The internet wasn’t built to be censored, it revolves around the paradigms of free speech, freedom of movement and free access to information.
There are many reasons why people want to remain anonymous online, or would at least prefer to keep their data private and more difficult to track and collect.
The once nefarious connotations of internet privacy have been replaced by common sense – why should we forgo the right to control our data in the way that we personally prefer?
Corporations are data-hungry, and whilst our data is used for *mostly* benign commercial purposes, it would be folly to dismiss the importance of being careful with our most personal information.
There are plenty of practical reasons for remaining anonymous online also, like protecting sensitive data, accessing geo-specific information services, social media and account management and commercial surveillance.
This is a guide to internet privacy and anonymity together with some strategies on how to remain anonymous online.
Table of Contents
Anonymity vs Privacy: A Quick Note
The terms ‘anonymity’ and ‘privacy’ are used interchangeably, but really, they mark different principles and concepts.
What is Privacy?
Privacy is the concept of keeping some information to oneself, retaining control of sensitive information and the choice to keep this data under control. Privacy is broken when someone shares information that you would prefer to be kept private.
Some internet services share everything from your name, address, interests and browsing habits with a number of third parties, primarily for the sake of targeted advertising.
Most people are now familiar with how adverts are unquestionably linked to the last thing you were discussing or talking about, either via a messaging app or speaking aloud. This is not an imagined phenomenon.
To prove this point, encrypted messaging app and WhatsApp competitor Signal ran an advertising campaign that spell out some of the data companies have access to.
The ads were subsequently banned by Facebook and Instagram. Most would agree that this use of personal data constitutes a breach of privacy, perhaps not within the terms & conditions, but certainly in principle.
What is Anonymity?
Anonymity is harder to define than privacy, and also much harder to obtain online.
To be anonymous is to have no detectable, measurable or perceivable personal identity. Anonymity renders your identity unknown, and unknowable.
People might be able to trace you to an ‘identity’ of sorts, but this wouldn’t identify you as you.
Anonymity hides yourself and your data – or anything that can expose you. In digital terms, this would be everything from your personal identity and attributes to your hardware, software and online habits. There are so many variables that identify you as you and taking control of every single one would necessitate a double life.
However, functional anonymity online can be obtained. This level of anonymity would be enough to protect you from the vast majority of agents, organisations and individuals you don’t want to be exposed to, but specialists (e.g. in law enforcement) will usually find a way in if they need to (and they have done in many high-profile busts of so-called anonymous services).
Here is a recent example of how anonymity has to be all-encompassing. Carl Stewart, 39, posted a picture of a block of Stilton cheese on encrypted messaging app EncroChat.
This seemingly innocent photo was used by police to identify Stewart who was later successfully convicted with high-profile drug dealing.
Here, one leaked variable of Stewart’s anonymity was enough to identify him. All the technology in the world cannot save your anonymity from human mistakes, behaviour and error, no matter how criminal or innocent the act is.
Why Do People Go Anonymous Online?
So why should anyone consider going anonymous online in the first place? What are some legitimate reasons for going anonymous online?
Whilst online anonymity often evokes images of nefarious activity and crime, this constitutes only a small minority of those who take internet anonymity and privacy seriously.
1) To Protect Sensitive Data
The most obvious motivation for anonymity is to protect your personal data from intrusion, eavesdropping, hacking or theft. A key example are business VPNs that allow everyone across the business, either on-site or remote, to access the same encrypted channel.
It isn’t just the users that can access that VPN, but any and all wireless devices ranging from cameras and printers to IoT sensors. Many wireless devices can provide a backdoor to hackers.
Taking steps to control your privacy online also secures your data against theft, particularly when using public networks, but also at home.
Anyone who is regularly in contact with sensitive, personal or otherwise private data ranging from financial details to discrete personal data or legally sensitive information should take privacy more seriously.
Doing so will reduce the incidence of data breach and cybercrime, which is forever rising.
Taking basic steps to secure your internet browsing will protect you from identity fraud, which resulted in losses of some $56 billion in 2020 in the US alone, harassment, spam and other forms of cybercrime.
2) Because Privacy is a Spiritual, Social and Cultural Principle
“All human beings have three lives: public, private, and secret.” – Gabriel García Márquez, Gabriel García Márquez: a Life.
Privacy is something humans value greatly. That’s why we build our own contained houses and flats with door, curtains and shutters. We only give away our personal information to each other in person when we’re comfortable with one another.
Humans don’t walk around announcing details about their personal life – their address, their favourite ice cream, their place of work, waking hours and commuter methods. We generally respect that the only people who are entitled to this information other than those we choose to tell are the government, law enforcement or other official and transparent organisations.
Our identities are obviously unique to ourselves and contain a vast amount of personal data that can provide various insight into our lives. This information should only be trusted to a select number of individuals, preferably as few as possible.
The internet has changed the way we deal with our personal details. We readily give away our names, addresses and telephone numbers pretty much whenever we sign up for an account.
In many ways, this is an inevitable side effect of internet usage. Pew Research found that some 59% of people believed it was impossible to stay anonymous online, and in many ways, they are right. To retain 100% online anonymity at every second of the day is arduous, perhaps not even possible if you still retain some connection to the internet for the sake of shopping or social media.
But even then, there are many things you can do to limit your digital fingerprints and become harder to track. There does not need to be any motivation for this other than for the value of privacy as a principle.
3) To Protect Against Harassment and Spam
Owning a public persona on the internet can be risky, annoying or even frightening. When we create social accounts, make posts on the internet under our own name and fail to protect our personal information, we leave our lives open to harassment.
You don’t need to be a celebrity to have an online persona or presence to suffer harassment online. People from all walks of life can suffer serious harassment and personal intrusion due to exposing their data online.
There are 3 main types of digital harassment:
- Doxing: When your personal information is released on the internet. This could be sensitive personal contact information, social media accounts attached to false allegations or any other personal information that allows people to intrude on your life.
- Swatting: Swatting occurs when someone calls the emergency services on someone on alleged false allegations, often serious crimes like murder. The Wichita 2017 swatting incident even resulted in the death of an innocent man. The hoax caller was sentenced to 20 years in prison.
- Revenge Porn: Revenge porn involves the release of intimate photos or videos. Revenge porn does not have to be sexual in nature, it could entail any media that has the potential of damaging someone’s reputation, future or mental health.
In addition, people want to hide their identities online to discuss sensitive issues that they don’t want to attach to their identity. These can be anything from issues with mental health and sexuality to political ideas. You might also want to research certain topics from an anonymous connection.
4) For Commercial and Business Intelligence Purposes
The internet is a competitive landscape and there’s little point in denying that publicly available data is accessible to others for analysis and intelligence.
One key example is business intelligence and the process of web scraping. When scraping data, you might find your IP is quickly blacklisted. Staying anonymous via the use of a proxy or VPN can help you evade capture when web scraping or performing other types of research.
Moreover, if you’re conducting any sort of sensitive legal or business research, anonymity is critical.
Echo Analytics Group provides an excellent example of why anonymity is important for research and intelligence purposes:
An anti-fraud analyst finds incriminating data or information on a website. When they went back to collect and report the evidence, they found that it was gone – likely deleted by the site owner.
The site owner was able to trace the traffic back to the anti-fraud team, likely by approximation to the bank they worked for. Had they have remained anonymous, this would likely not have happened.
Another example is a lawyer or law-enforcement officer researching potential digital evidence relevant to a case. If the suspect identifies and traces the traffic then they can tamper with and delete the evidence. Approaching the evidence under the veil of anonymity helps avoid this scenario.
So there we have it, 4 undeniable and legitimate reasons why you should take online privacy and anonymity seriously
Let’s now move on to review some methods of how to stay anonymous online.
Start With The Basics: Email and Messaging Apps
Most of us exchange very sensitive information via email and messaging apps on a near-daily basis. Even mainstream email services are not particularly privacy-first.
You may not think that your email and messaging services present and serious risk for privacy, and you’re probably right on the whole. That said, it really depends on the type of information you’re sharing and how sensitive it is. Highly sensitive information (e.g. that with high financial or legal ramifications) shouldn’t be shared via mainstream messaging apps and email where possible.
Whilst Gmail, Outlook, Yahoo and other main brands seem pretty secure, they still have certain permissions to look at your data and their security does sometimes lag behind that of more privacy-centric services.
WhatsApp is much vaguer and it’s pretty difficult to tell what they do/don’t use your data for. Whilst your data may not be used against you anytime soon, you need to ask yourself; “what if things change in the future?”
Right now, there are 3 messaging apps that are heralded as privacy-first in the cyber defence and security industries:
These companies are not (currently) bankrolled by corporations and do not (currently) work with data intelligence services like other messaging services.
Signal is by far the most popular of the 3 and at the time this article was written, it rates as the strongest alternative to the mainstream messaging apps.
Signal registered astonishing growth in 2021 as WhatsApp users became sceptical of updated data and privacy policies. Of course, in the case of serious legal incidents, these apps are still liable to give up what data they have, but they beat the standard options in every privacy department.
Secure Email Services
Topping the ranks of secure email services is ProtonMail. ProtonMail is now marketed at both individual users and business users.
ProtonMail has maintained strong privacy policies and ethics since its foundation. They don’t require sensitive information upon sign-up and all data is end-to-end encrypted and encrypted at rest. Encrypted storage space is limited but can be upgraded at a low cost.
ProtonMail also integrates with PGP.
Use Public Wifi With Caution
Public WiFi has long been associated with privacy concerns.
The main risk is when a hacker performs a ‘middle-man’ attack by positioning themself between you and the WiFi connection. By doing this, the hacker will receive all information relayed between you and the WiFi. They can target both individual and multiple users.
Another possibility is that the hacker uses the public connection to distribute malware to users with ‘file sharing’ controls enabled.
Modern public WiFi makes these situations less common, but you can’t verify how modern the wireless infrastructure is, particularly if you’re connected in an unfamiliar country or area.
The easiest way to combat these threats is to avoid public WiFi. Tether internet from your phone us use a secure dongle instead of public WiFi where possible.
If you do use public WiFi then make sure you:
- Exercise caution when surfing sites with certificate errors
- Avoid calling up unencrypted URLs (e.g. HTTP and not HTTPs) – you can toggle ‘always use HTTPS’ on some browsers
- Turn off all file sharing
- Avoid exchanging or using sensitive data
- Clear the network from your device when you stop using it
- A VPN provides a superb means of security when using public WiFi as the hacker will not be able to view your information the Federal Trade Commission and Cybersecurity & Infrastructure Security Agency (CISA) recommend using a VPN at all times when accessing the internet via public WiFi.
Alternatively if you’re managing IT infrastructure, you can mitigate IT threats via Rubrik.
Clear Cookies and Be Aware of Digital Fingerprinting
Almost every site uses cookies in some way, shape or form. Whilst some cookies simply save benign site settings to your browser for rapid recall, others are designed to track your activity online.
GDPR rules have made it easier for users to take control of their cookies. Many sites must now ask for permission before downloading anything but ‘essential’ cookies to your browser.
Clearing cookies regularly is good internet browsing practice, but digital fingerprinting is a different beast.
You can find an in-depth guide to digital fingerprinting here. In a nutshell, our browsers, software and even hardware create a highly digital fingerprint that can be saved server-side, outside of your control. By using your digital fingerprint, tracking services can track your online activity without cookies.
Digital fingerprinting can even escape the protection of VPN – other browser data is still exposed despite the encryption of traffic.
VPNs still reduce the data within your digital fingerprint, but fail to provide complete protection – NordVPN admits this here.
The most potent tool we have against digital fingerprinting is Tor. View this post to discover strategies for hiding your digital fingerprint.
The Tor Browser
Anyone researching internet privacy and anonymity strategies will come across Tor, if they haven’t heard of it already.
Tor was forged in the fiery depths of internet privacy. It was initially supported by major military organisations including the US Naval Research Laboratory, the Office of Naval Research (ONR) and the Defense Advanced Research Projects Agency (DARPA).
You might often hear that Tor was invented by the American government and there is some truth to this. Tor has evolved through the late 2000s and today, it rates as a world-leading privacy and anonymity tool that is very difficult (though not impossible) to track, trace or hack.
Here is a brief rundown of how Tor works:
- When you ordinarily connect to the internet from your PC, your IP address, browser and device data is directly exposed.
- Conversely, the Tor network works via several layers ‘the onion’. Each layer routes your connection randomly through the network. The data is encrypted en route through the network and exits the ‘onion’ via an exit node. As such, the data that entered originally is not easily back-traceable.
- Tor browsers should all have the same fingerprint, making them a solid protection tool against digital fingerprinting.
- Problems can still arise when the ‘exit node’ is under control by someone you want to keep your data hidden from. Tracing traffic to its origin is not impossible, but is difficult to do automatically.
- Largely, Tor’s security for standard online anonymity is very solid. If we recall our motives for privacy, then Tor would be a solid option for surfing sensitive data or operating an anonymous social media account to discuss personal private issues at least.
“In the end, the approach chosen by Tor developers is simple: all Tor users should have the exact same fingerprint. No matter what device or operating system you are using, your browser fingerprint should be the same as any device running Tor Browser,” Pierre Laperdrix – Software Security Expert and Researcher.
VPNs: Useful But Know Their Limitations
VPNs connect users to a subnetwork that provides end-to-end encryption. The VPN acts as the mediator, it basically shifts your traffic so it’s no longer coming from you but is instead coming from the VPN. VPNs create an ‘encrypted tunnel’ through the internet, shielding your data. They ensure that your outbound traffic is encrypted and secure.
