Discovering the identity of online posters

[Great-Kazoo]

Couldn't someone develope a sort of block chain forum format, like online currencies? I'm not even close to tech savy enough to know how this would work, but if you can transfer "digital currency" anonymously you can surly post funny pics and post whore anonymously as well.

Set up secondary accounts through the library's computers. Use only them to access the web.

[CS1983]

Set up secondary accounts through the library's computers. Use only them to access the web.

So they trace back to time/place with a sign-in sheet and security cameras in place?

[Rumline]

Burner laptop that you reimage every week with a different OS and MAC address. War drive using a pringle can antenna to hit different unsecured wifi, then do TOR.

Then on your personal computers install backdoor / remote access viruses and leave your own wifi unsecure. Plausible deniability.

What do you mean you don't want posting on COAR to become your full time job??

[CS1983]

Why not spoof MAC and run everything through a VM you just roll back the image on after use, over NAT and accessing random wifi hotspots, that you piggy back off of via a drone w/ antenna acting as a relay station to circumvent geotracking/sec camera footage?

Hoodie required.

[Danimal]

Yes and no. Using proxy layers like Tor (yes I know there are some US Gov exploits, largely surrounding idiocy) with VPN's can generally result in total anonymity even from the gov't. As long as you don't do something that links to your identity.

Contrary to what people think, if I hack your IP address I don't know where you live. You need access to ISP logs to see what IP was assigned to what customer and when to achieve that. And even then, with wireless internet connections, you can't say who actually utilized the computer or even how many computers use that IP - it could be shared by hundreds. The prior post about using Lexis to identify usernames is misinformed. There is in fact, no such central database. There is no database for this site, for instance, that links your username to your identity, because the information cannot be harvested using regular means - they would have to hack this site, then hack the ISP, then hack the USPS to see who lived at the house, and then build a time machine to see who was using a computer. Why is LOGIC completely gone...

What happens is when people connect their usernames to their real identity on the web, such information can be sold, and then linked by search providers. Realistically, Lexis only can match less than 5% of a username to an identity. Probably less than 1% accurately. Social engineering accounts for basically all of the "found their identity" cases; googling, finding pictures that are geotagged, finding facebook profiles, pictures of cars with license plates, house numbers, etc. If you aren't a complete moron [don't link to your identity and don't post PII or pictures with geotags], it's not possible to do that.

What can actually be achieved by common hacking and what people think can be achieved by common hacking... it's a rift bigger than the grand canyon. 99% of what people are talking about in this thread (18 year olds finding your identity, lexis, etc.) has absolutely nothing to do with your IP address, as those parties don't have access to it. Once again, don't be an idiot.

EVERYTHING you need to be concerned about centers around social engineering. Your IP address is irrelevant, even with the information, it's not assigned to your house, it's assigned to the ISP which loans them out, meaning your IP is changing all the time. The last thing you should worry about is your IP address being hacked.

If the gov't subpoenas information, then IP addresses can be obtained - sometimes - but most websites don't even hold that information all that long nor are they required to. Even then, it is obtained by asking YOUR browser, which often reports it entirely incorrectly. It takes work and multiple subpoenas for the gov't to arrive at an identity, case in point. Out of those eight IP's the gov't obtains by subpoena in this case, they will be lucky to identify a person in even 25% of the instances despite all the resources available to them. You need the accurate IP from the website (50% chance, good luck), you need the ISP logs, you need address information, even then you don't know who was using the computer without lots of additional information. Any weak link and it's not possible to identify someone.

There's massive amounts of tinfoil required in this thread.

While this is true, the social engineering part is super easy. Do you use the same user name across different forums? Different websites? To pay bills, or login to a website that has your shipping address? How secure are all of the systems? Generally it is pretty easy to hunt for a common user name that turns up an email that is used for an account login that can then be hacked from the owner side of a small business that shipped you a stapler last summer. The system is only as strong as its weakest link, and the average small business owner cannot afford to fully secure their POS transactions.

The real question then becomes why someone wants to find that information? Usually there is no benefit to find your name and address, your IP is enough to send you those fancy tailored adds for things you just looked at. Now with all of the social media there is the idea of meta data that forms a collective image of who you are online. Systems are capable of linking multiple accounts together even if there are no actual known connections. Content, user name, email, even writing style, anything that it finds online will eventually be rolled into a profile that it can tie seemingly disconnected events together. This is used for marketing and collecting data on user activity for large scale trending of markets. That is where people make money from it.

The problem now is that it is an easy target if someone wants to target you maliciously. That is how people are found and tormented online by the media and pitchfork wielding "hackers" that disagree with what yo said or did, or what someone else said you said or did. It doesn't really rely on social engineering in the classic honeypot sense like hacking into secured systems. They get a collective picture of you, use metadata to find a weak point transaction, and if there is incentive can have your identity pretty easily. It is just a matter of wanting to find you among the billions of people online.

It is hard to identify someone using legal channels, which is why it is hard for the government to find a specific person for the purpose of prosecution or to testify at trial. Illegal means that breach privacy are not that hard and can easily done by 18 year olds.

[Danimal]

Couldn't someone develope a sort of block chain forum format, like online currencies? I'm not even close to tech savy enough to know how this would work, but if you can transfer "digital currency" anonymously you can surly post funny pics and post whore anonymously as well.

This is actually where all transactions are heading, but the problem is that a block chain is completely unique and can be traced exactly. You would posses a specific piece of information that can only come from one source. The government loves Bitcoin and other cryptocurrencies. It is basically a 100% traceable transaction type, so once they know the collective block chain for the majority of a system it can be tracked with 100% accuracy. The only thing making it "untraceable" now is the fact that they do not have a working database that identifies the 21 million specific bitcoins.

[Great-Kazoo]

So they trace back to time/place with a sign-in sheet and security cameras in place?

If they get that deep, there's a shit load of other problems one has.
Once you log in or access any web site you're monitored. Again, use your cell phone for anything other than calls and text. Your vehicle have an easy pass, use safeway or kings grocery card? Credit card when fueling up, any purchase. ?

There's no escaping or avoiding "Them".

[CS1983]

Perhaps. Perhaps not. I agree on the inability to really be off grid. That was a problem to address and solve 15 years ago. Now, one basically has the option to avoid bad practices.

[Rumline]

Why not spoof MAC and run everything through a VM you just roll back the image on after use, over NAT and accessing random wifi hotspots, that you piggy back off of via a drone w/ antenna acting as a relay station to circumvent geotracking/sec camera footage?

Hoodie required.

Love the drone idea! That definitely kicks it up a notch.

[CS1983]

Love the drone idea! That definitely kicks it up a notch.

I like the fact that it brings a certain literalism to the phrase, "the internet crashed".