this post was submitted on 19 Jul 2024
30 points (94.1% liked)

Privacy

31939 readers
675 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

If I log in to my account that includes my name, will my previously anonymous device now be associated with my account? What if I do the same in TailsOS?

top 13 comments
sorted by: hot top controversial new old
[–] [email protected] 33 points 3 months ago

Yes. That's how a bunch of people get caught. Sometimes it's just logging into an "anonymous" account that shares a username with a trackable/traceable network.

Never log into anything if you're expecting privacy.

[–] [email protected] 14 points 3 months ago* (last edited 3 months ago) (1 children)

A couple things will happen. Regardless of how you access tor (Tor browser bundle, tails, whonix, etc)

Your social media account will be associated as a Tor user.

Any cookies associated with the session, any browser fingerprinting, the browser, that you logged in via tor will now be tied to your social media identity. So if you look up a recipe for lemon meringue pie, and then in the same browser log into your social media account, even though it's via TOR, someone will be able to say this social media user looked up a recipe for lemon meringue pie

Many social media accounts, will flag the account as high risk now, and require you to do extensive verification of your identity. This is honestly a good thing, to prevent people from attacking your account

What you're describing, is very much like cutting out magazine letters, dropping a letter into the mail from a random city, and then in the letter identifying who you are with your full name and address. You can do it, but what's the point?

It's up to you, if this fits your threat model, the EFF has some good guides, privacy guides also have some good guides, you need to decide how you want to use the internet.

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago) (1 children)

What if I turn off my browser or restart my device afterwards? Is it too late, even on TailsOS/Whonix?

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago) (1 children)

A lot of that depends on your architecture and how you use your systems.

Nothing will keep your activities separated if you do two things in the same session. Depending on your browser you could persist cookies across sessions, or browser plugins, or just a outdated version of whonix could be enough to link accounts

What is your objective in your use case?

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago) (1 children)

My objective is to make my actual personal identity not be traced across the web to the many accounts I have made on sites where I chose not to give any personal info.

If I open Facebook under my own name, then log into lemmy, I do not want my own identity to be linked with my lemmy account. I know I will be tracked if I do both in the same session or via my browsing history/cookies on the same browser. But what can I do to seperate the link between them?

Is using another browser/rebooting enough? Should I change my Tor connections? Or do I have to use TailsOS on a USB where I restart the PC before logging in to different accounts?

I want to know how much is just enough so my two accounts/identities don't get linked.

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago) (1 children)

ok, let me restate - You want to use TWO social media services at the same time without them being linked to each other and yourself. Fair enough.

Some methods:

  1. Qubes - Setup a VPN netvm, to a different VPN, for a VM tied to each social media account. This ensures your network paths, cookies, browsers never cross
  2. SPN Is interesting, each site would have its own circuit, then you use independent browsers for each account. This is more experimental, but a interesting option, not as guaranteed as Qubes.
  3. Run your own VMs, one per identity, with their own TOR connections, and their own VPNs on whatever computer you normally use (you could use the VMs for whonix or whatever); Just don't cross contaminate the TOR circuits
  • Whatever you do, only one account/identity per setup, never mix! Never re-use.
  • These types of setups are vulnerable to timing information (you turn on the computer and connect to the same 2 social media accounts at the same time, and turn off the computer and disconnect at the same time, every day for example)
[–] [email protected] 4 points 3 months ago (2 children)

Holy shit, How fast do you type? And your explainations are so detailed, thanks a lot!

Is running two different operating systems on different VPNs and different devices also good enough?

Is using one service on the clearnet normally and the other service later after rebooting with TailsOS also a viable option?

Also, QubesOS seems like the perfect solution for me, thank you for the suggestion.

[–] [email protected] 5 points 3 months ago

good enough?

That is such a problematic statement, depends on your threat model, how much effort they are willing to spend to identify you. Honestly, truly, read the EFF guides, and privacy guides to help you establish your threat models.

Any two online identities that use different, and consistent paths, without cross contamination will be sufficient for social media like having two facebook accounts so one for friends and family and one for your alternative lifestyle without cross contamination.

Qubes is great, I recommend you play with it.

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

One more option I forgot to mention, if you're not really worried about your security, this is more of a nice to have:

Some VPN software like mullvad browser extension Will let you set site specific VPN exit points. So you could have multiple profiles of Firefox or even Chrome running, each with the browser extension, each specifying different VPN exit points. I wouldn't consider this high security, but for having two social media accounts coming from two IP addresses with separate browsers and separate cookies this will work

Under the hood, it just uses different socks proxy servers that known IP addresses, so you could set it up without using the extension, but the extension makes it really easy

[–] [email protected] 12 points 3 months ago (1 children)

What social media are we talking? I access Lemmy through Tor every now and them. As for more intrusive social media (like Facebook and Instagram), they’ll try to associate your IP to your profile. So, they would be suspicious of continuously changing IPs, and ask for more verification (even more intrusive), or just ban you from their services. Also, they can easily know if the request is made from a tor node (try opening https://www.dan.me.uk/tornodes from a tor IP).

However, if I were to even ignore you accessing their service via a tor IP, it is still not private. Facebook, for instance, is very adamant on users providing their actual info. I tried opening a facebook account on multiple occasions, both with fake and partial information, and always got banned from their service. I have completely stopped trying now.

Let’s say you already have an account, and you are accessing the service through Tor (without them blocking or banning you somehow). It would still be a bad idea privacy-wise, because all your user activity is still being tracked, and linked to your profile (which might have your real info). So, you are still being extensively profiled, and your data would still be used for “improving their services and the user experience”.

So, unfortunately, the only thing to do is not provide them with more data points to track you, i.e. avoid intrusive social media altogether or move to social media which collect less data.

[–] [email protected] 3 points 3 months ago* (last edited 3 months ago) (1 children)

So, unfortunately, the only thing to do is not provide them with more data points to track you, i.e. avoid intrusive social media altogether or move to social media which collect less data.

Yeah... That's not very possible. 95% of people use Facebook/Instagram/Snapchat and these are the only ways to contact them. I'm ok with using these intrusive services for a few minutes at a time to contact people. However, I absolutely do not want facebook to know that me and @[email protected] are the exact same person.

[–] [email protected] 3 points 3 months ago

Then, to minimize the harm, be cautious of (third-party) cookies (reject them all) and may be use a different browser/session for Facebook.

[–] [email protected] 2 points 3 months ago

if you log into mainstream SM with your account then all previous and future things you do on that system will be linked to you on their end in some way.