Without leaving traces behind. What options are there exactly? Do I have any options on the normal web or do I have to start considering the deep web? It’s super important for me that the domain doesn’t lead back to me, so I need an option that doesn't leave breadcrumbs.
Nothing on a network is untraceable, everything leaves breadcrumbs.
The question is just how many layers and how long of a trail do you need to leave to make it not worth the time and resources to find you.
The fact you don't understand the inherent strcture and purpose of a network means I think you should rethink whatever you are planning as you will have a hard time obfuscating an environment you don't understand.
Im not a networking guy, nor am I security guy, but if you make the trail too long and too difficult to crack dont you end up with people who are 'drawn to the challenge and mystery'?
If nobody is drawn to look in the first place, you won't have this issue.
The fact something illegal is happening usually prompts law enforcement to check out a site as part of an investigation. Depending on your location and crime depends on what agency and what extent they search.
(In US) for example, If you are laundering money you have the secret service which is a very tenacious but focused agency (which is why many dark marketplaces shy away from this service) but if you're selling drugs it's the FBI which may focus more on low hanging fruit or high impact cases due to a wide breadth and workload
As far as independent operators, they are usually looking for vulnerabilities not suspicious activities. Until government agencies start paying bounties for crimes (Which on a tangent, I am in support of but will likely not happen as it drastic reduces opportunity for collusion and corruption) it is unlikely some vigilante is going to track you down and dox you.
Yeah fair enough, I never thought of it like that (and I guess my main vector of knowledge on the subject is scifi and action movie vigilantism)
I'm not sure i fully agree with this "nothing is untraceable" statement. It seems like most dark web take downs come from shitty opsec. I understand there may be unknown exploits and new techniques developed that can de-anonymize you, but the FBI only took down the silk road because and IRS agent noticed a gmail being used in automated letter on the website, they had no way of tracing ownership on that website.
Primitively, A network is a series of connected endpoints. Lines and dots. You can put as many lines and dots in between you and your destination but you'll always have an ingress.
That always opens the possibility of being traced no matter what, even your hiding behind currently unbroken encryptions or new technology. It will be broken or circumvented eventually.
OpSec is going to be the downfall 90% of the time, NOBODY has perfect opsec and it costs less resources and time to attack from this vector.
Your analogy does not account for the fact that a network is dynamic unlike a graph. So I could argue that there may exist a network that “self destructs” if it detects someone is trying to follow some path that should not be followed.
Not that such a network is common in practice or that anyone uses it. I am just saying that people may be able to come up with a system that is practically untraceable.
A network is not a physical thing in respect to tracing, it is a snapshot in time with an ingress and an egress on two or more endpoints.
I do not agree with you but I can respect your view. Everyone will have to do their own risk analysis and form their own conclusion.
I see. This is a good point.
I guess the assumption that I am making is that it would take more time to traverse the network than to send a message on it and cover your tracks.
There is a possibility that this is not true, so you are right.
I'm just speculating. I see your point especially when there's a vulnerability you can't possibly know about. I would still say maybe you can potentially create an untraceable service. but when you attract state actors the likelihood of staying anonymous goes down. I guess you are more likely to be traced the longer you are online, specifically with opsec, with the potential for something to be traced after you've stopped. With the single Ingress point, someone would have to have a reason to think you are using a hidden service and actively try to compromise you or your connection, or somehow man in the middle. which would mean you are already a suspect and they might already have a reason to believe you are the owner of the traffic they are after. I also understand there are techniques that could potentially de-anonyize tor services, and someday key pairs may be cracked years in the future with new technology, but for something like tor or i2p they can't just crack one private key or one DH key exchange on a quantum computer.
Tor is a solid option, but you could also consider decentralized name services. Ethereum and Everscale both have their own. ENS and Evername. But if you’re not super educated on decentralized tech, you could just stick with Tor (onion domains)
Unstoppable domains are better. Once you purchase it, you can mint it like an nft and move it into an anonymous wallet. ENS domains can only be rented, just like godaddy domains
They have some hilarious correspondence with law enforcement agencies on their Blog too!
I find some of this correspondence rather irritating and distasteful and not hilarious. Like, are they making fun of Indian people with that elephant thingy and the bad English? Same pattern with the Ukraine one. Seems they have a shitty attitude.
