I've dabbled in the practice, indeed most of us here do, but it can lead to unforeseen circumstances that smack like a hammer. 'tis a perilous activity methinks primarily because once your cover is blown, it all comes crashing down as it did with the whole Theorease debacle which has been intermittently cropping up and beating my brain ever since. I have multiple facebook accounts too and pseudonyms here there and everywhere. Perhaps it's purely a bad habit and I should take a page out of my username, or perhaps it can be an indispensable tool for the good. Defo gives headaches though. Thoughts peeps?

I will be honest with you. I didn't understood fully your message.

You want to be anonymous toward who ?
I ask you this question because being anonymous toward unknown people in real life and known people in real life isn't the same matter.

During 30 years on the internet I have become increasingly relaxed about keeping my identity private to the point of posting pictures of me on forums and letting people know my real name on a person to person basis, but now I will still not publish such information for one and all to see. The idea that dozens, hundreds or potentially even thousands of people I have never interacted with know my real name, or even just my email address, does not appeal to me.

viocjit wrote:I will be honest with you. I didn't understood fully your message.

You want to be anonymous toward who ?
I ask you this question because being anonymous toward unknown people in real life and known people in real life isn't the same matter.

The thread's title contains a clue: Internet anonymity.

I know internet anonymity can give some the freedom to say what they would be less likely to say were they posting under their real name. But this has never been something that appealed to me. I post the same regardless of who ever I say I am
When I was at RDF I posted under my real name and it did not bother me. If I had to do it now it would still not bother me

Internet anonymity is actually a myth. As this computer I am using to type this post has
an IP address and so I can be traced through it even if no one knows who I am by name

The stupidest people on the internet by a very wide margin indeed are paedophiles who access chat rooms for children because they think their anonymity will protect them. It doesnt which is why many of them end up being caught. While catching paedophiles is a no brainer it also has the down side that it makes it relatively easy for them to gain potential
access to children in the first place. Moreso than in the pre internet analogue age

Some sites such as Facebook and Quora for example will not let you post unless it is under your real name. I dont use
Facebook [ whose spidery font is very annoying ] but do use Quora. I have this username here rather than my real one
But as I am not interested in posting any questions of my own it doesnt matter. If I wanted to do that I would have to
switch back to my real one instead because anonymous ones will not be referenced

Whether you post under your real name or a pseudonym is not really the issue. For what is important is that everyone
posts responsibly regardless of moniker. However I know that policing the language of millions of ground apes is never
going to be easy. While I cannot do anything about how others post I always try to post responsibly myself. Sometimes
though mea culpas have to be issued although at least in my case they are freely given rather than reluctantly offered

surreptitious57 wrote:
Internet anonymity is actually a myth. As this computer I am using to type this post has
an IP address and so I can be traced through it even if no one knows who I am by name

Wrong. VPNS... Onion routing... IP Spoofing... It's relatively simple to post on the internet without giving away your id. Users on the net in totalitarian regimes rely on methods like this.

The stupidest people on the internet by a very wide margin indeed are paedophiles who access chat rooms for children because they think their anonymity will protect them. It doesnt which is why many of them end up being caught.

Wrong. Paedophiles on the net are usually caught because they go to meet their victims who turn out to be a 45 year old skinhead called Dave and a few of his mates. It's exceedingly rare for anyone to be traced via their IP

Code: Select all

this computer I am using to type this post has
an IP address and so I can be traced through it

Yeah... they keep saying things like that on NCIS and other similar shows, but that is not the reality.
There are not enough IP addresses to go around, computers do not have unique IP addresses.
Your IP address is unique to the next layer 3 device in the network, your router, and ITS IP address is unique to the next layer 3 device in the network, probably another router at your ISP, but over the whole internet, your computer's IP may be the same as many thousands of other devices.

It's complicated, and I am not up to date with the current technology, but there is no true anonymity, as any exchange of data involves data finding its way back to you through a unique path, with enough information available at each step to find the next step. The IP address is not one of the unique parts of that overall path though. Anonymity is best achieved by the path being a temporary construct relevant to the current exchange of data only, like a cellular conversation is dependant on a link between numerous towers which may not be involved in the next conversation between the same people. What makes it dodgy is any reference to a more permanent unique thing, like an email address.

zulumoose wrote:
Yeah... they keep saying things like that on NCIS and other similar shows, but that is not the reality.
There are not enough IP addresses to go around, computers do not have unique IP addresses.

In theory UK ISPs should retain dynamic IP logs for 12 months which a require a warrant to be accessed by the authorities. Whether this happens at this point in time is questionable. And of course, that wouldn't include IP data from TOR or VPNs.

surreptitious57 wrote:
[PART SNIPPED BY VIOCJIT]
Internet anonymity is actually a myth. As this computer I am using to type this post has
an IP address and so I can be traced through it even if no one knows who I am by name

The stupidest people on the internet by a very wide margin indeed are paedophiles who access chat rooms for children because they think their anonymity will protect them. It doesnt which is why many of them end up being caught. While catching paedophiles is a no brainer it also has the down side that it makes it relatively easy for them to gain potential
access to children in the first place. Moreso than in the pre internet analogue age
[b][PART SNIPPED BY VIOCJIT][/b]

If you connect to Internet while doing nothing to hide your IP address and using a pseudonym you're anonymous for those you meet on Internet but not for law enforcement agencies.

BlackBart wrote:

surreptitious57 wrote:
Internet anonymity is actually a myth. As this computer I am using to type this post has
an IP address and so I can be traced through it even if no one knows who I am by name

Wrong. VPNS... Onion routing... IP Spoofing... It's relatively simple to post on the internet without giving away your id. Users on the net in totalitarian regimes rely on methods like this.

The stupidest people on the internet by a very wide margin indeed are paedophiles who access chat rooms for children because they think their anonymity will protect them. It doesnt which is why many of them end up being caught.

Wrong. Paedophiles on the net are usually caught because they go to meet their victims who turn out to be a 45 year old skinhead called Dave and a few of his mates. It's exceedingly rare for anyone to be traced via their IP

BlackBart is right when he say that paedophiles are catch when they go meet a child but fall instead on law enforcement officers.
Hide an IP address is not like hide your localisation when you go meet someone.
I can add law enforcement officers in USA and others Western countries under cover online to trap paedophiles wait to be contacted because they are not allowed to initiate the contact if I'm right but I'm maybe wrong.



If someone is only using one relay in a foreign country between the home connection and Internet [b](VPN , Proxy server , VNC server etc...)[/b] to dissimulate his / her IP address he / she can be catch if authorities ask to all ISPs of their country jurisdiction who was using which relay at that time nor use logs kept by inteligence services charged of mass surveillance.

They would have a relevant list of suspects from ISPs if he / she using a connection of an ISP from the country jurisdiction.
If the person is using an ISPs from another country than country jurisdiction infos given by ISPs would be not useful and in this situation it could be necessary to ask infos to secret services of the country.

If the person is using the same relay at another time. Logs will reduce the list of suspects then we wait another time etc... until find the good one.
They have another possibility. Intercept in live the telecommunication of the suspects without install something on computer target. If ciphered it would be necessary to break it but they are reputed to have problems to read ciphered telecommunications in the majority of situations.

But if a spyware (Hardware or software) is installed on computer target they would be able to read telecommunications even if these are ciphered.
Law enforcements can also install a video surveillance system or / and bugs in your home and your computing skills wouldn't help you to avoid a conviction if you're physically monitored with wires or / and closed-circuit television.
Side-channel attack does exist https://en.wikipedia.org/wiki/Side-channel_attack
(This is an allegation from me and I don't know any real life case of an authority asking to all ISPs who was using which relay at which time. The same about inteligence services. I don't know any case of a felon monitored with a side-channel attack).

If an Authority haven't the means to ask to all ISPs of its jurisdiction or to its inteligence services who was behind which relay at which time.
They can ask it to authorities of the place in which relay is located but they can answer like not answer (That depend of countries involved and matters. Identify a political dissent isn't at the same level as identify a drug trafficker or paedophile sharing child porn. The level of matters depend of countries).



Onion routing (Used by Tor , Tox , Tribler) , Garlic routing (Used by I2P) , IP Spoofing (It is using the IP of another terminal that our. It is like identity theft in real world) are way to hide our identity online but none of these method have an efficiency of 100%.

