After releasing the first Anonymous Security Guide last fall, with feedback from the public, updated features, downloads and popular requests, we bring you version 2.0
At the very least, if you are going to interact with Anonymous you need to have a VPN. This should literally be STEP 1:
What is a VPN?
So what does this mean? To put it most simply: If someone tries to log your IP, this person will see the IP of your VPN service provider, protecting your personal computer. It will cost you money for a good VPN service, but you do get what you pay for in this industry. However, even on the lower end of price range spectrum, most VPN services do an adequate job.
Below are two of the most trusted VPN servers, there are of course many others if you do the research. We recommend the following services because they allow users the most options/control over settings. They are also some of the most highly rated VPN services by several leading sites.
– Buy IPVanish: https://www.ipvanish.com/?a_aid=anonymous&a_bid=48f95966
– Buy Nord VPN: https://nordvpn.com/
– Buy MullVad VPN: https://mullvad.net/en/
Free VPN’s do exist, but use at your own risk. The most trusted free VPN’s appear to be RiseUP VPN & BetterNet VPN. <– I have recommended these to countless users over the last year and have not heard one negative thing about either.
– Download RiseUp VPN: https://help.riseup.net/en/vpn
– Download BetterNet VPN: https://www.betternet.co/
For those of you who are more advanced, or complete computer nerds, here is a tutorial on how to manually set up a VPN within your own computer. If done successfully, this will protect your computer better than any paid service and will offer more protection for your personal files: http://anonhq.com/how-to-manually-setup-vpn-on-pc-anondos/
CyberGhost offers a free and paid VPN service, however, I have heard from multiple Anonymous sources that not only is CyberGhost the easiest VPN to hack through, but it also regularly coordinates with the FBI.
This leads us to our next piece of advice, when selecting a VPN service, DO NOT SELECT ANY VPN BASED OUT OF THE UNITED STATES!
The reason for this is simple, its not that these companies are evil or offer an inferior product, it is because there is no containing the power of the United States government from within the United States. For example, in the US, a simple subpoena -which legally does not even have to be reviewed by a court or judge – is all that is required to force corporations and companies to overturn data and information to the federal government – under severe penalty of law. The FBI has even convinced US Congress to pass a new law, essentially criminalizing the use of security software – such as VPN’s – to take effect in the near future.
On the other hand, an international court made a landmark decision July 14th 2016 declaring that foreign companies do not have to comply with US warrants or requests for information stored on foreign servers/databases. So stay safe, protect your data and use a foreign based VPN.
Outside of the federal government, a VPN alone should be enough to protect you from the average person on the internet – 99% of ‘white hat hackers‘. But once you have one, you are ready for STEP 2: setting up some sort of proxy protection.
What is a Proxy?
A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other network services. A client connects to the proxy server, then requests a connection, file, or other resource available on a different server. The proxy provides the resource either by connecting to the specified server or by serving it from a cache. In some cases, the proxy may alter the client’s request or the server’s response for various purposes.
There are different ways you can go about creating a proxy. The most most simple way is to use a browser with built in proxy protection – many people have traditionally used the Tor browser for this.
A proxy browser is helpful because it will conceal the IP of your computer on whatever web site you are using. If someone is trying to log your IP on a site, or the site you are using logs your IP, they will pick up the Tor exit node your computer is using at that particular time, not your personal IP. If someone is able to crack through the Tor proxy, which almost no one is capable of doing outside of federal governments, they will still end up having to face your VPN. So, if you sign into your VPN first, then proxy second, the proxy browser will protect your VPN. In this way, it creates a duel level protection.
Previously, it was discovered that the FBI was able to exploit the Tor Browser through a hole in the flash player. This has now been patched and the latest version of the browser was released June 2016.
Download Here: http://news.softpedia.com/news/tor-browser-integrates-tool-to-fend-off-deanonymization-exploits-505418.shtml?utm_content=buffer2791f&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
Tor has been struggling a bit in recent times. Earlier this year, the FBI launched a War on encryption, using federal courts to force tech companies to install back-doors on encryption protocol. Rulings to which the FBI promised to continue to use the courts systems to defeat encryption rights. In response to these developments, the Tor Project announced if they were ever forced by the court systems to overturn their encryption protocol, they would shut down the network altogether rather then comply. A scary thought for privacy advocates
This June, the Tor Project got a new board of directors after sexual abuse scandal and less than week after this, the Tor Project announced that one of the core contributors to the Project was leaving and shutting down critical servers – destroying key, trusted exit nodes in the process. Then, this July, news was released revealing how well over 100 Tor exit nodes have been designated for the sole purpose of tracking/monitoring deep web users.
