Two Letters Re: Semi-Anonymous Internet Access

Introductory Note: Some of the activities suggested in this letter may not be legal in your country or your US State. Please ensure that you are familiar with any related laws before attempting any of the methods outlined below. They are therefore provided for information only:

With regard to the recent article on semi-anonymous Internet access and the use of wi-fi, by Jeff T:

I agree with many of the suggestions in this article, but also wanted to expand on these and identify a number of possible additional risks associated with using wi-fi connectivity.

Ben from Tennessee is quite right that one of the biggest “finger prints” left behind on public wireless networks is the MAC address of the wireless interface within the PC, indeed many pay-to-use public wi-fi systems use the MAC as part of the browsing session validation process, so linking and storing details of the MAC used to any account details (when, where, how long, and more importantly what public IP address was used connecting to the Internet). The MAC is “burned” into every network interface at the time of manufacture (wired and wireless) and is unique to that device – effectively its DNA or finger print.

There are a number of ways that you can “hide” your real MAC address online (wired and wi-fi – and you may want to consider the wired option if staying in hotels with wired only connectivity etc), but one of the simplest for users of Microsoft Windows is SMAC. I have no relationship with this company, other than having paid for and used their products over many years, both personally and professionally). This tool allows you to change the MAC address of your wired and wireless interfaces’ through a Windows based application. Regular changing of your MAC address is the first step to reducing the audit trail of wi-fi connectivity you leave behind – especially if you use free to access/non pay-to-use/no-need-to-register systems.

There is a “feature” of Microsoft Windows, when wi-fi is enabled, that a lot of people do not know about! (Yes, I know we should all be using some form of Linux, I prefer Ubuntu & Gentoo, but this is aimed at those who are happy with “Bill” and lack some of the technical ability required to move to a Linux based system – at least initially).

When a wireless enabled PC running Microsoft Windows is unable to find any wi-fi access point (hot spot) with which to connect, it can (at least in its default configuration) actively seek one out. To do this it sends out provocative wireless signals attempting to connect with a network it has previously connected with. It will cycle through all of the network identities (names) it has previously worked with. All of these packets are sent in the clear and can be captured by anyone with a simple wireless tool running in “sniffing mode” nearby. The key issue here is that all of the network names you have connected with are disclosed cyclically over a few minutes. Coupled with an online resource such as WiGLE, this information can be used to establish a profile of the PC owner – where you live, work, eat, drink coffee, go to the gym etc, anywhere you use your portable PC with wi-fi. You may want to check to see if your home or employers wi-fi access point is on WiGLE?

Another aspect of wi-fi seldom considered by most people relates to OPSEC [and COMSEC]. In a localized grid down situation it is pretty obvious who has power in my neighborhood, as their wi-fi access point is clearly powered up and sending wireless signals that reach several hundred yards away – those access points on higher floors of high rise buildings, or those up the hill with a clear line of site to my house, go even further. Since the central office is still up on batteries or generator, these people keep their ADSL router on to maintain access to the Internet, and since they normally use wi-fi to connect with their PC’s, they continue to do so. Whilst this may not be so much of an issue for those “in the wilds” it is an issue for those in urban and sub-urban environments, where the neighbors, or more correctly their battery powered laptop powered up to watch a DVD or listen to a CD, spotting your access point could bring unwanted attention to your front door?

In my neighborhood with the majority of wi-fi hot spots (>98%) off due to the power failure, the signals from the few that are still working appear to go that much further, due to the greatly reduced interference. You may want to try this the next time the power goes off in your neighborhood – you will be amazed when you see all of these new, but very weak, wireless signals from those with UPS systems and back-up power within ~½ a mile of your home. Those that use their business names as the wireless network identity really stick out, as do the people who name their home wi-fi networks after the family name or home address (e.g. “Holmes home network” – I can look you up in the phone book, or even worse “128_Western_Avenue” – I can read a map!)

You also need to remember that even with the access point turned off, the client PC (or Macintosh etc.) will be sending out those provocative wireless signals in an attempt to connect with “something”. These signals can also be detected and give your location away, along with the fact you have access to power & working technology! This is especially a problem if your PC is set up to allow client to client connections over wi-fi (also known as “ad-hoc” connectivity – you may have this turned on by default) A simple Windows PC nearby will spot this device easily – and what did you call your client PC, another possible OPSEC leak? I did wonder if this could have been an issue with “movie night” in your novel, Patriots, though the remote location probably reduced the risks?

To prevent any wireless signal becoming a problem you should always be sure to turn off any wireless capability (Wi-fi, Bluetooth, WiMax etc) if you are not using it, if only to save on the battery drain, and remember to do it at both ends of the link. This is equally true for PC’s, Mobile phones, PDA’s, and if you have a much newer car – its integrated Bluetooth/hands free capabilities too !

On a more general level, there are many PC related problems with achieving anonymity on the Internet, with processor IDs (turn this off in the BIOS), TPMs (Trusted Platform Modules – an embedded secure crypto-processor on the latest models – turn it off), License ID’s – Operating systems, including automatic software updates etc, and a whole host of other “meta data” that gets sent with all of our network traffic. Ask what is your online media player or virus guard/firewall downloading for you in the background whilst you thought you were being anonymous? For the more technically minded and PC savvy, downloading a copy of Wireshark to your PC can be quite enlightening, and frightening when you see what it is doing “in the background” over the network to which you are connected.

