# Completely anonymous VPS



## D. Strout (Jun 18, 2014)

Install/set up Tor.
Go down to your local convenience store, gas station, mall, or almost anywhere and pick up a $20 prepaid VISA/Amex. Pay cash.
Use a "private browsing" window for the next three steps. Grab a random identity from fakenamegenerator.com. Might want to screenshot the page for later.
Sign up for DigitalOcean with a fake e-mail and a random password. Fake Name Generator is kind enough to provide both if you like.
Confirm e-mail, then set up billing. Use the FNG identity from above, and the prepaid card you purchased before. Phone number and billing address are not verified. Also, use promo code DODEPLOY for $10 credit without ever hitting the card.


----------



## Schultz (Jun 18, 2014)

Perhaps?

Exchanging your funds via bank account to BTC, tumbling your BTC through a service like Bitcoinfog to make the BTC anonymous, then paying to a proper no logging VPS service like http://prq.se ?

Using the method you gave us, it can trigger security systems like Max Mind for anti-fraud.


----------



## Aldryic C'boas (Jun 18, 2014)

...there's a huge difference between security/privacy and anonymity.  Why exactly would you be encouraging this?


----------



## drmike (Jun 18, 2014)

The topic is rather necessary - big picture... Especially today in light of the never ending data disclosure (unintended) by companies.

We cannot forget the McMega corps who make a whole profitable business just on repackaging customer info and selling it to the worst marketing/sales/whatever entites.

In the lowend, do folks REALLY want a company ran by a 16 year old and his "reformed" minor buddies with hacker proven tendencies marinating over you and your info?

In some ways, this sort of unknown entity is good for providers who can refuse to service such entity when there is a real problem with their account (hacking, DMCA, Tor, etc.).  No refund, no bickering per se....

Obvious downsides are the above though too.

In general, I support this concept / notion / general movement and glad this is still able to be done without Bitcon and that layer of abstraction.


----------



## DomainBop (Jun 18, 2014)

I'll pipe in with a complete anonymity is probably not achievable.

Let's start with #1 on the list "setup TOR".  From a Wired article titled "How to Anonymize Everything" published on Tuesday:



> Even if you run Tor to anonymize every individual Internet application you use, your computer might still be leaking identifying info online. The NSA has even used unencrypted Windows error messages sent to Microsoft to finger users and track their identities. And an attacker can compromise a web page you visit and use it to deliver an exploit that breaks out of your browser and sends an unprotected message revealing your location.
> http://www.wired.com/2014/06/be-anonymous-online/


----------



## drmike (Jun 18, 2014)

Even though stuff is very leaky, doesn't mean folks should abandon the concept and run wide open.

It's time for more disposable computing instances in hand and on the desktop.  Where the browser is freshly cleaned, masked...  Where Windows isn't running... Where things come by default as paranoid and locked.


----------



## Nett (Jun 19, 2014)

D. Strout said:


> Confirm e-mail, then set up billing. Use the FNG identity from above, and the prepaid card you purchased before. Phone number and billing address are not verified. Also, use promo code DODEPLOY for $10 credit without ever hitting the card.


DO now asks you for your ID.


----------



## Hxxx (Jun 19, 2014)

Prepaid MC and VISA , If I'm not wrong, they don't work for DO. Usually one has to use PayPal, attach that card and do the payment.

DO will check if the card can be recursively charged like typical CC.


----------



## Hxxx (Jun 19, 2014)

Also they do randomly ask for ID.


----------



## willie (Jun 19, 2014)

I thought you need to ID (at least over the phone) to activate those prepaid credit cards, and then they send further stuff in the postal mail.  I imagine they check your info against a credit database but even if they don't check and you give a fake address, they'll probably figure it out and cause some hassle.  Bitcoin isn't anonymous either of course.


----------



## Schultz (Jun 19, 2014)

willie said:


> Bitcoin isn't anonymous either of course.


BTC can be tumbled using secured services so that the origin of the bitcoin is unknown. Tested and proven to work. Services like Bitcoinfog offer this.


----------



## MartinD (Jun 19, 2014)

Still don't understand all of this or the need for it.

Yes, if you're in an oppressed state or your government is trying to kill you because of war then fair enough.. but I think getting a pre-paid Visa is the least of your problems.


----------



## mtwiscool (Jun 19, 2014)

They are vps services that allow anonymous sign ups with btc but they do cost a bit more as they are usely offshore.


