Guide to complete internet anonymity: -Buy a raspberryPi from craigslist. -Go to the forest. -While using tails, hack into a Wimax network. -Buy a VPN subscription using bitcoins. -Connect to the VPN. -Connect to a proxy server. -Connect to another proxy server. -Run minecraft and connect to your peer in another forest in wimax range. -Write your message by dropping items on the floor. -Shut down the computer. -Burn down the forest. -Go deeper into the forest. -Live in a cabin you pre-stocked with food for 3 months. -Return to civilization inside a Deer hunter's cooler box (alive). -Use a new name and live off the grid.
i heard that burglars could pick my lock and easily break into my house. so i might as well leave the door open for them, why bother closing it or locking it.
Furious Emerald Well, some may argue the existence of a particular type of god in one form or another but if you accept that it is necessary and sufficient that there are some well known rules that apply to how things work then we are at the very least something. If a group or an organization is building a tower of babel in the Utah desert dedicated to imitating a certain amount of omnipresence, which is one of the properties that most attribute to god, to what extant is that group or organization willing to go towards the goal of operating in a manner that they believe serves their assessment of god? Do they believe they are set above others by some sort of divine right? Or worse yet, do they already believe that they are god? History may or may not repeat itself but it certainly rhymes. A recent check on what activities those types of people have already engaged in, is not very encouraging.
I don't think that he hates to answer questions as much that he want to put in your head how basic the concept is. Now, if you're a noob and you tell me you want to be anonymous online, I would say that's impossible as politely as I can, simply because to understand how basic the problem is, you do need some technical background which is not a given. If I make a show on youtube, I would spice it up with some drama by saying how dumb the question is.
We can... it usually comes down to money. Plenty of "hackers" are in prison... and "they" will come hunt you down if the damage you caused meets or exceeds the cost for them to do so. The only exception to this is if life or critical infrastructure is impacted - in that case, god speed... they'll spare no expense.
Buy any laptop with cash, preferably a used one - delete everything - bleach the whole thing - Install Linux via external drive - Connect to a public wifi - start TOR - enjoy your privacy
Also put tape on the camera lens, plug in a broken earphone... and if you want to go the extra mile when you finish your session put the device into a faraday box and remove the battery when possible or don’t fully charge it... just 3%-5% enough to last for your session... or buy a “broken” laptop that only works when is plugged in.
The e-biometrics only gives you away if your use of the keyboard is consistent. If the person using the keyboard does not do the keyboarding in a consistent manner, then it is surely possible to confuse the e-biometric system into thinking that someone else, or a group of people are using it. Also, someone else might have the same keyboarding manner as yourself, and therefore it would be rather presumptuous to track using that.
Well in every known case of a person caught while using Tor to stay anonymous, they weren't caught because their Tor connection was 'de-anonomized'. They were caught by other means such as tracking credit card payments, not using Tor consistently, sharing personal information over the connection, not using a bridge node, being the only person connected to Tor on a monitored network, using a flawed Tor setup (not using an updated version of the Tor Browser Bundle) etc. So yeah Tor is basically the closest you're going to get to beng anonymous online. Also don't give authories reason to try and track you, don't serve child porn, don't sell illegal items... It's actually quite simple to practice good InfoSec
i heard there was a big porn sting on Tor.. it wasn't from people using credit cards or any of that... one of the three letter agencies controlled enough relays to deanonymize them
QubesOS with Whonix with LibreBoot with SecureBoot with Keystroke anonymisation with MAC address randomisation with randomised hostname without a microphone or camers without Intel ME with no WIFI or bluetooth with privacy screen filter without LCD screen polariser so you have to wear custom glasses to see ur screen: Hold my beer
+Nova NSA has a closed VPN with at least 5step verification. So, IMHO there's no fucking way anyone can get into it. Not sure tho, maybe the biggest security agency in the world are actually morons... /sarc
+Blgd 92 why spend billions on hacking NSA when you could probably buy out the guy who works at the contractor that built vpn NSA uses. Or why not offer the contractor to subcontract to you on the cheep. Like that time when it turned out that secret USA government network infrastructure was subcontracted to a developer in Russia.
I just don't understand that if you cannot be anonymous online then how is it that all these illegal onion sites are still up and running? If it was possible to track you then these websites would be shut down in moments.
I don't think this Eli is telling us the full truth. From his attitude, I get the feeling that he's trying to scare us into giving up the quest for anonymity
those sites you're talking about are hard to find, hard to monitor, getting the resources to shut them down requires co-operation from international governments which is not easy when certain countries are not even speaking to each other.
He was trying to say that it's impossible to be 100% anonymous online to where it would be impossible to trace you. What he wasn't saying is that it's impossible to make yourself trickier to find. Organizations aren't going to put their time and resources into digging out just anybody. They need to be tactical in who they go in on in order to not waste monopolized vulnerabilities to public knowledge by pursuing small fry
But what if, you steal a computer, travel to some random country, find a random coffee shop with wifi, use 1000 elite proxies, type REALLY REALLY slow, and then blow it all up once you are done? :b
If you think that they can identify the average person just by their surfing habits, typing style, whatever, you're a lunatic. If they had a huge profile on someone they had been tracking for years then maybe they could pull something off like that.
i feel really sad for those people who is blindy believing what he just said , and i am pretty sure those people disliked this video have some brain and actually used Linux/unix
all snarkiness and obnoxiousness and the know-it-all attitude aside, he said little of substance because he spent too much time laughing at the "little people" and saying how it's laughable. What a waste of 7 minutes.
3:47 not to mention you need to shake your head left-right very fast and hope the security cameras in the coffe-shop have a low frame rate, you know.. so your face will not show up on the cameras :))
adrianTNT The cameras have a high frame rate. The slo-motion effect is created by the recorder only grabbing a limited number of frames. Blur is introduced more easily by large changes in aperture and lens Fstop. A large lens may have a limited depth of focus and field of focus. Most cheap security cameras have small lenses but some are better than others. I have installed camera's that cost $5000 per camera. They were just for filming shop lifters. They average retail loss prevented by security was $20,000 dollars / month. They had a calender and every day they stopped a theft they stamped Marvin the Martian on that day. One day I went to service a camera and they had 5 martians on that day already and it was only noon. This was in the days of windows 3.1. Systems are cheaper now and retail prices much higher. Digital storage is really cheap now. Tape was used back then.
People dont always have the same typing patterns. Plus im sure a good majority of people type the same way. Around the same speed. The reality is, the people who track keystrokes are just guessing. You cannot truely 100% determine who someone is off fking keystrokes. Thats not hard enough proof.
also there are probably people who type the same as me and you i bet there are at least 5 mill other people who type the same way i do how are they going to figure out I'm that guy out of 5 mill
***** exactly good point! theres probaley a average keystroke typing speed, that most people use i mean we were all taught how to use a keyboard or we learned ourselves, and im sure many of us have around the same speed plus it might differ each time we sit down to type, the phone might ring, the oven timer might go off all these things could temporarily distract you and make the keystroke times different each time it could never always be 100% the same for each person this whole keystroke thing is dumb all it proves is that theres a possibility its this guy or that guy, but im sure with this technology it could end up sending a innocent person to jail because they "think" its the right person
Buy stolen laptop with cash and don't show your face to them, use mask or something..Buy prepaid sim card with cash from your friend (who bought it using cash) that you trust and who goes on location with cameras, then you go to a location where are no people,no cameras and you are safe from satellites(remember to leave your phone). Use clothing that you bought with cash from flee market. Write everything just using one finger(unless you write everything normally just by using one finger). Do what you do in tor. When you are done burn everything. While your second friend who is at your home calls someone using your phone and plays prerecorded conversation with someone. Pros: You have alibi, everyone of your friends has alibi. You cant be tracked down. Cons:( Only thing against you is that) you are friends with someone that lost the sim card. It is really costly and time consuming way to watch TH-cam videos. Consumes a lot of tin foil.
+ShinobIHunteR666 remember gloves, plastic suit that people use when there is heavy poison, take a bath in alcohol and a gas mask so you don't leave any DNA or smell signs, make sure that you also have allibi to use so much alcohol, best if you get a job and have enough equipment and experience to proove you are producing it , also go away from your house and make sure no one is watching you, maybe you could work in military or get some explosives from black market, best if you can find and afford a small nuke to leave no trail, stay stealth during the operation and buy everything with cash. Also it's best to do that in the winter when the visibility is limited and snow will cover your footsteps. Just make sure that they won't be able to track the changes in snow structure.
Eli, I have always thought you were cocky. Now I know you are ignorant as well. If you want complete security and anonymity, there are a few things you need to do. The first is get rid of Windows or Mac. Run Linux, preferably Debian or anything but Ubuntu as they collect information about you. Encrypt your hard drive. Run everything through an anonymous OS via a virtual machine inside of Debian; something like Whonix works well because it already runs everything through the tor network by default. Use icedove with enigmail at the bare minimum for email encryption. Something like onionmail works even better due to its 2048 bit encryption standard. Never disclose your true identity or anything that could identify you. All passwords should be long and complex. Restart all connections frequently. Disable Java and cookies and only use https. Now, Eli is somewhat correct in saying that even through proxies, you can still be tracked. However, it is not anything that identifies you that is tracked. For example, with email, anyone watching could still see that an email was sent from one person to another, but not what the email says. If you have all of the aforementioned security measures in place, no matter how hard anyone tries, there is still no way to identify you, especially if you are hopping from WAP to WAP.
you can't: among stuff not mentioned - CSS exfil, ultrasonic signals, how the device uses current - you can get very precise info, bluetooth logs (if you have it)
I disagree. You cant determine who somebody is just based off the amount of time it takes to type something in. The reality is that it STILL could be anybody.
Eli, I only just started watching your videos today and I've learned a lot already. And yet through all the knowledge you display of the subjects you talk about, I can't help but notice one thing. In this video and many others, you state your opinions on things like Tor and other tools for anonymity as believing they are almost completely useless. And while you do bring up good points and situations where they haven't worked, I can't help but notice the vast amount of times these things do work. Hell, there are thriving black markets thanks to this stuff. Of all the time these things have existed, governments have only taken down very few services, often run by a single person. For all their tools, they're not doing a very good job at regulating it. Now this could be almost entirely because of other factors, for example the sheer amount of people using things like the Tor network could be making it hard to track, rather than the Tor network itself. But in one way or another, these techniques ARE effective for many people, activist or arms dealer. Despite the faulty procedures of the tools and vast resources of the people trying to track traffic. Thoughts?
courperationX "working" and workable is not defined by nobody caring. Even his example wouldn't work if there was a security camera at the camera shop. Sometimes you can get lucky but don't plan on it. Better to buy a lottery ticket with the money you save.
You mentioned that someone could tell who you were by how long you typed a message....I have several questions about this... 1. How could anyone tell that? When someone receives a message how could they possibly tell the time the sender "hit the keystrokes." And even if they could, what are they comparing it to to tell who it was? 2.Even if they did have the technical expertise, suppose someone wrote a message in Microsoft Word, then copied and pasted it onto an email??? How would someone be able to tell the time the sender took to hit the typing keys??? 3. How many people have the technical expertise to to that???
He makes a bad argument. Anonymity? No. Harder to track? Yes. Centillion's of packets are out there nowadays. People that don't even know or care about VPN/Tor/proxychains are downloading terabytes of illegal stuff without ever getting caught. There's too much traffic. Regular users of the internet are getting away with that kind of stuff daily. The people using VPN/Tor/Proxies etc...to hide themselves are, well, probably ok. For now.
Buy laptop from craigslist using cash >> Use tails >> Get on public wifi where there are no cameras near by >> Thermite computer. Good luck finding that.
You just gave me a idea for biomatric tracking like a program that when you click a button it waites 1 second or 0.9 or 0.7 or 0.3seconds it randomizez the wait time to let the letter or number to be sent
Just to clean up this misunderstanding: 1. Yes it is possible to be fully anonymous on the internet, and this is how u do it usually... 2. You dont need to go through 10, or 5 or 2 proxy servers, you just need one proxy server between your machine and the rest of the world. 3. The only requirement your proxy server has to meet in order to make you truly anonymous, is to not create any traffic logs, or to destroy these on the fly. Also meaning forwarding the traffic it recieves from your IP-Adress to the rest of the world through its Proxy-IP-Adress, without telling the world any information about its client (you)... (also means just destroing its network protocols log files or just not crfeating those from the start). This way nobody can track down who has accessed the proxy relay, so your IP-Adress is anonymous. But ofcourse this does not cover other data such as Oerating-System and Browser, also if the proxy-server is missconfigures to relay stuff like coockies, which is usually used for tracking ppl, it can also aid in making you un-anonymous.
I think the idea that, just because tcp/udp wasn't intended to be anomymous and corporations and governments have interests in tracking you, it would be impossible to be anonymous is laughable. It's not like we are in the matrix and Big Corporate is our overloard. It's like saying we know all of physics. There are many different, capable people in the world who currently work hard to create an anonymous internet. They are just as capable as the guys who invented the internet in the first place. Tor is an example that I think disproves your idea. It was something not intended by "Big Corporate" invented to create anonymity. Yes, it has flaws, but it's still huge leap towards the goal.
What you are talking about e biometrics can easily be bypassed with a browser add on, which can randomize these values and send back to security system, even to the values where the system gets confuse and respond nothing.
Their resources is the most accurate thing. If you're a high enough target that they'd dedicate a team to you, you can't get away. Even if you rotate internet cafes. Eventually if they were able to track you far enough to find the shops, they'd just sit out front of the locations waiting to see you at all of them and put two and two together.
Might have to correct me but the best way to be anonymous if you are very noobish is: 1. Buy a mac (just because its easy for me to explain with mac:P) 2. Go to a random wifi hotspot & connect 3. Get with a simple command the list of people connected to that spot than you will find a mac adress (also counts for windows has nothing to do with mac) 3.1 You can also just make a random one 4. When you do your online activities never use your own connection but someone else! just a store or hotel idk (just use one of the mac addresses at that hotel not ur own) 5. Now work trough proxy's lmao gg 6. Change your mac address whenever you come back home to your own connection wright you're own original adress on paper or something. Educational purpose ;)
The dude literally just claimed that the NSA can use 'ebiometrics' to such a degree that they can even determine which neighborhood you live in because "people that live in the same neighborhood are likely to have similar behavior patterns (even extending to the way they type?)".....regardless of the fact that the people who live in any given neighborhood aren't solely comprised of people who are from there. In fact, I think it would be safe to say that at least half of all households in any given neighborhood are households in which the people have lived for 15 years or less. So then the people who relocated there recently have the typing mannerisms of the neighborhood they grew up in? You just proved your own theory wrong bud
01:46 Because others on the trusted networks HACKED me. I was hacked on twitter & the hackers sometimes scramble my tweets as I'm typing. Plus, they DDOS me. They watch everything I'm typing because of they keylogged me. So how can you keep your computer safe? How safe can you be online?
"the FBI was able to crack the TOR network". Every case I've read about could have been prevented if the user did things like not give out personal information, have the latest updated version, always use TOR, etc. Could you please list the details of the specific case you are referencing?
If you want to be anonymous get or buy a second hand pc or laptop only connect to networks that aren't related to you i.e don't use your home internet. Don't but any personal information on that pc use a livecd if your just browsing the web other wise setup usbkill to lock or wipe your computer when a usb device is removed or plugged in and don't tell anyone about it. Use a VPN, tor etc and never connect from home work school etc
you are right, but I guess the thing to take in consideration is how much those countries coordinating with each others my personal experience I am a Syrian journalist and I used to broadcast live stream for protests from Syrian network and I used both TOR and psiphon and it worked just fine, they didn't caught me, although I used them for only few times and then I started to use unregistered SIMs with non linked phones and I used to turn the phone off and take the battery and it also worked, then eventually I got a satellite phone "which is not registered on my name" and it worked just fine.
So if I were to go into a coffee shop with a Laptop running BlueStacks and run all of my internet traffic through Tor, then used the BlueStacks to emulate a Rooted Android and use Xposed Installer to change my IMEI and Android ID. Would this be enough to make a fully anonymous Gmail account and use it for Google Play purposes?