Onion routing : https://en.wikipedia.org/wiki/Onion_routing
Tor : https://en.wikipedia.org/wiki/Tor_(anonymity_network)
Tox : https://en.wikipedia.org/wiki/Tox_(protocol)
Tribler : https://en.wikipedia.org/wiki/Tribler

Garlic routing : https://en.wikipedia.org/wiki/Garlic_routing
I2P : https://en.wikipedia.org/wiki/I2P
IP spoofing : https://en.wikipedia.org/wiki/IP_address_spoofing



If the perpetrator of an offence use one of these methods and do the same things he / she is doing while he / she is connect without anonymity method (Use Facebook under his / her real name , Send a picture of himself / herself , Use a nickname the individual did already used or similar , Use a password he / she did already used or similar , Tell a bit about its own life then another until it became possible to find the real identity etc...) these methods won't help the perpetrator if he / she is the hole in the anonymity system.

Activities the person do on Internet under his / her real IP address and method of anonymisation must not be the same.
For example if you connect to Instagram with a method of anonymisation you must not view the content of accounts that you did already viewed under your real IP.

Not forget to update and upgrade the computer. A software not updated can be dangerous if a hole in one of these can reveal your identity.
Avoid Flash and others scripts like this as they can allow to find your real IP. Don't install extensions for browsers.
Don't forget to change the language of your system then software used if you pretend to be from another country than real one.
A felon can be found because of a mistake like this.

A felon must think to hide its MAC address and serial numbers of its hardware when this is possible because a malware can infect its computer.
If it is infected and reveal any serial numbers a link can possibly be made with his / her real identity. (I don't know any alleged case of someone identified with an action like this).

Someone perpetrating a felony must think to cover his / her webcam because a malware can infect the computer.
He / she must don't speak to avoid being identified by voice analysis if the computer have a mic inside because if the felon fall on a malware while using an anonymisation method he / she can be maybe identified. (I don't know any alleged case of someone catched by one of these methods).

Use an OS based on Linux reduce the risk of infections by malwares.
Use your OS on live DVD. Tails is reputed to be a good one (I did never used it).
What's tails ? https://en.wikipedia.org/wiki/Tails_(operating_system)

The most paranoid felon who want to stay anonymous online can crack the Wi-Fi connection (It's a misdemanors nor felony in majority of world jurisdictions) of their neighbour and do what I say previously.
I wouldn't like to be the neighbour who will maybe have law enforcements coming to his / her home.
Instead of doing this the felon can use a false identity to access to Internet in a Internet café but someone using a live CD / live DVD or live USB in a cyber café would be suspect and there are often CCTV in these places but if there are not CCTV you would let your fingerprint and DNA there anyway.
He / she can do worse like enter without authorisation in a place with Internet connection.

When doing financial transactions for his / her illegal activities the criminal can use Bitcoin or another cryptocurrency and use one wallet by transaction. If he / she have two wallets it's better to have one platform for each but if the criminal have more than one hundred wallets it's not easy to apply the sentence "One wallet , one platform" and in this case the user can use only three , four , five , six , seven or more.
What's Bitcoin ? https://en.wikipedia.org/wiki/Bitcoin
What is a cryptocurrency ? https://en.wikipedia.org/wiki/Cryptocurrency

Everybody have its own writing style and its own speaking style and it can help law enforcements to identify the person.
You can try simulate being from another ethnic group , generation , country , education level than your and write some words with bad spelling.
It won't change what you are and there a day you will make a mistake that will prove you're not what you pretend to be like forget to put your browser in British English if you're an American who pretend being a British , write colour in place of color if you're a British who pretend to be an American etc...

Don't forget tor and the like are vulnerable to traffic analysis.
Explanations about mix network vulnerabilities : https://en.wikipedia.org/wiki/Mix_netwo ... rabilities
General explanations about traffic analysis : https://en.wikipedia.org/wiki/Traffic_analysis



Now you know anonymity online is something that can't be full.
This is why I say to BlackBart he's partially right.
The majority of convicted felons are busted because they forget to use basic things that I explained to you.
The majority of those who perpetrates illegal stuffs forget one or many basic things that I explained to you and that help law enforcements a lot.



I know the case of a felon named Gal Vallerius AKA OxyMonster citizen of France and Israel who was catch in a stupid way.
French newspapers revealed partially how he was identified.
He was going to USA with a computer with Tor browser and Bitcoin wallet on the hardisk but US law enforcement where collecting evidences against him before he came there.

His computer was searched by USCBP [b](United States Customs and Border Protection).
If he did used a live CD or live DVD. Evidences of illegal activities weren't found.
I'm not certain he wouldn't be arrested if they weren't evidences on his computer.

