Becoming Virtually Untraceable (Eps1.0_B4s!c_T3chn1qu3s.onion)

Liam Neeson in “Taken 3” image courtesy of Fandango

Privacy much? It’s 2018 sports aficionados and in case you’ve been living in cave in Afghanistan somewhere, you might have heard that privacy is a red-hot topic in the news lately. This is largely due to the fact that privacy data has been so egregiously mismanaged in the U.S. by nearly every company that manages YOUR personal information in some capacity or another. One only has to look back a few years to see what a monumental problem this has become. The Office of Personnel Management (OPM) hack, the Equifax hack, Facebook allowing access to Cambridge Analytica of user data, and the Yahoo E-mail hack are just a few of the most notorious data breaches in recent history. These data breaches are partly due to irresponsible and apathetic corporate cybersecurity practices, but they are also due to weak privacy laws in the U.S. despite the Privacy Act of 1974. The Privacy Act of 1974, 5 U.S.C. § 552a, “…establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies.” Note that it applies to federal agencies and not commercial industry, many people don’t know that. The Privacy Act is watered down and was written in a time when personal computers and smartphones didn’t exist.

“For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realize that the privileged minority had no function, and they would sweep it away. In the long run, a hierarchical society was only possible on a basis of poverty and ignorance.” ~ George Orwell, 1984

Privacy data legislation has reached critical mass so-to-speak, and it’s almost on the same level as gun control reform with many Americans wondering what it will take to get Congress to pass meaningful legislation that is designed to better protect American’s private data? Well, finally at least the State of California has thrown the first punch in this fight for your privacy. The California Consumer Privacy Act, or A.B. 375 passed California state legislature and requires companies that collect personal data to inform residents which they can request be deleted.

Image courtesy of CSO

Despite the fact that most of us are not super secret spies that are being tracked by the (insert your preference of badass 3-letter government agency here), a healthy dose of paranoia might not be such a bad thing when considering all of the data breaches to date and those we don’t know about or that have yet to occur. The fact of the matter is that at no time in history has any society ever been so heavily monitored, recorded, and tracked by all sorts of different government agencies, perhaps foreign entities depending on what you do for a living; marketing firms; companies; law enforcement; cyberstalkers; cybercriminals; health, life, and auto insurance providers; the list just keeps on going. Whether you feel like you have anything important to hide is really not the point anymore. You can NOT CARE all you want, but when your data becomes front page news or is used against you somehow then you might reconsider. Over the years, many people have asked me how they could become semi-untraceable online. To that end, I offer a dozen or so tips that are not terribly difficult or expensive to implement.

1. Consider if it’s Worth Owning a Cell Phone

Say what now? I know, I know. Not owning a cell phone these days may seem like committing social suicide, perhaps even an extreme leap off the weirdo diving board. Some younger folks can’t imagine life without their cell phones, but these devices are still a relatively new phenomena for the rest of the population. However, as extreme as ditching your phone may seem, it is one sure way to become virtually untraceable. Just think of all the freedom from work stress you’ll have during your downtime when you know that there is NO WAY to reach you after hours because you’re no longer chained to the ‘electronic leash.’ You can still maintain a private home phone using a cheap Voice over Internet Protocol (VoIP) service such as Ooma for less than $5 a month and set up voicemail to catch those pesky after hours phone calls from your boss if you care to. If you still feel the overwhelming “need” to own a cell phone, then consider turning the device off when not in use and remove the SIM card and battery so the GPS tracking feature is completely disabled and cannot be remotely activated without your knowledge.

2. TAILS I Win, Heads You Lose!

The Amnesic Incognito Live System (TAILS) operating system is a Linux-based operating system that was most recently brought to fame by the NSA whistle-blower Edward Snowden and like many other operating systems, it can be run directly off of a USB stick. TAILS basically runs all processes in RAM (Random-Access Memory otherwise known as volatile memory) and as such “forgets” everything that was done on the operating system after shutting it down. TAILS connects to the Internet using the The Onion Router (TOR) browser which is arguably as close to anonymous browsing as one can possibly hope to achieve. Don’t be afraid to try Linux, it’s not too complicated and you might actually like it better than Windows.

TOR works by encrypting data and routing it through a series of volunteer relay servers that strip out the part of the packet header that reveals the packet sender’s true or original IP address while also encrypting the remaining address info into a packet wrapper. Combining TOR with a VPN is even better in terms of anonymity, but both technologies have proven to be defeatable with the proper tools (see FBI Network Investigate Technique) and VPN-masked IP addresses are easily obtainable by a subpoena to the VPN provider. If you choose to engage in illegal activities online whether it’s on the Internet, the Deep Web, or Dark Web, eventually you will get caught. The way in which the FBI’s NIT works is that it is essentially software that is installed on a server that returns a TOR user’s true IP address when the user connects to the NIT-infected server, so if you’re using a VPN to connect to TOR it doesn’t mean you’re necessarily safe to engage in whatever activities you care to, legal or not. There is always a certain degree of risk involved. Rather, it just means that the FBI would have likely need to subpoena your VPN provider to obtain your true IP address. Against everyday websites, non-FBI or Nation-state level (think NSA/CIA) law enforcement, and other Internet users, you are well-protected, however, if you adopt these additional measures to make yourself untraceable.

Privacy Badger is a Web browser extension developed by Electronic Frontier Foundation (EFF) engineers that is compatible with Chrome, Firefox, and Opera that effectively block third-party cookie trackers from secretly tracking your Web surfing habits. There are many tools and applications that you can use online to mask your true IP address, some of which are more effective than others at cloaking users in the grand scheme because there are always counter-methods of uncovering someone’s IP address depending on skills and resources available. This same IP masking technology is essentially what makes it difficult for accurate attribution following a hack or cyber attack. Other factors are often considered to help attribute who the attackers are such as political motive, and what types of hacking kit tools and exploits were utilized in the attack. When browsing the Web, it is a good idea to use a browser extension like Privacy Badger to block cookies designed to track your every movement on the Web.

3. Your Entire Life Fits On a USB Stick

Micro-memory chip technology has come so far today that we can now fit a metric crap-ton of data on SD cards or USB storage devices. USB storage devices or “sticks/thumbdrives” are relatively inexpensive nowadays, with 512GB USB 3.0 Flash Drives available for $150 at Best Buy. Now, 512GB may not seem like that much storage capacity, but you can fit hundreds of thousands of document files and pictures on a drive of that size depending on image quality resolution and file sizes. If you still think you need more storage capacity, Kingston manufactures a 2TB USB 3.1 Flash Drive that retails for a jaw-dropping $1,650. Whew! Don’t drop or lose that USB stick right? Most folks could probably survive with much less storage capacity though, perhaps 250GB or less. If you were to pare down all of the digital files you own to only those which are absolutely critical (we’re not talking about all of your favorite movie downloads, .Mp3 audio files, and software downloads) such as the irreplaceable or at least hard to replace stuff like family photos, financial documents, tax info, copies of E-mail communications, digital receipts, and so forth, you’d likely find that all of important files you own probably fits on a single USB stick or even an SD card perhaps. This concept may be unfathomable for the older generations, I realize that. Most people would look at you dumbfounded if you told them that you could fit every single digital file they own (minus all of the entertainment garbage) on a single SD card or USB stick, then compress it, and encrypt it with a passphrase to access it. That’s where we’re at now with technology.

*It is important to note that you should NEVER EVER keep employer work files on your home computer system. For starters, it is more than likely a violation of your company’s IT policy due to the risk of compromise of sensitive or proprietary information. Additionally, if your computer is compromised, then all of your work files are now in the hands of the attackers which could spell disaster. The company you work may have spent hundreds of thousands or even millions of dollars on state of the art network security defenses only to have their data emailed unencrypted over public email to an employee’s home computer network that is protected with at best WPA-2 Wi-Fi encryption? Does that seem fair to you? Are you an engineer who works on classified projects but thinks it’s harmless to store “Unclassified//For Official Use Only” diagrams, documents on your home computer or in your personal E-mail account? If so, stop, just stop it now. You obviously need a great deal more of security awareness training because you’re just not understanding the cyber threat you’re facing. You’re killing national security, yes You. You are not special because you’re a programmer or cybersecurity expert, though you might know how to better protect your personal systems. This advice applies to everyone. Still doubtful? Refer back to the list of major breaches. Look at how many Yahoo E-mail accounts were compromised (over 3 billion!). Who knows whose got all your personal emails right? E-mail phishing is a big deal these days, look no further than the Podesta email hack leading up to the 2016 Presidential Election and the implications that had for the DNC and Hillary Clinton. Myself included, there aren’t too many people out there who could withstand a Nation-state cyber attack against their personal computer or electronic devices. It’d be like trying to quench a forest wildfire with a single rain drop.