Biometric tracking by keystrokes for identification only works on experimental level on workstations not over net for several reasons this guy would know if he would be at any level professional. Data packet timing over network changes all the time and also the server capacity to meter such millisecond variations between keystrokes of any set of users on some server. Main thing is that most of the time when person is in web one is not writing directly to server rather typing on your browser and not directly to server service so in essence you submit your text when it is already typed full entity so there won't be any keystroke length nor time between strokes even transmitted nor possible to record. If for some reason server service would be recording actively keystrokes on any field used like this comment filed i'm typing in. Then there is polling interval on server or interval of reading in pushed packet from my web browser (client) of the data of what character is sent by the user. There is several layers here that make recording of direct timing measurement impossible and having it constant or possible to even estimate error and removing it. And also very easily one could make plugin for browser or a separate program on the operating system to send out typed characters in totally random intervals within certain time frame. This is just not a viable way to try to identify anyone and certainly it becomes impossible the more layers of devices and software there is between. This only works in experimental level on well known systems that have _local_ keystroke tracking. Firstly the tracker would also need profiling generated for the tracked identity before matching could be used and that profile would only match to certain set of HW that tracked identity is using. Just changing keyboard on same laptop will blow this identification. It's much more reasonable to use just mac addresses, IPs, subscriber line records and hacking into the ISP devices in order to track someone and still you need to know the name/person before, unless you are reading all target's unencrypted NW packets and finding from there username or name as a simple text. Then you can id the user and track based on those other ways. Why keystroking is not used on webservices/desktops/laptops as an identification method? Simply because it is so inaccurate and works on very limited controlled circumstances e.g. if laptop would be doing win8/10 updates while trying logging in with this method it would already affect on monitoring accuracy of keystroke timing. Success of authentication would be quite low. This would be neat though since this way one would not need any password to remember just typing some text would qualify you as authenticated identified user. Mostly we are anonymous, but any governmental or hacker organization/community can track you if they put a lot of effort on it, but it won't happen with the ways Eli here has been claiming and it won't happen on real time unless they already know who you are, what devices you use and where you are. So you will be fairly anonymous even without several proxies and VPN tunnels in use. Yes we can be tracked and identified, but it requires much effort and resources so only certain individuals or captured messages get tracked. Usually they can't even track down the fake FB account teenager writing threats or insults in FB or other forums.
It seems to me that to monitor keystroke dynamics that your system would already have to have been compromised, because to do that it would be necessary to be recorded and sent, or logged in real time. The system was designed to prevent another human from physically using your computer while unauthorised. For instance, if you don't log out, or lock your computer. I could say, just type without rhythm, but still, that would mean you're already compromised. As far as anonymity online, or anywhere for that matter? "A chain is only as strong as it's weakest link." You cannot be anonymous alone. The more people choose to use a system such as to, the more anonymous you become. To a point. I like your videos Eli.
If e-biometrics only works by evaluatng how you type your query, then it would be possible to write a plugin that identifies all the inputs on a given page. So, you enter your queries via that plugin, which would then transfer everything to actual input fields with some simulated style. Of course you'd have to train it before using it. Wouldn't that defeat e-biometrics?
Hey Eli, now that 4 years(ish) have passed and since then, there has been an insurgence of decentralization movements throughout/by various companies. I am curious if your determination of "being truly anonymous = laughable" has changed. I would love to see a video of your thoughts regarding online anonymity in 2018 due to the introduction of the crypto-companies pushing for decentralization. Cheers and thank you for all the great content!
"e-biometrics" is not new by any means, it was developed by the British in WW2 they could identify german soldiers using encrypted morse codes by plotting out the speed at which you tapped the morse key and that created a 'fingerprint' pre-say of their messaging habbits
Hello Eli, My question for you is - in your opinion, would you say services like VPNs, Tor, I2P have virtually no merit whatsoever? I can understand that 100% anonymity on the internet is a fallacy, however, would these services have merit dissuading 'high school hackers' or general fuckheads from screwing around for fun/practice with an average joe on the internet? Possibly this goes back to your statement about what tools a person could use to track you - something like a VPN or Tor would reduce the number of tools available to track you that would work, if I understood correctly. Thanks for your consideration.
If you go buy a phone cash at Wal-Mart boost moble ect... You can put any name you want on it and it comes with internet access. How would that not work???
You can be anonymous online with these programes but you can choose only one or otherwise the system will crash: Hide your location: TorProject ProxySwitchy (chrome) FoxyProxy (Firefox) CyberGhost Browsing history: DNT- abine.com/dntdetail.php Ghostery - Ghostery.com Tor SRware Iron (a bit like chrome) Secure programes: Kali linux2.0 (burn it to disk and install)
The only Con of incognito is Websites you register will STILL be there. I just wish in the far future it had the power to deactivate it without us doing it.
Just to add to the e-biometric thing, It is possible to identify a user based of short messages like tweets with pretty good accuracy. I wrote a program that identified an autor of a text with 75+% chance based on numerous metrics from the written text. And I used only pretty basic statistical methods. with stuff like NN's or VSM they have been able to pull of 93+% accuracy JUST BY READING YOUR MESSAGES. this is usualy done between few authors, mostly less then 20 autors though. But then an IP is your physical location. If someone was to use this technique seperated by streets and maybe 10km radius (because I assume no one is going to an internet cafe which is further then that usually) you can probably get a correct identification around 60ish % of the time? This needs further research though. but if you combine just this one technique with more metrics like typing speed, websites accessed, type of data sent (maybe because of a game you play) I think that identifying a huge number of people online is not a crazy idea. now just add all the stuff that W10 takes like voice samples, image samples, fingerprint samples... It's not a completely tinfoil hat idea... I see online anonymity the same way as door locks... it keeps honest people away but the people that really wan't to find you, will! So keep doing all the anonymity stuff you need, but jumping around the network and bringing your internet to a crawl is simply pointless, it's usually enough to not give your private information in public places.
I get a lot of questions of how to protect your data. Its simple, don't put anything on your computer you don't want someone else to see, and use a thumb drive, to put your data on, take it out, and put it in your pocket :)
Staying fully anonymous online would indicate that we have a choice for Internet privacy (which we don't). The government has an unlimited budget and some of the best hackers on their payroll. If they want to check up on you, you can guarantee they have the resources to do so.
If you think this is paranoia and it'd take billions of dollars for this to get done, we're talking about government actors and giant corporations with a virtually unlimited budget. They have much more than that. That said, they don't want you to use encryption just for this reason, so you have operating systems around already backdoored at the source (not only Windows, but Linux as well. Ask Bruce Schneier).
Im surprised this guy isnt wearing a tin foil hat. It would take huge amount of resources and millions of dollars to track everyone online, so unless you're doing something really bad, you're safe.
not everybody, but agencies like the nsa have the resources to check on everyone ervery onece in a while. If you inform yourself about computers you probably get prioritised. If you download software like tor, you get moved much higher up in the list and therefore get checked on more often. Downloading tor isn't illegal at all, but you are still put on a rather small list of people(there was an article about that a while ago. Cant really link to it as i'm on mobile right now)
TimseineLP's this is a violation of individual freedom, and our leaders should be confronted about this. Freedom is an illusion obviously. But thanks fo sharing the link!
Joe Wild Dear lord, he doesn't say everyone online is tracked, he said you can't be anonymous online, meaning if they want to track you, there is very little you can do to stop them.
i dont understand electronic biometric because the enviroment will have a huge effect on how you type making it impossible to accurately compare ur style. So could u make a video about it please
It's a good question, which can already be answered with ; what info have you given to your computer ? Somewhere I doubt Microsoft knows who I am, besides the fact I used a payed and legal Windows serial. You don't have to register Windows in order to validate the serial key on installation.
+Kodiak Gaming I was thinking. Pick up a laptop from the trash that someone else used to use. Move to a different city and go online with it. Type very slow or fast, just different from normal typing. that shouldnt be possible to track. right?
Kodiak Gaming no cameras ja ja. Do you now that in normal cities you pass at least for 3 cameras in 1km. And you forgot to no carry your cell phone with you.