----------



## Nett (Jun 19, 2014)

mtwiscool said:


> They are vps services that allow anonymous sign ups with btc but they do cost a bit more as they are usely offshore.


BTC is no longer anonymous.


----------



## mtwiscool (Jun 19, 2014)

Nett said:


> BTC is no longer anonymous.


You can make a new bitcoin wallet over a vpn and use a pre-paid card or a phone credit payment to top it up and use a new address for each payment.

simple really.


----------



## Nett (Jun 19, 2014)

mtwiscool said:


> You can make a new bitcoin wallet over a vpn and use a pre-paid card or a phone credit payment to top it up and use a new address for each payment.
> 
> simple really.


So what? They can track down from the VPN or the pre-paid card.


----------



## mtwiscool (Jun 19, 2014)

Nett said:


> So what? They can track down from the VPN or the pre-paid card.


It depends how good you are at coving your tracks and how far you want to go.


----------



## Kayaba Akihiko (Jun 19, 2014)

Instead of getting a pre-paid card why not get a virtual credit card from websites like Bancore, just use an App like TextPlus to verify the account


----------



## Onra Host (Jun 19, 2014)

I think some people have misunderstood the whole point of the OP's topic. 

From my understanding the post is for being anonymous to the companies you sign sign up at. The point intended is not to stay hidden from everyone including the government.... I mean he isn't necessarily writing a guide called "how to commit a crime on the internet".


----------



## MartinD (Jun 19, 2014)

No, I got the point.

Why would you want to stay anonymous to the company you're signing up with? You'd only do that if you were pre-empting dodgy activities that you know they'd have to pass your info on for.


----------



## mtwiscool (Jun 19, 2014)

Cyberbunker allows anonymous sign up's.


----------



## WebSearchingPro (Jun 19, 2014)

Kayaba Akihiko said:


> Instead of getting a pre-paid card why not get a virtual credit card from websites like Bancore, just use an App like TextPlus to verify the account


The problem with virtual credit cards from what I've seen is the extensive verification they do on the user anyways. If the virtual credit company gets pressured into releasing details or got hacked the safety of the user identities would be gone.



MartinD said:


> No, I got the point.
> 
> 
> Why would you want to stay anonymous to the company you're signing up with? You'd only do that if you were pre-empting dodgy activities that you know they'd have to pass your info on for.


In some cases having a level of anonymity can help in non illegal activities such as leaking pictures of a new device you want and specs without fear of Microsoft rooting through your stuff (Linky) or ferociously tracking the spoiler down.


----------



## willie (Jun 19, 2014)

MartinD said:


> Why would you want to stay anonymous to the company you're signing up with? You'd only do that if you were pre-empting dodgy activities that you know they'd have to pass your info on for.


That doesn't make much sense.  I want to be anonymous to pretty much everyone.  If I buy beer, I'm not going to do anything dodgy with it (like drink and drive), but I don't want identifiable records kept of the transaction so someone can track my drinking preferences or keep the info on file in case the Taliban takes over the US and goes after beer drinkers.  I don't go to those bars where they scan your drivers license at the entrance.  If I buy a newspaper I don't want a record of that either.  Anything interesting content in it is going to be disfavored by someone or other, so I don't need them knowing that I bought the paper.  There's not much potential for a buyer abusing a newspaper, so the abuse potential on the seller side predominates the issue.

For VPS there's substantial enough abuse potential on the buyer side (e.g. spam) that sellers generally don't want to deal with anonymous buyers and the tradeoff changes.  I can understand this and go along with it, and I like the budget VPS industry since 1) they tend to have some clue about privacy, and 2) they're too overworked keeping their stuff running to spend much effort on abusing the info they have available.  If Google offered free VPS I wouldn't use them since they have the resources and mindset to abuse any info they can touch.  There are certainly non-dodgy uses of VPS where anonymity is important: for example, maybe you have a blog where you write about controversial ideas (such as privacy).  There are still ways to do that but it's not as convenient as it would be in a more ideal world.

I notice that VPN services seem a bit more anonymity friendly than VPS, maybe because of lower abuse potential on the buyer side, or maybe because a high enough fraction of VPN users want anonymity that hosts don't want to pass up the business.  That may also be reflected in the higher costs of VPN services vs. running a VPN on your own VPS.

Anyway if you're doing something dodgy that's likely to get noticed (e.g. spamming) then anonymity won't help much, the VPS will get shut down either way.


----------



## drmike (Jun 19, 2014)

Nett said:


> DO now asks you for your ID.


DigitalOcean, really?  They are requesting ID docs?  Under what conditions/terms/etc.?

If so, I am promptly cancelling all services I have with them.


----------



## Aldryic C'boas (Jun 19, 2014)

Onra Host said:


> I think some people have misunderstood the whole point of the OP's topic.
> 
> 
> From my understanding the post is for being anonymous to the companies you sign sign up at. The point intended is not to stay hidden from everyone including the government.... I mean he isn't necessarily writing a guide called "how to commit a crime on the internet".



If you don't trust your provider, why would they ever trust you?


I deal with this pretty frequently, people trying to sign up under anonymous or falsified information ("Fake Name Generators" aren't as reliable as you think against experienced auditors).  Tons of excuses; _Some providers are sketchy / I don't want my info leaked / I'm really just ordering for a friend_... I've probably heard them all by now.


It all boils down to doing your research before choosing a provider.  If you want your data to be as safe as it can, don't want to worry about how many Kevin Hillstrands teenagers have access to your address, CC, and phone... don't go with shady hosts.  A host that's anal about who they let on their network is a host that's taking care not to compromise a node's worth of clients by letting one asshole one rampant.  A host that will take anyone so long as it means a buck?  The next skid with a buck is more important to them than doing right by you.

Security, safety, and privacy are reasonable expectations and precautions;  values I think everyone should strive for.  Anonymity is NOT these things - it is a lack of personal responsibility.  The GIFT is never so obvious as when you give an Anon resources they can abuse.  Is being anonymous that important to you?  Go FUBAR someone else's gear - we have legitimate clients to protect.


----------



## MartinD (Jun 19, 2014)

^ I'm glad to see this knowing I'm not the only one. We carte blanche refuse customers who don't provide correct info and try and use VPNs or proxies. As you said, if you don't trust your provide why would they trust you.


I have one customer who shall remain nameless but despite having all their information, and getting pressure from our upstream and the UK government I gave nothing away and refused to remove them. I'll do that for a legitimate, honest customer. If you want to try and hoodwink me I'll give you up in a heartbeat without a second thought.


Respect and honesty goes both ways. I like Aldryics advice; don't deal with shady hosts and you'll be fine.


----------



## drmike (Jun 19, 2014)

Damn it Ald!

*"If you don't trust your provider, why would they ever trust you?"*

I fully agree with such.  That's why the companies I maintain service with has gone way way down. Has made me question why I even need things out there online in the big picture.  Where can I forego such...?

Now getting to this trust factor, I've long been at this and related professional services....  I've seen folks do good and next week go on a bender where their business was useless.  Same concept applies to trust, privacy, related.

So, yes, this is the big see-saw or hinge point for providers:

*A host that's anal about who they let on their network is a host that's taking care not to compromise a node's worth of clients by letting one asshole one rampant. *

^--- I just had a small discussion with a provider about customers yipping about proactive monitoring - complaining when snagged by such and others complaining that such should be even more limiting to prevent mass casualties on a server.

That's the big picture, risk exposure of shared resources. 

In business, a company makes decisions based on sales, quotas, forecasting.  Similarly and often underlying is the amount of risk they will assume.  Each business should suit the ownership and their tolerances (it's their ugly baby).

Now bigger picture, we have special isolation points with a VPS:   raw CPU abuse, bandwidth abuse, spam/network behavior abuse, high disk IO.

The disk IO and CPU are the biggies on VPS and origin of most problems.  So proper monitoring and container crusher to keep people in the boundaries, is priceless.

BW + Spam + Network behavior abuse, these apply to MOST services - not unique to VPS.   Again, requires automation, monitoring and proactivity.

Bigger picture, look at the VPN market (oh you provide VPS instances those companies burn) ... The real companies out there manage the balance between private-like services and managing risk and/or abuse.

I find the provider side of this, well, an art form.


----------



## MannDude (Jun 19, 2014)

I pay via PayPal and use a legitimate, real, PO Box as my address when signing up for new services and domains. The PO Box is like $60 year and ensures that (god forbid) there was a WHMCS leak, my physical address could not be determined. Also I won't enter card details for any provider directly, so even paying with a card payments are processed via PayPal. I don't really have any privacy or security concerns this way because I sign up with hosts that I trust.

