WARNING! This isn’t a guide to disappearing completely. This is a guide for the average Joe or Alice, who are not cybercriminals, to regain their privacy online. Learn how to actually Anonymize everything you do online.

It’s easy for us to think that we are safe behind our web browsers and that nobody is watching what we do. The reality is that your online activities are constantly logged, tracked, and indexed by big business and government agencies.

You don’t need to have evil motives for wanting to fake your identity or go incognito online; for many people, it’s a matter of privacy and avoiding spammers and scammers. Privacy should be the default unless a court order is retained.

Privacy was dead, and no one cared. But that was until revelations about government spying and worse came to light. For some of us, the need to go truly anonymous is more important than ever. In fact, sometimes it’s necessary.

If you want to keep yourself safe in this digital age, you can do so by taking some basic precautions which serve to hide or disguise your identity.

It’s so difficult to keep your privacy anymore. In fact, 59% of American web users have given up trying to be completely anonymous online, according to a Pew Research Study.

We are living in an age where there is little to no privacy. Through the use of technology, your private information is being accessed, analysed and used in ways that can be difficult to predict or prevent. So what can you do to stop it? Is it really possible to hide your private information online? By taking a few basic steps, you can protect your online privacy.

Staying private online is not easy, but there are tools and tricks, which help when you have a moment you really want to keep secret.

 

Why is it important to stay private online?

Just because 59% of Americans have given up on online privacy, you shouldn’t! There are plenty of compelling reasons to stay private.

Avoiding awkwardness when people see your computing device
You don’t want to leave a web trail when you search for treatments for your sensitive medical condition or your illicit hobby. It will be awkward if you lend your smartphone or computer to someone, and targeted ads for ‘hemp oil’, ‘magnum’, and ‘how to have an affair’ appear on your screen.

Avoiding potential revenge in your social circles
Your social media friend might one day become an enemy, and seek to exact revenge on you by revealing your web habits to the world. Yes, people can be that petty and passive-aggressive.

Avoiding legal incrimination
One day, you may be accused of a crime, and law enforcement will trace your web travels to build a case against you. While this is low probability for most of you, the day that you get accused of a crime is the day that you’ll be glad you took measures in advance. There’s no need to give the prosecutor any more ammunition, regardless if you are guilty or not.

Avoiding being profiled by authorities
If you have controversial interests, it is smart to keep your tastes and interests private; there are private corporations and government institutions who assemble profiles based on how you surf the Web.

Maybe you are a gun collector or a user of medical marijuana. Or perhaps you vigorously disagree with the current government, a particular senator, or some local business, and vocalizing your thoughts will get you unwanted attention. In any case, cloaking your web habits is a smart thing to do.

Risking your job because you were identifiable online
Maybe you have a high-profile professional job in the government, public service, or legal /medical /engineering world where it is imperative that you never be accused of impropriety in your personal life. If you participate in controversial hobbies, or have strong opinions that are politically-charged, it could be a career-limiting move to have such information documented.

Possibly getting your credit cards hacked
If you regularly publish your online purchasing tastes and personal life habits through social media, you are very attractive to cyber-savvy crooks. These criminals will sniff out your information by following your posts about your pets and children, your Amazon and eBay buying habits, and where you like to shop and eat. And then as soon as you publish that you’re on vacation to Hawaii, then these online crooks get really excited about the possibilities you present!

Protecting your family from predators
If you have young children, definitely curtail how much of your personal life you broadcast on the Web. Cyber-savvy predators love to know what your favorite grocery store and favorite park is.

You like to make controversial purchases online
Maybe you like to buy products online that could draw unwanted attention: fetish clothing and paraphernalia, ammunition, self-defense devices, anti-surveillance devices, books about weapons, and so on.

While your hobby tastes are not necessarily illegal, they can get you unwanted attention, social judgment, and possibly threaten your credibility and job security at the office.

You enjoy controversial discussion forums
If you like to talk politics or religion or other controversial topics online, you definitely want to sheild yourself from reprisals in your real life. When it comes to heated topics about abortion, labor laws, immigration, and other hot-button topics, people can get very emotional. Some people will actually wish you physical harm. They may even want to exact real-life revenge through vandalism, stalking, or even physical threats. Definitely not a good idea to broadcast your personal details online in the event that you clash with a cyber-savvy hater.

 

Stay invisible online

Use laptop purchased second hand from pawn shop with cash and no transaction record.
Don’t buy online.
Don’t have a Facebook, or a Twitter, …
Put a password on your computer and never let family know what it is.
… and be very very careful what you do in real life.

 

Why the FBI Director puts tape over his webcam

It’s the first thing you do with a new computer: you tape over LED’s, microphones and cameras.

Just cut a small piece of the sticky part, and place it over the camera. Lenovo laptops now come with a couple of re-usable stickers specifically for covering the camera lens.

Most webcams have an LED light that is activated by the same circuit that powers the cam itself. In other words, you can’t turn on the cam itself without also powering the LED unless you manually alter the physical circuit.

If your webcam doesn’t have an LED light that comes on when the webcam is on or if it’s burnt out, then … put tape on it.

There has been a long and sordid history of internet perverts and peeping Toms hacking into computers, and secretly taking images and videos of their victims via the webcam.

One victim was Miss Teen USA Cassidy Wolf, who was secretly spied upon in her bedroom by a hacker who took photographs and threatened to release them to the public.

Up until now, most people have believed that the LED indicator which sits next to the webcam of laptop and desktop computers provides some warning that the device has been activated.

Miss Wolf said that her webcam light had never illuminated.

However, researchers have now proven that it’s possible to commandeer a computer’s webcam *without* the LED light coming on, making it much harder to tell if you are being secretly recorded. The researchers claim that the technique should work on any modern Windows notebook – the only complexity being that the hacker would need to build different hacked firmware for many different webcam chips.

The process is simple. Here is the simplified explaination. The LEDs were controlled by software, not hardware. The LED cathode is connected to the camera enable. The enable goes low to turn on the camera. The LED anode is connected to 3.3v. The camera firmware is stored in EEPROM, and is not secured. The iSeeYou app simply writes a rouge firmware to the camera EEPROM. The rouge firmware keeps the camera on all the time (ignoring the enable signal). The iSeeYou app accesses the camera without driving the enable low. The light is effectively bypassed.

If you have disabled at the device manager level, is that effective? Not if malware takes control of your computer. Don’t trust your system to do the right thing.

 

How to stay private online?

During a webcast on NSA leaks and data security at the South by Southwest conference in Austin, Texas, Snowden shared some privacy tips for the rest of us: Encrypt your hard drive, use plug-ins for your browser that prevent organizations or companies from tracking you online, and cover your tracks with Tor, an online network that promises anonymity.

Encrypt your hard drive
Encryption is the “Defense Against the Dark Arts” for the digital world, said Snowden, referencing the class Harry Potter took during his Hogwarts years.

Adding password protection to files on your computer is just the first step to personal file security. Encrypting the entire hard disk on your computer ensures personal information is secure, even if your device is stolen or seized.

Newer versions of Windows and Mac operating systems come with built-in disk encryption tools. BitLocker, which encrypts your entire hard drive, comes as part of Windows 10 Pro, Enterprise and Education versions. It isn’t available on Windows 10 Home edition. Apple offer detailed tutorials online on how disk encryption services can be turned on.

Use a privacy-focused email service
There’s no secret that Gmail, Yahoo and all popular email services are harvesting user data and they even share it with governments. These are some of the best email services that are focused on user privacy: ProtonMail and Tutanota are email services that we recommend.

Use strong, unique passwords
Reusing passwords is just as bad as having very weak passwords for all your online accounts. Use a password manager to save them privately and generate random, unique passwords for each online account you have. Keepass and KeepassX are excellent password managers.

Pick strong passwords. Obviously avoid “password” or “12345” but do consider a long, strong phrase with caps, numbers, and special characters (such as & and %) mixed in. Like this “nSh7*V&~Y$B8”.

Don’t repeat passwords: If your eBay password is also the one you use on Amazon, Google, and Facebook, all those are compromised, too, and hackers will be quick to take advantage.

Use separate browsers and virtual machines
For better privacy protection, it’s a good practice to use a separate browser so you don’t “mix” identities or leak information that might disclose your identity (for example through use of cookies). Using virtual machines is even better, so the activity in the virtual machine would be isolated from your personal environment. For best security use Linux virtual machines in VirtualBox or VmWare. Tails and Whonix are Linux distributions with a strong focus on privacy and anonymity.

Sign out of your accounts
It sounds obvious, but you may forget or not realise you are signed into various accounts at once, and what happens when you are. If you remain signed in to your Facebook, Google or other similar accounts while browsing, information is collected about you which can be used for advertising. Enabling your web browser’s private mode will automatically sign you out of all accounts, and won’t retain your browsing history.

Personal VPN
For better privacy protection, it’s a good practice to use a personal VPN in public WiFi hotspots. That’s because WiFi signals (in places like airports, hotels, cafes, parks, etc.) are radio waves; anyone within range of a public WiFi network can listen in on what users are sending and receiving.

Use common sense
Don’t open weird attachments, don’t install software from random websites, and don’t put your password anywhere but in fields marked password.

 

Don’t use Social Media

The amount of personal data that social networking sites like Facebook, Google Plus and Twitter have harvested from their billions of users is shocking. Head to facebook.com/settings and click ‘Download a copy of your Facebook data’ and you might be surprised to see just how much information is on file. Everything from who you have poked, what events you have or have not attended and when and where you have logged into your account is logged and saved. Similar levels of data harvesting occurs on all major social media sites. This is the price you pay for using a ‘free’ service.

The only sure-fire way to avoid giving up this information is to delete your accounts entirely.

A word of warning, ‘deactivating’ your account is not the same as deleting it. Deactivating your account is sort of like putting it into hibernation – all your information is stored and can be re-activated if you have second thoughts. Always delete rather than deactivate an account if you wish to completely wipe it.

 

Mass spying

PRISM is a clandestine surveillance program under which the United States National Security Agency (NSA) collects internet communications from at least nine major US internet companies. PRISM was publicly revealed when classified documents about the program were leaked to journalists of The Washington Post and The Guardian by Edward Snowden – at the time an NSA contractor – during a visit to Hong Kong. The leaked documents included 41 PowerPoint slides.

Even low-level NSA analysts are allowed to search and listen to the communications of Americans and other people without court approval and supervision.

The NSA databank, with its years of collected communications, allows analysts to search that database and listen “to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you’ve entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future.

Parallel programs, known collectively as SIGADs gather data and metadata from other sources, each SIGAD has a set of defined sources, targets, types of data collected, legal authorities, and software associated with it.

The much less known MUSCULAR program, which directly taps the unencrypted data inside the Google and Yahoo private clouds, collects more than twice as many data points compared to PRISM. Because the Google and Yahoo clouds span the globe, and because the tap was done outside of the United States, unlike PRISM, the MUSCULAR program requires no (FISA or other type of) warrants.

 

Should you be concerned?

If the NSA, FBI, whoever thinks you might be doing something illegal, even if you aren’t, they’re going to target you. They will accept any evidence that confirms their incorrect beliefs and ignore anything that contradicts them. They have done this before and made life a living hell for completely innocent people. Also, even if you are not one of those people with a serious and pressing need for such anonymity, by using the technology you are assisting those who do … the whistle blowers, journalists, human rights activists, political dissidents, etc.

Anonymous on the internet? The more you try to hide, the more you will be targeted. Basically, if your using TOR, you can expect that your being watched, simply because you use TOR.

There’s a big difference between privacy and anonymity.

Anonymity is a smoking mirror that we like to hide behind, but in reality, it does not exist. You can’t be truly anonymous on the Internet.

 

Determine how hidden you want to be

Who are you hiding from? If it’s just normal people, or even regular authorities, then it should be fairly easy to remain anonymous. However, if it’s the NSA, or any 3 letter agency, you better do this like paranoid ninja. A paranoid ninja reads more than 1 article on the subject, never edits the website from their personal computer, hides their IPs even in the library, and makes sure that he doesn’t get recognized on surveillance cameras in public places where he goes to work on the website. He never uses gmail, hotmail, or any other NSA honeypot.

 

Online anonymity is not a guarantee

Just ask Violentacrez, the Reddit moderator who posted and hosted risque pictures of women taken without their consent, and whose name was exposed as Michael Brutsch.

Ask CIA Director Gen. David Petraeus and his biographer Paula Broadwell, who used the tried-and-failed technique of leaving communiques in the draft folders of email accounts.

“If, for example, (Paula) Broadwell had repeatedly used a Tor connection to access her anonymous account, and then logged into her primary Gmail account or Facebook (in her normal browser, outside of Tor) within the same few minutes,” Sanchez said, “there’s a fair chance she still could have been traced, or at least been placed on a short list of suspects.”

Tor’s not enough. You have to be smart about other aspects of your use of it.

Are you one of only a few people who have the information you’re leaking? Chances are no matter how many proxies or how much encryption you use, you’ll be found out.

But that doesn’t mean anonymity is impossible.

 

Freedom of speech

Learn how to create an anonymous website or blog so you are empowered with freedom of speech. Protecting your personal privacy is a lifestyle design choice and can protect you from identity theft. Governments all over the world, or corrupt elements within governments, use the methods at their disposal to silence uncomfortable speech. One of the main methods they use is to threaten the source of speech.

Anonymous speech is important. Political activists and whistleblowers, advocates of medical marijuana, gay rights activists, critics of local police, and many others may need the protection of anonymous speech to protect themselves while they voice their opinion.

Efforts to censor online speech are doomed to fail because people will find ways to publish unflattering material online without leaving any trace of identity behind.

Ultimately, there really is no such thing as “perfect anonymity” on the internet. You can make it very, very hard and expensive to be identified, but it’s rarely truly impossible. The best you can hope for is “impractical”. And just what impractical means depends on what you’re saying, who’d want to know who you are, and how many resources they can throw at the problem.

 

How might your identity be discovered?