If he did used countermeasures against writing style analysis. He wouldn't be so easily identified.
He was often writing "cheers" on the Facebook account under his real identity and on Tor.

If he was clever he would think to use a Bitcoin wallet for each transfer.
If he was clever he wouldn't kept drugs and money in cash inside his home in France.

He deserve 2*. One star for his stupidity and another because he thought he would never be arrest.

BlackBart wrote:

zulumoose wrote:
Yeah... they keep saying things like that on NCIS and other similar shows, but that is not the reality.
There are not enough IP addresses to go around, computers do not have unique IP addresses.

In theory UK ISPs should retain dynamic IP logs for 12 months which a require a warrant to be accessed by the authorities. Whether this happens at this point in time is questionable. And of course, that wouldn't include IP data from TOR or VPNs.

Why do you say is questionable if this happens at this point ?
Do you think they kept data more than 12 month or less ?
Do you think a warrant isn't required in practice ?

ISP know if you're a Tor user but don't know what you do with it.
It does know if you're a VPN user but don't know what you do with it.

viocjit wrote:
Why do you say is questionable if this happens at this point ?

Because it's hugely impractical. One hit on a web page would generate about 250 bytes of log data. Multply that by hundreds of hits from one customer and multiply that by thousands of customers per day then multiply that by 365. That would generate huge amounts of data that has to be stored securely by the ISPs at their own cost, which unsurprisingly, they're reticent about.

Do you think they kept data more than 12 month or less ?

I don't think, I know. They keep less.

Do you think a warrant isn't required in practice ?

As I stated a warrant is required. In the early days of the net, it was a grey area and sometimes police could access logs without a warrant with the ISPs permission as technically the ISP owned the data - privacy laws have tightened that up. Currently the government is trying to pass laws that would make them accessible without a warrant. So far, legal challenges have held that up.

ISP know if you're a Tor user but don't know what you do with it.
It does know if you're a VPN user but don't know what you do with it.

That's all they can tell, assuming they keep the logs in the first place. Not particular useful in and of itself.

BlackBart wrote:
Because it's hugely impractical. One hit on a web page would generate about 250 bytes of log data. Multply that by hundreds of hits from one customer and multiply that by thousands of customers per day then multiply that by 365. That would generate huge amounts of data that has to be stored securely by the ISPs at their own cost, which unsurprisingly, they're reticent about.

We will suppose each ISPs have about 100,000 customers (The majority of these have more customers in my knowledge).
If we suppose each hit on a web page generate about 250 bytes of log data.
We get the next results.
250 (Bytes generated in logs by one hit on a web page) * 100 000 (Number of customers) = 25 000 000 (Approximately 23,84 megabytes and that represent approximately ten songs in MP3 format).

We suppose each user visit 20 web pages per day (Average users visit more pages).
25 000 000 (Data logs in bytes for one hit on pages web by 100 000 users) * 20 (20 pages viewed by each users) = 500 000 000 (Approximately 476,84 megabytes. Nowadays you can buy hard disks with a capacity storage of 1 terabytes and even 10)

500 000 000 (Data logs in bytes for twenty hits on pages web by 100 000 users)] * 365 (Number of day in a year that isn't intercalary) = 182 500 000 000 (Approximately 169,97 gigabytes.
If an ISP have one thousand hard disk with a capacity of 10 terabytes it can store 9,77 petabytes of data.
If he had only one hundred HD with the same capacity it can store 1000 terabytes.
With a hard disk of 1 terabytes on a personal computer you can save these logs if they have a size of 169,97 gigabytes.
If an ISP haven't 100 000 users but 1 000 000 we multipy 169,97 gigabytes by ten and the result is 1,66 terabytes and you can kept these on a HD with a capacity of 2 terabytes in a gamer PC.
If an ISP have 10 000 000 of subscribers we multiply 1,66 terabytes by ten and we get 16,6 terabytes.
You can't save that on a PC for family because the higher capacity for a HD availabel for private citizen is 10 terabytes.
As we don't know exactly how many pages per day are visited by average users and the exact numbers of users by ISPs.
We can only do approximative calculations but we can suppose they can maybe log all)

BlackBart wrote:
I don't think, I know. They keep less.

Did you already worked for an ISP to affirm that ?
If so when ? (Things can change over time)

Do you know someone who worked for an ISP who told you so ?
If this is the case. Which year(s) this person worked for this ISP ?(Things can change over time)

Do you know someone who worked for law enforcements or justice who told you so ?
If this is the case. Which year this person discovered an ISP or many weren't observing theirs legal obligations ? (Things can change over time)

BlackBart wrote:
As I stated a warrant is required. In the early days of the net, it was a grey area and sometimes police could access logs without a warrant with the ISPs permission as technically the ISP owned the data - privacy laws have tightened that up. Currently the government is trying to pass laws that would make them accessible without a warrant. So far, legal challenges have held that up.

A warrant is required but do you know if this legal requirement is respected ?

BlackBart wrote:That's all they can tell, assuming they keep the logs in the first place. Not particular useful in and of itself.

Yes , they can only tell to authorities you use a VPN or tor but not what you did with these technologies.



Imagine you live in a dictatorship (There are no dictatorship in Western world but they can certainly use high technologies described in this fiction for high target value) that own high technology in cracking and social engineering planning to install spywares in computers used for tor and VPN to know what are doing users online because this regime want to put in jail all its dissents.



They can send email with an attachment seeming to come from a friend and the target download it (Someone of smart will see physically the person to ask if he / she did really send the attachment but even if the friend is the author of the mail.
Attachment can contain a malware if they think to infect the computer of the friend to infect the target.
The target must contact his / her friend physically because it does exist technologies to simulate voice of a real person and appearance on webcam. That's deepfake).

They can hack a website used by the target to infect the computer targeted with a drive-by download.
A file downloaded in any place can potentially contain a malware.

For the most sophisticated operations they can install a software or hardware on computer with physical access with the help of someone the target trust.
Another way is to install it during a search and seizure , minimally intrusive warrantless search (I don't know any alleged case of a computer bugged during a search and seizure nor a minimally intrusive warrantless search anywhere in the world) then say to the target they didn't found anything to charge him / her and give him back the computer.
Of course , guys can go in your home where you're not there.
They can trap the USB key , SD card , CD-RW and the like of someone for which they know share data with the target by this way.



You have less chances to be infected by a malware if you're using a live CD or live DVD based on Linux like tails but risk isn't non existent.
The advantage with a live CD or live DVD is the fact the malware won't stay on your computer after is extinction.
But imagine if he's used to put something on your hardrive who will permit to prove you're the good one during a search.
To prevent it (Paranoid mode) it would be necessary to conceal your HD and others storage media before use these but in the worse case a malware can infect your BIOS or UEFI.
What's a BIOS ? https://fr.wikipedia.org/wiki/BIOS_(informatique)
What's an UEFI ? https://fr.wikipedia.org/wiki/UEFI

My fiction about spywares seem unlikely today but who know what will be the technologies of tomorrow.



In my previous message I said law enforcements can install a video surveillance system or / and bugs in your home.

Side-channel attack does exist https://en.wikipedia.org/wiki/Side-channel_attack
(This is an allegation from me and I don't know any real life case of someone catched while using an anonymisation method because of a side-channel attack or CCTV placed without his knowledge).

viocjit wrote:

BlackBart wrote:
Because it's hugely impractical. One hit on a web page would generate about 250 bytes of log data. Multply that by hundreds of hits from one customer and multiply that by thousands of customers per day then multiply that by 365. That would generate huge amounts of data that has to be stored securely by the ISPs at their own cost, which unsurprisingly, they're reticent about.

We will suppose each ISPs have about 100,000 customers (The majority of these have more customers in my knowledge).

No we won't. Most of the ISPs in the UK have over 10 million customers.

If we suppose each hit on a web page generate about 250 bytes of log data.
We get the next results.
250 (Bytes generated in logs by one hit on a web page) * 100 000 (Number of customers) = 25 000 000 (Approximately 23,84 megabytes and that represent approximately ten songs in MP3 format).

