Disappear Here – Alec Harris
Now that we have the what and the why out of the way, let’s talk about the how. First, there are a few tools about which I’ll elaborate in the paragraphs below but will call out here for reference. Second, this is meant to be a high level, quasi-entertaining description of the process. If you want to get granular you are welcome to come to my house and discuss in person.
Ok, so, to disappear you’ll need a healthy dose of paranoia and at least the following:
· Bitcoin
· Monero
· Privacy.com
· Blur
· Burner phone numbers (thanks to Halo Privacy for providing mine among other privacy tools)
· Paid Protonmail account (fresh account)
· Password manager
· Firefox Browser/Firefox Focus for mobile
· Privacy savvy lawyer (someone with an asset protection background will be ideal)
· 3rd Party VPN (I use Mullvad paid for with cryptocurrency)
· A privacy-minded bank (Probably a big bank’s private banking group or a smaller bank)
· Commercial Mail Relay Address (CMRAs like UPS Stores are great)
· A pseudonym
· Extreme Privacy by Mike Bazzell (his Privacy & Security Podcast is a wealth of tips as well)
· How to Disappear by Frank Ahearn
· Jameson Lopp’s Excellent Article: https://blog.lopp.net/modest-privacy-protection-proposal/
· A repeatable privacy excuse. I had two. Will share one of them below.
I suppose someone could embark on a privacy reset at any time, but I would argue that the only time it can be done effectively is when moving primary residences. Thankfully my family recently decided to give up our amazing downtown life of convenience to move to the suburbs because I guess that’s what you do if you want your kids to go to good schools. One twist of fortune that ended up being an incredible benefit despite being entirely unintended has been that we moved to the new place before the old one sold. This was not our preference, but from a privacy standpoint it’s been very useful. I’ve been able to point as much as possible at the old address when creating new accounts with various providers and then after accounts are set up, I change the address to our CMRA address as opposed to our new physical address. A lot of providers won’t let you create an account with a CMRA address, but I have found that they will let you change your mailing address to one after the account is set up. Since we still technically own the old place it’s not a lie to use it as the initial address for account creation. If you find yourself in the same predicament you can leverage it to your privacy advantage, at least. If you don’t have this option, there are other ways but that’s all I’ll say here.
Let’s back up a bit. The first thing you should do is start using Privacy.com. It’s a masked virtual card provider that allows you to create just in time virtual debit cards that lock to a single merchant and provide a layer between your actual card & billing address and the vendor. Privacy.com has been an essential tool but they start off new accounts with relatively low daily, weekly, and monthly spending caps uncorrelated to your financial means. If you are about to move, you will likely be entering a period of higher than usual spending, so you’ll want to have been on Privacy.com for a while and have accrued some account limit increases. They can be requested every couple months, so start now.
Next you need a friend. Not an acquaintance, not a sibling, not someone you met on K-Pop Reddit, a friend. This friend is going to own the keys to your financial kingdom for one vulnerable day in this process and you will have no recourse if they decide they want to exact some cosmic revenge for that time you co-signed their decision to try to build a following on Chat Roulette. This friend will be the trustee when you have your privacy trust set up. Their name will be publicly associated with the trust and will be used to file for a Taxpayer Identification Number with the IRS. And, when you go to closing on your new home, held by the privacy trust this friend will technically have full control of the trust and all its assets until they resign as trustee and name you as successor trustee (or guarantor depending on what state you use). Try to find someone trustworthy. Extra points if this friend is also not strongly associated with you online. If you are tied to them on Facebook, LinkedIn, and your local Furry club’s online forum then an investigator is going to have a field day developing correlations between the privacy trust and its likely true sponsor — that’s you. If you are lucky enough to have a friend like this then start buttering them up now. If you are uncool or unpopular don’t worry, you can always pay an attorney to act on your behalf in these matters as well.
Set up the privacy trust right away. You won’t want to be trying to concurrently set up a trust and closing on a new home. In fact, do as much as possible in advance. Rush and fatigue are the enemies of this process. Account creations will be delayed, vendors will be confused, processes will be labored, and you’ll have to escalate your customer service inquiries to higher level support because I guarantee you working with privacy structures is not in layer 1 support script at Comcast. It all takes longer and there is no expedite option. Give yourself enough time.