There are several points of weakness where identifying information could be gleaned. To understand how to set up a website anonymously, you must first appreciate that your identity might be obtained via:

The WHOIS record for any domains you register.
Your IP address (sent in the header of emails you send and found in server logs).
Your service providers’ account records (i.e. hosting, domain registrar, ISP).
Your email address.
Your credit card details or other payment method.
Your Google Analytics account information.

 

Step #1: Browse Anonymously

Your Web browser is tracking you. It’s that simple. Cookies, and now unstoppable “super cookies” know where you’ve been and what you’ve done and they’re willing to share. Sure, it’s mostly about making sure you see targeted ads, but that’s not much consolation for those looking to surf in private.

Your browser’s incognito /private mode can only do so much – sites are still going to record your IP address, for example.

Anonymous surfing might not be everything you think, and it’s important to understand what it does, and does not, do to protect you.

Every computer on the internet is, ultimately, identified by its IP address. Whenever one computer connects to another, each “knows” the others IP address. It’s how data is routed across the internet from one computer to another.

So, for example, when you visit a forum, the server “knows” and records your internet IP address.

You cannot trace an IP address to the physical location of the computer it represents. At best, you can find out the ISP that has assigned that IP, and perhaps the general region that the IP address is located in. But the ISP – well, that’s different. They can trace the IP address to the exact location of the computer connected to it. They’ll typically only do it in response to a law enforcement request or court order, but they can do it.

Anonymous IP Address
Your IP Address is your personal online ID. When your IP is visible, it allows others to easily trace online activity back to you. It can also be used by hackers to assault your computer with malware and collect sensitive information that can lead to identity theft.

IP addresses scare a lot of people. Most are concerned that just about anyone can, given an IP address, easily locate the person who is using the computer at that IP address. That’s simply not true.

However law enforcement can get very close. They can, with the help of the ISPs involved, locate the home or business to which an IP address has been assigned.

As an extra layer of protection, anytime smart anonymous connect to the domain registrar, set up or log into their email, connect to their web hosting company, or log into their website to post information, they will use anonymous web surfing techniques. Tor is free and easy, proxy servers are available all over the world.

VPNs, especially those based offshore, will prevent authorities searching through service provider records from discovering the IP address of political activists. These methods are also a way to circumvent government blocked sites, a common practice in places like China.

Never trust a VPN unless they accept bitcoins for payment.

Anonymous Proxies and Services
The biggest concern with any anonymous proxy or service is security and privacy. How will the provider respond when faced with legal action requiring them to expose the source of any particular communication. Many will not hand over such information, and some are even set up so that they can’t.

The proxy knows your IP. If they maintain and retain access logs, it’s conceivable that those logs could be demanded by legal authorities to track activity. They’d know the IP address you were coming in from and the web sites that you were visiting through the proxy.

The proxy sees your data. Every request you make goes to the proxy where it’s interpreted so that the proxy knows what to do with it next. While it’s looking at it, your data could be there for the proxy to examine and do whatever else with. If that data contains your email account name and password in unencrypted text, you bet a malicious proxy could be collecting that information.

Just like your ISP for normal connections, you’re giving a proxy service a tremendous amount of access just by using them. Your IP address might not be presented to the remote site you’re connecting to, but just by the nature of the internet it must be presented to the proxy. And in the worst case not only can a proxy log your accesses, a malicious proxy could typically quite easily examine your data, passwords and all.

Find a proxy that meets your needs
Read the privacy policy.

Sensitive information often travels through proxies without encryption; for this reason, hackers often set up proxy servers to collect personal information such as usernames and passwords.

Look for information about the person or entity running the proxy and read the privacy policy. If there is any concern regarding the reliability of the proxy, it is best not to use it.

Virtual Private Networks
Virtual Private Networks are a good option for people who want an anonymous yet speedy connection and don’t mind paying for the privilege. Premium VPNs maintain dedicated proxy servers for their users. Your connection is encrypted and the websites you visit see the VPN’s identifying information, not your own.

There are a ton of VPNs out there, and virtually all of them block your identity from third-party websites, but the question an anonymous-minded person wants to ask is: Does my VPN provider keep server logs?

One of the best and most well-known virtual private networks is The Onion Router, or Tor for short. The Tor network has proven its mettle under fire, helping journalists file reports from countries where Internet access is restricted and allowing citizens to communicate digitally when governments shut down the Internet. Rather than establishing a direct connection between your PC and a proxy server, then connecting the proxy server to the website you want to visit, Tor bounces your data request through several random Tor server relays before pointing it to the final destination. In fact, Tor got its name because like an onion, this network has layers.

 

Tor Browser

If you want to browse the Web anonymously, you need the Tor Browser, a security-laden, Mozilla-based browser from the Tor Project.

Tor was developed in the mid-1990s by United States Naval Research Laboratory employees, mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag, with the purpose of protecting U.S. intelligence communications online. Tor was created by the government for own people to remain untraced when in missions. Onion routing was further developed by DARPA in 1997.

Tor is now an independent nonprofit organization that lives off volunteers.

TOR doesn’t need anything else other than TOR
Most Tor users know the program as a way to anonymously browse the Web. But it’s much more. In fact, Tor’s software runs in the background of your operating system and creates a proxy connection that links with the Tor network. A growing number of apps and even operating systems provide the option to route data over that connection, allowing you to obscure your identity for practically any kind of online service.

If you don’t know about Tor, it’s what used to be called The Onion Router, and it’s all about keeping you anonymous by making all the traffic you send on the Internet jump through so many servers, people on the other end can’t begin to know where you really are. Like an onion a connection made through TOR is routed through several different computers, often all over the planet.

Each step of the transmission is encrypted in such a way that the path through TOR can not be traced, and most importantly the source cannot be identified.

Each Tor packet is actually wrapped in layers of encryption, like an onion. So each node in the relay knows where the packet has just come from and where it’s going next, but not the ultimate origin or destination.

Since Internet traffic hits the Tor proxy client before it goes anywhere else, an ISP would see nothing but the entry-point Internet Protocol address, or the outermost layer of the onion.

Don’t get the impression that Tor is utterly perfect and will keep you 100% anonymous.

When Tor users are arrested, it is typically due to human error, not to the core technology being hacked or cracked. The guy behind Silk Road didn’t get caught because of a deficiency in Tor, he got caught because he made incredibly stupid mistakes. He actually hinted on his LinkedIn that he ran a drug trading website, he posted a question on Stack Overflow using his actual name and actual code from Silk Road, and he used his actual picture on fake IDs instead of a stock photo.

So, Tor works fine.

The Tor Browser is available for Windows, Mac OS, and Linux. It’s self-contained and portable, meaning it’ll run off a USB flash drive if you don’t want to install it directly. And it’s totally free.

When the Tor Browser launches, it will automatically test itself to see if Tor is working correctly.

It sounds complicated, but tapping into Tor couldn’t be easier.

Download TOR:
https://www.torproject.org/download/

For Windows, the Tor Browser comes as an EXE file, so it’s basically like installing any other program.

