Firstly, it has been a while since I’ve updated anything here. I have updated the Links page to clean out the stale and, most importantly, to add David Cowen’s blog “Hacking Exposed – Computer Forensics Blog“. David has been putting up a tremendous number of articles and hosts a lunch webcast every Friday at noon central. Guest speakers are encouraged to respond and give a brief talk, but David Cowen and Matt Seyer hold their own just fine when interaction drops.
Now for the book review. I am a bit of a sucker for cheap and short books on staying anonymous. The latest disaster is “How to be Anonymous Online“. The book really does not live up to its name, but that’s expected for a $5 purchase weighing in at 35 pages. If it had a table of contents, it would look like this:
- Obtaining TAILS
- Burning TAILS
- Configuring TAILS
- Installing TAILS to USB
- Anonymous Email
- Setting Up PGP
- Using PGP
- Updating TAILS
Upon closer inspection, the majority of the book revolves around TAILS. The Amnesic Incognito Live System (“TAILS”) is a TOR enabled, Linux LiveCD. Their download page covers everything that the book covers, even setting up persistent volumes. The page also links over to a documentation page. It’s at this point that the author starts laying down “fact” without any references to support their claims.
The first issue lies in persistent volumes. If one it attempting to be as anonymous as possible, as the book leans towards, then having persistent data is far from ideal. The author does acknowledge that the volume is encrypted, but seems to be satisfied with “it’s encrypted.” TrueCrypt is not mentioned at all; only the magical and unnamed system (LUKS in this case).
And that’s where the book falls hard. The re-publishing of the TAILS documentation, mention of Plop Boot Manager without any discussion of Plop, or the flat statement that Bitcoin is not anonymous are bad. But, anonymity is not about being absent and leaving no trace as the book suggests. It is about not revealing the true identity. Learning to minimize one’s tracks and to misrepresent what is left is key. The book does not delve into this point with any recognition or authority.
In short, use TAILS. Use their documentation to get up an running. But, follow up with more education and know that software can not fix wetware (your thinking and habits) mistakes. Anonymity requires conscious actions that deviate from our typical human interactions.