Is it possible? Is there not always an audit trail?

Yes: there is not always an audit trail, but you have no convenient way to find out if there is or not.

You could move from cybercafe to another and have some anonymity, I suppose....

Originally posted by CFLarsen
You could move from cybercafe to another and have some anonymity, I suppose....

How do you pay in one? I mean it seems that if you need a credit card to pay for service, they got cha. Unless the card is phoney.

Point being, sitting at home, no matter what tricks you pull eventually it comes back to you.

Originally posted by Ed
How do you pay in one? I mean it seems that if you need a credit card to pay for service, they got cha. Unless the card is phoney.

Point being, sitting at home, no matter what tricks you pull eventually it comes back to you.

I've heard that many trendy cafes (starbucks, etc) in the larger cities have free wifi access. I've never visited one but I imagined that you walk in and access is automatic ...

Does anyone have experience with this?

Originally posted by Ed
How do you pay in one? I mean it seems that if you need a credit card to pay for service, they got cha. Unless the card is phoney.

Point being, sitting at home, no matter what tricks you pull eventually it comes back to you.

I've been to cybercafes in New York, Copenhagen, Hong Kong, Bahamas...all places, put down a few coins on the table, and you're set.

Originally posted by Rob Lister
I've heard that many trendy cafes (starbucks, etc) in the larger cities have free wifi access. I've never visited one but I imagined that you walk in and access is automatic ...

Does anyone have experience with this?

Unless you swipe a machine your IP is logged, I would think. No that would be assigned on the fly. But your machine ID?

I was thinking about this yesterday when they were talking about that horror chick that cut the baby from it's mother. Evidentially they tracked her thru a chat room and nabbed her in 23 hours. All via the Internet, or so they said.

I have been thinking about this as well. I have been following the goings on over at www.catchbtk.com and on the message board there, there is apparently messages posted from the BTK killer. If true then there must be some way to find out where the messages came from.

Originally posted by Ed
Unless you swipe a machine your IP is logged, I would think. No that would be assigned on the fly. But your machine ID?

I was thinking about this yesterday when they were talking about that horror chick that cut the baby from it's mother. Evidentially they tracked her thru a chat room and nabbed her in 23 hours. All via the Internet, or so they said.

They tracked her through the victim's computer logs.

There is a way involving some of the above methods plus some others.

Depending on the level of your nafarious activity you might have to find a disposable hardware budget.

May I ask why you want to know?

ED, I think you are talking about the MAC adress of the network device.

O.

Originally posted by Orangutan
There is a way involving some of the above methods plus some others.

Depending on the level of your nafarious activity you might have to find a disposable hardware budget.

May I ask why you want to know?

ED, I think you are talking about the MAC adress of the network device.

O.

My curiosity arises from the fact that I think that discussions of Internet privacy are simply misdirection and that if a government wants to know who an individual is it is basically pretty simple to find out. It is like trying to hide cash, it gets deposited and gets withdrawn, you are connected to it. The only way to hide cash is to put it under your mattress.

Yeah, MAC. That is specific to each machine, no? And it is transmitted?

I'll PM you.

O.

The MAC address is specific to a network card and it is transmitted (at least to the local network devices). However, you could easily buy a network card, use it and destroy it : might get a bit pricey after a while, though.

Originally posted by iain
The MAC address is specific to a network card and it is transmitted (at least to the local network devices). However, you could easily buy a network card, use it and destroy it : might get a bit pricey after a while, though.

Many network cards allow you to change the MAC address as part of the driver settings. As long as you choose an address that is not used by another device on your local network segment, you should be fine.

This is how crackers bypass MAC address control on WiFi networks - scan the network for legitimate MAC addresses, then spoof one of them to gain access.

If you sent traffic through an anonymising proxy, your IP address would be stripped out - however, the proxy would have to reveal any details they had logged about you if required to do so by a court. So if you're up to something really naughty, pick a proxy in a different jurisdiction.

Originally posted by Doc Dish
If you sent traffic through an anonymising proxy, your IP address would be stripped out - however, the proxy would have to reveal any details they had logged about you if required to do so by a court. So if you're up to something really naughty, pick a proxy in a different jurisdiction.

