Creating Youtube accounts securely-with NO “Phishy” phone verification

Update 9-1-2018: While I have NOT tested this against Google (as I don’t want any accounts with them) many web services that demand SMS verification can be fooled by websites that offer dummy phone numbers that accept SMS messages and seemingly exist for this very purpose. An arms race now exists between providers like Google that seek to block such phone numbers and the rise of new providers and of new phone numbers published by existing providers. No idea if this ever works with Google but free to try. If this does not work, burnphones are a lot cheaper than they used to be (even with Chump’s China tariffs) and also protect your other devices from being fingerprinted by Google. Just be sure to encrypt any phone used for this-and get rid of it after posting anything for which you could be arrested or harassed by police, FBI, Secret Service, etc.

Note also that the rise of smartphones means Google probably now expects most accounts to be made from phones, which could single out non-activated phones, tablets, and laptop computers on coffeeshop IP addresses (much less Tor) for more scrutiny than ever.

Update 3-19-2014: We no longer recommend having an account with Google at all due to the spread of tracking software. Due to this we recommend never connecting to Youtube/Google at all except via Tor, and with Tor you cannot predict the ZIP code of the exit node’s IP address, thus the methods described below would not work. Due to abandonment of all Youtube accounts formerly used here, we no longer know what games Google is using to block multiple or private accounts.

UPDATE 2-14-2012: Google now says they will use device and browser fingeprinting to track users, officially beginning March 1. Lock out comments on your Youtube Account and abandon it today!

If you still need to create new Youtube accounts, you will need to spoof MAC addresses at the least and boot from a common live disk. At most you might need a new COMPUTER until tools to block or spoof device ID techniques are develeped. You can firewall out Bluecava device ID by adding[2|3].swf

NOTE THAT WORDPRESS IS ADDING http:// to the first line before the www and I cannot stop this site from adding it, REMOVE it from the text actually use!

to /etc/hosts ,but Google is so big they will probably do and probably are already doing device and browser fingerprinting in-house. Turning off Javascript will kill it as long as you do NOT use Google Chrome, but you can’t administer, maybe can’t create a youtube account with Javascript disabled.

UPDATE: The technique described below no longer works from any IP address that has created a Youtube address generating “content ID” copyright matches, maybe not from IP addresses previously used to create youtube accounts at all

While this still works from “dynamic” or new IP addresses, Google is now cross-indexing so much information on youtube account holders and maybe video viewers as well that the advice below must now change to: Use (free and non ad supported) or (ad supported and has trouble with far-right commentors but no censorship and often a lot of views in-house) instead of Youtube.

None the less, the procedure below should still work on “youtube virgin” IP addresses coupled with “youtube-virgin” email addresses And a computer for which Google does not have an OS fingerprint and cannot get a “device ID” as used in mobile devices from

Think, though, before using any Google service for any purpose-and your videos may disappear if Youtube decides to kill your account. Therefore, NEVER access if from any of your previous IP addresses if you have had prior Youtube problems.

If you want to post videos to Youtube (say, one showing illegal activity) without the pigs knowing who you are, without giving them a phone number or other “real” personal information, there’s a way to do it.

Google/Youtube is now often demanding that new accounts be “verified” with a cell phone text message. Smells like “phish” to me-like someone asking you to “verify” your email password so they can ask all your contacts to wire them $5000 to an airport in London. Also smells of the MPAA, the RIAA-adn the FBI, if you are into Animal and Earth Liberation work, for instance.

Obviously this just won’t so, as it would be such a waste to buy an expensive prepaid no-ID phone and then throw it away just to post one video to Youtube!

Here’s what the good folks at Black Hat World have to say about it:

Google/Youtube now checks that the ZIP CODE you give them matches or is close to the IP address of the Internet connection you are contacting them from. No match, they ask for “account verification” like someone phishing for your personal info might do. They MIGHT also be doing this when names end in random numbers’ etc, though I have yet to test that.

Therefore, you need to know the zip code of where you are using that wireless connection or public computer to securely set up an account. First, set up an email account-NOT with gmail. Yahoo, Hotmail, Hushmail all fine, you will be using it exactly once.

Next, go to Youtube and make your account. you want this to look like a post from a home computer with real personal information, which you are of course not using. Make sure the state, country, and Zip code are those the wireless connection or public computer is really located in, no matter what area your video is to be from. It will usually go right through,with NO demand for SMS (text message) verification according to my tests and those of the Blackhat folks.

If it does not, something may have changed, but try another email address from another wireless acccess point/public computer, as there may be some they do not like, choosing names for the email address that don’t sound “spammy” Surely you don’t want your ALF videos mistaken for spam!

I suspect Google can’t really demand this of ALL new Gmail or Youtube accounts without causing most people to refuse to “verify their accounts” and simply switch to Dailymotion and to Hushmail, for example. Let’s not forget, we are always reminded NEVER to give out account numbers, passwords, etc due to “phishing” attacks, and many people will simply assume they are being fed a fake Youtube page phishing for their phone number!

Note: This means Tor won’t work, as getting the exit node’s zip code is unlikely to be possible, though so many exit nodes are in Germany you could just try again and again from, say,Berlin, until you are sucessful.

4 Responses to Creating Youtube accounts securely-with NO “Phishy” phone verification

  1. Dissapointmeant says:

    Doesnt work

  2. Pingback: Youtube / Google asking for mobile phone number

    • dcdirectactionnews says:

      Browser/device fingerprinting (cookieless tracking) is REALLY ugly, but I’ve expected this. That’s why I do not connect to any Google-owned server except through Tor. Torbutton not only blocks ISP logging, for some reason it also blocks browser fingerprinting. Blocking Javascript also limits browser fingerprinting UNLESS you use Google Chrome, which reports far too much information in http headers. Don’t use Chrome, and use NoScript if you use Firefox without using Tor. Torbrowser is a particular build of Firefox with Torbutton always on, and https for all sites (like Google) that offer https. That way, your ISP can’t log your Google searches becauase of HTTPS. and Google can’t log them because your ISP is alwasy changing with Tor sessions and the browser can’t be fingerprinted. You can do Google searches with Javascript blocked, NOT using Tor if and only if you have a dynamic IP address, because Google can’t subpeona your ISP for logs of what IP addresses where used when and by whom. Cops could subpeona both the ISP and Google, piecing the search history together would be labor intensive but doable. If this is a concern, access Google only by Torbrowser. For anything like Youtube where you must run Javascript, you must also run Tor.

      QUESTION for all you hacker comrades: How hard is it for Google to exploit Flash or Download Helper to get the true IP address of a Tor user by bypassing Tor? If they can do this, than Youtube can’t even be used to WATCH video anymore except with a common laptop, a common OS, and a public library or coffeeeshop connection! (Needless to say, NEVER add extensions other than NoScript to your main copy of Torbrowser! Use a second copy for this sort of questionable shit)

      While we are on the subject, it is absolutely crucial to block Google Adsense, Google analytics, Google+, Facebook and Twitter sharing buttons, etc for privacy reasons. SHAME ON EVERYONE who has a blog or website and runs Google adsense or otherwise sells ads on it!

  3. dcdirectactionnews says:

    Best alternative to Youtube is, as they return the original video file with no further lossy compression, are not supported by ads, and don’t use trackers. You have to promote the video yourself, but this is mostly true anywhere outside the big ad-supported social media sites. As a rule, sites that do not suppport themselves by advertising should be used whenever available, and Archive is a good one

Leave a Reply --WARNING: do not "Comment using Facebook" or using Twitter-you expose your information to 3ed party tracking

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.