How to Be Invisible on the Internet. 10 Identifiers to Eliminate | Rob Braxman
Summary
Transcript
How can you be invisible on the Internet? Invisibility means you’re still on the Internet, but no one can see you there. The problem will be from certain identifiers that accompany you as you surf the interwebs or use apps. In this video, I’ll discuss ten of these identifiers. What I will explain today is how to hide these ten identifiers so no one can tell who you are. Have I caught your interest? If so, then stay right there.
Let’s start with a basic premise. The Internet is designed to track us. Ever since the Internet was invented, to even send information from one Internet node to another required addressing. Thus, we have the IP address. IP addresses are often fixed, and long term phones obviously have phone numbers, but they also have the IMEI, which is attached to the cell baseband modem. Phone subscriptions are connected to the IMZ identifier.
Phone numbers are in databases of contact lists that big tech platforms collect on the network. We also have hardware identifiers. Each network connection, whether to Bluetooth, Internet, cell data, all require another identifier called the Mac address. This is unique to each device. On wireless devices, these Mac addresses are even broadcast over the air, so listening devices nearby can read them. Computing devices have serial numbers built in, for example like cpu identifiers.
Operating systems also have license numbers that are unique to your device. For example on Windows, this is the Windows product id. There are temporary identifiers that are used to mark devices on phones. There is the advertising id, which is an identifier made known to advertisers to recognize your device. On all browsers, platforms can drop a little identifier on your device called a cookie so that websites can track you.
They can also do a browser fingerprint so they can recognize you if you return. Every time you log into Google, Facebook, or Instagram, traces of those ids are visible on most platforms and they can then be used to track you over the Internet. Another way of identifying you is via location tracking. If your location is recorded that is easily transformed into a street address, then of course there are plenty of public databases that can convert that to a real name.
Finally, you often use an email address to log into various platforms. These email addresses are in contact lists as well as records of the platform itself. The email address is often a direct identifier by itself. Fact if you do nothing, everything you do on the Internet can be attributed to you using some or all of these identifiers. Your goal, if you want to be invisible on the Internet, is to eliminate as many of these identifiers from your Internet actions.
This way you become pseudo anonymous. You’re there, but no one knows who you are. Exactly. Let’s jump into the ten identifiers that we will try to remove from your Internet actions today. I will indicate a threat level with each of these from one to ten, so you can prioritize which to work on first. This list is not sorted by threat level, so watch them all. Number one IP address threat level ten out of ten.
This identifiers the most basic and should be the most feared. You cannot go on the Internet and do any kind of data exchange without passing an IP address. The question is if the IP address is yours. One of the most important techniques for protection is to use a VPN. A VPN shows the IP address off the VPN service and not yours. This is critical in the home if you’re using a broadband cable modem to supply your Internet.
Why is this critical? Because your IP address at home sticks with you. My IP address at my home hasn’t changed in 20 years. The ISP obviously knows who I am since they send me a bill and send technicians to fix my Internet and they have a record of the IP address assigned to me at any given moment. Any website or app you visit can see this IP address.
Even worse, your emails include this IP address. If you’re using some standard email product, then your IP address is sent to the email service provider and it’s even in the header of every email you send to others. Let me alter the threat scenario here. Sometimes you do not need a VPN. Currently, the Internet only routes traffic using IP addresses in IPV four format. Version four most cell phone carriers and Starlink now use the new ipv six format internally on their network version six.
This means that they cannot pass an ipv four address unique to you, to any platform watching your traffic. You in fact share IPV four addresses with all the users of the cell service or Starlink. The IP addresses that appear for your traffic is actually the carrier’s IPV four router that connects to the Internet and translates the IPV six address of all of the people on that location. This means that even without a VPN, you are invisible already.
As long as you’re not using your own cable modem on your home network. This gives you another option to protect your IP address without an additional cost. Another option is to use Tor. A Tor browser will anonymize your IP address and is the most invisible of all options and it is free. However, you will find that many sites now reject Tor connections because hackers tend to use Tor, it is also terribly slow, so this becomes impractical beyond occasional use.
Also think about the email. Using email services that don’t show your IP address. We for example, have a Braxmail product that does that. No IP addresses on the header number. Two phone numbers threat level eight out of ten phone numbers have turned into an Internet id, especially since most people have mobile phones and every platform knows that. What really identifies you is if you go to a platform and you give them your phone number for two factor authentication or two fa.
Obviously this means if you set up multiple accounts, let’s say in Google, then they will know which accounts belong to the same person just from the phone number. But this in itself isn’t the main identifier. Phone number directories are known to carriers, but are not distributed anymore. The main source of phone number directories which reveal your name and potentially your address are actually the contact lists uploaded by your friends.
You cannot control this, and there is a 99% chance that your old time phone number is in some contactless database. In a big tech platform, they don’t have to pay for this and it is uploaded willingly. So when you give a platform your regular phone number for two FA, then they can actually verify what your real name is. Well, there goes your invisibility. The solution is actually simple.