The key difference is that the browser doesn’t have the same default location as most programs. Instead, it offers your desktop as the install location. The Tor browser does this because it is portable software and doesn’t integrate into a Windows system the way typical programs do. This means you can run the Tor browser from almost anywhere – the Desktop, your documents folder, or even a USB drive. Once you’ve got your location selected, just press Install and Tor takes care of the rest.

Using the Tor Browser
Once the browser is installed, you’ll have a folder called Tor Browser. Open that and inside you’ll see “Start Tor Browser.exe”. Click that file and a new window opens asking whether you’d like to connect directly to the Tor network or if you need to configure proxy settings first.

For most people, choosing the direct option is best, so choose Connect.

For the average Internet user, the Tor Browser should be enough to stay private online. Just make sure you do all your anonymous browsing from the Tor Browser itself as other programs on your system are not connected to Tor.

The most important part of surfing the deep web with the TOR browser is that if you have any other program on your machine running that connects to the internet, your identity will be exposed and compromise the efforts of the TOR browser.

IMPORTANT NOTE: It is important that you only use the Tor browser for anonymous things. Under no circumstances should you ever check your personal email, bank account, or anything connected with your real identity while anonymized. It is imperative that you separate your two identities as much as possible.

The Tor Project has more tips on browsing anonymously. Go here https://www.torproject.org/.

 

Paranoid

Even if you run Tor to anonymize every individual Internet application you use, your computer might still be leaking identifying info online. The NSA has even used unencrypted Windows error messages sent to Microsoft to finger users and track their identities. And an attacker can compromise a web page you visit and use it to deliver an exploit that breaks out of your browser and sends an unprotected message revealing your location.

So for the truly paranoid, we recommend using entire operating systems designed to send every scrap of information they communicate over Tor. The most popular Tor OS is Tails (The Amnesiac Incognito Live System). Tails can boot from a USB stick or DVD so no trace of the session remains on the machine, and anonymizes all information. Snowden associates have said the NSA whistleblower is himself a fan of the software.

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:

use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network;
leave no trace on the computer you are using unless you ask it explicitly;
use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

If your computer gets hacked, the game is over. Creating a virtual sandbox around your online communications is one way to keep the rest of your system protected.

Tor is awesome and can make you anonymous. But if your endpoint gets compromised, your anonymity is compromised too. If you really need to be anonymous, you also need to be really secure.

Even after you’ve done all this, your anonymity still isn’t a certainty.

 

If Tor is blocked by your school, company, ISP, country, etc. …

You can go to BridgeDB and grab some obfs4 bridges and then plug them into the desktop browser and/or the mobile app. Obfs4 cannot be blocked unless the bridge address is exposed to the world publicly, so take care when posting debug logs by removing the IP addresses before posting the logs. If you accidentally exposed a bridge, you can report the bridges to the Tor Project.

Now that your Internet traffic has been anonymized, the hard part is over.

 

Large File Transfers

Google Drive and Dropbox don’t promise much in the way of privacy. If you use a filesharing service like Dropbox or Mega or whatever, you basically have to trust them. The file could end up in the hands of law enforcement.

Onionshare is open-source software that lets anyone directly send big files via Tor. OnionShare lets you securely and anonymously share a file of any size.

When Onionshare users want to send files, the program creates a password-protected, temporary website hosted on the Tor network – what’s known as a Tor Hidden Service – that runs on their computer. They provide the recipient with the URL and password for that .onion site, preferably via a message encrypted with a tool like PGP or Off-The-Record encrypted instant messaging. The recipient visits that URL in a Tor Browser and downloads the file from that temporary, untraceable website, without needing to have a copy of Onionshare. As soon as the person has downloaded the file, you can just cancel the web server and the file is no longer accessible to anyone.

 

Mobile Devices

Tor on mobile devices (smartphone, tablet):

Orbot
(Proxy with Tor: https://play.google.com/store/apps/details?id=org.torproject.android)

This is the official version of the Tor onion routing service for Android. Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Orbot is the safest way to use the Internet on Android. Orbot is the only app that creates a truly private internet connection.

Use with Orfox, the most anonymous way to access any website, even if it’s normally blocked, monitored, or on the hidden web.

Orfox
(Tor Browser for Android: https://play.google.com/store/apps/details?id=info.guardianproject.orfox)

Orfox is built from the same source code as Tor Browser (which is built upon Firefox), but with a few minor modifications to the privacy enhancing features to make them compatible with Firefox for Android and the Android operating system.

NOTE: Orfox requires Orbot app for Android to connect to the Tor network.

How to install
Step 1 – Install Orbot
Step 2 – Install Orfox
Step 3 – Open Orbot and click on browser tab

Tips
(1.) Don’t use a fingerprint to lock your phone. Use a code. Currently, there is some court precedent that rules that law enforcement can force you to unlock a device with your fingerprint, but requires a warrant for other types of lock such as password or PIN.

(2.) Also for the extra paranoid, consider getting a faraday case for your phone that you can drop it into when you don’t need it or otherwise don’t want signals going out or in.

http://www.amazon.com/Ska-Protection-Anti-tracking-Anti-spying-Function/dp/B00LJMCI7G/

NOTE: Make sure you turn on airplane mode first, or the phone will increase its transmission power to attempt to reach the network, which will drain its battery more quickly.

 

Step #2: Anonymous Email

Confidential documents leaked by Edward Snowden indicated that major email and cloud storage providers like Google, Microsoft, and others were part of the NSA’s top secret surveillance program called PRISM. And if that wasn’t enough, there have been numerous reports of companies snooping on their customers themselves.

There are lots of reasons someone may wish to send emails anonymously – to disclose sensitive information, report illegal activity, blow the whistle, carry out an extramarital affair, …

Is it possible to communicate with others online with absolute certainty that messages won’t ever be traced back to you? The short answer is “no.”

Long answer is:

“If you’ve been flagged as a high-priority target by the NSA [National Security Agency] and are under active observation,” Sanchez said, “then no, you can probably never have ‘total confidence’ that your communications won’t be traced.”
– Julian Sanchez, an attorney with the Cato Institute in Washington, D.C.

But for the rest of us, it’s definitely a possibility. With the right tools, some vigilance and a little bit of Web savvy, you can.

It’s smart to use a different email provider from your personal account if you crave anonymity – that way you’re less likely to get complacent and make a compromising mistake.

Note that you also should use an email service that supports secure sockets layer, or SSL, encryption. That’s the basic encryption used on a Web connection to prevent casual snooping, like when you’re shopping at Amazon. You’ll know it’s encrypted when you see HTTPS in the URL, instead of just HTTP. Or a lock symbol shows up on the address bar or status bar.

Usually, when you send an email it is neither private nor anonymous. Everybody can read it, and everybody can find out it was you who sent it.

If you want or need to send an email message anonymously, there are several strategies you can employ, though. Find out how to send email in anonymity with these tips, tricks, instructions and how to’s.

If you send email from a Web-based email form, your computer IP address (think of this as a way of identifying where your computer accessed the Internet) is attached to the email; so anyone with the appropriate software can retrieve this information.