Next, you need to start building out a persona. This part is fun. If you don’t think it’s fun, you are wrong. I suggest having two personas. The first is the fully legitimized privacy trust. For our purposes let’s call it The PRISM Trust (TPT). I picked this name because I love refraction and for no other reason. TPT will need some tools so that it can perform services on your behalf. The first thing I did was get a paid Protonmail account. Skip the free account. You’ll need at least a Plus account, better yet a Professional account. At the same time, you will want to buy your own domain and point your Protonmail account at that domain which you can do with a paid account. If you are non-technical like me, you may need to engage Protonmail support with pointing the mail server at your private domain, but I found it fairly easy with a little guidance. Get a domain that maps to your privacy trust. In our case let’s say we bought “theprismtrust.io”. I suggest using a domain vendor that accepts Bitcoin. Actually, let’s pause here and talk a little about Bitcoin and its privacy cousin Monero.
There are two kinds of privacy enthusiasts, those that have discovered the revolutionary financial autonomy offered by Bitcoin and those who will get there eventually. The alignment between the principals of the Bitcoin community and the privacy community is nearly complete. That being said, the uninitiated usually have some preconceived notions about Bitcoin privacy, and it can be to their detriment. Bitcoin is a fully public transaction ledger. While it is pseudonymous, it is not anonymous. In fact, between the native metadata visible through Bitcoin block explorers, blockchain mapping heuristics, and the advanced investigative capabilities of the blockchain forensics companies, Bitcoin can usually be traced back to an identity if the user behind that identity is unsophisticated. Granted, the unmasking of a Bitcoin wallet or transaction usually requires some complicity between large service providers (e.g. exchanges, or vendors with KYC/AML programs) and law enforcement with subpoena or collection capabilities. But it can be done and is done often as we see with scam interdiction, money laundering prosection, or SEC violation cases. If you aren’t committing any crimes, which I should caveat is generally my recommendation, you don’t have great immediate concerns about the mapping of Bitcoin transactions. However, given the permanence of the Bitcoin ledger, I think it’s prudent to handle Bitcoin at all times as if you are under scrutiny. We don’t know what the state of censorship will be in ten years, but we do know that your Bitcoin transactions will still be immutably transcribed in the distributed ledger in ten years so why not start being careful now?
I have my favorite techniques to build entropy into Bitcoin transactions and I usually layer a couple in together in various orders so as not to create a pattern or habit but let’s assume that you, dear reader, are newer to cryptocurrency and need some user-friendly tools. Well, there are none because the industry is nascent and still working on adoption. By way of comparison, Ray Tomlinson sent the first email in 1971. Steve Case founded AOL in 1985, and the commercial restrictions on email weren’t fully lifted until 1991. Satoshi Nakamoto mined the Bitcoin genesis block eleven years ago in 2009. We are in the 1982 of Bitcoin’s life. It’s still clunky and hard to use. It’s getting better quickly but some patience and skill is still required. It’s well worth the effort and if you’d like to do some further research the best resource out there is www.lopp.net/bitcoin. For beginners wanting to use Bitcoin privately the answer is simple, use Monero.
Monero is newer project with a similar genesis story to that of Bitcoin. Both projects have pseudonymous founders who disappeared after the early stages and have not resurfaced in any meaningful way. (For a good laugh look up Craig Wright and you’ll see what I mean). Monero, unlike Bitcoin, is a privacy by default protocol. It masks the sender, recipient, and transaction amount. There is a Monero blockchain explorer but it’s basically useless to 3rd parties. Monero is still young and in flux as it improves so trust it with your privacy with caution, but I can say that no coin does more, more sincerely, for privacy than Monero. Anytime you can pay for something with Monero, do it. If you can only pay with Bitcoin, you can still pay with Monero. Check out xmr.to and see how.
There’s a lot more to say about cryptocurrency but while I sit here foaming at the mouth over the prospects of a decentralized financial future, you might be wondering when we will get back to the whole privacy thing. I would encourage you if you are interested to spend some time learning about cryptocurrency. It is fascinating and rewarding subject matter.
