Digital Invisibility

The latest art form, a must for everyone to master is “Digital Invisibility”. The reason for this is online survival. Learning the art of digital invisibility from the world’s most famous hacker could be to anyone’s advantage.

Hacker Kevin Mitnick is almost a legend when it comes to hacking and is best known for his high-profile arrest in 1995, Mitnick spent five years in jail for various communication and computer crimes. Once the most wanted hacker, Mitnick Security is now one of the world’s top security companies and owned by Kevin Mitnick. Here are just some of the tips on how to go invisible by someone who knows it all.

For most, the day starts by reading emails, and anyone who has a web-based email service such as Outlook 365, Gmail or others are not paranoid if they wondered who else read their mail. According to Mitnick even after an email is deleted it is not necessarily erased. There is always a copy somewhere since webmail is cloud-based allowing individuals to check their email on several devices. With Gmail use, a copy of every email sent and received is retained on multiple servers around the world at Google, which is also the case with Microsoft, AT&T, Yahoo, and Apple. Hosting companies can inspect any email sent to filter out malware, although in reality emails are accessed for several self-serving reasons. Most individuals tolerate their emails being scanned malware purposes or even advertising, still, third-parties read emails, and nothing is private, and the only solution is to make it as difficult as possible for them.

Encryption

When emails are in transit, most web-based mail services utilises encryption, while several services such as mail transfer agents do not use encryption, which leaves messages open. One of the first steps towards digital invisibility is encrypted messages.

Asymmetrical encryption is mostly used for email encryption, which uses two keys a private key remains on the sending device, and a public key is generated which is sent on the internet. The keys are different, yet both are mathematically related.

One of the most popular encryptions to use for email is (PGP) Pretty Good Privacy, the encryption is a paid version and available from Symantec Corporation, although it also offers a free OpenPGP version. Another free option is the GPG or GNU Privacy Guard, and all three mentioned encryptions are inter-operational, meaning no matter the version used, the basics remain the same.

Choosing Encryption Services

For anyone that is not in possession of the key to crack the code would depend on both the length of the encryption key as well as the mathematical operation. Encryption algorithms uses are public, vetted for weakness and whenever one of the algorithms are cracked or weak they are replaced by stronger, newer algorithms.  The management of the keys is important; it is generated by the sender when the encryption is performed by another company they could keep a keep and might be compelled to share it with government or law enforcement.

It is best to use end-to-end encryption for phone calls, text or email, which makes the message unreadable until it reaches the final destination. Only the sender and the recipient can decode the message.

Email messages that are encrypted still show a small, readable part, this is by law and started after the Snowden revelation when the US Government decided that a small part of email’s metadata will be collected, the address. The metadata is the information that shows the email IP address and the to and from addresses, while it also shows the subject line, the subject line could be more revealing and should be thought through before messages are sent. NSA is one of many agencies that collect phone, text and email metadata and since 2001 there has been a massive rise in legal data collection. Encryption is only the start, but for individuals who desire to be truly digital invisible they need to remover their true IP address, obscure their software and hardware and defend their anonymity.

Point of Connection

Individuals, IP address, is the point of connection to the internet, it indicates where internet users are down to the physical address as well as the service provider used.

Many sites take a snapshot of the software and hardware visitors to the site uses. Using your credit card at any shop is linked to your online presence afterwards, and IP addresses reveal where every individual is in the world. All the information bits are included within each email’s metadata, and all communication can be used to identify individuals based on their IP address, and other collected data. 

An IP address can be forged, or someone else’s proxy address can make an email appear to originate from a different location. A proxy can be thought of as a language translator the sender talks into the translator; it translates the message into another language ensuring that the message remains the same and if a different proxy was used the message might show that it came from North Korea when it was sent from Germany. Anonymous remailers are services that masks individuals IP addresses before forwarding the message and all correspondence then takes place via the remailer service.

Masking IP address

Another way to mask an IP address is to use TOR an onion router, designed to be used for avoiding censorships and to prevent tracking. Tor is free and when used the direct line between websites and the user is obscured by nodes, the chain of nodes changes every ten seconds. These nodes are layered almost like layers part of an onion; it makes tracking impossible since the path changes constantly. By using Tor individuals need to obtain the Firefox browser from the site, and by browsing the internet several additional sites can be searched normally not searchable, and this is called the Dark Web. Sites on the dark web could sell or offer items that could be illegal. Tor has multiple weaknesses users have no control over its exit nodes, it is very slow, and some of the nodes could be controlled by the government, and it is might still be possible to be identified.

Tor can be used to randomize individuals IP address and to create a Gmail account that is not related to the real IP address. The email address is not related to IP address provided it is only used within Tor. It is vital to remember to never do any browsing while the anonymous Gmail account is logged into as it is possible to search for something inadvertently related to the true identity, for example searching for weather could reveal the location from where it is used.   

It takes tremendous discipline to remain invisible, and during the precautions, it remains important to focus constantly on not allowing anyone or thing to identify your identity. It is challenging to remain in control and for many well worth the effort.

Another way to mask an IP address is by using VPN services, which offers encryption on all data send and received. VPN service providers have hundreds of servers placed across the globe and users can connect to any server, obtain a temporary IP address from the server and will appear to be present in that country or location.

VPNs are a payable service and offer a range of features such as group plans, killswitch, control of children services, and VPN can be used on routers, smart televisions, gaming devices desktop and mobile devices.

VPN is great for use when privacy and anonymity are needed and at the same time protects the family from hackers, although it also has its weaknesses. The VPN service providers could keep logs or records of their subscribers as well as record the real IP address and the masked address, which ultimately could be demanded by government and used to trace online activities by individuals.