Open in app

Sign in

Write

Sign in

Internet Anonymity 101: Decoding Digital Feet

Aditya Sareen
GDSC VIT Vellore
Published in
7 min readJan 27, 2024

Welcome back as we embark on yet another chapter of anonymity on our beloved Internet!

(Disclaimer: Feet were only mentioned in the title, there will be no further discussion on feet in this blog)

We’ve covered the modes you can use to keep your activities anonymous online, but what about our interactions on the websites we use? Every single day online, we unknowingly leave some traces behind, which is known as our digital footprint.

It grows in many ways such as posting a picture on social media, subscribing to a newsletter, or buying something online. All these activities contribute to your digital footprint.

Sometimes, you might be unaware of the fact that you are contributing to your digital footprint. For example, most of the time when we install an app, we don’t read the terms and conditions and directly click “Agree”. Somewhere hidden in their fine print is a point that allows them to have access to your data and activity on that particular app.

There are two components to your digital footprint, Active and Passive.

Active Footprint

An active digital footprint is one where a user has knowingly shared information about themselves — such as through posts on social networking sites. When you post your #OOTD on your social media feed, that contributes to your active footprint. Other activities that contribute to active digital footprints include submitting an online survey or accepting cookies on a website.

Passive Footprint

A passive digital footprint is one where the user is unaware that information is being collected about them — such as websites collecting information about how many times users visit their page and their IP addresses. Your likes, comments, and interactions with posts are being used to target you with specific ads.

You might notice that every time you like a reel about a new trend on Instagram, you see a lot more posts about the same trend on your feed. So next time you think about liking a “chipichipichapachapa” reel, be sure to expect your feed to be filled with cute dancing cats.

If you want to know more about how your browser is passively adding to your footprint, check out this website: coveryourtracks.
It gives a detailed analysis of how strong your browser is against web tracking.

A screenshot from coveryourtracks

Looks like my browser is doing a great job at reducing my passive footprint!

This might lead you to think that your digital footprint isn’t that consequential, but it goes much deeper than you think.

Relevance of digital footprint

  • Online Identity: Your digital footprint forms your online identity, which affects how others perceive and judge you. The way you behave online can either bring up or bring down your digital reputation, which in today’s world is as important as your offline reputation.
  • Employment: Most employers today conduct online checks on applicants. A positive digital footprint and reputation can enhance job opportunities, while a negative one can lead to losing the same.
  • Legal and Ethical Considerations: Sharing inappropriate content or engaging in illegal activities online can have legal consequences and severely affect one’s life.
  • Cybercrimes: Cybercriminals can exploit your digital footprint and use it for purposes such as phishing for account access through fake links or creating fake profiles based on your profile data.

All of these points show us that we must be cautious with what we say and post online as it can have serious consequences.

When the group chat gets leaked

Speaking of serious consequences, here are some instances where A-grade cybercriminals were apprehended because of their digital footprint.

1. BreachForums:

BreachForums was a website that allowed for the discussion of various hacking topics and distributed data breaches, hacking tools, and many other services.

There were two major cases of data breaches on this website, the first one on December 10th, 2022, containing the information of over 80,000 members of the FBI and InfraGard. The second one, on March 9th, 2023, containing details of almost 170,000 individuals, was posted on the website following a breach from the District of Columbia health insurance marketplace.

Conor Brian Fitzpatrick, (in)famously known as “Pompompurin”, was arrested on March 15th, 2023, and charged with conspiracy to commit access device fraud. He also exploited a vulnerability in the FBI’s website and used it to send out thousands of spam emails with misinformation.

BreachForums was created as the successor of RaidForums in April 2022, to serve the same purposes.

To catch Pompompurin, the FBI got the IP addresses that Pompompurin used to access RaidForums - nine of which were associated with Fitzpatrick(according to his internet service provider). Maybe, if I had started the anonymity series earlier, Pompompurin would have read the post on VPNs and been a free man - but it all worked out for the greater good.