These events came on the heels of MIT announcing they have developed a superior, safer network alternative to the Tor network. Needless to say, it may be time to start looking for alternatives to Tor and many already have.
One of these recent alternatives can be found in the Opera browser. Opera has been less popular over recent years, but it has been redesigned in 2016 and now offers its own built in VPN. Opera now also offers an incognito mode, similar to Mozilla, which does not record cookies or browser history once turned on. More and more Internet users are making the switch to Opera, mainly because of their new VPN.
Find Other Free Browser’s With Built In Proxy Protection Here: http://www.omgtop5.com/proxy-browsers-for-windows/
So, now that you have your VPN and proxy browser. With STEP 3, you can add on proxy chain.
The longer the chain the longer/harder it will take for anyone who wants to hack into you. Every proxy that a hacker can bypass will lead them straight to another proxy address which leads to another, so on and so forth. If someone can somehow get through all of them, they end up at your browser proxy, then VPN – this is how proxy chains will add a third layer of protection.
It is rare to encounter proxy chains, but for this same reason, it is much more effective than a standalone VPN. Let it be noted, mush like with paid VPN services, if you pay for a proxy chain, you get what your pay for. If you are interested, here are some links to teach you how to manually set up your own proxies for free:
– How To Proxy Chain Using Internet Explorer and Tor: http://resources.infosecinstitute.com/proxy-chaining/
– Add Proxy’s With FoxyProxy for Mozilla: https://www.youtube.com/watch?v=mM-soqYrdVg
– Alternative Tutorial: Creating Proxy Chains: http://tech-blog10.blogspot.com/2011/09/proxy-chaininguse-multiple-proxies-to.html
Now that you have all the outside protections in place, you are going to want some internal protection. Believe it or not, even with a VPN and proxy, your computer may still leak your IP to web sites. This is done through something known as the WebRTC, which makes a “real time connection” to each web site you visit. Even with protections turned on, this “connection” can be made, and depending on the site or configuration, will leak your IP – undermining your VPN and making it useless.
STEP 4, You are going to need to install something to Disable WebRTC. This will be free and easy.
Disable WebRTC for Firefox: https://addons.mozilla.org/en-us/firefox/addon/happy-bonobo-disable-webrtc/
Internet Explorer, Tor and Safari do not enable WebRTC – yet.
**WARNING: There was an app available to block WebRTC from Google Chrome but it has been deleted by google and you will be vulnerable on that browser. Ditch Chrome and Gmail altogether if you care at all about protecting your privacy. See alternative emails lists further down the article**
To Test If Your Browser Is Leaking Your IP through WebRTC Test Here: https://www.browserleaks.com/webrtc
STEP 5: This next bit may not be completely necessary and may make browsing the Internet annoying until you get used to it, but it does serve as a last line of defense either way. So, if you want lock tight security, you are going to want a Java Script blocker. No Script is a free open source java blocker, which allows your to peal back java script on websites, layer by layer. You can customize settings for every unique website you enter easily with just the click of a button.
Install No Script: https://noscript.net/
Additionally, to get rid of all those pesky advertisements, install AdBlock Plus: https://adblockplus.org/
Safer Alternatives To Gmail
Ghostmail. This service allows you to sign up to an encrypted email service. The server is located in Switzerland and offers free end to end encryption on all emails. The service also has a built in “self destruct mode” which, when turned on, will automatically delete any message after it has been read – Mission Impossible stye. At no point in signing up for this service are you asked to confirm anything or give away any personal information. Sign Up Here: www.ghostmail.com
ProtonMail. Another service offering free end to end encryption who’s services are located in Switzerland – outside of US laws and jurisdiction. Like Ghostmail, at no point in time are you asked for any personal information. If you are a fan of the Television show “Mr. Robot” this is Elliot’s email of choice. Sign Up Here: https://protonmail.com/
Tutanota. This is another free encrypted email service that has become quite popular in recent times. Earlier this year, Tutanota surpassed 1 million accounts, becoming the largest online encrypted email service on the internet. Tutanota makes their encryption code open source so security experts can confirm the level of security they will be receiving. Sign up Here: https://tutanota.com/
** WARNING: Never open an email from a sender you do not know. It might seem harmless, but the simple act of opening an email can send the IP Address of your computer to the sender of that email. It is extremely simple for a hacker/phisher to set this up **
Always use caution when clicking on links in an email, online chat, social networking posts, even from someone you may know, but particularly by sources you do not. Clicking on a link that appears to be benign in nature may in fact contain embedded malware or IP loggers that can compromise your computer. Once compromised, the data on your computer can be exploited and even your computer can be remotely operated as a surrogate in online attacks against others.
