2006-6-01
| Revision History | ||
|---|---|---|
| Revision 0.10.3 | 2006-6-01 | AE |
| Added information about SSH Host Keys to the Local Services section. Added a couple more fun ways you can be searched without a warrant. Updated Encrypted Filesystems section to better cover 5th amendment issues, and to mention a neat trick of using an arbitrary combination of both fake and real TrueCrypt keyfiles as a secondary mouse-based password to avoid keylogging. Also added a section on Secure Deletion. Updated Guerrilla data exchange to mention 7-zip as a possible encryption mechanism, and to add more high-capacity providers. Misc updates to Physical Interaction including more information on CMRA rules. Some updates to the Intro, including Target Audience. Added more material to books section. Many other minor clarifications and updates. | ||
| Revision 0.10.2 | 2006-3-15 | AE |
| Added a target audience section to the intro. Also added some offshore hosting updates, touched up the document scrubbing section a bit to add some basic DRM tips for whistleblowers and a section on image metadata. Updated DHCP information with specifics on blowing away old lease IPs. Validated and updated links throughout the document. Also realized I was setting a bad example by trusting mailvault (or anyone) with my GPG key. I have now created a new key that is fully under my control. Please use that and not my mailvault key if you have anything sensitive to say to me. | ||
| Revision 0.10.1 | 2006-2-13 | AE |
| Updated abstract to more properly reflect the scope and motivation of the document. Added information about Terminal Services to the Local Services section. Added the CookieCuller extension to recommendations for dealing with cookies. Added several new tools to the Rootkit detection section. Added several "self-destructing" email providers to the anonymous email section after learning that email is only protected for 180 days on 3rd party servers. Basic hosting updates, including mention of using offshore hosting providers when freedom of speech is threatened due to US law, as is increasingly common these days. Added a brief section on Guerrilla data exchange for those who do not wish to set up a full-fledged website or bother with P2P. Added information on scrubbing documents of personal metadata, which may come in handy to whistleblowers. Moved the Encrypted Filesystem information into its own subsection. | ||
| Revision 0.10.0 | 2006-1-23 | AE |
| Created a new Network Attributes subsection: Double Black Magic IP Wizardry which discusses ways of combining OpenVPN, SLiRP, HTTP Proxies, and Tor to accomplish various things. Improved OpenVPN section, especially for Mac OS. Ditto for SLiRP. Added a couple of ghost walker market ideas to the intro that were inspired by Towards a Private Digital Economy. Added information about easily changing your MAC address in Mac OS, and also information about DHCP leaks. Added more information about I2P, and also updates about risks of hosting websites on I2P and Tor. Added legal info to the Assuming an Identity section. Attempted to clarify and simplify rootkit material and also provided a Linux kernel auditor. Added some brief material about anonymous blogging. Also added a quiz section to help underscore important points that may be glossed over in a casual read of this text. | ||
| Revision 0.9.5 | 2005-9-07 | AE |
| Updated dm-crypt script for Linux to fsck the filesystem before mounting it (failure to do so risks filesystem corruption, which I had the misfortune to experience personally). Added brief writeup of TrueCrypt, which is an awesome encrypted filesystem/steganography solution for Windows and Linux. Added brief review of which popular browser plugins will obey proxy settings and how to determine this yourself. Added more information on printed document forensics. Other minor updates, including MAC address info and a cool snail mail hack stolen from Lucky225. | ||
| Revision 0.9.4 | 2005-8-21 | AE |
| WARNING: A new type of Java webbug was discovered recently that can trick the JVM into bypassing proxy settings using several different methods. Installation of Firefox+NoScript (which is pretty bad ass) is recommended. Also added very brief info about I2Phex, a gnutella network that runs over I2P. Refurl updates. Found several ebooks and archived them on the Tor site. | ||
| Revision 0.9.3 | 2005-8-06 | AE |
| Fixed bugs in openvpn cert generation. Updated legal info on 5th amendment rights to key protection. Added some info about anonymous snail mail. Warned about print media surveillance. Added links to a couple of physical anonymity services that came recommended via email. | ||
| Revision 0.9.2 | 2005-7-23 | AE |
| Minor philosophical updates, including ideas from Usenet/IRC discussions. Added info on virtual offices and some keylogger info. | ||
| Revision 0.9.1 | 2005-7-2 | AE |
| Updated encrypted filesystem material and fixed scripts. Updated rootkit info. Updated intro, adding new section. Added SLIRP+SSH hopping script and clarifications, added social network info to anonymous telephony. | ||
| Revision 0.9.0 | 2005-6-20 | AE |
| Added Objectives and Goals section to philosophical material. Added section on anonymous telephony. | ||
| Revision 0.8.1 | 2005-6-07 | AE |
| Added info on using SLIRP, and some preliminary info on combining it with Tor to use UDP/non-socks apps. | ||
| Revision 0.8 | 2005-6-01 | AE |
| Moved philosophical material into its own chapter and broke it up into 3 sections with added material including numerous potential business ideas. Added more IP address obfuscation material, including I2P. Added more Phy interaction material including information about common scams and fraud. Added more throwaway computing info. Updated encrypted filesystem material. Other misc changes. | ||
| Revision 0.7.1 | 2005-5-05 | AE |
| Added SSH hopping, Social Network, VPN info, Usenet info, Mac OS updates, Phy Interaction updates, IRC, updated intro section, added SeizeD network connectivity tester. | ||
| Revision 0.7 | 2005-4-10 | AE |
| Added Throwaway Computing, Search and Seizure, Assuming an Identity, recommended reading, and other improvements/additions. Lots of work. | ||
| Revision 0.6 | 2005-4-04 | AE |
| Added "What is the Matrix" section, also added some Physical Interaction info. | ||
| Revision 0.5 | 2005-3-09 | AE |
| Updated some info on Physical Interaction. Found some Nym servers. | ||
| Revision 0.4 | 2005-3-04 | AE |
| Added a Physical Interaction section, cleaned up a few FIXMEs. | ||
| Revision 0.3 | 2005-1-11 | AE |
| All chapters and subsections now have text. A few FIXMEs still remain. | ||
| Revision 0.2 | 2004-12-16 | AE |
| OpenVPN config file fixes, Windows rootkit detection, added Makefile and linked tarball. | ||
| Revision 0.1 | 2004-12-08 | AE |
| First xml draft, many FIXMEs remain. | ||
Abstract
Privacy and anonymity have been eroded to the point of non-existence in recent years. Our personal, private information is stockpiled and sold to the highest bidder like so much inventory at a warehouse. National Security Letters are written to make countless requests for records from our search engines, libraries, and book stores with no court oversight. Email and especially searchable data is practically unprotected from anyone who might ask to have it. All our electronic communications are tapped. Massive governmental data mining schemes are being built to record everything we publish on the web. In many workplaces, employers spy on and control their employees' Internet access, and this practice is widely considered to be acceptable.
