What is the risk of my activity being traced by using public hotspots? I have never had any problem but I can imagine scenarios where they correlate surveilance video with time logs. And then coming and seizing me computer and matching the MAC address of my wifi card to the time log from the hotspot. Maybe it would be a good idea to use a phony MAC address for my wi-fi card. Really what I am looking for is whether or not this offers more anonymity than using TOR, since you would be completely seperated from your ISP account, or if using TOR thru a public hotspot would be even better
You're asking a few different things here. Let me see if I can help break it down. What the government/police/intelligence are mainly working with is a lot of things, but that big news this summer was about data mining, which is passive surveillance, and it's over all the telecoms at the DNS level and top tier domains. They will be able to collect your data through the same methods whether you are at home or at a coffee shop. That said, data mining is really easy to beat through encryption. Tor and VPN's, as well as TSL (when it says https offer encryption, and strong encryption is solid. There are other ways to try and get more information, but that broad net information gathering isn't possible. Your MAC address is assigned to your network card, and changing it is as easy for me as typing 'sudo macchanger ff:ff:ff:ff:ff:ff:ff:ff" That said, it doesn't matter, mac address are for layer 2 communication and do not cross the internet. Ever. It is likely that people who host public wifi networks keep records of the hosts which connect to them, so the Starbucks or whatever could keep that information, but it's not transmitted, and it's easily changed. Go ahead and change it, but not going to be a big deal. What does keep records of where you go, especially if you're a windows user, are several forensics that your computer keeps on you, your browser footprints the operating system, version, tons of long term tracking objects and cookies which make you easy to id, for marketers and for intelligence agencies. http://whatsmyuseragent.com/ If one really needed strong anonymity, one should use a virtual machine or a usb flash drive operating system from a public location, and use strong encryption. Tor and VPN's both have advantages and disadvantages. A stronger option exists also. Realistically, you likely don't even need anything more anonymous as that, just keep a low profile.
Yes, but wouldn't the mac address of a device be kept in a connections log, as well as the time somewhere on the device you connected to when you you joined the hotspot network. If they could link you to the hotspot in any other way at that time and they they could seize the computer and link the wifi cards mac address to the connection logs and your pretty much busted they wouldn't even need to know you're real IP address and it wouldn't even have to be brought up in court by the prosecuters. They saw you in the coffee shop with a laptop during the time when the connection was made by your MAC address. At this point it could have been anyone else in the shop making that connection. But since they know that MAC address goes to your wifi card I think it is best to use every mean you can to remain anonymous. Obviously the best way would be to hack a WEP network with a fake MAC that you would use for only that session, they when you get the key log on using a different MAC. You can even choose MACs from a certain vendor so it really looks like a legit MAC address. But you go to a coffee shop across town to do whatever work you're doing. Just hack any network in the area to use to do what you need to do. Some networks should be avoided tho, there's a lot of honey pots out there. I wouldn't trust any thing that looks suspicious but sometimes you can just tell its sketchy. Try not to make too many patterns in what you do. I don't see any way they could trace that one session back to you. Opinions?
Yeah, the router does log the MAC address, and then assigns it an address. Your router does that too of course. It is possible that if there was an investigation on you, whoever could coerce the coffee shop to give up logs, and then corroborate the logs with the ports the requests came from, and then get lists from hardware suppliers and see if that was registered somewhere. It is possible, and better safe than sorry like you said. But that's a lot of things to have to tie together, even if you have the intelligence capacity of a nation state. My point was that it's much easier to identify someone through code (javascript, flash, cookies, LTR's, malware, useragent) then through hardware. I'll pm ya.
So, basically your saying that it's technically possible but would require a huge investigation and you would have to be some seriously hardcore criminal mastermind before you'd need to start worrying about all that? I hope so. You only hear about shit like that in cases that are really high profile and it usually takes a very long time to build a case like that.
Well the tech industry does collaborate with the NSA so I wouldn't say huge investigation, but yes that would require active investigation. Hardware Addressing are layer two protocols which do not transmit via the web.
I don't want the gov't doing data mining on me or hackers stealing my credit card info so I use a VPN service and have for almost two years. It all started when I downloaded some porn and my gf at the time said a few weeks later to stop downloading porn or the isp is going to suspend service. They even had the title of it in the letter. I mean really, is nothing sacred anymore? Can't a man just download some porn in peace?
This Washington post article digs in a little deeper at what I was hinting about cookie preferences. http://www.washingtonpost.com/blogs...ogle-cookies-to-pinpoint-targets-for-hacking/
^it can still be avoided...as you know mostly by being very fucking careful. you gotta really fucking pay attention to what you're doing, maybe getting a whole new session and even a completely different connection for each "thing" of the internet. It's probably nearly impossible or at least painfully infeasible to stay completely anonymous for "casual" web browsing but for some real serious shit it's gotta be approached with utmost caution. A non-persistent OS might be a good idea in some cases.
