Digging Deep The Anonymity World

A Perfect Solution For Being Anonymous

_________________
Chintan Gurjar (@chintan_gurjar) Vikas Roy

Index
i. Introduction a. Which information can server grab from your system when you visit them b. Hack yourself before going outside for hacking Picking The Right VPN & Proxy Servers a. Tracking Cookie Scenario & POC b. VPN & Proxy Servers 1. proXPN 2. JonDonym 3. HIMACHI Setup 4. Ultasurf 5. Myths & Realities About TOR 6. OpenProxy 7. PAC files 8. Setting Proxy To Tools Use of Encrypted Emails and Chat Services a. Email Encryption 1. GPG 2. PGP 3. sbwave Email Encryption 4. hushmail Email Encryption b. Instant Chat Encrytion 1. X-IM Encrypted Instant Messaging 2. PSST Encrypted Instant Messaging Find your real time trackers a. Introduction b. What is collusion? Incognito Mode Of Browser

ii.

iii.

iv.

v.

vi.

vii. viii.

ix.

x. xi.

a. Truth about incognito b. Limitations In Incognito c. How to use in various browser Is Google Tracking A Big Issue For You? a. Google Privacy Ethics Information b. Data we give Google directly c. Data we give Google indirectly 1. Logs 2. Geo Location 3. Device Information 4. Unique Application Number d. How to stop Google Tracking? 1. Use of Plugins 2. Best Plugin list 3. Do Not Track Plus - Information 4. Disconnect Information Is Social Media Tracking A Big Issue For You? The Uniqueness Of Your Browser a. PANOPTICLICK Project b. Normal Data Collection c. Detailed Data Collection d. Purpose of this project e. Live Testing of Uniqueness of Browser Fake Identity Generators a. Why important? b. General Tips c. Reference Book HOW TO DISAPPEAR d. Site Links To Generate Fake Identity Alternate Device Connection Removing Metadata From Media Files

xii.

xiii.

xiv.

xv. xvi.

Use Of Disposable Email Service a. Introduction b. Advantages of Temporary Email Services c. Site Links Clearing Tracks From Physical Device a. Ways of Removing Traces 1. Peter Guttmans Method 2. Tool Eraser 3. DOD Method 4. Dariks Boot and Nuke Project 5. Physical Destruction Method 6. Other Tools Cryptying Data a. Introduction b. Types of Encryption 1. Communication Encryption 2. Database Encryption 3. File/Folder Encryption 4. Hard disk Encryption c. File/Folder/Harddisk Encryption Tools d. Communication Encryption Tools e. True Crypt 1. Information 2. Future Things To Do With Your Real Account Understanding log files for clearance a. Introduction b. UTMP c. BTMP d. WTMP

xvii.

xviii.

xix.

xx. xxi.

e. LastLog f. Linux Server Log File Information Firewall importance for being anonymous a. Introduction b. What hacker does? c. When firewall is needed? Use of Anonymous Operating Systems a. Introduction b. Benefits of this OS c. Specification of this OS Using OccupyOS live CD a. Introduction b. Benefits of this OS SSH Tunnel Things To Do When You Are Under Suspect

The information given in this guide is only for educational purposes. The author is not encouraging the reader to use these techniques to break the law of cyber world. While anonymity is an important thing, Author encourages people to use this in positive activity in which any law should not be broken. Author will not be responsible for any kind of misbehave done with the help of this guide.

Introduction
Basically my aim is to provide you the information that if you are going to hack something, just before that wait for a while and check whether your system can be hacked or not? This paper is all about those points which can help you out to hide your online identity weather it is on social media, after hacking, before hacking or under suspect by cybercrime investigators. Do not use this article for BlackHat activities. Defacing is not everything. One day when you will grow up, you will realize that you were a kid who was doing SQLi, XSS, rooting servers for mass defacing and all that. It is true that you are not a bad guy. But there are some people in the world (Hackers, l33ts, Geeks, Noobs, Forensics or cybercrime investigators), who can keep on looking your activity, when you are the suspected Vitim, It is not the only matter of being suspected victim, but some individual also like to hide their real identity in order to get rid of the spammer & scammers. So this is the reason that why I am inspired to write this paper on topic "HOW TO BE ANONYMOUS ONLINE." I have done research in this particular topic to find the best solution to stay anonymous in this digital complex world.

Which information Can Server Grab From Your Machine When You Visit It Generally when you visit server or site, it has an ability to grab much information about you. In sometimes people do not want to leave their traces on the server or site. But

before digging into the solution of anonymity lets have some information about the server that which type of information it collects from user. There are many types such as: http_HOST in which it will keep the log of their own website that a person has visited on this host by some ***.***.***.*** IP address. http_CONNECTION It also keeps the track of the connection established as well as connection close and timeout information in his log of any IP address. http_USER AGENT such as Mozilla/5.0 apple web kit, chrome 18.0.1025.3 ACCEPT - It will check for the all accepting methods of http such as text/html, application/xhtml+xml, etc. ACCEPT_ENCODING which are the encoding methods? For example Gzip, deflate, sdch etc.. LANGUAGE Which language the browser and the computer system is accepting such as en-US,en;q=0.8 etc.. CHARSET It defines the character encoding which are going to be used for any kind of form submission.

 COOKIE - It will also keep the track of those cookies which are to be stored at client side. IP Obviously your IP Address is going to track. PORT On which port you are using service will also be going to track. These all were the information of your HTTP request query. Apart from this server may have an ability to take out your ISP connection, IP range of that ISP connection, Geo-location, Net Name and much more? These are just a very small example that I have shown that who can track you and which information can be tracked of you form someone. But its deeper there is a lot more.. This is the reason that I am inspired to write this paper.

So now, dont you think so that you really need a privacy | Safe | Anonymous Environment on the internet!!!?

Hack Yourself Before Going Outside For Hacking

As I have said earlier that you have to check yourself that are you secure? Can anybody hack into your system? There are many ways of checking this, but here I am pointing out some of the basic but very effective ways of it. Beware from kids, who are using keyloggers to hack you into. Download any keyscrambler to prevent keyloggers. Also keep in mind that close your all unused ports which are open. Do not uses windows firewall, if you use keeps it up to date else disable it and use your own firewall. Install and run Malwarebytes to check if you are infected by malwares or not. Firewalling your ports is most important, because nowadays most of the attacks are done through the network layer not on the application layer. There will be a plenty of ports on your machine which will be on listening mode. To illustrate this lets have an example of printer. Printer ports are always open and on listening mode that some signals will come from the networks any computer or outside networks computer and then they will start their job. Hacker can exploit this through giving commands to your printer to do their jobs. To solve this problem you must have a firewall installed on your system. If you are connecting internet through a router, then there will be a firewall in router default. Just make sure that, that firewall is enabled. Else you can have from internet to download and install. Personal Firewall is the best firewall ever I have experienced. It is firewall software which has best protection.

Personally I dont use antivirus for different reasons. Infectors can create FUD (Fully Undetectable) virus which may have an ability to bypass your antivirus. And they may have a power of deleting your all documents, files and folders without knowing you. If you are a programmer and hacker, use Linux based system more. They are much secure compare to windows systems.

Picking the Right Choice of VPNs and Proxy Servers

Now a days all websites are having TRACKABLE COOKIES. What is that - They are the type of cookies which enable the website? It is happening because they can obtain normal or sensitive information from visitors to the owner of the website. If you want to prevent yourself from being tracked then use Norton Internet Security or Norton 360. It prevents all cookies which are tracking cookies. Thats CooLBuddy :D If you need a more upper level security of your identity, then start using public proxy and Virtual private networks. It hides your identity and makes you someone else instead of really who you are. Proxy is just one intermediate between you and the website, where VPN is provides multiple anonymous sessions by giving you a single IP through various routing in multiple tunnels. It also prevents the website to grab information about you that from where you are accessing that. So VPN is my recommendation for you.

ProXPN is the best ever I have seen yet. Benefits : Good Technical Support : Cheap Value : High Speed Main Advantage: Their Free VPN service is also 128 bit encrypted. Their Paid service provides 2048 bit Military Encryption with 24/7 Support. 128 Bit Encryption!!? I Like it JonDonym is another good service for being anonymous. It is designed in such way that people can have their own reserve environment. It provides confidentiality, speed, international spread servers, secure browser, anonymous activities, and protection against website profiling. It has a unique technology for being anonymous online. It serves encrypted communication. Jonny Depp + Van Dam = Jon Donym :D hahahahhaa One can setup his own VPN at his home with the help of HIMACHI. There are lots of tutorials available on the internet that how to set up our own VPN with HIMACHI. So Go and Give it the shot. (Strong Recommendation) Another great tool is ULTRASURF. Students and some people use this tool where there are blocked websites in the restricted area. So this tool has an ability to bypass those protocols and open the website.

-> Sometime WAF administrator comes to know that this guy is using ultrasurf. So it bans the ultrasurf.exe process in his or her firewall. -> But this is the main advantage of this tool. It doesnt come in package there is only one executable file name ultrasurf.exe and it also don't require installation. It runs directly with the double click. So if we rename that file suppose chintan.exe and if we run then it will again bypass the firewall. Because there will be new service create on server named chintan.exe. So it is very handy because to ban all time different service created by the user is hard. So it works every time!! Myths And Reality About TOR Many people believe that TOR is the best project for being anonymous. No doubt that it provides great anonymity for online. But there is one downside of that on which I want to focus. When you use TOR, first it connects to you to the TOR node. (Attacker) -> TOR -> Website Then you surf the web, but at the end of the surfing, when you exit from TOR node none site will grab information about you but as you have exited from TOR node and your internet connection is still on. So there can be a log generated into your ISP server about your IP that it has connected to TOR network. So ultimately our IP recorded into our ISPs log. Yeah, it is true that the sites we have surfed wont have our data, but if we have done anything wrong in that site and they will start investigation, then from our ISP recorded we can be caught. Solution

(Attacker) -> VPN -> TOR -> Website It is very logical and clear way of being still anonymous by routing your TOR through VPN. It prevents your ISP for making a log that you are using TOR. They wont be able to know that attacker is using TOR, because in their system our final VPNs Log will be gone.

There is another benefit of this technique. It also prevents TOR from identifying that that is there behind the VPN. If anyone will able to crack the TOR, he will assume that this is the real IP address of the person, but it wont. It will be the VPNs IP address through which real attacker is connected. TOR Mtanr . ;)

THE

ONION

ROUTING

Use Open Proxies more. It is nothing but indirectly requesting the page rather to open websites directly. For an example, if you want to open www.website.com then your browser will contact proxy and then it will open www.website.com in your browser. It can give you very beginning level protection. But good for the learners who wants to use proxy server. As there are pros of this technology, there are also cons of Open Proxy. It should be used

very carefully. Sometimes they want to spy on you and your traffic so they provide open proxy to those fools who use it. They are not giving us their proxy servers, these servers are accidently open by sysadmin or system administrator. Sometimes these servers are not intentionally open. When system admin feels that there is a heavy load of the server since it is used by many people it opens server. Not all sysadmin are good. Who are spying on you can harm you much. They can report the activity whichever you were doing using their proxy and it can go to anywhere to disclose you. Keep in mind that all the data passing through those proxy servers are being read. So setup a higher level anonymity and then surf the internet. But from all these VPNs and Proxy Serves, JonDonym is the best service. Using PAC ( Proxy Auto Config ) Files is also a nice and handy option. This files are generally called as *.PAC file which contains a JAVASCRIPT. It allows user to automatically choose the proxy server for fetching given URL or the host. Mainly Javascript function used in this PAC file is FindProxyForURL. This JavaScript function returns the string of many access methods with speciation. Pac files were designed by Netscape in 1996. It was first come into use in Netscape Navigator 2.0 version. The JavaScript function FindProxyForURL has 2 arguments such as URL and host which is denoted by FindProxyForURL(url,host); Url contains the given URL and the hostname derived form the URL. Here is the simple syntax PAC file function.

function FindProxyForURL(url,host) { return PROXY given_proxy.website.com:8080;DIRECT; } Example :

function FindProxyForURL(url,host) { return PROXY hidemyass.technolust.com:8080;DIRECT; }

To use this service you need to find PAC file online. You need to find the website on which they are providing Proxy Automatic Connection. They will provide a link to the PAC file which will be like this http://www.technolust.com/Automatic_proxy/proxy1.pac This is just an example. Then you need to open your browsers proxy setting window, I am just showing you of Firefox rest of the browser you are clever enough to find out. Some proxy will be paid so they will ask you for the registration and all that shitty things. But my point is you know the technology behind this so it will be easy to make our own JavaScript Pac files to be anonymous while surfing. Now you know the technology behind this so you can start coding of your own JavaScript and you can make your best PAC file.

This how it works.

Whas ir shir PAz PAz PAz U made me remind of something you know what did u remind me !!? THIS

When the matter of proxy concerns, the browser is not only one thing that will save you from being tracked. You need to set the proxy for all chat clients, players that you usually use for listening music online. Here I am just going to take some name of the important tools in which you have to set proxy for being anonymous online while chatting and interacting with other people. Those are windows media player, mIRc, yahoo messenger, MSN messenger, AOL instant messenger, Mozilla Thunderbird and much more. Do not forget to set your proxy in your all chat clients. And for that keep just one thing in mind. The tool, whichever is interacting with internet, set proxy there.

Use of Encrypted Emails & Chat Clients

You can be under monitored by your email ID too. So it is easy to setup one more complexity to them who are spying on you. Lets encrypt our emails and send-receive to our mate. Even though your opponent will be able to hack your email id, then also he cannot read the message because it is encrypted. General method/formula is that some sites which are giving this type of service provide you to encrypt your message on their site with one key. And after that you have to send message. Now you have to provide that key to your mate to decrypt the message. One should provide that key physically or by call not by computer medium. Four free and best services for this type of encrypted mails are as follows: 1. GPG - This is GNU version of Pretty Good Privacy which is also known as PGP. This is very good crypto system which is directly used through he command prompt. It can be also

used by shell script. It supports many algorithms such as DSA, RSA, AEC, 3AES and much more. It has better functionality over PGP and PGP 2. It can be used as a filter program too. 2. PGP It is known as Pretty Good Privacy in which many baniaries and sources comes which provides much effective encryption to email, files and all your sensitive stuffs or data. You can use this to encrypt your emails. It provides end-end protection for your email encryption. It works on a base of Public Key Encryption in which there are 2 keys generated at a time while encryption. One key is for you and 2nd is for your receiver. Means one message which is encrypted with your key can be decrypted with 2nd key which your receiver has. Its simply outstanding !! :D 3. sbwave Email Encryption - This service allows us to send and receive emails through web media. Generally this type of service is used for personal messages not for big security issue. 4. Hushmail Email Encryption This service can encrypt your data up to 1024 bit public key which is a good security level. It also allows encrypting your email attachments too.

5. X-IM Encrypted Instant Messaging : This is a simple tool of instant messaging which encrypts your messages which are passing through your system to your mate. 6. PSST Encrypted Instant Messaging : This provides the same service as above but this is for linux and windows both.

Find Out Who Are Tracking You Real Time Tracking Your Trackers
In this cut throat competition, the number of the advertisement companies gone high. They are into money making policy this is the reason that you are being targeted often and often by their advertisements. Whenever you visit any site, from your HTTP request, the site on which you have visited is making other sites aware of your coming. After that they will receive the HTTP request header and they will send advertisement on you. Directly it is impossible to see that if you visit one website, then who are tracking you. You need to run some code in your browser which will enable you to see those advertisements origin website. There is one beautiful add-on for Firefox named Collusion. The reason that why I am giving so much importance to this add-on is that this add-on is created by Mozilla. It shows your real time trackers. It gives us the graphical representation of your information which is share by the host you visit and the advertising companies which gets the information of you by your host. Downloading and installing is as simple as you know here is the graphical representation that how it tracks the trackers.

Here is my browsers screenshot, to illustrate the working of this add-on.

Incognito Support of Browser For User

Incognito mode helps user to browse the world anonymously. Truths about Incognito It doesnt store Webpages information which you have surfed on the internet as well as the cached files. It also doesnt keep downloading history recorded if you have downloaded something then. Cookies will be automatically deleted when you close the browser.

Limitations in Incognito If you sign in into your Google account then your subsequent web searches will record the information in Google Web History. However, Google allows us to pause our Temporary Google Web History Tracking, but wont you feel so much irritating if you also want to keep history!!

More over a user should not forget that, Google will not keep history when you are in Incognito, but the website you visited always keeps the log of the record of the visitor.

 In addition to that, every ISP is keeping the track record of its user. And some people like to use secure DNS so they use Googles DNS System which is

8.8.8.8

8.8.4.4

So, This DNS system is going to keep an eye on you.

So Where the FUCK this Incognito is going to use! ? This feature is going to help you at your home to save your ass being fucked by your (Angry Young) DAD after you have bqowrtd a PORN rist.. :P

Use Incognito In Internet Explorer | Firefox = Ctrl+Shift+P Google Chrome | Opera = Ctrl+Shift+N Thankr buddv wily bt wandv foq mt

Is Google Tracking A Big Issue For You?

Now a days world has become more digitalized. There are so many websites starting from any small store websites to big corporate company website. They will also send you the advertise by watching on your browser history and other factors to determine that what you are looking for on the internet. Advertise

comes to us by keeping our browser history information, our HTTP headers, cookies collection in our browser and much more. Google has accepted that, its Google Chrome Browser Tracks the users. What Google collects from the users? It has 2 basic different approaches for collecting data. 1. Data that we give us to Google Directly In many sites it requires to login with Google account, so it is quite obvious that your data like name, email and all the data will go to Google. Also the site information that you visit will be also go to the Google. Thus it tracks directly. 2. Data that It grabs from our systems running services Indirectly Logs: When someone uses services of Google or content provided by Google, it automatically grabs information about user and store it on their server logs. Detailed data has been stored to the server such as

o How the user has used the service or content or

website o Cookies which can identify users browser by Google o Telephony information of user. o Device event information such as System crash System activity

 Browser Language Browser Fonts Time Zone of your computer o IP-Address

Location Information: If you use the location based Google service, Google may track your location information. It may be tracked by the GPS signals transmitted by mobile, tablet. You might be tracked by sensor data of your device, WI-FI access points as well as the nearest cell towers. Device Information: It may gather data of our device such as OS info, Hardware info, unique device identifiers, mobile network information which also includes the phone number of the user. Unique Application Number: Now days every application, plugins, or operating system you install in your system contains a unique number which we called it as VERSION. So these numbers may be tracked by Google. How To Stop Google Tracking? There so many ways of avoid Google Tracking but here are some of effective ways mentioned used now a days by all to stop Google Tracking. Use of Plugins: By the use of the plugins it will stop the HTTP header coming from the website to track your browser and system information.

List of the plugins: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Keep My Opt-Outs Do Not Track Plus (Strong Recommendation) Disconnect (Strong Recommendation) Ghostery RequestPolicy TrackerBlock Priv3 NoTrace TrackerScan ShareMeNot Beef Taco

Using Do Not Track Plus - PLUGIN

This is a program created by Abine Softwares. If you visit any website lets suppose to say www.facebook.com then there are lots of websites in backend who are tracking you. This DOES NOT TRACK PLUS mechanism will block all those tracking site who believes sharing is caring. This will block all those sites who are tracking you when you visit any website. When you install this Add-on to your browser it will put small add-on to the right side of your browser. Then you do your regular surfing. After sometimes if you click on it, it will show you the numbers with the details that how many websites made an effort to track you down. And from those efforts, how many are blocked. It will also tell you that which were those companies tried to track you. This tool will also show you the total no. of blocks have been taken place. In first few days of the use, it will block around 1600 tracings. The

program is highly recommended by CNET. It has 580 tracking technologies.

You can download this from: www.donottrackplus.com/downloading.php

Thasr pqtssv awrm dudt I likt is TRAzC mt. IF vou zAN !!!!

Disconnect: - PLUGIN
This is also a plugin like other but this plugin is created by a former Google Engineer, BRIAN KENNISH. This is open

source plugin. Functionality of this plugin is very simple. It blocks the tracker scripts from the various websites on which you visit. It has also variety of tools such as Disconnect for CHROME, for SAFARI. It has also these tools for various social networking sites such as Disconnect for Facebook blocking, for twitter blocking and Google blocking. yolzInstqtrsing, Uring a plugin so pqtvtns Googlt so sqa{k ur,,, and that plugin is even created by Google engineer !!!! Strange but true !!! :D hahahah

Is Other Social Media Tracking A Big Issue?

Yes Certainly, Its a Big Issue. Not only the Facebook, but I am damn sure that every social media is tracking your each and every move online. The Plugin DNT+ ( Do Not Track Plus ) has identified that Facebook is has more than 200 trackers( Advertising Companies & Much More ) who are watching your activity online. These trackers can come to your browser in a manner of cookies, iFrames, Javascrit, flash and much more. Cookies are the elements which come to your browser and thus it comes to your system. It anonymously tacks your background and current interest and passes those signals to the advertisers who want to target you. This is all about social media as well as Facebook direct advertisement methodology. If you do not go to Facebook or other social media then you can be targeted with Facebooks LIKE button, Google+ +1s button, Twitter tweets button and much more.

yts shtm do shtiq woqkwhv would I rhould pav more attention to this issue ? The more tracking request on your website you will get the much your website will load slowly. When you get these types of trackers there will only few ones who will come up with a new window (Popup) in which once you fill the information they will take and go away. But popups are not coming regularly in fact they are coming once in a blue moon. So rest of the services are only running in backend so why not to block it to save your bandwidth and get the high speed data transfer without interception. Not all cookies come up with some certain aim. Not many but almost all will be hidden, it will just sent your information to the other advertisers that what is your geo location, where you have visited and what is your username where you visited. So this is really an issue that has to be solved for not only the Facebook but all the social networking sites.

The Uniqueness of the Browser

Generally people believe that they are securing their web surfing by not allowing all sites, their information by disabling cookies. However it is completely wrong. It is helpful but only 10%. So what comes in rest of the 90%? When we visit the website, it may have capability of fetching your browsers data as well as your systems data such as configuration of your system, OS version and name, Fonts installed, Browser name and version, how much and which plugins you are using etc... Panopticlick is one project in which it identifies the uniqueness of clients browser. It assures

client that the data which will be collected will be in anonymous form. From the data it can be measured that how unique your browser is or how much your browser is predictable.

Normal Data Collection: Computer Configuration OS Browser Information Plugin Detailed Data Collection: User agent string of browser HTTP accept headers Color Depth of screen Screen resolution Time zone set at the client side Fonts installed to the computer Yes No information of (Cookies, Super Cookies, JavaScript)

Purpose of this project: By testing the browser, we can identify that how much my system or browser is track able. Which information does my browser shares with the sites which I visit? So we can fix that. Live Testing: For live testing of the uniqueness of your browser go to below link

https://panopticlick.eff.org/

Click on the Test Me Button Then it will show all the information about your browser and system. Their privacy policy also gives us the same information as EFF but in a proper way and manner. http://www.stayinvisible.com/

Apart from this Stay Invisible project is also very handy and helpful to check how much your browser and system is unique.

Fake Identity Generators

Do you want to be a Jason Val Kilmer !!? His Movie came in 2012 namtd Fakt Idtnsisv xhaqtd wish u..mav vou ltaqn r0mshing fqom is.

 Being anonymous is not an easy task. It wont help you out in every forms of the web. So in those cases you need to register on website or you need to create your Fake Identity. This is very interesting and real world way to make fool web forums. If you are caught in the act and you want to disappear from the IT as well as real world, then there are some ways with which you can do this. Reducing your social connections. Throw Plastic Cards, Use Cash More. Remove Word Truth from your dictionary Start Lying at each and every stage of your life.

Find and use people to work behalf of you in legal matters Buying home, Car Selling Home, Car - it is also called incorporation in which people hire someone who handle all the assets of him or her. For this you will require social engineering skills. In which you will need to manipulate people, make them trustworthy towards you and then you can exploit them with the proper use of shtm :D .( HOT Tip Pick Females for this )

Deep reading of this book may help you in technical as well as non-technical way.

There are so many websites who can create your fake Identity. Some of the most preferred by all is mentioned below. www.fakenamegenerator.com For Advance Use www.kleimo.com For Basic Use

Alternate Device Connection

Always use someone elses connection of the internet. It is the best way to hide your ass. Because logically it is more secure. When you are connected to your nearest cafes, schools and librarys connection, you are login into the website using their IP address. Not your own one. So it is completely anonymous.

Removing Metadata From Media Files

If you are doing blogging, then certain things you must keep in mind. Use your fake identity and email whiles you are doing blogging. You ignore using flash and JavaScript contents. Specially, you should avoid analytics and advertisements. Some people post their videos and pictures online which they have taken form their digital camera. Do not forget to remove metadata from your media files. Metadata contains a lot of information of your system, OS, Username and much more. Many cameras as well as new phones which are having digital camera inbuilt, they are leaving their signatures in terms of data collection of their device info and pic info. When you post those photos online anyone with some 3rd party tool can extract your Meta data. And for that FOCA is very good tool, which you already know. Thus your identity can be breached.

Here I am showing one example of extracted metadata with FOCA of my own photo.

Thus metadata is very important thing that we cant neglect if we want to be anonymous online.

Using The Temporary E-Mail Services

There is lots of website who wants your email address for their spamming. Avoid that kind of spam by implementing your free non-regular yahoo, Gmail or Hotmail email address. But the real privacy you will only get by using Disposable Email services. They are 100% complete anonymous.

Temporary email services are also refereed as disposable email services. These types of services are real. It is a system of email spam combating. It is also called as DEA Disposable Email Addresses. Advantages of Disposable Email No Authentication Required. Provides freedom to choose any name. No Protocols. Easy access & maintain. Hides your real identity. Avoids Spam. Maintain Anonymity. My Recommendation for best Disposable mail services are: 1. www.mailnator.com 2. www.spamgourmet.com 3. www.dispostable.com 4. www.trashmail.net

Clearing Tracks From Physical Device

Is it like, Do not leave our potty after we do shits !?? Yes it exactly means like that.

OMG !! WTF !!! A hacker is incomplete man/woman without being paranoid. One thing that all the hackers must keep in mind is that they have got everything to lose. So being paranoid is one type of protecting yourself. Paranoid is a different term from being anonymous. Being anonymous part contains most of the technical work to save you from being caught. But being paranoid contains technical work as well as non-technical work in order to not being caught. Sometimes hacker wants their work being appreciated by someone. A good hacker will always think twice before to say about his work to someone. She/he always keeps in mind that whom to tell, what to tell, when to tell, and how to tell. Because, even one mistake can ruin your life.

YEAH !! I also agree with this. Why to give your enemy a chance to fuck your asS !!? Isr good to watch everything but not to speak anything. Am I RIGHT ? Yes you are 100% right. :)

Apart from being paranoid, if we talk about the technical terms, then hacker must keep it data saved somewhere else in portable device. It will be handy while travelling as well as after the destruction of data on your desktop or laptop. The best hacker is that who thinks even the ways of demolishing the data in case of need. As I think, if have got some news that Police is finding me and soon they going to come and catch me from xyz place where I am there. Then I should have a way to demolish and delete my all data from my any kind of storage media. It can be a tool to delete your all data from your clusters even. It can be a noobish but a working way even. There are many tools which completely remove the traces of the each clusters of your hard drive.

Ways of Deleting Data | Removing Traces from Storage Media

1. Use Peter Guttmanns Method : In this method, there are certain patterns which are predefined. It overwrites data 35 times with the selected patterns. That makes the data uncover able or unrecoverable by any tool of data recovery. It is not also possible to recover data from magnetic fields as well as the disk platter surface. Advantage: 100% Assurance of complete deletion. Disadvantages: it is time consuming.

35 times!!! Mv god

2. Tool Eraser (Platform - Windows) : This is very nice tool to remove data from the counterparts of the hard drive. It works with the every windows platform including windows 7 as well as windows server 2008. It uses secure erase methods. Advantage: Small, Easy to use, Free 3. US DOD Method : US Department of Defense have invented a method secure deletion of the data. Their method overwrites the data 7 times which is very less then Peter Guttmanns method. However in the matter of time, or in emergency, this method is very useful at that time.

Warns aware 0f this!!!

For more information visit: http://www.zdelete.com/dod.htm Advantage: 7 times of overwriting data. Disadvantage: less Secure then Peter Guttmanns Method.

4. Dariks Boot and Nuke Project : This is a boot disk specially designed to wipe out all the data from your hard drive. It is useful for the emergency data destruction. If you are a hacker and you want to sell your computer then, this is a good way of preventing identity theft. Download ISO image: http://sourceforge.net/projects/dban/

5. Physical Destruction Method : Remove the hard drive form your computer. Remove the casing in case of having portable or SATA drive. Unscrew all the screw holding it. Destroy all the platters. Platters can be destroyed in 2 ways.

YEAH !! This is mt..Dns Mtrr Wish ME. I lovt is Mann waising for this moment Ext{usion rsaqstd Other Tools: Windows: Microsoft SDelete, Wife File, Delete on Click Linux: Wipe Package from UBUNTU

MAC OS X: SRM, Permanent Eraser.

Cryptying The Data Which You Have

There are ton of hard disk crypters available on the internet. Use them. Online hard disk crypters are also very handy and important. In ordinary manner cryptography is divided into 4 parts. 1. Communication Encryption 2. Database Encryption 3. File / Folder Encryption 4. Hard Disk Encryption Make sure that whichever the tool you use to crypt the files as well as folders, they should have a secure algorithm of cryptying. File/Folder/Harddisk Encryption Tools: 7-Zip AxCrypt True Crypt Sophos Free Encryption Cryptext Sofonica Folder Soldier Disk Utility For Mac Users Safe Hous Explorer dsCrypt Rohos Mini Drive Free OTFE Explorer For Windows and Unix Users Remora USB File Guard GNU Privacy Guard

Communication Encryption Tools: Network Encryption Generic Email Encryption PGP Phone - call Encryption Nautilus Session Encryption SSH (Best Ever)

True Crypt File | Folder | USB Tool TruCrypt tool is the ever best tool for encryption. It is for establishing as well as maintaining on the air encrypted volume. On the air encryption means data is automatically encrypted when you save the data and vice versa it is decrypted when you are loaded. There wont be any data which can be readable and which is encrypted. Without using the correct password it wont be available for reading data. Future of this software Software developers of this company are thinking to implement such things which can encrypt whole hard disk drive. There will be command line options available for the volume creation.

I am Bored!!! hiding this..hiding that..crypting shir shas Ix TwERE ANY MY REAL IDENTITY ?? cant I use my real account !!!!! ? Of course you can!! So why you are waiting for !!!? give me some sipr..dudt

Things to Do With Your Real Account

I know you are clever busy still .

Never do any suspicious activity with your original

account which you are given to your library, school, caf or university. If you do any suspicious acts in terms of hacking, then it must be either deleted after done and encrypted while doing. Of course you are not permitted to leave youre tut (Txt PDF DOC PPT), tools and web history on that account after your goal gets finished.

Understanding & Clearing Log Files - Do Not Delete

Log Files

One must keep in mind before deleting the log files of the server. By deleting log files of server you are indirectly telling system administrator that you or someone has hacked into his or her system. Its better to modify it rather to delete a complete log file. Text file on the server or .log files on the server are easily editable, but for the binary log files you will need to have an editor to modify it. Here is a list of something that should not be missed out by at the time of clearing your log files. 1. Services which are restarted or stopped on the server 2. Changing in privileges 3. Details of your failed and successful login attempts 4. Time Stamps. There are main 3 types of log files which hacker, should always keep in mind after exploiting the system. 1. UTMP : Keeps each and every small data of Current running status of the system, system boot time. It also records the user login information and much more. 2. BTMP : It only tracks the failed logins. 3. WTMP : Old UTMP log files are called WTMP. UTMP is a current log file in which reading; writing is going on, where WTMP is lying on folder named with some xyz date log file. 4. LastLog : This is a famous command for most of the UNIX based operating system. It parses the data of the last login logs which are situated in /var/log/lastlog/.

There are lots of noob hackers, defacers who always follow this method. They always think in this way that, to be secure lets delete the log file. NEVER DO IT!! . By deleting log file you are making system admin aware that someone break into root and the all your efforts will be wasted. It is better to modify the log file with some last entries. Tool: Piwik 1.7.2 rc2 For More Information Visit: http://piwik.org/log-analytics/ Deleting logs is not only the worth thing. There are many other things that a perfect hacker should always do. Deleting logs or deleting their entry from the logs will not help them to be anonymous. But they have to remove themselves from the system in which there is $HOME and TMP folder. One must check these 2 files before leaving the server. .sh_history .bash_history Remove your entries from these files even. If you want to be secure then.

Using the Best Firewall for Your Desktop / Laptop

Connecting your computer or a private network to the internet is always a risk factor. Internet means your device (Lappy Desktopy

 or Any Gadget which is connected to internet) has willing to get information from outer sources and to provide back them information from your inner sources. Security should not be up to the Application layer. What about the network layer security? If you are connected to the internet then there is always a risk factor of your data breach, system compromised anything. As you are aware that, Now a days DDOS attack is very much widely used attack. The hacker who generates auto spreading bot is not only the one who hacks the application, many thousands of compromised systems who are acting as BOTS are also the part of attack. So these were all about the attack. So here is all about those firewalls which can protect you on the internet. Indirectly it also helps to keep you anonymous. So that, you cannot be affected by hackers. Major Firewalls examine the source IP address of the packets, that either they are legitimate? Firewalls are constructed in such ways that they only allow traffics of packets from only the trusted and valid host. What Hacker Does? He will try to SPOOF the IP address from the entry of the packets sent to your system. Your system will allow it to execute to in your computer / Laptop without any further criteria. Thus hacker is able to gain the whole session of your computer. He can breach the data and make your PC to do that what he/she (hacker) likes. She/he does this through sending instruction to your computer.

