Hacker News new | past | comments | ask | show | jobs | submit login

Laymen try to be careful online in completely unproductive ways: they keep logging in and out of Facebook without even deleting cookies, they disable data transmission on their phones when at home, etc.

The only way to keep privacy online is to compartmentalize. Use one proxy and profile browser for discussing politics, another for HN/Reddit, yet another for LinkedIn. And always block everything you don't need. Start with ads since you virtually never need ads. Use various nicknames and avoid Facebook if you can swing it.

Beyond that you only need a secure (up to date) OS, Signal, and maybe occasionally Tor. It may or may not hold up against an NSA-level adversary but you will easily lose most advertisers and corporate surveillance.




That's a good start. But you're still vulnerable if you do everything in one OS. And no matter how you physically compartmentalize, you're still vulnerable if you're posting all of that as the same persona. Even if it's not you're real name. Because it can all be correlated easily.

And even using multiple personas, you must take care to avoid linking them. No common social media, forums or mail lists. No cross-linking, or mentioning each other. No telling anyone about links between them. And as much as possible, no shared interests, especially specific ones.

Instead of using one OS with multiple browsers, it's better to compartmentalize in multiple VMs. Each VM should reach the Internet through a different nested chain of VPNs. And for more anonymity, you can use Whonix for Tor. Also, it goes without saying that the machine should be full-disk encrypted, and that you should avoid Windows.

When it really matters, you should use multiple physical machines, on separate LANs. And of course, be careful not to share USB drives among them.


How does this work when you can be individually identified by analysis of the things you write in comments or your mouse movements? And that can be correlated across HN, Reddit, LinkedIn. I suspect that almost all of us are the laymen you first described, to someone.


HN doesn't correlate mouse movement tremors with LinkedIn so it holds up very well against actual online threats today. It may or may not hold up against scifi threats of tomorrow.


> HN doesn't correlate mouse movement

The "fingerprint" of the writing style, the interests and "likes" and "dislikes" patterns is often enough, the more one writes the more "uniqueness" can be determined.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: