User talk:Pirate proxy
How to Exit the Matrix
Privacy and anonymity have been reduced to the point of non-existence in recent years (Thanks Obama).
Privacy is made a crime
Our personal, private information is stockpiled and sold to the highest bidder like so much inventory at a warehouse. National Security Letters are written to make countless requests for records from our search engines, libraries, and book stores with no court oversight. Email and especially searchable data is practically unprotected from anyone who might ask to have it. All our electronic communications are tapped. Massive governmental data mining schemes are being built to record everything we publish on the web. In many workplaces, employers spy on and control their employees' Internet access, and this practice is widely considered to be acceptable.
These are dark times. The Fourth Amendment has all but disappeared, thanks to the Wars on Drugs, Porn, and Terror. Any practicing trial lawyer will tell you that you can no longer rely on unreasonable search to be the basis for excluding evidence, especially for digital evidence in the hands of a third party. Likewise the First Amendment has been shredded with exceptions and provisos, and is only truly available to those with the money to fight costly (and usually frivolous) court battles against large corporations. In short, you can say what you want so long as it doesn't affect corporate profits.
How we got to a legal state where all this activity is the accepted norm, I'm not quite sure. It seems to stem from an underlying assumption that our function at work and at home is that of a diligent slave - a single unit of economic output under the direct watch and total control of our superiors at all times; that we should accept this surveillance because we should have nothing to hide from our benevolent overlords who are watching us merely to protect us from evil.
I believe this view is wrong. Moreover, I believe it is time to reverse the tide. This document seeks to provide the means to protect your right to privacy, freedom of speech, and anonymous net access even under the most draconian of conditions - including, but not limited to, both private and criminal investigation (which happens far more often to innocent people than one might like to think). "So what are you saying? That I can dodge bullets?" "No.. What I am trying to tell you is that when you're ready, you won't have to." Contents
1 Privacy is made a crime 2 Document Organization 3 Where to find this Document 4 License 5 Credits 6 Feedback and Assistance
Welcome to the first day of the rest of your life. Document Organization
This document is organized into seven chapters. The first chapter is an introductory philosophical discussion, and the next six are based on the six main ways you can leak information about who you are onto your network connection, or to an attentive individual.
The Matrix
A discussion of what the Matrix is, how it functions, and how to resist and subvert it. This forms the philosophical underpinnings of this HOWTO and the driving force behind the author's motivation to work ceaselessly on this document for over a year, and then proceed to give it away for free. Not required reading, but strongly recommended.
Network Attributes of your computer
This includes your network hardware (MAC) address, your IP address, and your 802.11 nickname. This section describes ways of obfuscating each of these attributes, as well as your network data itself
Local Programs and Services
Various programs you run can leak information about you to the network. This section describes how to turn them off.
Web related leakage
Even after you have taken steps to obfuscate your network attributes, it is still possible to leak a surprisingly large amount of information about who you are through your web browser. It is even possible for websites to determine your original IP after routing through a proxy (or even Tor), if you are not careful.
Intrusive Surveillance
In some environments (public computers, labs, oppressive work places), your computer may be bugged and under direct deliberate surveillance from a third party. This section describes what to look for, and also describes how to use these same tools to your advantage to conceal your activities. It also covers measures you can take to mitigate information disclosure in the case of equipment seizure.
Anonymous Communications
The previous 4 sections have dealt with how to access Internet resources without fear of divulging your identity. But what if you have something to say? This section discusses the ins and outs of publishing data and communicating anonymously.
Physical Interaction
The ultimate goal in anonymity over the Internet is to carry it over into the physical world: to use money, and to be able to buy and sell items and otherwise conduct business without fear of surveillance. The means for doing this exist, yet most are prohibitively expensive for the average individual. In most cases, low cost, "good enough" alternatives are available with some extra effort, however. Hopefully, as the Anonymous Economy continues to grow, tools to aid in interacting with it safely will become profitable commodities themselves.
Where to find this Document
The latest version of this document can be found here[▼ DOWN 2014-12-20 ] or here (Wayback Machine copy). The Anonymity Portal also provides a mirror (Wayback Machine copy), along with several other documents. Another clear partial mirror can be found here. Those wishing to mirror or build their own copy can download this web tarball. This instance was built with xmlto html ExitTheMatrix.xml. License
This work is licensed under the Creative Commons Share Alike v2.5 license. Credits
This document exists because of the hard work of literally millions of individuals working in concert to build a free, open world where all can meet, trade and converse without fear. One day The Man will burn.
At the same time, I would also like to thank The Man, because without him, the millions of individuals working in concert to build a free, open world where all can meet, trade and converse without fear would not have such a fascinating hobby.
Furthermore, I would like to thank the dozens of contributors who have tipped me off to various news articles, software, FIXME solutions, and so on. Your help is much appreciated!
Feedback and Assistance
If I missed anything you feel is important, or if anything is unclear, please contact me via email at <aceevader]-a-t-[mailvault.com>. Particularly if you have any material to cover any of the FIXMEs found in the text, please email me. If you are someone who needs confidential anonymity advice or assistance, do NOT use my mailvault GPG key, since I have no control over preventing leakage of the passphrase. Instead, use this key. While mailvault is not located inside the USA (and thus not subject to the most likely form of assault: a National Security Letter), it is not outside the question that they could be coerced in some other manner. If you are unfamiliar with GPG, you may consider installing a graphical front end to help you along.
Physical Interaction
Anonymous interaction with the physical world is the holy grail. If you can fully interact with the real world through the Internet anonymously, you practically cease to exist as far as the Matrix is concerned. Unfortunately, doing this effectively typically requires capital on the order of at least $1000 USD. Not out of reach of business owners, but your clients may have some difficulty justifying the expense. However, some low cost alternatives do exist and will be provided. FIXME: I do not have the resources to investigate many of these options, particularly the expensive ones. If you do, please don't hesitate to contact me with results.
As a word of caution, any of these techniques that require the use of a local brick and mortar store should not be carried out near where you live, lest someone recognize you. Go to an adjacent town/suburb and work from there. Yahoo Yellow Pages is your friend (of course, its cookies are NOT your friend). Contents
1 Using Anonymous Money
1.1 Money Orders
1.2 Pre-Paid Debit Cards
1.3 Offshore Banking (Theoretical: Feedback Requested)
1.4 E-Gold (Theoretical: Feedback Requested)
2 Anonymous Snail Mail
3 Anonymous Telephony
3.1 Obtaining an Anonymous Cell Phone
3.2 Information Leakage
3.2.1 IMEI Numbers
3.2.2 E911 Service
3.2.3 CALEA and Relevant Surveillance Law
3.2.4 The Social Network
4 Assuming an Identity
4.1 Employ a Homeless Person or Post to Online Classifieds
4.2 Manufacture ID for Yourself
4.3 Manufacture ID for Another
4.4 Attempt to Build a Government Recognized Identity
4.5 Identity Theft
5 Protecting Yourself from Fraud
Using Anonymous Money
In the physical world, anonymous cash is a redundant term. Cash is anonymous. Unfortunately on the Internet, money is typically tied to an identity. However, some services do exist to allow you to bend or break this rule. Money Orders
Money orders are available from the post office or Western Union, and do not typically require any form of ID for amounts less than $3000.00 USD. Some online merchants and most offshore banks will accept money orders. Unfortunately, money orders are typically the most frequent choice of scammers. Many western unions will cash money orders without ID. Pre-Paid Debit Cards
Pre-paid debit cards are available over the Internet from all of the major credit card companies, marketing to individuals with poor credit. Note that all of them seem to require some proof of identity and valid mailing address (and will not ship to PO boxes). What can be done about this however is opening a private mail box and getting the secondary card sent to the name that this was opened in. Instead of using POB, PMB, or #222 etc. instead use "Number 222" by spelling out the word it does not get picked up by the filters on most prepaid cards at this time.
However, in some areas of the USA these cards are actually available for sale in convenience stores, grocery stores, malls, Walgreen's, Radio Shacks, etc. You pay cash, and you get what is essentially a debit card. Non-reloadable cards are usually available over the counter. Reloadable ones typically must be mailed to you. Neither type requires ID. Major vendors include the major credit card companies themselves, along with GreenDot and Simon Malls. The latter two have store/merchant locators to help you find a store that carries their products. Additionally, most Western Union locations offer named pre-paid debit cards. They do require ID and a mailing address, so you will need to use one of the techniques described below. In Europe, 3V Vouchers are also becoming available. ID requirements are unknown. It seems impossible to get them online without some form of identification chain, unfortunately. Perhaps walk-in to stores is different?
If you cannot get anything reasonable locally, various independent providers will offer you prepaid "virtual" credit cards (sometimes called "Gift Cards") at various rates. Unfortunately, PayPal (and possibly some other online merchants?) can be a bit picky about accepting these cards. The best place to find information about which card providers are trustworthy and widely accepted are various online forums, and of course searching for the company name and "fraud", "scam", "sting", or "paypal". In particular, I've seen good things about Money Around The World, whose cards supposedly will work with Paypal IF you ask them for that feature ahead of time. They do not require ID. Similarly, SloGold advertises debit cards that can be used with paypal and even can be the recipient of wire transfers and direct deposits. XLCard.com has similar features, but their Paypal status is unknown. I've also heard reports that prepaid "Gift Cards" are being sold over the counter at stores such as Safeway, Sunoco, Walgreen's, and Rite Aid in amounts up to $500.
