Back to thoughts
At its peak, AlphaBay was 10x larger than Silk Road ever was. As a darknet marketplace that was, on a daily basis, facilitating the sale of $700,000 worth of drugs, guns, and other illegal items, it attracted the attention of a certain three-letter government agency, as you can imagine.
The FBI tried hard to find the owner of AlphaBay and lock him up. With the site being on the darknet, there wasn’t much that the feds could do to find the owner — as by design. They spent several years working on this case until they finally found a lead. The story continues with involvement from large corporations, the Canadian and Thai governments, and a coordinated raid on a villa in Thailand. After the raid, 25-year-old Alex Cazes’ was put in the back of a police car and put behind bars. They seized his computer, cars, house and interrogated his wife. With his knowledge of computer security, Alex managed to run one of the most powerful drug cartels from his laptop. But alas, his knowledge wasn’t enough: the feds got him and locked him up. Alex killed himself a few days after the arrest.
Do you want to guess how they got him?
He left his email address in the “from” field of the welcome email you receive when signing up for AlphaBay. Microsoft, who owns Hotmail, happily gave Alex’s information to the FBI, and the rest is history.
A few weeks ago, I decided to download a dating app. After some mindless swiping, I came across this one profile that had an Instagram username in its bio. Let’s call her Mary. Mary put it there, I presume, for people to look her up and follow her. Curious, I Googled her username, and sure enough, her Instagram popped up with a myriad of publicly-available photos on display. This isn’t uncommon — plenty of people like showing off their pictures to the world.
Back on the Google results page, though, I noticed something else: a Reddit account with the same username (a quick scan of the post and comment history confirmed it was her). There was a lot of information on her account: income, work history, medications, hopes, dreams, fears, insecurities, beliefs — definitely things that most people would try to keep anonymous when posting online. I could’ve learned more about her from that Reddit account than weeks of talking to her. It was bizarre.
Alex made a mistake. Looking at the culprit for his demise, it’s easy to think, “How could this big-shot hacker-man make such a silly mistake?” Who knows. Maybe he never even found how the FBI ended up catching him. I’m sure he would think the same thing if it happened to someone else. But despite all the steps he took to protect his identity, a simple slip-up ended everything.
Mary also made a mistake… or did she? Maybe she doesn’t care; maybe she’s okay with all that information being out in the wild; perhaps it doesn’t even matter. Sure, a “bad guy” could use that info and blackmail her, but what’re the chances of that happening? Plus, with so much information already available online, would anyone even care what type of medications Mary from Syracuse is on? Probably not.
Anonymity is a tricky thing. It’s helpful to think of it as a spectrum instead of a black and white “status.” On one end, you can share anything you want. Like this:
- Use firstName_lastName_dobYr as your username on all websites
- Make your Twitter, Instagram, Facebook, and LinkedIn accounts all public
- Run a blog sharing all your ideas and thoughts with the world
- Freely share your phone number, email, and address with any website
- Use Google with Chrome and have search history ON
- Post regularly on your social media accounts, and make sure you tag everything with a location
To some, this sounds jarring, but the reality is that this is most people. They don’t give a fuck. And for the most part, they’ll be completely fine. No one is going to track them down, no one is going to blackmail them, and no one is going to steal their identity. They’ll live a long and happy life and die surrounded by their family — and their data will exist on the Internet for decades to come.
Now, if you want to be on the other side of the spectrum:
- Only use Tor
- Always use a VPN
- Never use Google — only DuckDuckGo
- Never use your real name anywhere unless required by something serious like tax returns
- No social media, no LinkedIn, and no account that has a public-facing profile
- Watch all incoming and outgoing network calls regularly and scan for abnormalities
- Encrypt your laptop and any external drives
- Don’t buy domain names
- End-to-end encrypted communication only
- Don’t use Gmail — use ProtonMail
- Never pay with cards. Use cryptocurrencies. If you must use a card, buy a non-reloadable VISA gift card
- Make a developer account on Twilio and buy a number from them. Use this whenever a phone number is required online
- Turn off all location services from your laptop and phone
- Don’t use macOS or Windows — only Linux
- Don’t post pictures of yourself online
- Move to Brazil and live in the rainforest
I don’t recommend being on either extreme of this spectrum. You should probably be careful if you run a massive darknet marketplace, but that’s not most people. Ultimately, anonymity comes down to one thing: Control. You should educate yourself on data privacy and make sure that you know what data you’re sharing and what is possibly out there. For example, did you know that when you send a photo on iMessage, the chances are that the location of that photo is in the metadata? All you have to do is save that photo and swipe up. Now, you have the exact geolocation, the capture time, and the camera type. Or that plenty of you have a profile on Whitepages with your phone number and address freely available?
Once you have all of that figured out, go on about your life and share whatever you’re comfortable sharing. As long as you feel in control, your anonymity status doesn’t really matter.