How to Live Free in an Unfree Internet
by DataPacRat
datapacrat@datapacrat.com
Attribute to L. Neil Smith’s The Libertarian Enterprise
As the Americans learned so painfully in Earth’s final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master.
— Commissioner Pravin Lal, “U.N. Declaration of Rights”
Sid Meier’s Alpha Centauri
Given the nature of most governments worldwide, the only way to say certain things without risk of being arrested (or worse) is to do so anonymously, in a way that cannot be traced to your physical self. However, in order to have what you say be paid attention to, you also need to be able to say more than one thing, and have those things tied to a single identity: a pseudonym. Almost everyone on the internet has some ‘handle’; the hard part is having a pseudonym that allows you to remain anonymous.
Here are a list of steps that will allow you to have a reasonably anonymous pseudonym, allowing you to fully exercise your right to free speech, and proof against anything short of investigation by a Three-Letter Agency… and, as long as you avoid doing anything in real-life to tie yourself to your pseudonym, which would give them some reason to consider you as potentially being linked to your pseudonym, providing reasonable protection even against that.
Step 1: Have a clean computer
The easiest way is to make sure your own computer is free of viruses, trojans, and other malware with a firewall, regular scans, and ad-blockers in your browser (for Firefox, these include Adblock Plus, NoScript, Flashblock, RequestPolicy, and GhostScript) to prevent drive-by infections. Another option is to use a LiveCD (such as TheAmnesic Incognito Live System), simply bypassing any infections on your computer by using a read-only OS.
Step 2: Truecrypt
This is a rather marvellous piece of software. Not only does it allow you to keep a collection of files encrypted, preventing people from casually reading your data, but its ‘hidden volume’ function means that a single file can contain two separate encrypted volumes — and if you don’t give away your password to the second volume, there is no way to prove whether or not a second volume exists at all. This means that even if somebody tries to use rubber-hose cryptanalysis on you, you can give the password to the first volume (in which you might have placed something somewhat embarrassing but not truly incriminating, such as some sort of exotic pornography). For added fun, you might have several different Truecrypt files, at least some of which do not have any second volumes at all. Truly dedicated freedom-lovers will investigate the latest neurology research on techniques for forgetting things, so that with a bit of time, you can forget any passwords for second volumes you had.
Some governments insist on copying the contents of whatever computers or physical media are in your possession when you cross their borders. One way to get around this is to place a TrueCrypt volume on an online filehosting service, similar to DropBox, and only carry an essentially blank computer around with you, downloading the TrueCrypt volume containing your private data when you need it.
Step 3: Tor
If someone has access to networking data, or one of the websites you visit, then it is possible to trace the connection back to your physical computer. Tor uses several clever techniques to create a network of computers bouncing packets between each other so that such traces will only reveal that someone using Tor connected to the site.
Step 4: GPG
This is what allows you to not just be anonymous, but pseudonymous. Through something called ‘public key cryptography’, by making a ‘public key’ available on a public keyserver, it is possible to use your ‘private key’ to digitally sign a message as provably being from a particular identity. GPG also allows you to encrypt outgoing email; this, combined with Tor to prevent being traced, allows you to use any free email provider, such as GMail, Yahoo, or Hotmail, as a secure communications channel. GPG becomes much more convenient to use when accessed through Thunderbird Portable with the Enigmail addon.
Step 5: Bitcoin
This is currently the most anonymous available online medium of monetary exchange. There are those who disparage various aspects of it, but if you’re not trying to ‘mine’ bitcoins or hoard them in hopes their value will increase, but simply use one of the available exchanges to buy and sell bitcoins as you need them, it is possible to engage in online commerce as your pseudonym without those transactions being traceable to your physical identity. (There are, of course, certain common-sense caveats; if your pseudonym is paid 742 Bitcoins, and then you immediately use an exchange to sell 742 Bitcoins for physical US Dollars, certain observers will probably notice the correlation.)
Step 6: Prepare for your mistakes
Once you have all of the above tools, and you use them right, then you will have the ability to do just about anything you wish online without those actions being traced back to your physical self.
You are not always going to use them right.
You might accidentally connect to your email account over a normal internet connection rather than Tor, or you might say something as your pseudonym which reveals an important detail about yourself. It takes practice before proper security habits can become ingrained enough to get reduce these risks — and since the only way to practice these techniques is to use them, then in order to get your mistakes out of the way in a harmless manner, you’ll want to set up a ‘practice pseudonym’. Use it to get the hang of these tools, but since you know in advance that you’re going to do things that will connect this identity to your physical self, don’t use it for anything which would get your local government annoyed with you.
After a few months of practice, during which you will have learned important details not covered in this summary (including keysizes, browser fingerprints, and scrubbing EXIF data), you will, finally, have the full power of anonymity and pseudonymity at your command, and will, finally, be able to fully exercise your right to freedom of expression.
Leave a Reply