Pseudonyms in email (like anonbro936@gmail.com) definitely aren’t enough, either.

Just one log-in without using Tor means your real IP address is going to get recordedand that’s enough for you to be found (if the finder can get your provider to give up some records).

Setting up that fake email account from your home might not be the best thing to do. It could still be identified as coming from your home.

Your IP address is often included in the administrative information (email headers) that is included with every email that’s sent. It’s always sent if you use a desktop email program, and it’s sometimes included with email sent using web email providers.

For many people knowing the home or business associated with an IP address is as good as identifying who sent the email.

Go somewhere else. The further away from home the better. A library across town, for example, or perhaps a coffeeshop with free WiFi.

There may be even more to email than IPs and addresses. Some email programs will include in the email headers the name of the computer on which it’s being run.

For example the name of the computer I’m typing on right now is “MERCURY”. That’s how I identify it on my local network, and a simple setting in computer properties to setup.

When I send email using my desktop email program it is possible that the name – “MERCURY” in my case – will be included in the email headers. This happens either as an association with the IP address on my local network (MERCURY is the name assigned to the machine’s local IP address), or it’s simply included as a standalone header by the email program.

Now, the name of the machine email was sent from isn’t necessarily enough to identify you by itself. But used in conjunction with other information it could be.

You might send your boss regular correspondence on a daily basis, but if as part of investigating an anonymous email he received he determines that it came from the same machine that your normal email comes from – i.e. your machine – that’s a bit of a give-away.

In fact, correlating the characteristics of one anonymous email message with an email message from a known source is a common way to narrow down, if not identify, the source of the message. Everything from nuances in the email header to your actual writing style and common spelling and typographic errors can all contribute to a so-called “anonymous” email being identified as yours.

NEVER

Never attempt to send anonymous email from your work computer. Your email will be stored on your company’s server before being anonymized and may even be archived for posterity.
Never send Microsoft documents or PDF files (you generated) if you want to remain anonymous. Information that could reveal your identity is hidden in the file.
Creating the account from any connection own by one’s close friend, family or workplace while logging in over Tor, VPN or proxy completely destroys all anonymity.

Internet Cafe
Visit an Internet cafe and use their machines. This will help disguise the IP address you use. If someone is still really intent on tracking you, they will only know that the email’s sender visited that Internet cafe. Some Internet cafes have installed security monitors that keep track of who logs on and at what time, in order to prevent the cybercafes for being used for nefarious purposes.

Send your emails through a privacy service
Send your emails through a privacy service, which can be easily found on the Internet. The privacy services strip the email of all identifying marks and characteristics, including your IP address. The best way to use one of these services involves installing software on your computer that encrypts your data before sending it to the service. These services will reveal all of the information they removed if your email itself contains a crime and is subpoenaed by authorities.

Encrypted Services

HushMail is one of the worst services one could ever recommend. Even the Tor Project said to stay away from it because they actively sell data to the US/Canadian Governments.

 

You must always use Tor

Whatever you do, though, don’t log into your primary Gmail or work account. It likely has your name all over it. That renders Tor useless and, depending on the nature of your messages, will lead to your embarrassment, termination, arrest or worse.

You should use the Tor Browser Bundle when setting up and accessing your webmail account. You must always use Tor. If you mess up just once and log into the pseudonymous account from your real IP address, chances are that your webmail provider will keep linkable records about you forever. You will also need to ensure that you do not give your webmail provider any information that is linked to your real world identity. For instance, if prompted for an email account, do not use another real account during signup; use a throwaway address instead.

Now that you have your Tor Browser up and running, use it to set up a new webmail account, ideally with a provider that you do not otherwise use. Using a separate webmail provider will help you to distinguish between your anonymous account and your regular email account.

Without both HTTPS and Tor at the time of creation and use, your account is not truly anonymous. As an added precaution, you may want to use public wifi at an Internet cafe or a library whenever you connect.

Despite there are plenty of free and feature-rich email services such as Gmail, Yahoo! Mail and Outlook offered by some well-known Internet companies, many users still feel unsafe when it comes to online privacy. Just like most of the websites and free online applications, these email services are ‘free’ simply because they generate revenue through online advertising. These days, most of the online ads are tailored made for each and every service user. To do that, web service providers would need to get as much as private information from you so that they can show you ads based on your interests, or in other words, ads that you are most likely click through.

Moreover public’s concerns over digital privacy has risen significantly, especially after Edward Snowden’s disclosure of numerous global surveillance programs run by US national security agency (NSA) and other secret agencies.

 

Forget about Gmail

Google tries to prevent people from signing up for Gmail accounts pseudonymously. If I create an acount from an open AP, and I want to use it from an other location (VPN, Tor or proxy) the account will most likely be flagged and marked for phone verification.

Of course, you could loan another’s phone or buy a prepaid SIM card, but in the moment you insert the card into your phone, the carrier logs the IMEI and SIM card and may hand it over to law enforcement. If you live in the US, it’s yet an unsettled legal question whether you have any expectation of privacy in these metadata, or if the third party doctrine means that anything held by your phone provider is free for the government to take without warrant or probable cause. If you happen to live in the European Union, providers are by law obligated to retain these data for minimum 6 months.

Google keeps logs of IP addresses for 18 months, after which they keep logs of three-quarters of the IP address. Three-quarters of an IP address may be still enough to breach your pseudonymity in the case of an FBI investigation.

 

Create a email account to use over Tor

If you like a client installed on your PC (Windows, OS X and Linux), combine your secure email account with a program called Thunderbird, which allows you to easily manage multiple email accounts.

Mozilla ThunderbirdDesktop edition

Mozilla Thunderbird – Portable edition

Thunderbird is a free email application that’s easy to set up and customize – and it’s loaded with great features. Plus, the portable version leaves no personal information behind on the machine you run it on, so you can take your email and adress book with you wherever you go.

TorBirdyAddons

This extension configures Thunderbird to make connections over the Tor anonymity network. Please visit the TorBirdy website for more information.

Please bear in mind that email accounts that have been used without Tor before offer less privacy /anonymity /weaker pseudonyms than email accounts that have always been accessed with Tor.

TorBirdy is still useful for existing accounts or real-name email addresses. For example, if you are looking for location anonymity — you travel a lot and don’t want to disclose all your locations by sending emails, TorBirdy works wonderfully!

TorBirdy works with SMTP and IMAP/POP3 but POP3 is recommended over IMAP because POP3 is a much simpler protocol and less likely to have or introduce any new sketchy features.

Before using TorBirdy
When you install TorBirdy, it modifies and adds many preferences to configure Thunderbird to be used securely over the Tor network. Please note that if you are not an advanced user, you should NOT change any setting unless you are very sure of what you are doing.

HTML email is disabled both for sending and receiving mail. This is because HTML emails are unsafe and can compromise your identity; emails you send will be in plain text and HTML emails you receive will be sanitized and converted to plain text. You cannot change this behavior. And you should not be sending HTML emails anyways!

The time is not incorrect but it is being reported in UTC (+0000) and not your local time zone. This is a side-effect of Thunderbird setting the time zone to UTC to prevent your local time zone (and thus your location) from being revealed.

