Reclaiming/resetting my online identity

For a couple of reasons I'm inclined to buy a new router, most likely wireles.

What I'm interested in is reclaiming/resetting my online identity.
This is not about being 100 % anonymous, or 'perfect' privacy.

If I get a new router my ISP will assign me a new IP based on the router's MAC address. (DHCP)
So far, so good. My configuration: wireless connection from the computer to the router, the router is hooked up to my modem which is connected to my broadband/cable internet connection, no other devices in the local network.

This computer is old but still good enough for basic internet access. Windows XP SP2 with updates.
I can restore a clean image that only has the OS and my hardware drivers.

So, if I'd get myself a new router and restore a clean image would I be able to 'reset' my online identity ?
Meaning, would websites and commercial trackers be unable to associate my new IP with my old IP and the data associated with the old IP ?
I wonder if the Microsoft WIN XP OS carries some unique identifier that would allow websites and commercial trackers (including Google!) to correlate my new setup with the old setup ? It doesn't have to be NSA proof !

So, the issue is not anonymity and privacy itself, but the question if they could correlate the old data with the new data, OS and browsing.
Sort of, can I start from scratch ?

I'm aware that profiles are created. But as long as my new browsing is not too similar to my old browsing, can I achieve my objective ?

I could be very nice if I could get Google to stop offering me search results based on past searches.

 

Why not log into your Google account dashboard and limit the history storage from there?

 

Since we are creatures of habit, we tend to visit the same familiar sites on the web, we can be tracked through nothing more than our associations.

Is it possible to be NSA proof?

 

Here is the thing your ISP keeps track of what IP addresses each customer use. I dont see how switching a new router or even a new cable modem helps your privacy since your ISP keeps track of what IPs you have had.

 

Browser Fingerprinting Can ID You Without Cookies

 

Yes, you can 'reset' your online identity. The basic idea is to create the illusion of being an entirely different user from the perspective of remote sites.

For starters, you don't even need a new router. The MAC address of that device is irrelevant since it only exists within the framework of your LAN. Your modem/ISP is the only entity that "sees" the MAC address of the router, so it is not possible for that information to be picked up by remote web sites anyway.

Therefore from the technical side, the only things you need to be concerned about are your IP address and OS/Browser fingerprint. Since you say you'll be starting from a 'clean slate' with a freshly installed OS and newly-assigned IP, then basically you've already got that part covered. The only thing I might suggest here is to make a few changes to your setup, so that it's not exactly the same as the way you had it originally.

The difficult part is what Searching_ _ _ was alluding to, which has to do with breaking your patterns of behavior. In order to create a 'fresh' identity, you have to make a consistent, conscious effort to go against your usual habits. So, using your example of Google, the first order of business is to completely abandon all of your old Google (Gmail, Youtube, etc.) accounts. Keep in mind that if you intend to clean up / close out any old account prior to abandoning it, you must do so completely BEFORE switching over to your 'new' identity.

Then as you set up new accounts, everything has to be done differently: different username, different password, different email address... even different checkboxes/options selected than what you might normally select. In other words, your objective is to take on the persona of an entirely different person.

After that, it's just a matter of maintenance and taking the proper precautions to ensure that patterns of behavior from your 'old' identity don't inadvertently correlated with the new. Perhaps easier said than done... but it's definitely doable, IMHO.

 

HAN,

I don't have a Google account.

Marktor,

Whether my ISP can track me is irrelevant for this discussion. I really don't think they collect and sell user profiles. It's against the law anyway.

MrBrian,

I appreciate the link but I'm already aware of that particular issue.

CasperFace,

Creating a new setup is part of the plan.

But I have this particular question: it it possible for websites and commercial trackers to identify me based on some unique identifier of my WIN XP SP2 OS ? Also, does Microsoft share data with Google and if so, would that allow Google to associate my new identity with my old identity ?
I have no idea.

 

There are potentially very many connections on that Windows machine to your old identity. Trying to wipe them all is hopeless.

Back up everything that you want from that Windows XP machine. Max it out with memory. Install Ubuntu 10.10 x64, and VirtualBox x64. Create a Windows XP SP3 VM, using your old Windows install disk. Then create a Ubuntu 10.10 VM for your new identity, and always access the Internet using a VPN service.

If that's too extreme, install VMware Player on your Windows machine, and do the Ubuntu 10.10 VM thing there.

 

It would take time and effort to learn Linux.

To install it, to secure it, and to use it. I know nothing about that OS.

I'd rather not do that.

 

I'm going to try and be a voice of reason. Yeah, I know, GTFOH. But hey, here goes.

What are you interested in preventing?

Identifying you?