These are dark times. The Fourth Amendment has all but disappeared, thanks to the Wars on Drugs, Porn, and Terror. Any practicing trial lawyer will tell you that you can no longer rely on unreasonable search to be the basis for excluding evidence, especially for digital evidence in the hands of a third party. Likewise the First Amendment has been shredded with exceptions and provisos, and is only truly available to those with the money to fight costly (and usually frivolous) court battles against large corporations. In short, you can say what you want so long as it doesn't effect corporate profits.
How we got to a legal state where this all this activity is the accepted norm, I'm not quite sure. It seems to stem from an underlying assumption that our function at work and at home is that of a diligent slave - a single unit of economic output under the direct watch and total control of our superiors at all times; that we should accept this surveillance because we should have nothing to hide from our benevolent overlords who are watching us merely to protect us from evil.
I believe this view is wrong. Moreover, I believe it is time to reverse the tide. This document seeks to provide the means to protect your right to privacy, freedom of speech, and anonymous net access even under the most draconian of conditions - including, but not limited to, both private and criminal investigation (which happens far more often to innocent people than one might like to think). "So what are you saying? That I can dodge bullets?" "No.. What I am trying to tell you is that when you're ready, you won't have to."
Table of Contents
Welcome to the first day of the rest of your life.
This document is organized into seven chapters. The first chapter is an introductory philosophical discussion, and the next six are based on the six main ways you can leak information about who you are onto your network connection, or to an attentive individual.
A discussion of what the Matrix is, how it functions, and how to resist and subvert it. This forms the philosophical underpinnings of this HOWTO and the driving force behind the author's motivation to work ceaselessly on this document for over a year, and then proceed to give it away for free. Not required reading, but strongly recommended.
Network Attributes of your computer
This includes your network hardware (MAC) address, your IP address, and your 802.11 nickname. This section describes ways of obfuscating each of these attributes, as well as your network data itself.
Various programs you run can leak information about you to the network. This section describes how to turn them off.
Even after you have taken steps to obfuscate your network attributes, it is still possible to leak a surprisingly large amount of information about who you are through your web browser. It is even possible for websites to determine your original IP after routing through a proxy (or even Tor), if you are not careful.
In some environments (public computers, labs, oppressive work places), your computer may be bugged and under direct deliberate surveillance from a third party. This section describes what to look for, and also describes how to use these same tools to your advantage to conceal your activities. It also covers measures you can take to mitigate information disclosure in the case of equipment seizure.
The previous 4 sections have dealt with how to access Internet resources without fear of divulging your identity. But what if you have something to say? This section discusses the ins and outs of publishing data and communicating anonymously.
The ultimate goal in anonymity over the Internet is to carry it over into the physical world: to use money, and to be able to buy and sell items and otherwise conduct business without fear of surveillance. The means for doing this exist, yet most are prohibitively expensive for the average individual. In most cases, low cost, "good enough" alternatives are available with some extra effort, however. Hopefully, as the Anonymous Economy continues to grow, tools to aid in interacting with it safely will become profitable commodities themselves.
The latest version of this document can be found at http://n4ez7vf37i2yvz5g.onion/howtos/ExitTheMatrix or at http://jdoe.freeshell.org/howtos/ExitTheMatrix. The Anonymity Portal also provides a mirror, along with several other documents. Those wishing to mirror or build their own copy can download this web tarball. This instance was built with xmlto html ExitTheMatrix.xml.
This work is licensed under the Creative Commons Share Alike v2.5 license.
This document exists because of the hard work of literally millions of individuals working in concert to build a free, open world where all can meet, trade and converse without fear. One day The Man will burn.
At the same time, I would also like to thank The Man, because without him, the millions of individuals working in concert to build a free, open world where all can meet, trade and converse without fear would not have such a fascinating hobby.
Furthermore, I would like to thank the dozens of contributors who have tipped me off to various news articles, software, FIXME solutions, and so on. Your help is much appreciated!
If I missed anything you feel is important, or if anything is unclear, please
contact me via email at <aceevader]-a-t-[mailvault.com>. Particularly
if you have any material to cover any of the FIXMEs found in the text, please
email me. If you are someone who needs confidential anonymity advice or
assistance, do NOT use my mailvault GPG key, since I have no control over
preventing leakage of the passphrase. Instead, use this key. While mailvault is not located
inside the USA (and thus not subject to the most likely form of assault: a
National Security
Letter), it is not outside the question that they could be
coerced in some other manner. If you are unfamiliar with GPG, you may consider
installing a graphical front
end to help you along.