February 15, 2014 — nobreadcrumbs

Good morning/afternoon/evening.

I want to tell you how I made a “No Breadcrumbs” blog, and by that I mean I’ve made this blog without a trace, I think.

Before we begin, let me tell you a little about what I was used.

USB Stick (4GB, but I would prefer if it was 8GB)

Ubuntu Live CD

Tails OS

Bitcoins

Let’s begin.

I bought bitcoins via an anonymous LocalBitcoins.com account, using Tor ( which I will discuss later). I found a seller who was willing to negotiate with me using PGP encrypted messages. We agreed on a time and place where I would put money. I confirmed in advance that there were no surveillance cameras nearby, and put the money in the drop. Within eight hours, the bitcoins were released from the escrow service. I then used my Bitcoins to buy a laptop and a USB stick.

I dissected the laptop and confirmed that there were no hardware keyloggers installed inside. I then proceeded to insert a Ubuntu Live CD and booted into Linux. I then downloaded and installed the Tails operating system on my USB key.

Tails is a Debian operating system mainly centered around anonymity. It forces all network connections through the Tor network. The Tor network is simply a large amount of “nodes” that transfer encrypted web traffic between each other to hide the identity of a user. Tails also securely wipes the RAM of the computer it is used on, and keeps the files you ask it to keep (that are stored on an encrypted partition).

I started Tails and configured the encrypted volume. On this I stored my Bitcoin keypairs, this blog, and a KeePass database. KeePass can generate passwords which are very strong and I make sure they each have at least 400 bits of entropy.

I then made an email account on safe-mail.net, and used it to make a GitHub account. After trying several times to configure Octopress, Pelican, Hexo and Cabin, I finally decided to use a simple static site generator (made in shell) to generate my blog. I chose bashblog. I’ll write a post, push it to GitHub and it will live at nobreadcrumbs.github.io!

How could my identity be compromised?

Option 1: DNS leaks of any kind

I access the Web from a public place, and route traffic through my two VPNs. I also check for DNS leaks when I access the Internet. The furthest someone could get with this method is what is the IP of the public place from which I access the Internet, which provides no information because I never go to the same place twice.

Option 2: My Vocabulary

You might think you can identify me by analyzing my vocabulary. To prevent this, I find synonyms for each word that I use, and run my posts through many layers of Google Translate. It goes something like this: English >>> Foreign Language >>> English (I corrected all errors) >>> Foreign Language 2… Up to six different layers. I got this idea from UntraceableBlog.com (it was the last piece in my mission , thank you for that!) :)

Option 3: Identifying me Through my Bitcoin Dead Drop

I lied at the beginning of this post. I did not put the money in the dead drop. I met a friend, told them to put money there, and I left without a trace.

Option 4: A kind of other attack

It is unlikely that there has been another attack because of steps I have taken above.

I hope that you learned something about anonymity, and maybe you can create an anonymous blog, too! I’ll probably use this blog to something else in the future. Until then, goodbye! (Psst! If you enjoyed this post, I'd appreciate if you donated some bitcoins to my bitcoin address (1CsZ2stsY3fnjmKWVEEfJeBiUdUVQbjWib)