Once you have your Protonmail and private domain you will need to acquire a 3rd party VPN. I use Mullvad since I can pay with cryptocurrency and their VPN configs use the .OVPN format so I can import them into an open source VPN client like OpenVPN or Tunnelblick. In an ideal world you will have a router-based VPN for your home network but even then, you’ll need a client-based VPN for your devices unless you never plan on connecting to the internet outside of your home. Remember to engage the “block when disconnected” option on your VPN so that all other network connections are blocked when the VPN connection drops. Note, a VPN is not a panacea. Your device still has a MAC address, browser fingerprint and other unique identifiers that allow the data collectors some ability to correlate searches with devices. We just want to make it difficult. Bonus points if you deploy DNS over TLS to mask your DNS lookups from the ISP.
Okay, let’s get back to the personas. Use your device with the best OPSEC posture you have available and then start building your two online identities. The first should be the trustee and the second will be the property manager, let’s call him Tom. Within Protonmail you need to assign each of them an alias, like trustee@theprismtrust.io and tom@theprismtrust.io. The trustee account is for interacting with vendors or parties that need to have direct contact with the trust. Tom is a convenient foil for everything else. Full disclosure, the lines can get blurry between when to use Trustee vs Tom but the important thing is that neither of them map back to you personally. Also, you control both of them, they are just fronts to protect your actual identity. My main reason for creating Tom, the property manager, is that he can elicit sympathy where the Trustee cannot — this is one of my “privacy excuses.” For example, let’s say you are calling the local ISP once you move in and trying to get cable and internet for the new house. Usually this is easy. It will not be for you. Let’s take an imaginary ISP called Horizon as an example. Horizon wants to immediately associate your account with a real identity. This is understandable for billing purposes but even if you put down a deposit and tie the account to a Privacy card or even a bank account set up for your privacy trust, they still want an identity. You can get around this, but it will require some engagement with a supervisor. If you use Tom for this interaction your call might go something like this:
“Hi this is Tom, I’m the property manager for The PRISM Trust and I need to set up service for a property at 21 Jump Street, USA”
“Sure, Tom, we’d be happy to overcharge you for internet and 700 channels you’ll never watch and 5 that you will”
“Great, I can pay you, put down a deposit, give you the tax ID for the Trust, and a phone number/email address”
“I’m sorry Tom, we will need more information, including your social security number, genomic sequencing data, and one of your two thumbs”
Here’s where Tom becomes very useful.
“Listen, I’m kinda jammed up here. I work for this privacy trust and the trustee is a batshit crazy recluse. I’m stuck trying to get basic services set up for him, but he won’t let me use anything but the trust as the account holder. I’m happy to provide anything you need from the trust and, like I said, get you a deposit along with getting set up auto draft payments. It would spare me the ferocity of his nightly canings if I could just get this set up for the trustee”
Some variation of the above usually works. By making the trustee the bad guy, Tom engenders some sympathy from Horizon. I would venture that something in the above is ethically questionable and perhaps at odds with some terms of service, but we need to do something to offset the asymmetry in the relationship. It’s for a good cause. Kind of like speeding on the way to the hospital.
You are probably thinking, Trustee and Tom are going to need more than an email address and handsome puppeteer behind them. This is true. On this front you can go wild and I suggest that you do. At a minimum these personas need phone numbers. This part gets a little tricky. You need to control these phone numbers and they need to be SMS enabled since vendors will text you for all sorts of things including authentication, payment reminders, and delivery updates to name a few. Under no circumstances, ever, including if Kim Jung Un is threatening you with a mortar or a full day of sightseeing in Pyongyang with Dennis Rodman, shall you use your personal cell phone number for anything in this entire process, ever. Ever. One solution is to go to a store and buy a cell phone and prepaid SIM card with cash and have a cell phone for Trustee and one for Tom. One thing I like about this option is that there are some great services that allow you to top up your SIM card with Bitcoin. The problem is that most people don’t want to carry three cell phones. Google and the carriers, among others, will eventually be able to correlate those phones anyways. On the phone number front, I admit, I have an unfair advantage. Thanks to the guys at Halo Privacy I have a handful of burner phone numbers provisioned to me without attribution to my cell phone or to me personally. In addition to being burner numbers, mine have encrypted routing to the US from anywhere in the world as well as some ornate corporate backstopping. I’d encourage you reach out to the guys at Halo Privacy for details. (Surprise, I am one of the guys at Halo Privacy). While the Halo solution is technically the best option, it is not free. For free or low-cost options check out Blur or the Burner app. I can’t vouch for them, but they do provide helpful services in this arena.