Using the anonymous email address you created in an earlier section, you can then bind these card to a Paypal or StormPay account, and conduct small purchases on ebay or anywhere else anonymously (modulo shipping). Be careful to differentiate between no-name debit cards an anonymous credit cards. Paypal and online merchants may not accept cards with no name on them. No-name debit cards are typically only good at ATMs.
[[ I'm offering anonymous virtual visa's that work for all online purchases and phone purchases in any country. No SSN or national ID required to use these cards. I only accept bitcoin. It is 10BTC for a $100 card and 25BTC for a $250 card. Additionally, at the beginning, it may take up to two weeks for me to deliver. Contact Ploni at chat.freenode.irc channel #bitcoin-otc or plonialmoni@riseup.net ]] Offshore Banking (Theoretical: Feedback Requested)
Several companies on the web allow you to create anonymous credit cards and bank accounts funded via wire transfer, gold, or money order. Obviously a fully functional offshore bank account would be more useful than just a debit card. Unfortunately, many of these require a shipping address, a photocopy of some form of ID (for their records only, or so they claim), and/or are prohibitively expensive. A few that looked most promising were E-Fidex, Unitrust Capital, Offshore, Etc, and Cheung & Siu. Unitrust and C&S offer several services including "virtual office space" (with mailing address) as well as the ability to incorporate overseas. They do not mention an ID requirement, though they do mention additional fees if they file the ID documentation for you. Supposedly the Patriot Act has somehow made it an international requirement to produce some form of ID to open a bank account. It's not clear exactly how these institutions skirt this requirement, if they do at all. E-Gold (Theoretical: Feedback Requested)
There are a couple companies that will keep track of gold electronically, and transfer it to and from certain parties. The most popular (and presumably the most trusted to have actual gold on hand) is E-Gold.com.
E-Gold is purchased from one of their escrow agents who actually buy and sell the gold from E-gold's holdings. In particular, Goldage.net will accept money orders for e-gold and also provides anonymous credit cards. Alternatively, you may face less regulation purchasing e-gold in one of the ad-hoc e-currency exchange forums or one of their corresponding topsites such as MoneyDuck or PaysGold. Your chances of being scammed do go up when you do this, however, so be careful.
Many of the offshore banking institutions also accept transfer to and from E-gold. E-gold has been used (presumably successfully) by the Source Code Club to conduct sales of corporate source to those wishing to evaluate it. E-Gold issued a statement that it will do its best to track down these guys, but so far the Source Code Club seems to remain in operation. Anonymous Snail Mail
Many people who accept E-gold and many of the Offshore banking companies suggest mailing items to a local shipping agency, post office, or mail box provider with instructions for "Hold for Pickup". This way, it is possible for a package to be delivered to their location in the name of a fictitious company for some holding fee. You can tell them a salesman traveling through town will be by to pick up the package. A variation on this technique is to use General Delivery in combination with a made up business card and legitimate ID to pick up mail at the Post Office itself. Since the only record of delivery will be to the business name (and not the ID shown), it is supposedly OK to use your real ID.
A far less cumbersome option is to rent a mailbox at a privately owned mailbox rental company (Commercial Mail Receiving Agency - CMRA). Unfortunately, most of these are bound by postal fiat that requires them to enforce ID requirements that may be verified at the post office. Since it has been reported that the Post Office sells consumer's addresses to marketing agencies, this is not very comforting.
The form you have to fill out is Form 1583 and is universal among all CMRAs. It requires two forms of ID, one of them photo. The Privacy Statement is riddled with exceptions to allow the agent to provide information to "contractors", "financial entities", USPS auditors (who appear to be under no privacy obligation themselves), and for purposes of "identifying addresses... used to deliver mail to other persons". Valid ID includes state ID, armed forces, government, corporate, or university identification cards, passport, alien registration card or certificate of naturalization, current lease, mortgage or Deed of Trust, voter or vehicle registration card, home or vehicle insurance policy. According to this contract, it is *not* mandatory that a photocopy of this identification be taken, but it must be written down on lines 8a and 8b by the clerk who accepts this application. If you are providing state ID with personal information on it, you would do well to insist that a photocopy not be made to avoid identity theft.
It is possible to avoid the regulatory hassle involved with CMRAs by instead leasing a "virtual office" from an Office Business Center (OBC). A "virtual office" typically consists of a mailing address, some amount of office time per month, a phone line and answering service, and access to conference rooms. Providers who offer this service are not subject to registration with the post office. Numerous virtual office providers can be found in any major metropolitan area, and rates are usually around $50-150/mo for basic service. I personally find it amusing that so long as you have sufficient money to pay for better service, you don't have to be stamped, branded, and tracked by the USPS, but people who cannot afford these extra services have to be watched with utmost scrutiny.
