Reading time is: . This article is: words long.

Introduction

In this article I'm going to tell you about multiple steps you can take to stay anonymous online. If you're in the USA and you've heard about the recent changes to our laws then you're already aware that your ISP is now legally able to track all of your online activity and sell it for any purpose they like whether to advertisers or anyone else willing to pay the asking price.

If you live in the USA and think you're not being spied on by the government in addition to advertising agencies I encourage you to read this wikipedia article on the massive government data center suspected of mass harvesting communications. Click here to read the article.

Secure your DNS

One of the first steps you must take if you wish to stay anonymous online is change either your local machine or your router's DNS away from your ISP. There are numerous free and paid DNS providers out there.

Two I would recommend are OpenDNS and Comodo Secure DNS. This will provide a little bit of extra anonymity, but alone is not perfect. Please keep in mind that even these DNS solutions mentioned will log your data. By doing this you are obscuring your web traffic which is different from true anonymity.

Get yourself a VPN

Purchase a VPN service that offers strong encryption and ideally no logging or minimal logging if you can't get no logging. It is also recommended to purchase your VPN service from a vendor outside of your country. The reason for this is because it makes it harder for your home country to obtain traffic logs if any are available. For a list of reliable VPN vendors I suggest you checkout the website called Torrent Freak. This site is well known and gives honest reviews about which VPN services are best at protecting your privacy. When deciding on a VPN you should also choose one that has a Warrent Canary File. This will alert you that the company is under government surveillance and that you should immediately discontinue the use of their service.

Additionally, many of you readers will ask... "Hey, what about free or paid proxies". Generally speaking, you should avoid free proxies like the plaugue as they are often given up for free, because they are used by hackers to traffic data and are using you to add noise to the line so to speak. This means if a government agency is trying to track down a hacker you could be accused of wrong doing. Furthermore, free proxies are well known to intercept and steal passwords and perform man in the middle attacks stealing your sensitive data. Paid proxies are a little bit better, but often times they are sold by vendors operating illegal botnets and you can still fall victim to the same attacks done on free proxies.

Clearing Browser History & System Application Data

For this there's really only one tool I would recommend. This is called CCleaner by a company called Piriform. They have both free and paid versions, but for most people the free version will get the job done. I urge you to download CCleaner.

As an added bonus, this application has the capability to securely erase files or entire disk drives. It also has a swiss army knife of other features such as, disabling startup programs to achieve faster load time as well as making the ability to find and uninstall software a lot easier than the native windows utility. NOTE: Securely erasing data can often take quite a while. For everyday use I would use at least 1 pass of secure erase as this will stop average level attackers. If you're worried about sensitive data or state sponsored attackers then go for the 35 pass.

Install Privacy and Security Addons

Install privacy add-ons / extensions to your browser. Several I would recommend are:

Ghostery (block ad trackers, analytics, and other forms of online tracking services). However, with this addon be sure to opt-out of their data collection they request. If you don't do this they will take the data they learn from about you and sell it to ad networks. This is rather hypocritical, but that's how they make money Install AdBlock+ , AdBlock Edge, or UBlock Origin (chrome) (FireFox). If you use AdBlock+ be sure to go into the settings and disable the acceptable ads. Several years ago AdBlock+ basically sold out their values for money when big players like Google came to them offering money to essentially be whitelisted. As an added benefit to installing an ad blocking plugin you will also significantly enhance the security of your browser by avoiding ads with malicious payloads such as drive-by downloads that install malware on your machine just by viewing a web page with a specially crafted ad. Install a Canvas Blocker plugin (chrome) (FireFox). Using HTML5 Canvas Technology malicious websites or even regular websites can uniquely identify your device and track you across the web with near pinpoint accuracy. Install the plugin Track Me Not. This plugin generates random web search queries to the major search engines to obscure your actual search history. It also enables you to add a custom black list of words to exclude from searches to avoid accidental search queries that you would definitely not want to have in your search history. Install a keyboard privacy addon. Websites using sneaky JavaScript can monitor how you type on a web page and observe patterns to create a unique fingerprint of you and use that to later track you. A Keyboard Privacy addon will randomly alter the rate in which keystrokes are delivered to the web page. This can slow down the response rate of your keystrokes significantly with the default settings so be sure to edit the settings to meet your specific needs. If you're like most people and you use Google a lot you may not realize that every search result you click on doesn't directly lead you to the destination website. In recent years Google has been up to some sneaky tactics making the process of intercepting your link clicks and swapping it with it's own tracking URL that then takes you to the destination web page. Usually the process is so fast you will not notice it, but on slower connections this becomes more obvious and you can sometimes see the redirection as your browser lags a bit. Luckily, there is a plugin, which removes this redirection code and thereby makes the results you click on more anonymous, but keep in mind Google still likely has numerous other methods to obtain this data. One such method might be heat mapping. Another type of plugin you can install is called a user agent spoofer (chrome). This makes it appear to web sites you visit that you are using a different browser than the one that you actually are. Please keep in mind that while this will work for the vast majority of sites it won't work for all. Sites using the popular services such as, Distil Networks and Cloud Flare have anti-bot technology that scan your browser for abnormalities and if the detect you're saying you use one browser, but they are able to determine that's not true they may restrict your access to that particular site and if you still want to access that site you may need to disable your spoofed settings while browsing that site.

Secure Web Search

The next step to online privacy is using a search engine such as Duck Duck Go, which clearly states it does not track your searches and only performs minimal logging to prevent abuse. If you're searching for something private or something that you don't want on your Google search history I would highly recommend you consider this search engine.

Anonymoize your Web Traffic

If you want to take your level of privacy a step further than I would highly suggest you install the TOR Web Browser by the Tor Project. This software uses technology called onion routing to obscure the origin of your web request by bounces your traffic from server to server all across the world using encrypted tunnels. This is all done in the background and the software has the familiar interface of Firefox since it is built on top of that browser software. The TOR Web Browser also has a couple extensions that are definitely worth talking about such as, HTTPS Everywhere by the well known Electronic Frontier Foundation. This group is a non-profit dedicated to privacy and internet freedom they are well trusted and a serious advocate for privacy issues.

They also have an active legal team that works hard everyday to protect the rights of the people from oppressive and hostile governments. Another browser extension that the Tor Web Browser has built in is called No Script. This blocks all JavaScript from running except that which you explicitly allow. This means that 99% of trackers simply will not be able to run in any capacity.

The only real tracker that might remain are web bugs aka image based pixels that relay data back to a tracking server. These web bugs are typically used for advertising purposes, but could also be used to track you for any other reason. Because some governments and ISPs will track your TOR usage I would encourage you to connect to your VPN service before using TOR. This will significantly enhance your privacy and security and even if a web bug attempts to track you it will only be able to get the IP Address of the VPN service you're using not your home or work IP address.

If you're on a mobile device and want the benefits of TOR you can use the mobile application called Orbot and it's companion app Orfox. These are both available on the Google Play Store.

Addressing Web Browsers

If you wish to decrease the ability of sites to track you go into your browser settings and enable the "Do Not Track" feature. While many websites respect this feature some absolutely do not. So don't rely on this alone for anti-tracking. Another thing that will help, but is not perfect is using the Private Browsing mode for your preferred browser. Not all browsers have this feature, but Google Chrome and FireFox both do.

Also, please keep in mind if you are using the Chrome browser and you are signed in to Google from within the browser this pretty much voids all efforts at being anonymous so be sure to sign out before conducting private activity. If you're interested in a more secure and private browser it might be worth it for you to look into Comodo Dragon Browser. You should also be on the lookout to see if your browser is secretly revealing your IP Address through Web RTC requests. You can check using this tool.

The Dangers of HTML Email

Most of us love the pretty HTML emails we get that are nicely formatted, include images, and colorful fonts, but herein lies a serious problem. If an attacker wants to track you or obtain your IP address among other possible information such as, when you check your email all they must do is include a tiny image that is loaded remotely.

This image most often known as a tracking pixel when requested from your email client sends back your IP address to the remote server. This tracking pixel can also be time-stamped to see when you opened the message and if done over enough time the attacker can actually build a profile of when you check your email and use that to know the best time to attack you. They can also add tracking parameters to see which types of emails you open from a variety they will send.

This will aid them in a spear phishing attack where they can use the information they have collected to either target you when you'll most likely be away from your device or the opposite... They can target you with an email that you're likely to open that contains or links to a malicious payload or drive-by exploit.

