Real vs Pseudo Identities

Discussion in 'privacy problems' started by bazinga, Aug 16, 2014.

  1. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9
    Hi, folks...Like many people I've become more and more sensitive about my online privacy. I'm fairly "techy" but by no means a security or internet expert. I've been skimming the forum threads and quite frankly my head is kinda spinning. I'm just your ordinary citizen with no issues of gov. censorship/tracking, no illegal activities or corporate espionage. I just don't want to give every personal detail out to the internet. So my question is this...How should I separate my "true" identity with a "pseudo" identity. My real identity is obviously used for banking, shopping etc. The pseudo identity is for doing research or looking up things that I'm just not comfortable with the whole world knowing. Or just searching the internet without receiving spam or ads about every little thing I look up. I guess I'll need to create a separate email that is not linked to my real self also. Suggestions on email? ProtonMail, Hush. Hush seems fine...I know they'll give up info but I'm not terribly concerned about that. At least its not scanned like gmail....or maybe it is?? I guess thats a whole different topic.

    Should I use two separate browsers? 1 for each identity? Safari for my true self and FF or TOR bundle for pseudo identity? Or should I use the same setup for both real and pseudo?

    The only things I have I have started to use for security/anonymity are a VPN, some of the usual extensions, and or the TOR bundle browser. Just the other day I also changed my DNS to openDNS...not entirely sure that accomplished anything but it does seem to be a little faster...could be just in my mind??

    Also, does it defeat the whole purpose of being annonymous if I'm using VPN & TOR and log into my bank? I guess they would know I logged in but can't trace back to my real IP or know where I am...right??

    TOR is pretty slow so I guess that would be for use when I'm really paranoid about looking something up...everyday browsing with TOR would be kinda painful.

    Thanks in advance for any help!
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,061
    Hi @bazinga and welcome to forum. I use similar approach for my computing. I separate my real and pseudo identity.
    I use Hushmail for my pseudo identity. If you use free service you have to log in at least once every three weeks. For my real identity I use Gmail, as most of my friends and colleagues are using it too.
    I don't use separate browser but I never login to both identities in same session. I always delete cookies and browser cache before login to my real identity.
    TOR and VPN can help you gain some anonymity but I wouldn't use TOR to access my bank. Why should you hide from your bank?
     
  3. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9
    So it sounds like I'm heading down the right path. Not trying to hide from my bank...just trying to understand how the whole thing works. Also, to avoid slipping up and logging in "unprotected" I'm considering just going "all in" and using VPN & TOR all the time as to avoid an accidental slip up...but as I mentioned before TOR is painful for general browsing. As an example, I did create a hushmail account. However, on accident I logged into it without a VPN and without TOR. So now I'm assuming they have my real IP linked to my pseudo hush email. That particular email was just a test to see how I liked Hush so I guess I'll have to create another one when I've got it all figured out.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's best to separate your true identity and pseudo identity on different machines, or at least on different VMs. You can have multiple pseudo identities, each using its own VM, and each with its own set of interests. It's rather like multiple-personality disorder, except that it's entirely intentional and strategic.

    Don't rely on separate browsers, or using the Tor (not "TOR"!) browser. There's too much risk of cross contamination and compromise. Use Whonix for Tor. It's very easy, and you can easily have many instances, running simultaneously yet using totally different Tor connectivity.

    Each pseudo identity VM needs its own, unique connection to the Internet. One might use a VPN service. Another might use a different VPN service, or Tor. Or they could use various nested chains of VPNs, JonDonym and Tor. See my guides on iVPN for specifics.

    Each pseudo identity needs its own email address. Any provider that doesn't require cellphone text confirmation is OK. Hushmail is OK, but use your own end-to-end encryption, because theirs is not trustworthy. VFEmail.net is convenient, as they have a Tor hidden service address (https://344c6kbnjnljjzlz.onion) and accept Bitcoins for premium accounts. Bitcoins should be thoroughly anonymized before use. See my guides on iVPN.

    Never associate any of your pseudo identities with your true identity. For example, never use the same VPN service for both some pseudo identity, and for accessing your true identity's bank account, etc. Also, never associate your pseudo identities with each other. You can use associated pseudo identities as part of some game, but always be intentional, and don't push your luck. Remember that pseudo identities are entirely disposable. But don't recycle stuff.

    You can have weakly pseudo identities, which you use in physical space. You might want to buy a computer or cellphone with cash without revealing your true name. Make sure that you answer to the pseudonym, that you can write its signature, that you know an address and telephone number (real, but not yours) and so on. If challenged, you can start going on about LARP, and how much fun it is :) But make sure to keep these weakly pseudo identities entirely isolated from your other pseudo identities.
     
  5. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    "Rusty Shackleford"
    https://en.wikipedia.org/wiki/Dale_Gribble

    I don't really go to these types of extents myself. But, I'd say if you're going to do separate identities I wouldn't even have them used on the same computer. I mean, there's ways where you could, but if you slip up it's too much risk. I'd just get a laptop, remove the hard drive, only use Tails on it ( https://tails.boum.org/ ) and then only connect to open wifi spots, preferably a good distance away from your actual house.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I think many commercial and other organizations... the type that someone might choose to or have to do business with under their real name... aren't fully/properly securing their sites and traffic (forcing SSL, avoiding all mixed content, assuring that links on secure pages are only to other secure pages, carefully securing cookies through domain choice and secure attribute, so forth). Would you really want important traffic, particularly that tied to your real identity, routed over TOR?
     
  7. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9

    Wow...well that gives me some homework to do. I'll look into Whonix. Is that similar to Tails? I glanced quickly at the web site but couldn't quite see how to run it. Would I run Whonix on a VM? Or is Whonix the VM? VM's may be a little above my pay grade to understand and operate. My main computer is Mac, so OSX based. The only PC's in the house now are my actual work computer so I'm not messing around with that.

    I've read bits and pieces about hidden services...not very familiar with those either. How would one go about finding them? If I were searching for email providers would I have found VFEmail on my own? Is there a special search engine or something to use to look for hidden services?
     
  8. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9
    Maybe I don't fully understand Tor yet. I thought Tor would provide some shelter from that...But maybe its like going to the black market...you can buy some stuff with anonymity but you wouldn't want anyone there knowing who you really are?? Is that what Tor is like?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's best to start out with basic stuff, and gradually learn more. It's overwhelming otherwise.
    Whonix is a pair of Debian VMs for VirtualBox. One is a Tor gateway VM, and the other is a workplace VM. They're supplied as appliances. You just import them, and they work. If you run a VPN client on the host machine, the Tor gateway connects through the VPN, so your ISP can't see that you're using Tor. I prefer that, but most Tor experts think that it's useless or bad. It's your choice :)
    Just install VirtualBox on your Mac, and then import the Whonix VMs.
    Once you have a Tor browser, as you'll have in the Whonix workstation VM, you just browse .onion addresses like any other address. There are various lists of hidden services. Just search, and you'll find them. I'm not going to recommend any, though.
     
  10. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Give this a look over: https://www.wilderssecurity.com/threads/tor-vulnerabilities-and-attacks.363014/#post-2364262 (the pdf)

    The stuff that's sent over the exit nodes isn't encrypted by Tor itself. So anyone running a Tor exit can see any traffic that isn't encrypted say by HTTPS.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    For very separate identities, that's an excellent suggestion.

    Each identity has its own risk model, and you do what's appropriate in each case.

    Also, as I've noted, this is a lot like LARP.
     
  12. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9
    I appreciate the responses. Looks like I've got some more reading to do. At the minimum a VPN and Tor seems like a good start. I also started using startpage. At a super basic level startpage may fix what started as one of my first concerns. Every time I would search for something I would notice ads and emails relating directly to the item I was searching for the previous week. Its really creepy.
     
  13. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9
    Can VirtualBox be installed and run on a USB drive? I'm reading through the docs now but figured I would ask.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I don't know, and I definitely don't know on Mac.
     
  15. bazinga

    bazinga Registered Member

    Joined:
    Aug 16, 2014
    Posts:
    9
    Few more questions:

    1) When & what should I use a VPN for? My thinking is that for everything using my real name, banks, amazon, paypal etc I SHOULD NOT use a VPN because any reputable site is using HTTPS. Thoughts?

    2) So now, when should I use a VPN? For general browsing, research, forums etc?

    3) Lastly, when should I use Tor? What possible scenario would I want to use Tor over just a VPN?

    I don't want to get into the debate about using a VPN w/Tor yet...that seems to be a heated conversation both for and against.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    You can use a VPN service for true-name stuff, for better privacy and security while using public WiFi etc.

    But it should not be the same VPN service that you use for any of your pseudonyms.
    VPN services are appropriate for activities such as evading censorship and/or traffic throttling, preventing your ISP from seeing what you do online, and hiding your ISP-assigned IP address from websites etc. But they're not appropriate for anything where compromise might have serious consequences. That's because the your privacy and security depend entirely on the VPN service and its operator. It's a single point of failure. They're especially inappropriate against adversaries that could coerce or compromise the VPN service, its operator, or its hosting provider.
    Tor is appropriate where compromise might have serious consequences, and especially against powerful and resourceful adversaries. Although Tor is by no means perfect, it provides far more anonymity (but not necessarily more privacy and security) than VPNs or JonDonym do. With Tor, you connect through three-relay circuits that change frequently, and you're part of a crowd of users that look a lot alike. So adversaries would need to work a lot harder to deanonymize you.
    :)
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  18. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I always reveal real information about myself on the Internet. I don't ever lie about information I give out to other people. If I want to remain anonymous online, I simply don't give out any personal info at all.
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, sometimes pseudonyms need birth dates, addresses, telephone numbers and such.
     
  20. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    what address would it be delivered to then.? if someone else you expose their address
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I typically use homeless shelters, or businesses that have recently failed.

    When I'm mailing cash, I use a homeless shelter for the return address. That way, if something goes wrong and the cash is returned, it goes to a good cause ;)
     
  22. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    I also do this..

    I obviously fake names but that's about it.. I've never been asked to fill my address information, other than when I needed to (for example, shopping, domain buying, etc)..
     
  23. david banner

    david banner Registered Member

    Joined:
    Nov 24, 2007
    Posts:
    576
    @mirimir and how do the homeless shelters feel about this? Do they know you use their address?
     
  24. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    While we are on the topic of pseudonyms a couple of disjointed thoughts occurs. If you need a pseudonym (fake email account), for reasons that could say potentially land you in some type of legal trouble, then, it should be created behind an anonymity service (VPN, TOR etc). Important, if you ever connect to that account with your real IP (even one time) you are compromised.

    The key to privacy and anonymity is constant thought regarding your internet usage habits. It is important to come to grips with human error and realize that even the most advanced individual is going to blow their own anonymity and privacy sometimes. Being aware of your vulnerabilities and designing a system around those vulnerabilities is important. Also, screw up management. When the inevitable mistake happens be aware if it is important or not. If a minor item do not draw attention to yourself by bringing it up. If it is life affecting then you might be in the situation where you are forced to really think on your feet. Hopefully you are not in such a life condition that when it happens you wind up in prison or something. That's all.
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I have no idea. There's really no way to ask.
     
Loading...