VPNs have grown in popularity and there are some big brands competing in the best VPN space:
The primary limitations of VPNs are that they can be subject to data leakage. The best VPNs (including the 3 above), feature ‘kill switches’ and other fail-safes to prevent your IP address from leaking when you connect or disconnect from the VPN, even for a fraction of a second. Never use a second-rate VPN, it’s just not worth it.
VPNs will only protect your IP address from a digital fingerprint. Whilst your traffic is encrypted, your browser fingerprint remains visible.
Proxies Have Their Place, Too
Proxies have been around for years and still rate as a solid option for hiding your IP address with a basic level of protection.
Proxies effectively block malicious incoming attacks on your computer. They can be combined with a VPN, a popular setup for businesses looking to protect some of the incoming protection of a proxy with the outgoing protection of a VPN.
You can also use a proxy to protect your IP address when web scraping, as the target site won’t see your own IP address but the address of the proxy server. This is also very handy for switching geo-locations to scrape data geo-unique data.
Proxy pools allow you to make a high number of requests to a site without getting blacklisted or banned. Proxies for web scraping and data mining are much more practically useful than a VPN when encryption is not so much an issue, but connecting from a pool of different proxy IP addresses is.
- Proxies are intermediary servers separating the user and the internet destinations they browse
- Hide your IP address but do not encrypt traffic
- Provides solid inbound protection but poor out-bound protection
- Proxy pools are very useful for webscraping and business intelligence
Use Tails for Further Anonymity
Tails OS gained notoriety when it was revealed that NSA whistle-blower Edward Snowden used the OS to hide his identity whilst sharing NSA information with journalists Glenn Greenwald and Laura Poitras.
Tails is a ‘live operating system’ that works via RAM, which is deleted when the session ends. It leaves no trace on the host PC you use it on. It has a handful of pre-configured privacy-first apps installed including an email client, web browser, IM app and even an office suite. Based on Debian GNU/Linux, Tails is free.
Combining Tor with Tails allows you to hide both your wireless and hardware data. Tails even offers a method of saving a limited quantity of files via Selective Persistence Storage.
Qubes OS is another option that squashes your data into elements called “qubes”. These are esoteric operating systems with esoteric uses – like leaking NSA secrets to journalists. They will likely be used by other trustees of extremely sensitive data.
Can You Ever Be Truly Anonymous Online?
You can be functionally anonymous online, anonymous enough to:
- Protect your data and privacy
- Make your identity much harder to trace
- Act as a free agent not tied down by location or other identifiable personal data
For the vast majority of people, this covers most of the bases and/or principles.
Beyond that, it really depends on who you’re trying to hide from. Anonymity for high-profile esoteric purposes like serious whistle-blowing can’t be easily brewed up by amateurs – this level of anonymity takes a lifetime of dedication.
That said, there are some combinations of tools, e.g. Tails and Tor, that render your identity exceptionally hard to track, provided you take the necessary behavioural steps required to keep yourself hidden (like not sharing files, images and other data within the session).
Summary: How Can You Become Anonymous Online?
To summarise, online privacy and anonymity are related but ultimately different. Whilst most of these steps and suggestions enable you to enhance your privacy pretty much immediately, true anonymity is much harder to obtain.
One final suggestion is to check your browser and session using Whoer. You can also find and analyse your digital fingerprint using CoverMyTracks.
With research, work and tenacity, you can successfully reclaim your online privacy or even push forward to truer anonymity.
FAQ
Is Online Privacy Important?
It depends on your personal principles and ethics. In a universal sense privacy is important to everyone in some way. We don’t walk around shouting out our personal information, let-alone our secrets. But, we probably still discuss them on messenger apps and social media. That data will be used in some way or another – our privacy is under constant pressure. So yes, privacy is important as to give up on it is to lose control of our personal lives and right to keep some things private.
Can You Be Anonymous Online?
There are varying shades of anonymity. It is theoretically possible to remain one step ahead of any individual or organisation that wants to discover your identity, but this level of total anonymity is not conventionally achievable. In reality, you’re trying to find the highest level of anonymity possible to make tracking and tracing you pointless. So, it really depends on your motive for anonymity. Protecting your identity as you post on Reddit? Sure. Protecting your identity whilst you leak sensitive government documents? Not so easy.
What Are the Pros and Cons of Anonymity?
The pros of anonymity are data protection, freedom of expression, speech and movement. Also, we shouldn’t be required to give up our identity to anyone who asks – there should be a very good reason to be forced into giving up your identity (such as criminal activity). The cons of online anonymity is that it opens up a vacuum for potential sinister usage. It can be hard to verify what is true and what isn’t. Anonymous accounts can act without discretion with potentially damaging results.