<shrugs>


----------



## drmike (Jun 19, 2014)

Aldryic C said:


> The GIFT is never so obvious as when you give an Anon resources they can abuse.  Is being anonymous that important to you?  Go FUBAR someone else's gear - we have legitimate clients to protect.


This stood out too  Let me fine tune it.

Point:  VPS market is many providers who have customers.   Those customers are a basket of non-business folks.  Most are leisure/fun/mischief.

This point about protecting clients, yeah, companies ought to have business customers, know such and be proud of such.  That's a market differentiator and sustainable.    Direction to go unless you like swapping deck chairs on the VPS Titantic as unloyal consumers trade their hobby VPS for the one that is $1 less.


----------



## drmike (Jun 19, 2014)

MannDude said:


> I pay via PayPal and use a legitimate, real, PO Box as my address when signing up for new services and domains. The PO Box is like $60 year and ensures that (god forbid) there was a WHMCS leak, my physical address could not be determined. Also I won't enter card details for any provider directly, so even paying with a card payments are processed via PayPal. I don't really have any privacy or security concerns this way because I sign up with hosts that I trust.
> 
> <shrugs>


Lots of leaks, not just WHMCS.   Points of data on an account can yield all sorts of oh shit info.  Considering the propensity of segment of the audience to SWAT folks, I'd say having non-info as your info is just plain sensible.

PO Box info, yeah, it keeps the casual PITA away, but fully able to get your info from the government without any credentials or legal order... Just saying.


----------



## MannDude (Jun 19, 2014)

drmike said:


> Lots of leaks, not just WHMCS.   Points of data on an account can yield all sorts of oh shit info.  Considering the propensity of segment of the audience to SWAT folks, I'd say having non-info as your info is just plain sensible.
> 
> PO Box info, yeah, it keeps the casual PITA away, but fully able to get your info from the government without any credentials or legal order... Just saying.



Meh. Gubberment knows where I live anyway, because I pay utility bills in my name, have a drivers license, license to carry handgun, vehicle registration, have mail delivered to my home, etc, etc. I'm not concerned with that, they know where I live. Unless the big lady behind the counter at the BMV is some LET skid, I'm not concerned. My only concern is some skids testing newly released exploits on systems that may have my personal data on it from providers who weren't fast enough to patch.

I would never willingly accept an order, as a provider, from anyone using falsified information. The seems like a haven for abuse or having neighbors on the same server that probably lack some sort of moral fiber and would be abusing the service.

I know there are providers who'll accept any ol' order, but they're not providers I'd want to actually use.


----------



## DomainBop (Jun 19, 2014)

MartinD said:


> We carte blanche refuse customers who don't provide correct info and try and use VPNs or proxies. As you said, if you don't trust your provide why would they trust you.


The rDNS of the IP address on my everyday VPN is a domain my company owns, the WHOIS is public, and I'm listed as the domain contact so I'm less anonymous than a non-VPN user who is using a home cable connection.


----------



## drmike (Jun 19, 2014)

MannDude said:


> Meh. Gubberment knows where I live anyway, because I pay utility bills in my name, have a drivers license, license to carry handgun, vehicle registration, have mail delivered to my home, etc, etc. I'm not concerned with that, they know where I live. Unless the big lady behind the counter at the BMV is some LET skid, I'm not concerned. My only concern is some skids testing newly released exploits on systems that may have my personal data on it from providers who weren't fast enough to patch.


The matter isn't truly being invisible to government.  In theory they have access to the pipes to and fro and by design, so navigating around those landmines takes quite a bit of additional effort.

All those points of data you freely put out there, those are problems.   As bad as skid operators are, government isn't very much better.

An example, I think it was State of New York, that published data of name and address of every "REGISTERED" gun owner.  1. Why is government collecting said info?  2. Why is such information public?    Anything government has or gets, expect for them to be selling/trading/giving to corporations and data aggregation companies.  All of that can and will be used for profiling and doing less than benefical things to you, eventually.

*My only concern is some skids testing newly released exploits on systems that may have my personal data on it from providers who weren't fast enough to patch.*

Explain what you mean - like WHMCS hack where you are customer, right?

See I go further than that.  I want to know a company is either two partners investing their life (or small limited number of partners busting tail) or that they are a real company with real employees and policies.  Hard to say real company and privacy in the same breath as people get outted for outsourcing to people living in countries where the long arms of justice can't reach them.  Seen quite a few former employee data releases.


----------



## willie (Jun 19, 2014)

1. Trust is not binary and it is not transitive.  VPS hosts trust their clients to not commit rampant abuse of the VPS itself, but they don't give out the root keys to the host node.  Clients similarly trust the host to not run off with their 7 bucks but they shouldn't put highly sensitive info (payment instruments, PGP signing keys) onto the VPS.  So in both directions there is neither complete distrust nor complete trust.  Where does disclosure of one's personal info fit on that scale of intermediate trust?  It will vary from person to person.  I don't mind a VPS host having the info but I was upset to find out that they were then turning the info over to ARIN for ipv4 justification.  My requests to buy ipv6 VPS with no ipv4 to avoid this disclosure have mostly gone unanswered.

2. Any host that offers services to resellers generally already will not know who is using their network.  Yet they do it anyway.  So the idea that hosts need the info is unconvincing.  As long as abusers get booted pretty quickly that seems to be all anyone expects.  (Good example by Drmike: VPN hosts actually operating on other companies' VPS.  I forgot about that).

3. Overuse of local machine resources (CPU/disk) seems easy to mitigate with automatic monitoring/throttling and have little long term effect if it doesn't happen too often.  I'm surprised that it's a significant issue compared to network abuse.  People (like me) wanting to engage in 24/7 CPU saturation figure out pretty quickly that dedicated servers are the way to do it.  There's no problem getting unlimited CPU resources anonymously (buy a PC with cash and use it at home).  Main purpose of a dedi for me is to get the noisy thing out of the house.


----------



## drmike (Jun 19, 2014)

willie said:


> I don't mind a VPS host having the info but I was upset to find out that they were then turning the info over to ARIN for ipv4 justification.  My requests to buy ipv6 VPS with no ipv4 to avoid this disclosure have mostly gone unanswered.


Well @willie, I agreed with your points and  good to see a like mindset.

The ARIN disclosure by providers, of your personal information (name, address, city, state, zipcode, phone?  email, IPs issued) - it turns out is 'normal' ARIN shakedown and their rules don't explicitly say/require such.   But this practice of forcing the info out of providers is and has been norm for a while, supposedly.   

I only became aware of this issue this year.   I expect disclosure when and where such is said by the provider, and not in vague BS clauses under partners and legal compliances.  ARIN is neither a partner nor are they the government or a court.

Handing info over even for a single IP is highly problematic and I think wrong and perhaps illegal if someone takes the matter to a court.

ARIN also explicitly says they aren't liable for any disclosures of your private corporate info (which would include said data).

A movement for IPV6 only services, yeah it sure is making lots of sense to me now.


----------



## nunim (Jun 19, 2014)

I can't believe that no one has mentioned that we've already had this topic, didn't it seem familiar to anyone else?



PayPal now accepts prepaid card as well.

[Edit] I'd also like to point out the fact that as long you're not hiding from the US intelligence community (or "special relationship" countries I suppose, depending on how important you are), it's fairly easy to be anonymous on the internet if you don't get sloppy, i.e. always use an outside line.

My point from the last topic still rings true, the hardest part of being anonymous is not betraying yourself via writing style (which I'm still unsure how to effectively combat aside from a group personal).


----------



## DomainBop (Jun 19, 2014)

mtwiscool said:


> Cyberbunker allows anonymous sign up's.


True, but their privacy policy also states:



> We reserve the right to disclose personally identifiable information, without notice, if we believe that such action is necessary to defend and protect the rights or property of CyberBunker or to protect the personal safety of CyberBunker's staff.
> http://www.cyberbunker.com/web/privacy-policy.php


----------



## willie (Jun 20, 2014)

drmike said:


> Handing info over even for a single IP is highly problematic and I think wrong and perhaps illegal if someone takes the matter to a court.


There is that, but you have to figure that if the info for a single IP exists at all, it is accessible to someone who wants it enough.  More bothersome is the idea that there's a consolidated database someplace saying who is using essentially every IP address with a VPS address behind it.  It's a good bet that the US Gummint and other such entities have gotten their hands on copies.  I wonder if the situation in Europe is any different (RIPE has been exhausted for a while).  I need another dedi and am thinking of going to Hetzner in part because their midrange machines have more disk space than OVH's.  The IP disclosures may be another reason.


