[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Can you trully become annonymous in 2022?

Hi all,

I’ve been using computers since the late 80’s. Back then, it was the norm to create a nickname and to hide your identity, now days it’s the opposite. People these days use their first and last name openly in the internet and seldomly use nicknames. Even when they do use a nickname their hardware has already been fingerprinted and tied to a phone number… at the very least, this is exactly what happens to around 30-47% of all users (windows). Even if you buy a burner phone with cash you are still getting constantly fingerprinted, identified, geolocated, and/or cookie tracked.

So what exactly is necessary in order for a person to be annon?
A. Cash.
B. A third party.
C. Time.

So… I’m going to draw a hypothetical case in hopes that you can’t find a flaw.

First step, go to a place where you can purchase a VISA pre paid debid card that you can throw away as soon as the funds dry out. At the same time, your gonna buy a burner phone that preferably has no GPS and it’s main function is to receive SMS 2FA messages. If you sent a third party to do both then I guess you don’t have to wait until whatever camera backup system overwrites the previous useless data, but you used your data to get it (at least in some cases)… but I digress, let’s assume you where able to remain annon.

Next step, you are going to use that burner phone to create as many accounts and ALT accounts as possible and confirm your ‘identity’ with 2FA SMS when ever is required. Once that tedious and slow process is complete you will have to remove your burner number from as many accounts and services as possible. Save all that data into a password manager.

Congratulations! You now have account(s).

Now the next hurdle… can you get a third party to open an internet contract in a place of your choosing? I’m guessing you can’t… but if you did kudos! you’ve remained annon.

Congratulations! You now have internet access.

Now, let’s talk about your hardware. If you are using something like windows 11 you will quickly discover that you can do a clean install on a brand new HD and MS will still recognize your hardware. The reason being is that they’ve associated the product key to a fingerprint of your hardware (as far as I know it’s a combination of CPU and MOBO). This means there is a paper trail. It doesn’t matter that you don’t install windows and you go straight to linux. That hardware has a paper trail. If it doesn’t lead to you, then to who does it lead?

Sigh! what a freaking nightmare!

What I’m saying is… you can’t buy hardware through Amazon, ebay, craigslist, etc. You need to physically haul your body into a microcenter (or similar) and buy hardware in cash. Hopefully, you can do so and still remain annon by using a third party.

So OKAY! You went to microcenter. Got yourself some brand new hardware that wasn’t fingerprinted or OEM fingerprinted…

UFFFF! I almost forgot… wherever you place your hardware… make sure you don’t use any IoT / appliance / printer / gadget. Because even if you are using VM’s if a gadget gets associated with a VM you are done for. I can’t recall the precise case, but years ago there was a dude that was caught because he had a WiFi laserjet printer connected in his network.

Congratulations! You have hardware + internet + SMS 2FA + accounts… Now bridges, TOR, and whonix / tails / qubes. Don’t change settings. Keep a standard a resolution. Be as vanilla as it gets.

Did I miss anything?

Now… answer me this: Can you trully become annonymous in 2022?. What’s the point of Whonix then? Is it like what ‘private’ browser was supposed to be?

I wish there was a way to say this without sounding so arrogant, but… can you please change my mind? Can you offer some arguments to the contrary?

I agree with all what you said.

I can show you my work on the topic.

Getting rid of hardware / integrated circuits embedded unerasable serial numbers (Or fingerprints) is definitively a complex task, because they are everywhere, and many data are secretly overtly tagged with them, to further identify who generated them.

One of the things that scared me most was when, by chance, reviewing some Snowden docs when I was contributing to the project “NSA Observer” ( nsa-observer . net ) I discovered a slide with some internal NSA database dump, listing hardware association with citizen’s identities, I saw a column “serial number”.

These serial numbers or fingerprints, coming from the hardware, are extensively used everywhere to tag almost everything.

From here, what you described is a very good begining to get anonymous, but as you could see by yourself, being truly anonymous is very difficult, takes a lot of preparation, time, and it has a cost too (You have to anonymously buy some used hardware for a “single use”, paid in cash, leaving no trace of the transaction), set up your configuration, etc…

I used to say that to have true 15 minutes of anonymity, it’s about one month of hard preparation.

It’s I guess hard to stay anonymous for more than 15 minutes, because it must raise many alarms at NSA, and they start “caring” about you with a lot of ressources. They get mad when somebody like you does what you described.

So the question is, how to make this process you more or less described, or a similar one, more simple and less costy, both in time and money.

If you want, I can upload here a schematic of an install I use to have 15 minutes of true anonymity using TAILS, with a disposable “one time use” laptop computer. In this schema, everything rely on the strengh of the firewall. Give me a few minutes to find it back in my archives, and I will post it here.

Probably not news to you but I might remember something about certain stores keeping records of serial numbers of individual products and a record of sale. Some products do come with serial numbers affixed to the box by a barcode from the factory so it is trivial to record them.

Thank you

Now, let’s talk about your hardware. If you are using something like windows 11 you will quickly discover that you can do a clean install on a brand new HD and MS will still recognize your hardware

I do not know about recent Windows but off-the-shelf PCs have come with the product key embedded in the BIOS by the manufacture since Vista and can “persist” after a re-installation. Not as nefarious. Really would not be surprised if Microsoft is up to new antics by now.

At the same time, your gonna buy a burner phone that preferably has no GPS and it’s main function is to receive SMS 2FA messages

A slightly different approach: Could you not attempt to purchase cryptocurrencies anonymously and use virtual phone services that have anonymous registration and accept cryptocurrency as a substitute? Being able to acquire and maintain the usage of cryptocurrency with a high degree of anonymity is problem of itself but if you succeed and have virtual phone service it potentially mitigates the vector for direct location tracking over a period of time.

Thank you

Let’s say that hardware is tied to a phone number.

You’d still have to show evidence that all activity from Tor Browser is (regularly) de-anonymized.

Windows Host are discouraged for many reasons however:

This is highly unlikely (to avoid saying impossible) with Whonix. The Whonix-Workstation is on an isolated network and can only connect to Whonix-Gatway. No way for the Whonix-Workstation to learn about a printer or similar on the LAN.

Such an attack is even hard against Tor Browser. I suppose the host operating system of that user was compromised by malware for that to be possible.

I guess most users don’t attempt that. But it’s a nice “bonus”. Mentioned here: Essential Host Security

What’s the point of Whonix? See:

Meaning, as a hopefully as valid accepted measurement, using Whonix vs not using Whonix made for some users the difference between receiving an unfriendly letter or knock at the door vs that not happening. So for these users the value of Whonix was positive.

There’s no absolute proof that Tor / Whonix is always 100% transparent (i.e. not providing any privacy at all) to advanced adversaries. On the other hand, it’s not possible to proof a negative. Even should Tor / Whonix be always 100% transparent to advanced adversaries, it’s still a long way from 0 - 100% transparent to all non-advanced adversaries. That alone is a lot value for many users in many countries.


Related:


Also unspecific to Whonix. You could swap Whonix with Tor and then discuss this with a bigger community too. See:

2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]