OK

In these frightening times when the American government is spending untold billions spying on its citizens and where the PATRIOT Act continues to infringe on civil liberties, I thought I'd share with you some of what I've learned about personal protection.

Before I begin, let me first say that everything I am telling you comes from public sources and I am not telling you anything new.  Secondly, this information is not intended to be used to hide or mask criminal activities.

The primary purpose of writing this article is to educate you as well as provide some help in keeping your activities anonymous and keep your name off of governments watch lists and help protect you from malicious internet users.

ISP = Who Am I - Every time you're logged onto the internet, your computer is assigned a sort of "nickname" called an ISP address.  The ISP parts means "Internet Service Provider" and that is the people who you are dialing, cabled to or using to access the internet.

What does your ISP reveal about you? Well if you go to this website, it will show you.  Mine shows that I'm coming from Bucharest Romania, which isn't true as I'm in a different city.  But it does show the name of my ISP and where their office is located, which is accurate.

Every single time you visit a website, they see this ISP address and they see the information about yourself that you just saw.  It doesn't list your name and home address but if you're connecting from work, they can narrow down fairly well which company or agency of the government you're working for.

There was a recent scandal involving members of the House and Senate (or their staffers) editing Wikipedia articles about themselves.  Wikinews used the ISP addresses to track the people who edited the articles back to the people who did it in a remarkable feat of citizen journalism.

Usually when you log onto the internet, your ISP assigns you a slightly different ISP every time.  Do not think that this happens on a daily basis however - sometimes the ISP addresses are rotated once a month or even less frequently.  Anyone trying to track your ISP address can assemble a list of all the places you've been, which may include places where you've accessed sensitive stuff (like bank records), private places you don't want anyone to see (like porn or software theft sites) or websites with controversial or partisan material.

Let's say your ISP address is 100.100.100.100 for a month.  Getting access to search records (like those on Yahoo or AOL) can see that this ISP address checked BBC News, Daily Kos, Bank of America and Young Naked Teens websites.  If you're using your company computer, a malicious person could cause you some trouble.  If it's the government monitoring you, they will get an idea of what kind of person you are (or are presumed to be).  That's what data mining software does - enormous amounts of data are sifted to reveal "suspicious" activities or actions.

Be aware that your ISP address is also revealed whenever you send email from most programs, especially Microsoft's Outlook.  When you use your browser to send email like Hotmail directly from the webpage, then your ISP address is not revealed.  Using other programs like Instant Message software ALSO broadcasts your ISP address.

Anonymous Surfing - It's very possible to hide or "mask" your ISP.  I had to do it this week for a legitimate purpose.  You can use what are called "proxy servers".  Essentially this means you connect your computer to a proxy, which has a different ISP, and all your web searches are done via the proxy ISP address.  So if your real ISP address is 100.100.100.100 and you log onto a proxy server address with 200.200.200.200, then all the websites you visit will register you as the 200 ISP not your real one.

You can also "daisy chain" proxy servers, linking to proxy server 1 then going to proxy server 2 then going to proxy server 3 then going from there to surf the internet.  If that sounds slightly complicated, it is.  Luckily there are both software programs and websites which will do all the technical work for you.

Go visit a website like Cloak-It and then visit this website again.  You'll notice that the information is dramatically different.  There are software programs to let you use proxy servers automatically, including daisy chaining them as well as switching your proxy server every 5 minutes.

Be aware however that your internet provider, the company you're connecting to, ALWAYS knows what you're doing.  Even if you are successfully masking yourself or hiding your real ISP address from other websites, the company you're using to log onto the internet knows exactly who you are and where you're going.  And under the PATRIOT Act and other legislation, they can and DO give this information to the government upon request.

When I say "request" I mean it's as simple as an oral request or one faxed in to the company.  I've written many such faxes and it takes just a moment to get the information and there's no warrant necessary.  And trust me, the internet provider has everything you've ever done including all the emails you've ever written.

