Note to readers: protecting yourself from the pigs and the FBI is a field that always is changing. I try to keep this as up to date as I can, but remember: this is cyber-warfare. Always layer your defenses, never trust just one defense. When it really counts, verify that no new information has invalidated any component of your chosen defense before you use it! This is long, but that’s because you really could write a whole book about this subject.

Last Updated 7-22-2020
Update 2020: Posting to anywhere requiring an email account is becoming a serious nuisance due to so many email providers now requiring SMS verification to create an account. Best to post to places that do not require any kind of account formation, but there are still a few free email providers out there that offer SMS-verification free account formation. Tutanota ( for instance allows SMS verification, “donation” or just wait three days for the account to become active. Forget Gmail or even Hushmail these days due to the SMS issue, unless of course you are using a burnphone. Do NOT use any email account that was created from or ever accessed from an IP address associated with you for obvious reasons!

Site Warning:

This site is hosted on WordPress, which should be presumed cooperative with law enforcement. All precautions apply. It’s up to you to block ad agency tracking, IP logging, and law enforcement thugs. We have no resources to set up a semi-secure server. We do not sell ads on this (or any) site, but cannot stop WordPress from doing so without paying them, which would introduce new security risks as well as unfunded expense.

Special warning for cases where life and death are at stake:

If you have reason to believe identification of the source of a post could expose the poster to execution, torture, or decades in prison the four most important rules are:

1: Get rid of every last piece of equipment that had anything to do with writing or posting the article. Destroy it utterly and dispose of the pieces where they will never be connected to you. Some governments make criticizing the dictator a capitol offense, in those countries treat equipment disposal like getting rid of a murder weapon.

2: Do not post such an article from your home or any place you are known to frequent, no matter what your electronic defenses. Defenses such as Tor really do work most of the time, but this is an arms race and is ever-changing

3: Remember how Ted Kaczinski was caught: his brother recognized his writing and snitched him out. Be sure your writing cannot be recognized by any possible reader, and never boast. Snitches get a lot more people arrested than electronic investigations ever will.

4: Do NOT trust me or any other unverified source with your life! Study this but do your own research. Check and recheck EVERYTHING if you are up against a dictator’s executioners. One mistake can get you killed.

Use cases: levels of security

A “normal” case would be using Torbrowser on Linux for things like organizing walkouts from school against standardized testing or posting nasty reviews to Yelp without worrying about being sued, creating any accounts and all accounts needed to create them on the spot(or three days in advance for Tutanota) and not logging into anything else. This must be done in a coffeeshop or library if it’s cops and not just civil lawsuits that you are worried about. At home, accessing Google only through Tor can keep you from building an unwanted Google search history accessable to who knows who.

A “high” security case would be something like posting an anonymous call for a Black Bloc at the Counterinaugural against Trump, or while working for the government calling for a strike and walkout against his administration.

For this you need to usethe Tails live Tor-based Linux distro from a public wifi access point, making sure at boot time the option to spoof the MAC address is checked (the default). If serious jail time is possible, a disguise should be worn in case electronic defenses fail. This used to be a good example of a high security use case, a communique on Anarchist News taking credit for smashing up a Well Fargo bank (GEO Group/private prison investor) in solidarity with hunger striking prisoners, but no longer seems to be available on Anarchist News. Still, this remains a good example of a “high security” use case. Tails not only protects you from spyware (a rather uncommon threat on Linux) but also protects you from many common mistakes, such as connecting to the network before changing your MAC address. It’s not idiot-proof, but it’s the closest thing to idiot-proof posting security you will find. For “high” security always use a fresh download and always set “noscript” to block script globally (not the default). Tails won’t protect you from stupid mistakes like logging into your email and having that tied to your post by MAC address, however!

An “ultra-high” security case is the “national security”/state level situation. The most extreme possible case is something that could change the outcome of a war, such as the Snowden revelations, the Pentagon Papers or Chelsea Manning’s Wikileaks work In these cases you are up against the NSA, and need serious computer skills to get away with it. Insider revelations of Russian hacking into the 2016 election to put Trump over the top also rise to this level, as you then are up against the Russian FSB and whatever scratch team of hackers and thugs Chump can gather.

Things like posting government secrets to Wikileaks requires good research on your part first, again-this stuff changes all the time. Right now my recommendation where 10+ years in prison are on the line is a laptop that can boot TAILS(not Apple) bought randomly with cash (and not activating windows), the Tails live distro, a wifi acces point not requiring use of the non-Tor TAILS “unsafe browser” to set up the connection, using this from a place of concealment from all security cameras, then destroying and trashing all the hardware used. It costs less than one billable hour of a top lawyer’s time.

Snowden-level security also requires buying all that stuff not only with cash but without getting your face usably photographed at the cash register. Sunglasses and a good disguise are needed at the very least, a person was once convicted of murder after a UPC sticker left on the murder weapon (a crowbar) led to Home Depot cash register footage. Assume you are toast if the computer can be identified remotely, so never use smartphones, Apple, or Microsoft Windows unless you bought the computer on the street and covered any webcam before first boot. This is probably why overseas militias and insurgencies that can trust their operatives use couriers to move burn phones from buyers to field operators.



It is trivially easy to find the poster of any internet story on a site that logs IP addresses, posted from a home internet connection without use of Tor or any other defense. Many arrests have come from such communications in ordinary life, but few activists are that stupid.

There has been to my knowledge one case where an ALF/ELF case was “solved” by identifying the poster of a communuque. The person involved used a library computer, but the library required student ID cards to enter. The post was traced to the library’s IP address easily enough, then all student ID’s that had entered the library around that time were read out, yielding someone they must have already suspected.

Had that poster used Tor or another proxy, the cops would not have found the library. Had the poster used wifi from outside the library or gone to a library not requiring ID documents, the cops would have found only the library and maybe the MAC address of the wireless card. If that was spoofed or the card was a throwaway, the electronic trail stops there. If the library copied all packets and sorted them by MAC address, a highly skilled computer forensics specialist might have been able to identify the poster anyway if s/he had logged into something. Security camera footage would have been checked, but would have been useless if the poster was a person unknown the those doing the checking or was in disguise. There was a known case of a right-wing militiaman being caught based on security camera footage after always posting communiques from the same Kinkos without Tor or other proxies. Had he used a different wifi access point each time, or been in disguise he would probably still not have been caught.



First things first: securing the computer

It goes without saying that Microsoft Windows cannot be trusted now or ever with any information or activity that could potentially lead to criminal charges. If you use a Windows computer, never use it for this other than with “Tails” or another live linux disk unless you are only blowing the whistle on a “gropy” high school principal or something like that.

Unfortunately, ALL of the major browsers have also become privacy problems, even Firefox. By default they phone home with performance statistics and intergrate everything from ad-supported search engines like Google or Bing to online chat. Tor Browser is based on Firefox but gets an ever-increasing amount of work to secure it and remove the crapware.

Once you have Linux installed or are running from a linux live USB stick, you can now run Torbrowser without worrying about Windows exploits or spyware written for Windows.
Also if you use a live USB stick you don’t have to worry about spyware or policeware getting installed at home and following you to the library, coffeeshop, etc.

A big part of the advantage of using the Tor-based TAILS security/privacy live linux distro is you can leave most of the hacking to the pros. Once you have something booting it, your computer is far less likely to be trying to snitch on you and incredibly difficult to track, especially if it is not on your own internet connection. Even if someone planted supercookies or spyware, they are not on the TAILS drive and are not available or running. More on TAILS further down in this article:

General summary of available defenses against Internet tracking and forensics

1: Not using any Internet connection traceable to you by name or address. Remember that most websites log your IP address and that if you are connected to the Internet by IPv6 they may also get your router’s MAC address. If you are connected directly to the Internet with no router it will be your computer’s MAC (network card hardware) address that gets sent with an IPv6 connection.

2: Protecting the connection you are using with Tor to stop or delay any investigation there. The site you post to gets the IP address of a Tor exit node with no clues to your IP address. The connection you posted from cannot be found, so neither your MAC address nor security footage camera is available UNLESS someone finds a way around Tor. The NSA is on record as as saying they hate Tor and have trouble getting around it.

3: Not using a MAC address (network card hardware address) that can tie your computer to the posting. This protects you from someone getting past Tor. This is taken care of automatically in TAILS, othewise the link below will tell you how to change it:

Also, not using an IPv6 connection, though I’ve yet to have a wifi router give me one that I know of. PLEASE comment if you are getting IPv6 from wifi hotspots in your area! Tor does not support IPv6, so if you are using Torbrowser you are not sending your MAC address, the router’s MAC address, etc to any website. Install Macchanger on Ubuntu-based Linux distros and use it prior to connecting to your chosen wifi hotspot.

4: Protecting yourself from security cameras at the site you connect to the Internet from. Tor might keep them from ever finding what cameras to check, but if you sit where no camera can see you, you don’t have to bet your freedom on that.
Beware of facial recognition cameras, wear your sunglasses!

5: Protecting your computer from CIPAV or other law enforcement spyware. Never use Microsoft Windows! When it really counts, use a USB/CD live Linux system with Tor such as Tails. The big advantages of Tails is are twofold: with all the software ready to go you are less likely to make a dangerous mistake, and since it is a read-only operating system it is impossible to install persistant spyware that can identify you later.

6:Using https to prevent the wifi hotspot you are using or their ISP from keeping your unencrypted content and serving it up to the cops. Torbrowser does this by default-and thankfully the Snowden stuff has caused most of the Internet to abandon unencrypted http, a real improvement since this was first written. Keep in mind that https is NOT trusted against the NSA and maybe not the FBI directly, but should be more than enough to deny readable copies of your work to your ISP or to a cop-friendly wifi hotspot, and thus makes investigation via 3ed party copies of your content much more difficult.

6: Using the “NoScript” extension for Firefox and in Torbrowser. Both the security of Tor and your security against CIPAV type spyware are greatly helped by using the “Noscript” extension for Firefox (see below) to turn off Javascript by default and enable only when absolutely needed. Note that NoScript has become much easier to use since the Firefox 57 revisions of a while ago.

7:Ensuring your typing cadence are not used to identify you. Assume that if you ever have logged into any website on a browser that permits ads and trackers, your typing cadence is known and stored. Typing into a text editor, then cut and pasting the results will defeat this kind of tracking.