Or find a back door into one of the thousands of badly secured Windows boxes on the internet and use it as your proxy. Write the evidence over with zeroes ten or twenty times afterwards.

Or "wardrive" - roam around with an antenna and a wireless card until you find a badly secured wifi network and use it for your dirty deeds.

Anonymity will still be possible until everyone or nearly everyone secures their computers thoroughly from remote attacks.

There's always Anonymizer (http://anonymizer.net/)

Originally posted by Diamond
There's always Anonymizer (http://anonymizer.net/)

Does anonymizer keeps records of who logged in when and who went where. If so, these could be obtained by court order and lead directly, or indirectly, back to you. Possibly they destroy their records but I see liability problems there.

Originally posted by Rob Lister
Does anonymizer keeps records of who logged in when and who went where. If so, these could be obtained by court order and lead directly, or indirectly, back to you. Possibly they destroy their records but I see liability problems there.
If you use a chain of proxies I don't see how it will be possible to follow the track. No court order will be appliquable to all elements of the chain. And of course it takes only ONE of the member of the chain to delete their log, for anonymity to be assured.

nimzo

Originally posted by Ed
Unless you swipe a machine your IP is logged, I would think. No that would be assigned on the fly. But your machine ID?

I was thinking about this yesterday when they were talking about that horror chick that cut the baby from it's mother. Evidentially they tracked her thru a chat room and nabbed her in 23 hours. All via the Internet, or so they said.


Well, that is easy to take care of.

Just google around for:

"SMAC"

Originally posted by Rob Lister
Does anonymizer keeps records of who logged in when and who went where. If so, these could be obtained by court order and lead directly, or indirectly, back to you. Possibly they destroy their records but I see liability problems there.

Yes, anonymizer and any other commercial service keeps logs. No matter what they say. They have to cover their asses somehow.

Anywho, when it comes to being completely anonymous, here is what I recommend. It is slightly illegal, but it does work:

Change your Software MAC address with a program like SMAC so your machine is not traced.

Change your hardware MAC address to match your softwware address. This is really difficult, and you must know how to read hexadecimal code coming in from the chip.

Use a program like SOCKSCHAIN to chain a line of anonymous (Trojaned) SOCKS proxies. Trojaned Proxies are what you want since they are hacked machines that leave no logs.

Use a some form of an offshore VPN to encrypt your traffic, make sure that you set up the VPN

Make sure you do all of this while wardriving

Also, make sure when it comes to email that you use temporary, or what I call, propup mailboxes that you will use only once or twice max to receive emails. www.s-mail.com provides a good service in this regard


If you follow all of this, you should be anonymous... PERIOD!

Originally posted by Ed
Is it possible? Is there not always an audit trail?
Why? What are you planning to do ;)

Originally posted by Theodore Kurita
Yes, anonymizer and any other commercial service keeps logs. No matter what they say. They have to cover their asses somehow.

If you follow all of this, you should be anonymous... PERIOD!

Yet, hackers are caught. I would have thought that they would be clever enough to avoid leaving a trail.

Is it conceivable that MS has some additional code somewhere that places a fingerprint?

I am just curious, is all.

Originally posted by Ed
Yet, hackers are caught. I would have thought that they would be clever enough to avoid leaving a trail.

Is it conceivable that MS has some additional code somewhere that places a fingerprint?

I am just curious, is all.

I can tell you that most hackers get caught by purchasing bugged botnets or logging VPN's.

If you just do it all on your own you will be fine.

Besides if you have SOCKSCHAIN running thorugh countries that are not friendly to your nation, then have one in your nation, you can make life hell for any investigators.

Originally posted by Ed
Yet, hackers are caught. I would have thought that they would be clever enough to avoid leaving a trail.

Is it conceivable that MS has some additional code somewhere that places a fingerprint?

I am just curious, is all.

Any "hacker" worth his salt is not using anything written by Microsoft. Thankfully, most of the people dumb enough to commit crimes also think they are more clever than they actually are.