Part of becoming virtually untraceable is not taking your computer to be “fixed” or worked on by complete strangers because you never know what they are going to do with your personal data or what software they are going to install on your system. For instance, the Geek Squad, how many stories have to be published about illegal materials being found by Geek Squad employees that reported it to the police before people get the hint that they probably shouldn’t take their computers to be worked on there anymore. Those types of IT help services are for amateurs or people who absolutely nothing about computers to begin with. If you have a problem with your computer that you cannot fix yourself, I’d recommend backing up all of your files and just reinstalling the operating system. Research troubleshooting forum on the vendor sites to see if someone else had the same problem. If that doesn’t fix the problem, then call someone you trust to come by and take a look at it. Or better yet, take it to them after you’ve wiped the drive and reinstalled the operating system without re-uploading your personal files. All of this may seem like overkill or Jesus, what is this guy trying to hide, but these are only meant to be steps an overly paranoid security-conscious person could take if they felt the need to. No one is suggesting you have any illegal files, you may just not want to risk someone else catching a glimpse of your naked selfies that were uploaded automatically to your Google Photos folder on your home desktop computer.

4. Encrypt Everything!

Encrypt everything front-to-back, side-to-side, and top-to-bottom. Ok, while I may be getting carried away there, the point is that what you really want to strive for is end-to-end encryption online and whole-drive encryption on your devices (e.g., smartphone, tablets, laptop/desktop computers, USB storage devices). Whether it’s your phone, your computer hard drive, USB drive, CDs, DVDs, or Websites that you visit on the Internet, encrypt your data so that if it is intercepted or if you’re hacked the perpetrator won’t be able to steal your personal data. They’ll only have a bunch of gobbledygook files that are unreadable.

Encryption is so much more than just hard drive encryption though. Ideally, you should not connect to websites that don’t use the Hypertext Transfer Protocol Secure (HTTPS) protocol which uses Transport Layer Security (TLS) or its predecessor Secure Sockets Layer (SSL) to encrypt data-in-transit across networks. Generally, the higher the version number of SSL or TLS, the better. For instance, you should have TLS 1.3 enabled on your browser as that is the most up-to-date version of TLS at this time of writing. This way you are sure to have enabled the strongest protection on your communications. It’s also important to understand that data actually exists in 3 states of existence: at rest, in motion, and in use. We’re still a ways out from this, but expect to see encryption of data-in-use (also known as data-in-motion) in the future to protect against an attacker hacking into a system’s RAM and stealing the encryption key to decrypt the data-at-rest on that computer or network. To use encrypted data, it first has to be decrypted with the corresponding encryption key which is temporarily stored in the volatile RAM (memory) of the system while the data is in use. If an attacker is able to hack into the system’s RAM and steal that encryption key for the data-at-rest, then they will be able to decrypt your encrypted files at rest. To protect against this threat, developers are working to create what are known as secure memory enclaves among other technology designed to address this problem. More to come on that in the future.

Veracrypt is the successor to TrueCrypt which was found to contain a critical flaw in its code. BitLocker is another option for Windows 7, 8, 8.1, or 10 Professional edition users. However, in Windows, you can also right-click on the file, go to “Properties,” “Advanced,” and select “Encrypt contents to secure data.” This encrypts a Windows NTFS file using the native Encrypting File System (EFS).

E-mail is another slippery slope when it comes to anonymity and encryption. The best free option currently is to use ProtonMail which is highly a rated E-mail service provider that is based out of Switzerland. They also offer paid subscriptions for more storage capacity in your inbox and better features. To send encrypted emails though, you’ll need to establish a Pretty Good Privacy (PGP) public and private key. You can share or post your public PGP key for others to send you encrypted emails with, and your private PGP key (whic should never be shared) decrypts it. If you’re communicating sensitive information such as bank info or just private information that you don’t want anyone else to be able to read, you should use PGP with an email application such as ProtonMail, Thunderbird, or Gmail. There are several third-party add-ons that perform this service for just about every type of Internet browser in existence. However, be sure to choose one that is highly rated and has excellent reviews. On the mobile, Signal or WhatsApp offer end-to-end encryption for SMS text messaging and calls.

5. Use a Virtual Private Network Every Time You Connect to the Internet

Let me repeat this: Do NOT connect to the Internet without a VPN. Not enough can be said about VPNs, they are great because they provide an encrypted private tunnel between a randomly assigned IP address (you) designated by your VPN provider, and the destination IP address or URL you are connecting to. However, security works best when it is applied in depth, or in several layers to ensure the maximum effectiveness. That is why using a VPN alone, is not enough to ensure privacy. Besides, not all VPN providers are created equally, and some are even so shady as to sell your browsing information to other companies. You will also not be able to watch Netflix or access certain websites that actively block VPNs. Some sites are legally obligated by for foreign laws to block certain content for their country, so that is why some service providers such as Netflix have to be connected to from a legitimately known U.S.-based IP address. They don’t want users to be able to circumvent content viewing restrictions simply by connecting from a VPN. With VPNs, you get what you pay for. So assume that all things free on the Internet are also heavily monitored and the data you create by using these free services may in some form be traded and sold for a profit (think Facebook, Gmail, Twitter). A VPN will also not protect you from a subpoena, and some service providers such as AT&T are known to freely share customer data with law enforcement and federal agencies all of the time. So be careful, and do your homework on which VPN and other service providers you pay to use. Preferably pick one that has successfully passed an audit and made the results public knowledge, but also that is reasonably affordable, won’t suck up all of your Internet bandwidth, and takes your privacy seriously.

6. Scour the Internet for Your Personal Information on a Monthly Basis

People have different reasons for wanting to remain hidden or to make themselves hard(er) to find, so one way of doing this is to take control of your personal information by scouring the Web for your name on a monthly basis. This practice is similar to checking your credit report at least annually to check for fraud. You should also be doing this online to see what information about you is publicly being shared on the Web. Hopefully the answer is none, but that is doubtful these days. Reputation Defender is a company that specializes in cleaning people’s online images, but be prepared to shell out the bucks for their services because they aren’t cheap. A lot of what services like Reputation Defender do can be done on your own. You’re just paying for the convenience of having a company scour the Web and contact sites that are listing your personal information on your behalf to have it removed or modified.

7. Lock Your Credit Down.

Part of attempting to become virtually untraceable is hardening yourself much like a computer system has to be hardened against all types of potential threats. In the cybersecurity industry, we call a hardened system a bastion host and it has been hardened in such a manner that all unnecessary services are removed, unused ports closed, and so forth. Make yourself a bastion host. One particularly nasty threat is identity theft in which a fraudster discovers your personal information (most likely on the Dark Web somewhere thanks to all of the many data breaches) and starts opening credit cards in your name. How can you protect yourself against this threat? First off, sign up for a credit monitoring service so you can keep on eye on your credit report. Be sure to use your free annual credit report, but since there are 3 different credit bureaus you can space it out to get a free annual credit report from one of the 3 credit bureaus every 4 months. Then, contact all 3 credit bureaus, Equifax, Experian, and TransUnion and have them place a freeze on your credit accounts. This way, anyone who attempts to access your credit profile will be blocked and the credit bureau will have to call you and request permission to allow it to be accessed (e.g., you go to buy a car and the car dealership tries to run a credit report on you but the credit bureau needs your permission first). It may cost a small fee to freeze your credit profile, but it is well worth it. This action alone could save you a lot of money in fraudulent charges. If paying for something online, it’s safer to use a credit card from a major credit card company like American Express, Visa, or Mastercard. If there is a disputed charge, often times the credit card will go to bat for you and contact the merchant to get your money back and sometimes they even offer extended warranties on purchases. This doesn’t make you untraceable, but it goes along with becoming a hard target.

Lifelock is another option, sort of like Reputation Defender except that they are more of an insurance against identity theft. Lifelock attempts to proactively prevent someone from stealing your identity by freezing your credit and actively scans and alerts you if they find suspicious activity. Lifelock can help make it tougher for someone to do serious damage to your identity if it is stolen and help you regain your identity in the messy aftermath by attempting to resolve issues on your behalf. Again, you’re paying for the convenience of having someone else monitor your credit profile for you. Sometimes banks and credit card companies offer some of these types of services as well.