The worst part is these pixels are almost always transparent images so when HTML email is enabled you won't even see it's loaded. Also, most email software doesn't tell you when or from where it's downloading a remote image so you will have no idea you're being profiled if you're using HTML email. This is unless you were to inspect the message source code and even then the image could be a part of the layout or something not easily recognizable. There's nothing that says they have to use a transparent image. The attackers creativity is their only limitation.

It's also worth noting that once an attacker has obtained your IP Address they can run your IP through a service like MaxMind and obtain even more data like who your ISP is and your approximate Geographic Location down to the city.

Anonymous email "drop boxes" aka disposable email services

If you’re interested in receiving email, but are concerned about spam, tracking, or other privacy services you can do a search for 'disposable email' and you find a lengthy list of sites that offer to receive email on your behalf. Two disposable email services I suggest are: Guerrilla Mail and Mailinator.

Typically these services only store the email received for a short period of time and then purge the inbox. Please keep in mind that not all of these services password protect the inboxes so anyone who knows the address can typically read the emails sent to that inbox. For this reason I would not use these services for highly sensitive mail.

Get yourself a secure email account

While these are hard to come by now a days there are several vendors such as proton mail. Proton Mail now offers Multi-Factor Authentication. This includes the standard username and password followed by 2-Factor Authentication using Google Authenticator App, and a decryption password.

Proton Mail is based in Switzerland with their servers literally inside of a mountain. The benefit of your email being stored in Switzerland is they have very strong privacy laws. If you’re unable to obtain a secure email account then consider using PGP encryption when sending emails. Mailvelope is a good browser extension to help you do this. If you insist on using gmail you may want to check out: https://www.streak.com/securegmail.

Secure your Social Media

If you use popular social media services, such as Facebook or Twitter be sure to check your privacy settings. Facebook has quite a few options to make your profile more private such as, not allowing people to find your profile by email or phone lookup.

For Twitter do things like making your tweets private or to only people that follow you. Be sure to block random people who you don’t want following you. If you are concerned about being stalked online then it’s best to just delete your social media accounts. [GUIDE TO DELETE SOCIAL MEDIA]

Use a burner phone

Many websites offer 2-Factor authentication as a security feature typically they will offer SMS based options. While this will enhance your account security it essentially gives the service a unique identifier that can easily be tracked back to you. It is good practice to pay for your burner phone in cash and rotate your burner phones out at least monthly. The actual amount of time will vary based on your unique requirements.

Another thing to keep in mind even when using a burner phone is to disable GPS tracking and never connect to unsecured or unknown wifi networks. Also, if you're looking for a more secure smart phone for general use I would recommend purchasing the Black Phone by a well respected phone maker named Silent Circle who has a strong emphasis on privacy and security. They even offer an app for encrypted phone calls called Silent Phone. However, this is a paid service unlike the free and arguably better service called Signal by the software company called Open Whisper Systems.

Leave no Trace

The next thing I would like to talk about is for people who are highly concerned about their privacy. Pretty much all modern operating systems log huge amounts of data on what you do on your computer, where you go on the web, and a whole lot more. If you do not want any physical evidence of where you've been there are two steps I would highly recommend you take.

First is to disable logging on your router. I would say that for 95% of people there is absolutely no reason you need to have a record of the websites you visit on your router and this leaves you hugely exposed should a government agency burst into your home and seize your computer equipment.

The second thing I recommend you do is use a Linux Live CD such as the one offered by Ubuntu. Ubuntu is a extremely robust operating system and with the live CD no physical data is stored. All the necessary data storage is done in memory (RAM) and once you power off the device it's gone. Although, I personally love Ubuntu if you want an even more secure operating system you can go for another Linux flavor like Tails.

Secure your Network

Be sure to password protect your router. You may not know this, but there are attack methods out there that allow a malicious web page to guess or brute force the password to your router. Once the credentials are stolen it is generally trivial for an attacker to analyze what's going on in your network and they can do things like look at traffic logs, install botnet code, intercept secure web pages and hijack credentials or even phish your credentials for later usage such as logging into your online banking and draining you of all your assets.

As an added measure of protection you should login to your routers administrative panel and block known domains for ad servers and trackers. If you have a Netgear Router I recommend you read this article. If you're not using a netgear router don't worry the process is identical for almost all modern router models. On some routers you may need to blacklist site manually and others may allow a bulk import of URLS. If your router only allows adding sites one by one you could always use a Macro Script browser plugin to take your list of URLS and submit them to the web interface for the router by going line by line through your blacklist database.

