A proposal of an anonymity scheme for big fish

So i'm posting this idea here to give you guys ideas on an anonymity method, spark discussion of the idea, ask questions about this idea, and to have you point out possible vulnerabilities in this plan if you can.

  1. Purchase a burner laptop with cash, preferably without showing your face or leaving any forensic evidence at the shop, and taking care to park far enough away that outside security cameras (even from multible shops) cannot pin you on an identifiable car or a license plate number.
  2. Install Tails onto a usb
  3. Have all your important files on an encrypted usb
  4. Purchase an android burner phone and get a decent data plan for it, all paid for with cash, preferably without showing your face or leaving forensic evidence
  5. Turn the android into a password protected wifi hot spot, possibly by using a McDonald's public wifi to download a tethering app, so as to tether your laptop to it (let's call this wifi phone a wiphone)
  6. Keep the phone's battery out of it unless you're using the wifi
  7. Only use the wiphone for wifi, and only turn it on when you're not near any location which may be traced back to you (home, work, friends house, etc)

One major forseeable difficulty is acquiring the laptop, cell, and data plan without showing your face or your car's license plate to security cameras, which are practically on all commercial buildings these days. When i went to get my burner, i called the computer store before hand and asked if they would mind serving someone who was wearing a mask (my state doesn't have anti-mask laws), they said they didn't mind, so that's exactly what i did. It was a small shop so the manager was easily accessible and they were eager for business, going to a bigger store, such as walmart, might be more difficult because the managers aren't as available and bigger chain stores probably aren't as eager to do business with a single individual. Plus people at a computer store are probably way more understanding towards those of us who take anonymity super seriously, while the average walmart employee probably doesn't know much about anonymity or the surveillance state or even care. Wearing a hijab might work if you get thrown out of a bigger retail store for trying the mask bit, as the bigger stores are probably more cautious of having a discrimination scandal damage their brand.

Questions: A. Would i be able to check tracking using this scheme (obviously not via a TOR browser as that may flag the package)? B. If I were to have another regular-use-phone on (let's call it tele), on while the wiphone is on, would LE be able to like....idk, link the two by proximity and consistency, and then possibly track the tele? The reason i ask is that one of my other phones uses google authenticator for 2FA on some crucial sites.

Please, give me advice on this idea, try to point me to possible vulnerabilities I should address, answer my questions, and discuss this!

EDIT: You all keep raising a moot point about how this draws attention from the store clerks and the customers at the store. Their attention on an unidentifiable masked man does not have any effect on me. Even if the store clerk were to make a special point of saving the security camera, THE WHOLE POINT IS THAT IT'S WORTHLESS.


Comments


[20 Points] TheOpiateKing:

Omg stop. Please tell me you did not CALL A FUCKING STORE TO ASK IF YOU COULD WEAR A MASK TO PURCHASE SOMETHING......then...ACTUALLY SHOWED UP WEARING A MASK. LOL.

I CANNOT HANDLE THIS


[10 Points] xanaxprime:

you wore a mask to buy a laptop..?


[9 Points] DooshNozzzle:

omgggg hahah!!!!!! PLEASE post pics of the mask. omg please. I will pay you BTC to upload pic of you wearing the mask and holding your username. PLEASE!!!! BAHAHA omFG dying of laughter


[7 Points] lovelylittlegangster:

What makes this silly is you have no idea about attack vectors. You're just doing stuff you think is anonymous but don't really understand what you're doing. That's how you're showing yourself to be a n00b (which is fine, if you're honest about it).

How is buying a laptop going to get you in the shit? So what if they can prove you bought one? There is no imei number being broadcast. The laptop doesn't point back to you on the net. Buying a legal item that doesn't broadcast identifying data while wearing a fucking mask is ridiculous.

Please let us all know if you're planning on becoming a vendor. We all need to avoid...


[6 Points] MrJuanPablo:

lmaooooo what kind of mask was it???


[4 Points] drkntmrkets:

A mask? You should be looking to blend in, not stick out like a sore thumb.

Imagine you go to an electronic store and see someone purchasing a Laptop with a mask on, you will come to 1 of 2 conclusions, maybe both:-

Sorry but you are an idiot and furthermore I really doubt you fit into the "big fish" category.

This type of idiocy and crippling paranoia always seems to be apparent in heavy weed smokers, I mean I love a joint as much as the next guy, but some of you need to lay off.


[3 Points] RIP_Meth_9000:

9000 says there are many holes in this far fetched plan & you have wasted good LSD to come up with. No, I will not tell how to fill the holes, as 9000 will enjoy reading the "Don't make the same mistakes I made" post here in our little slice of heaven once you are arrested for trying to be the next Pablo Escobar.

If I were you (Thank God I am not) I would stick to selling dime bags in the park to the rest of the 9th graders. Its clear you are clueless to how its really done. If you are on here asking others to look over this plan, then you are not the one Neo. Now go back to playing the video game "Cold Blooded" & having these delusion of grandeur that will have you farting silent for the rest of your natural life. My advice, leave the kingpin stuff to the Mexicans my friend.

9000


[2 Points] pinochetHA:

Vulnerbilities:

  1. The laptop you buy has compromised firmware and you don't do anything about it. You, as a big fish, are fucked.

  2. You use a bad usb. You, as a big fish, are fucked.

  3. Your using a phone? http://pocketnow.com/2013/11/19/hidden-operating-system

Admittedly you'd probably have to be a very big fish for that one.

  1. You are using your own personal wifi network. That protects you against someone getting your home ip if they can bypass Tor/ get root on your tails. It doesn't really let you blend in though, so its not very anonymous. Whenever someone is online on that wifi, it's has to be you. Public wifi is a better option.

  2. You bought a fucking computer using a mask?? wtf? That's not anonymous. Buying a computer isn't illegal. Wearing a mask made you stand out and look like a total idiot. You can rely on doing things like that to attract suspicious and confuse people. Not to stay anonymous. Google anonymity.

  3. You called the computer store before arriving and told them you were coming, in a mask. Your adversary has traced that call, recorded your voice and now knows you were the guy in the mask.

  4. The most important vulnerbility of all. You have wasted all your time thinking about an elaborate and unlikely threat model, and have forgotten to do the simple stuff well. Keeping shit encrypted. Verifying the software you are using. Keeping your mouth shut.

There's probably many more issues than those. They're just my thoughts after reading this post twice.

Now it's time for us all to sit down, have a cold drink and gently float back to reality. You aren't a big fish. You want to buy some drugs off the internet. Law enforcement and nation states are not going to use any compromises they may have in your firmware to bust you for buying a little weed on the danknet. The kind of stuff you talk about here is what BBMC calls popsec. It's opsec that's popular, that helps you to sleep safely at night and lets you believe that you are still in control despite the fact that you probably don't understand the tools and sites you are using. But it doesn't improve you security and distracts you from focusing on real threats. You do not need the opsec of a big fish. You need opsec proportional to your threat model.

If you do the simple things right, stay focused when working, think critically and spend as much time as possible learning about the tools that keep you safe you will be safe. Everyone who has been caught so far failed to do one or more of those things.


[1 Points] None:

[deleted]


[1 Points] jackoass:

Wow. A mask? Really? Are you actually trying to get people in trouble?


[1 Points] chipstacks:

What about the part where the package gets dropped off somewhere?


[1 Points] timmyfellinthewell:

Ohh yeah sure you can wear a mask!! Hey. Your not gonna pull a gun out and Rob us are you??

Cool. Come on over.

Ohhh how I lollllled hahahahah