PHAnonymity
Anonymity is the ability to conceal or protect one’s identity and information while interacting with the online world. This means that personal data — such as real name, IP address, location, and other identifying details — are not exposed or tracked during internet usage.To better understand anonymity, we will approach it from the opposite perspective — deanonymization. By studying how identity and user data are uncovered, we can gain deeper insights into threats and techniques used to break anonymity, allowing us to develop stronger defense strategies.
Deanonymization is the process of uncovering the real identity or identifying data of an individual or group that has intentionally concealed their presence online. This process involves the use of various methods and tools to analyze and correlate data, ultimately revealing the true identity of the user.
Understanding how deanonymization works is key to avoiding common mistakes and reinforcing your anonymity in the digital world.
Whenever a user connects to the internet, they leave behind digital traces, such as IP addresses. To protect their anonymity, users often rely on proxy servers, VPNs, or networks like Tor. However, even with these tools, there are methods to track and uncover real identities:
- Time Correlation Analysis – If an investigator knows the exact time a target was active, they can compare this with logs from VPNs and other services to find matching patterns and uncover the original IP address.
- Data Leaks – Some "anonymous" services may have security vulnerabilities, leading to accidental leaks of the user’s real IP address without their knowledge.
Attackers can use specially designed exploits to bypass VPNs and Tor, forcing a target’s system to leak its real IP address. These exploits often work by sending hidden network requests that do not pass through the usual anonymization channels.
Every individual leaves behind a unique digital footprint through their online activities. These patterns can be analyzed to identify and track users, even when they change their IP address or use anonymization tools.
- Textual fingerprinting – Analyzing stylistic writing patterns to link different messages to the same author.
- Time-based patterns – Identifying activity schedules to infer time zones or regional locations.
- Software usage tracking – Examining specific tools and programs used by the individual, which can reveal preferences and skills.
Open-Source Intelligence (OSINT) refers to collecting information from publicly available sources such as social media, forums, and databases to deanonymize individuals. This approach allows adversaries to correlate scattered data points and reveal hidden identities.
- Tracking unique pseudonyms – If a user reuses the same alias across different platforms, OSINT investigators can cross-reference public databases and track past activity.
- Account linking – By analyzing posting history, writing style, and shared interests, multiple accounts can be connected to the same individual.
Data leaks often occur due to carelessness or oversight, exposing personal information that can be used for deanonymization. Even a minor mistake can compromise an identity and lead to serious consequences.
Common Causes of Data Leaks:
- Metadata in files – Documents (PDFs, Word, images) often contain hidden metadata, such as real names, device details, and timestamps.
- Accidental exposure in logs – Some websites and applications log user activity, including IP addresses and session details, which can later be accessed by third parties.
- Copy-paste errors – Accidentally sharing real credentials or sensitive information in public or semi-private spaces.
If your activities involve cryptocurrency transactions, be aware that blockchain analysis can be used to track and deanonymize users. While cryptocurrencies like Bitcoin are often considered pseudonymous, advanced tracking methods allow law enforcement and analytics firms to trace transactions back to real identities.
How Blockchain Analysis Works:
- Transaction linking – All transactions are publicly recorded on the blockchain, allowing investigators to map transaction flows and link addresses.
- Exchange tracking – If cryptocurrency is withdrawn or deposited into an exchange that requires KYC (Know Your Customer), authorities can trace funds to a real identity.
- Address clustering – Sophisticated algorithms can group addresses belonging to the same user, based on spending patterns and wallet behaviors.
Modern browsers and devices expose a vast amount of technical data, which can be used for tracking and identifying users, even when they rely on VPNs, proxies, or Tor. This method, known as fingerprinting, allows adversaries to create a unique identifier based on a combination of system details.
- Browser characteristics – Collected data includes browser version, installed plugins, fonts, and language settings.
- Device configuration – Screen resolution, operating system, and even hardware specifications can be used to build a unique profile.
- Behavioral tracking – Mouse movement, typing speed, and even scrolling patterns can be recorded to identify users over time.
The chances of these methods being used against you are actually quite low. Law enforcement agencies typically have far more important cases to deal with than refunded underwear. However, neglecting security is never a good idea. As Vegetius once said, "Si vis pacem, para bellum" — "If you want peace, prepare for war." Up next, you will explore various methods of ensuring anonymity. Most of them will not be utilized due to inconvenience or other drawbacks, but we still believe that you should have a comprehensive understanding of this topic.
Anonymization Methods
Anonymous networks are systems designed to ensure users' privacy and anonymity on the internet. These networks help conceal or obscure information about who you are and where you are connecting from. They are crucial for protecting confidentiality and preventing tracking by law enforcement agencies. Let's examine the fundamental principles of how anonymous networks operate and explore the most popular examples using accessible analogies.To understand how an anonymous network functions, imagine that your data is a letter you want to send through a long route with multiple postal stations. At each station, the letter is placed into a new envelope. Each station only knows where the letter came from and where it’s going next but doesn’t have access to the entire route or the letter's contents. This process helps obfuscate the path your data takes.
Key Features of Such Networks:
- Routing Through Multiple Nodes: Your data passes through multiple intermediary nodes, where each node adds a layer of encryption. This makes it nearly impossible to determine both the original source and the final destination.
- Data Encryption: Each message is encrypted multiple times—once for each intermediary node. Only the last node can decrypt the message to deliver it to its final destination.
- Dynamic Route Changes: The data transmission route changes at every step, making tracking even more difficult.
- How It Works: Imagine you are traveling through a maze with multiple doors, and behind each door stands someone who passes your message further but doesn’t know its original sender or final destination. Tor uses multi-layered encryption, where each intermediate server (node) sees only the previous and next step without knowing the entire route.
- Advantages: High level of anonymity, free to use.
- Disadvantages: Slower connection speeds compared to the regular internet, as data passes through multiple nodes.
- How It Works: Similar to Tor but designed for decentralized data transmission between users, ensuring privacy through "tunneling" and encryption technologies.
- Key Features: I2P is optimized for internal network services such as blogs and forums, making it ideal for hidden websites.
- Pros and Cons: High privacy but may be challenging for an average user to set up.
- How It Works: Uses distributed data storage, where each network participant holds encrypted fragments of information. When a user searches for data, the request spreads across the network, and information is gathered from multiple sources, protecting both data and its owners.
- Purpose: Protection against censorship and providing a space for anonymous publications.
- Pros: Strong protection against data detection, even if one device is compromised.
- Cons: Limited access and low speed.
A VPN (Virtual Private Network) is a technology that ensures a secure and private internet connection. Imagine a regular network as a wide highway where cars travel with visible license plates. Anyone standing nearby can see who is going where. A VPN, however, turns this highway into a private tunnel, hiding both the cars and their plates so that no one except the driver and the final destination can determine who is traveling where.
- Data Encryption: Before being sent through the internet, your data is encrypted, turning it into an unreadable code for third parties. Think of it as sending a letter in an envelope with a strong lock, and only you and the recipient have the key to open it.
- Routing Through a VPN Server: After encryption, your data passes through a VPN server, which can be located anywhere in the world. This server acts as an intermediary, just like sending your letter to a friend in another country who then forwards it, hiding your real return address.
- IP Address Change: Since your data travels through a VPN server, your IP address (your device's digital "address" on the internet) changes to that of the VPN server. For example, if you're in Moscow and the VPN server is in London, you will appear online as a user from London. This helps conceal your real location.
Anonymous browsers are web browsers designed to ensure users' privacy and anonymity online. They help protect personal data and hide network activity from tracking. Here are some popular anonymous browsers and technologies:
1. Tor Browser
- How it works: Uses the Tor (The Onion Router) network, which routes traffic through multiple nodes worldwide, encrypting it at each stage. This makes it difficult to track the user's location and online activity.
- Advantages: High level of anonymity, protection against surveillance and censorship.
- Disadvantages: Browsing speed may be slow due to multiple layers of encryption and routing through various nodes.
- How it works: An open-source browser that blocks ads and trackers by default. It also has a built-in mode that allows users to connect to the Tor network for enhanced privacy.
- Advantages: User-friendly interface, high-speed performance, built-in tracker blocking tools.
