useful for the emergency data
   destruction. If you are a hacker and you want to sell your
   computer then, this is a good way of preventing identity theft.

  Download ISO image: http://sourceforge.net/projects/dban/
  5. Physical Destruction Method :
        Remove the hard drive form your computer. Remove
    the casing in case of having portable or SATA drive.
    Unscrew all the screw holding it. Destroy all the platters.
         Platters can be destroyed in 2 ways.




 YEAH !! This is mt..Dns Mtrr Wish ME…. I lovt is Mann… waising
               for this moment  Ext{usion rsaqstd…

Other Tools:
    Windows: Microsoft SDelete, Wife File, Delete on Click
    Linux: Wipe Package from UBUNTU
      MAC OS X: SRM, Permanent Eraser.



Cryptying The Data Which You Have
There are ton of hard disk crypters available on the internet. Use
them. Online hard disk crypters are also very handy and
important.
In ordinary manner cryptography is divided into 4 parts.
      1. Communication Encryption
      2. Database Encryption
      3. File / Folder Encryption
      4. Hard Disk Encryption
Make sure that whichever the tool you use to crypt the files as
well as folders, they should have a secure algorithm of cryptying.
File/Folder/Harddisk Encryption Tools:

     7-Zip –                          Safe Hous Explorer
     AxCrypt                          dsCrypt
     True Crypt                       Rohos Mini Drive
     Sophos Free Encryption           Free OTFE Explorer –
     Cryptext                          For Windows and Unix
     Sofonica Folder Soldier           Users
     Disk Utility – For Mac           Remora USB File Guard
      Users                            GNU Privacy Guard
Communication Encryption Tools:
    Network Encryption               Phone - call Encryption
   Generic                         Nautilus

    Email Encryption                 Session Encryption
   PGP                             SSH (Best Ever)


True Crypt – File | Folder | USB Tool
TruCrypt tool is the ever best tool for encryption. It is for
establishing as well as maintaining on the air encrypted
volume. On the air encryption means data is automatically
encrypted when you save the data and vice versa it is
decrypted when you are loaded. There won‟t be any data
which can be readable and which is encrypted. Without
using the correct password it won‟t be available for
reading data.
    Future of this software
            Software developers of this company are
             thinking to implement such things which can
             encrypt whole hard disk drive.
            There will be command line options available
             for the volume creation.
 I am Bored!!! hiding this..hiding that..crypting shir shas… Ix TwERE
   ANY MY REAL IDENTITY ?? cant I use my real account !!!!! ?

                         Of course you can!!

      So why you are waiting for !!!? give me some sipr..dudt…



Things to Do With Your Real Account
I know you are clever busy still ….

        Never do any suspicious activity with your original
         account which you are given to your library, school,
         café or university.
        If you do any suspicious acts in terms of hacking, then it
         must be either deleted after done and encrypted while
         doing.
        Of course you are not permitted to leave you‟re tut (Txt
         PDF DOC PPT), tools and web history on that account
         after your goal gets finished.
Understanding & Clearing Log Files - Do Not Delete
Log Files    …
One must keep in mind before deleting the log files of the server.
By deleting log files of server you are indirectly telling system
administrator that you or someone has hacked into his or her
system. It‟s better to modify it rather to delete a complete log file.
Text file on the server or .log files on the server are easily
editable, but for the binary log files you will need to have an editor
to modify it. Here is a list of something that should not be missed
out by at the time of clearing your log files.
  1. Services which are restarted or stopped on the server
  2. Changing in privileges
  3. Details of your failed and successful login attempts
  4. Time Stamps.
There are main 3 types of log files which hacker, should always
keep in mind after exploiting the system.
  1. UTMP : Keeps each and every small data of Current running
     status of the system, system boot time. It also records the
     user login information and much more.

