Would this hypothetical situation provide full anonimity?

When it comes to the use of a VPN provider, the extremely paranoid might find that it is not all that much safer to trust your anonimity to them than it is to depend on your ISP. After all, the VPN will get your real IP, and might log your traffic, and give you up to the authorities if pressed. Of course, all of them will swear they wouldn't, but in the end there's only one sure way to find out, and you won't like it.

Being moderately paranoid myself, I'd like to know if this situation might work:

You choose a VPN, and you pay for the service anonymously (several VPN providers offer various methods for this). Then, whenever you need to surf anonymously or do some safe P2P sharing, you go somewhere where you can get free Wi-fi, be it your local library, cafe, college or whatever. You connect using your VPN, and you do whatever you're supposed to do. When you're done, you go home.

Theoretically, your VPN provider knows nothing about you, since the IP they got was from some public place, and the traffic they might have logged (if they did) cannot possibly be attributed to you (you're not the owner of that line, nor have anything to do with it). The actual owner of the line got nothing on you either, since whatever you did there was done not with his/here IP address, but with one from the People's Republic of Whatevertheplace.

So, am I missing something here, or would it be pretty much impossible for you to get in trouble with this method?

 

If you don't do something illegal, you should be ok. OTOH, there might be security cameras used at the public locations that can place you at a location at a particular time.

-- Tom

 

Your computers connection to the VPN could potentially run ARP, since it is a private network. This allows the VPN provider to potentially identify your network card, virtual or otherwise, within the ARP domain. This is among many other things that can be done to fingerprint you, such as watching your traffic for logins, usernames, destination websites, browser signatures and more.

If you don't trust your VPN provider, don't use them.

YOU ARE ALWAYS FORCED TO TRUST AT LEAST ONE ENTITY OTHER THAN YOURSELF. There is no exception to this rule.

 

Good point, but if I did something as illegal as (gasp!) downloading the film they passed yesterday on TV because I couldn't watch it, it would initially only concern the government of the People's Republic of Whatevertheplace, since I'd be using an IP from there. Then they would trace that IP and find out it belongs to WhateverVPN's server in their country, so they'd go to them to ask for my real IP. WhateverVPN, of course, would answer "well, we're sorry, we can't give you that IP because we keep no logs, but if we did, the IP you're looking for would be XXX.XXX.XXX.XXX", which would actually be an IP from the Grand Duchy of Icantbelieveitsnotarealcountry.

At that point it would not be Whatevertheplace's problem anymore, but still they would inform the authorities of Icantbelieveitsnotarealcountry, for great justice, who in turn would trace my real IP and find out that it belongs to Mr. Phony name's internet cafe. Then they'd have to trust that Mr. name's been keeping his security tapings from months ago (because that's how long the process would have taken up to this point), that the camera got a clean shot of my mug, and that there was nobody else at the cafe at the time. Then they'd have to identify me and get me.

Quite a hassle for one stupid download, innit? My point is, even if the method I described is not fail-proof, I guess it's pretty damn close.

We're talking MAC adresses here, aren't we? I guess logging MAC addresses might be a bit overkill for the VPN provider, but you do have a point. Still, there are many programs around that would allow you to spoof your MAC address, which could be a possible solution to this vulnerability.

Indeed, but if you don't go and log in to your e-mail or some other stuff like that, they wouldn't get all that much info. Going to your local baseball team's fanclub website might tell them where you live, but apart from that, and unless you do some pretty reckless surfing, it'd take a lot of guessing to find you out.

Pretty good maxim, I kind of agree, but the reason we are using a VPN provider in the first place is that we have been led to believe (especially by them) that we can't trust our ISP or any government on Earth, so it is only natural for us to mistrust our VPN as well. Nothing personal, they're bound to be nice guys and all, but the least we have to rely on them, the better.

I hope I don't sound hostile in my remarks, I'm not trying to play the smartypants here, but actually trying to learn, and your replies so far have been pretty helpful. If I am mistaken, I'd appreciate you guys to point out the mistakes so that the discussion can go on.

 

If you can't trust any VPN provider you could always run your own proxy server that way you can be sure 100 percent sure that it is not logging activities. But to be anonymous you need others using it as well. I believe with TOR you can donate proxy servers and bandwidth to the network this way you would instantly get heaps of other users using your server. As well as having logs turned off I would also have it run in a true crypt container so no one can physically access the OS. another good advantage to running your own proxy server is that you control the bandwidth so you can make sure you get good speeds.

If you purchase a server it is best to purchase it anonymously. 1 use a prepaid
moblie modem stick, with these not even your ISP knows who you are. 2 pay with a prepaid visa gift card.

 

Bill "Freekazoid" Gates.

Enough said.

 

Huh? I have never heard of this. Are they available inn the U.S.?

 

Hey Caspian, There's several ways to do this. Just a couple of examples:

http://www.slingshot.com/

http://www.amazon.com/Novatel-Ovation-Broadband2Go-Prepaid-Virgin/dp/B002VPUNKE

 

That sounds awesome! But I guess you have to have it mailed to you. Maybe they will sell them at Walmart

 

Yes and I am pretty sure that you could get a VPN paid for in cash. If you have a separate laptop and VPN (paid for in cash) used only for this purpose, then that should be pretty good...as far as I know. As for GPS? Sit in you car or some place where there are no cameras.

 

I still think there's no better method for near-anonymity than war driving. That's sounds too simple, but there's not many explanations for how it's not darn close. Computer fingerprinting after the fact notwithstanding.

 

I have never heard of war driving. I will Google it.

 

It means driving around with a portable computer, finding WiFi routers, and then doing something with them -- perhaps just logging MACs and locations, perhaps just leeching, perhaps assessing vulnerabilities, perhaps attacking, perhaps ...

 

The term has actually changed in meaning in the last 2 or 3 years, but most still think of it as driving to grab bandwidth from whoever and wherever it's available. There's ethical considerations to be sure, but in this context (for privacy) it's hard to beat. Not to mention that a lot of the cloak and dagger is gone from the process as so many people and places leave their WiFi on for anybody to use anyway. As you may know, Bruce Schneier has taken the controversial position of admitting he leaves his WiFi on with no security whatsoever. His theory is if he were to do anything on the internet of interest to any big brother types, he can always point to his open wireless and give them a shrug and a "sorry...could have been anybody."

 

You mean it is actually possible to automatically connect to wireless connections while driving? Or do you just drive a few houses down, connect, and then drive down a few more houses and connect to a different router?

 

A little trivia: The term war driving is a play on the 80's equivalent "war dialing" where one would dial random numbers on the modem hoping to get a connection to a remote machine. The term originated with the film "War Games" where the lead character, Matthew Broderick, randomly dialed into the government's server.

 

You're not necessarily connecting. By default, WiFi routers periodically announce themselves. One can also probe for available WiFi routers. There are apps for various WiFi-capable machines. And BTW, the WiFi router geolocation databases were created by wardriving, rather ironically.