Here is a simple guideline for researchers to establish a basic level of online anonymity for the purpose of disconnecting identity and physical location from research activity.
What do you need?
What level of anonymity will this guidance provide?
What will this tutorial cover?
1) Getting a prepaid credit card
In some countries you can get prepaid cards from grocery stores, pharmacies and such. This includes US. If you can’t get one in your country, you can get one online. You find many options from Google. You should not put much more money in to the card than you know you will need. You might have to discard it. Once you have the card, it might be good to buy some bitcoin using it (for paying VPN and other services where you want more complete anonymity).
2) Getting an anonymous sim card
You can get one easily from many countries. If you travel frequently, you can get it from a country where you can get it if yours don’t allow it. Many will work abroad as long as you activate it before you leave the origin country. Don’t ask others to do it. Never mix others to your activities.
3) Choosing the VPN that is right for you
Choose one that is not known for spying on its users, data brokering, easily giving data to authorities, etc. Also make sure that it has a choice for the country where your Sim card is. Don’t tell to others which VPN you use.
4) Use a random name generator to create your alias (name)
or for a little more fun:
5) Create an avatar for you new alias
Most people use some kind of image as their avatar, which is usually a photo of a person, or something else “personal”. Profiles that follow this idea seem more legitimate. One way is to pixelate a photo of someone:
The other is to create an anime / game character:
The most important point is to NEVER USE SOMEONE ELSE’S PHOTO without making it completely obscure first. Never. Also don’t just take images online and then reuse it. Otherwise you expose yourself to reverse image searches with tools like:
If and when you use an image, do make sure to use a meta-data scrubber. While it may be better to have a more comprehensive system designed for your operating system, you can get started with an online tool such as:
6) Setting up your Browser
You can’t use Google Chrome because at the time of writing this, it still has the problem of WebRTC leak i.e. it will leak your actual IP under any condition, including one where you use a VPN. If you can make it work so that it doesn’t, then you could use it.
Once you’ve setup your browser with ad blocker (uBlock Origin seems to ok), check that your WebRTC does not leak:
AdBlock Plus is not really an ad blocker, but adware, so don’t use that.
Very importantly, uninstall flash, java and silverlight. And no, you can’t replace the instructions on this guide by using Tor. Forget Tor, it just means you’re going to be flagged everywhere you go.
7) Creating an anonymous Google account
Turn on your VPN to the country of your SIM card and create a gmail account with your new alias. Gmail account is a major trust factor in the internet. I can’t imagine why, but it is.
Usually the name you choose is not available as it is because somebody else is already using it. Extend it with the birth year you select, or something else that you would if you were really creating an email address for actual use.
Verify the account with your anonymous SIM card. Do not add an alternative email address.
8) Some additional points about anonymity
Your cover can be blown at various levels:
Network level in some cases leads to precise location, which is as bad as identity level. So using a VPN and preventing WebRTC leak is VERY IMPORTANT.
You can find the right way to change the mac address in your system from Google. Do that frequently.
If you think your persona and identity is mixed, drop the persona and create a new one.
9) Setting up anonymous server
AWS has many advantages for this kind of use, but you could use any hosting provider. Some accept bitcoin, but are mostly the kinds of hosts that get flagged easily. If you have servers already, you can use AWS for tunneling or proxy between your target hosts and your own servers.