Certainly buying an older laptop PC and using this (with an ever changing MAC address) can go some way to achieving local anonymity when using wi-fi, but you still have issues with data remaining on the PC that is resent at a later date, and this is less than ideal. It is possible to run most PC’s without a hard drive – just physically remove it yourself, delete it in the BIOS, unplug it – leaving it in place in the laptop, or just buy a used PC from a company that has already removed it as part of their disposal security procedures.

Using another working and Internet connected PC you can download and “burn” a bootable CD or DVD (sometimes called an “ISO image”) that will give you a complete operating system with Internet access and an email client. It does everything your “normal” PC does, but when you switch this off it will not retain any historical data, and when you restart it, it will always boot “clean” with no residual meta-data from your previous online activities – you can transfer any data you wish to retain to a USB thumb drive, suitably encrypted of course, but never import this back onto the “anonymous” PC!

If you do not feel confident with doing this yourself, you can download or purchase bootable disc’s that are sold as simple “data recovery” tools – these are mostly Linux boot disks that help you to recover your data from the hard drive if Windows fails. They work quite well as anonymous operating systems if you take the correct precautions and should only cost a few dollars at most. You do not want or need professional level tools, and many are available pre-configured for your specific make and model of laptop (these are the ones you typically pay for). Put the disk in, hit the power button, and less than a minute later you have something that looks a bit like Windows, and after a few minutes getting familiar with it you should be browsing the Internet.

Finally there is a “whole other article” on anonymous proxy methods (e.g. TOR) which should be used in conjunction with all of the above methods when attempting some form of anonymity on the Internet.

The reality check with all of this is: If you are being specifically targeted by the authorities (or “hacker community”) there is little you can do to prevent yourself from being monitored, especially if you repeatedly conduct all of your online activities from a specific location (e.g. this could be a single wi-fi hot spot in the library, or a wider town area with multiple wi-fi connection points).

Only the “perpetual traveler” without a known itinerary or means of having their travel activities traced can hope to begin to achieve true anonymity online using these techniques, but that should not stop us from taking the most basic steps to maintaining our where possible.

Kind Regards, – Ian


In response to the letter, Semi-Anonymous Internet Access: Connecting to publicly available wireless networks (or piggybacking on an unsecured, private wireless network) does add a degree of anonymity – but comes with a few caveats.
1) It may be illegal where you are. Anything illegal you do may put the owner of the access point into legal trouble as well. The law is generally poorly worded or undefined when it comes to the area of ownership of wireless access. Do your research.
2) Professionally maintained wireless access points will have audit logs, which may include time and date of access, MAC address, computer name or user name, customer identifier (if any), and what sites you visited. Never do anything that would connect your identity to that audit trail.
3) Unless secured by another method (such as HTTPS, used by e-mail providers and online vendors) connecting to an unprotected wireless access point exposes you to the risk of someone eavesdropping your internet activity, or possibly even infecting your computer with viruses. Be security minded.
4) Just like using the public computer at the library, you lose anonymity if you establish a routine. Connecting to the same network every day means, should someone be trying to find you, they just have to watch that network and wait for you to attach yourself to it.
5) As JWR’s son mentioned, doing anything which connects to your personal identity, or engaging in a routine you engage on elsewhere, will eliminate your anonymity. Criminals have been prosecuted for crimes because they paused long enough to check a friend’s facebook page. Limit the work you do during that session to what you must do, preferably downloading it to your hard disk rather than reading it “live”, so you can disconnect and leave. The more time you’re connected, the more you’re vulnerable.

Using someone else’s wireless internet access is perhaps the easiest way to greatly decrease your internet signature. There is the problem of the MAC address. A MAC address is a code programmed into your wireless network card. The easiest way to change it is to buy a new network card, but that gets expensive. For many cards, it’s possible to find a utility (oftentimes not by the vendor) that changes the MAC address on that card. Find it, download it, learn to use it. There is nothing illegal about changing your MAC address.

JWR’s son was also correct that the easiest way to sidestep data leakage is to do as the government does it – one computer for sensitive (personal) data, and one computer with no personal data. You may take data from the non-personal over to the personal, but never ever transfer anything from the personal computer to the non-personal, and never ever use the non-personal to visit your favorite web sites (e-mail, facebook, gaming sites, work-related sites, blogs, etc.) Your web visiting habits are as individual as a fingerprint. Wear gloves.

Some other ways to get privacy – download and use The Onion Router (TOR). TOR is perfectly legal [in most locales], but jumps your connection through 10 or 20 other random connections, so the data is effectively scrambled. It isn’t a cure-all, because it can be circumvented, with the right know-how.

Use a minimalist browser. “The more plumbing the easier it is to spring a leak” is very true with computers. Tomcat is an example of a browser that permits text-only. Using it in combination with tools like TOR is a force multiplier.

Consider joining a darknet. A darknet is a private network – imagine it as being its own, tiny Internet. The best would be to have wholly independent network cabling, but that is rarely a possibility. A properly made darknet is like a virtual speakeasy – encrypted access to it, and a wide selection of sensitive information, all protected from outside prying eyes.

Learn about encryption. PGP is available, for free, to anyone smart enough to compile it, and it has beaten federal investigations before. Unless it is encrypted, you should consider it unsecured.

Finally, take care of your passwords. Learn how to make a good one (in the case above, the user encrypted his entire computer with a page-long passage – making it effectively impossible to crack through conventional means), learn to change them regularly, and keep them secret. – “Dieselman”