If you’ve gone through and removed as much extraneous data about yourself as possible, and set up an anonymous identity, the last thing you want to do is get exposed while merely traveling and using the web.
There are several ways that someone might use your email, web server, IP or other internet activities to track you down and find you. Luckily, it takes a hacker of more considerable skill than most people to track you using your IP, but it’s still worth protecting where you can. The following advice should be taken in consideration of just how anonymous you want to be. For some people, being anonymous is a matter of life or death, if they’re blogging with dissenting opinions in a place that doesn’t allow free speech. For whistleblowers, being uncovered could lose them their job and for people in some industries, like the sex industry, anonymous blogging is merely smart practice.
Even though a subpoena can force an internet provider to reveal your information, that is significantly harder to do if your IP address is not known to begin with and there are ways to go about ensuring your IP and other internet activities are as secure as possible.
What is an IP?
If you’re not very good with technology, then the best way to explain IP is this: your IP is like your internet fingerprint. Just in real life where everything you touch with your bare hands leaves prints, everywhere you go on the internet leaves your IP. It is the address your Internet Service Provider assigns to your connection, and through it you gain access to the web. When you go on sites or leave comments on blogs, your IP is automatically logged. Just as in real life where wearing gloves prevents your fingerprints from being imprinted, so too can you prevent your IP from being reliably recorded.
When and where your IP is collected
Every time your visit a site, your IP is collected. Whether it is blogs, websites or social media. Depending on the blog type, your IP may not be accessible to the blog owners if you are just visiting. However, for most self-hosted blogs, once you comment, your IP is recorded and the blog owner can have access to it unless it is anonymized.
But first you need to know something about your IP.
Static vs Dynamic IP
Depending on your Internet Service Provider (ISP) you will have a Static or Dynamic IP. A static IP is a constant IP address that you always have. It doesn’t change unless the ISP changes it for you and so will log the same IP on every website you use from that connection. A Dynamic IP is one you share with many people. Every time you log on, your IP will be different. There are a lot of benefits and drawbacks to both a Static and Dynamic IP and you can read about them here. However, for the purposes of staying anonymous, it’s best if people never locate your real IP. Which is why you should consider using:
Using an Anonymizer while browsing is like putting on a pair of gloves. An Anonymizer, like Anonymouse or HideMyAss works as a CGIProxy (Common Gateway Interface Proxy). This is a very technical way of saying that the service tricks your server about which webpage it’s looking at. Most people use it to view blocked websites (particularly in countries where freedom of speech is limited) or for watching videos on YouTube that are blocked for their country.
I covered some of the more secure emails providers to use in Part 2 of Blogging Anonymously. But sometimes it’s HOW we use our email address that can get us into trouble. Emails like Yahoo, Hotmail, AOL and Outlook express are not secure. When you send an email from a Yahoo account, your IP address goes with it and is accessible if someone knows how. Emails like Gmail will encrypt this data – however, as you see below, it will depend on how you use Gmail.
Email headers contain information sent with you email to the recipient. Most people only see the bare basics which include name, email address, time/date stamp and subject. However, that’s not all your email sends. You can find your full header here to see what others could find out if they knew how. This is dangerous because a header is generally used to verify who you are and assure the receiving email that you are legitimate. However, in the wrong hands this could be problematic if your IP is included and not encrypted. Here is a guide showing you how easy it is to find the sender IP for several email providers.
Of course, using the right email service to ensure that your IP and header information is secure is wasted if your use a general mail app such as the one on a tablet device or Microsoft Office. This is because you are not actually using your secure email – you’re using a pushing service. Thus the mail app or Apple Mail/Microsoft Outlook will push your full header onto the email. Only send emails from phones, tablets, or mail programs if you trust the recipient.
If you have a Google+ account, then you should know that Google+ requires your authentic name and information. If Google finds that you aren’t using your real name, then that account, the google email you used to create it, and any blogs or log ins you use for that email will be frozen too. If you created a gmail account to blog anonymously with, you should never link it to your Google+ account or you will be extremely easy to track down and find.
Depending on the type of blog, it may reveal a lot of information about you. If you are using a free blog like blogger, SEO Blog etc then someone may be able to keep track of the other blogs you use for that email address. Even self hosted blogs, when using the wrong server and with the wrong set up can give away their information.
If you are hosting your own blog, then you will be looking for a domain to host it on. However, a domain will need to be chosen wisely. Domains like GoDaddy require extra payment to make your information anonymous. Thus blogs hosted off of GoDaddy, who haven’t paid extra, can reveal your name and address using the most basic of searches through the hosting data. There are plenty of other, though more expensive domains that will automatically hide your information for you. Or you can still use GoDaddy but ensure you purchase the extra protection.
Google Analytics is a program that many blogs use to track traffic and pageviews for their blogs. However, most don’t know that Google Analytics can also be a way to have your information revealed. This information is only applicable to those with multiple blogs, who have google analytics activated on both. If one of those blogs is anonymous and the other is your personal blog, and if they both use Google Analytics, then that can be used to link the anonymous blog back to you by finding you Google Analytics code and searching for it. Since Google links you blogs, Youtube, Picasso and other google-related information for the one account, a clever web search can reveal the link between the two blogs using this simple program. It is exceptionally easy to find the Google Analytics code if you know what you’re doing. It is as easy as right clicking on the home page and viewing source for the page. Here is an account of one such netizen doing so.