Have a dedicated phone number for two FA, a second phone number, you can put it on another phone. It will need another SIM card. You must never give this number out to any contact, so it doesn’t appear on a contact list. The fact is immediate. If a platform seeks to identify you, your phone number will not match to anyone’s contact list. You will be invisible. Your main phone number can be the same.
Your friend can call you on that, but never use that main phone number for two fa, with one exception that I make, and that is for banks number three, IMEI and IMZ. Threat level nine out of ten. Your mobile phone has so many identifiers, so we’ll start with these two. The MZ is attached to your SIM card. When you insert a SIM card, your phone will actually broadcast this MC on the airwaves.
This is a specific threat when dealing with governments since they can use a device called Stingray to listen for IMZ. The other identifier is the IMEI, which is permanently attached to your phone hardware. It sticks with you until you change phones, but neither of these are the threat to the Internet. Invisibility. The reason is that a platform cannot see your IMEI or MZ directly and governments only look at it if they use it on radio interception.
For example, if you go to TikTok, it cannot find your IMEI or MZ. The real threat is from the phone OS, which is Google Android or Apple iOS. These oss can identify your device identifiers and store it on their database, so this ruins any plans for invisibility on these devices. You cannot hide from the OS of what I call a normie phone. The best solution for a phone is to use a de Google phone.
This means having a phone with a different os based on Android open source project or AOSP. These kinds of phones do not have a connection with Google and do not give access to the hardware identifiers. This has a high threat level because these identifiers are used to track you on all other devices with a technique called cross device tracking. Number four Mac addresses threat level two out of ten Mac addresses are indirect identifiers.
This is a common misconception about the seriousness of a Mac address by many people. The Mac address is not visible to any platform automatically, it is not part of the Internet protocol. However, some apps intentionally collect the Mac address and then use this in extremely privacy invasive ways. The main culprit here is meta. These apps actually spy on the Mac addresses of the local area network. These then can be used to verify your identity.
It is also used to spot you in other environments. Other Zuckbook users can detect your Mac address at a Walmart Wi Fi for example, and then Zuck will know you are at Walmart or that you are near other people. The other way that Mac addresses are dangerous is through the listening of Bluetooth Mac address broadcasts which have been added to iOS and Google Android. This was added to these OSS to do contact tracing during the COVID crisis.
Although I can’t be certain they collect this data today, the phones have a built in capability to collect other Bluetooth Mac addresses near it. The solution is to use a de Google phone, not that this can stop others from listening to your Mac address. That will continue. However, the Mac address will not be connected to you since Google will not know it belongs to you. It will just be some random Mac address.
And again I repeat this, a Google phone has no Google id, so that’s why. Secondly, be sure to not use any zucking meta platform since they are the primary users of Mac address tracking. Number five cpu identifiers and OS license numbers threat level two out of ten let’s say you’re using Windows. This will have a similar problem to the mobile phone using iOS or Google Android. It would be possible for apps to send the cpu identifier or the Microsoft product id to the platform.
The problem is that this threat is not limited to a Microsoft any app could retrieve this information on Windows. This is available in the Windows registry. If a platform requires access only via an executable rather than a browser, this should alert you to the possibility that this additional information is retrieved. Obviously NeOS can collect this and send it to HQ, but it is more of a threat when it is used with specific knowledge of what you’re doing by some app.
Let’s say you are required to use an app to access some corporate system. Then that corporate system could see if you’re a valid user by sending the Microsoft product id from your computer. This can then be used to check that the hardware is validated as well. The problem is, any app could do this. The solution is to use a virtual machine on your computer. Nowadays a virtual machine software is not so slow anymore on Windows and Linux the common free virtual machine software is virtualbox from Oracle.
It is free and the best way is to actually install Linux on the virtual machine. Virtual machines do not have an actual hardware identifier for the cpu and by using Linux you eliminate the risk of the os identifier being sent. Number six advertising ids threat level one out of ten advertising ids are temporary identifiers used on your devices to track you. Now I say temporary, but likely 99% of you would keep the same advertising id for the long term because you will not disable this.
It’s an extra step and many of you don’t even know what it is. The advertising id is a voluntary identifier that is sent with any traffic and retrieved by apps. There’s an advertising id on all operating systems outside of Linux and the Googled OSE, both mobile and desktop. The solution to this is to opt out. You can opt out from Google, Android, Apple, iOS, macOS and Windows. Or if you cannot opt out, you can change the advertising id frequently.
In some privacy setting, the OS can generate a new one. This is a threat only from third party platforms, by the way, and it is not a permanent threat. Google and Apple can track you via other means if you’re using their OS. So fortunately this is a threat with a limited scope. Number seven cookie trackers and browser fingerprints threat level two out of ten cookie trackers and fingerprinting your browser are alternate ways of identifying you for advertising purposes similar to the advertising id.