8: Ensuring your writng style is not used to identify you. If you have done a lot of writing, consider having someone else in your crew write the text altogether. Keep in mind, the Unabomber was caught when his brother recognized his writing in a print newspaper insert of his long communique, so this is not unique to electronic communication at all.

9: Neither using your normal phone for any part of this, nor carrying it while doing do. If you are not using a burnphone (unregistered phone bought with cash and activated with no name or personal information) to post or to arrange transportation/pickup, do not carry any phone at all. If you are posting from a laptop via public wifi, any phone is just another potential risk.

OK, on to some details:


Tor is an “Onion Routing” encrypted proxy system that routes traffic through (usually 3) multiple stops, in addition to the source and destination. Only the connection from the “exit node” to the remote website is unencrypted (since they are not running Tor), and only that connection’s IP address is visible to the remote website or anyone watching it. Tor does not support IPv6, so your MAC address does not go beyond the router. In the future this may change, but surely Tor will then force use of IPv6 privacy in some way to prevent the MAC address from being sent. Even if any one Tor node is malicious (and some certainly are), no one Tor node can see both the source and the destination at the same time. Only the exit node and final destination can read the contents of your traffic, and even the exit node can’t read or copy it when https is used. The NSA is reputed to save all Tor traffic, but it is all encrypted and apparently they can’t crack it, based on all those “we hate Tor” statements and the use by both FBI and NSA of plain old Windows viruses to go around Tor, implying even they cannot simply crack it.

Warnings needed due to limitations of Tor:

Do not rely on Tor to protect you from malicious Javascript on a website or any of its third party trackers. Turn javascript OFF unless you know for sure the site in question won’t try to use it to get your real IP address sent to a server somewhere. More on the “Noscript” plugin included with Torbrowser and how to use it below.

Do not rely on Tor to protect your home Internet service while communicating with a server that is being watched (like this one). Tor is not designed to protect communications when both ends are watched at once, and another bug like Heartbleed is always possible. This is the first layer of your defense, not the only layer.

Do not rely on Tor to keep you from building a Google search history if Google is also your internet service provider, as anyone controlling both ends at once can see around Tor entirely.

How to use Tor on an existing Linux install

Tor is now easy to get working. Go to and download the Tor browser bundle that matches your operating system (which should never be Windows or Apple!) Follow the instructions to extract the folder inside to your desktop or somewhere else and click on the “start-tor-browser” script to run it. Torbrowser will take a while to start, but a Firefox browser window will open and automaticaly test itself to see if you are using Tor. Wait for that test to finish and if it says you are using Tor you are almost ready to proceed. You need to click on the circle-S “noscript” logo and set it to “block javascript globally” to prevent attacks using Javascript. Enable Javascript on a per-site basis, only if necessary, only if you trust the site not to attack your computer and then snitch.

Torbrowser will prevent websites from logging your true IP address unless the same company that owns the website also controls the internet connection on your end. It will also reliably block any ISP from logging anything you do for the cops, the FBI, or the NSA by themselves. Local investigations without top-level NSA support will go nowhere.

Pay attention to the Tor Project’s warnings about how to use Tor safely and block attacks

How to run Tor using the Tails USB operating system for maximum security

If you are using Windows, do not trust Torbrowser running inside Windows, although many do exactly that. If you are doing something really heavy, you might not want to expose your normal operating system no matter what it is. This is why the a Linux-based operating system called “Tails” exists. TAILS boots a Linux operating system from a flash drive or a CD, and runs Torbrowser very safely and saving nothing to any disk. You can run it without replacing Windows 7 or earlier. The “unsafe browser” which does not use Tor is used only to connect to “captive portal” wifi connections and for no other purpose.

First of all, from someplace other than where you intend to send anything important, download TAILS from:
at this installer page:

The Tails website now has an “installation assistant” to make installing tails onto a USB stick or DVD much easier than before. Follow the instructions exactly, you will end up with a DVD or USB stick that can boot directly to a Linux desktop with Torbrowser ready to use and nothing ever saved to disk.

Reboot with that tails drive for each separate secure communication. A note concerning flash drives: never use one you found on the ground, as it was probably dropped there loaded with attack software on purpose.

Be sure to learn how to boot your new Tails CD or USB stick before you hit the road on a mission, as different computers invoke boot menus or boot from USB or CD different ways. At least Tails can now boot on UEFI laptops, though you may need to disable “secure boot” in the UEFI menu. Do this in advance, especially if you have to boot Windows to get into the UEFI menu at all. In any case, test all your hardware well away from any home Internet wifi connections and get yourself familiar with using it before you take it on the road. The stress of a mission can make you nervous and make troubleshooting difficult or impossible.

On pre-Windows 8 machines, F10 or F12 will usually bring up a boot menu, or you can go into setup and tell it to boot from CD or USB stick first. Procedures may vary on later UEFI machines but most still have boot menu options, again from F10 or F12. There are a number of oddball UEFI machines out there that cannot boot Linux at all without firmware updates due to bugs and only testing on Windows. If you download that firmware update to an IP address known to be connected to you it may have malicious modifications and cannot be trusted. Best bet is another laptop of a different brand. Lenovo for years was a known brand to avoid (though recently they have started selling machines with Linux pre-installed), somein the past with malicious UEFI code, some Wiondows 8-era machines even had code requiring the boot image be called “Windows 8” or “RHEL” and most recently some Windows 10 laptops that won’t boot any Linux (tails included) without a firmware update applied through Windows. The first two cases are no longer sold new but beware of them if buying used.

Some very old computers won’t boot from USB but boot easily from CD’s or DVD’s. Once you have done this once, using Tails becomes easy: plug in the stick or CD, select it in boot menu, and let everything come up. If you can connect to the wifi without having to “log in” to the hotspot, you are good to go with maximum security. A wifi hotspot that does not use a “captive portal” login should be used if one can be found, it’s one less point of attack. If you can’t find one with good security against cameras, see below for how to use the “unsafe browser” to get past the captive portal login:

There is a “chicken and egg” issue with TAILS on hotspots with “checkbox” or “captive portal” login pages: Since everything is done over Tor, you need a Tor connection to talk to any landing page used by the wifi access point. The only thing is you won’t be able to make that Tor connection in TAILS’s secure Torbrowser without having already been to that page, meaning Torbrowser can’t connect without first making a non-Tor connection to the landing page. The TAILS team therefore includes an “unsafe browser” in TAILS to make a direct connection and get a login page wifi working, which should be used for absolutely NOTHING else. With this method of connection you certainly know your MAC address is being logged, fortunately TAILS uses a fake (spoofed) MAC address by default. To use it, go to something like, not using https because some landing pages error out in https. Click through the agreement, then shut down the unsafe browser and fire up Torbrowser. Do your work, shut down and leave.

When you shut down any changes are erased. Even if the FBI got spyware into Tails (which would be something new for them), it won’t help if you are on the road, don’t log into anything tied to who you are, and avoid security cameras. When you go home and log into email from the same machine, even if you use Tails again it is a new session with all changes gone, if you use your normal operating system any saved data or malicious changes never reached it. This method of connection is far, far safer than exposing a normally used operating system that could contain policeware/spyware or pick it up during the secure session. Tails will protect you from any pre-existing attack on your computer except one attacking the BIOS or UEFI. It protects you from having one posting session tied to another by software installed during your session as well. Any determined attack on the unsafe browser could possibly see your Tor session but not that hard drive you are not using. For this and other reasons you must still not log into any email or other website not actually used for the secure post and then discarded.

Tor can protect you from being snitched on by your Google Search History, even at home

Using Tor for every Google search at home is a great idea. This way Google doesn’t get your “Google search history” by IP address. This is one of the few uses of Tor that might be safe from Windows. Even if the NSA can somehow find a way see what you are doing, Google cannot and therefore cannot give it to the police or FBI in response to a search warrant or subpeona. There is an exception to this: if you have Google fiber or are on any wifi connection provided by Google, they control both ends of the connection and can watch both ends at once. That allows the “confirmation attack” that can go around Tor. Either don’t buy Internet access from Google or don’t use Google for anything else.

Unlike the FBI, Google can only watch their own server and whatever you send them, they cannot watch your router, modem, or ISP unless you get them from Google. You can keep them from watching your browser by blocking Google Adsense and Google Analytics.

Whereever possible, use search engines that claim not to log your searches like or Beware of IP address based data retention orders, some research really does require Tor. Some regard Google as a private version of the NSA where you search them in return for being searched.

Tor is also great for bypassing censorship and getting to sites your ISP blocks, at home and everywhere!

Some websites have had real trouble with someone blocking them in between user’s connections and their server connections. Virgin Mobile, T-Mobile, DC Public Library, and even certain Verizon FIOS customer have reported difficulty reaching them some sites. Liveleak is blocked by some online filters used by public wifi hotspots for “work safe” reasons. Once connected, Torbrowser reliably cuts through all the blocking like a machete through an invasive, tree-choking vine. In this case you can ignore most security concerns and use it freely from home-you are just trying to connect. The Torproject themselves list bypassing censorship as just as important a reason for Tor to exist as defeating monitoring of Internet use.

There are also wifi providers who try to block Tor. The DC libraries did for a while but gave up. Tor is hard enough to block that censorship-minded wireless internet providers like T-Mobile simply block access to, attempting to use “chicken-and-egg” to keep their users from getting Tor at all. The counter is to download Torbrowser, Tails, etc over a wifi connection that does not block, fire it up and you have just beaten their attempt to block Tor. Probably you are now free to surf all of the Internet without interference from Web Guard, though as I boycott T-Mobile’s internet service I cannot test and verify that directly.

Possible attacks against Tor, this is why you wore those sunglasses and that funny hat (you wore your mask so you would not catch COVID 19 and make anything the FBI did irrelevent)

The NSA is on record as hating Tor, a very strong endorsement of its security. None the less, Tor is not perfect and those who can’t see you through Tor can seek to find ways to go around Tor instead. The obvious way is to attack your computer and have it tell them directly what you are doing, as dicussed below in the CIPAV section. This is rare, so far only reported to work against Windows, and the FBI is known to avoid using it against “hackers” for fear of more of their code being captured. Short of that, there are other, much less effective ways.

Theoretically, the NSA or even the FBI could work around Tor if they already know both internet connections to watch and only want to prove something they already know. If you are at home, they are watching “” and watching your ISP at the same time, they need only execute a “timing attack” by watching exactly how many bits enter and emerge from the Tor network at exactly the same time. This is known as a “confirmation attack,” it produced no new information, only proves what they already suspected.

Of course, if you go to a coffeeshop to use Tor, any attacker now has to guess which coffeeshop to watch at the exact same time they are watching the target server on the other end. If you use that coffeeshop once only, this is even harder. Based on the fact that the FBI bothers to write CIPAV’s and even the NSA is relying on bugging endpoint computers, this might still be a theoretical mode of attack not being effectively used. On the other hand, the authors of Inspire probably never used the same connection twice, I’m surprised they ever used the same computer twice either. Of course, you have much bigger problems if your opponent already knows what coffeeshop to watch.

To defeat Tor outright and get IP addresses of everyone connecting to the destination server would require watching all Tor exit and guard nodes at once, something even the NSA cannot do. This is because many Tor exit nodes are located in countries hostile to each other. As a result, Tor effectively protects communications where at least one of the IP addresses involved cannot be guessed in advance. The NSA, like the FBI, has a LOT of trouble with Tor, it took them 8 months to find al-Qaeda’s “Inspire” magazine’s nasty theocratic posters by passing spyware from a compromised location through Tor. Even the NSA can’t easily bypass Tor, they have to work and work and rely on exploits against computers on either end.

WARNING-Turn off JavaScript when security is a factor

The recently captured sample of the FBI’s CIPAV or Computer IP Address Verifier used 3ed party Javascript to run its malicious code against a Firefox 17 (Torbrowser) memory vulnerability. The malicious code’s payload only worked in Windows, but could have been written to attack any operating system. The vulnerability was in Firefox 17 as formerly used by Torbrowser and was cross-platform.

Torbrowser comes with the NoScript plugin, without Flash or Javascript enabled this kind of attack is far more difficult. Always set NoScript to disable Javascript by default and enable Javascript only when you need to, in ALL Internet use. Never, ever allow an unknown or untrusted 3ed party site to run Javascript, whether using Tor or not.

Most of the ways of unmasking Tor users on Linux require Javascript, Java, or (in days gone by) Flash, as do many “zero-days” used to install spyware on Windows machines. Warning: Torbrower has NoScript installed by default but you need click on the onion in the toolbar, open “security settings” and set the “security level” slider to something other than minimum. Whenever possible, use “maximum,” and enable only the JS needed to use the site to accept your post by clicking on the NoScript icon and using the dialog to enable the necessary scripts. Note that “medium” and “maximum” Torbrowser security settings break video playback on sites that do not support click-to-play video, notably Twitter. Setting security level to “mimimum” keeps your Torbrowser configuration common but permits all 3ed party Javascript to run (trackers and malware included). If you use “minimum” and click on the NoScript icon to “turn off scripts globally” and re-enable only the ones you need, this is an uncommon configuration and could be used to tie multiple accesses to the same site together. On the other hand, that may be the only way to deal with video on sites like Twitter. I have no idea how to post video to Twitter though as I do not have nor want an account. Also note that Torbrowser never saves any per-site JS settings, and defaults to allowing sites to use “iframe” and “other” which could potentially load dangerous Facebook or Google content though not their Javascript. Consider turning those off before surfing unless you know for sure you will be using only sites free of social media content. Also note that Torbrowser by default does NOT turn on “tracking protection” that blocks communication with 3ed party trackers such as adservers and social media buttons. The most dangerous of all 3ed party content is probably the Facebook “like” button. It’s job is to build the most complete possible surfing histories on as many people as possible. Facebook is even suspected of building “shadow profiles” of those without Facebook accounts.

Browser Fingerprinting warning for browsers other than Torbrowser

Techniqes for harvesting browser and hardware information have existed for about a decade. They are commonly known as “browser fingerpringing,” and to defeat them you need to disable Javascript for any secure communications to commercial sites using a computer you do not intend to destroy afterwards. Most browser fingerprinting techniques require Javascript to gather enough information to uniquely identify a user. Most of the time, this is 3ed party Javascript from dedicated tracking servers, but unless you directly examine the code you don’t really know what the toplevel site is doing either.

Google (including Youtube) is strongly suspected of browser fingerprinting, their terms of service openly allow it under the name “Device ID” which could also refer to smartphone serial numbers being harvested. Banking sites are confirmed to do this, and all other commercial websites should be presumed to log browser and device information that could tie you to a posting. Browser fingerprinting, unlike IP logging, does not generate suspects unless you have an account with the server you are communicating with, but can tie you to a post after the fact. Facebook is worst of all, and should be presumed to use all available tracking tools unless proven otherwise. Browser fingerprinting is often too inaccurate for the courts, with advertisers estimate it gives only about an 80% probability that two transactions really came from one computer. Still, that is the kind of fact that prosecutors like to conceal from juries and judges.

Torbrowser is hard to fingerprint

According to the Electronic Freedom Foundation, Torbrowser “standardizes” a lot of browser data, weakening browser fingerprinting to the point that tracking one user by browser “fingerprint” should be impossible. This might make a common piece of hardware like a popular netbook impossible to prove is yours, but don’t rely on this alone to keep you out of jail until more is known. Instead, use Torbrowser as one part of a layered defense.

CIPAV: FBI “phone home” software as used in an attack on one hidden Tor webserver: One version of CIPAV has now been captured, reverse-engineered, and countermeasured by Torbrowser’s publishers

There have been cases where the FBI was totally unable to get past Tor or other proxies by normal means. These cases all concerned repeated communications consistant with each other, believed to be from the same user. In one reported case, a social networking page was used, and the FBI posted a malicious link where the administrator was sure to see it. It contained a Windows virus called “CIPAV” or Computer Internet Protocal Address Verifier.” CIPAV is probably a generic name for any program used by the FBI to hack into a target computer.

Back in 2013, a sample CIPAV set to collect only the system name and MAC address was captured. It relied on a Firefox memory vulnerability to get into Firefox 17 as used in Torbrowser. Although the danger was cross-platform, the exploit code was Windows-only. This vulnerability has been patched, but surely new ones will arise. Keep Torbrowser up to date, never trust Windows with Trobrowser or anything else. Remember, this cannot possilbly be last version of CIPAV, but it is unknown if they have ever succesfully written a CIPAV payload targetting Linux. No Linux CIPAV had ever been mentioned in open court when this was reported shortly before 10-12-2013.

The Tails live disk makes both CIPAV and browser fingerprinting useless

For any posting where a person might face serious charges because of the post, the “Tails” live disk or USB drive operating system is the way to go. Be sure to use only the newest version because this stuff is always an arms race.

If the server you are posting to is “hot” and a CIPAV uploader is on it, your session could still be infected if they write a version of CIPAV against Linux and therefore Tails. This gets them only the information from that one session. If you are on a public hotspot and spoof your MAC address they can’t prove the computer is yours, and you do nothing else in the session they can’t identify you. Avoid security cameras and they have nothing. Turn off Javascript and the recently captured exploit would fail entirely.

Needless to say, if the FBI and NSA had had much success in using confirmation attacks against Tor by watching all coffeeshops and libraries, they would not have bothered to write CIPAV. That says something about the real world effectiveness of Tor, about the unwillingness of the NSA to appear in court and be cross-examined (required to use their data for warrants and prosecutions) or both. Consider newer CIPAV versions to be more dangerous than PRISM, as their take is far more usable in court.



You must use Internet access that is not connected to your name or address, even when using Tor, if you or another person could be arrested for what you are posting. It may be watched, but the watchers won’t know in time to correlate a random coffeeshop with a one-time post to a previously chosen target website.

Free wifi access is offered at some coffee shops, libraries, and even some fast food restaurants. A post from these cannot be traced past the wireless access point. Assume the wifi access point copies your transmitted data, data coming back, and your mac address. With https, they get gibberish for the data. With a spoofed MAC address, as is the default on TAILS, that too is useless.

If you are posting anything “arrestable” do not open your email or log into anything, Those logs the wifi access point or anyone watching it might keep must contain nothing but the post, and you should clear the area immediately if it concerns anything that could be construed as a felony. Also, do avoid legacy websites that require the use of unencrypted http content, though thankfully these are going extinct fast.

Your MAC address (wireless card ID number) is presumed to be logged, but doesn’t generate suspects unless you are later arrested with that computer or possibly if something you are known to be connected to has logged it. Your MAC address can be changed, or a throwaway USB wireless card can be used. Always assume that the original wireless card on any machine on which Windows was ever activated was logged by Microsoft and available to the cops, never use that wireless card without “spoofing” the MAC address. Again, this is taken care of automatically in TAILS. A program called “macchanger” can be installed in Ubuntu, Mint, etc to make changing your MAC address easy. Learn to do it every time for practice. The safest approach of all is to remove the original wireless card entirely and use a USB wireless card bought at a random shop with cash, used once, and then thrown away.

I do not know if any public wifi routers connect by (dangerous) IPv6 connections, but Tor does not support IPv6 addresses, and the design specs for Tails call for prohibiting IPv6 entirely. I’ve yet to encounter a refusal of Tor to start caused by an unsupported IPv6 connection, but assume that IPv6 wifi hotspots will eventually proliferate. Check your IP address when you connect, make sure it is the shorter IPv4 address.

Seek visual cover from indoor and outdoor security cameras if possible-especially if NOT using Tor

Warning: do not drive a car or any registered vehicle anywhere you might want to deny having been. Don’t use transit paid for by credit/debit card or anything linked to one either. Walk or ride your bike if possible. Use cash only if riding the bus. In fact, don’t use credit cards, debit cards, or ID within several blocks of the access point (urban) or several miles (suburban/rural).

You must protect yourself from the spread of facial recognition cameras. While “dazzle facepaint” in a coffeeshop would attract unwanted attention, dark sunglasses will not.
COVID-19 update: Masks are now required in many places and are probably now at least permitted in ALL indoor locations. WEAR ONE! Sunglasses deny facial recognition software two of the three most important reference points used to calculate the geometry of a human face: the centers of both pupils. Your mask takes away the tip of your nose too. Sunglasses alone make facial recognition software far less effective and can entirely stop some simpler programs from working. Adding a hat you don’t normally wear will make you harder for a human investigator to recognize as well. Put these on well away from where you intend to post, but also well away from your home, work, school, etc. Masks probably will be OK for years after COVID is gone, so long as any colds or flus are circulation. Many in Asia never stopped wearing masks after the original SARS epidemic.

Drawing a 3ed eye anywhere on your face with a magic marker has been reported to utterly confuse facial recognition software and looks like “new age” body art, so it won’t draw suspicion. It does look odd, however, and has the disadvantage that you will be more easily remembered by any person who is later questioned. Should not be needed anymore thanks to widely accepted wearing of face masks.

If you can find a place outdoors that is visually concealed from cameras owned by the target wireless access point, yet within range of a good quality wireless card, use it!

Consider using a “Pringles Can antenna” to extend your range and access a coffeeshop’s WiFi from the bushes out back, so there is no security camera footage at all. With this setup and a changed/throwaway MAC address, you can do things that Torbrowser makes difficult like uploading videos. Even if cops do show up, there’s no evidence other than whatever the wifi server copied from your work and the (spoofed) MAC address. If you used Tor as well, they get nothing at all.


3: PREPAID WIRELESS STICK/HOTSPOT/BURNPHONE used with/tethered to a laptop, or PREPAID SMARTPHONE by itself, cash only:

The main danger here is being photographed buying it and later traced by the connections’s device ID. In large organizations, those who buy burn phones do nothing else, and couriers deliver them for this reason. Do not use a smartphone or laptop bought on the street-it’s former owner might be recording your face when you use it, it is probably stolen and this is a known function of anti-theft software.

The best thing about this is you can now access the Internet from deep in the woods, miles from security cameras, so long as a cellphone connection is available and you can get out faster than the cops can read the post, call the cell company, and travel to the site. Tor still works for this, and can hide the cell provider from anyone watching the destination website. That can buy you days or weeks to hike out, maybe forever. Tor may also keep anyone from ever finding the cash register where the 4g hotspot or its activation card were purchased. If it does not, your disguise skills or the loyalty of your buyer might be tested. Be aware that it is much safer and easier to run TAILS on a real laptop and connect via a wifi hotspot than to get Tor installed and working on some smartphones, and safer in all cases.

Plain old IP address logging now gives only a GPS location at most. Assuming the device even has GPS, and assuming you can’t turn it off or they turn it back on, you can still control the GPS absolutely by only putting the battery in in the place you want the trace to lead to. It does not stop browser or hardware fingerprinting, only the IP address is affected. If you post to Google or some newspaper site with Javascript turned on, you will still need to get rid of the computer as well as the 3G/4G stick or hotspot. Again, be sure to use Tor, and if connecting to a 4G hotspot and not a USB stick (the 4G to wifi device is much better supported by Linux so recommended) be sure to spoof your MAC address. IPv4 or IPv6, the cellular company should be presumed to log it.

Find a prepaid provider that does not require ID to buy the hardware or set up the account. Pay with cash, never use credit cards for this! Warning: some stores snap a face picture at the cash register as each item is scanned, Home Depot is known to do this. Wear a disguise if jail time is possible. Self-serve registers are known for this, using a human-operated register and looking away from it as all items are scanned is probably safest if your apearance is not one likely to be remembered by the cashier. If for any reason you are asked for ID refuse, cancel all transactions, and leave the store.

Become familiar with setting up their accounts, perhaps by setting up a “practice” account for someone wanting cellular Internet access. You must be able to activate your device without calling tech support. You will probably have to fill in a name at activation online, give a fake one and no real information of any kind. Presume the cell provider logs everything by GPS, make sure this information is useless! Don’t use T-mobile if you need to use a site that might be censored by “web guard” which you can’t turn off without ID.

Setting up a burnphone

First, buy an unlocked Android phone, and separately buy a SIM card and airtime for it. Be sure you are familiar with setting up phones for that carrier. Set up a “practice” phone for someone very trustworthy if necessary. Beware of locked phones: they are cheaper but if activation fails you might never be able to activate them without calling customer service, which makes the phone no longer safe as a burnphone. Also beware of carrier-provided phones in general if you need to tether a laptop to it: many carriers attempt to prohibit tethering, and block it on the phones they sell. Buy an all-the-way unlocked phone if you need to tether. Avoid Verizon phones, as some “unlocked” Verizon-compatable phones were set up by Verizon and still contain their software.

Next, go some place well away from anywhere connected with you, and in which there are no security cameras. Tape over all cameras on the phone, put in the battery, start it up without a SIM card, and do NOT connect it to a Google Account (skip it) assuming this is an Android phone. Next, disable Google Play Services and the Google Play store. Turn off location, allow “installation of apps from untrusted sources” if you will be installing Orbot, and set all privacy settings to block sharing of information. Now activate the phone, and the carrier should not have access to GPS data and does not have their spyware apps on the phone as they did not provide it.

If you can get the Android version of Torbrowser working(issues have been reported with Tor on Android in the past, but Torbrowser seems more reliable), this burn phone becomes even safer as the website you are posting to now gets a Tor exit node instead of your real IP address. If the phone cannot be identified it can’t be tracked back to point of sale for security camera footage. You should still avoid using this phone where security cameras can see you, just in case.

There are so many ways of tracking phones that you must never have used this phone before, must never have turned it on near your home, and must destroy it afterwards. That is the definition of a burn phone.

Warning: I know more about computers than phones so double-check all of this

You can cache the device (only if the battery can be removed!) in a really good hiding place (like a sealed PVC pipe buried on public land) if you are running a press office for an underground organization and all your posts are tied together anyway. Be sure to wipe your fingerprints off it. Otherwise, remember: Each post made with the device should be presumed tied to all other Internet content originating in the same device by a standard good enough for a courtroom. Post from the phone itself, not a computer tethered to it unless you are going to trash them both or cache them both.

For really important shit, remember: You bought a $80 device and $50 worth of minutes at most. It is cheaper to smash it with a hammer and throw it in the trash than it is to pay $500 for the first hour of a lawyer’s time. If you smash both the computer and the phone you tethered to, bought both with cash out of town, and did your work in the woods, even someone getting past every other security tactic posted here would still get nothing unless he can find the store you bought it from and your undisguised/no sunglasses face in the security footage.



There are still a few public access computers left that do not require logging in with identity information. Security cameras are a danger here, but the electronic trail generates no suspects unles you log into something. If the poster is a person not known to the police, uses the computer for nothing else, and does not return they may be impossible to find.

Bring any content in by a newly-purchased flash drive, destroy the flash drive afterwards as these machines all use MS Windows. If you can, turn off history and clear cookies afterwards. Make SURE you do nothing else on the chosen machine and all others on the same network within 6 months of so before or after. In particular don’t check email or any other postings-do your secure task, do only that task, clean up, wipe your fingerprints and leave! If the library in question has semi-private cubicles, use one and take advantage of the extra privacy to wear latex gloves. Assume hidden monitoring software logs copies of everything you do, so make damned sure you don’t do anything that can be tied to your identity.

Never use a public computer you have to log onto with a library card or any kind of ID documents, or in a lcation you have to present ID to enter, as said before someone was once convicted of an ALF/ELF action based on having swiped a university ID to enter a library from with a claim of responsability originated. This was logged and the information presented to the cops and the courts.

Instead, go where local cops won’t recognize your face on grainy, low-quality security camera footage, post your work, wipe your fingerprints, leave immediately. A Kinkos card bought with cash, used once, and then destroyed will leave no records other than any local copies of your work (on the machine) or security camera footage. Interestingly, all Kinko’s outlets in DC shut these machines down, going credit-card only, for one day on Sep 11, 2002.

Note concerning public computers for Youtube posting: Youtube/Google will refuse to make an account for you from the library’s network, as more than 5 accounts will surely have already been made from it. They will demand “sms verification,” meaning they demand a phone number and replying to a text message to activate the account. It is better to refuse this and not do business with Google, but if you must use Youtube, you will need to use a web site that offers one-use “phone numbers” that accept an SMS message and provide a Web interface to read the message. Google might try to stay ahead of this but the phone numbers constantly change. If this does not work, burn phones are always an option, though that makes using Youtube instead of some other video host very expensive.

Best way to post video when security counts is probably to post it to You can post files there without using Flash, and using only their own Javascript (no 3ed party Javascript). works just fine through Torbrowser, unlike Youtube, Liveleak, et all. Send links to the Archive files instead of to Youtube videos. Make the account using a Tutanota or Protonmail account. Making both accounts at the same time from the same secure session if possible (e.g SMS verified email account ona burnphone, or for Tutanota without a burnphone make the account three days earlier with the same hardware but a different location. Do not use Gmail, Yahoo, or MSN, they are all part of PRISM and are known to collaborate with the cops.


  1. j says:

    If I use a library computer tht doesn’t require any type of login to use can I still be traced? I also use my phone to txt using an app to text the buyer will tht effect me or no

  2. dcdirectactionnews says:

    If using a library computer, there would be several ways to attempt to trace you. Most of these also apply to wifi at almost any indoor location, but are more easily implemented by a library on their own computers. DC’s public library login system has been confirmed to be at the request of Homeland Security.

    1: You can’t run Tor on most library computers, so the pigs could track the post to the computer, get the time of posting, and then go to security camera footage. Wear a disguise!

    Here’s the biggest advantage of Tor on your own laptop: if they can’t find the IP address you posted from, they can’t find the security camera! Presume the library could track outgoing packets too, so use HTTPS to prevent local spying from busting you.This won’t help on a library computer that has the decrypted plaintext, but when you leave with your laptop this leaves with you.

    2: If you log into your email or any other account, they will probably track and keep that, tying you to the post. This is also possible with deep packet inspection by a wifi server, so never do ANYTHING else when doing a high security post. They WILL do this at a library computer, they might try with wifi as well.

    3: They could dust the keyboard, mouse, etc for fingerprints and harass all persons matched. Wipe your prints!

    Smartphones: never trust them, don’t even have a cellphone with you unless the battery is out if you need to be able to deny being someplace. NO text messages, they are easily and routinely logged! Assume the smartphone app is bugged, a lot of them are

    Smartphone are no doubt sending a lot of people to jail. Unless you can afford to use them as burnphones, forget them for secure workl Cops have said they especially love iPhones and Facebook, their competitors are dangerous too.

  3. J says:

    You have a email where you can be contacted for faster response

    • dcdirectactionnews says:

      For security reasons contact information is not given out on this site. After all, anyone, the pigs included, could read the replies. At DC Direct Action News we try to make it as difficult as posssible for the filth who send activists to jail to get names, emails, etc.

  4. Rick DeNardo says:

    I have 1st hand experience with Tor and know for certain that the Police can easily see all my internet activity. I started to use the Tor Vidalia bundle since the Montreal Police department monitored all my previous emails and contacted EVERYBODY I communicated with to be their informant and saboteur.

