Warning!
In order to prevent various questions in advance, as well as to ensure ease of reading, here is a small disclaimer: everything that will be written next is based on personal and subjective experience, expresses the personal opinion of the author and in no case is a call to any illegal or anti-state actions, the article is written in dry language and without pictures in a hurry, it is not informative or true.
An article hot on the heels of the previous one, which addressed security at the basic level required in 2019 for every self-respecting person. However, a higher, more advanced level is also worth considering.
Once upon a time in a galaxy far away… The old Republic has fallen.
Although no, this is already about politics, you can not talk about politics, just imagine that everything that will be described below can not and does not happen in Russia.
So
We now have a reason to remain anonymous online.
We go to google, type something like "Basics of online anonymity", and get a certain number of results, including this one.
All variants of the results in one way or another offer us several basic solutions, including proxy, vpn, tor and i2p. Let's briefly consider their pros and cons.
Let's start with the simplest one, with a proxy:
+ Availability (a huge number of free proxies found by simple Googling)
+ IP spoofing
- Lack of any traffic encryption
— Need to trust the server creator
As we can see, the proxy is able to satisfy the need to bypass the site blocking by ip (as the blue-blue state-owned company is currently doing), but it does not satisfy the banal requirements of anonymity at all.
This is traditionally followed by a VPN:
+ IP spoofing
+ Traffic encryption(optional)
- Availability (there are free VPNs, but in most cases they are an additional merchant of your data on the path of your traffic from your computer to the servers of sites and services)
- Need to trust the server creator
This is already a much more suitable option, both for bypassing locks and for some basic anonymity.
There are still tor and i2p, allocated in one point, since on average they adhere to the general principle of traffic decentralization:
+ Availability (distributed for free)
+ IP Spoofing
+ Encryption
— High entrance threshold
— Crutches and difficulties in working with the regular Internet
— Connection speed
All this has already been said more than once, why all this?
And this is all to the point that to a greater or lesser extent, but all these options are only the first step on your path to dystopian absolute anonymity. It can protect you from basic threats (or expose you to them even more), grant you access to blocked resources, but no more.
Step two: security according to professional fraudsters, carders, drug dealers, and other libertarian anarchists
We have already secured a certain basic level. Is this really all, is the all-seeing eye lost all interest in us and unable to find us and punish us?
No, nothing like that.
You've probably heard that the current Russian fintech market is one of the best, if not the best.
To some extent, this is true, but its development in Russia has made quite important technologies almost unknown to Russian users, which, however, judging by the same sensational investigation of medusa, did not pass by the Russian silovikov and state apparatus at all.
So that the simple layman could understand what will be discussed further — a small example from life:
In many European and American countries, bank cards without cvv are common, often not registered, without confirmation of transactions via SMS. You may ask, "Then how do they protect citizens' money?" It's simple, if the mountain doesn't go to Magomed, Magomed goes to the mountain. Banks did not protect their customers, and payment transfer systems and the stores themselves took over. This resulted in the emergence of powerful anti-fraud systems. To make the text clear to everyone I briefly explain: Antifraud is a system that records not only the theoretical address determined by ip, but also your screen resolution, model and serial number of the processor, video card, hard disk, determines the time set on your computer, looks at your cookies and activity on a specific store or bank site. Then the current configuration is compared with the previous ones and a decision is made whether to make a transfer, give access to the account, etc.
Back to our sheep (our theoretical anonymity)
So our task is to deceive the antifraud. There are a number of solutions:
- VPN + VM
- Tor + VM
- VPN + Tor + VM
- VPN + VM + VPN
- ... (it is not difficult to think of a continuation, there are many possible combinations of cars)
- Anti-detect browsers
(A virtual machine is a copy of the system that runs on your computer virtually, while the main system is running, as a window. How do I start this? Google it, everything is on the surface.)
To begin with, we will review the "combinatorial" options, and to put it more simply, the options where we use several solutions at the same time to achieve the desired result.
What are the advantages and disadvantages of these options?:
+ Variability!
+ The ability to realistically fake or portray a person (let's say we choose a VPN+Virtual machine: even if the VPN provider merges you, it will still be more difficult to find you among all users of a particular ip provider of the Internet, since your theoretical existence will be on a different device (the one that you emulate with a virtual machine)
- Difficulty in setting
up — Most likely you will be the only user of a specific IP of your Internet provider that uses encryption
— Still need to trust the VPN provider, Tor nodes
Further on in the program anti-detect-browsers, an interesting thing, but in its own way specific: The creators of such browsers claim that they have included in their products a maximum of functions for replacing the identity. Some of these browsers support independent fine-tuning, some provide a" store " of ready-made personalities that, according to sellers, are able to pass anti-fraud, some both, but most of these browsers do not disclose their code to the community, which causes some concerns about all their functionality. If by pros and cons, then:
+ Variety
+ Easy to set
up + High level of security (if the browser meets the specified characteristics)
- The need to trust the browser creator
— High cost of most solutions
Step Three: Retribution
Okay, the virtual machine is set up, but let's say something went wrong and you were found. What should I do? You won't believe it, but there are solutions for this case, namely:
- Disk Encryption
- LiveCD
- LiveCD encryption ))))
Let's take a closer look at them:
Disk encryption is traditionally performed using VeraCrypt. You will find an alternative-the flag is in your hands, in any case, there will be no review on setting up VeraCrypt here and now, just like everything that is Googled above is quite simple. If the basics — you can, for example, encrypt the part where your virtual machine is located and even the dirtiest paws of corrupt investigators can not reach your "secrets".
But what if you are particularly dangerous? I'm responding: LiveCD will help you!
Do not be afraid of the name, LiveCD in fact has long been LiveUSB. As well as about everything that is above, there will be no installation instructions, just a general description, details-in Google: we buy a flash drive with a metal case, a volume of at least 16-32gb and preferably supporting USB3.0, install the operating system on it, connect it to the computer, start the system from it, enjoy. If they come — we throw them in the toilet/window/nearby bushes.
Well, actually without a review of the third option, since everything is logical and clear from the previous options.
Well, the fourth step: an absolute victory over all these fighters with privacy (almost impossible).
There will not be a detailed review of each item, only a list, I think everyone will understand "why so":
- We do not use services that compromise us during an anonymous session.
- We don't use services that compromise us.
- We actively use cash, do not use Internet banking, and do not make purchases online.
- We do not use usernames and passwords used by us in services that compromise us.
- We do not leave any compromising information during an anonymous session.
- We do not leave compromising information on the Internet at all.
- We try to dress inconspicuously.
- We dress unremarkably. No, I'm serious, it's unremarkable, not like the operatives of the Ministry of Internal Affairs, who can be seen from a kilometer away by their unremarkable clothes.
- We make a good habit of going to bed early and getting up at five to six to look through the peephole and window.
- We do sports and keep ourselves in good physical shape.
- We eat right, do not skimp on food.
- We don't break
s ... alaws.
Good luck to all, and I hope that in the beautiful Russia of the future this text will not be useful to you.