  2. BTMP : It only tracks the failed logins.
  3. WTMP : Old UTMP log files are called WTMP. UTMP is a
     current log file in which reading; writing is going on, where
     WTMP is lying on folder named with some xyz date log file.
  4. LastLog : This is a famous command for most of the UNIX
     based operating system. It parses the data of the last login
     logs which are situated in /var/log/lastlog/.
There are lots of noob hackers, defacers who always follow this
method. They always think in this way that, to be secure lets
delete the log file. NEVER DO IT!! . By deleting log file you are
making system admin aware that someone break into root and
the all your efforts will be wasted.
It is better to modify the log file with some last entries.
Tool:
Piwik 1.7.2 rc2
For More Information Visit:
http://piwik.org/log-analytics/
Deleting logs is not only the worth thing. There are many other
things that a perfect hacker should always do. Deleting logs or
deleting their entry from the logs will not help them to be
anonymous. But they have to remove themselves from the
system in which there is $HOME and TMP folder.
One must check these 2 files before leaving the server.
.sh_history
.bash_history
Remove your entries from these files even. If you want to be
secure then.



Using the Best Firewall for Your Desktop / Laptop
Connecting your computer or a private network to the internet is
always a risk factor. Internet means your device (Lappy Desktopy
 or Any Gadget which is connected to internet) has willing to get
information from outer sources and to provide back them
information from your inner sources. Security should not be up to
the Application layer. What about the network layer security? If
you are connected to the internet then there is always a risk factor
of your data breach, system compromised anything. As you are
aware that, Now a days DDOS attack is very much widely used
attack. The hacker who generates auto spreading bot is not only
the one who hacks the application, many thousands of
compromised systems who are acting as BOTS are also the part
of attack. So these were all about the attack. So here is all about
those firewalls which can protect you on the internet. Indirectly it
also helps to keep you anonymous. So that, you cannot be
affected by hackers.
Major Firewalls examine the source IP address of the packets,
that either they are legitimate? Firewalls are constructed in such
ways that they only allow traffics of packets from only the trusted
and valid host.
What Hacker Does?
He will try to “SPOOF” the IP address from the entry of the
packets sent to your system. Your system will allow it to execute
to in your computer / Laptop without any further criteria. Thus
hacker is able to gain the whole session of your computer. He can
breach the data and make your PC to do that what he/she
(hacker) likes. She/he does this through sending instruction to
your computer.
Here Comes the Firewall
It protects your computer from being executing hostile
instructions. In organizations many systems are connected
internally in LAN and they all are connected to the internet.
Firewall enables the system administrators to let him select the
systems to be connected to the internet. It enables funneling –
Means keeping aside the non – valid users or the non –
authorized users. It gives alert when suspicious activity occurs.
Thus if any hackers is going to install a RAT in your PC it gives
alert, this is just a small example, if you are being tracked then
you can even identify that with the analysis of the packets, which
is a feature of major firewalls. It shows which services are working
on which port and other Meta data.




     I buqntd sht WAyy shas ir {alltd FIRE WAyy….. zall sht fiqt
                        bqigadt….hththth 

               Fish… You will always remain a noob.

                           :P      STFU !!!!
Using Of Anonym.OS Live CD
This OS is the best OS ever I have seen developed by
Kaos.Theory Security Research. This OS is on Bootable CD. It
has a many level of privacy which many security professionals
and professional hackers are using. But the impact of this Live CD
is that it is provided with a good user interface. The name
„Anonym‟ itself giving the meaning of privacy, It is a perfect
solution for using computer or your laptop without touching or
using your hard disk. So it doesn‟t allow user to leave traces
knowingly or unknowingly. In openBSD operating system,
researchers says that this OS the one of the best and advance
security operating system. The ambition of this project is to
provide anonymous as well as secure web surfing.




     Thir ir whas anonvmour Ox {an do… I mtan so makt ptoplt
                   anonymous online Am I right?

