Need solution

abc bcd
abc bcd used Ask the Experts™
on
I am a heavy Twitter user and now I am hearing that the Indian government is hiring data experts and buying a surveillance/spy software to find people's whereabouts like in China. Because they don't like the dissent. There are many activists out there (myself included) who would like to be secured to the hilt against this new government spying software too.

What should I do beside running TOR.
Can they trace my phone number?

Any answer would be appreciated.

Vic
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Prabhin MPDevOps Engineer
Distinguished Expert 2018
Commented:
You can use TOR or i2p for anonymous browsing. they cannot trace your mobile number by using these technologies.
U just need to install tor browser in your laptop start start browsing.




Hope you got enough information

Be aware be safe

Author

Commented:
Thanks.
I am already running TOR but its damn slow.
Andrew LeniartIT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018
Commented:
If you want to hide your location, then one of the first things you should consider using is a VPN. I have one built into Avast Internet Security and can set that so it looks like I'm connecting from anywhere in the world that I choose and all traffic is encrypted. There are many other services available though - simply google "VPN Services" and you'll get a ton of hits to explore and choose from, some free, some paid, depending on your needs.
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Blue Street TechLast Knight
Distinguished Expert 2018
Commented:
Hi abc bcd,

I honestly would not use your smartphone if the risks are high - they are privacy leaking sieves!

Also, TOR is not a panacea - furthermore it has lost a lot of its ability to remain anonymous, governments have found ways to monitor exit nodes plus if you use/enable scripting on any site...anonymity is lost.

I'd use a laptop. Run a single pass of 0x00 on the disk(s) then reformat it. Username should be something generic. Sanitize & privatize all OS data-points, telemetry data & tracks. Run FDE (Full Disk Encryption) on a TPM chip-based motherboard with a PIN & secure the boot sequence. Then run a VM off that with Tails. Authentication should be a strong password (entropy of 120 bits or higher) with a U2F USB key like YubiKey that way if the laptop is recovered all the contents are encrypted and they will not be able to authenticate even with your credentials without the physical USB Key. Use 2FA when you can on the Twitter accounts to prevent side attacks, account compromise, etc. I believe Twitter 2FA is telephone based so if that is the case use a burner phone or number otherwise it may be better to no enable 2FA.

TOR over VPN or VPN over TOR, IMO, neither are good solutions - both configurations expose different aspects of your connection.

Use a VPN but be very scrutinizing since most VPN companies are a joke, the rest are within the 14 EYEs and very few are actually good. Stay away from all the review sites, e.g. top 10 best VPNs, etc. Again, you are trusting these VPN companies at their word - nothing more. So when they say they don't log - unless you're an internal sys admin of the company you'll never know! The VPN company should NOT be located in the 14 EYE countries but rather countries like Switzerland with high data privacy laws. You want to use a VPN service that allows for multi-hop VPN chains (aka cascade). This setup is basically a VPN tunnel across multiple different “hops” – or VPN servers – with each hop re-encrypting your data and providing you with a new IP address (identity). Some of the better VPN companies offer AI routing to do this in the most anonymous and efficient way automatically. This allows the traffic to remain on the encrypted VPN network as long as possible. The external VPN IP will change depending on the destination and in the best case the traffic is not exposed to the Internet at all thus greatly reducing the number of attack points making tracking users much more difficult.

I'd destroy the Twitter account if possible and create a new one with anonymized data for account info,email address, etc. AFTER establishing a VPN connection. That way Twitter servers will never log your true IP making it significantly harder to track. I'd recommend Firefox with NoScript and a few other Extensions to maximize your privacy. Also, create a new email address on a private service like ProtonMail - make sure to enable 2FA & encryption, which is a second password different from your credentials, which will unencrypt your mail at rest when you use it. Then use it to create your new Twitter account.

Let me know if you have any questions!
Exec Consultant
Distinguished Expert 2018
Commented:
There is no sheer untraceable protection scheme - even if in TOR, there is leaks through other channels like google search, unprotected (non-http, supercookie) website and the key is it encrypts your connection, not your data, and TOR’s exit nodes are vulnerable.  VPN is good but not don't expect 100% protected by the VPN provider as mentioned by Blue Street Tech. Watch out for the (less often read through) Privacy Policy - which may reveal the provider saying to retain personal information as long as necessary for the fulfillment of those lawful (or maybe more) purposes. Probably look for disposal phone number via burner apps or burner phone instead. Maybe can look at the EE article to check if the device is hacked as well.
Lucas BishopMarketing Technologist
Commented:
Get a cheap, used throwaway laptop from someone off a site like Craigslist. All the rest of your activities would take place using this throwaway laptop.
Format it completely and install an OS that favors privacy, like Tails <https://tails.boum.org/>
Connect to the Internet, over Tor from a wifi connection that you can't be traced to, like the parking lot of a coffee shop.
Don't bring your phone with you.
Make sure no-scripts and https-only are enabled in your browser.
Create an email account that is hosted on a privacy focused system, like <https://protonmail.com/>, using an onion address <https://protonirockerxow.onion/>
Purchase a VPN account from a non FVEY provider, like <https://www.ipvanish.com/>, using a non-traceable cryptocurrency, like Monero.
Install VPN app. Configure killswitch so that no internet connections are made unless the VPN is connected.
Disconnect from wifi.
Disconnect from TOR or I2P.
Enable VPN, using a non FVEY location.
Reconnect to Wifi.
Setup your Twitter account, using the private email as the main contact address.
Tweet.

Rough, but should get you pointed in the right direction.
btanExec Consultant
Distinguished Expert 2018

Commented:
For author advice

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial