How to be Anonymous Online (3 page)

To see how well you have minimized your digital fingerprint, visit
https://panopticlick.eff.org
and click the
Test Me
button. Visit it from Windows, Tails DVD, Tails USB with JavaScript enabled, disabled, etc. Compare your various results and see which options leave you with and without a unique digital fingerprint.

Remember when I told you that you could use someone else’s computer without them knowing? Tails is how. When a computer boots from Tails it circumvents Windows and the computer's hard drive (in fact, you can remove the hard drive and still use Tails). Instead, it runs as its own operating system, utilizing only the computer's RAM. At shutdown, even if you eject the Tails DVD or remove the USB flash drive while the system is running, Tails wipes the RAM.

When using a computer other than my own, I only use the Flash Drive or Micro SD card in its USB adapter. The reason being, I do not have to worry about the Flash Drive getting stuck inside the computer when I need to do a quick bailout. I can just yank it and go. Even if I need the Plop Boot Manager DVD to boot, I can remove it as soon as Tails starts.

Anonymity is always under threat. As such, you need to verify that you are securely connected to the Tor network, and you must stay current on Tor news. Every time you go online, the first websites to visit are:

1. https://check.torproject.org/
   
2. https://panopticlick.eff.org/
   
3. https://blog.torproject.org/
   
4. http://slashdot.org
   and search “Tor”
   
5. https://search.disconnect.me/
   , search “Tor”, and then click “News”
   

News of a Tails or Tor exploit will travel fast. You do not want to find out when it is too late.

In this section, you will upgrade Tails. Unlike just about everyone else, you will not leave yourself vulnerable to a security breach during the upgrade. I cannot stress how important it is to upgrade Tails properly. Once upgraded, you can go stand outside Labor Camp 16's fence and wave to all those people that said, "just download and install Tails." Since they did not follow these steps, they installed Kim Jong-Un's decoy program, Twails.

You are going to use PGP encryption to authenticate this upgrade. In the next section, I will fully explain PGP, but, for now, just follow these steps to get through the upgrade. This way, once you get to the next section and start making encryption keys you will know you are working within an authentic system.

1. Boot from your Tails Flash Drive or MicroSD card and login with Persistence enabled
   
2. Once in Tails, go online and visit the website
   https://tails.boum.org/download
   

The Tails website offers plenty of information about authentication, but, it ain't easy. I am going to make the process more “keep it simple stupid” like.

1. You need to download three files from this page. They are easy to find, but you may still have to look around (all the links will be in green rectangular boxes)...
   

• First, download “
  Tails x.xx ISO image
  ” (Click the “
  Tails x.xx ISO image
  ”
  box, and then cli
  ck
  Save File
  and
  OK.
  Then choose
  Persistent
  from the “Save in folder” drop-down menu and
  Save
  .
  

• Second, download “
  Tails x.xx signature
  ” to your Persistent folder
  
• Third, download “
  Tails signing key
  ”
  to your Persistent folder
  

At this point, you should be downloading the files “
tails-i386-x.xx.iso
”, “
tails-signing.key
”, and either “
tails-i386-x.xx.iso.sig
” OR “
tails.i386-x.xx.iso.pgp
”

You need to wait for all three files to download before continuing to step 4. That could take a few hours, sorry.

1. Verify if “
   tails-signing.key
   ” is authentic. This step is a little erratic yet VERY IMPORTANT!
   

• In your
  Persistent
  folder, right-click
  tails-signing.key
  and choose
  Open With > gedit
  
• You should now see the text of the
  Tails PGP
  Public Key
  
• To verify that this is the real key, not a decoy, you have to check it against other sources. Think of it as trying to figure out if someone is lying to you. If one person says he did not do it, but 20 witnesses say he did do it, he probably did it. To corroborate a signing key, you have to find other sources that agree it is authentic
  
• Organizations change keys sometimes. However, as of August 1, 2015, the Tails key I have starts out with mQINBEytkvQBEAC3G9iFTj… and so on. I believe this is the authentic key. If this matches your key, then I believe you also have the authentic key (I will show you better ways to authenticate a key in the next section)
  
• Once the key text checks out, you can close it
  

F.Y.I., in Windows, you can open a .key, .sig or .pgp file in Notepad.

1. Now you will authenticate Tails
   

• Right-click the
  tails-signing.key
  file and select
  Open with Import Key
  . A “
  Key Imported
  ” message will briefly appear at the top right of your screen.
  
• In step 3, you either downloaded
  tails-i386-x.xx.iso.sig
  or
  tails-i386-x.xx.iso.pgp
  . If you have the “
  .pgp
  ” version of the file, rename it as a “.
  sig
  ” file (right-click
  tails-i386-x.xx.iso.pgp
  , select
  Rename
  and replace “.pgp” with “.sig”
  ).
  
• Right-click
  tails-i386-x.xx.iso.sig
  and select
  Open with Verify Signature
  . A “Verifying” window will open. Just wait a minute, or so.
  
• A “
  tails-i386-x.xx.iso: Good Signature
  ” message will briefly appear at the top right of your screen when complete. If so, you have authenticated your Tails “.iso” file!
  