8. Stay Clear of All Social Media

Be honest and ask yourself if using social media platforms like Facebook, Instagram, or Twitter have really brought anything meaningful to your life? Sure, they are great for keeping up with extended family and friends, but they are also pretty risky and huge time sucks. Ever get into a flame war on social media? How did you feel afterwards? Did you later reconsider and go back to delete your posts out of concern for your career? E-mail works fine for keeping up with family and friends and is much less risky. Sharing photos can be done using any number of applications such as Flickr, 500 Pixels, Photobucket, SmugMug, iCloud, Dropbox or Google Photos. I mean seriously now, if you can answer yes to the question of meaningfulness, then, by all means, keep on using social media with your bad self. However, you probably are already aware that it can be risky for many reasons which are outside the scope of this article given today’s politically charged environment in America and lengths people will go to retaliate. I will say this, however, LinkedIn is commonly used by adversaries (domestic & foreign), your work colleagues, enemies, to spy on you to see where you’re at in your career development, what new qualifications and degrees you may have earned, and who your present employer is. Basically, career job board sites like LinkedIn are a gold mine of what is known as Open Source Intelligence (OSINT) information. Do you really want your enemies to have that information at their fingertips? Sending a resume for a job application isn’t good enough anymore?

Recruiters look at LinkedIn all the time to try to see if you’re a good candidate for whatever whiz-bang new position they are desperately trying to fill, but HR specialists also look at LinkedIn to try and figure out how much you’re currently earning after you’ve applied to a job with their company to determine how much they might be able “low-ball” you on a job offer. Here’s where it gets nasty though and it is definitely privacy-related. Some vindictive people using social media platforms like Twitter and Facebook will have a disagreement with you because of something you posted and will look a person up on LinkedIn to try and figure out where they work with the intention of getting them fired. “Hey, did you know so and so who works for your company said this on Facebook/Twitter? Here’s a screenshot, picture, video clip, or link to what so and so wrote or posted. Do you really want someone like that representing your company?” Think about it, no company or organization wants negative publicity. It hurts their ability to make a profit, and you don’t want to put yourself in that position. Unless you’re super important, most organizations won’t hesitate to terminate employees for these types of transgressions. It could happen to anyone and has happened several times after social media posts have gone viral. There’s always the legal option of trying to sue your (now former) employer, but good luck with that. The only ones who win in that situation are lawyers. Meanwhile, the social media user who reported you is laughing their @$$ off while you’re stuck looking for a new job. Hope it was worth that social media tirade you went on… A damaged reputation can haunt you in your pursuit of a new job, so it’s time to ask yourself if social media is really worth all that potential headache and personal strife? Maybe you wrote a nasty review on Yelp of a business you visited and posted your real name on it because you feel very strongly about it. Well now that business may try to come after you, so beware and be forewarned. Lawsuits have been filed for much less. Again, why put yourself in that position?

It’s a ruthless world online folks with keyboard tough guys and gals who won’t hesitate to smear you if they can find a way to do so. You must take measures to protect yourself. Social media is the exact OPPOSITE of becoming virtually untraceable. Maintaining a low profile goes a long ways towards becoming virtually untraceable. It goes without saying that it is not wise to use your real name on the Internet. Try to always use a pseudonym, alias, a handle, or whatever you want to call it. If you don’t want to use an alias, at least use some derivation of your real name that isn’t closely related to or is a commonly used abbreviated form of your real name such as Lisa instead of your full name Elizabeth. Your email address should not contain your real name, just ask all of the Ashley Madison breach victims about that aftermath.

9. Use “Old School” Tactics

Sometimes it is good to unplug and go old school. “Old school” protective tactics are what I like to refer to as analog or non-digital protective measures that anyone can take to make themselves more “anonymous.” You can, for example, shred anything with your name on it that you receive in the mail. No shredder, no problem. There is always the fireplace, a burn barrel in the backyard (depending on your city ordinances this may not be legal to do), or at least a black magic marker to obscure your name making it somewhat harder to figure out who the piece of mail belongs to. Then rip it up into tiny pieces and scatter the remnants in different trash bags so that it is much harder to piece together. If you think dumpster diving is not a thing anymore, I challenge you to go to any city in America and not find homeless people dumpster diving. Are they looking for food, clothes, and what will they do if they happen to stumble upon your personal info? Those credit card checks you get in the mail from credit companies to pay off other card balances are particularly risky, and you should ensure those are completely destroyed by fire. You can request that the company stop mailing them to you, but chances are they will ignore your request out of greed to make more profit off you. You see, these credit companies are less concerned about the risk of fraud committed on your behalf than they about making a profit. If you think for one minute that these companies don’t know that many people are too lazy to report and try to remove fraudulent credit card charges, then you are sadly and foolishly mistaken. Why do you think they’ve all made it so difficult to talk to an actual customer service representative. Sure, it saves them money using automated recording options, but do you not think that it also saves them a lot of hassle in dealing with customer service issues? You see until strict legislation is passed to better protect Americans against these types of privacy threats, companies are going to continue taking advantage of all of us to the maximum extent they think they can get away with until they are made an example out of like Wells Fargo. For some companies, it is even worth a minor violation and punitive fine because the money they earn from their illegal practices far outweighs any fine that State or Government agencies will impose on them. Corporate America is not stupid folks, don’t be fooled into thinking that. They exist to turn a profit, bottom line. Sadly, your privacy info is just a commodity to be traded to them.

Closed-Circuit TV (CCTV) cameras are ubiquitous, and now there are several companies and government agencies that are working to develop facial recognition software. Automatic License Plate Readers (ALPRs) have been in use for quite some time now. The next phase is facial recognition systems. No one is suggesting that you wear a wig or try to disguise yourself every time you go outside of your home, but how you dress can play a part in how easily it is to track your movement. There is wisdom in not dressing eccentrically, and trying to blend in somewhat. If you’re one of these people I always see walking around town with their cell phones in hand, then forget it. You’re already found thanks to that GPS location tracking signal emanating from your cell phone to every cell phone tower in the area.

On the same token, in the physical world, there are plenty of “old school” measures you can take to make yourself blend in better which is crucial to learning how to become virtually untraceable. We’ll start with not putting stickers on your vehicles as this will make it easier to identify you and your vehicle. Ever been tailed or chased before in your vehicle? Me neither, but let’s be smart and assume that it’s much more difficult with your big “Salt Life” sticker on the rear window to shake someone. Dress inconspicuously, wear a ball cap or hat of some sort to make it harder to positively ID you on camera. Randomize your driving, running, or walking routes. Don’t wash your license plate, let it get nice and dirty and keep it that way. Better yet, maybe go off-roading a bit? Cover tattoos up when going out by wearing long sleeves or pants depending on how many you have and where they are located.

10. An Entire Industry Collecting Data on You

It is also important to note that there is an entire industry that exists just to collect information on people and then sells that information to other people, or companies. In case you want to see how far down the rabbit hole goes, just Google, Bing, or Yahoo search your full name and then start opening the links for sites such as Spokeo.com, Whitepages.com, AnyWho.com, 50States.com, 411.com, Pipl.com, the list is too long to mention here. It is repulsive as to how many sites are collecting information on people and what’s worse is that all of these sites claim to be only posting “publicly available information.” However, upon closer inspection, not everything posted on some of these sites is actually publicly available. For instance, when aggregated, your full name, last known mailing address, birth date, phone number, the street name you grew up, what type of vehicle you owned, and the high school you attended could potentially be used to steal a person’s identity or contact the Social Security Administration to claim a new Social Security card while claiming to be you. The SSA should ask for a birth certificate, but you get the point.

These websites don’t make it easy to remove or take down this personal info either, I would know. Trust me, I’m continually fighting them with takedown notices and threatening lawsuits. I don’t take “No” for an answer and don’t believe there should be such a thing as “publicly available” information on people that some company or website you’ve never even heard of can post online for the entire world to see. How dumb is that, right? The U.S. as a nation needs to pass meaningful privacy legislation, similar to what the European Union (EU) has done with its General Data Privacy Regulation (GDPR). Sometimes my threats against these websites work, sometimes not. It is often an exercise in futility as I’ve found, because just when you think you’re making progress on scrubbing the Internet of your name, your “Right to be Forgotten” as Google calls it, another site pops up with all of your personal info. For someone trying to flee abusive relationships (e.g., Jennifer Lopez in the film “Enough”), this can make it very difficult to find safety away from dangerous people who can use this information to track them down. It is a practice known as “cyberstalking” and it’s illegal.

