(Sorry, but this is US-centric. Many countries make it much harder to be anonymous with a burner phone).
Here are the ways the authorities can connect you to an online communication:
- IP address
- Device signature (like the processor, screen size)
- Browser signature (build, plugins)
- Phone IMEI number
- Online service provider (your email provider, Facebook, Twitter etc)
And of course if they get hold of your device, they can look at your history.
Using a public computer or public WiFi is better than your home PC, but there’s still plenty of evidence they can use, and with video cameras everywhere, they might be able to place you there at the time a message was sent. The mastermind behind Silk Road was caught is a public library…
Consider sharing devices and subscriptions!
Phones and internet connections need to be paid for and usually some ID. That doesn’t mean only that person is authorised to use it. Say there are 10 of you with privacy concerns. Form a “business” and the “business” supplies everyone with a phone. Then be the sort of slacker organisation that keeps no record of who has which phone when. Then apply all the other methods…
1a. The first part of the solution is a burner phone
A phone that you didn’t buy directly (pay some kid to buy it for you with cash), and nobody knows you have it (not used as your primary cellphone, and you don’t usually have it on you or findable where you live).
So if you need to register the phone, you must use fake details. Use the details of a store or business that is not connected to you in any way. Now you have a device that is 100% safe in terms of the authorities knowing who owns it.
Only use the burner phone for private communications. Don’t install other apps, don’t browse the web. Don’t use the phone anywhere near your home, work or other place you are known to frequent – the phone company will know your location. Don’t use it anywhere where you can be seen by a surveillance camera.
If you can’t activate a burner phone anonymously where you live by entering fake details, consider not activating it. You can still use public WiFi. Ideally use a WiFi that is very popular (like a busy Starbucks) and use it outside the building and away from security cameras. Wear a hoodie! And don’t use the same place twice.
1b. Wifi Modem
For an extra layer of safety, use a de-Googled smart phone via cellular WiFi modem. This is a data only internet connection for when you are out-and-about.
Don’t get 5G, it can locate you too easily. 4G is only accurate to say a mile via cell-tower triangulation. If you have to register it, all the government will ever know is your approximate location and the IP addresses visited (use VPN). The sim card is not attached to GPS, photos, SMS etc. This means only using apps for communication, preferably by buying a de-Googled phone. Or making one yourself (be aware you cannot do this well and cheap).
This is a good overview on how to put all the hardware together:
Of course you want your communications to be private as well, in both directions:
2. Use aliases
Use free, public emails like Gmail. Or Twitter. Use your burner phone’s number for verification. Make up usernames for yourself, and make sure they have no connection to you (don’t use your star sign or your dog’s name or your maiden name or the street you grew up on, etc). The person you are communicating with needs to do likewise.
There are free email accounts that are aimed at those seeking privacy. These might make you standout from the crowd more, but less likely than Google or Twitter to divulge your details:
- Riseup – a collection of free privacy services, including email. Accounts are free, and anonymous, but you will need an invite code.
- ProtonMail – based in Switzerland and safe, but they will want a phone number.
And of course talk in code. Don’t mention the actual thing that might get you in trouble. Don’t mention friend’s names, or anything that connects you to a place or an organization.
3. Use Tor to hide your IP address
For hiding your IP address, you could use a VPN (Virtual Private Network), however these are run by businesses and most wouldn’t think twice about sharing your data with the authorities. They also cost money, and paying for something anonymously online isn’t easy.
Use Tor to hide your IP address. It is free, and run by volunteers. This is an extra precaution, but shouldn’t matter with a burner phone if you do every else perfectly. Tor browsers you can trust are Orbot (Android) and the Onion Browser (iOS). Make sure the browser is up-to-date, as vulnerabilities have been found in the past.
4. Use PGP to protect your email content
PGP isn’t free, but OpenPGP is, or you could use GPG. These will encrypt the content inside your email, but not the metadata. The metadata contains details like IP addresses (disguised by Tor), the to and from email addresses (anonymous), and the subject line. So don’t put anything meaningful in the subject line.
Share your public PGP key offline, either in person or by post. Your email content will be safe.
5. Know who you are communicating with
If the authorities are suspicious, they might try to contact you via the email or Twitter handle you are using. They might use a name that is almost the same as your friend’s, or they might intrigue you somehow. So be wary. Always check incoming messages carefully, and always be sober and awake when doing so.
Don’t click on links you come across or are sent, unless you are sure they are safe.
Don’t communicate with yourself. Don’t follow you anonymous Twitter account with your everyday account!
6. No GPS
No matter how anonymous you make things, if GPS is active then there is a chance an app/service/provider/government knows you location. Even if they don’t know who you are, it is easy to work out via the two places you spend the most time – home and work.
—–
The information above has come from two recent articles, both inspired by Edward Snowden’s escapades, by Micah Lee at The Intercept, and legendary hacker Kevin Mitnick at Wired