    I’ve noticed that since the creation of new email accounts through Tor, they STILL have the means to intercept and monitor my emails. I’ve be making contacts with completely new people through Tor and yet the pigs are still f*cking around.

    I’m not doing anything illegal, yet these COWARDLY PIGS constantly badger and coerce everyone I contact to be one of their informants and saboteurs.

    So guys be very careful when using Tor.

    • dcdirectactionnews says:

      If the email accounts are in your name or a name they assume to be yours, Tor is irrelevant as they can read the content from the server (PRISM, anyone?). Stopping that is the job of end to end GPG/PGP encryption, not of Tor.

      Remember, they watch ALL email accounts with corporate servers, making new ones only helps if there is nothing (including who they talk to) to connect them to the old one. A collection of random number email accounts, accessed only by Tor, carrying only encrypted GPG traffic, will tell them nothing. Can tie each account to all of the others and surely will, but that’s about it.

      Also-get rid of Microsoft Windows, it might be your COMPUTER that is doing the spying for them. Microsoft actually wrote in back doors for that purpose. Use Linux instead. Speaking of that, if you think a raid is a risk, wipe your hard drive with random numbers, then encrypt the drive and reinstall Linux on it. If you can’t do that, SMASH the old hard drive, install Linux on a new one.

  5. L1neW0lf says:

    Hello I’ve been interested in becoming a whitehat hacker for some time now, and thanks to your post ive been able to Hide any and all activity. I Just wanted to say thanks and add one comment for the previous poster “J”. Tor now supports Android,Windows pphone os and blackberry. well thanks a ton.Cheers and keep fighting the good fight!!

  6. Mason says:

    I have a question and would love it if someone could help answer it…so my high school suspends kids for supposed “bullying” on social media. One junior was suspended for making an account that told “truths” about out high school. They tracked his IP address. I want to make an account that basically tells my high school to fuck off…however, I don’t want them to be able to trace me like they have others. So if I went to the public library would I be safe? Or could they still find me? Also, any tips on what to do? Please please help. Our administration is out of hand for suspending kids for actions not even on school property or during school hours!

    • dcdirectactionnews says:

      People bullying students deserve anything their victims-or the school-can throw at them. There have been cases of scumbags using Facebook, etc to harass Gay kids into committimg suicide and I’m not about to forget those cases anytime soon. On the other hand, it does sound like the junior you describe is not bullying but being bullied by the school. What I just said goes for school officials just as it does for students, so here’s how to protect yourself. I also agree that off school property is out of their jurisdiction, I would not stay in any school that played that kind of game.

      OK, so you are being bullied by school officials and need some payback. Since you are not a pro, you want to avoid doing anything that the pigs would be interested in. Here’s one that’s totally legal, though they might try to throw you out of school over it if they can find you:

      Are there any standardized tests that you can’t be held back/denied graduation over? Schools live for their test results these days, and an organized campaign by students to do as poorly as possible on the tests can be enough to force a school to negotiate. Low enough test scores can cost the principal, etc their jobs and the school a big bucket of funding.

      OK, you need to know how to deliver the this warning and how to organize other students without being found. You don’t want blowback-and you don’t want them to know whose tests NOT to count in their scores.

      The tracked IP address was probably to a home computer parents had used to talk to the school. They probably had a log of IP addresses vs parents names. That won’t work at the library, but some library officials are too close to school officials and might rat if they can. Also, if anything was done on Facebook, remember that Facebook has in-house monitors and snitches, exactly NOTHING can be safely done on Facebook as they will go out of their way to identify you.

      Some tips for this situation assuming you will NOT be using Facebook. REMEMBER, this only applies to your “tempest in a teapot” where the dangers to you are limited to school officials. They can (maybe) throw you out if you stay within your 1st Amendment rights, but you are not breaking any laws. If you were in the Animal Liberation Front freeing beagle puppies from laboratories you would need a hell of a lot more computer security than below, refer to the original article for that kind. Meanwhile, this should be enough for your purposes:

      1: a public library computer that does NOT require a library card is safe if it is not the library closest to the school, as there will be no records of who you are. The school will not have time to pull security camera footage in 20 libraries because someone calls the principal out for violating student’s human rights. I doubt they will even try this at the cloest library.

      2: If the library DOES require a library card or ID, they might snitch to the school or might not. The closest libraries might be asked. DO NOT USE the school library or any part of their network. If the library requires ID/library card, go to a Kinkos and pay with cash, or go to any library that has “15 minute computers” or similar express computers that do not require ID/library card.

      3: MAKE SURE the principal can’t recognize your writing style, and make sure you don’t boast and get snitched on

      4: Do not worry about security cameras, etc. There will be no investigation beyond what the school can do themselves, so long as you are careful not to threaten anything the pigs could consider “illegal.” Don’t be the bully, call out the bullies-and the school will have to do their investigation by themselves and will come up empty. Then you can boast online about how they can’t catch you-and go public the day after you graduate or quit.

  7. D. Pion says:

    Is there any way for us to communicate other than here?

    • dcdirectactionnews says:

      This site is not set up for social networking or facilitating identification of any person, due to the content. Admins of this site have no accounts on Facebook, Youtube, etc for security reasons and do not want to publicly link this site to email addresses.

  8. abdul jabbar says: is safe?
    can i still be traced?

  9. abdul jabbar says:

    ok it is anonymous e-mail service.

    u cannot visit this site?

    • dcdirectactionnews says:

      I do not have time to research and check out every website. Also, even if you trust the website, you need to figure out what level of security you need. As I said before, layer your defenses if you are worried about being traced. There are Hushmail accounts accessed only through Tor, used only to transmit content encrypted by separate PGP/GPG encryption, used only to communicate with similar accounts, thus overlaying Hush’s encryption on top of their own. Hush is not trusted against Canadian warrants, and their hardware was probably made in the US.

      How will your email provider react to a subpeona? Will they pull the plug like Lavabit did? Are they willing to go underground or to jail rather than cooperate with a grand jury? Are their hardware (routers, switches, servers) compromised by the NSA, and will the NSA admit to this for what you are doing?

      If you use Tor and/or public wifi, they won’t have anything to give up if they find themselves on the grill. This protects both you and them. What they don’t log they can’t give up, but how do you know someone else (like the company whose data centers they use) doesn’t keep logs and hasn’t received any kind of data retention order. Be SURE to use HTTPS to make it difficult for the cops to simply intercept the data and log IP addresses themselves.

      For small stuff they may not be able to admit to such spying, but you should never rely on someone else being willing to defy subpeonas and being able to detect 3ed party spyware when it really counts. Protect yourself, don’t rely on someone else saying they are safe because they might not be telling the truth, Don’t “bareback the network,” wrap your work up in as much protection as it needs.

  10. jack riggs says:

    I’ve been able to successfully get tails onto my usb drive and it boots but now, yay no more windows! The iddue I have now is that I can’t seem to run tor. I download it and extract it but the “start tor browser” file doesnt start it. Any advice for a newbie?

    • dcdirectactionnews says:

      I don’t know much about fixing Windows, I don’t use it. Are you booting your machine from the Tails image on your USB drive? That’s a Linux based distro, so if you simply tried to open the drive from Windows and run the start-torbrowser script for the Tails version in Windows it would fail as Windows can’t run Linux binaries. In other words, the version shipped with Tails works only in Linux. If you can’t run Tor within Tails, your download image might have been corrupted and need to be replaced.

      • you have to boot from the usb device if it has an image of tails installed on it.

        And so to the moderator or admin….why require my email? Even if you have a disclaimer? It kinda negates security for the end-user blah blah blah. Comments for security reasons should be allowed anonymously.

      • dcdirectactionnews says:

        That is WordPress’s setup, not something I control. I advise NOT trusting WordPress either, but I have no income and no funds for a paid server, use Torbrowser and a throwaway Hushmail account for this sort of thing. If nothing else it’s good for practice!

      • dcdirectactionnews says:

        OK, I just found a setting in WordPress to turn off the default requirement for an email address. Remember though that WordPress will still log your IP address. I will also have to see if the spam filters can still catch all the spam that you never see published because it is held and I delete it. I won’t let link spammers use this page as a drop site. If I can’t keep out spam and allow anonymous posting, I can either require email addresses (use a throwaway, the auto-generated ones spammers use are easily caught), or turn off commenting entirely. NOTE: if you have had comments published here before, using your email address allows your comment to appear right away without being held for moderation. I can’t turn moderation from new posters off or advertising spam will appear faster than I can log in to stop it.

  11. Bill Wilson says:

    I’m wondering about the minimum precautions recommended for anonymous blogging with content that could be the target of a defamation suit (by an academic, not a major corporation or politician). What I have in mind would be innocuous enough that such a suit would likely be regarded as frivolous, but if the plaintiff subpoenaed, say, tumblr, for an email and IP and s/he was able to discover the blogger’s identity that would be bad news even if the suit was unsuccessful (reputation being, in academia, a big deal).

    My guess is that using something like hushmail to register and blogging from a public wifi would be enough for this kind of thing, since from my (very limited) understanding a subpoena for a civil suit can only get so far as an IP, so there’s no need to worry about tracing a MAC address. Does that sound right?

    Second, would such a blogger be advised not to sign onto any personal sites (email, fb etc.) during the same session, or (assuming that s/he is not already a suspect) would it be impossible to match up blog posts with email sign-ins with only the public wifi IP? And if the answer is yes, would disconnecting from the wifi and reconnecting be good enough, or ought s/he to keep personal emailing and anonymous blogging separated by days or hours?

    FWIW what I’m describing is already more precautions than is probably necessary; the likelihood of the target bothering to file a suit is low as are the stakes. Still, if it only requires minimal effort to register with hushmail and keep blogging to pubilc wifi it’s worth doing just in case.


    • dcdirectactionnews says:

      All your precautions are good, but not being a lawyer I would automatically presume that a really aggressive lawyer could seek a subpeona for MAC addresses if you unknowingly used a place that keeps logs of them and the IP address is staring them in the face after the first round of subpeonas. There is also the issue of IPv6 addresses using your MAC address as part of the IP address unless explicitly disabled. If they get the MAC address that way, they probably still can’t find out who you are, but Torbrowser is so easy to use I would not give them the chance. I judge capabilities, I do not attempt to judge intentions. When using Tor, IPv6 does not work they have neither an IP address nor a MAC address, thus no capability.

