How to post anywhere without being traced by cops
WARNING: DC Direct Action News is hosted free on a commercial server. They will surely give the cops IP logs, etc if they are ever asked.
We cannot protect you from this without the funds to host this site somewhere hostile to the US, the NSA, and the FBI, so if you are posting about anything “heavy,” you need to protect yourself. Only those activist sites hosted on activist controlled and programmed servers can be relied upon not to log IP addresses and not to attempt to log machine, operating system, and browser data.
This site is hosted on WordPress, which should be presumed cooperative with law enforcement. When you post a comment here concerning militant direct action or anything else you don’t want the cops to be able to prove is your work, there are several ways to do so.
History of this kind of attack on activists, and how this kind of investigation might work
It is trivially easy to find the poster of any internet story on a site that logs IP addresses, posted from a home internet connection without use of Tor or any other defense. Many arrests have come from such communications in ordinary life, but few activists are that stupid.
There has been to my knowledge one case where an ALF/ELF case was “solved” by identifying the poster of a communuque. The person involved used a library computer, but the library required student ID cards to enter. The post was traced to the library’s IP address easily enough, then all student ID’s that had entered the library around that time were read out, yielding someone they must have already suspected.
Had that poster used Tor or another proxy, the cops would not have found the library at all, and the investigation would have been over. Had the poster used wifi from outside the library or gone to a library not using ID documents, the cops would have found only the library. If the library copied all packets and sorted them by MAC address, a highly skilled computer forensics specialist might have been able to identify the poster if he had logged into something. Security camera footage would have been checked, but would have been useless if the poster was a person unknown the those doing the checking(say, from another city), or was in disguise. There was a known case of a right-wing militiaman being caught based on security camera footage after always posting communiques from the same Kinkos without Tor or other proxies. Had he used a different wifi access point each time, or been in disguise he would probably still not have been caught.
Counterforensics methods and tactics for Intenet posting:
The importance of HTTPS for all the methods listed below:
HTTPS encrypts your outgoing and returning data. With https, the ISP, wifi access point, etc you are using and anyone watching them doesn’t get a local copy of your work.
Snowden says even the NSA can’t crack HTTPS.
1: Tor, Torbrowser, and Tails:
Tor is now easy to get working. Go to and download the Tor browser bundle that matches your operating system (which should never be Windows or Apple!) Follow the instructions to extract the folder inside to your desktop or somewhere else and click on the “start-tor-browser” script to run it. Torbrowser will take a while to start, but will come up and will block any ISP from logging anything you do for the cops, the FBI, or NSA by themselves. Local investigations without top-level NSA support will go nowhere.
WARNING: Do not rely on Tor to protect your home Internet service while communicating with a server that is being watched (like this one). This is the first layer of your defense, not the only layer.
For anyone to defeat Tor outright and only have to watch the destination server, that would require watching all Tor exit nodes at once, something even the NSA cannot do. This is because many Tor exit nodes are located in countries hostile to each other. As a result, Tor effectively protects communications where at least one of the IP addresses involved cannot be guessed in advance.
On the other hand, Tor is not designed to protect against a “confirmation attack” in which an attacker already knows which IP addresses to watch. If they are watching “ and watching your ISP at the same time, they need only execute a “timing attack” by watching exactly how many bits enter and emerge from the Tor network at exactly the same time.
Of course, if you go to a coffeeshop to use Tor, now they have to guess which coffeeshop to watch at the exact same time they are watching the target server on the other end. If you use that coffeeshop once only, this is even harder. Based on the fact that the FBI bothered to write CIPAV (see below), it may be impossible using only data they will admit in court to having.
Tor can protect you from being snitched on by your Google Search History, even at home
Using Tor for every Google search at home is a great idea. This way Google doesnt get your “Google search history” by IP address. Torbrowser also has the “ssl everywhere” extension to encrypt your packets in transit.