Once you have email accounts and phone numbers feel free to sully the online presence of your two personas with reckless abandon. Go sign up for any and every free service, social media platform, and vendor distribution list you want. Make sure to point these sign ups at your burner number and the real property address. The more fodder associated with these personas and the real property address the better. There’s an entire discipline behind doing this kind of work so I won’t try to recreate that knowledge base here except to say that the books and podcast by Mike Bazzell are the best resource out there. The goal of this part of the process is to deploy enough online detritus tying the personas to the address that the identity database resellers start populating your personas as actually being associated with the address. Give it a few months but eventually the tier 2 databases like Spokeo, PeopleFinder, Whitepages, etc will think those personas actually exist at that address. There are also tier 1 databases that use verified data for their compilation. They usually will filter out the noise so in those cases we aren’t as concerned with tricking them as making sure your true identity does not populate. By using the trust for property ownership and the account services at your home you will be well on your way to keeping the association between your true identity and your true physical address out of any of the databases. There’s a short rule of thumb for this. If the account has your name, personal payment modality, phone number, or social security number, use your commercial mail relay address. If it has the trust name, phone number, payment modality, or tax ID number use the real property address. There is no exception to this rule. At worst, a single mistake can undermine the entire process.
Ok, now that you have a trust, online personas, payment mechanisms, and services set up at your home, let’s talk about sustainment. The bulk of the work is front loaded into getting into the new house without tying it to your true identity. The problem is that over time that privacy will degrade if you don’t maintain the defenses. Take a few practical matters as examples. What happens when you want to order Uber to your house? Let’s pick on Uber for a moment actually. First thing they want you to do is enter a “Home” and ‘Work” address. We know better. Without getting into painful detail, the amount of overt or discoverable personal information emitted by your cell phone, tablet, or laptop is staggering with cell phones being the primary offender. The best hedge against endpoint-based collection is using devices from our friends Purism out in California. They have lowered the signature of their devices and escalated physical tamper proofing beyond anything else available in the market. If you aren’t ready to convert to Purism, Apple devices, while still data sieves, are orders of magnitude better than Windows or Android based endpoints. Personally, I wouldn’t use an Android or Windows device outside of the US. Not because they are any safer in the US but at least that’s the devil I know. Want an example? There’s a so-called privacy phone company out there that sells two versions of their handset. One comes with the Google suite of applications loaded on it and the other without. Guess what? The handset with the Google suite pre-loaded costs less money. Hard to imagine why going through the extra effort to load Google apps on a phone would incur a discount unless the profit comes from somewhere else. The saying goes, if the product is free then you are the product. Keep that in mind every time you download a free app. Facebook didn’t pay $19 billion dollars to give WhatsApp out for free because they care about providing no-cost VoIP services around the globe.
Now that you are back from incinerating your Google Pixel phone, let’s get back to picking on Uber. They, like all apps of their ilk, know a lot about you. They know where you live, where you work, what time you came home from the club last weekend, what you ordered at 3am when you came home from the club, and if you use a scooter, they know you are a moron. As I said at the beginning, the goal of this process is not to live entirely outside of the comforts of modernity. To use some of the conveniences of a connected life I decided to accept some level of potential de-anonymization. If my motivation was hiding from a violent stalker, I might take fewer liberties. I still use Uber. It is useful. When I order an Uber for home pickup, I order it to an address within walking distance of my home and just meet the car there. On the way home I drop off near home but not at home. I do the same thing with any GPS based apps and in my car. Uber probably can tell what neighborhood I live in by now, but I would venture they don’t know exactly where I live unless they are buying that information from another app. It’s worth noting that data has value even if it’s general or inaccurate so just because we go through efforts to corrupt the data doesn’t mean the big players stop making money off of it. If I left my Uber app open in the background after my trip they would figure out where I live since the location services permitted within the app would see that my phone geolocates to the same house at night but they will log what they can get against my user account regardless. The good news is that even if they did know the location of my house, the property is not associated with my identity and I set up my Uber account with anonymous payment, the trustee email, and the trustee phone number. Does Uber have some information on me, yes. It’s not enough to really figure out much so I’m okay with it. I applied the same technique to Try Caviar, Seamless, Amazon, and a host of other services useful in my daily life. My family already put up with a lot to do this, no need to make life miserable after the fact with a spartan set of lifestyle restrictions sans any of the useful tools afforded to us in 2020.
Published at Mon, 10 Feb 2020 22:41:44 +0000
{flickr|100|campaign}