      I do not know if there are any wifi hotspots giving IPv6 addresses to computers connecting to them, but surely there will eventually be plenty of them. Check your COMPUTER’s IP address, make sure it is an IPv4 address (Something looking like if not using Tor.

      You really need to use Torbrowser from that public connection. Get in the habit of using it every time you are worried about being traced. It takes minutes to download Torbrowser, it runs easily, and they won’t be able to get the IP address you are using, thus can’t find the hotspot, your MAC address, anything. It’s also free, unlike buying a Wifi card to use once and throw away. The subpeona will stop at the Tor exit node that connected to the site, and the NSA won’t lift a finger for them, neither will the FBI.

      For protection from civil lawsuits, that should be enough.

  12. jim says:

    What are your thoughts on layering TOR with a vpn like torguard or PIA? connecting to the vpn first to change your IP and then connecting to TOR so even if uncovered using TOR they’d only get the vpn info. Sign up for vpn using a prepaid credit card and fake address and choose one that doesn’t keep ip logs. Does this increase security?

    • dcdirectactionnews says:

      First of all, if this is serious, do not trust Tor, a VPN, or anything else to protect your home connection. If electronic defenses fail you have no backup at all.

      I’ve never experimented with VPN services so I cannot evaluate their safety, but in my opinion a paid service, indeed a paid ANYTHING is an additional risk and an additional chance to make a mistake, like getting your face scanned at the cash register the way Home Depot does with every scanned item. I would presume that a free one is one more hoop for them to jump through and no more “honeypot” risk than one malicious Tor exit node, asssuming you never use it from home, to log into your email, or otherwise let it be traceable to you.

      If you use any service for long, beware of government “data retention orders” combined with gag orders that could change a site’s record-keeping policies. Not everyone is Lavabit, willing to shut down rather than cooperate.

      I’ve never had a paid account with any online service in my life and have never used a VPN, so you need to do your own research on them. I have NO idea how these services react to government subpeonas! At least with Tor no one malicious node (exit or otherwise) can see both the source and destination. Not under subpeoana, not at gunpoint, not at all.

      I don’t know of anything that is safer than Tor used right, from a wifi connection with the MAC address spoofed, the hotspot reached by a Pringles can antenna from a spot in the bushes behind a coffeeshop where security cameras can’t see you.

  13. jim says:

    Can you post info where I can find information on the pringles can antenna and how to spoof a mac address. I have a mac not a pc though?
    How secure is Tor? say for example someone posted some whistleblowing blogs about 7 months ago. can they uncover the user 7 months later? or after the fact it’s impossible? all pages were posted using Tor with Tor browser. Thanks for your informative blog.

    • dcdirectactionnews says:

      How long someone can attempt to uncover a user would be determined by when the FIRST piece of information necessary to find that user was deleted. For an ordinary whistleblower not handling “classified information” that might be nothing more than plain old IP address logs. Every server holds their logs a different amount of time, some only for weeks, though Google might sit on them forever. If you used Tor for nothing more than whistleblowing your corporate boss, police won’t get involved,the NSA, Secret Service et all won’t be involved,and any subpeona stops uselessly at the Tor exit node. At that level Tor is very potent protection, I would not worry about it. For plain commercial whistleblowing, even if you had acted openly, my guess is you would have been counterattacked by now or not at all.

      If it were the NSA hunting Snowden and cracking all that Tor traffic they copy five years from now, it would depend on who was the first to erase their security camera footage, their MAC address logs, etc. Smart move in that case would be to dispose of all equipment, neutralizing all threats except security camera footage assuming credit cards were not sued to purchase anything used in the mission. Once that footage has been “deleted” and overwritten with new footage, that is gone. Most of this footage is used for protection against “slip and fall” lawsuits and is kept until that statute of limitations runs out(different in every state).

      Now your other questions:

      I have never had a Mac, would not trust any operating system from Apple or Micrsoft, and I haven’t bothered to hack on any of them.

      Here’s a link to some information about changing Mac addresses in Ubuntu and Linux distros based on Ubuntu such as Linux Mint:

      As for “Pringles Can” and other long-range antennas, they have been around for over a decade, but I have yet to use one myself. A lot of urban “wardriving” can be done simply by using a good USB wifi adapter and a computer store 7dbi gain external antenna. Many coffeeshops and bars seem to have deliberately weakened their signals to counter this, but most libraries have not. If you find a library with a forested park behind it, the 7dbi antenna and quality USB wifi card might be enough to get on their wireless without walking within camera range. Also, hot,humid weather summer reduces range of all microwave devices by absorbing the RF energy, and can cause connections that normall work on other days not to be reachable.

      “Pringles Can” antennas, are simply very high-gain wireless antennas for the 2.4 GHZ spectrum.

      Here is a rough guide to making simple, quick, moderate-performance versions of both can antennas and reflector antennas:

      Be sure any can you use for the can design is all metal!

      You can do a flat plane, a parabolic, or a “corner reflector” very easily with that 7dbi computer store external antenna and some sheet metal. Parabolic cooking screen seem to be especially effective according to the guide above. The whole thing will fit in a shoebox that mades good camouflage. Be sure to point the working side of it exactly at where you expect the hotspot to be.

      A simple flat-plane (flat metal sheet behind device containing antenna, opposite tower side) I have used to help a cellular hotspot stay connected to the network when wet or huimid weather caused too many dropped connections to a too far away tower.

      Here is some info on more sophisticated, longer-range antennas:

      All of these antennas work on exactly the same principles as pirate or Ham radio antennas, they are simply smaller because the frequency is much higher.

      • jim says:

        nothing like government whistle blowing but there may be a civil case in the works but if so, Tor should protect me I’m presuming. i also used a vpn to connect to tor to begin with so even if they were to have discovered an IP it would not be my personal IP and the vpn service swears they keep no logs and give nothing to the authorities. i did not sign up with any of my information OR any cards of my own. so likely a subpoena would be a dead end.
        do you know anything about wordpress, tumbler or blogger data retention/ip log policies?

      • dcdirectactionnews says:

        Assume the worst in all cases-THIS site’s WordPress host included. Also don’t forget data retention orders that prohibit normal deletion by a corporate host. That’s why you used Tor-all they’ve got is the Tor exit node and the buck(and the shit) stops there.

  14. sadia says:

    Hey As My school is not fair to some kids or I see something Illegal Happening in my school .So I would Like to make a Facebook Page And tell whole the people what actually is happening in our school .So How I can I do Without being caught ,I mean They Cant trace Me .
    And Moreover Is MAC technitium Changer good software .Is there any use of changing your mac address

    • dcdirectactionnews says:

      Never heard of that software. I don’t use any paid or Windows software so I am really not familiar with it

      Changing your MAC address, it could prevent someone from connecting a post to you by library/coffeeshop MAC address logs which could be compared to other logins. For chewing out your school that might not be that important, but protecting yourself from Facebook itself is. You really should use something other than Facebook, especially if you have an account there and have ever used the same machine with that account. They HATE multiple accounts, they might use not only cookies but Flash cookies, supercookies, or browser fingerprinting to track you and are notorious for snitching. Lots of people have gone to jail because of Facebook.

      Trying to out-hack Facebook is a job for experts, even I don’t try it. I don’t have an account and don’t even know how Facebook works from the user end, I know only how they are always trying to connect the dots and sell all your information, including your ENTIRE browsing history as collected by “like” buttons unless 3ed party cookies are blocked and a shitload of other precautions taken at all times.

      The “high” level security steps in this page should defeat Facebook tracing you by normal electronic means, but remember, if you cut corners and they identify you, they might be quite happy to rat you out on their own. If you have an account, don’t even try as they might be able to match up your writing style and then even posting from Mars would not help. If you do NOT have an account and use a live disk as a precaution against Facebook sharing button tracking, they will have a very hard job on their hands, but my guess if if you are thinking Facebook you already have an account there.

  15. Jim says:

    If one leaves JavaScript enabled in the Tor Browers contained in the TAILS distro, is it possible for a site you visit/interact with to get your ip address? I’ve read some disturbing code snippets that use JavaScript alone, and sometime in combo with Java to return your ip address to the host system even though you are communicating through the TOR network? Possible? I aske because some sites will simply not function correctly without JS enabled.

    • dcdirectactionnews says:

      That’s not NORMALLY possible, but exploit code can be written in Javscript to do this. Example: a program written in JavaScript to open a non-Tor browser with a screen resolution of zero and contact the site over a non-Tor connection.

      If you don’t trust the website not to try to defeat Tor with deliberate malicious JavaScript, don’t use it. Alternately, if you are hacker enough to do this examine the page source and see what the various JS elements really do. This is scripts, not compiled binaries. If none try to make a non-Tor connection, nor read your IP address locally and transmit it, you should be OK. If you see obfuscated code, don’t let it run. I’m not sure what the limits to JS are, but it can do a lot. My cinnamon desktop is written in JS, as it is a fork of gnome-shell, also written in JS. If it can run a whole desktop it can do plenty.

      Tip: a LOT of tracking is done by 3ed party servers, always block ads and known trackers, never let them run JS for this purpose or any other. Never let Google, Twitter, or Facebook run javascript on other sites either!

      • Jim says:

        Very detailed and helpful answer – thank you. One follow up question. Doesn’t the TAILS distro prevent exactly the thing you mentioned: creation of non-Tor connections? Thought I remember reading that one of the points of setting up the custom Linux/Debian environment booted from a stick was prevent “unauthorized” outgoing connections (i.e. – all communications HAVE to go through Tor network by design – no exceptions). The question then becomes – would the JS need to create a separate outgoing connection to communicate the ip address to the host, or could it use the existing Tor connection to pass on the ip address. I’m not familiar enough with JS to see how that might work, and maybe that’s a question better directed to the Tor/TAILS folk. But always looking for input, kind people of the DC direct community. Any thoughts?

      • dcdirectactionnews says:

        If an attack can gain the ability to run software simply as a user, the only thing that would prevent them from say, running their own wget binary from the .mozilla directory or from /tmp to fetch a 1×1 pixel image without Tor(revealing your IP address to them) would be for the entire network stack down to the kernel to be Tor-only, with no user ability to modify this. To stop this would probably require all partitions containing executables to be mounted read-only, and for all user-writable partitions to be mounted “noexec” so nobody but root could run ANYTHING that wasn’t preinstalled in the distro. A privilige escalation attack could still defeat this by replacing any binary or simply running arbitrary code in a shell. This would NOT be easy, and if the Tails authors or any of their supporters found the zero-day first the hole would be quickly closed. This is one reason you should use only the current version of TAILS if your ass is on the line, and avoid using Javascript at all if possible. Select destination sites either using either trusted JS or which can accept a post using none at all.