NotOrdinaryInGames I had a conversation with a LEO and he said more is accomplished by the laws that are not enforced. I had another conversation in a court room and the LEO could not remember events that had taken place just prior to the trial outside in the hallway while on the witness stand. Also the events he did remember were drawn from fantasy. So I would say that CSI is really a waste of money. They can just keep on fabricating as they go along, it's cheaper. Rattling his cage was for a diversion though so even though there were many witnesses to the event present in the courtroom I did not call them. Besides someone who is dumb enough to stand in front of a bullet for a doughnut may come in handy some day. I was declared Not Guilty. I had luck on my side and was my own attorney. If I had had a public pretender he would have urged me to take a deal and I probably would have. they just didn't have him prepped with the right lies.
With e biometrix could you use or write a freeware program to record as you click and type and prevent anything from happening until x actions are performed then do it mimicking someone else's timing, randomising the timing or doing x actions at once ie no gap between mouse up and mouse down for left and right click.
I'm sorry but there is no way there is a e-biometrics profile linked to every person/account on the internet. It would not even be close to accurate: there would be so many exact same patterns that each would be indistinguishable and most people do not type consistently anyway.
People are misinterpreting what he's saying, he's not saying you will be caught he's saying if they dedicated every resource they had they will get you at some point. BUT how much are they willing to spend on one person?
They could still track you even if you stole a computer, went to a cafe, and put it in the garbage. They can track the time and place and video you even before e biometrics.
For ebiometrics to work: Does every computer report ebiometrics by default (installed in the OS), or does the computer have to be infected by some keyboard key-pressing sensing spyware?
Tonya Ellis Buy the moovee DVD. Yeah, i know it doesn't make sense to spend $15 on a Steven Seagal moovee, but... Buffering issues are gone if you are watching from the DVD.
or use virtual keyboard time to time... and never use your real personal info in any social media account. and dont link fake or hacked accounts, use old stolen phones (from back in 2005) with prepaid sim cards and throw them away after using once (you can keep phone, if it looses all time and date settings after taking battery out, but it has to be used wisely, it can link accounts). if you need to veryfi account by phone, use tails/tor to make it, then just sit in your car drive 10-20 km from your location, buy prepaid sim packet for 2 euros in some vilage with no cctv cameras, put the sim in your phone, turn it on, write the number of the sim, and leave it in the bushes somewhere, go back to your laptop, use this number, sit in the car go back to the phone, write down the code, break sim card, take battery out of the phone, and go back to laptop, and use code.
Create a different input method relying on screen positioning around a circle. Can't even interpret that. Boom. Like rotary swipe, how would you determine a pattern if there are even more variables to decode.
You can be anonymous if you do not start from your own ISP connection physically and a new machine that has not been added to Windows Live or Google account. Essentially, I agree that the Internet was built on a military network and people cannot hide from the government for long periods of time without leaving a digital footprint. However, if you spoof your location, start a connection on a WiFi hotspot physically away from your house and Secure VPN to Tor networks, it makes it harder to track your activity. At some point, if you are doing illegal activity that catches the eye of law enforcement, your digital footprint would become a focus to get you to give up your real identity through social or hacking means by the authorities. I personally have no expectation of anonymous Internet as it is more of a commerce platform where we talk about our consumption of goods or services. Lastly, people who collect things on the Internet like porn, music or movies whether they are legal or not are at risk because they get them from unkown sources. I would worry about Trojans within file sharing files that check the DMCA or carry a worm. It always baffles me when people store terrabytes of this stuff. If you've seen the movie "Heat", you would know that you cannot have anything that cannot be wiped within seconds like a Ramdrive. I hope everyone stays safe and keeps their Internet activity from harming people because even the demand for illegal things harms people.
Poor answer. He provided a smug, arrogant, binary answer to a continuum question. The fact is one can do one hell of a lot to gain a high degree of anonymity. He's right the internet was not designed for those using it to be anonymous, but a significant amount of technology exists to mask your data and identity when you want to do so.
Lets assume that these people with never ending resources aren't the ones we're worried about finding us. Because like you said, if they want to they will. I get that, but scale down to some kid playing against you in an online game. Their resources are very limited. What would be an efficient way to keep them out of your private information? By efficient I mean a way that would not cause your internet speed to be affected greatly or at all. Is a VPN the best bet?
you do not stay fully annonymous online it's a fact. And he does the right thing destroying that illusion. Even if its possible to secretly communicate online, that is easier done without trying to stay annonymous. And actually causing a lot of open noise and then outputing minimum sizes of information in between. When you try to stay fully annonymous you only attract unnecessary attention. it is easier to put a ghillie suit on and crawl in open field, than dig a tunnel underneath it.
dierk niessen: I am a computer beginner student of computer technic. I am interested and more important, I am inquisitive. So I am inclined to sincerely believe, that there is no anonymity in the Internet, as Mr. Eli said. Thanks Mr. Eli to all your precious advice. I havevery little to hyde and that little can be found out by authority in no time
just say `No not possible to stay anonymous on line``..do we really need 7:40 of time to tell everyone how tech-special you are, talk about an ego-tripper, and you really should stop being so patronising.
I did not know about e-biometrics. That's an interesting feature. Usually, a simple input box in html, does not track time between keystrokes. I know, because I have written webserver programs and I have written software to read/write utp/udp connections etc. , but ... I am pretty sure that the search bar like, on youtube and google, are not simple input boxes. They are queried by listeners (probably AJAX) , with every keystroke you make. It is very possible, they also run e-biometrics. The only question is: To what extend is it allowed to use this data ? I think the law can/will not sufficiently cover this, concerning the privacy act, etc. Unless some advanced proxy server is based in Panama. There is a lot of illegal activity going on there that cannot be tracked. Because there are places like Panama that do not release info about users ip addresses and such.
Guide to complete internet anonymity:
-Buy a raspberryPi from craigslist.
-Go to the forest.
-While using tails, hack into a Wimax network.
-Buy a VPN subscription using bitcoins.
-Connect to the VPN.
-Connect to a proxy server.
-Connect to another proxy server.
-Run minecraft and connect to your peer in another forest in wimax range.
-Write your message by dropping items on the floor.
-Shut down the computer.
-Burn down the forest.
-Go deeper into the forest.
-Live in a cabin you pre-stocked with food for 3 months.
-Return to civilization inside a Deer hunter's cooler box (alive).
-Use a new name and live off the grid.
+agun17 This might be the funniest things I've read this week. Thank you for the lel.
+agun17 awesome
galabyca Hundreds of wildfires in Spain.
Fuck.
+agun17 Pretty much.
agun17 hahahahhahahahhahahahaha. Time to go under, you have a few days before da polis are at your door.
i heard that burglars could pick my lock and easily break into my house. so i might as well leave the door open for them, why bother closing it or locking it.
Your argument would be rock hard only if he ever mentions that do not take steps to maintain your privacy.
ill just use mcdonalds free wifi then hide in the play gound area thingy
Lol smartest comment i saw.
Furious Emerald just if there is no camera.
U forger God is watching?
Furious Emerald Well, some may argue the existence of a particular type of god in one form or another but if you accept that it is necessary and sufficient that there are some well known rules that apply to how things work then we are at the very least something. If a group or an organization is building a tower of babel in the Utah desert dedicated to imitating a certain amount of omnipresence, which is one of the properties that most attribute to god, to what extant is that group or organization willing to go towards the goal of operating in a manner that they believe serves their assessment of god? Do they believe they are set above others by some sort of divine right? Or worse yet, do they already believe that they are god? History may or may not repeat itself but it certainly rhymes. A recent check on what activities those types of people have already engaged in, is not very encouraging.
Sorry, but can u explain to me what you mean in 1 sentence?
Peace
"I hate my moron audience. They ask me stupid questions, which I hate to answer. I hate my life and everything that I do." --Inside the mind of Eli
lol
Pretty much.
superiority over noobs...
I hate answering ez questions that people could have searched the answers too. but i like money so i'll make a video. brb.
I don't think that he hates to answer questions as much that he want to put in your head how basic the concept is. Now, if you're a noob and you tell me you want to be anonymous online, I would say that's impossible as politely as I can, simply because to understand how basic the problem is, you do need some technical background which is not a given. If I make a show on youtube, I would spice it up with some drama by saying how dumb the question is.
If you can't be truly anonymous on the net, then why can't we identify whoever's hacking into computers, bank servers, etc?