  Yeah… But certainly this OS can do a lot better than this. It‟s
       good to use for high level privacy maintaining.
Specification and Everything about This OS
Distribution = Anonym.OS LiveCD
Home Page = http://kaos.to/blog/?s=anonym.os
Release Date = 2006/01/14
Price (US$) = Free
CDs = 1
Free Download = *.ISO
Package Management = TGZ
Processor Architecture = i386

Download Link - http://sourceforge.net/projects/anonym-
os/files/Anonym.OS%20Live%20CD/ShmooCon%202006/




Using Of OccupyOS Live CD
OccupyOS OS is designed for those activists who wants to be
anonymous, who wants to maintain their privacy during the
internet. By the use of this OS they can create, publish
documents as well as they can manage websites, their pages,
blogs and all that stuff anonymously. Also it provides secure
communication environment.
Benefit of this OS

    Each and every connection of the internet is forced to pass
     though the TOR.
    It doesn‟t leave a single trace on your computer.
    One can use cryptography for protecting their emails,
     documents and other stuffs like instant messaging.
     With the help of use Mumble one can encrypt their voice
      chat and conference.
     Xchat-OTR and Pidgin-OTR tools are used for encrypting
      instant messaging.
     It has secure hard disk wiping tool.

 These were 2 basic OS. But along with them you can use below
 several OS.

  - Ubuntu Privacy Remix
  - Pollipix – The Privacy CD
- Tails – The Amnesic Incognito Live System
SSH Tunnel
  It is the secure command line. It is identical like encrypted telnet.
  Basically in this system an attacker connects to the Remote
  server and then they use encryption so there won‟t be anyone
  who will monitor their activity. There will not be anyone who will
  able to sniff his username passwords. The technology is built on
  Server = Client system, in order to that it has an ability to tunnel
  the whole network traffic. So from my system the traffic will be
  directly tunneled and will reach to the endpoint whichever the
  site I want to open. As an impact or that, that site will assume
  that the traffic is generated here at the endpoint (At there on the
  website), not from my original system. This is the excellence of
  this technology.
Sometimes your ISP is keeping your all internet activity, which is
a normal thing but if you are under suspect or under monitoring
by cybercrime investigators, your all packets which are outgoing
will be put in deep inspection. So in such cases SSH can be very
useful to protect yourself from being avoided by that deep
inspection.




     Bus vou know mt..i am NOOB…tvtn afstq saking all shtrt
 pqt{ausionr….if I am undtq rurpt{s oq undtq monisoqing bv Cyber
       crime investigators or Police then what to do !!  :’(
                    You don‟t need to cry.



Things to Do When You Are Under Suspect or Under
Monitoring

      If you have read completely up to this then firstly
   remove your technical traces.
        Do not do any suspicious activity, including even doxing
   or information gathering for 3-4 months.
       Make a new email ID. Spread it to your friends and tell
   them to communicate with them on that id. Stop your all
   previous ID.
         Tell your hacker friends to not to do mail to you for
   initial 1-2 months. If something is more important than meet
   because call can be under tracing even.
       Stop using PGP encrypted mails, because if will work
   as an alert system for those who are monitoring you.
       Do not forget to encrypt your all data or to delete or
   overwrite your all data with the Peter Guttmann‟s Method or
   any other which I have explained above.
       If you have breached something, then remove that all
   the Excel sheets or text files in which the sensitive data of
   the website or server is there which you have breached.
If you remember Spiderman movie then uncle ben is telling
peter parker this sentence “Great power comes with great
responsibility”. Now wonder how much you are anonymous and
none power can track you online, but use that anonymity for
peace and your safe environment. Not for exploiting the
websites and servers online.




Chintan Gurjar                   Vikas Roy
Facebook :                       Facebook :
https://www.facebook.com/h4n     https://www.facebook.com/varo
Ds0m3.dEviL                      yme

Email :                          Email : varoyme@gmail.com
chintangurjar1990@gmail.com
Twitter : @chintan_gurjar




Thank You For
  Reading

				
DOCUMENT INFO
Shared By:
Stats:
views:2140
posted:9/18/2012
language:English
pages:53
Description: Eat yourself up before someone else eats you. Proving this adage right we have done this rough research on being anonymous online. I doubt anyone can be more silent than this. Read out to find out. If you still get knocked then hard luck………..feedback appreciated!!!