TorBirdy prevents Thunderbird from automatically checking for new messages at startup and after a fixed time interval (usually ten minutes).

Please do not install random add-ons. They can harm your anonymity. We recommend that if you depend on TorBirdy for privacy that you do not install random add-ons, and if you really have to use them with Thunderbird that you do so in a different profile.

The preferences that TorBirdy changes are restored to their original values when it is uninstalled or disabled, thus restoring your Thunderbird’s state to exactly what it was prior to TorBirdy’s installation.

Setup Steps
1. Install Tor
When you want to use TorBirdy, you have to start the Tor Bundle (if it is not already running.)

2. Install the Mozilla Thunderbird
Start Thunderbird (Desktop or Portable) and go to Tools and then select Add-ons. Go to the Mozilla Add-ons page for TorBirdy.

3. Install the TorBirdy extension
Click on Install. Click on Restart Now. Now you should be ready to go, there is no further configuration required.

 

Step #3: Anonymous Website

Hosting a website that is anonymous may be needed for various reasons. Posting of views that differ with an employer, government agency or your neighborhood are just some of the reasons for an anonymous website.

Here are some tips:

Website content

Create the content for your website on your laptop. Review the content and remove any information that provides clues to your ownership of the website.
Review objects such as Microsoft Office files (PDFs) or images for meta data that may expose information revealing your identity.

Wireless Internet connection
Obtain a wireless Internet connection using your laptop at a public location like a library or fast-food restaurant. Log into your website and upload the content to your website.

Always use a wireless connection in a public location when viewing or updating your website.

Third-party services
Of course do not use Google Analytics on your anonymous website. If you use Google Analytics – even on a hosted platform like Tumblr – you should know that it’s possible to do a ‘reverse Google Analytics ID lookup’ by putting your site’s URL into services such as eWhois and Statsie to find out what other websites you’re tracking with the same Google Analytics account. This could potentially unmask you if you’re not protecting your identity on other websites you run.

For that reason, avoid using Google Analytics or any third-party service that might be used to identify you.

Also avoid any third party services that might be used to identify you. Blog using a basic theme and no add-ons, widgets, or additional third-party scripts that require registration elsewhere.

Choose a unique nickname
If you’re going to blog under an alias, make sure you’ve never used that alias for anything else. Aliases you’ve used in forums years ago have a habit of showing up in search engine results.

The security mindset
Your security is only as good as the weakest link in the chain. Making sure you don’t go around telling people (even people you trust) about what you’re doing can also go a long way towards protecting your anonymity online. There’s no point in taking steps to mask your identity online if you’re willing to give it away freely offline.

Many owners of websites that are considered anonymous provide clues online or in real life that reveal the owner of the website.

Fake details
Your one option includes registering under fake name with fake address details. That will have the risk of you losing your domain name one day if they decided to validate your personality and contact details by calling your phone or mailing to your address.

Governments, Political Parties, …
If you’re truly concerned about protecting your identity from even the most determined attackers, we recommend buying dedicated hosting and serving your site only via the Tor Network using a Tor Hidden Service. Though this will require a bit more technical know-how than a Blogger /Tumblr, it will be much more difficult for anyone to obtain your identity. Make sure you do your research if you go with this option. The hidden service is only as secure as the server /service you run behind it. So make sure your server is well configured and not leaking any private data.

 

So what do you do?

The simplest and best way – don’t register a domain or pay for hosting at all. Instead, register with a free blogging platform such as WordPress.com, who give you a subdomain when you sign up (i.e. yoursite.wordpress.com). Many human rights bloggers and campaigners choose this option because the main thing they have to worry about then is protecting their email and IP address.

Even WordPress accepts bitcoins for all services for the specific goal of promoting freedom of speech.

You can protect your IP address to a degree using a VPN whenever connecting to the Internet, or by using the Tor network. You should turn the VPN or Tor connection on before registering for any services and while using them.

Be aware that some free blog providers will delete blogs that might be deemed offensive. Read their terms and conditions before signing up and take backups of your content if it’s important to you.

 

How to create an Anonymous Website or Blog

If, for some reason, you have to register a domain and buy hosting, consider the following ways of safeguarding your information. Think about registering a domain in a country outside of your own nation’s jurisdiction and hosting your site somewhere else too.

Anonymous Website Domain Name
A website needs a domain name which must be bought and paid for through a domain registry. Most domain registries allow people to protect their identity by using a domain registration proxy. Using these proxies is not sufficient to protect identity because identifying information must still be shared with the proxy, which can be pressured to reveal it.

To prevent the domain registry from revealing their identity to anyone, political activists will simply enter pseudanonymous information. If they are really sneaky they may even enter the information of a competitor to register their domain or use an anonymous domain registrar.

Anonymous Website Payment
An important link in the chain is payment for services. Even if a pen name is provided, the person paying for the domain name could easily be tracked down by ruthless government officials by tracking down the source of payment, making an anonymous website less anonymous.

To avoid leaving an audit trail back to their own financial accounts, political journalists may pay for their domain name with a money order paid for in cash, use a prepaid credit card (which they paid cash to acquire) or pay with Bitcoins.

One of the most effective ways to protect privacy is to use cash or Bitcoin for as many transactions as possible. By taking control of the facts which are recorded, stored, archived, databased and searchable forever you greatly reduce the probability for identity theft.

Bitcoin, being one of the popular choices of anonymous online payment, is getting more and more popular in the web hosting business. However, when a web hosting service allows you to pay anonymously, it does not mean that you can put anything on your website. You are still governed by the general terms of usage, e.g. phishing, spamming, hacking, malware and etc are not allowed.

There are several companies that offer domain name registration for Bitcoins. If they send payment from a Bitcoin address that has not been published anywhere else then it will be hard to trace payments to them.

Anonymous E-Commerce
If you want to use your new domain to sell goods anonymously you will need to accept bitcoin. A good option is to set up a WordPress site using free WooCommerce for your shop. The advantage of using WooCommerce is the availability of a free plugin to accept bitcoin payments.

Anonymous Email
Domain registrars need to communicate with owners to provide information, remind them about renewals, and other things. Most of that communication is done by email.

You will have access to creating webmail accounts from your domain cPanel but we still think the better option is to use anonymous email that is separate from your domain and hosting. One possible service you can find on Tor is SIGAINT.

Anonymous Website Hosting
Another critical part of maintaining a website is a server to host the website. Is anonymous website hosting possible? Anonymous website hosting is still possible if you know where to look.

 

Why to avoid free web hosting services

A provider of any free service, not only CMS services, can close that service down any time they choose to. They will likely let you know in advance, but that doesn’t really help you. In some cases you might not even have time to redirect the backlinks to your website – you could effectively lose your entire linking campaign. That reason alone should be enough to discourage you from using free web hosting. You pay nothing, so you have no rights!

Unless you own your own web space, you have control neither over the future of your site, nor of your ability to retain your content should the free service close down.

Your blog or website could be shut down at any time without warning. Since you do not own your own web space, you also have no rights to reclaim any content lost when the service shuts down.