Believe it or not, these are not all that important to your invisibility unless they’re connected to your Google ID or some meta id. So let’s wait to explain a more detailed solution in the next item. Absent the Google ID or meta ID, these trackers have a very short term impact. They can identify you temporarily, but it is not permanent. So this is not as important as it would seem, at least until a Google ID is matched to it.
For this reason, I don’t really do anything special to cookies. In general. Sites will always ask you to accept cookies, and I do accept them. Mostly there are browsers that will automatically delete cookies after each session, and that really is the only important solution. For example, brave browser will do this automatically. Clear cookies if you feel this to be a threat in some way, browser fingerprinting specifically can be minimized by making your browser as plain vanilla as possible.
Do not use browser extensions and use many browsers as a habit. You can even use a different time zone. Number eight Google ID and metaid threat level ten out of ten as I just explained, the cookie and browser fingerprint problem isn’t that serious until you add the Google ID into the equation. I’ll add meta in here later. The specific threat comes from the Google ID being stored in a cookie.
When you are logged into Google on a browser, this Google ID will be in a cookie for sure. The effect of this is that any website with Google Analytics, Google Adsense, will automatically detect this Google ID. Since the majority of all websites have Google Analytics or Adsense, then it is safe to say that Google will know practically every website you visit and it will be specifically attributed to your Google ID.
Meta has their own equivalent like the Facebook like button, which will capture your ids from meta properties like Facebook, WhatsApp and Instagram. The solution is to isolate these to a separate browser. Only use Google on one browser. If you’re logged in, for example Chrome. But do not go to any other website on Chrome, do it from another browser. This way the Google ID or any meta id will not leak anywhere.
You can go to Google on another browser as long as you never log in to Google on that browser. I hesitate to give a solution for meta because of the Mac address tracking I mentioned earlier. Among other things, they also do facial recognition. The best solution is to abstain from meta. Number nine location tracking threat level nine out of ten the risk of location tracking is that if you are cavalier about this piece of data and don’t turn off location permissions on everything, at some point some third party will capture your location information with your IP address.
This is a frequently sold piece of information by thousands of apps and unfortunately once your ip address is recorded with the location, then anyone can do a lookup and find out exactly who you are just by looking at your IP address, either as captured by an app, a website or through your email. The result will be that you will be in a lookup database sorted by IP address and from there it will show your location.
There are many suppliers of this data, including companies like here and Skyhook Wireless. The solution is to always use a VPN because the location information, if accidentally captured is a value only. As said data pair with your IP address and of course always turn off location permissions, especially if you’re at home. You can never be sure which apps are selling your location and IP address data. One of the most well known apps that do this is the weather Channel app which is owned by IBM.
The other fear with location tracking is that Google and Apple always know where you are. Twenty four seven. Your location data is then used to provide geofencing services to government agencies. If you’re using a D Google phone then you are safe from this number ten email address used as login threat level six out of ten if you use a specific email address to log into a platform, then the platform can check the same contact list where they find your phone number to also see your real name.
So in essence the phone number and email are connected identifiers. The solution here is to use different email addresses for each platform. Some email products can allow an alias like Braxmail. This ensures that your email will not be found in any contact list since you will not give this alias email to your contacts. So there you are ten identifiers that you must attempt to hide from the Internet at all times.
Use the threat level to gauge the importance of these to your privacy actions. Unfortunately, know that you cannot delete data that is already known on the Internet. You can only move forward to eliminate future data. Keep that in mind, the sooner you start implementing these actionable items, the better for your privacy. Good luck. Privacy is something we all have to work on. It does not come to us automatically.
I try to make it easier by starting a company to help the average person with privacy solutions. The main threat currently is the Google ID which is on your phone. There are hidden communications between common phones and big tech which reveal device identifiers and tracking that points to you. We sell various models of the Google phones in our store. These phones are around $400 so they are cheaper than normal phones.
We have the bytes VPN service which I started a few years ago. As I discussed in this video, a VPN is important to hiding your IP address. Our VPN service is unique because it includes ad blocking via a pihole server, which also serves to anonymize your DNS. We have a related Brax router product that can allow you to vpn your entire home Internet traffic. This keeps everything simple if you have many devices.
We have a Braxmail service that hides identity information from your email and prevents you from showing up on contact lists. It also eliminates IP addresses from showing up on the header or in logs. We offer unlimited aliases, seven domains and webmail. Check that out for $50 a year. All these are on my store on bracks. May sign up on there and you will not be asked for personal information like email.
I also want to remind you that I’ve moved my live streams to Rumble and Robbraxman locals. com. These live streams are on Thursdays 08:00 p. m. Pacific time. Join me there if you want to ask questions live. Thank you for watching and see you again next time. .
See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.