It's the ones who don't get caught that you have to worry about ;)

Originally posted by Ed
How do you pay in one? I mean it seems that if you need a credit card to pay for service, they got cha. Unless the card is phoney.

There are still these things that are called "bills." In some countries, they are called "notes." Folding money, if you will. And there are small discs of metal called "coins."

The "bills" in the US even have the notation that they are good for all debts, public and private.

Originally posted by epepke
There are still these things that are called "bills." In some countries, they are called "notes." Folding money, if you will. And there are small discs of metal called "coins."

The "bills" in the US even have the notation that they are good for all debts, public and private.

WTF!!!!!!! You learn something new every day.:D

Maurice Woodriff Predicts: The day will come shortly when you will need positive ID to use cash.

Like northern ireland.

Originally posted by epepke
The "bills" in the US even have the notation that they are good for all debts, public and private.

From the U.S. Treasury FAQ:

http://www.treas.gov/education/faq/currency/legal-tender.shtml


Question: I thought that United States currency was legal tender for all debts. Some businesses or governmental agencies say that they will only accept checks, money orders or credit cards as payment, and others will only accept currency notes in denominations of $20 or smaller. Isn't this illegal?

Answer: The pertinent portion of law that applies to your question is the Coinage Act of 1965, specifically Section 102. This is now found in section 392 of Title 31 of the United States Code. The law says that: "All coins and currencies of the United States, regardless of when coined or issued, shall be legal-tender for all debts, public and private, public charges, taxes, duties and dues."

This statute means that all United States money as identified above are a valid and legal offer of payment for debts when tendered to a creditor. There is, however, no Federal statute mandating that a private business, a person or an organization must accept currency or coins as for payment for goods and/or services. Private businesses are free to develop their own policies on whether or not to accept cash unless there is a State law which says otherwise. For example, a bus line may prohibit payment of fares in pennies or dollar bills. In addition, movie theaters, convenience stores and gas stations may refuse to accept large denomination currency (usually notes above $20) as a matter of policy



Maurice Woodriff Predicts: The day will come shortly when you will need positive ID to use cash.


No problem according to the law.

Does anonymizer keeps records of who logged in when and who went where. If so, these could be obtained by court order and lead directly, or indirectly, back to you. Possibly they destroy their records but I see liability problems there.

Leaving aside court orders and government searches, how easy is it to hide one's trail from a private detective that does not have access to the computer itself?

I'd think that if you wear a disguise when you use cash to buy a notebook from a random store in the country, then use it only while wardriving at random places around the country you'd be pretty safe. Especially if you wait a year or two after the purchase so memories fade, fingerprints are obscured, DNA degrades, security camera tapes are reused, and maybe the store will close. People might be able to trace your system and match it to one sold at a store in Topeka in 2008, and that it has been used in Boston, Miami, Kansas City, and Seattle, but nothing that ties it back to you personally. Unless a private detective starts following you you might be anonymous. YMMV.

Necromancy!

Indeed. The bandages are unpeeling and ...bits are falling off.
I was quite spooked when I saw ole Claus in there.

Use Tor:

http://www.torproject.org/

Use Tor:

http://www.torproject.org/

Which does nothing against this:

https://panopticlick.eff.org/

You could move from cybercafe to another and have some anonymity, I suppose....Hey, you're back!

Hi, how have you been? :)

How do you pay in one? I mean it seems that if you need a credit card to pay for service, they got cha. Unless the card is phoney.

Point being, sitting at home, no matter what tricks you pull eventually it comes back to you.The ones in South America were happy to take cash. You pay by the hour. I don't see why you'd need a credit card.


The library has access. You can sign up under a common name like John Smith and they'd have little means of figuring out which JS you were.

I use free WiFi all the time. But I assume my IPod has some device ID tied to me. There is nothing special to using free WiFi, you just need a device with a wireless modem. Also, sometimes you can log on using your neighbor's WiFi. I know occasionally people are using mine because my computer alerts me to the fact another device is using my IP address.


On a separate note, I found out the other day some jerk run web site prides itself in listing everyone's phone number whether they want it unlisted or not. I'm very careful about giving out my number to commercial agencies like credit card agencies and always insist they don't share it. Clearly they just lie because there was my unlisted number on the jerk run web page.

They tracked her through the victim's computer logs.Too bad no one will invest in tracking and charging spammers.

Quote: Maurice Woodriff Predicts: The day will come shortly when you will need positive ID to use cash..Banking laws in the US changed a few years ago and you can no longer have a bank account without a valid social security number and the banks have an instant check to see the number matches your name. You can work for the government with a fake SSN, but you cannot open a bank account. :rolleyes:

http://images.encyclopediadramatica.com/images/c/c9/Good_Luck_I%27m_Behind_7_Proxies.jpg

I'd think that if you wear a disguise when you use cash to buy a notebook from a random store in the country, then use it only while wardriving at random places around the country you'd be pretty safe. Especially if you wait a year or two after the purchase so memories fade, fingerprints are obscured, DNA degrades, security camera tapes are reused, and maybe the store will close. People might be able to trace your system and match it to one sold at a store in Topeka in 2008, and that it has been used in Boston, Miami, Kansas City, and Seattle, but nothing that ties it back to you personally. Unless a private detective starts following you you might be anonymous. YMMV.You can now also buy pre-paid credit cards, no name needed.

Hey, you're back!

Hi, how have you been? :)

No, that post is from 2004. Failboat has sailed.

Which does nothing against this:

https://panopticlick.eff.org/

True, but it's trivially easy to change the user agent string, at least in Firefox. Panopticlick now reports my user agent as "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

True, but it's trivially easy to change the user agent string, at least in Firefox. Panopticlick now reports my user agent as "Googlebot/2.1 (+http://www.googlebot.com/bot.html)"

Which is only part of the fingerprinting model. To an uninitiated user, tor by itself is useless.

Which is only part of the fingerprinting model. To an uninitiated user, tor by itself is useless.

Yeah, you're right. I'll get back to working on my browser plugin details and system fonts :boggled:

Yeah, you're right. I'll get back to working on my browser plugin details and system fonts :boggled:

I expect someday soon we will see someone come up with a browser plugin to combat this.

Which is only part of the fingerprinting model. To an uninitiated user, tor by itself is useless.

But isn't this defeated by some simple measures? I turned off Javascript and most of their fingerprint data was not measurable anymore. Turn off cookies also and you're only left with the User_Agent string and the HTTP_ACCEPT header. You can tweak the first - set it to Googlebot, or set it to IE8 to get a meaningless value. For the second, don't set any language preferences other than English and it's meaningless too. So it's not like rocket science - OK, granny won't grasp this but the average power user raised in the internet age understands it. As you don't want to surf the net all the time with those settings you use another browser than your standard browser for anonymous browsing.

Unless you swipe a machine your IP is logged, I would think. No that would be assigned on the fly. But your machine ID?

I was thinking about this yesterday when they were talking about that horror chick that cut the baby from it's mother. Evidentially they tracked her thru a chat room and nabbed her in 23 hours. All via the Internet, or so they said.

mac address is specific, but with multiple usb wifi sticks.....

If you use a chain of proxies I don't see how it will be possible to follow the track. No court order will be appliquable to all elements of the chain. And of course it takes only ONE of the member of the chain to delete their log, for anonymity to be assured.

nimzo

connection would be unreliable and slower than mud though.

connection would be unreliable and slower than mud though.
Yes for online browsing, but usable for sending an anonymous email for example.

nimzo

But isn't this defeated by some simple measures? I turned off Javascript and most of their fingerprint data was not measurable anymore. Turn off cookies also and you're only left with the User_Agent string and the HTTP_ACCEPT header. You can tweak the first - set it to Googlebot, or set it to IE8 to get a meaningless value. For the second, don't set any language preferences other than English and it's meaningless too. So it's not like rocket science - OK, granny won't grasp this but the average power user raised in the internet age understands it. As you don't want to surf the net all the time with those settings you use another browser than your standard browser for anonymous browsing.

We covered this already. Turning off javascript and changing your header covers some of the identifying information. With javascript off and my headers changed, I still had 10.24 bits of identifying information according to their algorithms. Please go back and reread what the project is actually doing.