We suppose each user visit 20 web pages per day (Average users visit more pages).
25 000 000 (Data logs in bytes for one hit on pages web by 100 000 users) * 20 (20 pages viewed by each users) = 500 000 000 (Approximately 476,84 megabytes. Nowadays you can buy hard disks with a capacity storage of 1 terabytes and even 10)

500 000 000 (Data logs in bytes for twenty hits on pages web by 100 000 users)] * 365 (Number of day in a year that isn't intercalary) = 182 500 000 000 (Approximately 169,97 gigabytes.
If an ISP have one thousand hard disk with a capacity of 10 terabytes it can store 9,77 petabytes of data.
If he had only one hundred HD with the same capacity it can store 1000 terabytes.
With a hard disk of 1 terabytes on a personal computer you can save these logs if they have a size of 169,97 gigabytes.
If an ISP haven't 100 000 users but 1 000 000 we multipy 169,97 gigabytes by ten and the result is 1,66 terabytes and you can kept these on a HD with a capacity of 2 terabytes in a gamer PC.
If an ISP have 10 000 000 of subscribers we multiply 1,66 terabytes by ten and we get 16,6 terabytes.
You can't save that on a PC for family because the higher capacity for a HD availabel for private citizen is 10 terabytes.
As we don't know exactly how many pages per day are visited by average users and the exact numbers of users by ISPs.
We can only do approximative calculations but we can suppose they can maybe log all)

Yeah, you've then got factor in server running costs, redundancy and data centre space rental all of which the ISP would have to pay for. Bottom line is they don't want to have to pay for it. That's unsurprising.

BlackBart wrote:
I don't think, I know. They keep less.

Did you already worked for an ISP to affirm that ?
If so when ? (Things can change over time)

Do you know someone who worked for an ISP who told you so ?
If this is the case. Which year(s) this person worked for this ISP ?(Things can change over time)

Do you know someone who worked for law enforcements or justice who told you so ?
If this is the case. Which year this person discovered an ISP or many weren't observing theirs legal obligations ? (Things can change over time)

Where did I claim they weren't observing their legal obligations?

You may assume yes to to all the above. 'When' is irrelevant.

A warrant is required but do you know if this legal requirement is respected ?

A warrant is required full stop. If you want to claim that that's not 'respected' you'll need to show evidence for that.

Yes , they can only tell to authorities you use a VPN or tor but not what you did with these technologies.

They can't tell the authorities anything about a customer's activity. They can only provide logs if requested - it's down the authorities to conclude what the end users activity is -- and if authorities ask your anonymity is compromised in the first place.

<snip>

My fiction about spywares seem unlikely today but who know what will be the technologies of tomorrow.

A red herring. What doesn't currently exist is neither here not there.

In my previous message I said law enforcements can install a video surveillance system or / and bugs in your home.

They need a warrant to do that which means you'd be a person of interest in the first place.

Side-channel attack does exist https://en.wikipedia.org/wiki/Side-channel_attack
(This is an allegation from me and I don't know any real life case of someone catched while using an anonymisation method because of a side-channel attack or CCTV placed without his knowledge).

Another red herring - Neither external surveillance or covert hacking techniques refute the claim that internet anonymity is a myth because you have an internet IP address - again, the fact those methods would used in the first place would mean your anonymity had already been compromised. Authorities can't casually spy on random people or hack their system to see if you're being naughty.

BlackBart wrote:
No we won't. Most of the ISPs in the UK have over 10 million customers.

In this situation if we do the same calculation that I made we get the next result.
250 (Bytes generated in logs by one hit on a web page) * 10 000 000 (Number of customers) = 2 500 000 000 (Approximately 2,33 gigabytes and that represent approximately two films in HD 1080p)

We suppose each user visit 20 web pages per day (Average users visit more pages).
2 500 000 000 (Data logs in bytes for one hit on pages web by 10 000 000 users) * 20 (20 pages viewed by each users) = 50 000 000 000 (Approximately 46,57 gigabytes. Nowadays you can buy hard disks with a capacity storage of 1 terabytes and even 10 and five HD with capacity storage of 10 terabytes would be sufficient if each users visited 20 web pages per day. We know in reality average users visit more page but we don't know how many)

50 000 000 00 (Data logs in bytes for twenty hits on pages web by 10 000 000 users)] * 365 (Number of day in a year that isn't intercalary) = 18 250 000 000 000 (Approximately 16,6 terabytes. Logs can hold on two HD with a capacity storage of 10 terabytes if each users visited 20 web pages per day. We know in reality average users visit more page but we don't know how many)

BlackBart wrote:
Yeah, you've then got factor in server running costs, redundancy and data centre space rental all of which the ISP would have to pay for. Bottom line is they don't want to have to pay for it. That's unsurprising.

Running servers , redundancy and data centre space rental is expensive. That's right.
But in my opinion this is not sufficient to claim they don't kept logs one year as they are required by law.