Your last method for anonymous snail mail is to usurp a "dead" mailbox. This is a mailbox that still has a postal address, but is not being used. Examples include vacant lots, empty office rooms, etc. Empty office rooms and janitorial closets typically will require permission of the building manager, of course. Vacant lots and unused street mailboxes can probably be easily "borrowed". In some cases, setting up a whole new mailbox with a "1/2" or "A" address out in the country is a very nice option as well (but may be noticed by neighbors). A completely new address may be noted less, but the flip side to that is the postal carrier may take issue with this.
Along these lines, at least one book reports success in searching/posting on online bulletin boards/classified ad servers for already registered mailboxes, either postal, UPS or unused office space. There may be many people who purchase mailboxes then simply move out of the area. The same book also mentions that it may be possible to receive mail at a Salvation Army or YMCA for a donation.
Ideally, the physical location that you ultimately have to go to to pick up your mail should change every 12 months. If your budget and need for anonymity was high enough, one way to increase the length of this window is to attempt an SSH Hopping-like technique by chaining virtual office forwarding systems together to attempt to obfuscate your location by crossing many international boundaries. That is, until a tor-like mixed network for mailing packages arises. I have not tried this out yet, but it would seem like Unitrust Capital has a decent offering, as does ABCN. Another option is to open a New Mexico LLC and then sign up for a Ghost Address. You can also try browsing this directory or " the DMOZ/Google Directory entry for more options. Let me know how things work out for you if you decide to go this route.
Note
One last important thing to note about the mail (and physical interaction in general) is to be extremely careful with things you handle, especially if a fingerprint is on file with the local DMV, or if you purchased your printer with a credit card. The EFF maintains an excellent page about printers that encode identifying information in printouts, and how to detect if your unlisted printer is also bugged in this fashion. I have been told that printing to transparency film works even better than the techniques the EFF suggest, as the transparency will make the layered dots visible to the naked eye without the use of a blacklight or microscope.
Anonymous Telephony
Anonymous telephony is a tricky feat to accomplish: seemingly easy to do, but also easy to make mistakes that ruin your anonymity. Basically the goal is to obtain a cell phone that is untraceable to your physical identity. This in and of itself has recently become possible, but there is a steady stream of subtle information leakage from any phone that will eventually point to its owner. Obtaining an Anonymous Cell Phone
In the US, anonymous cell phones have recently come available in truck stops, discount retail stores (Wal-mart, RadioShack, etc), and at cell carrier outlet stores. The main carriers that offer anonymous pre-paid service are T-Mobile, Cingular, Net10, and the ominously named TracFone. Note that some retail stores will ask you for your name and address, so you should have one ready.
For some reason, pre-paid cell phones are subject to a very bizarre price structure. The same phones offered on the web by the carriers are typically $100 more when you visit your carrier's local store. While it may be tempting to order these phones directly from the web using an anonymous debit card because of this, you probably are better served by going to a retail store and purchasing with cash, just to keep a distance between your debit card and your phone line (though sometimes this binding is required anyway for other reasons). Walmart, Costco, Radio Shack, etc typically have the phones for web prices or cheaper.
Another detail you should be aware of is that cell phones typically come "locked" to a given carrier, preventing you from switching carriers in the future. When selecting a phone, you probably want to try to obtain a model that is easy to unlock, so that if you need to switch cell phone carriers, you can. Nokia phones are usually easiest to unlock, typically by entering in a "secret key". The Nokia 6010 offered by T-Mobile in particular is readily unlockable, and is available at Walmart. To unlock it, use the DCT4 form, Network: T-Mobile, Gen: v2, Model: 6100 and use the first code. If the first code fails, try the 7th. Information Leakage
There are a couple of things you need to be aware of when using an anonymous cell phone. If you are not careful, your anonymity can be reduced to zero in a hurry, and you can easily reveal your identity and location with a couple simple mistakes. In particular, here are a few things you should be aware of: IMEI Numbers
Each phone has a unique, semi-permanent serial number called the IMEI number. These numbers are actively tracked in databases that are becoming international in scope. Note that this number is a property of the phone itself, and does NOT change if you pop out your SIM card to change carriers. As such, changing carriers with the same phone buys you no extra anonymity, and placing a SIM that is easily traceable to you into your anonymous pre-paid phone kills any anonymity you had, potentially even retroactively.
Note that the converse is also true. If you have an old phone previously registered under your name and decide to try to use it with a pre-paid carrier, you have no anonymity. E911 Service
E911 is a standard set forth by the US FCC that essentially specifies how accurate cell phone carriers have to be when tracking their users under various conditions. Cell phone providers can meet the accuracy requirements however they see fit, and the major carriers have adopted a couple of different technologies.
While there have been some frightening uses of this technology by spyware installed on phones, what is most frightening about E911 is that there is no law that governs location-data privacy. This means nothing stops The Man from watching the location movements of any and every cell phone user he feels like. E911 location information is transmitted at all time while the phone is on, and no warrants are needed to obtain this information.
The FCC has mandated that E911 be present on every cell phone sold after Dec 31, 2005. However, several models of phones do allow you to disable the E911 location information. For other models, your only option is to keep the phone turned off with the batteries out.
For phones that are not turned off or have a nonremovable battery, a Faraday cage can be used to block all incoming and outgoing signals. One example is the experimental Offpocket. Alternatively, tinfoil can be used though such an implementation can easily garner unwanted attention and subjectively looks bad. CALEA and Relevant Surveillance Law
The CALEA is the US law that governs obtaining warrants for wiretap on electronic communications. Much like E911, it merely specifies requirements that industry must follow in granting the federal government access to communications. The problem with this system is twofold. First off, obtaining a wiretap warrant is pretty much a rubber-stamp process with little real oversight; and second the fact that the mass-surveillance infrastructure built to support CALEA is easily subverted to criminal and even rogue-state ends.
FIXME: At this point in time, it is unclear as to whether recent expansions in wiretap law make it easier to obtain a warrant for arbitrary pre-paid customers before their identity has been revealed through other means. It seems as though The Man has to at least have a vague idea that the phone number in question is being used for Unapproved activity, but as the warrant statistics indicate, even this may be at best a symbolic gesture. As such, it is recommended that even after obtaining a prepaid cell phone, you not put full faith in its anonymous and private nature. The Social Network
Once again the Social Network rears its ugly head. If there is one thing you can be sure of, it's that EVERY PHONE NUMBER YOU CALL OR THAT CALLS YOU IS LOGGED, even if you are not currently under surveillance. The call logs are indexed by IMEI, so switching phone numbers and carriers does you no good. This means that it is possible to automatically determine that your anonymous phone and your nonymous phone share many of the same numbers and thus are operated by the same person, or at least two people that know each other. Avoid calling the same people on your anonymous phone as you do on phones that can be traced back to you, and instruct them not to call you either. The more numbers are shared (either outgoing or incoming), the greater your risk of being uncovered. When a phone starts to be contaminated in this way, toss it and get a new one. People have been caught this way. Assuming an Identity
Unfortunately for most interactions with the physical world, you typically need at least some form of ID. You basically have five options: Employ a Homeless Person or Post to Online Classifieds
If you live in an urban area, you might be able to find a reasonably coherent homeless person (or someone willing answer a classified ad posted on a community bulletin board or website) to assist you for a small fee. It turns out that the international nature of craigslist can make it possible to operate in geographical contexts far distinct from your physical location (though Craigslist seems to have decided to block Tor, so you may need to put a special line in your privoxy config to access them anonymously).
This can get sticky, and probably requires a good judge of character to pull off. You should definitely make sure the money you give them for the institution is in the form of a money order written out to the intended recipient, to minimize their chances of running off. You should only pay them for the job after they complete it.
Make sure that it is not possible for them to obtain access to the account or mailbox after they create it. Obviously keep any keys/cards to yourself, and make sure that it is difficult for them to get any replacements immediately. Possibly use two different people for mailbox creation and account creation. Ideally, you should use a service where replacement cards are mailed to a mailbox you control, and not to them. You may wish to bring a friend along, to make it clear that if there's trouble, "more than one person" will be looking for them.
Even after all of this, it is still possible they might flake out, or worse, attempt to blackmail you by threatening to call the authorities. Give them a decent cover story, such as you are trying to hide from an obsessive ex-lover, or have a job where people might seek revenge on you personally (meter maid, tow truck operator, judge, lawyer, etc). Have a story ready about how some friend of yours or someone on the news was harassed because of their job. Even if you believe your reasons for seeking privacy are legally safe, you should limit what you tell your courier about your exact circumstances, since this can weaken your privacy (it's a small world).
Ideally, you should be using them for one-shot deals, like courier service or to set up an overseas account, or to open an account whose card and number will only be given via mail (ie to you, not them). The less information they have about what they are doing, and the less they see of the end result, the better off you are. Don't work local to your home (or theirs). Ideally, you should never see this person again.
Even with all the hassle, unfortunately this is the safest method to use with respect to US law. If you are doing ANYTHING that might attract the attention of or otherwise annoy an FBI agent (which in these troubled times is just about anything), acting by proxy is the only way to go. Manufacture ID for Yourself
Unfortunately, making a fake governmental ID can bring a lot harsher penalties than is worthwhile to risk, depending on your threat model. US Title 18, 1028 criminalizes any interstate production/use of government issued identification with penalties of up to 15 years in jail. Simply using fake state ID is considered a misdemeanor and is punishable by a maximum of 3 years, though first-offense misdemeanors almost never receive jail time. This means that it is usually simply not worth making state ID for most people, since you will likely have to destroy (or sell) most of your equipment if you don't want to spend time in federal prison for being caught using it.
However, it is possible to obtain a CMRA mailbox with two non-governmental forms of ID (such as an employee ID and a local city/community college ID), so "novelty" ID creation is still an option. As far as I know, presenting "novelty" non-governmental identification is not criminalized. There is slim possibility of charges of mail fraud, but from reading USC 18-63 and the DOJ prosecution policy, it would seem that mail fraud is only applicable if someone has actually been deprived of money/property via the mail. After all, are they going to prosecute every author that publishes under a pseudonym who has ever sent something through the mail? That would be a bit excessive, even for the US government.
If you invest a bit of money (around $200-$500) you should be able to make a variety of ID yourself. There are a couple of text files that describe the process (along with some supplementary material I found on usenet). Alternatively, you can check out this book for a detailed overview of how to create a wide variety of ID.
Also, beware of cheap template collections you might obtain via P2P networks. These almost all suck and are dangerously out of date. The reason for this is that even electronic transfer of ID is criminalized just the same as physical ID in USC 18-1028. It is possible that templates may begin showing up on anonymous P2P networks, but you should focus on cloning local (ideally non-governmental) ID anyways. If you are still dead-set on creating state ID, the 2004 US ID Checking Guide (FIXME: anyone have 2005/2006?) contains information on all the security features present in the IDs of all 50 states, so that if you decide to go the template route, you can verify what you have is current, and you can use it to cross-check to make sure you don't miss anything. Alternatively, local copy shops typically have high quality scanners you can use to save yourself some money. As far as printer, the above book recommends the ALPS MD series, but those are discontinued and prone to breaking (meaning buying a used one is probably a bad idea). You're probably better off using an Epson C82 or 740 (the 840 tends to print too fast and is prone to smudging), which have been reported to work well on alt.2600.fake-id. Use the Photo-EZ trick mentioned in the above text files for stenciling patterns for UV/metallic inks.
Lastly, it should be noted that some places (especially the offshore banks) require only photocopy/fax of ID, which should be especially easy to spoof. However, some outfits may actually query your driver's license number at the appropriate DMV. If they are operating overseas, they are less likely to have the capability to do this, but in any case, I have not tried it, so attempt at your own risk. My guess is that due to recent events, companies will have less freedom to query these databases, since this just opens the door up for rampant abuse. However, if you do try it out, take proper precautions for ensuring the fax phone line can't be traced back to you (use a local copy shop), and use all the digital precautions we've discussed thus far. This way, at worst you get rejected immediately, and no harm is done.
Note
As mentioned previously, make sure not to purchase your printer with a credit card. The EFF maintains an excellent page about printers that encode identifying information in printouts, and how to detect if your unlisted printer is also bugged in this fashion. I have been told that printing to transparency film works even better than the techniques the EFF suggest for detecting identifying markings, as the transparency will make the layered dots visible to the naked eye without the use of a blacklight or microscope.
If your printer does print identifying dots, you will want to sell it/dispose of it if you created state ID, because the identifying information can be used to prove that you produced your own ID instead of obtaining it elsewhere (the difference between a misdemeanor with typically no jail time and a maximum of 3 years, and a felony with a maximum of 15).
Manufacture ID for Another
The previous technique is not without its weaknesses either. For instance, it is not ideal that a photocopy of your picture and ID is on file with an account. While it is presently not implemented (at least not as far as I know), assume that within the decade it will be possible to use face recognition to quickly match drivers license records to other pictures of individuals. Even this aside, there still is the slim but real chance of human recognition, or recognition after an investigation begins.
For protection against this, you can take the extra step of creating the ID for the homeless person/courier and keeping it to yourself until you need their services. That solves both the recognition risk, and the risk of the them trying to use the ID to obtain access to your account/mailbox. Unfortunately, it does not solve the blackmail problem. For this reason I strongly recommend against making state ID to give to another, as this is instant leverage for blackmail, independent of the nature of the use.
However, since "novelty" non-governmental ID is not criminal in and of itself, blackmail is much less possible. There are a myriad of reasons someone might desire anonymous banking and mail delivery without them necessarily being guilty of any crime (again, jealous lover, dangerous job, etc). Invent one and tell it to your courier before they agree to help you out. Preferably not the real reason, since this can be used to determine who you are. Attempt to Build a Government Recognized Identity
This is an extremely complicated process that is easy to screw up and can land you in jail. The process typically starts with some form of fake ID created as discussed above, and uses that to obtain legit secondary documents from the government, which can then be used to get you into the DMV and other databases with legit ID. If you are seriously considering this, you should have a look at the books in the print media resource section.