Cover Your Webcam

Even the Director of the FBI recommends you take this precaution. With the vast array of trojans and malware out there many of them are using your web cam to take pictures of you for extortion or to see when you're not around. They can use the knowledge of when you're not in front of your computer for data exfiltration with relatively low risk. Click here to read what the director of the FBI says about webcams.

Avoid using the OAUTH protocal

Using OAUTH makes registering for new sites quick and easy, but you might not realize just how much information and privacy you're giving up. Everytime you use OAUTH you're essentially telling Facebook, Google, or any of the other major sites where and when you're browsing. This is like leaving a digital trail of cookie crumbs leading straight back to you. The solution is to use a pool of premade email accounts and randomly choosing an account to signup with. Optionally you can also use the disposable email services mentioned earlier in this article.

Why you should avoid US Based Providers for Security

In the United States companies can be compelled by secret court orders to install monitoring software, give up private keys to decrypt communication or even be given access to your online accounts in complete secrecy. Additionally, any company given such an order can be required by law not to disclose that the government has forced them to monitor you or their other users.

Why your online privacy level can effect the price you pay

There is something called dynamic pricing that companies especially in the US are starting to use. They aggressively data mine you and attempt to predict the maximum price you'd be willing to pay for an item or service so rather then getting a fair deal you could end up paying top dollar for an item that generally sells for much less from that very same vendor. Even your neighbor could be paying less than you for those same pair of shoes depending on what the algorithm predicts he or she can afford to spend.

Secure Data Destruction

If you're really paranoid and have cause to erase your magnetic hard drive then a solution such as, Darik's Boot and Nuke might be right for you. One thing to note though is the process can take days or weeks to complete so if you don't have plans to reuse the drive you might just be better off physically destroying the drive. This can be done effectively usually in 30 minutes or so. If you've got money to spend and you want government grade security checkout the Flash Zero producs by Charon Technologies these guys make bad A$$ SSD drives that with a press of a button can securely wipe your drive in seconds to a couple minutes max depending on the storage capacity.

First you will need to unscrew the casing on the drive, next use plyers if necessary to pry the magnetic disks out of the drive, then get a pair of strong bolt cutters and cut each disk into multiple pieces. Please bare in mind you'll need bigger bolt cutters that are strong enough to cut through the tough alloy used in hard disks.

You can find bolt cutters on Amazon or any hardware store. Finally mix up the pieces from each disk and dispose of them in random trash cans spread across a geographic area up to however far you feel like driving. As a side note you should avoid disposing of these pieces where there are cameras for extra security. If you're in a pinch and need to overwrite your drive more quickly one fast way to do it is to use full disk encryption software and a fast encryption algorithm such as AES-128 Bit. This will essentially very quickly overwrite your drive with random data and also fill up the free space on the drive which is often one of the first places government agencies will check for deleted files. Be sure to use a strong encryption key and destroy it promptly to prevent any sort of reversal to the drives previous state.

For USB Drives I recommend cracking the plastic case open with plyers or a hammer and then crushing the memory chip with a hammer. Once you have the memory chip smashed into very tiny pieces you can then flush them down the toilet. This is a fast and easy way to get rid of them. Although, this might not be the right option for the enviornmentally concious person, but if you're in a jam it's probably the quicest way to get the data destroyed and miles away from you as it passes through the sewer system.

If you're not using a public water supply and it ends up in your septic system it would still be like trying to find a needle in a very stinky hay stack. Not to mention an investigator would have to do excavation and crack the concrete before digging around. Also, checking your toilet and pipes is probably one of the last places someone interested in your data to look for it. Disclaimer: Do this at your own risk there is the possibility you could clog your pipes.

Hard Drive Encryption

If you're not using a Linux Live CD as previously talked about in this article then it's highly likely that there is at least some data related to your online activty. This is especially true if you're using the Windows Operating System and you have limited RAM. In the case of Windows when your physical memory is exceeded Windows will use something called a page file, which is a file that stores data when physical memorey is full. This page file can often be used to recover sensitive data that you thought was in memory. There are two steps to take here. The first is if you have sufficient memory you should disable the page file.