Snowden has claimed or implied that SSL has not been broken by the NSA, so Google searched by SSL over Tor only tells the NSA you are going to Google, not what you are doing. Google in turn knows only your search came from that Tor exit node, along with all the others from that same exit node. The NSA doesn’t know what you searched for, Google doesn’t know who you are, so nobody has your search history. This is possibly the single best use of Tor from your home computer: to protect every single use of Google search.
Torbutton/Torbrowser update: According to the Electronic Freedom Foundation, Torbutton (as used in Torbrowser) “standardizes” a lot of browser data, greatly weakening browser fingerprinting. This might make a common piece of hardware like a popular netbook impossible to prove is yours, but don’t rely on this to keep you out of jail until more is known. Instead, use it as one part of a layered defense.
FBI/ CIPAV WARNING concerning Tor: There have been cases where the FBI was totally unable to get past Tor or other proxies by normal means. These cases all concerned repeated communications consistant with oneanother, believed to be from the same user. In one reported case, a social networking page was used, and the FBI posted a malicious link where the administrator was sure to see it. It contained a Windows virus called “CIPAV” or Computer Internet Protocal Address Verifier.” When downloaded and run on a Windows machine, it sent all hardware information plus logs of IP addresses contacted (going around Tor or other proxies) to an FBI controlled server. It is UNKNOWN if the FBI has ever been able to port CIPAV to Linux, but considered unlikely by security experts.
As a result, for any posting where a person might be arrested because of the post, only an operating system that is a new install each time, meaning a live disk/USB stick, can now be totally trusted. To use Tor with a live install, go to and download a “Tails” disk image. Burn it to a DVD or install it onto a Flash drive, and reboot with that drive for each separate secure communication. Even if they got CIPAV onto your computer, it’s not on TAILS and isn’t running.
Needless to say, if the FBI and NSA had had much success in using confirmation attacks against Tor by watching all coffeeshops and libraries, they would not have bothered to write CIPAV. That says something about the real world effectiveness of Tor, about the unwillingness of the NSA to appear in court and be cross-examined (required to use their data for warrants and prosecutions) or both.
2: Free public wireless access points.
You MUST use Internet access that is not connected to your name or address, even when using Tor, if you or another person could be arrested for what you are posting. It may be watched, but the watchers won’t know to correlate a random coffeeshop with a one-time post to a previously chosen target website.
Free wifi access is offered at some coffee shops, libraries, and even some fast food restaurants. A post from these cannot be traced past the wireless access point.
Assume the wifi access point copies your transmitted data, data coming back, and your mac address. With https, they get gibberish for the data.
If you are posting anything “arrestable” do not open your email or log into anything, Those logs the wifi access point or anyone watching it might keep must contain nothing but the post, and you should clear the scene immediately if it concerns anything that could be construed as a felony. HTTPS on everything reduces this danger, but it is a totally unnecessary risk. Never bet your freedom on technology when you don’t have to!
Your MAC address (wireless card ID number) is presumed to be logged, but doesn’t generate suspects unless you are later arrested with that computer. Your MAC address can be changed, or a throwaway USB wireless card can be used. Always assume that the original wireless card on any machine on which Windows was ever activated was logged by Microsoft and available to the cops, never use that wireless card without “spoofing” the MAC address. A program called “macchanger” can be installed in Ubuntu, Mint, etc to make changing your MAC address easy. Learn to do it every time for practice!
Seek visual cover from indoor and outdoor security cameras if possible-especially if NOT using Tor
If you can find a place outdoors that is visually concealed from cameras owned by the target wireless access point, yet within range of a good quality wireless card, use it!
Consider using a “Pringles Can antenna” to extend your range and access a coffeeshop’s WiFi from the bushes out back, so there is no security camera footage at all. With this and a changed MAC address, you can do things that Tor makes difficult like uploading videos. Even if cops do show up, there’s no evidence other than whatever the wifi server copied from your work and the (spoofed) MAC address. If you used Tor as well, they get nothing at all.
When working inside and not behind visual cover, it’s possible a camera inside could capture your face. Even more important, don’t use a credit card, debit card, checks, etc for anything while inside, and be sure to go somewhere the local cops won’t recognize you.
In fact, don’t use credit cards, debit cards, or ID within several blocks of the access point (urban) or several miles (suburban/rural).