BlackBart wrote:
Where did I claim they weren't observing their legal obligations?

You may assume yes to to all the above. 'When' is irrelevant.

If UK ISPs don't kept logs during one year.
They don't observe a legal obligation if they must to do so under law.
I didn't found the act of parliament about this matters.
Do you know which one is about it ?

BlackBart wrote:A warrant is required full stop. If you want to claim that that's not 'respected' you'll need to show evidence for that.

I'm not saying this is not respected. I was asking you if you know a case or more in which this requirement wasn't.

BlackBart wrote:
They can't tell the authorities anything about a customer's activity. They can only provide logs if requested - it's down the authorities to conclude what the end users activity is -- and if authorities ask your anonymity is compromised in the first place.

I know already ISPs can only provide logs if requested.
This is why I wrote"Yes , they can only tell to authorities you use a VPN or tor but not what you did with these technologies.".

BlackBart wrote:
A red herring. What doesn't currently exist is neither here not there.

What I said is possible in theory (I did never heard anything about technologies like this but maybe it does already exist).
But in practice this is not an easy things to do.
Crack a system with an OS based on Linux is not easy but not impossible.
Create a malware to infect a terminal using an OS based on Linux is far to be easy but not impossible.

Malwares targeting these OS for which the existence is publicly known are known to be only able to infect what's under control of the user account infected and not able to infect others accounts (For the majority of these) unlike Windows for which many malwares are able to do so.
It does exist maybe secret or Top Secret technologies owned by some states able to do so for Linux and maybe some of these are able to infect BIOS or / and UEFI.

BlackBart wrote:
They need a warrant to do that which means you'd be a person of interest in the first place.

This is the case in Western countries. But this is not the case in the fictive dictatorship of my fiction in which warrants aren't required.
This is expensive to do so therefore it's unlikely a dictatorship will place CCTV and bugs in the house of all those using tor or / and VPNs but we never known.
Of course , hidden cameras and wires can be place in the home of a person of interest but if that happens.
It would be possible to see what appears on the computer screen and listen the sound outing from speakers.
Soviets spies were ordered to use headphone for radio communications because of potential covert listening device.

BlackBart wrote:

BLACKBART QUOTED FROM ME THE TEXT BELOW
Side-channel attack does exist https://en.wikipedia.org/wiki/Side-channel_attack
(This is an allegation from me and I don't know any real life case of someone catched while using an anonymisation method because of a side-channel attack or CCTV placed without his knowledge).
END OF QUOTING

Another red herring - Neither external surveillance or covert hacking techniques refute the claim that internet anonymity is a myth because you have an internet IP address - again, the fact those methods would used in the first place would mean your anonymity had already been compromised. Authorities can't casually spy on random people or hack their system to see if you're being naughty.

External surveillance don't refute internet anonymity itself but it can show what you do really.

In a dictatorial regime who identified tor and VPNs users.
It would maybe think to put cameras and bugs in the home of users or use another side-channel attack.

In a democratic regime who identified tor and VPNs users suspected to do wrong things (Like a police officer suspected to release infos from his home connection , suspected terrorist who organise meeting at home , an international drug trafficker etc...).
It would maybe think to put cameras and bugs in the home of users or use another side-channel attack.

Activities intercepted with these devices can be correlated with what you do on Internet because it would be possible to see what appears on the computer screen and listen the sound outing from speakers.

I'm not saying internet anonymity is a myth because you have an IP address.
You can conceal it but if you don't use tor (Forget to deactivate JavaScript , Use windows , Use a password already used elsewhere , Use a nickname already used elsewhere like this drug trafficker known under the pseudonym OxyMonster , Forget to use countermeasures against writing style analysis like OxyMonster etc...) carefully or another technology like this.
These technologies won't help you if you do mistakes like these.

Anonymity on Internet is something of relative.
If someone commit an offence on Internet.
Law enforcements can want him / her but they wouldn't use the same means to catch someone who committed a copyright infringement because he / she did downloaded protected contents than someone who published child porn produced by him(her)self.

Law enforcements would stop search for someone who did downloaded protected contents (Too expensive in time and money) with tor but wouldn't do for someone who published porn with children he / she did produced.