But for the government to get this information it has to go to the effort of directly requesting it.  Surfing anonymously protects you from data mining programs, not from direct government surveillance.

The only way to truly use the internet in an anonymous way is to use a public computer, such as those in the library, or else to connect to a wireless internet via someone else's account.  These can be lawful, such as those "hot spots" provided by coffee shops or else illegally, such as using your neighbor's wireless internet.  Since that is unethical, I won't tell you how to do that.

If you yourself are using a legitimate wireless connection to get on the internet, make sure you are protected, otherwise someone else may be able to log into the internet.  And all of their actions will look exactly like you are the one doing it.

Viruses, Trojan Horses, etc - There are a number of malicious programs out there, often called viruses, worms, Trojan Horses, etc. whose sole job is to get onto your computer and do something you don't want done.  Sometimes these programs execute relatively harmless "pranks".  Much more often however they are used to turn your computer into a re-broadcaster of the malicious program.

Some of these programs are called "malware" from the Latin root for "evil".  Sometimes they use your computer to send out millions of spam emails or use your computer's brain to run complex programs that are cracking passwords.  Other programs actually let someone else remotely control your computer, which is especially dangerous as they can record and view you using your credit card to purchase things online or access sensitive stuff like bank records.

Sometimes these programs are sent to you (intentionally or accidentally) via emails.  Others sneak onto your computer when you visit certain websites, as they trick your computer into thinking you gave permission to download them.  Others look like innocent games or "clean" software, tricking you into downloading them.  The point is, if you don't recognize the email sender, if you don't trust the webpage you're on and if you're not sure about something, don't download it.

How can you protect yourself? Well the first thing you need to do is make sure your computer is clean.  You need up to date anti-virus software that's running all the time.  You also need programs which check for "spybots", "adware" or "malware".  I myself use Avast!, Spybot Search & Destroy and Ad-Aware, all of which are available free for personal use.  These three types of programs will help keep your computer free of any unwanted programs monitoring you, spying on you and selling your data to other spammers and criminals.

What about a firewall?  A firewall is a program which is like a shield between the internet and your computer.  Once your computer is clean of unwanted software, it's time to install a firewall.  Many malicious hackers take advantate of open "ports" or parts of your connection to the internet to sneak software into your computer.  I had over 1,000 attempted attacks on my computer blocked within 24 hours of installing my firewall.  If you don't use a firewall then I recommend you immediately start using one.

There are a number of free ones out there for personal use.  I myself use Zone Alarm.  It's a little tricky to set up and understand for the computer beginner but don't let it intimidate you.  Once it understands which of your programs are legitimate (like your browser) then it'll run very smoothly with little interruption to your regular internet use.

What About Emails? - As I already said, anyone receiving one of your emails will know exactly what your ISP address is unless you are hiding or masking that.  If you're writing to your grandmother, it's not such a big deal but there are other times when you might want people not to know that information.

Emails are not delivered in the same way a paper letter is.  A paper letter goes from you to your post office to another post office to another person who sticks it into a mailbox.  The letter itself is moved around but it remains whole while in transit.

If an email were a paper letter, then it would be delivered by you whole to your post office (internet provider) then cut up into little tiny strips.  One strip would be mailed to Houston, another strip mailed to South Africa, another to Cambodia.  Finally all the strips are sent to the last post office, which re-assembles them into an email.

If an email were a paper letter, then the envelope would be removed as soon as it got to the post office and the contents easily viewable by anyone who handled the letter in transit.  If you're mailing Grandma, then it's probably not such a big deal.  But if you're revealing sensitive or private information, you might not want people to read it.

One solution is called encryption.  Essentially this means you scramble the contents of the email into meaningless garbage before you even take it to the post office (internet provider).  It's the sent to the recipient in the normal, unprotected way but anyone who sees it will just see scrambled nonsense.  The person on the other end has the key to de-scramble your email and so only they will be able to read it.

This is a little complicated but again there are software programs which will do all the work for you, including some that cost very little or are free.  If you're communicating with someone and want to keep it private from the government or criminals, you should be using encrypted email.

But what if you're not writing to your super secret buddy?  What if you want to write a completely anonymous email to someone?  Well there are also anonymous email software programs and anonymous web email hosts.  For free or for a low fee, they'll let you receive and send email that doesn't have any connection to you or your ISP address.  Of course, as always your internet company knows everything you're doing but if you encrypt the email before sending it, they CANNOT read it.

What about keeping spammers off your back? Sometimes you have to use an email address to sign up for mailing lists and maybe you want to give them a fake address that actually works.  I recommend that everyone give fake email addresses anytime you're not directly corresponding with a person, i.e. for website and mailing list registrations.

A completely free and easy to use website that will do this for you is Spam Gourmet.  It takes 2 minutes to set up and you will have an unlimited supply of fake email addresses to give out which actually work while shielding the other person from knowing your real email address.

What Are Cookies? - Well this kind is not for eating.  Just about every websit you visit nowadays wants to put a "cookie" in your web browser.  It's a little data files that lets the website recognize you.  For example, if you regularly visit a website like Daily Kos, a cookie is a good thing because it will recognize me as "soj" and I don't have to even enter my password to log on and it has all my settings just the way I like them.

However all those other hundreds or thousands of websites you're visiting will be tracking you with a cookie as well, if you let them.  For a great introduction and explanation of what cookies are, see here.  You can make adjustments in your browser to determine which websites have permission to use "cookies".  My recommendation to you is do not let ANY website you do not trust set a cookie.

Tracking Files - Your computer, especially if it uses a Microsoft operation system, keeps THOUSANDS of files listing where you've been and what you've been doing.  Sometimes this is useful, for example the "History" function of your browser, if you're trying to figure out where that article you read was yesterday or last week.

I will tell you right now that clicking to "erase" your history and visited webpages log does NOT actually erase those files.  Microsoft Windows (all versions) keeps a super secret log of these in a location that you cannot even view (and therefore delete) from Windows itself.  The only way to erase them is to go into the DOS mode directly and find them, and you've got to know where they're located.  The first time I did this I found something like 20,000 webpages listed there that I had visited and thought were "deleted".

Your boss, your jealous spouse or partner, your coworker, the government or a malicious hacker can find these files if they want to even if you can't.  Finding and deleting them takes some real computer savvy but luckily there are programs which will delete these files (for real) for you.  See here for a list of free programs you can use.

I highly recommend that you use software to remove these files even if you live alone and have "nothing to hide".  There are always malicious programs out there that could get on your computer and access this data, and some webpage URL's unfortunately contain personal information that you wouldn't want someone else to have.

Deleting Other Files - Just because you click "delete" on any file doesn't mean it's actually deleted.  If I decide to delete a program on my computer called RomTalk for instance, the computer doesn't actually look on its hard drive and erase anything.  All the computer will do is say, "hey remember where RomTalk was? Now it's ok to store new data there".

This means that someone else can look on your computer and find most of what you thought you deleted - often enough is left over to completely re-assemble the files!  You might want to sell or donate a computer to someone and if your files are not really and truly erased, that information can be recovered.  For a list of free programs to help you TRULY delete those files, see here.

Note: Just because you hit "delete" in most email programs doesn't mean that the file is actually deleted.  It's often stored in a hidden area in case you want to "un-delete" it.  If you're using Outlook, click on "Compact Mailbox" as this will actually delete the emails you want deleted.  Of course the deleted emails can be re-assembled unless you use a program that truly deletes files.

Phone Calls - I want to say a couple of words about phones.  To begin with, any "land line" or home phone connected to the wall with a wire is under the full control of your telephone company.  The main landline companies have more or less admitted that they let the NSA tap into these lines so never use them for anything you want to be kept completely anonymous.  The telephone company might not record the conversation itself but they will definitely track which numbers you're calling and for how long you spoke.

