Keys to keep your internet activity private

Question

This is not any stupid question for me to do bad things on the net. I was trying to understand this topic, and now I want to test if my research was ok.

Suppose you do not want anyone (really anyone, no one, no person in the world) to know who is the author of one image you want to publish (not gonna publish anything, just an example).

What I would do:

• Get a new laptop/computer/smartphone (so that every possible known detail is now NEW.)
• Do not access ANY personal account (no hotmail, no facebook, no twitter, no-thing...).
• Upload this image from a random new wireless access point.

My questions:

• Buy a new laptop? Necessary? Format is not enough? Using a Virtual Machine?
• Random wireless access point? Necessary?
• What if I was wearing my already-known mobile phone in the pocket? Could governments get my name from any connection?

Edit: I think the most important thing is NEVER connect to a personal account, is this really the most important point?

Answer 1

Every network card has unique MAC address that's used for network communication before IP-based connection is estabilished. That's why using your everyday PC isn't a good idea. That's also why using a new PC isn't a good idea, as its MAC is unique too.

MAC itself indicates network card's manufacturer that you could possibly contact. Then you can ask them for some more info and this way possibly even track down where that network card/laptop with that network card was sold to you. If they have surveillance cameras, then they know you.

Using a virtual machine isn't a solution, as entire network communication will still be routed through host machine via NAT.

Possible solution: mask MAC address before connecting.

Windows has a bunch of services that use your network without your knowledge, especially one that checks if your connection works. So basically it will try to say "hello" to Microsoft everytime you connect to the Internet. There's also Windows Update, time synchronization service etc. etc.

Possible solution: use custom Linux distro, those are easier to keep in check as you can compile those yourself, checking every single line of code. (it's paranoid, but we both know your question is too ;)

Many other apps have autoupdaters running in the background - every single one will try to contact some remote server, telling it something about your connection.

Possible solution: use a firewall with whitelist. Make sure it doesn't call somewhere itself.

Your browser will be quite unique, you can check it here. The one I'm using now is unique among 2,987,405 tested so far. So was Chrome on my Android smartphone.

I can't think of any reliable solution for this problem, because there's no such thing as an "average browser".

You're not anonymous when using public Wi-Fi. All your communicaton can be easily captured and intercepted with a $100 device and there's no reliable way to check if your connection is safe. On the other hand, encrypted Wi-Fis are usually not anonymous by design - you need to acquire login credentials or connection password, and this limits the number of potential suspects greatly.

Possible solution: I can't think of any. (comments are welcome)

Your IP discloses your Internet provider, and thus your approximate location. Possible solution: anonymous proxy (if you trust those) or Tor.

Your phone. Well, that's a long story. You never know if it's not tracking you right now. You can use Replicant or something like that, but it's just software and you can't be sure what's in your hardware.

If your phone can get it's location based on GSM towers in radius, then they can identify you too. That's just for starter.

The Google Car doesn't only take photos for Google Maps, it also saves names of Wi-Fis in radius. When you run Google Maps in your mobile, it will first try to get approximate location using GSM and then by names of networks your phone can connect to. Basically, it probably can approximate your location to a circle with diameter of 30 meters. But I guess your phone has GPS too, so...

Turning the phone off isn't an option, as you still don't know if it's completely off. SIM card isn't required for it to operate. Battery is, but not all phones have removable battery.

Answer 2

Try this one out as a thought experiment.

1. Load the file on a USB drive
2. Walk to a random Internet kiosk that allows you to use these drives
3. Do not use any personal authentication (no logins with your passwords)
4. upload this file to one of the many sites that allow anonymous temp uploads
   (a quick search shows https://filetea.me/default/ as an option); write down the URL
5. Change to another random Internet koisk
6. Upload the file from that temp URL -- to wherever
7. Consider using stuff like http://www.onion-router.net/ in addition

Having done all this... the real question about your privacy is a function of the cost of what you want to keep private. Think about that too.

In other words:

Buy a lock 
that is costlier to break 
than the cost of the thing it protects 
by orders of magnitude proportional to your paranoia ;-)

Answer 3

You are looking for TAILS, The Amnesic Incognito Live System. Based on Debian Linux, it is a live system that aims at preserving your privacy and anonymity.

From their about page:

It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

It runs on a CD-ROM, or a DVD, or a Flash drive and only stores information in RAM, It will not save anything to a hard drive, even if swap space is available. This means that ultimately, your data can't be traced to the computer you are on. Rather than quote the rest of their about page, go take a read and see if its of any use to you.

It is important to note all of the above answers information, and if you're uploading images, you should also purge their metadata before saving them online. That's one further step towards anonymity.

Of course, if you're hosting the blog on hosting you've paid for, then you must anonymize yourself there too. Pay for WHOIS privacy, or use a third-party domain management service. Set your web server to disable log creation. This can be a pain for those wanting to troubleshoot issues, but it is another avenue of retracing those who connected from what IP address at what time ... so turn them off.

Answer 4

Buy a new laptop with cash, upload the content with a live linux distro from a foreign location via a proxy chain or other methods (Using a new user account and new email address with fake names etc), power down the computer and reduce everything down to a molten pile with an acetalyn torch.

The most important point however is not to upload anything at all and know that you are never truly anonymous. Luckily there is so much data out there, you basically have security by default.