Damn! Sorry to hear. I personally don’t think VPN is enough they probably have insiders at all the various VPN companies which they can hit up for a dig on your connection data which would eventually point to the email and Info you used to sign up with the VPN. This is why the burner phone to verify a fake name and email address is key. Also find a vpn that is free so you don’t have to give them personal info with a credit card. Or load up a pre pay you bought with cash while wearing your mask and a hat. Take your plates off when you drive to the store for the purchase as well probably cameras tracking the lots and that would be another trace back they can use. Great book worth reading is “the art of invisibility” by Kevin mitnick.
VPN AND older virtual machine - like Win XP, or Win 7.
That way the browsers on your virtual machine only leak ENTIRELY DIFFERENT identifying information than your main PC would do through a browser.
It's called "Browser fingerprinting" and there's hundreds of ways to do it.
One such way is make a canvas on an invisible web page, draw some text in a particular font - and they can tell some of what your OS is.
Do that with cookies,HTML 5 local filesystem files, browser name and version, (used to) Flash super cookies, page referer (from the PREVIOUS site you were on!), FAVICON cache list_... all this adds up to a UNIQUE BROWSER and therefore user.
See that browser again with a new IP AND different Reddit account?
They KNOW you're the same person.
VPN AND VIRTUAL MACHINE. DO NOT visit or log in to ANY personal account sites you have on it.
Damn stepping it up even more. So clearly you know some technical details here. How about this. Host system on VPN. VM running win xp, with a different VPN service routed through the host’s VPN service. Also windows xp vm browsing on brave through tor. Is this full ghost mode?
Any VM runs on physical hardware that will have Ethernet hardware, and ALL Ethernet hardware at its PHY layer each has a unique ID. That means the VM and any other OS on the machine all have to talk to the same IDed hardware regardless. So a VM does not buy you true anonymity. Plus, any tool that can find a way to query the machine's BIOS can get the unique MAC address and then you're identifiable. The MAC address cannot be changed, it is permanent. Also, packets contain that unique ID; with a VPN, the provider does know your MAC address, so a corrupt provider can give info on you if an agency demands it.
MAC address can be changed though? You can do this in the network settings of the virtualization software. I use virtualbox so at least I am certain you can with it. Also, there are tools to spoof your MAC address.
Tor is solid. At least 3 hops, each machine is the only one that can see the previous link. This means they would have to beach all three of those nodes. I’ve noticed using Tor through brave they use 5 hops. They are also random and change at intervals. In my opinion tor does provide some serious privacy. Add a vpn to the host machine running tor through the browser in a vm with a spoofed MAC and I don’t think anyone is going to be able to track you down unless they are the NSA dumping some heavy resources on you
The simple version is, even if you use a VPN they can still get the MAC address on your computing device, by various means including tricks. Then they can correlate usage of that value with who you are, by comparing data from various accesses. Now, Reddit alone can't do that, indeed they can use multiple data sources in order to cross-correlate. ANYONE who does online gaming will be traceable by this means.
The short take is, you are not totally anonymous even with VPN, if you are on a PC. If you are on a burner phone it is harder but if you make even one slipup, you're hosed.
True, but a direct hardware query will always return the factory hard-coded value. So even if the average person runs spoofing software for this on normal Internet packet use, they are vulnerable to specialized tools for attack. So my guess is the average random Redditor doesn't run spoofing, and probably some nosy people have fingerprinted them. A side note, some software vendors use MAC address on user machine as a key to authentication of software license.
Hm, I agree here, however am wondering about what tools they would use to penetrate through the VM and see the real MAC address of the NIC. Basically, if I’m spoofing my MAC and browsing on a VM, how does one look beyond that.
Damn! Sorry to hear. I personally don’t think VPN is enough they probably have insiders at all the various VPN companies which they can hit up for a dig on your connection data which would eventually point to the email and Info you used to sign up with the VPN. This is why the burner phone to verify a fake name and email address is key. Also find a vpn that is free so you don’t have to give them personal info with a credit card. Or load up a pre pay you bought with cash while wearing your mask and a hat. Take your plates off when you drive to the store for the purchase as well probably cameras tracking the lots and that would be another trace back they can use. Great book worth reading is “the art of invisibility” by Kevin mitnick.
VPN AND older virtual machine - like Win XP, or Win 7.
That way the browsers on your virtual machine only leak ENTIRELY DIFFERENT identifying information than your main PC would do through a browser.
It's called "Browser fingerprinting" and there's hundreds of ways to do it.
One such way is make a canvas on an invisible web page, draw some text in a particular font - and they can tell some of what your OS is.
Do that with cookies,HTML 5 local filesystem files, browser name and version, (used to) Flash super cookies, page referer (from the PREVIOUS site you were on!), FAVICON cache list_... all this adds up to a UNIQUE BROWSER and therefore user.
See that browser again with a new IP AND different Reddit account?
They KNOW you're the same person.
VPN AND VIRTUAL MACHINE. DO NOT visit or log in to ANY personal account sites you have on it.
Damn stepping it up even more. So clearly you know some technical details here. How about this. Host system on VPN. VM running win xp, with a different VPN service routed through the host’s VPN service. Also windows xp vm browsing on brave through tor. Is this full ghost mode?
Any VM runs on physical hardware that will have Ethernet hardware, and ALL Ethernet hardware at its PHY layer each has a unique ID. That means the VM and any other OS on the machine all have to talk to the same IDed hardware regardless. So a VM does not buy you true anonymity. Plus, any tool that can find a way to query the machine's BIOS can get the unique MAC address and then you're identifiable. The MAC address cannot be changed, it is permanent. Also, packets contain that unique ID; with a VPN, the provider does know your MAC address, so a corrupt provider can give info on you if an agency demands it.
For more info read: https://stackoverflow.com/questions/23935095/how-are-mac-addresses-used-in-routing-packets#23935402
MAC address can be changed though? You can do this in the network settings of the virtualization software. I use virtualbox so at least I am certain you can with it. Also, there are tools to spoof your MAC address.
Thoughts on Tor?
I’ve heard mixed things.
Tor is solid. At least 3 hops, each machine is the only one that can see the previous link. This means they would have to beach all three of those nodes. I’ve noticed using Tor through brave they use 5 hops. They are also random and change at intervals. In my opinion tor does provide some serious privacy. Add a vpn to the host machine running tor through the browser in a vm with a spoofed MAC and I don’t think anyone is going to be able to track you down unless they are the NSA dumping some heavy resources on you
The simple version is, even if you use a VPN they can still get the MAC address on your computing device, by various means including tricks. Then they can correlate usage of that value with who you are, by comparing data from various accesses. Now, Reddit alone can't do that, indeed they can use multiple data sources in order to cross-correlate. ANYONE who does online gaming will be traceable by this means. The short take is, you are not totally anonymous even with VPN, if you are on a PC. If you are on a burner phone it is harder but if you make even one slipup, you're hosed.
MACs can be spoofed/changed tho.
True, but a direct hardware query will always return the factory hard-coded value. So even if the average person runs spoofing software for this on normal Internet packet use, they are vulnerable to specialized tools for attack. So my guess is the average random Redditor doesn't run spoofing, and probably some nosy people have fingerprinted them. A side note, some software vendors use MAC address on user machine as a key to authentication of software license.
Hm, I agree here, however am wondering about what tools they would use to penetrate through the VM and see the real MAC address of the NIC. Basically, if I’m spoofing my MAC and browsing on a VM, how does one look beyond that.