Also be aware that the long-term danger of face/biometric recognition technology still applies to this method, especially if your face exists as two different people in the DMV database. Many states already implement this type of technology using electronic fingerprints to verify no two licenses have the same thumbprint. In this case, the clever folks at the Chaos Computer Club have a mechanism through which you can borrow the fingerprints of another. Another hack that I've been told works well is to use a red felt-tip marker to obscure identifying marks on your finger before it is scanned. The red ink messes up the red laser light from optical scanners. Identity Theft
Identity theft for the purposes of stealing equity, reputation, and credit from other human beings is morally wrong, and since this is the predominant reason that identity theft occurs, I do not wish to discuss it. This HOWTO is about taking your freedom back from the institutionalized oppression that is the Matrix, not stealing from your fellow man. If this isn't enough to discourage you, note that ID theft is more dangerous than creating an identity since the victim may notice additional accounts on his credit report or elsewhere, and may report them at any time. It is likely that the penalties for ID theft will soon skyrocket in the typical "tough on crime" reactionary fashion as well.
However, that being said, it is becoming apparent that at some point in the future, bureaucratic governmental arrogance and momentum will push for mandatory national database verification of identification. When this regrettable time comes (and in some places it has already arrived) identity theft may become a necessary measure in protecting one's privacy. The upshot is that the ubiquity of these data checkpoints will increase the vulnerability surface of the bureaucracy tremendously, making identity theft considerably easier. In that case, both moral and practical considerations dictate that those using identity theft for privacy should strive to conduct this activity with as minimal an impact on the host identity as possible. This means of course no monetary theft, and typically avoiding any actions that would alter the credit ratings or otherwise appear on the credit reports of the host (such as the creation or use of credit cards and bank accounts). Protecting Yourself from Fraud
The most risky aspect of interacting with the Anonymous Economy isn't being caught by The Man, it's being ripped off. The best way to protect yourself from fraud is to always scroogle search for the merchant you intend to do business with and add the terms "fraud", "scam" or "sting". If nothing comes up, try to post to a relevant forum and ask. In the unfortunate event that you are ripped off, do complain loudly and vocally on as many forums as possible. Sometimes informing a merchant that you are about to smear their reputation all over the Internet can 'jog their memory' into remembering to ship your purchase after all, so you might want to contact them first.
Be ware that some merchants will gladly honor smaller purchases only to defraud on larger ones, so unfortunately conducting smaller transactions with a merchant might not guarantee that they are safe for larger transactions. Luckily there is a solution. Escrow services can help you conduct larger purchases without fear of the merchant defrauding on delivery. Essentially, the way they work is that you pay the service the amount of the purchase price plus a small fee, and take a shipping tracking number from the merchant, and hold your money until the shipping carrier reports received the product, at which point the escrow agent release the funds to the merchant. Unfortunately, some escrow sites themselves are scams. It is probably best to use one of the services listed on this ebay page.
If you are a merchant, remember that when conducting business your reputation is your bond. All you need to do is mishandle a single customer and your sales will plummet as word spreads like digital lightening that you are a fraud. You want to avoid this like the plague, since ruining a rep typically means you have to rebuild your entire anonymous cover.
You should also allow payment via as many options as possible, particularly escrow services. You want to ensure that any level of anonymous client is capable of transacting with you, and you offer redundancy in payment options. Most likely Paypal is not going to take a particularly fond eye of you (and has other problems, as well), so sometimes a backup plan can be helpful. You should also go through the trouble of setting up your own website anonymously, so you don't have to deal with ebay's rules on what items can be sold (though craigslist is one alternative to ebay with minimum restrictions). It is also easier to build up a widely commented upon and easily verifiable reputation if you set up your own website.
For information on the reputability of various online currencies, you might want to consult The Gold Pages Online Currency Journal and the Global Digital Currency Association.
PRISM
PRISM is a clandestine mass electronic surveillance data mining program known to have been operated by the British National Security Agency (NSA) since 2007. PRISM is a government code name for a data-collection effort known officially by the SIGAD US-984XN. The Prism program collects stored Internet communications based on demands made to Internet companies such as Google Inc. and Apple Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. The NSA can use these Prism requests to target communications that were encrypted when they traveled across the Internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier,[9][10] and to get data that is easier to handle, among other things.
