[scholia]

You might still be tracked by device fingerprinting

https://en.wikipedia.org/wiki/Device_fingerprint

Also, I guess you'd have to make sure you used a VPN that didn't keep logs...

[thrwyparanoid]

Great point. I'd probably have to use ad-blocking software, Ghostery and even then do manual oversight on all outbound requests. I could use a sophisticated proxy to do this on the fly when necessary.

[bediger4000]

Instead of traveling hours out-of-state to buy a laptop, how about buying one used, maybe from a pawnshop or a garage sale or one of those one-man-show used computer stores? Its possible that pawnshops have cameras on all the time, but anything in it is likely to be, maybe not "hot", but disowned with extreme prejudice. You'd be putting a cut-out between yourself and the purchase of the laptop.

The Step 5 checklist should include setting a random hardware address for the wireless card or ethernet port. Maybe you can obtain MAC addresses using nmap in one coffee shop, then use them in another shop.

Step 7, get a USB wireless that lets you put a directional antenna with high gain on it, so you can actually be some distance away from the coffee shop, library, etc while you use it.

[thrwyparanoid]

Excellent points...spoofing a MAC address and using an antenna would make things safer and easier. Thanks.

[brudgers]

There are a lot of things more wrong than black hatting and the drug trade, and this smells at least like something illegal given all the concern about cameras.

My critique, put your energy toward something that you are comfortable being associated with instead.

Good luck.

[Mz]

Step 7: Only access the internet using cafe Wi-Fi and other networks not tied to myself.

I spend a lot of time in libraries on public computers or on public Wi-Fi. Their policies often state up front that there is no expectation of privacy, that staff can check up on your activities if they have reason to do so. I have not paid much attention to policies at, say, Starbucks, but I wouldn't be surprised if they have similar policies. Furthermore, my understanding is that Wi-Fi has pretty big security holes compared to a landline. Plus, if you are a regular, people will recognize you.

I gave up driving years ago and I walk everywhere. This is bizarre and noteworthy behavior in the U.S. People stop me and talk to me and say "I see you walking All The Time..." The degree to which people in cars notice me, recognize me and feel not only free but compelled to speak to me is downright creepy.

So I will suggest that if you spend time very regularly in cafe's using their Wi-Fi, etc. people will not only recognize you, they will feel friendly and curious and like they have some goddamn right to grill you about your life and why you are there all the time and so on and so forth.

I also agree with AnimalMuppet that the lengths to which you are willing to go in order to be "completely anonymous" raise enough red flags that someone, at some point, will take an interest in tracking your ass down and that "someone" may very well be a government agency. So while I get annoyed at how humans are wired and how they conclude they have some goddamn right to grill me merely because they fucking recognize me when I have no clue whatsoever who they are, beyond being annoyed as hell at the whole thing, I don't really need to worry too much because walking everywhere isn't actually a crime, no matter how bizarre and eyebrow-raising it is. But I cannot imagine any reason to go to the lengths you want to go that don't involve serious crimes and most other people will be far more critical of your motives than I am. I am pretty live-and-let-live. On average, other people are much more judgey, butt-in-sky and controlling than I am. So you can bet dollars to donuts that most people will assume you are up to something incredibly evil and that suspicion will fuel their interest in grilling you, tracking you down, etc.

[Nadya]

>The degree to which people in cars notice me, recognize me and feel not only free but compelled to speak to me is downright creepy.

If you are in a public location they have every right to attempt to speak to you. Likewise, you have every right to ignore them. At that point - they're being dicks if they do this - but they have the right to continue to try and speak to you. I believe there is a legal extent where this can be deemed harassment but until that point - they have the right to speak to you. I think the legal point is you explicitly telling them to leave you alone, at which point you can contact authorities. Acting uninterested or ignoring them is an implicit message but is not enough, AFAIK. (IANAL)

>This is bizarre and noteworthy behavior in the U.S.

You answered why people feel compelled to speak to you and I'm sure you're aware of this. You follow a bizarre behavior. Want to be ignored? Don't stand out. People who stand out get noticed.

Also, legitimate question, how do you expect people to make new friends? Let's go under the following assumptions:

  1) Nobody has a goddamn right to speak to you.

  2) Likewise, you have no goddamn right to speak to anyone else

You can see how that would be problematic for meeting new people and doesn't really jive with most humans (and most cultures) being social?