11. Enemy of the State?

Are you an enemy of the State? Probably not. Chances are, no one is specifically targeting you, but then again… No one is suggesting that you need to become like the character Gene Hackman plays in the film “Enemy of the State” opposite of Will Smith who is being hunted by rogue National Security Agency (NSA) agents. You don’t need to start wearing tin foil hats and build a Faraday cage in your backyard to house your computer with an emergency self-destruct switch. If the FBI or the NSA wanted to find you, they could easily do so. Chances are though, they’ve got bigger fish to fry. How easy could they find you though? Well, that depends to what lengths someone is willing to go to hide. Do you pay with a debit or credit card? If so, the FBI or any law enforcement agency can most likely locate you within hours based on your credit card transaction history. Why not pay in cash if you’re concerned about not being traceable. Debt is just another form of slavery anyway, you’ll be much better off by paying cash. Now, I don’t suggest that you go stashing hundreds or thousands of dollars away in your mattress, but it doesn’t hurt to have a quick cash stash tucked away somewhere safe that you can easily get to in case of an emergency.

Will Smith & Gene Hackman in the movie Enemy of the State. Image courtesy of thehollywoodnews.com

12. Don’t Save Data Locally, Instead Use Cloud-based Services

I know what you’re thinking, “What do Cloud-based services have to do with remaining untraceable?” Great question, and you won’t be surprised to learn that the answer is, not much. However, using Cloud-based services can be what is known in the military as a “force multiplier.” In terms of portability, availability, and what is known in the IT world as “data redundancy” of your personal data, it is tough to beat using Cloud-based services to ensure that your personal data is safe. Your data can be automatically backed up to the Cloud depending on how you configure it usually for a small monthly or annual subscription fee. This is very useful for a few reasons. Cloud Service Providers (C-SPs) are typically always up, meaning they don’t make money when their services are down. So it is typically a safe bet that your data will generally be available 99.999% of the time in a given calendar year. I don’t know about your data needs, but that percentage suits me just fine. Additionally, if there is a fire and your entire house burns down, you can rest easy knowing that all of your important files to including your family pictures of “Little Nicky” and your digital scans of your birth certificate, marriage license, Will, or whatever are all backed up to the Cloud online. Once uploaded, you can access your personal files from anywhere in the world as long as you have a computer or other Internet-connected device with an Internet connection.

The obvious concern with Cloud storage is the security and privacy of your personal data. Many people have issues with this, but for me at least, I’d rather risk having my data exposed to my C-SP than lose it all in a disaster. That is called risk acceptance, I have accepted the risk that my personal files may be compromised by my C-SP or a subpoena could be issued by law enforcement. If it came to that, and you might not ever know it happened, I wouldn’t have anything to worry about anyway in a legal sense. Can you be sure that the C-SP will not snoop in your files or that they can be stored securely by using strong encryption? This is where you need to do your homework when selecting a C-SP. Google has the best rates, but some folks are understandably anti-Google due to their ubiquity across the Web and documented practices of granting developers access to your free Gmail account E-mails. How they perform data block encryption when you upload files to the Cloud and what type of encryption is used varies with each C-SP. Virtually all C-SPs will encrypt your data after you upload it to their Cloud, but you can and it is strongly recommended that you also encrypt your personal data before uploading it to the Cloud. That way your data is double-encrypted against possible data breaches and snooping by “developers.”

In Closing

Having practiced information security for a living for many years now and having also served as a U.S. Marine for over two decades, security is my bread and butter. It is hard-wired into my DNA at this point in my life, like breathing or riding a bicycle. Suffice it to say that I have learned a thing or two about protecting yourself online and from physical attacks. That being said, there are so many different threat vectors and vulnerabilities to try to protect against, so let’s not be naive and think that there is ever such a thing as 100% security. 100% security is a mythical, gold-plated unicorn unfortunately, perhaps only ever realized in Hollywood fiction or in the afterlife when nothing of this world can harm you. Becoming “virtually untraceable” in this digital world that we live in now takes work, a lot of work. Technology is making it harder to live anonymously. In fact, few people can pull off existing in a ghost-like digital existence, but everyone can take something from these dozen or so tips and apply them to their everyday life to help make themselves a little bit more untraceable. You will find that the less the government and people know about you, the more of a threat and outsider you will be considered. Personally, I’m okay with that, there’s a certain freedom in it. They are used to dealing with sheep, be a wolf instead. Just about everyone knows at least one person who is woefully inept at protecting their personal information, so please spread the wealth of knowledge their way.