- Disadvantages: To achieve full anonymity, users must manually enable the Tor mode.
- How it works: Based on Chromium, it is focused on privacy. It blocks trackers, scripts, ads, and social media widgets.
- Advantages: Easy to use, built-in proxy network.
- Disadvantages: Some advanced features require additional configuration.
- How it works: An open-source browser that can be customized for enhanced privacy using extensions such as Privacy Badger, uBlock Origin, and HTTPS Everywhere.
- Advantages: Flexible customization options, support for numerous extensions.
- Disadvantages: Requires manual configuration to achieve optimal privacy settings.
- How it works: A Chromium-based browser stripped of Google services and features that may collect data.
- Advantages: Fast performance, no integration with Google services.
- Disadvantages: Additional extensions are required for full privacy protection.
- How it works: A fork of Firefox specifically designed for privacy and security. It removes telemetry and includes enhanced privacy-focused settings by default.
- Advantages: High level of security, pre-configured for privacy protection.
- Disadvantages: Some features and extension support may be limited.
Most often, in your work, you will use anti-detect browsers, and we strongly recommend using them for all your activities. However, if you still need a classic browser on your work device — do not even think about using Chrome. You might as well just head straight to the police station and explain your entire operation to them in detail (but we don’t know you, just saying).
Jokes aside, we’ve already covered the Tor network, so we won’t revisit that. If you need to choose between other options, you can rely on your personal preferences.
- Firefox offers maximum flexibility in customization and privacy settings.
- Brave is the simplest option to use and has built-in Tor integration for extra anonymity.
- If you are a fan of Chrome’s interface and performance but don’t want Google tracking you, Ungoogled Chromium is your best bet.
- Signal, Telegram (Secret Chats): Provide end-to-end encryption and anonymous communication.
- Various Jabber Clients supporting the OMEMO encryption protocol for secure messaging.
- Messengers operating through Tor for maximum anonymity and security.
- ProtonMail: Encrypts emails and offers a high level of privacy and security.
The primary goal of anonymous operating systems (OS) is to create a secure and isolated environment for working with data and browsing the internet. They utilize specialized technologies such as Tor networks, VPNs, and encryption mechanisms to protect against surveillance. Here are the most popular ones:
- Tails (The Amnesic Incognito Live System): One of the most well-known anonymous OS, designed to run from a bootable device (such as a USB flash drive). Tails leaves no traces on the computer and automatically routes all traffic through the Tor network.
- Whonix: An OS that consists of two virtual machines – one for network operations (Gateway) and the other for user activity (Workstation). This separation minimizes data leakage risks and ensures a high level of anonymity.
- Qubes OS: While not a fully anonymous OS, Qubes is widely used for security and application isolation. It allows users to manage different "qubes" – separate virtual environments, each with its own privacy and security settings.
- IP Spoofing: This involves changing the source IP address, making it harder to track your real location and activity. This technique is often used to bypass restrictions, avoid tracking, or enhance anonymity.
- DHT and P2P Technologies: Distributed Hash Table (DHT) and Peer-to-Peer (P2P) communication allow data exchange without a central server, making it significantly harder to identify the original data source. These technologies are commonly used in decentralized networks to improve privacy and resistance to censorship.
This may seem obvious, but it’s crucial to emphasize once again: your work identity and your real identity must have absolutely no connections. You should never place orders using your real name, phone number, or address. Your work account must not be registered with your personal phone number. Your profile in an anti-detect browser should not be linked to your personal or work email. Every digital footprint should be carefully separated to prevent any possibility of linking your real identity to your activities.
- Banking: Avoid using bank accounts registered in your name for work-related transactions. Many vendors offer bank accounts registered to drop accounts for a small fee — this is a much safer option than "tainting" your own name.
- Using Cryptocurrency (Bitcoin, Monero, Zcash): For maximum anonymity, Monero and Zcash are the best options due to their built-in privacy mechanisms. If you are dealing with large amounts of BTC, it is highly recommended to run it through mixers to enhance confidentiality and obfuscate transaction history. Proper handling of cryptocurrency is crucial to maintaining operational security and avoiding traceability.