----------



## VPSCorey (Jun 20, 2014)

The second you google for the tor client the whole world knows you're interested in tor.

If you do something bad all it takes to track you down is finding your VPS, easy enough nowdays with digital fingerprinting tech, then finding the card used, then finding where it was purchased.  Pulling video camera feeds to get your mugshot, pulling traffic camera footage to grab your license plate or follow your bus etc back to your house and then send the FBI to bust down your door.  The only reason these guys dont get picked up faster is that they're already tracking you and just building a solid case to ensure you do go to jail, not that they cant find you.  Scary right  lol

Retail stores are working with facial recog tech to identify and track cash customers as well.  Might not be taking pictures of your eyeballs everywhere, but we are very much the minority report advertising world now.  Soon if you walk too fast to the shitter in public you'll get text messages with coupons for immodium, or if they see that your leg is broken, an aflac commercial will pop into your facebook feed.


----------



## cspacews (Jun 20, 2014)

drmike said:


> DigitalOcean, really?  They are requesting ID docs?  Under what conditions/terms/etc.?
> 
> If so, I am promptly cancelling all services I have with them.


It is pretty obvious that any provider would ask for some Legal Verifiable document to check its genuineness.

If you show them random proof i am sure they will do it themselves.


----------



## KuJoe (Jun 20, 2014)

I always find it weird when bank tellers won't handle my transactions when I'm wearing a ski mask. Strange right?


----------



## Aldryic C'boas (Jun 20, 2014)

And they still wouldn't help me after I threatened to just go to another bank!  The nerve!


----------



## willie (Jun 20, 2014)

KuJoe said:


> I always find it weird when bank tellers won't handle my transactions when I'm wearing a ski mask. Strange right?


Interesting.  As long as it's an automatic teller, I haven't had any problem doing that.


----------



## Aldryic C'boas (Jun 20, 2014)

willie said:


> Interesting.  As long as it's an automatic teller, I haven't had any problem doing that.


At least one bloke got picked up by the cops here for doing that.  Bank reported repeat transactions from someone in a mask, so the cops sat and waited.  Turned out to be 'legit' (just a kid doing something dumb)... but hey.


----------



## Hxxx (Jun 20, 2014)

Aldryic C said:


> At least one bloke got picked up by the cops here for doing that.  Bank reported repeat transactions from someone in a mask, so the cops sat and waited.  Turned out to be 'legit' (just a kid doing something dumb)... but hey.


Is pretty dumb and suspicious, but is that illegal? I know that (usually) one cannot enter to a Financial Institution wearing glasses or hats, much less masks, but for ATM? Maybe the ATM had a warning "People using masks are not allowed to use this ATM" . At least the bank was diligent.


----------



## Aldryic C'boas (Jun 20, 2014)

hrr1963 said:


> Is pretty dumb and suspicious, but is that illegal? I know that (usually) one cannot enter to a Financial Institution wearing glasses or hats, much less masks, but for ATM? Maybe the ATM had a warning "People using masks are not allowed to use this ATM" . At least the bank was diligent.


Not illegal, but suspicious for sure.  Honestly, I feel the bank was in the right for asking the cops to check it out - proactive security is far preferable to reactive.


----------



## DomainBop (Jun 20, 2014)

KuJoe said:


> I always find it weird when bank tellers won't handle my transactions when I'm wearing a ski mask. Strange right?



Apply some pink lipstick around the mouth opening of the ski mask, put on a blonde wig, and go to a male teller.  Works every time.


----------



## Schultz (Jun 21, 2014)

DomainBop said:


> Apply some pink lipstick around the mouth opening of the ski mask, put on a blonde wig, and go to a male teller.  Works every time.


Don't tell me you forgot to do your eyelashes?

The teller wont assist you if you haven't done your eyelashes.


----------



## Chuck (Jun 21, 2014)

Many VPS providers don't allow Tor.


----------



## Echelon (Jun 22, 2014)

Anonymity is destroyed as soon as you reach step two and purchase the prepaid debit card. Entering the gas station, convenience store, or other location exposes you to being recorded on surveillance cameras. Trace the card number to the location it was activated at, and review the surveillance to determine who purchased the card.