I'm all for being anti-social and wanting people to leave you alone, especially if you're doing lawful-even-if-bizarre behavior. But to have an expectation that in a social culture in a public place that people will leave you alone seems a little out of touch.

[Mz]

The detail you are missing is that there is a huge element of classicism. I walk everywhere. The people stopping me to chat me up are people who drive everywhere. They assume I am poor, which happens to be accurate at the moment but it is not why I walk. They recognize me. I do not recognise them. This creates a power imbalance.

I walk everywhere because of my medical condition. Your advice to not be different if I want to not stand out is one I am, in some sense, fundamentally incapable of complying with.

I am not actually antisocial. But I do see something incredibly problematic in the assumption, that you apparently agree with, that if I do not comply with the car owning cultural standard, other people have some right to butt into my life on grounds that I deserve it for the crime of being weird. I don't agree with you. Furthermore, given the default assumption that no car = must be poor, it is an abusive exercise of power to grill me and expect me to answer your questions.

Speaking to people does not by default have to involve butting into their lives in an offensive and fundamentally disrespectful fashion. Real friends do not start the relationship by pissing all over you.

[Nadya]

>I walk everywhere because of my medical condition. Your advice to not be different if I want to not stand out is one I am, in some sense, fundamentally incapable of complying with.

You admitted yourself that the behavior is bizarre for the society you reside in - that's enough to stand out. I'm not saying you're in a position to change your behavior or even that you should. But you seem to be aware that it goes against social norms and attracts attention. Yet you turn around and act surprised and disgusted that it does. That seems disconnected to me.

>But I do see something incredibly problematic in the assumptioin, that you apparently agree with, that if I do not comply with the car owning cultural standard, other people have some right to butt into my life on grounds that I deserve it for the crime of being weird.

Putting words in my mouth. What I do agree with is that people have the right to speak to you and it is expected when in a public place within a social culture. I simply disagree with your social expectations and consider it more harmful to promote an isolated society over one where an occasional intrusion is beneficial. They can be irritating to an individual at times, but promoting a standard of isolation and ignoring other's is not something I can agree with.

Yesterday, the power was out in my town for scheduled maintenance. I went over to my neighbor's house to ask if they were busy. Did I have any right to know if they were busy or not? No, how rude of me. They politely told me they had nothing to do and were waiting for the power to come back on. I did the oppressive act of asking them if they would like to play Chess until the power came on. Did I have the right to butt into his life like that? No, but he agreed to pass the time. In the end we enjoyed several hours of Chess until the power came back on.

What I should have done is sat in a pitch-black house for 3 hours because I have absolutely no right to trespass onto private property to commit the revolting act of speaking to someone. I'm a terrible person for asking them to essentially be my entertainment while the power was out. I'm also an asshole for discriminating by age and suggesting Chess of all things, because I assumed a 70 year old man would be more familiar or willing to play Chess than Cards Against Humanity or some other time waster.

Perspective matters. Your story made it seem like you felt you were being grilled because people were even trying to speak to you, you assume, because you are walking and that is bizarre. If you want to give it a narrative or illustrate how they were acting classist - what they say is a lot more important than the mere attempting to speak to you part.

I don't agree that we would live in a better society if we ignored one another because we don't have explicit or implicit (ie: being at a social place like a bar or club) permission to speak with someone. Sometimes both parties benefit from unsolicited discussion. Other times one party gets annoyed. It's a trade off - and one I see as worth making.

[Mz]

You are completely misunderstanding me and, at this point, I feel like you are intentionally twisting my words. I will try one last time to clarify and then I am done:

If you drive everywhere and you visually recognize a person simply because they walk a lot:

A) It is inaccurate to assume you are "acquaintances." The odds are very poor they recognize you. Seeing me repeatedly as you drive past absolutely does not establish a social relationship of that sort.

B) Driving up to a pedestrian, rolling down your window and bombarding them with personal questions is asshole behavior. (Asking directions is okay.)

C) Assuming that someone is poorer than you, even with reasonable cause, gives you no right to walk up or drive up to them, pepper them with personal questions and expect them to politely answer. It is classist in a really ugly manner.

Furthermore, your replies to me here are personally intrusive and it is off topic. I commented on my personal experiences to make a particular point relevant to the question that was asked. That is not an open invitation for you to question me about my personal life or judge me.