      • dcdirectactionnews says:

        WINDOWS USERS WARNING: The CIPAV exploit against an old version of Torbrowser (one using FIrefox 17ESR) that targetted Windows computers last year to reveal IP addresses and machine serial numbers to the FBI used Javascript alone, it was uploading onto a Freeedom Hosting .onion site. It was useless against Linux and didn’t run on Macs either. You had to run Windows and allow Javascript to be vulnerable.

  16. Anony says:

    I am not getting my question reply regarding what if sms is sent through website (website redacted) using tor browser , is it traceable ?

    • dcdirectactionnews says:

      I am not including your website link, as it is a commercial site and I won’t risk spammers sucessfully exploiting this site. I had no way of knowing if your question was from a real person or a machine-generated comment intended to publish the website name. Anyway, it does bear answering, keep in mind what I will say below applies no matter what website you use, I know exactly nothing about the one you linked to other than that is is commercial and should thus be presumed to log anything they can for sale to advertisers.

      I don’t know anything about SMS except that cell phone companies log it with trivial ease, it should NEVER be used for secure work. Now, if you managed to connect to a website usng Torbrowser and send a message that way, it should be untraceable. The message will still be logged by the recipient’s phone company, but the trace should stop at the Tor exit node that connected to the website, UNLESS the website contained a javascript or flash exploit aimed at unmasking you. If you don’t trust the website, never enable JavaScript unles you are hacker enough to read the source code and check what each JavaScript program does. Never enable flash/plugins at all if you are worried about being identified! If the content is REALLY hot, read the full article and do your own research from that point.

      If you sent a message OTHER than by http/https web connection, I have no idea if your program to send it even used Tor. The Tor Project warns against opening documents retrieved via Tor while still connected to the Internet for this exact reason: Your PDF or other document reader might follow a link in the document and connect to the Internet, not using Tor as it is not a browser at all. Having Torbrowser running while sending an SMS by phone or making a phone call is no protection at all, as a totally different program is involved. This would be like wearing a condom while shooting IV drugs with shared needles and thinking the condom would keep you from getting HIV!

  17. Anony says:

    Thanks for your reply. I just mentioned website name so that you can see that site & research for proper reply. I am not technical guy. I open that site through Tor browser & it did not ask for registration etc. It ask for mobile no where sms was to sent & than before sending it ask to put security code & message came SMS sent succesfully. It was delivered & now Cops are tracing. Can they trace?

    • anony says:

      Please reply . If possible please visit that site & open through tor browser & see if it has javascript or flash exploit aimed at unmasking to reveal my actual IP. However it did not ask to instal extra plugin & javascript. It did ask to put security code before message was sent. PLEASE REPLY

      • dcdirectactionnews says:

        I don’t have time to go to and evaluate random websites, nor do I have enough JS skill to properly evaluate complex code. I’ve only done simple gnome-shell extension editing in JS, and Flash is binary for which I would not even have access to source code. Your request is well beyond the degree to which I would trust my skills in dealing with JS.

        As for Flash, Torbrowser disables it by default, you can manually enable it and will get a warning if you do.If you did not, forget Flash exploits. One more point: if the website is physically hosted in a country you do not live in, your country of residence would be unable to get a warrant to look at any logs they have, only a major case where international agreements come into play would get around that. If you are seriously worried and the content was “hot” do not travel to the country hosting the server you used. Also, to use a JS or any other exploit to go after you requires admitting in court to the existance of the exploit if you are dealing with the US or a similar court system. If the exploit is of “high value,” you will probably be ignored unless you are a high value target. When they use an exploit, the often lose it!

        The NSA has whined about how much trouble they have getting around Tor, that itself is a strong endorsement of Tor’s security. It’s not perfect, but it turns a trivial IP address lookup into extremely difficult hacking and detective work that is difficult against anyone and nearly impossible against a skilled opponent. Torbrowser is set up by default so that a random user in someplace like China or Iran is unlikely to be caught and executed if they follow the Tor site’s own advice for using Tor securely, some of which does not apply for other use cases of Tor like bypassing censorship by your ISP.

  18. abdul says:

    how goverment detect post or frad of someone who is using public wireless internet on mobile?? (public wireless internet places 100 of peoples r using)

    • dcdirectactionnews says:

      The exact same way they try to find out who posted a call for a Michael Brown protest so they can harass organizers after a protest escalated. The exact same way they try to find out who is calling for Occupy protests against banks evicting homeowners. I am NOT willing to see dissidents sent to prison for opposing fracking and tar sands mining here, or beheaded for supporting Gay rights elsewhere, just to make Internet shopping a little safer from the frauds and hucksters who operate from countries the target countries can’t extradict from anyway.

      See the parent article for how governments track dissident postings, and maybe go after a few con artists when they have time left over.

      • Mark Henderson says:

        You mention the vulnerabilities with having JS enabled but from what I have discovered very few websites will operate without it. You mention Hushmail as a good alternative for an email provider but even it will not allow you to create an account without JS enabled. Am I reading too much in to the JS vulnerabilities and can trust and thus add many sites to my whitelist? Pretty much any site which requires a login and password requires JS enabled. Does this mean they have access to your true IP address/MAC address if you are using TOR with JS enabled? Thanks for all your help.

      • dcdirectactionnews says:

        With the NoScript extension included in Torbrowser you can enable JS in the sites you do trust, yet not for any adservers or trackers on them that are the likely source of malicious tracking code. By default it is set to allow JS globally. Click on the circle-s to the left of the address bar and set it to “forbid scripts globally.” Now, any 3ed party javascript used to monetize the website in question-or embedded by a malicious ISP or wifi hotspot, won’t run even after you enable JS for the top level site in question. My advice? Keep that whitelist SMALL, use temporary permissions instead. Start with NO whitelist when it counts, enable only the site you are using, if that doesn’t do it you can enable JS from related servers known not to be ad or tracking servers, such as (something)apis, (something)ajax, etc. The server logs they get for sending the code will contain your Tor exit node’s IP address, not your true one, but each of these is still more programs running on your computer. If you must enable any JS at all, make damned sure you are not talking to someone who can predict who you are and send malicious code in reponse to a warrant, an NSL, etc. Hushmail appears to be safe UNLESS they get a Canadian court search warrant. They themselves say they could be forced to sent malicious code in that case. Consider using websites physically hosted in countries other than your own to force international cooperation for any investigation to work,

        JS will not normally reveal your IP address, but it is possible to write malicious JS (which is a programming language) to do things like get the computer’s IP address and email it somewhere. When it really counts, layer your defenses by using Tor from a public wifi hotspot where you are not known. Never trust only one layer of defense to keep you out of jail or off the torture/execution table. Tor at home is for staying out of Google’s and other commercial databases, that’s about it. Protecting your identity means engaging in hacker war. The Torproject is a great ally, but just like in any other war you don’t want to bet everything on someone else’s troops being able to win every time.

  19. freedom lover says:

    How about this: how about tossing out ALL laws that criminalize victimless crimes, ALL laws that clearly violate the constitution as written and intended (from founders point of view), abolish all titles of nobility from holding public office, and replace all law enforcement officers with the civilian militia in the capacity of peacekeepers?

    One should *NEVER EVER* have to worry about being sued, drug into court for anything they say, and never have to worry about being watched, redirected, filtered, or blocked.

    Freedom of speech (with total impunity) is a basic human right for everyone.
    The only limit -maybe- on freedom of speech is the speech that spews out lies.

    Best advice – spy on those who could harm you. Keep and share records of ALL government officials and especially cops & their families.

    An end runaround works really well…..

    • dcdirectactionnews says:

      Good idea to spy on the government and PUBLISH their personal info, but also never forget to defend yourself while doing so. Nobody wins in sports, war, or anything else without playing both defense and offense. Dealing with these assholes works like insurgency warfare: the insurgents must preserve their forces by concealing who they are (an effective defense) while bleeding the enemy until he quits (an effective offense).

      Also, never rely on politics to protect you when you have the ability to get the technical means to protect yourself directly. A bill to rein in the NSA may or may not pass in the future, but Tor can give them a royal headache right now. Net neutrality may or may not be achieved tomorrow, but Comcast and Hollywood are helpless against filesharing on peer to peer mesh networks today. Ask the former Tunisian dictator about mesh networks and how they defeated his Internet shutdown!

  20. Scott Hudson says:

    I am having a running discussion on this for some time. My friend thinks I am wrong obviously I think I am right. So I am letting you be the judge. The fine for the loser is a big steak dinner.

    I think I can not be traced if I do the following and my friend says i can be,

    Step 1: buy a computer or laptop or notebook for cash

    Step 2: go to a public place and hook up to their WiFi

    Step 3: create an email account through something like yandex to send and receive emails

    Step 4: never hook up my computer to anywhere that I can be traced to like my home, friends or
    workplace, use random public places to hook up to

    Step 5: never purchase anything over the internet with this computer

    Step 6: when you are done with the product or at least periodically dispose of the computer/laptop

    OK there it is tell me what you think. I really do want that steak dinner.


    • dcdirectactionnews says:

      Every one of these steps helps BUT: If you buy the computer with cash you must never activate Windows/create a Microsoft or Google account or the IP address you use will go into Microsoft’s records as tied to that computer. Local cops won’t get that but the FBI might. Using public wifi in and of itself makes it impossible to track you to your home address or connection, but security cameras could catch your face. If security cameras are a concern, either wear a disguise, use Tor, or both. Tor will stop them from even finding the public wifi hotspot, thus deny them the camera footage. If they beat Tor, they still don’t have anything that generates a suspect, just a picture of someone wearing a disguise. Maybe nothing if you sat on the toilet to use that computer.

      If you hook up to a traceable connection and then go to a site like google that tracks hardware, that could theoretically find you although no court case has yet been based on Microsoft activation records, ad/tracking servers records, or browser fingerprint logs of websites. This is much more of a problem with PHONES, as they have a unique ID the phone company has access to. Cetainly never use it to shop, shopping sites probably use browser fingerprinting to “secure” transaction and the combination of that with a credit card is like buying the computer with ID.

      Lastly remember this: if you are using the computer for anythuing REALLY heavy (such as a bunch of cop cars destroyed after cops shot someone), it’s a lot cheaper to smash and replace the machine than to hire a lawyer after getting caught with it. Never put all your eggs in one basket. Your hacking skills make you hard to catch but remember that the other side has hackers too. I would not want to bet my hacking skills against the best the FBI or even the local police department has just to get out of buying another $180 Chromebook to wipe and install Linux on.

  21. annabelle says:

    This may be a silly question, but am I endanger of being exposed if I posted a comment on a public figure’s Facebook page asking if a rumor was true about an extramarital affair. I always use Tor browser while on social media or any site and the email account connected to my Facebook account was created using Tor, too. The post was there for less than one day before I discovered that it was removed. There was no vulgar nasty content in the message, just asking whether anyone knew if the rumor was true because I said I had been in contact with someone who said it indeed was. I’m worried now that I am endanger of a lawsuit or Facebook coming after me. What do you think the chances are of that Facebook could track me down if the email I used to create my account (gmx) was done while using Tor and also the post was made while using Facebook through the Tor browser. Should I be worried? It was honestly just a question asking about a rumor and not intended to make a new rumor. Thanks for any help you can provide to me. 🙂

    • dcdirectactionnews says:

      First of all, Facebook no more has the time to sue all the people who do this sort of thing than I have to sue the thousands of posters of racist shit comments on Liveleak. There are so many banned posters, banned accounts, and removed posts on Facebook the odds of being targeted by them are ZERO. In addition, a single such lawsuit would cause tens of millions to close their accounts and even Facebook knows it. They would not dare. A website that sued one of their users for breaching terms of service would get no more users, might even go bankrupt.

      Now, assuming you used Tor every time you serviced the email account and every time you serviced the Facebook account, it is over 99% certain that they could not identify you even if someone served them with a subpeona. Even if the NSA has tools to defeat this(and it seems they usually cannot), lawyers in civil cases would have absolutely ZERO access to such “national security” information, hacks, etc. Even if you posted false evidence of an affair involving a Senator this way you would probably be beyond reach. Hell, using the corner library’s wifi would probably be enough for divorce/affair shit so long as you do not have a library card and are not logging into anything with your “normal” information from the same connection then or ever.

      • Annabelle says:

        Thank you so much for answering my question! I was still feeling very uneasy about what I posted after reading too many articles online about the possibility of being sued for libel, so I feel better now after reading your reply. I do have a few more questions that maybe you can answer for me if you have time: I made the post on the celebrity’s FB page from here in the US, but the celebrity lives in another country and so does the person who rumored to be involved in the affair with the celebrity. Could I be sued by either of them for libel if they live outside the U.S. and is it possible that they could request FB to expose my true identity? I created my FB account using a false name, etc. and the email used to create the account was also created using all false information, and I created them both while using Tor. The post stayed online and I discovered that it was removed from the comments the next morning. The person who I alluded to being involved in the rumored affair wrote a personal message to me to say that she is not involved in an affair with the celebrity and that they are only friends and that I should not believe everything I hear. (The zinger here is that I have strong evidence that she is not telling the truth because I have been involved with the celebrity, too, and was hoping that someone might come forward after reading my post to confirm if it was indeed true before I present it to the celebrity personally.) It’s a messy situation and I feel terrible now for what I posted, but I didn’t know how else to seek confirmation. (In hindsight, not very smart because it has left me feeling worse than I did before I had only just heard the rumors.) I have only officially logged into my false FB account twice since my post -once in the morning when I discovered it was deleted, and later when I contemplated replying to the message I received. I did try to access my account again a few hours later because I was still wrestling with a reply to the person to tell her what I really know and how I am connected, but when I tried to log in then, I received a FB security pop-up to solve a captcha, which I did not do. I think that’s what made me panic more because I thought maybe my account was flagged, but maybe you can shed some light on this and tell me if the captcha popped up because I was using Tor and the circuits are always different, so maybe it’s just a FB precaution to see if I am indeed a person. I’m hoping that is why it happened and not because I am being investigated now. I am scared I’ll be exposed, and even though I have enough evidence to prove truth, especially because I am involved with this celebrity, too, I would just rather stay anonymous and end the relationship now without the celebrity knowing that I publicly asked about the rumor in effort to obtain published proof if someone were to step forward to confirm it. I apologize for the length of my message, I just wanted to provide more details because I made a really bad decision and just want to know how possible it is that my true identity could be traced if either the celebrity or the other person decided to sue for libel. I hope that using fake email and FB accounts through Tor are enough to keep me safe, especially if the people I asked about fo not reside in the US. What would it take for either of them to request disclosure of my IP? Would they have to come to the U.S.? What would happen if either sued me for libel in their own country? Could I be served with papers if I enter the country where the celebrity lives (which I do quite often for obvious reasons)? Maybe I am overreacting, but if you can help answer any of my questions, I would be so grateful. Thanks again!

      • dcdirectactionnews says:

        I am not on Facebook (in fact I block them in my computers)so I know nothing of their CAPTCHA system. As disgusting as facebook is with their militant anti-privacy policies, they do not have the resources of the NSA or of the FBI at their disposal, nor do libel lawyers. This is a “low to medium security” case, nowhere near the Snowden level. For Facebook to get you, you would have to have logged into the account at least once without Tor, or into the email account at least once without Tor. Even the NSA says “most of the time” they can’t beat Tor.

        If you have trouble, it is unlikely to come from Facebook nor from their security techs. It would come from old-style, real world investigation, not Internet records. Did you boast at the bar about your posting? Does it match a large volume of posts under your own name b writing style? Did you use inside information nobody else would have? If so, anyone acting on this could claim falsely to have defeated Tor, cops are allowed to lie and private investigators should also be presumed to be lying if they claim this.

        If the celebrity lives in and is important in a country like Egypt (coup government) known for arbitrary arrests, you could be targetted simply for being the right age and gender to have had the information! If the celebrity is a government offical in the offending country, there is still a 99% chance that the only way to identify you by computer would be to compare the post to all other writings of likely posters. That’s how the Unabomber was caught: his brother recognized his writing style. Staying out of the offending country will make it much harder for them to act on this sort of thing.

        If you are sued in a country in which you do not live, you are not a subject of that government! Refuse to go there, refuse to answer any case in their courts as they have no jurisdiction over you unless you travel there or have a “business presence.” That’s why China can’t sue Google in Chinese courts, then collect a judgement for violating Chinese censorship laws. Some countries will recognize some foreign judgements against their citizens, others will not. Many European countries for instance refuse to enforce judgements from US courts. This protects European authors of open-source software that defies US software patents.

        If you are in the US, consider this Wikipedia story:

        It is a world-class pain in the ass to sue someone in another country, and there are HUGE limitations to jurisdiction. When the suits are recognized at all, there are big limitations such as not enforcing foreign tax laws (in the US), US judgements in most of Europe. Look at the lawsuit by Japan’s whalers in US court against Sea Shepherd: Sea Shepherd Australia simply cut all business ties with the US and proceeded to ignore this unjust judgement. The whalers lost the resulting sea battle even after “winning” in the courts of a nation the Sea Shepherd fighting ships had no need to enter and whose flag they do not fly.

  22. Anonymous says:

    Hi and thank you very much for this site. It’s very helpful!
    I had a quick question though, I live somewhere where people can be killed if talking about certain aspects of politics kinda similar to North Korea and I really need to send a comment on youtube. I’m using 2 separate VPN services and another software to hide some of the information relating to my pc (time, os, …) and I won’t include any of my real info while making a Gmail account (especially if I figure out how to go around that ever-annoying phone verification phase). Is that the most I can do?
    I would use a public internet but unfortunately I have to stick with a home connection.
    And another quick question: about a year ago, I’ve been very careless and sent a political text ONLY using a VPN (Hotspot Shield) and I don’t own that pc anymore even though I’m using the same internet connection under my own damn name. Do you think I need to lose more sleep at night worrying about that?

    • dcdirectactionnews says:

      I cannot keep up with requests for personalized information for two reasons: time, and the possibility that these are coming from the cops here. Do some digging of your own, I can’t predict the behavior of a foreign government, the quality of their purchased(usually European) spyware, or how much energy they put into a case. I’m still only one researcher-and if I miss something about your situation, you are the one that gets put in danger.

      A thought to consider also: avoid long/repeated interactions with any potential opponent.

      • Anonymous says:

        Oh, I’m sorry, I just thought you’d be able to answer my question too since most other people here had their questions answered; I didn’t mean to bother you. And I have no way of proving this, but I’m not a cop and I’m willing to bet we are not living in the same continent so there is no way of “following up” on any case here.
        I have been digging a lot but so far the only place that had practical advice for the average internet user (and not pro hackers) was here.
        Still, thank you very much for the info and I’ll make sure I wouldn’t linger in the scene.

      • dcdirectactionnews says:

        An update has been made to the article

  23. One says:

    Hi, I realize you’re very busy and I highly appreciate your site.
    I just had a very quick question about YT since you discussed it earlier: If we comment or do anything else except for uploading vids, will officials (who filtered the site in some countries) usually try to track the person based on whatever they posted in that specific session or will they try to track the gmail account and any ip used to create the account related to it (providing there’d be no real info in the name)?
    P.S.: this is also related to different views on politics not some messed up cybercrimes or anything in case you’re wondering.
    Thank you a whole bunch in advance.

    • dcdirectactionnews says:

      I do not travel so I have exactly zero idea what your government intends to do. I try to judge only capabilities and not intentions.

      If your government is blocking Google, chances are Google is refusing to comply with that government’s demands for tracking information or censorship. Check this yourself though as I have zero personal knowledge of this except for the well-publicized example of China.

      Google can under US law refuse to comply with warrants and subpeonas from countries like China from which it has withdrawn all local business presence and all their people. China is however the only example I know of in person, you must check for yourself

      In China Google could track you if you could get to them without Tor but won’t help the government, which must rely entirely on their own resources to track you. To take advantage of Google’s own data-hungry ways they would need a spy inside Google or an exploit into a Google server or software (JS included).

      • One says:

        Thank you so so soooooo much both for the quick reply and for sharing your knowledge!
        YouTube is blocked here but everything you said makes a lot of sense and since at least in appearance the regime in this country (not China or North Korea though) is “against” the US government and vice versa I think, exactly like you mentioned, they might not be able to get the information Google has that easily. All of your suggestions and solutions helped me A LOT! THANK YOU A TON AGAIN! You’re seriously great!
        *slightly bows down*

Leave a Reply to anony Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.