Operation: Shadow
Anonymity is a lot less dangerous than uncontested power
Navigating Hostile Cyberspace
Many people are outright victims of virtual imprisonment. Social media addiction is just the surface of a panopticon of data-mining and manipulation. If this wasn’t bad enough, governments and public-private partnerships alike are further working to analyze, contain, and restrict dissent. This asymmetric use of technology enables innumerable abuses and consolidates power in terrifying ways. Almost everyone recognizes that people’s behavior has changed drastically due to online pressures, very few imagine the sum total effects this has on society.
If only there was some way out! A way to not attach every click, paragraph read, or comment left to a permanent record. A way to opt-out of this all-pervasive system of individualized discrimination. There is such a way: anonymity. Anonymity used to be the default online. Someone downloading a web page didn’t automatically need to divulge who they were individually. Even when websites had user accounts, they could be disposable and didn’t need to collect so much sensitive personal information.
More and more services are collecting, and sometimes requiring increasing amounts of personal information. This can disproportionally create risks for some. Things have deteriorated into such a state where one requires constant effort not to divulge who they are to certain entities online. There is a wide variety of technical means available for those interested in following specific individuals, or even subsets of the population across cyberspace.
There have been many prominent voices pushing for the eradication of online anonymity. Elimination of online anonymity is the digital equivalent of banning cash. In a misguided attempt to crack-down on crime and abuse you rob people of privacy and protection from discrimination when they need it most. One individual may not want a public profile attached to their name, but is still comfortable divulging their information in particular situations. Individuals from all walks of life should be empowered to only provide their identities when necessary and desired.
Threat Modeling
You may feel no danger seeking out information, or speaking your mind online, but that’s no comfort for others who might. Different people will have different risks, and the louder one aims to be the more enemies they tend to accrue. Anonymous speech potentially enables anyone on earth, to raise attention to a grave injustice with a much lower risk of retaliation. This is an essential trait to combat tyranny of all kinds worldwide.
Issues can be big or small, but no matter how powerful a person is, they are still one human being. There are absolute limits to how much they can protect themselves from retaliation from rivals, stalkers, and abusers. These threats can all be individual people, groups, or even entire institutions. Below, a threat modeling infographic is provided.
If one requires perfect anonymity, attaining it is quite a feat. That said, it’s important to understand that this is not an all-or-nothing ordeal. Every step one takes to protect themselves online, affords them some defense against particular threats. One does not need to be a mastermind cyber-criminal to appreciate the benefits of incremental security improvements. It is critical to not let a sense of defeatism or nihilism creep in, small improvements do have a large impact.
As the web itself becomes nearly entirely consolidated by large corporations, hostile governments, and public-private partnerships, there are bound to be many who choose to make a conscious choice to go a different direction. Even if you’re not willing to go as far to protect your digital independence, there’s quite a bit you can do to help make it possible for more and more people. I don’t take this lightly, but I consider this piece the most important I have written to date. Even more important than Reclaiming Territory in Cyberspace. The dark web and it’s derivatives is a topic that is surrounded by myth and rumors of questionable intent. There is quite a bit of technical knowledge that is vital for people to understand, even without the desire to interact with these systems.
Where did all the whistle-blowers go?
Anonymity protects those who don’t wish to be mistreated or otherwise silenced because of who they are. Many authors have published books or articles under a pen name, other times people would put up posters while concealing their identities. There is a significant bias against those choosing to speak out without exposing their identity. There is an understandable reason for this; staking your entire reputation on a cause or a mission can add significant weight to one’s words and actions. On the other hand, those who speak out in their name are shackled to pressures and incentives of their own existence in a world that is much bigger than themselves. Anonymity is one of the few scenarios where ideas can truly be judged on their merits, rather than associated with a person or groups reputation and perception.
You should never take anything anyone says at face value. Confide in trusted friends, research the claim yourself, but never dismiss something entirely because it merely comes without a name. While in some ways we are all more free to express ourselves than ever, the costs of non-conformity with present and future dogmas are permanent and extreme. Many problems today exist because hardly anyone is willing to threaten their livelihood rebuking authority, even when desperately necessary. This is terrifying because it creates a positive feedback loop that selects against any bottom-up feedback in society. People will constantly acknowledge that their leaders in government, business, or even civil society are deaf to their concerns and needs. If nobody will speak out…how can things change? In light of this anonymous speech is arguably more important than non-anonymous speech. It potentially allows for grave errors to be corrected, if nobody is willing to stake their social standing on it.
The suppression of anonymity takes two major forms:
Introducing surveillance or identity verification as a requirement in more circles of life.
Proactively working to de-anonymize people or discourage them from protecting information that exposes them to risks.
You can refuse to participate in domains where you’re forced to give up your identity, but once an anonymous person becomes known, they will never again be unknown. This is especially likely in the case of dissidents or critics, who may have valid reasons for protecting their identity.
Online anonymity is important, despite being near impossible
Big services like Google, Microsoft, and Amazon (among others) spend a massive amount of effort trying to understand every person that uses their platform(s). So much so, that there is a great deal of surveillance infrastructure that ’trickles down’ to glean even more information from people elsewhere across the web. When using any of these top-down platforms you are at minimum an unpaid worker providing data about you and people in general. For better-or-worse every action you take while using these systems is you acting as an informant for the stakeholders that they represent. Far too many people assume they aren’t saying a thing if they merely lurk or passively view content. To the contrary, where your attention goes says a great deal about you and even others.
A coordination problem
The web, or even the internet as it exists wasn’t built in a day or by a single entity. The internet is largely a compromise between all kinds of different people, groups, and institutions. At least for now, no single entity has complete control over all of it, and we should all hope it stays that way. Beyond merely pleading, there is a great deal many of us can do. Even choosing to use a site or platform that collects moderately less information can have lasting impacts. If people understood how much effort was made to steer their attention, they would appreciate how much of a valuable force it really is. Due to the very complexity of how things are now, there is no ‘silver bullet’ that can easily, simply, or quickly solve all or even many of the problems. Focusing on incremental change isn’t just the best option, it’s all anyone can do to make a difference.
The Internet’s Achilles Heel: DNS
What is a website? is www.example.com a website? That address is a domain name that allows your browsers and apps to connect to a specific server. DNS stands for domain name system. In theory, DNS is actually decentralized because while there are well established DNS servers and registrars, all it does is connect network addresses to names. There is little other than inertia preventing people from using alternative systems.
As it exists, most web administrators will generally register their domain with a regular domain registrar which is a company that runs their own nameservers. Usually, this requires a real name and address. In addition to this, payment methods like credit cards or non-private cryptocurrencies will make easy work of identifying who registered a particular domain. Because of this, and many other things it’s almost impossible to host a website or online service anonymously as an individual person or group. While people who visit your site may not know who you are, but it’s trivial for somebody to find out.
Domain Seizures
Due to the lack of anonymity, it’s entirely possible for governments or even public-private partnerships to demand domains be seized. Domains are registered by legal entities and many domains have already been seized to combat all kinds of criminal activity. The danger of this is that there may be a future where domain registrars have to police the content on domains registered by them. Just as Facebook, YouTube, and Twitter/X in the past have taken an editorial stance over their platform, it’s not impossible for registrars to do the same.
DNS Censorship
The registrars are only part of the equation. Nameserver operators can also be compelled to block sites in the name of preventing copyright infringement, serious crimes, or political expediency. Already we are seeing countries like France become more totalitarian online for political reasons. It would be naive to believe that this isn’t already a worsening trend.
Surveillance
Because DNS queries are so useful for understanding how people use the internet, it’s trivial for Internet Service Providers (ISPs) and other entities to sell valuable batches of unencrypted dns queries. In most cases the default setup is unencrypted and possibly not cached, meaning many entities know who’s visiting what sites, and how often. This is but one of many ways to track people across the internet. There are many more ways in which people are identified and manipulated online. It’s perfectly reasonable to want to simply side-step all the insanity and simply start fresh.
Tools of the Technocracy: #4 Online Identity
There are some good reasons to attach your identity to online interactions, there are just as many (if not more) good reasons not to. It is important to understand how your actions ripple across the …
Using a Darknet
The simplest “darknet” is a computer (or group of them) not connected to the internet. It’s quite straight-forward for someone to keep an “air gapped” (disconnected) machine as an offline repository for records and information management. Any means to connect one computer to another, that’s not widely accessible is technically a “darknet”. The phrase the deep web is often associated with Tor hidden services, but has also been quite erroneously used to describe fringe or unpopular websites on the regular internet.
Anonymous browsing
A major use of darknets is for people to browse the “regular internet” anonymously. This is one of the primary uses of Tor. Anonymous browsing is a significant challenge and requires a significant amount of caution. However, the benefit of being a Tor user on the internet is that with some caution, you blend in with all the other Tor users. Unlike using a personal use VPN, using a darknet to proxy your connection to the regular internet allows you to act like a fish in a massive school of internet fish. The bigger the school, the lest identifiable, and ideally less of a target you are.
Hidden Services
Hidden services are where darknets get really neat. Remember everything said above about DNS? Forget it! Hidden services sidestep all those issues all at once. There are other ways to decide who connects to who. An alternative method is to have each site generate encryption keys that secure the connection, and identifies them as a key. Once this is in place, it’s possible to route messages anonymously through the network. Through a marvel of modern mathematics, you have a new layer to the internet where it’s possible to have truly private and communications that can’t be censored.
Website Mirroring
By making your website accessible over darknets, you’re allowing those who may come from oppressive regimes to access your content. In addition to this you protect your online presence from censorship and domain seizure. It’s best to mirror a static site that doesn’t rely on cookies or javascript. Running a hidden service yourself is free, so it’s an option to archive a website after you no longer with to pay for regular hosting.
SecureDrop
The possibility of online anonymity and hidden services are potentially a great boon to whistle-blowers from all walks of life. In an environment where your average well-rounded citizen is capable of at least browsing the darknet, those who wish to right terrible wrongs may have the capability of speaking out without retaliation. Many damaging and twisted scandals could be broken far earlier, preventing even more damage in the long run.