Your internet destination choices can identify who you are.
Your OS can be used to identify who you are.
Your browser can be used to identify who you are.
All of your hardware, including PC or Laptop, can be used to identify who you are.

Penetrating you?

Access to you through vulnerabilities, which can be designed in or are natural flaws.
Every OS out there has a flaw that someone or some country can leverage, including Linux.
Attempting to discover what comprehensively is vulnerable and what isn't is such a monumental task that only nation states are capable of affording the aggregation of that info.
Example: A vulnerability that allows network access via the WAN on consumer routers.
The public sector security researcher who published this info had a limited budget and so only tested enough routers to prove his thoery.
A nation state on the other hand could purchase every router available, test them, and not share their info, advantage them.

Snooping you?

The snooping begins once they have identified you and they begin to coralate all your travels on the internet.
When they decide to penetrate your network or PC they will drop something on you. Example: stuxnet: Developed in 2007, released in 2008, public knowledge 2010, two years of snooping.‭‫

 

What I want to avoid:

Identifying me ?

Websites, commercial trackers, Google associating my 'new' identity with my old identity.

Are websites, commercial trackers and Google (does Google share relevant data with Microsoft?) able to identify me by my version of my WIN XP SP2 OS ? I suppose there is the 'in theory', and the practical part.

My hardware ? How ? This machine has nothing fancy, just the basics of a 7 years old computer. Drivers for graphics, HP printer, monitor, that's about it.
All 7 years old. For as far as I know it doesn't phone home. Except to Microsoft ?

I think I can handle my browsing behavior and the browser.

Thus far, any problems ?

'penetrating' That's not the issue.

Snooping ? I 'm not a target for hacking. I wouldn't expect a major player to attempt to penetrate my network.

I tend to restore an image once in a while and that may be helpful.

 

@ Fly

Microsoft "might" identify your comp when/if you allow it to autoupdate, eg patches etc. There have been numerous claims over the years that they can/do grab/verify your OS licence SID # on such occasions. Also that some encrypted communication takes place. What's in there ? It might be harmless, but who knows ? If you want/need to update, then you can do so via their Technet www. Whenever i used in the past, before i reinstalled & no longer update, i was always able to select the ones i wanted, & DL WITHOUT cookies or Scripting or ActiveX etc = So any deep inspection etc was avoided = My IP is/was dynamic so it always changed

If you havn't already, i would change my ISP, if you can, & for one that issues a dynamic IP

I would consider changing your comps user name/s & also the comps ID/Name.

http://community.spiceworks.com/how_to/show/5

http://www.tomshardware.co.uk/forum/26545-35-change-computer-name-command-line-registry

http://www.zdnet.co.uk/blogs/window...vista-and-windows-7-operating-system-10014824

Verified by

If you change the SID, i'm not sure if you could verify the comps authenticity after 28 days etc, if you had to reinstall ? But if you had a backup of the changed SID, then Anyway, i didn't know you could change the SID, but it "appears" we can

Hope some of this helps

 

I also like the idea of using VPNs. Free ones too. Some of the companies have servers all around the globe. Leaves your ISP in the dark and of course Google doesn't get to track your history. They see very little and if you keep connecting to different countries the pattern gets "fuzzy" in a hurry.

I am not talking about ducking under the radar from NSA. I am speaking about privacy concerns.

 

It is possible for any website with server-side scripts like PHP or Javascript (Wilders for instance (not that they would. ) ) to enumerate your network and gather intel about its structure, which is also a fingerprint, your unique network structure, that identifies you, once corallated with other infos of course.

Wow, you and CloneRanger have the same OS. I wonder if you both have the same programs installed, or use the same programs regularly (MRU), or run it on the same hardware, from the same geographic location, with the same keyboard drivers, and the same mouse drivers, while visiting the same sites?

Can server-side scripts like PHP or Javascript deduce all of this?
Can this information still be gathered when using a VPN?

 

Do not forget the most important security infraction involved, you will no longer be able to Post here as Fly.

The key to any security is change.

The key to insanity is not being free.

The enemy is the SERVER.

Upgrade Microsoft Windows to Service Pack 3.

Disable Scripting for Google.

Enjoy your new Router.

Looks like you are all caught up in your own WEB.


HKEY1952

 

A few things, Fly.

You do not need a new router if all you want form it is a change in MAC address and IP address. Your router isn't related to or a victim to any ads Google shows you. They may have you on 'file' from their Streetview antics though. I think there was a website to check if you show up in their data, I don't remember where I saw it (probably here on Wilders).

Your OS giving data to Google is the least of things to worry about. I've read some pretty wild stories, surfed some pretty 'out there' conspiracy forums and never have come across even the accusation but I'm always ready for a surprise. Possibly the only connection I can think of is if Windows is getting updates from a Google owned content delivery network, if that's even accurate as to how the contact chain flows.