[deleted]
That is some first-rate trolling.
I died laughing too. I laughed so hard! I'm donating money to those guys!
ACAB!
You could use onion share
[deleted]
I use this combo and second the recommendation. The only downside is that with Orange you get privacy at the expense of server space.
https://kycnot.me/
[removed]
Yes, I have used NiceVPS, Silent.Link, AgoraDesk, SideShift, Kyun and some more.. The website is legit, just make sure that the services listed there are marked as verified!
Obtaining a domain under a false identity is not difficult (provided you're OK with potentially losing it if there is a dispute that causes the registrar to demand an ID verification). But what are you planning to do with the domain? For example, web hosting without leaving a trace is much trickier, and it also opens you up to abuse reports.
Everything leaves breadcrumbs and more and more people who thought they'd covered all thier bases are getting caught. What works today, may not work tomorrow...and you won;t know your strategy has been comprimised, until you are caught.
I highly recommend against this as a way to publish anything online that you don't want to lead back to you.
Grab a .to (minimal whois record), throwaway email address, pay in crypto.
Can do all of the above at place like easyDNS
Not doing anything illegal but I’ve got a friend who wants to create a adult themed website to sell products but he doesn’t want it traced back to himself due to his career, I told him using a dual llc setup should work where one holds the other and use a state with good business privacy laws should work?
USB stick with Tails OS?
There are so many ways that I could write a book about it. Which means NO ONE on Reddit will be able to provide you with the full proof guide. Oh, and that "book" will be outdated in a few years.
Good luck OP, you're better off going down the rabbit hole of learning this and trying your best.
Finally someone talking some sense!
Namecheap & crypto payment
Namecheap asks for registrant info: Source: I have registered two .xyz and one .world domain myself.
I use fake details always. Why use your own name...
[deleted]
Again…fake info.
[deleted]
Correct, but two points:
[deleted]
You don’t use a random real number that someone might have lol you use a fake number that doesn’t exist (or get creative…there are other ways to handle this)
Literally every registrar is required to ask. You don’t have to provide real info (at risk of losing the domain).
Dumb question here, are there anonymous cloud providers ?
I’m not a security buff at all, but my main concern would be why you would need something like this…
Maybe they just like privacy, maybe they've got a crazy ex stalking them who has mad tech skills...
[deleted]
Crypto is traceable without a shuffle service.
Anonymously is an optimistic view, especially considering you bought it on the clear net.
This is fine for most privacy concerns but I would not be doing anything high risk or illegal on one of these domains.
On top of your Tor you can never use your normal stuff.
I spent a few days down a YouTube rabbit hole on how they caught various criminals. One guy was using Tor inside a virtual machine and logged into his normal Gmail account, once, and that was enough. Another sent a bomb threat using his schools WiFi. They couldn't use the WiFi to get any information on what he sent because it was forwarded and encrypted. But they could prove that he sent something at the exact same time and packet size as when they received the email, and that was good enough for a conviction.
I am not a computer security guy but my main take away was it's more about how bad and how many resources "they" want to find you.
In case anyone else comes along and sees this, I just want to clarify that in the cases mentioned, it’s correct these mistakes were “enough” to arouse police suspicion, but they were not enough “for a conviction” as the commenter states. For instance, the person who sent the bomb threat literally confessed when asked about it by police. If he’d kept his mouth shut, they probably could not have gotten a conviction.
Reminder to not talk to the police. If there asking something from you it’s because they need it.
*they're
Hi, what YouTube video did they discuss catching cyber crims? Sounds really interesting. You'd think Tor + VM would be secure, but the human element always allows for vulnerability.
I was just randomly jumping between links. I watched 4-6 hrs worth of videos in total... Most of which I didn't understand, but it was a fun dive.
But in that case they must have used a compromised end node, right?
i remember the second example, actually.
that guy wanted to get out of a final exam. (i.e. dipshit)
he got caught because he used tor on the school's network, was the only person on the network using tor at the time, and was a student in the class with the bomb threat.
they didn't do anything to break tor, but used the metadata, basically.
likewise, if you're using tor and log into Gmail on the same circuit at the same time, they can connect your exit IP address.
Tor is great but you need opsec as well.
p.s. the grugq has a lot of good stuff on that topic.