– Test Hyperlink URL’s Before You Click for Malicious/Hidden Content: http://onlinelinkscan.com/
– Test Recent Downloads for Malicious Content: https://virscan.org/
**If you find that you have downloaded something malicious and own a windows computer, go to start/system restore/select a date prior to the download and reset your system. This will reboot your system to a time before it was effected by the virus**
Always make sure that your firewalls are turned on, your anti-virus software is up to date and you have disabled remote access connection to your computer.
Use CCleaner on a (fairly) regular basis. This is a free disk cleaner tool “on steroids”. It works by searching for and deleting useless files on your computer, thus freeing up your hard-drive. As explained by How-To-Geek, “it will also erase your browser history, cookies, and cache files for any browsers you have installed — Internet Explorer, Firefox, Chrome, even Opera. It will even erase the cookie data stored by your Flash Player. It will even wipe out other potentially privacy-risking data, such as the list of recently opened file names in Microsoft Word, Adobe Reader, Windows Media Player, VLC media player, and other common Windows applications.”
Please note, if you use CCleaner, you should save or write down all the passwords to your online accounts before using. You would be surprised how much information the internet and your computer remembers about you – until every bit of it is deleted.
Download CCleaner: http://www.softpedia.com/get/Security/Secure-cleaning/CCleaner.shtml
How To Keep an Anonymous Identity On The Internet
Invent an alias, a surname if you will, with a name of your choice. Go and register this name with one of the email service providers located above. Use this new email to register any new Twitter, Facebook, Instagram, et cetera accounts. Be sure to clear all browser cookies before using this alias, or better yet, use a different web browser for your anonymous identity than you would use for your more typical internet activity. If you can not remember passwords or account information for this, store then in an encrypted file (encryption tutorials located further down the article).
Hide your profile from search engines. This can be accomplished by going to the Account/Privacy Settings/ Search and unchecking the “Public Search Results” box. This will remove your public preview from Google, Bing, and Yahoo search returns.
How To Kick Someone From Your Computer
If you ever sense that someone is on your computer, you can use the following sequence to boot them off your computer, at least temporarily. You can use the command in bold on a regular basis. It will not disrupt your Internet connection.
- Open cmd window
- title Hacker (press enter)
- color a (enter)
- echo off (enter)
- cls (enter)
- ipconfig/flushdns (enter)
- ipconfig/release (enter)
- ipconfig/renew (enter)
If you want to try and find the IP address of that person on your computer open cmd and use: netstat -n or netstat -an or netstat -anp.
– cmd Commands Encyclopedia for Windows: https://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx?mfr=true
– Linux Bash Commands Encyclopedia: http://ss64.com/bash/
– Terminal Commands Encyclopedia for Mac: http://ss64.com/osx/
– DOS Commands Encyclopedia: http://www.computerhope.com/msdos.htm#02
Additional Safety Tips/Advice
How To Make Your PC Safe | By: Anon.Dos: http://anonhq.com/make-pc-safe/
How To Encrypt Your Hard Drive: http://www.pcworld.com/article/153826/data_encryption_tools.html
Learn To Encrypt Your Files on Windows, Linux & Mac: http://www.howtogeek.com/195124/how-to-easily-encrypt-files-on-windows-linux-and-mac-os-x/
Enable BIOS Protection For Added Security: http://www.pcworld.com/article/158292/Enable_BIOS_Passwords_for_Extra_Security.html
Learn To Create Un-Hackable Passwords: http://www.inscribd.com/how-to-create-an-unhackable-password-youll-remember/
How To Secure Your Windows Phone: https://ghostbin.com/paste/vromn
How To Secure Your Android Phone: https://ghostbin.com/paste/oehzj
Iphone Encryption Advice From Edward Snowden: https://theintercept.com/2016/02/18/passcodes-that-can-defeat-fbi-ios-backdoor/
If you care about privacy and protection, here is why you may want to learn to make a switch from Windows to run a Linux OS: http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html
For complete security, download the Linux based TAILS OS: http://news.softpedia.com/news/tails-2-4-edward-snowden-s-favorite-anonymous-live-cd-brings-tor-browser-6-0-504942.shtml?utm_content=buffere4b90&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
Installing The Anonymous Operating System: https://anonguide.cyberguerrilla.org/
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (Anonymous Security Guide 2.0) is a free and open source. You have permission to republish this article using a creative commons license with attribution to the author and AnonHQ. Join the conversations at www.anonboards.com.