SecureDrop is a fancy tool that allows people to submit information anonymously over tor. Running as a packaged hidden service, and being Free Open Source Software, it’s even easier to democratize real transparency.
Examples
DIY VPN
In a close circle of trust, it can be helpful to share information or provide members only-services. You can create your own darknet by creating your own VPN or using SSH tunnels. Using either Wireguard or OpenVPN you can create your own private network for you own internal services. For a small group and community, you can significantly protect your digital activities from prying eyes by rolling your own hidden services on your own virtual private network.
Sneakernet
Embrace the analogue and burn your information to optical disks and send them in the mail like how netflix started! Got some homing pigeons? You can be the bleeding-edge of IP over Avian Carriers. A local community could use Operation: Beehive to cooperate on all kinds of interesting projects over a sneakernet.
Tor
Tor is short for The Onion Router. Onion Routing is how messages sent within the tor network stay anonymous. Tor uses special clients called bridges that allow traffic from the network to go to the regular internet, allowing people using tor to access regular websites.
Snowflake ❄️
If you’re interested in supporting those working to protect their privacy and/or overcome censorship, Snowflake is a great way to help people connect to the Tor network.
Distributions
There are a variety of linux distributions created to assist in aspects of using the Tor network. Tails is a temporary operating system to make every session start identically on the Tor network. Like tails, Whonix routes all it’s traffic over Tor. If that’s still not enough for you Qubes OS allows you to create disposable whonix virtual machines.
I2P
Not as interested in touching the regular internet? Are you looking for a darknet with hidden services specifically in mind? The Invisible Internet Protocol (I2P) may suit your needs.
Limitations
Perfect anonymity is extremely difficult. While darknets can protect your private information online, it can be difficult to hide that you’re using one. This makes darknet users, and those who wish to protect their privacy online in general, significant political targets from those who would like to seize control over digital communications in whole or in part.
User Error
The greatest threat to one’s online privacy and security is PEBKAC errors. Your own mistakes, and capability to be manipulated is not to be underestimated. If you require perfect anonymity, ensure that you are diligent and don’t become complacent. Even as someone who doesn’t need anonymity, you’re not immune to cybersecurity threats and all kinds of information can be leveraged against you.
Fingerprinting
Despite the best efforts of many intelligent and skilled people, perfection is far from within reach. Many sophisticated surveillance tools are precisely tuned to identify patterns and correlations. This means that even the smallest technical detail can be used to potentially identify people
Browser features
A great deal of the modern ‘conveniences’ that current-day browsers have tend to leak sensitive information, when making choices about your setup, it can be wise to rely on basic text and images rather than full single-page applications.
Size of the network
When swimming in a school of fish, numbers matter. Efforts to discourage people from knowing how to use privacy tools greatly undermines everyone’s ability to not only be anonymous online, but also to escape abuses by big tech platforms. For now, Tor users are not numerous enough, or don’t have enough social capital to prevent big tech services from discriminating against them. In part this is because any privacy tool can be used for nefarious means, and they are often restricted as a security caution.
When a privacy network is small, it becomes much easier for those with significant resources to either target specific people within it, or even de-anonymize the entire network. In an ideal world, enough people would use these tools to protect dissidents from retaliation, and law enforcement would still have the tools to go after violent criminals through other means without compromising lawful people’s privacy.
Additional Resources are available on the website
Thanks for explaining all this, Gabriel, I haven't understood these terms. And it's timely for me because my hosting service has now changed the SSL for my emails (again!) so it either doesn't recognize my password (if I change to the vague 'hostingplatform.com' address) or it stopped receiving on one and stopped sending on the other.
Rather than trying to solve this, I'm taking it as another reason to dump Network Solutions. And it's been a relief to check the Substack app on my terms rather than being a rat responding to the ding.
But I feel like I'm heading in the opposite direction. Rather than having private conversations seen by 4 eyes, I'm putting them out for 4000 eyes to see. An experiment in fearlessness and full disclosure so there's nothing I'm protecting. I'm not recommending that, just where I've landed in the complexity of all this.
I've been trying to figure out Session for a conversation with an encryption-savvy friend. After finally solving his word puzzles to get his ID, I could retrieve some messages that linked articles I'd already seen and public messages with files I already knew (on Malone) or thought were propaganda (on Yeadon). It won't let me send without unblocking him (which I didn't knowingly do and don't know how to undo). It feels very spy vs. spy for no good reason. But it could be Malone's spy-goons already intercepted that convo and blocked him, since it's one I made Malone aware of back when I thought he was on the level.
And do I want to be the holder of incriminating data that someone doesn't want to get out? It feels like the safest route is to publish immediately, as speculation or unconfirmed clues. Then it's in the public domain and other people can comment and figure out if it's likely true or not. I don't know.
Wow, this looks like an amazing monumental piece Gabriel. It is high up on my "To Read & Contemplate" list.