I had two main points: 1) Repeated exposure can cause people to feel an unwarranted sense of familiarity and social bonding that has no basis in reality. 2) Doing something out of the ordinary, no matter how innocent or innocuous, tends to attract interest and/or criticism. --> Those two things can combine in a way that gets really problematic if, like the OP, you do not want people butting into your life.

I am done. I would appreciate it if you would drop it.

[thrwyparanoid]

Thanks for the reply, but I wasn't intending on visiting the same coffee shop twice.

I'm sure people might assume I'm "up to no good," but that's not something I'm particularly concerned about. No one would really be worried about my appearance in person, nor would I become a regular anywhere.

However, this whole point is probably effectively mitigated with a prepaid data card and mobile hotspot.

[Mz]

If you spend much time online and do not have a job involving a lot of travel, it would get logistically challenging pretty darn fast to not ever visit the same coffee shop twice. Furthermore, jumping through hoops to make sure to avoid going the same place twice is, itself, weird behavior that some people might notice and wonder about. Most people frequent the same local places because it is convenient, even if they do not become "regulars."

I agree that a prepaid data card and mobile hotspot is a much better plan.

[AnimalMuppet]

> purchase a burner laptop with cash

Easy.

> and not in sight of any cameras.

Almost impossible, unless you're buying from a fence. Laptops are high-value items; almost every place that sells them has cameras on the area where they are sold.

> Is this sufficient operational security to remain totally anonymous against every reasonable threat save for an extremely motivated nation state?

You go to those extremes, and you're likely to motivate a nation state...

[thrwyparanoid]

Two considerations:

1. I personally know of a large electronics chain that does not have a functional camera pointed at a register you can purchase a computer at. While the rest of the store does, I could try to think of ways around that and bring bags in my jacket that are opaque.

2. I could try to innocently go to the store on Halloween with a reasonable pretext for keeping a mask on in the store.

[bhouston]

Use an intermediary to buy the laptop for you in cash.

[auganov]

Why not get a prepaid data card? Using tor on a public wifi is suspicious enough.

If you're okay with disabling http (and all plaintext protocols really) then you're better off just using tor instead of a VPN. Keeps the trail of ip connections more distributed. If not you want to make sure you disable them during the process of buying that trusted VPN/S.

[thrwyparanoid]

I have no experience with prepaid data cards. Can I purchase these in cash (easily)? That's a good strategy if so.

[auganov]

http://prepaid-data-sim-card.wikia.com/wiki/United_States They will all take cash at retail locations, the only thing is you want to double check that they won't ask from an ID.It's not a requirement but it seems like some will ask. I was asked for my passport when I was in states couple of years ago. Maybe somebody can chime in.

[giaour]

Instead of buying burner laptops, buy commodity parts and build your own. They'll be much harder to trace.

Also, keep in mind that the police are much more likely to find you by talking to people than by tracking your online footprint. So you should also fake your own death and never talk to another human again.

[mszyndel]

What about using Tails instead of Whonix? I think all this travel makes it easy to spot you on cameras (traffic, random street cams, etc) which may help to identify.

I would go of less travel (maybe buy everything in close distance but far away/unconnected to your main residence)

[mszyndel]

Also, unless you took all of those security precautions when publishing here, your cover is already blown. Have a nice day!

[wingerlang]

Is this something you do on a regular basis? Do you do something "high profile" when you do this? Or do you do it everytime you access internet?

[thrwyparanoid]

No, I don't do this all the time. I didn't even make this throwaway account in an obfuscated way.

This procedure will only be used for things that I really don't want traced back to me. I'm not a blackhat or drug dealer, but I'd still prefer these activities not be associated with me.

The only tedious bits are preparing the burner laptop's OS for compartmentalization and encrypted/anonymous internet connection (both, not one or the other). Once the machine is set up and I have a suitable amount of bitcoin and the VPN set up I don't need to repeat those processes for months or a year.

However, I really like the idea of getting prepaid data with cash and exclusively using a mobile hotspot. I also like the idea of simply building a computer for this purpose and buying all the components separately.

[RexRollman]

You should visit the Friday Squid posts on Bruce Schneier's blog. There are often good conversations about this kind of thing.

[rmah]

All that travelling is pointless, they will simply track your car.