Here Comes the Firewall It protects your computer from being executing hostile instructions. In organizations many systems are connected internally in LAN and they all are connected to the internet. Firewall enables the system administrators to let him select the systems to be connected to the internet. It enables funneling Means keeping aside the non valid users or the non authorized users. It gives alert when suspicious activity occurs. Thus if any hackers is going to install a RAT in your PC it gives alert, this is just a small example, if you are being tracked then you can even identify that with the analysis of the packets, which is a feature of major firewalls. It shows which services are working on which port and other Meta data.

I buqntd sht WAyy shas ir {alltd FIRE WAyy.. zall sht fiqt bqigadt.hththth Fish You will always remain a noob. :P STFU !!!!

Using Of Anonym.OS Live CD

This OS is the best OS ever I have seen developed by Kaos.Theory Security Research. This OS is on Bootable CD. It has a many level of privacy which many security professionals and professional hackers are using. But the impact of this Live CD is that it is provided with a good user interface. The name Anonym itself giving the meaning of privacy, It is a perfect solution for using computer or your laptop without touching or using your hard disk. So it doesnt allow user to leave traces knowingly or unknowingly. In openBSD operating system, researchers says that this OS the one of the best and advance security operating system. The ambition of this project is to provide anonymous as well as secure web surfing.

Thir ir whas anonvmour Ox {an do I mtan so makt ptoplt anonymous online Am I right? Yeah But certainly this OS can do a lot better than this. Its good to use for high level privacy maintaining.

Specification and Everything about This OS Distribution = Anonym.OS LiveCD Home Page = http://kaos.to/blog/?s=anonym.os Release Date = 2006/01/14 Price (US$) = Free CDs = 1 Free Download = *.ISO Package Management = TGZ Processor Architecture = i386 Download Link - http://sourceforge.net/projects/anonymos/files/Anonym.OS%20Live%20CD/ShmooCon%202006/

Using Of OccupyOS Live CD

OccupyOS OS is designed for those activists who wants to be anonymous, who wants to maintain their privacy during the internet. By the use of this OS they can create, publish documents as well as they can manage websites, their pages, blogs and all that stuff anonymously. Also it provides secure communication environment. Benefit of this OS Each and every connection of the internet is forced to pass though the TOR. It doesnt leave a single trace on your computer. One can use cryptography for protecting their emails, documents and other stuffs like instant messaging.

 With the help of use Mumble one can encrypt their voice chat and conference. Xchat-OTR and Pidgin-OTR tools are used for encrypting instant messaging. It has secure hard disk wiping tool. These were 2 basic OS. But along with them you can use below several OS. - Ubuntu Privacy Remix - Pollipix The Privacy CD - Tails The Amnesic Incognito Live System

SSH Tunnel
It is the secure command line. It is identical like encrypted telnet. Basically in this system an attacker connects to the Remote server and then they use encryption so there wont be anyone who will monitor their activity. There will not be anyone who will able to sniff his username passwords. The technology is built on Server = Client system, in order to that it has an ability to tunnel the whole network traffic. So from my system the traffic will be directly tunneled and will reach to the endpoint whichever the site I want to open. As an impact or that, that site will assume that the traffic is generated here at the endpoint (At there on the website), not from my original system. This is the excellence of this technology.

Sometimes your ISP is keeping your all internet activity, which is a normal thing but if you are under suspect or under monitoring by cybercrime investigators, your all packets which are outgoing will be put in deep inspection. So in such cases SSH can be very useful to protect yourself from being avoided by that deep inspection.

Bus vou know mt..i am NOOBtvtn afstq saking all shtrt pqt{ausionr.if I am undtq rurpt{s oq undtq monisoqing bv Cyber crime investigators or Police then what to do !! :(

You dont need to cry.

Things to Do When You Are Under Suspect or Under Monitoring

If you have read completely up to this then firstly remove your technical traces. Do not do any suspicious activity, including even doxing or information gathering for 3-4 months. Make a new email ID. Spread it to your friends and tell them to communicate with them on that id. Stop your all previous ID. Tell your hacker friends to not to do mail to you for initial 1-2 months. If something is more important than meet because call can be under tracing even. Stop using PGP encrypted mails, because if will work as an alert system for those who are monitoring you. Do not forget to encrypt your all data or to delete or overwrite your all data with the Peter Guttmanns Method or any other which I have explained above. If you have breached something, then remove that all the Excel sheets or text files in which the sensitive data of the website or server is there which you have breached.

If you remember Spiderman movie then uncle ben is telling peter parker this sentence Great power comes with great responsibility. Now wonder how much you are anonymous and none power can track you online, but use that anonymity for peace and your safe environment. Not for exploiting the websites and servers online.

Chintan Gurjar
Facebook : https://www.facebook.com/h4n Ds0m3.dEviL Email : chintangurjar1990@gmail.com Twitter : @chintan_gurjar

Vikas Roy
Facebook : https://www.facebook.com/varo yme Email : varoyme@gmail.com

Thank You For Reading