 

Web Hosting in United States

While the United States has most of the world’s top web hosting companies, those companies are subject to increasingly draconian anti-privacy laws.

Hosting your website within US borders could pose a serious risk to your data privacy, especially if you publish things the US government doesn’t like.

Many Internet users worldwide are ignorant of the implications of registering on certain domains.

If you have a specific domain type, it will fall under the scope of the United States jurisdiction. These domain types include:

.com,
.gov,
.net,
.edu,
.cc,
.tv,
.jobs,
.name,
.co,
.org,
.us,
.biz,
.pr,
.vi,
.as,
.gu,
.mp,
.nyc,
.mil,
… and more.

If you have an online store that satisfies the laws of your country, yet crosses the legal limits in the US, your website is seizable by the US government. Worse still, registering your domain elsewhere may just save your site, but as long as you use VeriSign, your site will still be within their grasp.

This just shows how serious they are in implementing their laws; whether you are bound by them in your country or not. For example, the online sport betting sites that are legal and extremely popular in England can now be shut down by the American government because it infringes their laws. As long as those companies make use of US-based services, they will have jurisdiction.

Quite disturbing also is the fact that your server may just determine your tax. According to a law passed in the 90’s, your company’s tax liability is governed by the location of your server.

What does VeriSign have to do with this?
The VeriSign is based in the United States, therefore, should any of the sites that use VeriSign step on the toes of the US government, they can serve a court order to VeriSign, who according to sources, will need to oblige. VeriSign manages the following domains:

.com
.gov
.net
.edu
.cc
.tv
.jobs
.name

This is a good enough reason to go for a foreign-based registrar not under any obligation to honor US court orders like VeriSign. Once the US government has decided, that ends the existence of the website, which has led to shut-down of small businesses that had a blog post that violates the US law and they are given no opportunity to amend or appeal. So, your site could be blocked, not necessarily for a product, but for just an article. Since the Public Interest Registry and VeriSign are in Virginia, This means the US government controls the .org domains.

Will this affect emails?
For privacy and online storage, many around the world have got Yahoo and Gmail accounts. Recently a banker in the US mistakenly sent some vital documents to a customer who is a Gmail account holder. And also, sent other details that could compromise the confidentiality status of the account holder. When this was reported, the bank was given a court order for Gmail to reveal personal information of the e-mail recipient and had the email address shut-down until a court hearing on the issues, restraining the innocent email address owner from accessing his account. This could cause serious ruin to him, even at the expense of error of someone else.

Is there a way to prevent this from happening?
It would be best to register domains and servers outside the US jurisdiction. Replace US based services like email services provided by US companies and VeriSign, as their government will always lay hold of whatever they are not comfortable about as far as it is on the US soil.

Posting contents that conflict with the US government or against its officials could cost the existence of your website. Regardless of your country, you can never hide, as long as your server or domain is US-based.

 

How to prevent Domain Seizures

What are Domain Seizures? A Domain Seizure is when a Government, Law Enforcement Agency, or sometimes even a Corporation pressures a Domain Registrar to give them control of a domain name. They can then redirect the domain away from the domain owner’s server(s) and redirect it to nothing, their own site, or a message of their choosing. This basically renders the website useless and it now becomes unusable for people worldwide. They can also just ask for the domain to be suspended which basically renders the domain useless and redirects it to nothing.

This is usually done under veiled threats without due process or a proper warrant or court order. If they do get a court order, it will likely be from a US or UK court which has no authority over the country where the website or owner is actually located. On rare occasions, they will go through the trouble of doing this process the correct way and getting the court order from the correct country.

Most Domain Registrars will not want the hassle of dealing with any legal trouble and won’t bother fighting any of these requests. Some registrars will suspend domains over just a few DMCA complaints, even though a lot of times DMCA notices are NOT even filed correctly by companies.

Why you should care
Basically, The US has come to the conclusion that any domain that is connected to or managed by a US entity is subject to US law and can be seized. This includes using a US based Registrar or if your domain extension is overseen by a US company such as Verisign or Afilias which oversee

.com
.net
.org
.info

… and many more. This has even started to become common with other countries, mostly those with close ties to the US such as the UK. All you have to do to see examples of this is search the Police Intellectual Property Crime Unit which has been responsible for numerous illegal domain seizures.

What the US, the UK, and other countries have failed to realize is they are NOT the world police and their laws don’t apply worldwide. They cannot just tell a website to shutdown or seize their domain just because they want to. Most of the time they do not have a court order, let alone one in the country where the website is actually based. Most of the time they are just doing the dirty work for large corporations and their interests.

What should I avoid?

Any domain extensions operated by Afilias.
Any domain extensions operated by Verisign.
All .me domains, as their operator is partnered with Afilias and GoDaddy.
Any domain extensions that are operated in or affiliated with the USA, Canada, United Kingdom, Australia, etc.
Domain extensions that have registration restrictions like needing to be located within their country. Also some care about what content is hosted such as pornography.

What should I look for?

Countries that don’t have close relations or ties to USA, Canada, United Kingdom, Australia, etc.
Sovereign Independent Countries.
Countries with high privacy rights and freedom.
Countries that don’t often align with the policies of USA, Canada, United Kingdom, Australia.
Countries that aren’t influenced by other countries or their laws.
Domain extensions that require no registration restrictions (Can be registered by anyone in the world).
Domain extensions that have had no major seizures in the past.
Domain extensions that are run either by the government they represent or a company/organization within that country.

Some outsource their extension to be managed by a company within another country or may be affiliated with another registrar. Watch for this!

Restricting adult content is very common on certain country domains. Many middle eastern countries also have this policy, so be careful when choosing domains to look at their policies.

What domain extensions do you suggest?
.af – Afghanistan
.al – Albania
.bo – Bolivia
.by – Belarus
.cd – Democratic Republic of the Congo
.ch – Switzerland
.cm – Cameroon
.cr – Costa Rica
.dj – Djibouti
.ec – Ecuador
.gd – Grenada
.ir – Iran
.is – Iceland
.kg – Kyrghyzstan
.kz – Kazakhstan
.li – Liechtenstein
.lt – Lithuania
.pk – Pakistan
.ps – Palestine
.pw – Palau
.rs – Serbia
.ru – Russia
.rw – Rwanda
.sh – Saint Helena
.sl – Siera Leone
.sr – Suriname
.su – Soviet Union
.sy – Syria
.td – Chad
.to – Tonga
.ug – Uganda
.uz – Uzbekistan
.vn – Vietnam
.ws – Samoa

 

Domain WHOIS Privacy Protection is a Must

You must get domain privacy protection! Some people fake their information when signing up for a domain, but this can be dangerous as you can have your domain suspended if ICANN or the Registrar finds out the information is fake. This can also be dangerous if their is some kind of transfer or dispute with the domain. We suggest using your real information and using a WHOIS Privacy Service. This service typically comes free as an extra feature from your Registrar. Sometimes Registrars are extra thirsty for money and will try and charge a small fee for this.