Even if tor is a powerful tool.
Those producing and sharing pedoporn can be busted because of traffic analysis (I don't know any alleged case in which someone was identified by law enforcements because of traffic analysis. Tor is vulnerable to it) and the human holes as I explained (Forget to put off JavaScript and others scripts , Use Windows , Forget to use countermeasures against writing style analysis like OxyMonster , Someone of dumb filming himself / herself raping his / her child wearing a school uniform with the name of that school who permitted to police to identify the child with the help of school photo group , a rapist who call another rapist on pedovideo by his real first name etc...).

If someone use tor or similar stuff to hide his anonymity online to do something legal in all jurisdictions of the world.
It's unlikely that someone will try to disanonymise this person.

Keep It Real wrote:I've dabbled in the practice, indeed most of us here do, but it can lead to unforeseen circumstances that smack like a hammer. 'tis a perilous activity methinks primarily because once your cover is blown, it all comes crashing down as it did with the whole Theorease debacle which has been intermittently cropping up and beating my brain ever since.

That was a problem specific to you, because your forced, idiosyncratic writing style is like a big, pink flashing beacon you can see from a hundred miles away. Also because you tried to promote your own writing by pretending you were someone else. For folks like me who just don't want to advertise who they are and where they are elsewhere on the net, the practice has no perils at all. I've never experienced any issues in my decades on the net.

I have multiple facebook accounts too and pseudonyms here there and everywhere. Perhaps it's purely a bad habit and I should take a page out of my username, or perhaps it can be an indispensable tool for the good. Defo gives headaches though. Thoughts peeps?

No headaches here. Maybe not do it with the intention of deceiving people, especially when you're really bad at deceiving people?

I'm happy for people to think I'm a 35-year old lady.

viocjit wrote:
I'm not saying internet anonymity is a myth because you have an IP address.

Good. That's that that then. We're done.

LucidFlight wrote:I'm happy for people to think I'm a 35-year old lady.

You're not?

BlackBart wrote:

viocjit wrote:
I'm not saying internet anonymity is a myth because you have an IP address.

Good. That's that that then. We're done.

But there are ways to desanonymise people in some situations like I did explained.



Do you know the case of the US citizen Ross William Ulbricht AKA "Dread Pirate Roberts , Frosty , Altoid" ?
He was the main administrator of the first version of Silk road.

If you don't know what that was. See Wikipedia : https://en.wikipedia.org/wiki/Silk_Road_(marketplace)

He was identified because a stupid reason.
Quoting of an extract of the Wikipedia page about him in the section 2 "Silk Road, arrest and trial" :

" [SNIP PART] The connection was made by linking the username "altoid", used during Silk Road's early days to announce the website, and a forum post in which Ulbricht, posting under the nickname "altoid", asked for programming help and gave his email address, which contained his full name" [SNIP PART]

I conclude this man didn't understood you must not use any nickname tied to your real identity.


Another extract of the same Wikipedia page :
"[SNIP PART] To prevent Ulbricht from encrypting or deleting files on the laptop he was using to run the site as he was arrested, two agents pretended to be quarreling lovers. When they had sufficiently distracted him,[29] according to Joshuah Bearman of Wired, a third agent grabbed the laptop while Ulbricht was distracted by the apparent lovers' fight and handed it to agent Thomas Kiernan.[30] Kiernan then inserted a flash drive in one of the laptop's USB ports, with software that copied key files.[SNIP PART] "

If he was smart. He would thought to remove USB devices to avoid this.
If he was using a live operating system such tails in another place than a public space (This story with fake lovers indicate it) it would increasing difficulty for law enforcements to collect data on him.

Wikipedia page about him : https://en.wikipedia.org/wiki/Ross_Ulbricht




Now I will speak about the case of Eric Eoin Marques citizen of Republic of Ireland and USA.
He was a pedoporn hoster.
It's alleged he was identified because he was using Windows with a non-updated version of Firefox vulnerable to a 0-day if the user have Windows like operating system and JavaScript enabled.
If he wasn't using Windows but Linux and a up-to-date system with noScript. He wouldn't be identified like this.
He did forget to forge the MAC address on his local network and the exploit send MAC address of users to law enforcements.

Wikipedia explain you what I did say : https://en.wikipedia.org/wiki/Freedom_Hosting

There's gotta be PhD theses on this topic simply because its a new thing for our brains to deal with.

I'm not great for keeping my anonymity on the net. I may post behind a pseudonym, but I make no mystery ofwhere I live, and I even have met a number of fellow internet posters, who then know my real name, and where I live and what I look like, I'd make a very bad troll.