3: Prepaid wireless: This is expensive for a “burn phone” connection, but if and only if done right can be very safe.
The best thing about this is you can now access the Internet from deep in the woods, miles from security cameras, so long as a cellphone connection is available and you can get out faster than the cops can read the post, call the cell company, and travel to the site. Tor still works for this, and can hide the cell provider from anyone watching the destination website. That can buy you days or weeks to hike out, maybe forever.
Find a prepaid provider that does not require ID to buy the hardware or set up the account. Become familiar with setting up their accounts, perhaps by setting up a “practice” account for someone wanting cellular Internet access. You must be able to activate your device without calling tech support. You will probably have to fill in a name at activation online, give a fake one and no real information of any kind. Presume the cell provider logs everything by GPS, make sure this information is useless! Don’t use T-mobile if you need to use a site that might be censored by “web guard” which you can’t turn off without ID.
Now that you have a device you already know how to activate, find a private place free of security cameras, like a spot in the woods within range of cell towers, to set it up. Activate, and remove the battery unless you are going to do your secure work immediately.
Treat this device like a cell phone, keep the battery out when not in use due to the presence of GPS and tracking software. If you want to use it for a “burn connection” never use it or turn it on at home, or the GPS makes it the same as using your cable Internet connection. Keep the battery out, do not trust the electronic switch. Use it and get rid of it.
You can cache the device in a really good hiding place (like a sealed PVC pipe buried on public land) if you are running a press office for an underground organization and all your posts are tied together anyway. Be sure to wipe your fingerprints off it. Otherwise, remember: Each post made with the device should be presumed tied to all other Internet content originating in the same device by a standard good enough for a courtroom. Consider a netbook computer (Linux only!) used for this purpose only as well, also stored in a secure off-site cache.
For really important shit, remember: You bought a $100 device and $50 worth of minutes at most. It is cheaper to smash it with a hammer and throw it in the trash than it is to pay $500 for the first hour of a lawyer’s time.
4: Public access computers:
There are still a few public access computers left that do not require logging in with identity information. Security cameras are a danger here, but browser fingerprinting, etc are not. If the poster is a person not known to the police, uses the computer for nothing else, and does not return they may be impossible to find.
Bring any content in by flash drive, destroy the flash drive afterwards as these machines all use MS Windows. If you can, turn off history and clear cookies afterwards. Make SURE you do nothing else on the chosen machine and all others on the same network within 6 months of so before or after. In particular don’t check email or any other postings-do your secure task, do only that task, clean up, wipe your fingerprints and leave!
Never use a public computer you have to log onto with a library card or any kind of ID documents, or in a lcation you have to present ID to enter, as said before someone was once convicted of an ALF/ELF action based on having swiped a university ID to enter a library from with a claim of responsability originated. This was logged and the information presented to the cops and the courts.
Instead, go where local cops won’t recognize your face on grainy, low-quality security camera footage, post your work, wipe your fingerprints, leave immediately. A Kinkos card bought with cash, used once, and then destroyed will leave no records other than any local copies of your work (on the machine) or security camera footage. Interestingly, all Kinko’s outlets in DC shut these machines down, going credit-card only, for one day on Sep 11, 2002.
Note concerning public computers for Youtube posting: Youtube/Google may refuse to make an account for you from the library’s network, as more than 5 accounts will surely have already been made from it. They will demand “sms verification,” meaning they demand a phone number and replying to a text message to activate the account. It is better to refuse this and not do business with Google, but if you must use Youtube, you will need a “burn phone,” which is a prepaid phone bought with cash, no discount cards, no credit cards, no ID, and no personal information. You can make up to 5 Youtube/Google accounts with the phone number,activate them with the text messages from Google, then wipe your prints from the phone and sell it in the street or destroy it. Needless to say, each account is linked to all the others by a standard usable in court. Be sure to never, ever leave the battery in the phone when not in a place you can afford to have the phone tracked to. Google probably figures a spammer needing 1,000 Youtube accounts can’t afford to buy 200 burn phones.