If you want to rid yourself of Google tracking, the main thing is not to use them. There are many alternatives to Google search, Gmail and their cloud services. You can use a HOSTS file or javascript blocker in your browser for Google scripts on websites you view. How are you going to ensure that your new web profile is so different from your old one? You're not about to change your entire personality and get new hobbies & interests just to throw off Google, are you?

Your online identity to marketers comes down to websites you visit, COOKIES, browsing history & habits, search engines, user agent strings, and such. You can spoof your user agent string and thus part of your browser fingerprint, but unless you block javascript, your plugins, fonts, screen resolution and all that good stuff will bleed through.

I've found many "free" vpns that have catches like unique user IDs (Security Kiss) or 3rd party stuff included (Hotspotshield, ProXPN) and some are even directly suspected to be trojan horse types of malware (UltraSurf).

If this computer only has drivers & the operating system and a browser, why not just boot from a Linux live USB every time you want to use it? It will likely boot and run faster than XP off your platter hdd anyway. The Linux distros for beginners (Mint before version 12, PCLinuxOS, OpenSUSE for example) aesthetically resemble XP in many ways. Using one for web browsing and having everything from the session erased on shutdown is pretty simple.

 

Something you might find useful is the User Agent Switcher for Firefox which changes the browser information. There is another, I don't remember the name, that also allows you to change plugins and screen resolution information which can be captured by websites. Many so-called "sock puppets" are caught by software that administrators of various forums, news comment sections, use which matches up - not the IP address - but all the browser footprints.

 

Stay off Google and Facebook

 

Honestly, as soon as you clear your cache/cookies and re-visit with a different IP address, 99.9% of web sites (including Google) will think you are an entirely different user. If they didn't give you the benefit of the doubt most of the time, then there'd undoubtedly be too many false positives to deal with.

Browser fingerprinting is technically possible, although it's not widely implemented. The proof-of-concept is here: http://www.secustudy.com/. It's interesting, but I would be quick to point out that some of those statistics are obviously misleading... particularly with regard to the browser/user agent. Due to incremental changes in browser version numbers over time, you cannot reliably compare that data against outdated information and expect to get an accurate statistic. I know for a fact that the prevalence of Firefox 9.0.1 (at least at the time of this writing) should be much higher than just 14 out of 573.

 

I'll get a new router anyway since this one is not performing as desired.

Booting from a Linux USB for web browsing ?
Isn't that very similar to installing a Linux OS and a Linux-based browser on my computer ? I just don't know the OS. I don't mind spending 10 minutes or 2 hours, but I don't want to dedicate myself to learning a new OS.

 

HKEY1952,

I'm not caught up in my own web.

Any particular reason for updating to SP3 ? I have found there is a lot of junk included in that.

The 'enemy is the server' ?

In one of your old posts you stated that you had Flash blocked by your router.
For any particular reason ?
I know it's a privacy risk. If you block Flash in your router you can't use Flash at all, right ? So why having it installed ?
Or is there some particular reason it makes sense to block Flash in your router even when you don't have it installed in the first place ?

Can you answer those questions, or have your lawyers advised you not to ?

 

You apparently exist your own answers to all of your own questions, please feel.....FREE.....to answer the reserved.

Sorry, I am unable to assist to pre-answerwed questions, however,

Resetting your security perceptive would facilitate Reclaiming realism.


HKEY1952

 

Yes, but it's pretty heavy overkill for what you're trying to do.

Yes. Most Linux distributions come in 'live' form so you can burn the image to a cd or write it to a USB drive and try out the distro on a computer before installing. There's a lot to be gained in terms of privacy/security when using a live USB while traveling if you don't have your own computer handy, or if you're more the type to leak sensitive data to whistleblowing groups while on the run, you'll benefit.

What I was thinking for you though, would be a USB stick living in one of your desktop's ports and the BIOS set to boot from USB. You can still save data you want to your conventional hard drive, but the operating system is on the USB and all temp data, log files & timestamps are wiped clean on shutdown. Virtual machine snapshots could accomplish similar results too.

Any browser except Internet Explorer and Safari can be easily used in Linux. Chrome, Firefox, Opera, they look and act the same as in Windows.

That's fine. See if anything here piques your interest. 'Learning' to do basic tasks in most Linux distros is about as difficult as making a call from an iphone, then sending an sms from an Android phone. (IMO)

www.opensuse.org
http://zorin-os.com/
http://www.pclinuxos.com/
www.linuxmint.com (best to go for version 10 or 11)


Again though, doing all this just to evade marketing and advertising companies is totally unnecessary and actually rather impractical. On the other hand, if you've never uttered a stupefied, "what the f**k??" at the command line, you're not living life the the fullest.