Anonymity in the Internet epoch
What infrormation you always leave for further analysis and your identification
- IMEI of your mobile or modem
- ID of SIM/UIM.
- list of phone numbers you called to and you was called from
- credit card number
- HTTP cookie stored by your browser
- your IP-address and time when it was used to access some internet resources
- MAC-address of your network card (NIC), WiFi or BlueTooth module.
It may be easier when you use IPv6.
- list of attended sites with timestamps
- accounts in social networks and internet forums
- GPS track from your smartphone, from web maps (and their APIs), from intercepted requests to map APIs
- Talks via cellular phones, SMS. They may be recorded. History of calls is always stored.
Note, talks over GSM can be recorded with help of radioscanner without assistance of mobile operator.
CDMA sessions cannot be intercepted in such way.
- all messages via ICQ, Skype are insecure. Internet markets are insecure too.
- IP-telephony without encryption.
- web-browser always send info about its version and OS version of your PC/smartphone
- photos, videos, audiorecords always contain info about hardware model (e.g. camera model), timestamp, etc. in metadata
- Your personal data, system name, file location on local storage are often included in metadata if office documents.
Sometimes they may contain full history of document changes. Compiled executables also may contain information abouyt your system.
Information which can be obtained after some research:
Separate important issue - verify other side authority. All digital sertificates, keys, signatures, etc. do not identify person.
They identify hardware and software-client. Thus, you must ensure (for example, with spacial phrases and proper responses)
if you communicate with the one you expect, not intelligence agent.
- geolocation of mobile device based on GSM/NMT triangulation
(measurment of signal level on different base stations).
This method doesn't work for CDMA standard.
- time when you accessed internet rosources based DNS log and banner/counters/trackers log.
- correlation between your different accounts is possible via cookies from 3rd-party sites (banners/trackers). When you open
web page of your account 1 you often get some advertisement links. Browser send request to banner/tracker site with
reference to your current page. Site returns image with cookie, browser saves it. Later you open account 2. With some
probability you will get advertisment from same tracking site. Since browser remember cookie, it will send there request with both
reference to your account 2 page and cookie derived during previous session with account 1. Now, tracker knows that
both accounts belong to one person.
- your physical address can be determined by IP- or MAC-address (your ISP knows).
- your friends
- your photo from observation cameras on ATM or cash-desk when you use credit card.
- model of mobile device from IMEI
- sometimes it is possible to determine model of your PC/smartphone from MAC-address
- with help of malware it is possible to get list of attended sites and stored cookies
- also it may be possible to determine your detailed hardware configuration,
- you may get trojan wich can access everything on your PC/smartphone including contact list, files, history, camera, microphone
- mailboxes on public servers (gmail, yandex, mail.ru etc.)
- contacts and delivery addresses from internet shops
Appears, that after some period of maining your public information and several requests to ISP/hosting providers/cellular operators
it is possible to get to know almost everything about you. So,
- all hardware (from modem to noutebook/PC) are used to operate with anonymous account(s) only.
The best practive - run everything on virtual machine in other conntry, where local security officers cannot get access.
Minimal set - VPS
- never use any other PC to get access to your anonymous accoiunts. Also remember, that most places with
free WiFi are often equipped with video recorders.
Along with this, public computers may have key-loggers.
Sorry, full verison is in Russian only yet.
Special tnanks to Max Tulyev
IT-namet Euromaydan (in Russian only)
Mail to alterX@alter.org.ua (remove X)
||designed by Alter aka Alexander A. Telyatnikov
||powered by Apache+PHP under FBSD