The FBI also went through RaidForums’ old database after it had been shut down and in that found a chat thread between Pompompurin and a user named “Omnipotent”. In this chat, they were discussing a data breach on a particular website and Pompompurin claimed that his data had not been leaked as he had verified his email on the website “Have I been Pwned”.

When asked about this email, Pompompurin replied saying: “I don’t want to share my actual email for obvious reasons, but this email seems to have the same case as mine: conorfitzpatrick02@gmail.com”. Not only was this his real email, but by saying this he also revealed his real name which was unknown up to that point.

The FBI discovered that this email was linked to a GooglePay account, which was shared with another email account. Upon inspecting the second email, the FBI found that it was accessed using the same IP address as a Zoom account which was registered to “pompompurin@riseup.net”, which was the same ID Pompompurin used to login to RaidForums.

The GooglePay account was also linked to his home address, which made tracking him down a piece of cake, after which he confessed to his crimes.

So, to conclude — had Mr. Fitzpatrick been more careful about his digital footprint, he may have been running the online data breach cartel to this day.

Pompompurin’s profile on BreachForums(image from bleepingcomputer)

2. Silk Road:

Silk Road was the first modern-day darknet market. A darknet market is a commercial website on the dark web that operates via Tor or I2P. They are essentially black markets that involve items such as drugs, weapons, and counterfeit currency(basically everything you’d see in a rap song’s music video). It was started in 2011 by Ross Ulbricht, under the nickname — “Dead Pirate Roberts”(what is it with cybercriminals and outrageous nicknames?). Ross was arrested by the FBI in October 2013, and Silk Road was shut down.

The site generated more than 9.5 million bitcoins in sales revenue, and over 600,000 bitcoins in commissions for its owner, Ross. The value of bitcoin has fluctuated dramatically from the time of its launch - Silk Road’s estimated turnover is said to be worth around $1.2 billion in sales, and $80 million in commissions. You’d think that the owner of such a site would have invested in his digital security, but you’d be quite surprised to know how he was caught.

An FBI agent had located an early mention of Silk Road dating to January 27, 2011, when a user called “Altoid” made a post on a forum about magic mushrooms. Two days later, Altoid made a similar post on a forum named Bitcoin Talk, recommending Silk Road and providing a link to it. Eight months later, Altoid made another post on Bitcoin Talk, saying that he was looking for “an IT pro in the Bitcoin community” to hire for “a venture backed Bitcoin startup company.” The posting asked interested parties to contact rossulbricht@gmail.com(Personal emails seem to be the downfall of every cybercriminal).

Ross had used a VPN to create a fake IP address. The VPN server’s records showed that a user had accessed it from a San Francisco Internet café near the home of a friend, whom Ulbricht used to live with occasionally. Records obtained by the FBI from Google showed that Ross had regularly logged into his email from the Internet café, even on the day that the VPN was accessed.

How Silk Road looked(image from Business Insider)

I guess no one told Ross about a good UI/UX designer — but a centered div was probably the last thing a Silk Road customer was looking for anyway.

He was arrested on 2 October 2013, in Glen Park Library, San Francisco. A man responsible for over 1.2 billion dollars in sales, picked up while he was clearing his late book fees-all made possible through his cute feet on the Internet.

I hope you now have a fair idea of how consequential your digital footprint is. Stay safe and be careful about what you do on the Internet because there is a lot of your activity being tracked unknowingly. While talking to people online, always remember — if you wouldn’t say it, don’t type it.

After looking up these two incidents, I feel a lot nicer about the email address I made when I was 13 using the most obnoxious name you could think of. Not like I have a secret market running on the Internet selling all sorts of things…

References :

1. https://en.m.wikipedia.org/wiki/BreachForums

2. https://en.m.wikipedia.org/wiki/Silk_Road_(marketplace)

Digital Footprint
Cybercrime
Online Anonymity
Cybersecurity
Privacy

--

--

Aditya Sareen
GDSC VIT Vellore

Written by Aditya Sareen

15 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams