Episode 064 - How to create anonymous identities [Script & audio]
Added 2022-08-05 18:00:00 +0000 UTCThis is a text and audio version of my upcoming video tutorial on how to create anonymous identities.
Why anonymity
Using the Internet is like walking to a mall but much creepier. A mall is a private business that’s open to public to do their shopping and to businesses to set up stores.
When you use a website, it’s kind of like walking to a store at the mall, except, the store will know your home address whether or not you decide to buy anything. They will know your identity and employ agents to track down who you meet with and where you go as soon as you leave the store.
The Internet is a giant network of privately owned spaces open to public, where every participant knows the exact identity and location of one another and where corporate stalking is a perfectly legitimate business model.
Somehow the society decided this was completely fine. So now it is okay for insurance companies to raise your premiums based on what you buy at a local grocery store. Or consider you a low-value customer based on the neighborhood you live in.
If you are not okay with automated decisions being made about your every move, you should consider getting an anonymous identity. Anonymity is the most powerful mitigation strategy on a publicly observable network such as the Internet. It is the most direct path towards privacy.
Anonymity isn’t necessarily concerned with keeping your activities confidential. Rather it is to hide the link between whatever activities you do with your real life identity. This guide will tell you exactly what you need to know and do in order to create and maintain your very own anonymous identity.
Threat model
The Internet is a privacy nightmare because every action is by default identifiable and linkable. That means actions always lead to a unique location and/or account on the network and actions can built a profile over time.
Linkability and identifiability are your biggest privacy and anonymity threats on the Internet. For maximum anonymity, both of these threats need to be mitigated to the fullest extent possible.
This means in order for us to achieve anonymity, every action we take and service we sign up for must meet very specific criteria according to our threat model.
In order for a service to be unlikable:
- It must allow us to use one-time credentials and we must never re-use these credentials
- The credentials must not be used by the provider to track or log our behavior; especially tracking of our behavior outside of our anonymous identity.
- No real personal data shall be submitted throughout the entire use of the service
- The service must work even on an anonymous overlay network
- Providers of our services shall not share our data with third parties in a way that can lead to our identity
- They should retain as minimal data as possible and keep no identifiable logs
- It must be impossible for a future party to retrieve targeted data
Linkability can lead to identifiability which can lead to severe privacy violations. To mitigate identifiability on the Internet, you have to know and do the following:
- One-time credentials are not enough if they can identify us. The service we use has to support anonymous credentials. Pseudonyms, nicknames, aliases, random strings that have nothing do with our real name or location.
- The service should not have any prior knowledge about us. If it does we need to be extremely cautious and compartmentalize our identities.
- Account creation and use of the service must not require personal information and all content has to be encrypted with a key only the user can access
- The service must be fully functional over an anonymous overlay network or by the very least a reputable VPN.
- The provider must not share our data with third parties nor acquire additional data from external sources that can help them link our profile to our real identity.
- The service should retain as minimal data as possible, keep no identifiable logs and any retained data must be sufficiently de-identified. This is a very hard assumption so we should give the services as little functional information about us as legally permissible.
- It must be impossible for a future party to retrieve identified data; which means we have to carefully read privacy policies of our services to know how much of the harvested data could lead to our identity.
Don’t worry, I am here with no life and friends and I love nothing more than spending a portion of my life reading privacy policies to bring you this tutorial for free.
Mitigation
So now let’s mitigate all of the linkability and identifiability threats to our anonymous identity.
Our first step with any service will be to dissociate our account details from our personal information. The most common account identifiers are phone numbers and email addresses.
We need to count them into threat hotspots even if they are used just to confirm human verification to prevent spam accounts.
Anonymous phone number
I would advise against using any service that requires a phone number because it is going to be very difficult to create and burn new anonymous identities on as-needed basis.
Phone numbers can be obtained anonymously but you have to be in the right jurisdiction and know how to get an anonymous phone. If you live in a country where you can’t get a prepaid SIM card without submitting a government ID, you should avoid a service that requires a phone number. We will talk about those in a bit.
If you can obtain a SIM card without an ID registration, you need to purchase not only a new SIM card but also a new phone device. The purchase, activation and all use of this anonymous phone is only allowed to happen far enough away from your home or work address. If you insert a new SIM card into your personal phone, your phone’s carrier will immediately recognize your phone’s unique IMEI number and will associate the new SIM card with your personal identity and location. This is why you need both a new SIM and a new device. Any cheap one will work as long as you pay in cash in a physical store. I have an in-depth tutorial on how to be anonymous in the streets that is extremely relevant to this scenario if you need to obtain an anonymous phone number.
Don’t trust VoIP services as these aren’t anonymous nor private. They are mostly good at preventing spam abuse but the VoIP providers don’t allow anonymous accounts with numbers that actually work. For most services, VoIP numbers won’t work for account verification.
Anonymous email
An anonymous email address on the other hand, will serve us extremely well for multiple use cases. For our benchmark, we want a provider that allows us to create a service with no identifiable credentials, no personal data and permits signing up over the anonymous Tor network. This is necessary to prevent our ISP from knowing the websites of our service providers and to prevent the websites from knowing our true location.
The most often recommended free private email is ProtonMail, unfortunately too many times with an affiliate link. This is a problem because if you attempt to create a ProtonMail account over Tor, you will be slapped with a request for human verification by an SMS or an external email address in a lucky scenario. A third party captcha request or an external email will very likely be required even if you use a VPN. For this reason, I actually don’t recommend that you start with a ProtonMail account for anonymity. We should start with another free email provider that is much more suitable for our intentions and use it to sign up for other accounts, even ProtonMail.
This other private email is Tutanota. Based in Germany, this much less known email provider is also encrypted, but permits account creation over Tor. The only caveat is that you might get your account suspended for 48 hours if you exit from a node that got flagged for abuse. However, in most cases, you should just be able to wait it out and your account should be fully functional then. I have tested this many times and I always got my account automatically approved. If you create an account over a reputable VPN, it is very rare to get the 48-hour suspension.
Create an account
You can create your anonymous account in one of two ways. Both of these matter depending on your setup.
Tor Browser
If you want to create an anonymous account on your personal device, I recommend doing it through the Tor Browser. First, download Tor into your phone or laptop from the official app store or torproject.org. Then go to mail.tutanota.com and follow the instructions to create an account.
To make unidentifiable and unlikable credentials, I recommend creating a unique username-password combination with a password manager. I use KeepassXC because it doesn’t need an account to create a database. It is not advised to use a proprietary password manager with your platform such as Apple, Google or your web browser because you don’t want these platforms to track what websites you create accounts for. Use your private password manager to generate a unique string for the username as well as for the password to create credentials that are truly random and unlikable to you.
When you finish the setup, your account will either be open immediately or you will be slapped with the 48-hour suspension. If you don’t want to wait that long, I recommend creating an account over a VPN that you purchased anonymously. The only two I’d recommend are Mullvad or IVPN.
You can speed up the registration process if you opt for a paid account and use Bitcoin or Monero to obtain an anonymous gift card for Tutanota.
Now with your account created, before you do anything else, set up a second-factor authentication. Go to settings and add a new 2FA method. If you have a FIDO authentication key, this is a superior method. Alternatively you can use an authenticator app such as Aegis to generate one-time pass codes for your second factor. I am mentioning 2FA here but remember to enable second factor authentication for all of current and future your accounts.
Now we can use our Tutanota account to sign up for other services anonymously. Repeat the steps for ProtonMail registration and use your new Tutanota email address for verification if you really want to go for this service.
Native apps
There is a more secure way of creating these email accounts but this is where you really need walk the extra mile to protect your anonymous identities. If you use a native mobile app on an up-to-date phone, you will be in a much more secure environment than a browser on a laptop. There isn’t enough space to discuss all the details why that’s the case but what’s most important is that apps on your phone are properly signed and trusted on first use. This means it will be impossible for a threat actor to serve you a malicious client to decrypt your messages unless they send you a malicious update. This will be extremely difficult to do without full compliance from the provider. On a web browser, a website will send you code unsigned dynamically, which means every time you sign in, you are trusting the server isn’t compromised or malicious and there is no accountability even in case of malevolence.
The problem is that with mobile apps, you have to do a lot more to anonymize your account creation. By the very least, you should route your app traffic through Tor. This can be done with Orbot. When you install Orbot, launch it and select VPN mode and choose your Tutanota and ProtonMail apps. This will route their traffic through the anonymous Tor network and hide your location. You should torify the traffic of all of your anonymous accounts you will later intend to create.
If your intention is to create an anonymous account that can’t be linked to your personal activities, you should create a separate user profile where you install these apps from scratch. I recommend doing this on GrapheneOS because this setup is the most secure and private and user profiles are more isolated on GrapheneOS than anywhere else. Your phone will also be completely de-Googled giving you total control over what apps have access to what types of your data.
The second best option is to create a separate user profile on a stock Android phone, but this isolation isn’t gonna be as strong as on GrapheneOS.
The third best option is through work profiles, which can be done with an app like Shelter again on Android.
iPhones don’t offer profile separation features and it is virtually impossible to verifiably isolate profiles on iOS. I recommend a new device or switching to GrapheneOS.
A mobile setup is actually recommended if you also need to maintain high security and could have your anonymous identities targeted.
It is important that you download these apps as anonymously as possible. Strong anonymity can only be achieved on Android by downloading apps from the Aurora Store or F-Droid instead of the original Google Play Store app. Aurora will let you download Android apps without a Google account and if you do this in a separate user profile over Tor or a VPN connection, it will be completely anonymous.
Anonymous email alias service
Now that we have anonymous email accounts, we can take this to another level by creating one-time email aliases. There is a range of options to choose from, both paid and free ones.
With your anonymous Tutanota and/or ProtonMail accounts, you can sign up for a free email alias service. You have two options again, AnonAddy or SimpleLogin. They are both similar in their offering of free and premium accounts.
Here’s an important note about email aliases – service providers will have access to your email metadata and message content. That means they will be able to correlate what you use each email alias for. If there is any personal data flowing through these email aliases, the providers will be able to see it. The point of email aliases is not to use them for confidentiality but rather as throwaway addresses you can give to services you don’t care about in the log term.
If you want to go for a paid option, it might be most useful to purchase email aliases directly from Tutanota and ProtonMail. You will have to subscribe to a paid plan for a monthly fee to get more aliases.
If you are going to do this, don’t provide any personal billing details, so Paypal, debit card or bank transfers are out of the question. ProtonMail accepts cash and Tutanota accepts Monero, an anonymous cryptocurrency, to upgrade your plan. I recommend Tutanota with Monero as this is the fastest way to upgrade your anonymous account.
I don’t recommend Bitcoin for anonymous payments as Bitcoin is publicly traceable and companies are paid money for chain analysis to track down movements of every single Bitcoin transaction. It is more private to send cash or use Monero.
You can generate a new email alias for every specific use case. All the emails you receive will be in one unified inbox. This setup is useful if you want to compartmentalize your online accounts that you intend to run for the long term. What you can do with an email alias service is to have a unique alias for each new anonymous account you create for other services.
Anonymous accounts
There is a number of services worth trying to create an anonymous account for. There are services that will meet all of the prerequisites to mitigate all linkability and identifiability threats.
The completely anonymous accounts for real-time communication are Briar and OnionShare. It is unlikely your contacts will already use any of these so you will need to find a secure way to communicate your new details with them. For Briar, you can send your address to your contacts in an encrypted message with your anonymous encrypted email address. If you and your contacts both have Signal, then you can send your Briar address in a disappearing Signal message too.
OnionShare is interesting because it allows you to create ephemeral chat rooms that will be hosted anonymously on the Tor network and will completely disappear once you close them. All you need is to start a chat server and share your public address and a private key with your contacts. Your contact only needs to open this link and enter the private key from the Tor browser. No accounts are needed for OnionChat.
Wire is another messenger that can be downloaded and used anonymously. It is available on F-Droid which means no Google Play is required and it allows email aliases as well anonymous sign-up over the Tor network. Wire is targeted primarily for corporate clients but if you intend to use it individually, then it’s highly recommended to use it completely anonymously – always over the Tor network, with a randomly generated username-password combination in a password manager, and with an anonymous email alias.
Matrix is another great service that can be used for messaging, voice calls, group chats or chat rooms. There is a popular Matrix client called Element that can be fetched from any popular app store including F-Droid, which means it can be installed anonymously. The whole account creation and usage process work with no issues over Tor. This makes Element a very solid choice for anonymous encrypted communication.
When it comes to social media accounts, using Tor or a VPN for account creation might get your accounts flagged and suspended before you even get to use them. You might try your luck and score occasionally, but in many cases you won’t be let through without providing a phone number.
If you need to create an anonymous social media account and no VPN connection works without asking you for a phone number, try a public WiFi somewhere that’s not associated with your work or home address.
I tested the fully anonymous setup, which includes routing full device traffic through Tor and using email aliases, and I have had my success with Twitter, Reddit, Wire, Matrix and Nextcloud.
Google and Facebook will be a lot more cautious but you might get lucky. Apple ID is now impossible to get without a real phone number period.
Dissociation and isolation of your anonymous identities are not the only steps to keep your anonymity. Be extremely cautious of what types of data you submit to these services while using them. Always think of the linkability and identifiability threats when using these accounts.
You must not give these organizations any reason to think your anonymous accounts could be linked to your personal identity. That goes for the patterns of behavior such as the times you log in and log off as well as any data they collect.
How you use pseudonymous accounts will over time build up a reputation. Be prepared to burn your pseudonyms whenever necessary. That means completely deleting your accounts and sending a request to delete associated data. In cases of extreme sensitivity, you might even need to wipe or destroy your whole devices.
And this concludes the chapter on anonymous identities online. This tutorial would not exist without the help of my direct supporters on patreon.com/thehatedone. Share this tutorial with your friends and until next time have a good one.