When typing in web addresses, for many people, it’s instinctive to type the “www” prefix to the address. However, especially for sites like banking and ones that accept credit card information, typing “http” forces your browser to go through the encrypted page and therefor your online activities won’t be logged by a filter. However, this method is only as secure as the site you’re using and thus shouldn’t be relied upon entirely to keep your activities secure.
Without prejudice or malice, my suggestion if you are using Internet Explorer is to immediately track down and use basically any other Browser. Chrome, Firefox, Safari, Opera, Tor (read the section below first) anything else. Internet Explorer, whilst comfortable and familiar to many, is not secure.
Stealth Mode, Private Browsing, InPrivate – these are all functions that many browsers offer. These are not anonymous browsing options. They won’t hide your IP or your web presence. What Stealth Mode and Private Browsing do is change your browser function so as not to record your internet history or accept cookies from websites.
So whilst this doesn’t affect your online presence, it does make a difference if you are signed onto a public computer, borrow a computer or share your computer.
Tor is an onion browser. So whilst you use it like a normal browser, it routes your data request through a network of servers across the world. It does this by encrypting your data, routing it through anywhere between 2 and 20 other servers, while decrypting it as it arrives. This makes it difficult for your identity to be tracked whilst browsing the web, messaging or posting since the data has been routed through so many different servers.
The downsides to Tor is that it will slow down your connection – since the information is passing through multiple servers it takes longer to arrive and lowers your download speed. Therefor most people limit their use of Tor for when they’re doing things they don’t want tracked or recorded. Another side effect is that TOR may report your location as Germany or Japan – thus taking you to sites in a language you can’t speak.
Tor also can be blocked by some servers depending on what country you’re in and what server you use.
If you wish to use TOR to blog with extreme anonymity, then here is a step by step guide to doing so.
Webcams are a good way of connecting and talking to people on the internet. However, there is a growing concern over hijacking software that can operate your webcam without your permission. This can be done by opening attachments on emails with viruses attached or by using your webcam on chatroulette or similar sites since most users never update their webcam password from its default setting.
If possible, webcams should be disconnected when not being used, covered or have the privacy visor down (if it has one.)
Viruses are out there and there is no such thing as a completely secure computer if it is connected to the internet. They can be transmitted for a number of reasons, but we’re focusing on viruses or trojans transmitted by people seeking to gain information on you. They can do this by infecting your computer with viruses that record your keystrokes, that can hijack components of your computer or get access to your harddrive or any shared folders through an unsecured internet connection.
For most novices, the most they can do to protect their computer from viruses are the following:
Purchase antivirus software and keep it up to date.
Maintain a firewall
Update regularly if you are a Windows users: Most Tuesdays is update day for your Windows. Windows provides these updates, not just to fix bugs, but to close vulnerabilities the system has to viruses. As a result, many viruses are now programmed specifically for systems that haven’t been updated and still have those weaknesses. You can turn on automatic updates for you computer – but if you don’t, check for updates at least once a week.
Avoid Phishing – this is not simply referring to Nigerian princes and bereaved widows looking to have someone take care of their investment. Most of the Xbox users hacked over the last few years were phished while casually chatting with other players. Most email providers ask all the same security questions – and many people provide real, accurate answers to those questions. So think before letting someone know what your mother’s maiden name is or your pet’s first name or the first street that you live on. It’s incredibly easy to have all the right information phished out of you in a friendly conversation without even realizing. Better yet, provide false answers – just don’t forget what they are.
The most popular passwords used are:
1234, 123456, 12345678, password. Having a secure email largely rests on having a very secure password. Having a password that is easy to guess or that a program can break with ease, is a huge security liability when you consider how much personal information exists in your emails. How long does it take a computer to guess your password – even if it is a 9 letter word? Anywhere from instant to 28 hours.
So what should your password look like? The Cracked article linked above suggests one method:
“Every Halloween, the trees are filled with underwear; every spring, the toilets explode.” Now, type out the first letter of every word in that phrase, picking different letters or adding punctuation wherever feels natural for you, resulting in a password like “eHttRfwu;estte.” By using something that isn’t a word and never has been, you’re increasing the pool of necessary guesses exponentially.”
Being mindful of how you use the internet, and seriously considering your computer habits can make a big difference in your online experience. The above technical information will soon be outdated, and nothing can protect you against someone who truly knows how to hack. However, every step you take to make it harder to be tracked limits the pool of people with the skill level to unearth your identity. You may find all of the information above applicable to your practices, or none. But being informed is the first step. Even if you have been extremely lax with your personal data up to date, or fear too much may already be out there, it really isn’t too late to cut back on your exposure and start blogging with an increased focus on security and guarding your data.
Anonymity while blogging can be very difficult. But for those in a vulnerable position, or who are interested in protecting themselves from threats or stalkers – it can take a great deal of stress out of your life. It’s not a choice for everyone, but considering the real world repercussions many bloggers are facing for sharing online, it’s becoming something every blogger should seriously consider.