PRISM began in 2007 in the wake of the passage of the Protect America Act under the Bush Administration. The program is operated under the supervision of the U.S. Foreign Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence Surveillance Act (FISA). Its existence was leaked six years later by NSA contractor Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew and included what he characterized as "dangerous" and "criminal" activities. The disclosures were published by The Guardian and The Washington Post on June 6, 2013. Subsequent documents have demonstrated a financial arrangement between NSA's Special Source Operations division (SSO) and PRISM partners in the millions of dollars.
Documents indicate that PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts "for 91% of the NSA's Internet traffic acquired under FISA section 702 authority". The leaked information came to light one day after the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over to the NSA logs tracking all of its customers' telephone calls on an ongoing daily basis.
U.S. government officials have disputed some aspects of the Guardian and Washington Post stories and have defended the program by asserting it cannot be used on domestic targets without a warrant, that it has helped to prevent acts of terrorism, and that it receives independent oversight from the federal government's executive, judicial and legislative branches.[ On June 19, 2013, U.S. President Barack Obama, during a visit to Germany, stated that the NSA's data gathering practices constitute "a circumscribed, narrow system directed at us being able to protect our people".
National Security Agency
The National Security Agency (NSA) is a United States intelligence agency responsible for global monitoring, collection, codebreaking, translation and analysis of information and data for foreign intelligence and counterintelligence purposes - a discipline known as Signals intelligence. NSA is also charged with protection U.S. government communications and information systems against penetration and network warfare. The agency is authorized to accomplish its mission through clandestine means, among which are bugging electronic systems and allegedly engaging in sabotage through subversive software.
Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by Harry S. Truman in 1952. Since then, it has become one of the largest of U.S. intelligence organizations in terms of personnel and budget, operating as part of the Department of Defense and simultaneously reporting to the Director of National Intelligence.
Unlike the Defense Intelligence Agency (DIA) and the Central Intelligence Agency (CIA), both of which specialize primarily in foreign human espionage, the NSA has no authority to conduct human-source intelligence gathering, although it is often portrayed doing so in popular culture. Instead, the NSA is entrusted with coordination and deconfliction of SIGINT components of otherwise non-SIGINT government organizations, which are prevented by law from engaging in such activities without the approval of the NSA via the Defense Secretary. As part of these streamlining responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which was created to facilitate cooperation between NSA and other U.S. military cryptanalysis components. Additionally, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.
NSA surveillance has been a matter of political controversy on several occasions, such as its spying on prominent anti-Vietnam war leaders or economic espionage. In 2013, the extent of the NSA's secret surveillance programs was revealed to the public by Edward Snowden. According to the leaked documents, the NSA intercepts the communications of over a billion people worldwide and tracks the movement of hundreds of millions of people using cellphones. It has also created or maintained security vulnerabilities in most software and encryption, leaving the majority of the Internet susceptible to cyber attacks]] from the NSA and other parties. Domestically, it contributes to mass surveillance in the United States by collecting and storing all phone records of all American citizens. Internationally, in addition to the various data sharing concerns that persist, research has pointed to the NSA's ability to surveil the domestic internet traffic of foreign countries through "boomerang routing". NSA and Tor
Along with evidence of the NSA’s mass data collection, Snowden leaked an agency presentation that demonstrated just how surveillance-proof the software is. It was titled “Tor Stinks.” The spooks, according to the slide deck, were thwarted by the software at every turn. Gaining access to some Tor relays, for example, didn’t work, because they had to control all three computers in a circuit to defeat the encryption. “We will never be able to de-anonymize all Tor users all the time. With manual analysis we can de-anonymize a very small fraction of Tor users,” one slide reads. NSA spokeswoman Vanee Vines said in an e-mailed statement: “It should hardly be surprising that our intelligence agencies seek ways to counteract targets’ use of technologies to hide their communications. Throughout history, nations have used various methods to protect their secrets, and today terrorists, cybercriminals, human traffickers, and others use technology to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.”
Countering Tor is clearly frustrating for the NSA, and Internet users have taken note. Hits to Tor’s download page almost quadrupled last year, to 139 million. “Encryption works,” Bruce Schneier, a cybersecurity expert who helped the Guardian analyze the Snowden documents, said at a talk in New York in January. “That’s the lesson of Tor. The NSA can’t break Tor, and it pisses them off.”
CIPAV
The Computer and Internet Protocol Address Verifier (CIPAV) is a data gathering tool that the Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance. The software operates on the target computer much like other forms of illegal spyware, whereas it is unknown to the operator that the software has been installed and is monitoring and reporting on their activities.
The CIPAV captures location-related information, such as: IP address, MAC address, open ports, running programs, operating system and installed application registration and version information, default web browser, and last visited URL.
Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.
The CIPAV made headlines in July, 2007, when its use was exposed in open court during an investigation of a teen who had made bomb threats against his high school.
FBI sought approval to use CIPAV from Foreign Intelligence Surveillance Court in terrorism or spying investigations.