We can... it usually comes down to money. Plenty of "hackers" are in prison... and "they" will come hunt you down if the damage you caused meets or exceeds the cost for them to do so. The only exception to this is if life or critical infrastructure is impacted - in that case, god speed... they'll spare no expense.
Buy any laptop with cash, preferably a used one - delete everything - bleach the whole thing - Install Linux via external drive - Connect to a public wifi - start TOR - enjoy your privacy
Also put tape on the camera lens, plug in a broken earphone... and if you want to go the extra mile when you finish your session put the device into a faraday box and remove the battery when possible or don’t fully charge it... just 3%-5% enough to last for your session... or buy a “broken” laptop that only works when is plugged in.
Using tor via an OS made for tor sounds good too, like whonix or tails, also remember to encryption your drive, and have good opsec.
Also get a laptop without IME/PSP, and with a libreboot if possible
The e-biometrics only gives you away if your use of the keyboard is consistent. If the person using the keyboard does not do the keyboarding in a consistent manner, then it is surely possible to confuse the e-biometric system into thinking that someone else, or a group of people are using it. Also, someone else might have the same keyboarding manner as yourself, and therefore it would be rather presumptuous to track using that.
Eli, can i have a question? How to stay fully anonymous online?
NordVPN, Tor, No Flash or Java Script, and Linux Fedora. That's pretty secure to me. Still able to be tracked but that's secure enough for most.
Well in every known case of a person caught while using Tor to stay anonymous, they weren't caught because their Tor connection was 'de-anonomized'. They were caught by other means such as tracking credit card payments, not using Tor consistently, sharing personal information over the connection, not using a bridge node, being the only person connected to Tor on a monitored network, using a flawed Tor setup (not using an updated version of the Tor Browser Bundle) etc. So yeah Tor is basically the closest you're going to get to beng anonymous online. Also don't give authories reason to try and track you, don't serve child porn, don't sell illegal items... It's actually quite simple to practice good InfoSec
i heard there was a big porn sting on Tor.. it wasn't from people using credit cards or any of that... one of the three letter agencies controlled enough relays to deanonymize them
QubesOS with Whonix with LibreBoot with SecureBoot with Keystroke anonymisation with MAC address randomisation with randomised hostname without a microphone or camers without Intel ME with no WIFI or bluetooth with privacy screen filter without LCD screen polariser so you have to wear custom glasses to see ur screen: Hold my beer
so your saying the nsa is not fully anonymous?
exactly my thoughts xD
+Nova NSA has a closed VPN with at least 5step verification. So, IMHO there's no fucking way anyone can get into it. Not sure tho, maybe the biggest security agency in the world are actually morons... /sarc
Djonko Jasmin
***** a person that mistakes NSA for NASA is someone I'm actually responding to? Damn, my life is boring.
+Blgd 92 why spend billions on hacking NSA when you could probably buy out the guy who works at the contractor that built vpn NSA uses. Or why not offer the contractor to subcontract to you on the cheep. Like that time when it turned out that secret USA government network infrastructure was subcontracted to a developer in Russia.
I just don't understand that if you cannot be anonymous online then how is it that all these illegal onion sites are still up and running? If it was possible to track you then these websites would be shut down in moments.
Jordan Burnes this.
I don't think this Eli is telling us the full truth. From his attitude, I get the feeling that he's trying to scare us into giving up the quest for anonymity
you can be mate, it's just not as straight forward as it should be.
those sites you're talking about are hard to find, hard to monitor, getting the resources to shut them down requires co-operation from international governments which is not easy when certain countries are not even speaking to each other.
He was trying to say that it's impossible to be 100% anonymous online to where it would be impossible to trace you. What he wasn't saying is that it's impossible to make yourself trickier to find. Organizations aren't going to put their time and resources into digging out just anybody. They need to be tactical in who they go in on in order to not waste monopolized vulnerabilities to public knowledge by pursuing small fry
But what if, you steal a computer, travel to some random country, find a random coffee shop with wifi, use 1000 elite proxies, type REALLY REALLY slow, and then blow it all up once you are done? :b
If you think that they can identify the average person just by their surfing habits, typing style, whatever, you're a lunatic. If they had a huge profile on someone they had been tracking for years then maybe they could pull something off like that.
But they have been tracking us for years and years haven't they, so......?
i feel really sad for those people who is blindy believing what he just said , and i am pretty sure those people disliked this video have some brain and actually used Linux/unix
all snarkiness and obnoxiousness and the know-it-all attitude aside, he said little of substance because he spent too much time laughing at the "little people" and saying how it's laughable. What a waste of 7 minutes.
Nailed it at :40 - 1:00 All about how many resources the tracker is determined to use in order to find you.
3:47 not to mention you need to shake your head left-right very fast and hope the security cameras in the coffe-shop have a low frame rate, you know.. so your face will not show up on the cameras :))
adrianTNT The cameras have a high frame rate. The slo-motion effect is created by the recorder only grabbing a limited number of frames. Blur is introduced more easily by large changes in aperture and lens Fstop. A large lens may have a limited depth of focus and field of focus. Most cheap security cameras have small lenses but some are better than others. I have installed camera's that cost $5000 per camera. They were just for filming shop lifters. They average retail loss prevented by security was $20,000 dollars / month. They had a calender and every day they stopped a theft they stamped Marvin the Martian on that day. One day I went to service a camera and they had 5 martians on that day already and it was only noon. This was in the days of windows 3.1. Systems are cheaper now and retail prices much higher. Digital storage is really cheap now. Tape was used back then.
People dont always have the same typing patterns. Plus im sure a good majority of people type the same way.
Around the same speed.
The reality is, the people who track keystrokes are just guessing. You cannot truely 100% determine who someone is off fking keystrokes. Thats not hard enough proof.
troll
Donnie Brasco its the truth
also there are probably people who type the same as me and you i bet there are at least 5 mill other people who type the same way i do how are they going to figure out I'm that guy out of 5 mill
***** exactly good point!
theres probaley a average keystroke typing speed, that most people use
i mean we were all taught how to use a keyboard or we learned ourselves, and im sure many of us have around the same speed
plus it might differ each time we sit down to type, the phone might ring, the oven timer might go off
all these things could temporarily distract you and make the keystroke times different each time
it could never always be 100% the same for each person
this whole keystroke thing is dumb
all it proves is that theres a possibility its this guy or that guy, but im sure with this technology it could end up sending a innocent person to jail
because they "think" its the right person
Copy and paste. Pokes holes in the whole thing.
Buy stolen laptop with cash and don't show your face to them, use mask or something..Buy prepaid sim card with cash from your friend (who bought it using cash) that you trust and who goes on location with cameras, then you go to a location where are no people,no cameras and you are safe from satellites(remember to leave your phone). Use clothing that you bought with cash from flee market. Write everything just using one finger(unless you write everything normally just by using one finger). Do what you do in tor. When you are done burn everything. While your second friend who is at your home calls someone using your phone and plays prerecorded conversation with someone. Pros: You have alibi, everyone of your friends has alibi. You cant be tracked down. Cons:( Only thing against you is that) you are friends with someone that lost the sim card. It is really costly and time consuming way to watch TH-cam videos. Consumes a lot of tin foil.
LOL
+ShinobIHunteR666 remember gloves, plastic suit that people use when there is heavy poison, take a bath in alcohol and a gas mask so you don't leave any DNA or smell signs, make sure that you also have allibi to use so much alcohol, best if you get a job and have enough equipment and experience to proove you are producing it , also go away from your house and make sure no one is watching you, maybe you could work in military or get some explosives from black market, best if you can find and afford a small nuke to leave no trail, stay stealth during the operation and buy everything with cash. Also it's best to do that in the winter when the visibility is limited and snow will cover your footsteps. Just make sure that they won't be able to track the changes in snow structure.
As Americans, we must find a way to restore our 4th amendment rights.
Eli, I have always thought you were cocky. Now I know you are ignorant as well. If you want complete security and anonymity, there are a few things you need to do. The first is get rid of Windows or Mac. Run Linux, preferably Debian or anything but Ubuntu as they collect information about you. Encrypt your hard drive. Run everything through an anonymous OS via a virtual machine inside of Debian; something like Whonix works well because it already runs everything through the tor network by default. Use icedove with enigmail at the bare minimum for email encryption. Something like onionmail works even better due to its 2048 bit encryption standard. Never disclose your true identity or anything that could identify you. All passwords should be long and complex. Restart all connections frequently. Disable Java and cookies and only use https.