It is common for PGP files to end in “.asc” instead of “.sig”, “.key”, or “.pgp”. For any of these files, simply open them in gedit and the top line of the file's text will tell you if it is a Key, Signature, etc. That should save you a few headaches.

1. Now that you have authenticated your
   tails-i383-x.xx.iso
   file,
   you can burn it to a DVD-R
   

• Insert a Blank DVD-R into your system.
  
• Right-click “
  tails-i386-x.xx.iso
  ” and select “
  Open with Brasero
  ”.
  
• Your Tails ".iso" file is preselected. Choose your blank DVD-R from the "
  Select disc to write to
  ” drop-down menu. Click
  Burn.
  
• Go get some cheese, crackers and a glass of wine.
  
• Success! You have an up-to-date Tails DVD. Next, you will update your personal Tails Flash Drive or MicroSD card.
  

1. Restart your system, this time booting from your new, up-to-date Tails DVD. Just go all the way into Tails; you do not need to create an Administrator password at login.
   
2. Insert the same Tails Flash Drive or MicroSD card you have been using all along (Don’t worry; you are only updating it, not erasing it).
   
3. From the top toolbar, select
   Applications > Tails > Tails installer
   .
   
4. Select
   Clone & Upgrade
   
5. Choose your target device (it is probably preselected), click
   Create Live USB
   , a
   nd then
   Next
   
6. Once completed, you can boot from your up-to-date Tails Flash Drive or MicroSD card with your little secret Persistent world intact.
   

When starting Tails, if you choose
Yes
for
More Options
at the
Welcome to Tails
screen,
you are given the option to uncheck
Spoof all MAC addresses
and to use a
Bridge
to connect to Tor. Under almost all circumstances, you can
leave these settings unchanged.

MAC address spoofing
is a way of anonymizing your machine's identity within your local network. Spoofing can be a problem if your local network has restrictions that only allow connections from 'approved' machines. That could be the case within some office networks to increase security. Do not worry if you do not spoof your MAC address, it is not visible online like an IP address. It will only show a network administrator that your machine connected to the internet on a particular network at a particular time. It does not reveal your online activities.

A
Bridge
is an unlisted access point to the Tor network. Using a Bridge is necessary when a local network (like your office, coffee shop or internet service provider) blocks access to Tor by blacklisting known Tor servers. I talk more about Bridges in a few posts on my blog. You can read them at
https://howtobeanonymousonline.info/?s=bridges
.

The Tor Web Browser will not automatically open upon connecting to the internet. So...

1. Connect to an Ethernet cable or Wi-Fi network
   
2. Wait for a little
   Onion Icon
   to appear on the right half of the top toolbar. It will be yellow while it connects to the Tor network.
   Wait for it to turn Green
   .
   
3. Once the onion turns green, open your browser from
   Applications
   >
   Internet
   >
   Tor Browser
   or by clicking the
   Blue and Green Tor Icon
   on the left half of the top toolbar
   

To disable JavaScript, in the Tor Browser:

1. Click the Green Onion to the left of the address bar
   
2. Click
   Privacy and Security Settings...
   
3. S
   elect
   High
   
4. Click
   OK
   and you are finished
   

This also disables automatic loading of online custom fonts (an extra preventative measure to stop a website from determining fonts installed on your system)

Disabling Cookies: You no longer have the option of disabling all cookies. However, by default, Third-Party cookies are Disabled. These are the dangerous ones that track you from one site to another. First-Party cookies are Enabled, but, automatically deleted when no longer needed. These cookies only track you within the site that gave you the cookies. They are used, for example, to keep you logged into the site.

To disable automatic loading of online images (helpful to speed up browsing):

1. In the Tor browser URL address bar, type '
   about:config
   ' and hit
   Enter
   
2. Click the
   I'll be careful, I promise!
   button
   
3. Scroll down to the
   permissions.default.image
   line. Either double-click, or right-click it and select
   Modify
   
4. Change the
   integer value
   to “
   2
   ”
   
5. Click
   OK
   and you are finished
   

PGP allows you to encrypt messages. So, if you want to email a secret love note or favorite recipe without Kim Jong-Un fixing his hungry eyes upon it, type it into a little text file, encrypt it and send it.

PGP and GPG are pretty much the same. The difference between the two comes down to licensing and encryption algorithms that you probably will never notice. They are interoperable, so, using one will not leave you unable to communicate with someone that uses the other. Unless you are a mega uptight person, there is no need to distinguish between the two. I will refer to it all as PGP.

• .asc
  – t
  his extension is for a public PGP key file saved using the American Standard Code for Information Interchange character-encoding scheme, abbreviated ASCII (when you import or export a public PGP key the file name will be keyname.asc)
  
• .key
  – this can be the same as a .pgp, .gpg or .asc file (since they are the same,
  filename
  .key can be renamed
  filename
  .asc)
  
• .pgp
  – this extension is for a file that has been encrypted using PGP (if you encrypt
  filename
  .txt, the new file created will be named
  filename
  .txt.pgp)
  
• .gpg
  –
  this extension is for a file that has been encrypted using GPG. Just consider it the same as .pgp
  
• .sig
  – this extension is for a signature file (if you sign
  filename
  .txt, a second file,
  filename
  .txt.sig, will be created)