Your cell phone company is more or less doing the same thing.  Depending on how dense the population is where you use your cell phone, they can also track your physical locations to within a certain degree of precision.  A recent court case "won" by the federal governement stated that they can ask the cell phone company to provide logs of your physical location with no warrant necessary.

Even if you're not talking on your phone, as long as it is powered on, it is communicating with the nearest tower.  Therefore whenever it is turned on, the company has a rough estimate of where the phone is.

The FCC has mandated that all new cell phones be equipped with a GPS chip that broadcasts your EXACT location when you call 911 for an emergency.  Some of these newer phone only broadcast the GPS location when you call 911 while others broadcast it all the time.  This means that your location can be tracked much more accurately than ever before and again, the gov't needs no warrant to get this information.

This means that a completely innocent person might be shopping in a store that's nearby to a protest that the government has under surveillance.  If the GPS locator on the phone places the person "at" or near the protest, they might get swept up into one of those secret databases.  Again, this is a feature only in the newer phones and you should always check before buying a new phone to see whether it has this GPS locater feature.

One option for anonymous calls is to buy a pre-paid cell phone with cash.  These are still tracked and logged by the various cell phone companies but the difference is that they do not have a name to go along with those records.  These phones can also be tracked by location whenever they're powered on as well.

Let me also add here that it's incredibly easy to listen in on other people's cell phone (and wireless home phone) conversations.  I've done it myself without any secret spy equipment.  Most cell phones, including "digital" ones, broadcast an open radio signal in the 800 to 900 MHz range.  I used to amaze my friends by using my equipment to listen in on their phone calls.

I should add that this is actually illegal to do in most states so check with local laws before even thinking about doing it.  I am telling you about it so you are aware that anyone in physical proximity to either your phone or the cell phone tower you're using can listen in.  I did my surveillance with an old scanner.  Scanners sold today are blocked from certain frequencies (including these) but you can either defeat these mechanisms using a bit of solder or else buying older models at ham radio swap meets.

Ham radio enthusiasts often conduct "fox hunting" exercises, in which two separate antennas (or a moving antenna) are used to find the source of a radio broadcast using triangulation.  Anyone who has a sincere interest in finding your EXACT location while you're speaking on the cell phone can do so using this method.  I've seen the FBI do it and it takes about 5 minutes if you've got the right equipment and computing power.

The other option for anonymous phone calls remains the public phone.  There are Fourth Amendment protections given to people who use public pay phones but in this day and age that protection might have been weakened.  Plus it's getting increasingly difficult to even find public pay phones.

There is one other option to make a semi-anonymous phone call and surprisingly, it involves the internet.  It's a technology called VOIP and involves using your computer to connect to the internet to make a phone call.

There is new legislation from the federal government to force VOIP providers to provide the government the same detailed information (without a warrant) that your home phone and cell phone providers do.  Right now however that is still being battled out in the courts so you still have a chance to make anonymous calls.

Currently, the regulations in Europe are MUCH less intrusive than in the United States.  Therefore it might be best to use a European VOIP provider to make phone calls although this could be a little expensive if you're mostly calling the United States.

Furthermore, there are companies (like Net2Phone) which sell pre-paid cards to use VOIP to make phone calls.  Since these can often be bought for cash, it's probably the single best way to make truly anonymous phone calls.  That being said, the VOIP protocol is not exceptionally secure from hacking and there have been cases where malicious people have been able to intercept or eavesdrop on VOIP calls.

Probably the all-time best way to use VOIP to conduct an anonymous phone call is by using amateur (ham) radios to enter a repeater network.  Essentially you have a radio in your house, which connects to an antenna, which is bounced to a repeater station, which broadcasts to an internet connection, which make a phone call.  This takes some pretty sophisticated know-how and a license to use the radio equipment involved.  It is however one of the cheapest ways to make international calls.

Hopefully the above will help you understand how to keep your privacy intact and other people out of your personal life.

This is cross-posted from Flogging the Simian

Peace

Originally posted to Soj on Sat Feb 11, 2006 at 09:06 AM PST.

EMAIL TO A FRIEND X
Your Email has been sent.