Now, Eli is somewhat correct in saying that even through proxies, you can still be tracked. However, it is not anything that identifies you that is tracked. For example, with email, anyone watching could still see that an email was sent from one person to another, but not what the email says. If you have all of the aforementioned security measures in place, no matter how hard anyone tries, there is still no way to identify you, especially if you are hopping from WAP to WAP.
Now, here's some real advice.
yup
what if you just copy paste the word you want to type
Then it just reads your identity telepathically. You can't escape it man
you can't: among stuff not mentioned - CSS exfil, ultrasonic signals, how the device uses current - you can get very precise info, bluetooth logs (if you have it)
Always enjoy his videos when he's clearly hungry or off cigarettes or something. so funny
Ditch surveillance in a densely populated area by moving quickly. Find internet cafe.
What if I type with only 2 fingers. Then my behavior patters are changed don't you think?
I disagree. You cant determine who somebody is just based off the amount of time it takes to type something in.
The reality is that it STILL could be anybody.
***** pretty much
Eli, I only just started watching your videos today and I've learned a lot already. And yet through all the knowledge you display of the subjects you talk about, I can't help but notice one thing. In this video and many others, you state your opinions on things like Tor and other tools for anonymity as believing they are almost completely useless. And while you do bring up good points and situations where they haven't worked, I can't help but notice the vast amount of times these things do work. Hell, there are thriving black markets thanks to this stuff. Of all the time these things have existed, governments have only taken down very few services, often run by a single person. For all their tools, they're not doing a very good job at regulating it. Now this could be almost entirely because of other factors, for example the sheer amount of people using things like the Tor network could be making it hard to track, rather than the Tor network itself. But in one way or another, these techniques ARE effective for many people, activist or arms dealer. Despite the faulty procedures of the tools and vast resources of the people trying to track traffic. Thoughts?
courperationX "working" and workable is not defined by nobody caring.
Even his example wouldn't work if there was a security camera at the camera shop. Sometimes you can get lucky but don't plan on it. Better to buy a lottery ticket with the money you save.
You mentioned that someone could tell who you were by how long you typed a message....I have several questions about this...
1. How could anyone tell that? When someone receives a message how could they possibly tell the time the sender "hit the keystrokes." And even if they could, what are they comparing it to to tell who it was?
2.Even if they did have the technical expertise, suppose someone wrote a message in Microsoft Word, then copied and pasted it onto an email??? How would someone be able to tell the time the sender took to hit the typing keys???
3. How many people have the technical expertise to to that???
He makes a bad argument.
Anonymity? No.
Harder to track? Yes.
Centillion's of packets are out there nowadays. People that don't even know or care about VPN/Tor/proxychains are downloading terabytes of illegal stuff without ever getting caught. There's too much traffic. Regular users of the internet are getting away with that kind of stuff daily. The people using VPN/Tor/Proxies etc...to hide themselves are, well, probably ok. For now.
Buy laptop from craigslist using cash >> Use tails >> Get on public wifi where there are no cameras near by >> Thermite computer. Good luck finding that.
+loldoge Indeed, you can add a VPN and 5 layers of proxies on top of that. This is sometimes done in RATting (When a hacker has access to your PC).
+unh0ly s0da Never heard of anyone using onion routing for rats. I think it's more common to use a VPN, proxies and a RDP.
taking over other peoples accounts is the best way to be anonymous
You just gave me a idea for biomatric tracking like a program that when you click a button it waites 1 second or 0.9 or 0.7 or 0.3seconds it randomizez the wait time to let the letter or number to be sent
And some extra software to make it not possible to figure out the program is on your pc
Just to clean up this misunderstanding:
1. Yes it is possible to be fully anonymous on the internet, and this is how u do it usually...
2. You dont need to go through 10, or 5 or 2 proxy servers, you just need one proxy server between your machine and the rest of the world.
3. The only requirement your proxy server has to meet in order to make you truly anonymous, is to not create any traffic logs, or to destroy these on the fly. Also meaning forwarding the traffic it recieves from your IP-Adress to the rest of the world through its Proxy-IP-Adress, without telling the world any information about its client (you)... (also means just destroing its network protocols log files or just not crfeating those from the start).
This way nobody can track down who has accessed the proxy relay, so your IP-Adress is anonymous.
But ofcourse this does not cover other data such as Oerating-System and Browser, also if the proxy-server is missconfigures to relay stuff like coockies, which is usually used for tracking ppl, it can also aid in making you un-anonymous.
I think the idea that, just because tcp/udp wasn't intended to be anomymous and corporations and governments have interests in tracking you, it would be impossible to be anonymous is laughable. It's not like we are in the matrix and Big Corporate is our overloard. It's like saying we know all of physics. There are many different, capable people in the world who currently work hard to create an anonymous internet. They are just as capable as the guys who invented the internet in the first place. Tor is an example that I think disproves your idea. It was something not intended by "Big Corporate" invented to create anonymity. Yes, it has flaws, but it's still huge leap towards the goal.
What you are talking about e biometrics can easily be bypassed with a browser add on, which can randomize these values and send back to security system, even to the values where the system gets confuse and respond nothing.
Their resources is the most accurate thing. If you're a high enough target that they'd dedicate a team to you, you can't get away. Even if you rotate internet cafes. Eventually if they were able to track you far enough to find the shops, they'd just sit out front of the locations waiting to see you at all of them and put two and two together.
Might have to correct me but the best way to be anonymous if you are very noobish is:
1. Buy a mac (just because its easy for me to explain with mac:P)
2. Go to a random wifi hotspot & connect
3. Get with a simple command the list of people connected to that spot than you will find a mac adress (also counts for windows has nothing to do with mac)
3.1 You can also just make a random one
4. When you do your online activities never use your own connection but someone else! just a store or hotel idk (just use one of the mac addresses at that hotel not ur own)
5. Now work trough proxy's lmao gg
6. Change your mac address whenever you come back home to your own connection wright you're own original adress on paper or something.
Educational purpose ;)
This video was sponsored by the NSA
The dude literally just claimed that the NSA can use 'ebiometrics' to such a degree that they can even determine which neighborhood you live in because "people that live in the same neighborhood are likely to have similar behavior patterns (even extending to the way they type?)".....regardless of the fact that the people who live in any given neighborhood aren't solely comprised of people who are from there. In fact, I think it would be safe to say that at least half of all households in any given neighborhood are households in which the people have lived for 15 years or less. So then the people who relocated there recently have the typing mannerisms of the neighborhood they grew up in? You just proved your own theory wrong bud
01:46 Because others on the trusted networks HACKED me. I was hacked on twitter & the hackers sometimes scramble my tweets as I'm typing. Plus, they DDOS me. They watch everything I'm typing because of they keylogged me.
So how can you keep your computer safe? How safe can you be online?
"the FBI was able to crack the TOR network". Every case I've read about could have been prevented if the user did things like not give out personal information, have the latest updated version, always use TOR, etc. Could you please list the details of the specific case you are referencing?
If you want to be anonymous get or buy a second hand pc or laptop only connect to networks that aren't related to you i.e don't use your home internet. Don't but any personal information on that pc use a livecd if your just browsing the web other wise setup usbkill to lock or wipe your computer when a usb device is removed or plugged in and don't tell anyone about it. Use a VPN, tor etc and never connect from home work school etc
you are right, but I guess the thing to take in consideration is how much those countries coordinating with each others
my personal experience
I am a Syrian journalist and I used to broadcast live stream for protests from Syrian network and I used both TOR and psiphon and it worked just fine, they didn't caught me, although I used them for only few times and then I started to use unregistered SIMs with non linked phones and I used to turn the phone off and take the battery and it also worked, then eventually I got a satellite phone "which is not registered on my name" and it worked just fine.
Great video, maybe the best I have seen so far in this topic!