The best way to register your domains and servers would be to create an anonymous corporation in a smaller country like Seychelles or Panama and register everything through the corporation. By everything, we mean hosting, domain, SSL certificate, etc. This method is the safest for sure, but it can be very time consuming and costly. This is how the big players do it.

Just look at ThePirateBay guys and their shadowy corporation named Reservella who technically owns the site that is based in Seychelles. Here is proof that the anonymous corporation route works wonders. ThePirateBay founders just got acquitted of criminal charges due to a lack of proof of them being the ones currently running the site since it’s registered to Reservella.

 

Offshore Hosting and Server Providers

Keep in mind that all of these offshore hosts have different rules, are all over the globe with different laws, and are ideal for different things. Some don’t care about DMCA, some don’t care about bulk e-mail, some host malware/botnets (whether knowingly or unknowingly), some specialize in hosting gambling or porn, some let you sign up anonymously, some are just free speech hosts, some accept Bitcoin. They have different speeds, connectivity, prices, policies, services, etc. Do your homework and pick the right one for you.

Iceland, Switzerland, Eastern Europe, and Russia currently seem to be the most popular options for offshore hosting at the moment. Parts of Asia like Hong Kong, China, Vietnam and South/Central America have always been popular offshore locations as well. Asian and South/Central American hosts are typically pretty safe options, but their connectivity and infrastructure is usually lacking which can lead to slower speeds, higher latency, and usually higher prices.

Even if a clever political critic takes all of these measures, they are of course still subject to censorship from corrupt pressure on service providers to cut off service. The domain could be seized by government officials or the web host server could be confiscated. This is a reason to avail oneself of particular jurisdictions, like Iceland, that are extremely protective of freedom of speech and averse to censorship. The activist themselves would still be protected and they would be able to republish their information in other locations.

Even in the absence of legal action, a domain registrar, or a web hosting company can always be pressured to take information down. Offshore companies in jurisdictions that are unfriendly to the criticized government may be harder to pressure.

 

Anonymous free speech website Haven

The Netherlands and Sweden used to be safe havens, but people are leaving those places due to recent crackdowns. Most of these companies were found by doing a whois on known site’s domains and then doing a whois on the IP produced. Some sites are hiding their IP’s behind CloudFlare, but even then we can usually find them by plugging the domain into http://crimeflare.org:82/. By scanning this file for specific IP addresses or netblocks, researchers sometimes discover clues about who is hiding behind CloudFlare.

Iceland
Why host in Iceland? Because none of the elite of this World will be able to close you down. Iceland is the freeest country in the World as they have bucked the powerful money people and refused to pay the Foreign Banks for debts the Icelandic people were not responsible for.

Iceland is a member of the European Economic Area. The EEA is based on the same “four freedoms” as the European Community: the free movement of goods, persons, services, and capital among the EEA countries. Thus, the European Free Trade Association countries that are part of the EEA, including Iceland, enjoy free trade with the European Union.

Iceland has a strong data privacy policy that meets the standards laid out by the EU per the European Convention on Human Rights and the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. In general, there is also no restriction on EU countries moving their data to Iceland. However, there are country-specific data protection rules that might restrict certain applications or types of data from being moved to Iceland. Germany, for example, has very strict consumer data privacy rules that require certain types of data to stay within Germany. This is the exception rather than the norm.

Iceland is well-known for its strict data privacy laws. In addition to its excellent connectivity to both Europe and North America, Iceland’s Data Protection Act in 2000 took great measures to ensure that the government followed strict protocol to protect privacy. While Iceland has adopted the Eurozone’s privacy regulations – which are undoubtedly better than those in the United States – it has gone a step further and gotten rid of more stringent requirements to maintain data.

Your website can only be seized (legally shut down) by a court order issued in Iceland and cannot be seized (legally shut down) by the US government. The .IS domain can only be seized by a court in Iceland or by http://www.isnic.is/en/, and the .EU domain; only by a court in Europe or by http://www.eurid.eu/.

Offshore email is when a server hosting your email services is located in a country different from your domicile country. Since some countries eavesdrop on personal data, it is safe to seek offshore email hosting in countries not within the US and EU legal jurisdiction. One of such safe haven is unarguably the Iceland, which protects personal data in servers of service providers.

Orange Website
OrangeWebsite Web Hosting is Iceland based freedom of speech web hosting provider. The Owner of OrangeWebsite sees human right and freedom of speech as vital issues that should be greatly protected, the legislation of the country assures web users a safe sanctuary to make public their expressions without being harassed.

Iceland is the best country to host a website. The country, shocked by the global financial crisis, has come up with a strategy to be a truly independent voice when it comes to freedom of the press and data privacy. Iceland is not a member of the European Union and, as such, can go its own way.

OrangeWebsite benefits from this because its only presence is in Iceland; it maintains no US or EU ties that would cause it to be influenced by those governments.

The web hosting company is opposed to SOPA and PIPA and have a great track record of defending their clients against nonsense. OrangeWebsite does not hand over any data on their clients without an Icelandic court order.

Personal data of clients are strictly kept secret and is not disclosed to third parties. This information is only needed to maintain contact with customers, except otherwise with a valid Icelandic court order or similar order from Icelandic authorities. However, you will be informed about this before disclosure.

Their location gives great speeds to customers in both continents, American and Europe. Features:

Strong privacy policy & protection (They respect privacy and anonymity of their clients)
Modern freedom of speech legislation
User friendly, affordable, and private
Anonymous signing up (Only need a valid e-mail to create an account, no other personal details needed)
Privately buy domains and services with Bitcoin
Customer support: – Responsive – Professional – Polite

OrangeWebsite is really great if you want 100% privacy as you can sign up and buy things with Tor and Bitcoin and you don’t need to provide a name or anything. The company offers low cost shared servers, virtual private servers (VPS) and dedicated servers, as well as domain name registration, SSL certificates and DDoS protection. The company is top of its class!

Their server and customer service is actually based in Iceland. They don’t sub it out to India to save a few bucks, which may justify the slightly higher cost in and of itself. They also keep pretty good equipment and actually upgrade it as necessary. Plus, they are entirely “green”.

OrangeWebsite also prefers Bitcoin, although it accepts any method of payment. They don’t require anything but a valid email address, so you can remain as anonymous as you like. So long as your website does not violate Icelandic laws or their TOS, you’ll be secure with Orange Host.

 

This will not make you invisible

You are empowered with freedom of speech after you learn how to create an anonymous website or blog. Free speech and the ability to dissent is threatened by censorship that results from threats of imprisonment, violence and assassination. Those threats are less effective to prevent people from publishing on the internet when people can easily publish information completely anonymously.

Der Spiegel (a German magazine) published a series of documents made available from E. Snowden. Those documents actually stated the obvious: the technology that is community developed and open-source is the hardest to break.

Final Notes:
These are just basic tips to help you protect yourself. This will not make you invisible; if someone still wants to spy on you, they could … but they’ll actually have to work for it.

 

WARNING! This isn’t a guide to disappearing completely. This is a guide for the average Joe or Alice, who are not cybercriminals, to regain their privacy online. Learn how to actually Anonymize everything you do online.