----------



## raindog308 (Jun 22, 2014)

Echelon said:


> Anonymity is destroyed as soon as you reach step two and purchase the prepaid debit card. Entering the gas station, convenience store, or other location exposes you to being recorded on surveillance cameras. Trace the card number to the location it was activated at, and review the surveillance to determine who purchased the card.


That assumes one of the following:

1. some central agency (e.g., the NSA) is collecting the VHS tape from every mom & pop and storing them in some vast archive

2. the video is archived forever - I suspect 99.9% of all gas station videos are recycled within a few days

3. the purchaser takes some action to alert said law enforcement within the retention time of the video

4. the purchaser himself/herself does not use an agent ("hey mr. homeless, wanna make $20?")


----------



## willie (Jun 22, 2014)

raindog308 said:


> That assumes one of the following:
> 
> 1. some central agency (e.g., the NSA) is collecting the VHS tape from every mom & pop and storing them in some vast archive


VHS tape?  It's all digital now.  We're heading into an era where at least for large chain stores, all the video will probably get uploaded to a server farm for automated facial recognition for marketing purposes if nothing else.  Those places are obsessed with consumer profiling.  See the famous story about Target:

http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/

They do that by matching purchases through loyalty cards, credit cards, etc.  But with facial recognition they'll be able to do it even when you pay cash.  Makes me want a Guy Fawkes mask.

At meetings of my old security group, we used to all throw our loyalty cards into a hat, mix them up, and pull them out again (i.e. we'd all swap cards randomly), just to mess with the profiling.


----------



## hzr (Jun 22, 2014)

willie said:


> At meetings of my old security group, we used to all throw our loyalty cards into a hat, mix them up, and pull them out again (i.e. we'd all swap cards randomly), just to mess with the profiling.


That seems like overkill, just enter +1[any area code]8675309 when it asks


----------



## Aldryic C'boas (Jun 23, 2014)

...and now that song will be stuck in my head all day -_-


----------



## Neo (Jun 24, 2014)

1. Buy some kind of prepaid card like paysafecard.

2. Singup with TOR at Hotmail or GMail and go buy a Domain/VPS

Worked at my side, but they deadpooled after a few weeks.


----------



## drmike (Jun 24, 2014)

When you have ahh companies with mass fails like we just saw - VPS segment... yeah.... Include Target in that bunch for brick and mortar fails, it's no wonder why "anonymous" transactions need to exist.  I just heard ID theft/compromises last year in the US were like 40% of the US public.  No f'n thank you.

People every year look at me more oddly as I unwind a wad of cash and pay for what I buy with genuine debt notes (nice to 'buy' something with essentially a mass IOU note)....

I recall being asked for ID in past several years to buy something pedestrian. Lighter fluid maybe?  Yeah those sort of places I don't spend IOU notes at.

People might not like it, but there is an entirely legit market of privacy-centric folks out there who are hackers, skids, political nuts, etc.   just people who want some perceived piece of mind, privacy, related.


----------



## nunim (Jun 24, 2014)

willie said:


> ... At meetings of my old security group, we used to all throw our loyalty cards into a hat, mix them up, and pull them out again (i.e. we'd all swap cards randomly), just to mess with the profiling.


That's kind of a neat strategy, but since you're trading your loyalty cards you're losing out of anything you "earned" thus seemingly defeating the point of loyalty cards, no?

Where can I find a local group like this?


----------



## willie (Jun 24, 2014)

nunim said:


> That's kind of a neat strategy, but since you're trading your loyalty cards you're losing out of anything you "earned" thus seemingly defeating the point of loyalty cards, no?
> 
> Where can I find a local group like this?


You got substantial discounts at the register for stuff you bought with the card.  There may also have been "rewards" that nobody cared about.  If there's not a group where you live, that means you're elected to start one!


----------



## eddynetweb (Jun 26, 2014)

You'd think that the fraud systems providors setup would catch this.



raindog308 said:


> That assumes one of the following:
> 
> 
> 1. some central agency (e.g., the NSA) is collecting the VHS tape from every mom & pop and storing them in some vast archive.


You could just put a ski mask on, it's more normal then a bank. They would suspect a thing, right?

/man walks in with a ski mask to gas station/


Man with a ski mask: Can i get a prepaid Visa card?


Man at the cash register: Why do you have a mask on?


Man with a ski mask: Umm, it's could outside?


Man at the cash register: hm... HM... Seems legit.


----------