So if I were to go into a coffee shop with a Laptop running BlueStacks and run all of my internet traffic through Tor, then used the BlueStacks to emulate a Rooted Android and use Xposed Installer to change my IMEI and Android ID. Would this be enough to make a fully anonymous Gmail account and use it for Google Play purposes?
Biometric tracking by keystrokes for identification only works on experimental level on workstations not over net for several reasons this guy would know if he would be at any level professional. Data packet timing over network changes all the time and also the server capacity to meter such millisecond variations between keystrokes of any set of users on some server. Main thing is that most of the time when person is in web one is not writing directly to server rather typing on your browser and not directly to server service so in essence you submit your text when it is already typed full entity so there won't be any keystroke length nor time between strokes even transmitted nor possible to record. If for some reason server service would be recording actively keystrokes on any field used like this comment filed i'm typing in. Then there is polling interval on server or interval of reading in pushed packet from my web browser (client) of the data of what character is sent by the user. There is several layers here that make recording of direct timing measurement impossible and having it constant or possible to even estimate error and removing it. And also very easily one could make plugin for browser or a separate program on the operating system to send out typed characters in totally random intervals within certain time frame. This is just not a viable way to try to identify anyone and certainly it becomes impossible the more layers of devices and software there is between. This only works in experimental level on well known systems that have _local_ keystroke tracking.
Firstly the tracker would also need profiling generated for the tracked identity before matching could be used and that profile would only match to certain set of HW that tracked identity is using. Just changing keyboard on same laptop will blow this identification. It's much more reasonable to use just mac addresses, IPs, subscriber line records and hacking into the ISP devices in order to track someone and still you need to know the name/person before, unless you are reading all target's unencrypted NW packets and finding from there username or name as a simple text. Then you can id the user and track based on those other ways.
Why keystroking is not used on webservices/desktops/laptops as an identification method? Simply because it is so inaccurate and works on very limited controlled circumstances e.g. if laptop would be doing win8/10 updates while trying logging in with this method it would already affect on monitoring accuracy of keystroke timing. Success of authentication would be quite low. This would be neat though since this way one would not need any password to remember just typing some text would qualify you as authenticated identified user.
Mostly we are anonymous, but any governmental or hacker organization/community can track you if they put a lot of effort on it, but it won't happen with the ways Eli here has been claiming and it won't happen on real time unless they already know who you are, what devices you use and where you are. So you will be fairly anonymous even without several proxies and VPN tunnels in use. Yes we can be tracked and identified, but it requires much effort and resources so only certain individuals or captured messages get tracked. Usually they can't even track down the fake FB account teenager writing threats or insults in FB or other forums.
It seems to me that to monitor keystroke dynamics that your system would already have to have been compromised, because to do that it would be necessary to be recorded and sent, or logged in real time. The system was designed to prevent another human from physically using your computer while unauthorised. For instance, if you don't log out, or lock your computer. I could say, just type without rhythm, but still, that would mean you're already compromised. As far as anonymity online, or anywhere for that matter? "A chain is only as strong as it's weakest link." You cannot be anonymous alone. The more people choose to use a system such as to, the more anonymous you become. To a point. I like your videos Eli.
Yes windows 10 does this :)
The best video if you want to see someone call his viewers idiots.
If e-biometrics only works by evaluatng how you type your query, then it would be possible to write a plugin that identifies all the inputs on a given page. So, you enter your queries via that plugin, which would then transfer everything to actual input fields with some simulated style. Of course you'd have to train it before using it. Wouldn't that defeat e-biometrics?
Hey Eli, now that 4 years(ish) have passed and since then, there has been an insurgence of decentralization movements throughout/by various companies. I am curious if your determination of "being truly anonymous = laughable" has changed.
I would love to see a video of your thoughts regarding online anonymity in 2018 due to the introduction of the crypto-companies pushing for decentralization.
Cheers and thank you for all the great content!
"e-biometrics" is not new by any means, it was developed by the British in WW2 they could identify german soldiers using encrypted morse codes by plotting out the speed at which you tapped the morse key and that created a 'fingerprint' pre-say of their messaging habbits
Hello Eli,
My question for you is - in your opinion, would you say services like VPNs, Tor, I2P have virtually no merit whatsoever? I can understand that 100% anonymity on the internet is a fallacy, however, would these services have merit dissuading 'high school hackers' or general fuckheads from screwing around for fun/practice with an average joe on the internet? Possibly this goes back to your statement about what tools a person could use to track you - something like a VPN or Tor would reduce the number of tools available to track you that would work, if I understood correctly.
Thanks for your consideration.
If you go buy a phone cash at Wal-Mart boost moble ect... You can put any name you want on it and it comes with internet access. How would that not work???
You can be anonymous online with these programes but you can choose only one or otherwise the system will crash:
Hide your location:
TorProject
ProxySwitchy (chrome)
FoxyProxy (Firefox)
CyberGhost
Browsing history:
DNT- abine.com/dntdetail.php
Ghostery - Ghostery.com
Tor
SRware Iron (a bit like chrome)
Secure programes:
Kali linux2.0 (burn it to disk and install)
The only Con of incognito is Websites you register will STILL be there. I just wish in the far future it had the power to deactivate it without us doing it.
Just to add to the e-biometric thing, It is possible to identify a user based of short messages like tweets with pretty good accuracy. I wrote a program that identified an autor of a text with 75+% chance based on numerous metrics from the written text. And I used only pretty basic statistical methods. with stuff like NN's or VSM they have been able to pull of 93+% accuracy JUST BY READING YOUR MESSAGES. this is usualy done between few authors, mostly less then 20 autors though. But then an IP is your physical location. If someone was to use this technique seperated by streets and maybe 10km radius (because I assume no one is going to an internet cafe which is further then that usually) you can probably get a correct identification around 60ish % of the time? This needs further research though. but if you combine just this one technique with more metrics like typing speed, websites accessed, type of data sent (maybe because of a game you play) I think that identifying a huge number of people online is not a crazy idea. now just add all the stuff that W10 takes like voice samples, image samples, fingerprint samples... It's not a completely tinfoil hat idea...
I see online anonymity the same way as door locks... it keeps honest people away but the people that really wan't to find you, will! So keep doing all the anonymity stuff you need, but jumping around the network and bringing your internet to a crawl is simply pointless, it's usually enough to not give your private information in public places.
To get past the biometrics you could use mousekeys and onscreen keyboard to squash your typing and clicking habits.
I get a lot of questions of how to protect your data. Its simple, don't put anything on your computer you don't want someone else to see, and use a thumb drive, to put your data on, take it out, and put it in your pocket :)
Staying fully anonymous online would indicate that we have a choice for Internet privacy (which we don't). The government has an unlimited budget and some of the best hackers on their payroll. If they want to check up on you, you can guarantee they have the resources to do so.
I really hope you are putting yourself out there for voice work. Your voice is amazing. Good luck
Great video. Thanks! You articulated much of what I had intuited, and surprised me with a few new facts.
If you think this is paranoia and it'd take billions of dollars for this to get done, we're talking about government actors and giant corporations with a virtually unlimited budget. They have much more than that. That said, they don't want you to use encryption just for this reason, so you have operating systems around already backdoored at the source (not only Windows, but Linux as well. Ask Bruce Schneier).
“Have you guys heard of e biometrics?”
Me: of course I eat them at breakfast.
In the UK there's CCTV everywhere! Going to a public place to use someone else's computer would not work.
Im surprised this guy isnt wearing a tin foil hat. It would take huge amount of resources and millions of dollars to track everyone online, so unless you're doing something really bad, you're safe.
not everybody, but agencies like the nsa have the resources to check on everyone ervery onece in a while. If you inform yourself about computers you probably get prioritised.
If you download software like tor, you get moved much higher up in the list and therefore get checked on more often. Downloading tor isn't illegal at all, but you are still put on a rather small list of people(there was an article about that a while ago. Cant really link to it as i'm on mobile right now)
TimseineLP's
is that for people living in the US? could you try to find that article? thanks!
Joe Wild Found it: www.makeuseof.com/tag/interest-privacy-will-ensure-youre-targeted-nsa/
TimseineLP's
this is a violation of individual freedom, and our leaders should be confronted about this. Freedom is an illusion obviously. But thanks fo sharing the link!
Joe Wild Dear lord, he doesn't say everyone online is tracked, he said you can't be anonymous online, meaning if they want to track you, there is very little you can do to stop them.
i dont understand electronic biometric because the enviroment will have a huge effect on how you type making it impossible to accurately compare ur style. So could u make a video about it please
It's a good question, which can already be answered with ; what info have you given to your computer ? Somewhere I doubt Microsoft knows who I am, besides the fact I used a payed and legal Windows serial. You don't have to register Windows in order to validate the serial key on installation.
It's very easy to be anonymous online, don't use your home connection. kek
+Kodiak Gaming I was thinking.
Pick up a laptop from the trash that someone else used to use.
Move to a different city and go online with it.
Type very slow or fast, just different from normal typing.
that shouldnt be possible to track. right?
GranVlog Correct, boot up in Tails OS use a public wifi connection preferably where there's no cameras and disguise your keystrokes.
so what do u use your neighbours connection then lol
Kodiak Gaming no cameras ja ja. Do you now that in normal cities you pass at least for 3 cameras in 1km. And you forgot to no carry your cell phone with you.
My mind has just been blown.
But that still raises this question: how do some people avoid being caught when committing crimes over the web?
NotOrdinaryInGames I had a conversation with a LEO and he said more is accomplished by the laws that are not enforced. I had another conversation in a court room and the LEO could not remember events that had taken place just prior to the trial outside in the hallway while on the witness stand. Also the events he did remember were drawn from fantasy. So I would say that CSI is really a waste of money. They can just keep on fabricating as they go along, it's cheaper. Rattling his cage was for a diversion though so even though there were many witnesses to the event present in the courtroom I did not call them. Besides someone who is dumb enough to stand in front of a bullet for a doughnut may come in handy some day. I was declared Not Guilty. I had luck on my side and was my own attorney. If I had had a public pretender he would have urged me to take a deal and I probably would have. they just didn't have him prepped with the right lies.
With e biometrix could you use or write a freeware program to record as you click and type and prevent anything from happening until x actions are performed then do it mimicking someone else's timing, randomising the timing or doing x actions at once ie no gap between mouse up and mouse down for left and right click.
Maybe just type different if you are in the library? Also what are some good ways to stay more anonymous then?
U can track my computer. Tomorrow, you will find my laptop in public bin.
Is there a way to hide your IP address from hackers on PS3?
I'm sorry but there is no way there is a e-biometrics profile linked to every person/account on the internet. It would not even be close to accurate: there would be so many exact same patterns that each would be indistinguishable and most people do not type consistently anyway.
People are misinterpreting what he's saying, he's not saying you will be caught he's saying if they dedicated every resource they had they will get you at some point. BUT how much are they willing to spend on one person?
They could still track you even if you stole a computer, went to a cafe, and put it in the garbage. They can track the time and place and video you even before e biometrics.
Well you can't be identified by the way you type if you type it in a offline program and copy it into Google or whatever
5:00 can be stopped by blocking javascript right?
Truth is Truth. It may be unpleasant and scary, but I suppose that's why some say "Ignorance is bliss".
For ebiometrics to work: Does every computer report ebiometrics by default (installed in the OS), or does the computer have to be infected by some keyboard key-pressing sensing spyware?
How effective is encryption of data, and is online banking as safe as they claim ??
is there a way to stop buffering while watching movies
Tonya Ellis
Buy the moovee DVD.
Yeah, i know it doesn't make sense to spend $15 on a Steven Seagal moovee, but...
Buffering issues are gone if you are watching from the DVD.
cant you just type slower so the ebiometric thing doesn't figure out who you are hahah
+Kris Chaaun genius!
XD
***** how is remembering what someone's voice sounds like on the phone in anyway the same as identifying a person based on their average WPM?
or use virtual keyboard time to time... and never use your real personal info in any social media account. and dont link fake or hacked accounts, use old stolen phones (from back in 2005) with prepaid sim cards and throw them away after using once (you can keep phone, if it looses all time and date settings after taking battery out, but it has to be used wisely, it can link accounts). if you need to veryfi account by phone, use tails/tor to make it, then just sit in your car drive 10-20 km from your location, buy prepaid sim packet for 2 euros in some vilage with no cctv cameras, put the sim in your phone, turn it on, write the number of the sim, and leave it in the bushes somewhere, go back to your laptop, use this number, sit in the car go back to the phone, write down the code, break sim card, take battery out of the phone, and go back to laptop, and use code.
Create a different input method relying on screen positioning around a circle. Can't even interpret that. Boom. Like rotary swipe, how would you determine a pattern if there are even more variables to decode.
You can be anonymous if you do not start from your own ISP connection physically and a new machine that has not been added to Windows Live or Google account. Essentially, I agree that the Internet was built on a military network and people cannot hide from the government for long periods of time without leaving a digital footprint. However, if you spoof your location, start a connection on a WiFi hotspot physically away from your house and Secure VPN to Tor networks, it makes it harder to track your activity.
At some point, if you are doing illegal activity that catches the eye of law enforcement, your digital footprint would become a focus to get you to give up your real identity through social or hacking means by the authorities. I personally have no expectation of anonymous Internet as it is more of a commerce platform where we talk about our consumption of goods or services.
Lastly, people who collect things on the Internet like porn, music or movies whether they are legal or not are at risk because they get them from unkown sources. I would worry about Trojans within file sharing files that check the DMCA or carry a worm. It always baffles me when people store terrabytes of this stuff. If you've seen the movie "Heat", you would know that you cannot have anything that cannot be wiped within seconds like a Ramdrive. I hope everyone stays safe and keeps their Internet activity from harming people because even the demand for illegal things harms people.
How come anonymouse didn't get caught yet if it's not possible to be anonymous online?
Poor answer. He provided a smug, arrogant, binary answer to a continuum question. The fact is one can do one hell of a lot to gain a high degree of anonymity. He's right the internet was not designed for those using it to be anonymous, but a significant amount of technology exists to mask your data and identity when you want to do so.
if you are an electrical engineer and computer science major you should know how to intercept the wave packet of wifi up in the air
they have to be able to prove it in court beyond a reasonable doubt
Lets assume that these people with never ending resources aren't the ones we're worried about finding us. Because like you said, if they want to they will. I get that, but scale down to some kid playing against you in an online game. Their resources are very limited. What would be an efficient way to keep them out of your private information? By efficient I mean a way that would not cause your internet speed to be affected greatly or at all. Is a VPN the best bet?
you do not stay fully annonymous online it's a fact. And he does the right thing destroying that illusion. Even if its possible to secretly communicate online, that is easier done without trying to stay annonymous. And actually causing a lot of open noise and then outputing minimum sizes of information in between. When you try to stay fully annonymous you only attract unnecessary attention. it is easier to put a ghillie suit on and crawl in open field, than dig a tunnel underneath it.
dierk niessen: I am a computer beginner student of computer technic. I am interested and more important, I am inquisitive. So I am inclined to sincerely believe, that there is no anonymity in the Internet, as Mr. Eli said. Thanks Mr. Eli to all your precious advice. I havevery little to hyde and that little can be found out by authority in no time
what do you use to keep secure online?
What if i type slowly like really very slowly in library
just say `No not possible to stay anonymous on line``..do we really need 7:40 of time to tell everyone how tech-special you are, talk about an ego-tripper, and you really should stop being so patronising.
I have never tried to be anonymous, because I agree with you that it is impossible. But, what about encryption, like PGP. Can that be cracked?
This may be a dumb question but why would you even bother with things like vpn? Wouldn't that just make it a waste of money?
I did not know about e-biometrics. That's an interesting feature.
Usually, a simple input box in html, does not track time between keystrokes.
I know, because I have written webserver programs and I have written software
to read/write utp/udp connections etc. , but ...
I am pretty sure that the search bar like, on youtube and google, are not simple input boxes.
They are queried by listeners (probably AJAX) , with every keystroke you make.
It is very possible, they also run e-biometrics.
The only question is: To what extend is it allowed to use this data ?
I think the law can/will not sufficiently cover this, concerning the privacy act, etc.
Unless some advanced proxy server is based in Panama.
There is a lot of illegal activity going on there that cannot be tracked.
Because there are places like Panama that do not release info about users ip addresses and such.