Next you should look for full disk encryption software. While the native Windows Bitlocker encryption is decent there's a good chance it has been back doored. This leaves you with some free and paid options. For free I would consider a solution such as Veracrypt, which is the evolution and hardened version of what was once TrueCrypt formerly one of the most popular and secure encryption solutions. For paid options I would probably shy away from US Manufacturers and go for something like DriveCrypt which, is made by a German company. Important: No matter how secure the encryption you use if you leave your machine powered on it is generally possible to retrieve the encryption keys in memory. Some of the best hackers have been compromised, because they did not power down their machines in time and law encforcement was able to grab their encryption key.

Mobile Device Encryption

If you're like most people then your mobile device probably travels with you nearly everywhere you go and the potential for loss or theft is generally pretty high. Most modern smart phones offer full device encryption. This is usually easy to find in the device settings. Be sure to enable thie feature not doing so could lead to the compromise of all your data and give an attacker or theif easy access to all your online accounts.

Although the pattern lock is an easy and convient option it has been proven to be highly insecure your best bet is to use a password. The pin option is also generally trivial to bypass. Also, most phones offer an option to delete data after X attempts you should enable this setting. I would strongly encourage no more than 10 attempts, but you can use less at your discretion. There are also many free and paid apps, which offer remote device locking and deletion such as, PREY. I would definitely recommend installing software like this.

Encrypted Chat

For encrypted chat on mobile devices I recommend using the app Signal mentioned previously in this article. However, if you want to chat securely on your desktop or laptop I would suggest using Pidgin and using the Off The Record plugin. If you don't like Pidgin you can go for a browser based chat application like Cryptocat. This software works in most modern browsers. Yet another alternative is TOR Messenger that recently came out in beta. As you already know by now TOR is a highly reliable service so it's also worth a look.

Connecting to the DarkWeb / DeepWeb

As with TOR there other ways to setup and view hidden sites online. The other two worth noting are called I2P and FreeNet. A word of caution, when connecting to these networks you may be exposed to content you don't want any part of so be careful where you "walk" on these networks. You may stumble across unwanted content so bad I won't even mention it here, just trust me. As with TOR you should always connect to a VPN before accessing these networks to avoid being profiled by your ISP or Government.

Some people ask why the dark web is such as big deal, well if you're a journalist or a whistle blower in oppressive countries then this may be the only way for you to get your information out into the public light. Tor, I2P, and Freenet aren't bad or evil in anyway.

Honestly, there's a lot of good and family safe content on these networks and truth betold you really have to go out of your way to discover the really nasty stuff. I've used these services mainly out of curiosity for new technologies over the years and have never come across any of the disgusting stuff you hear about in the popular media. With that said, don't be scared, be cautious and just like in the Clear Net aka. Regular Internet be careful what you click on. If you do that for the most part you should be quite safe.

Encrypt Your DNS Queries

By default all your DNS queries (how you request a website) are sent unencrypted this means your ISP or anyone else monitoring your internet traffic can easily see what sites you're attempting to access. This poses both a huge privacy and security risk. For example, if you're going to the TOR website your ISP knows you're doing this and might further want to monitor your activity. To solve this problem checkout this software DNS Crypt If you're a windows user you can check out Simple DNS Crypt, which is a windows GUI client.

Additional Resources

Steve Gibson at GRC. Checkout his netcast on YouTube called Security Now Steve's show features the latest in online/digital security and online privacy.

I recommend you buy all books by Kevin D. Mitnick.

This article on Cyber Security for Small Businesses discusses everything you need to know about how to protect your business in the digital age.

This browser addon called Noiszy Plugin helps to obscure your web traffic by creating digital noise to fool behavior based tracking systems.

Use Cryptocurrency for payments online. Example: Bitcoin

Test your browser to see if you're protected against finger printing and tracking here you can also check your browser for leaks here.

I recommend you follow Brian Krebs blog for the latest information about online hackers and identity theifs. Brian also discusses the value of your email address to an attacker. You'll be surprised at just how much value a simple email address has.

Additional Notes

Image Credits: Freepik. Logos are copyright their respective owners and used for illustrative purposes only. The owners of the images do not necessarily endorse the content of this page. All other images used were labeled for commercial use or listed as in the public domain. Other images were used under fair use law. If you believe we're using a copyrighted image please contact us for prompt removal of your work. We reserve the right to verify ownership prior to take down.