Purchasing Physical Items Online with Increased Privacy or Near Anonymity

in #privacylast year

image.png

A quick virtual pamphlet to explain the ways in which you can increase your privacy or attempt to be entirely anonymous while purchasing anything online.


So, you wish to purchase something online while protecting your personal privacy? In this quick document I will outline the ways in which you can achieve that. This guide will mainly focus on two levels of privacy. The first level will focus on more standard privacy, which will make it harder for an individual to get details about you such as your name and address. This will mainly focus on requiring several layers of ‘exposure’ to get to your identity. For this document, ‘exposure’ is defined as records being accessed, be it from a hack, malicious actor with legitimate access, a malicious online store, or a subpoena (though if you are actually under investigation from a government entity they will just subpoena all required sets of records).

The second level, for the more paranoid of us, will aim to make it very difficult for anybody to retroactively determine your identity from your purchase based on any stored records. That said, if you were currently being investigated by the government it probably will not help you, though there is very little that could actually get you into trouble that you could buy online from a legitimate online web store.


For Information/Educational/Entertainment Purposes. Perform at your own risk. Follow all local laws.

Licensed Creative Commons SA – You are free to redistribute this or use it’s content, even for commercial purpose, with or without credit (though credit is always nice).


Your Internet Connection

Normally, if you are using your home internet with a normal browser there are two main things that may identify you: your IP address and browser cookies. When browsing a website your IP address will likely be logged by the website and your ISP (internet service provider) will log the fact that you loaded that specific site; though your ISP will be unable to see the content transmitted assuming that the site is encrypted using https. Your IP can trace you back to a specific geographical location, but you generally cannot be identified personally unless your ISP’s records of your IP address(s) are exposed.

Cookies, which are small files identifying your browser, on the other hand, may be able to easily identify you. The site you access may place their own cookies on your browser for purposes such as tracking what pages you have viewed or identifying what user account you have signed in to. Additionally, however, tools like Google Analytics (which are implemented into a large number of sites) track your usage across the web and will link your activity across any site which implemented such tools.

Finding Privacy Regarding Your Internet Connection

With an exception to cookies, your internet connection has a decent baseline when it comes to the privacy of purchases when compared to other aspects of an online purchase (at least relatively speaking). Aside from details entered on a website (such as a name and address), in order to get the details of content exchanged the data from both the site of the purchase and the data from your ISP would have to be exposed. Nevertheless, there are actions that can still be taken to increase your privacy.

Cookies (lvl 1): The easiest way to greatly increase your privacy while purchasing items online is to prevent tracking from cookies. Your best bet is to simply browse the online store in the incognito mode of your browser, or better yet set your browser to clear cookies automatically.

Public WiFi (lvl 2ish): In order to prevent an ISP from knowing that you accessed a specific site the easiest way go about this may be to use public WiFi. By doing this there is no way of knowing that it was your device on that network that loaded the site. Though it always used to be a bad idea to process a payment on public WiFi in the past, now that most sites use https you are likely fairly safe. That said, there are three things you must take into consideration. First, you must make sure that your device is using a random MAC address. A MAC address is an identifier for your device, and the public WiFi may be logging MAC addresses and associating them with network usage. Many devices now allow you to use a randomized MAC address, however, so be sure to set it up to use a unique MAC address each time it connects to a network. Secondly, make sure your device’s screen cannot be seen by any cameras. Last, there must be others using the WiFi network while you are using it.

VPNs (lvl 2): Usually, your connection goes from your device, through your ISP, then to the server(s) hosting the web store (albeit a bit of an oversimplification). Using a VPN, however, your connection goes through your ISP to the VPN servers, then from the VPN servers to the server(s) hosting the web store. Assuming the VPN does not log your connections (which any good VPN will not), and assuming the VPN is not malicious and is not hacked (which, for example, Nord VPN has been several times); then your ISP can see you are using a VPN, and the web store can see you are using a VPN, but they will never end up knowing more than that.

Tor (lvl 2): Tor (a.k.a. ‘The Onion Router’) functions similar to a VPN, however, it routes your traffic through three different servers instead of the standard one that a VPN will, making it the holy grail of anonymity. Tor is free, open source, and can run with minimal configuration.


Payment Processing

Payments can be the hardest or the easiest portion of this guide, depending on what your limitations are and what you intend to achieve. In the last twenty years there have been a lot of increased scrutiny on the financial system put into place to attempt to combat bad actors, but most of that is on the receiving end of money—and compared to what it could be in the future the nature of money could very well still be the wild west.

The goal of this section is to explain how you can prevent your purchase from easily being attached to your name in real time or retroactively. Some of these methods can end up costing you more then if you were to just use your credit card, and most may consume extra time, but if you are reading this then you are probably willing to consider those trade offs. Some of these may require in person actions, so consider checking out the fourth section of this document.

Virtual Credit Cards (lvl 1): There are a number of virtual credit card companies such as Privacy.com popping up, which allow you to create a virtual credit card that can be used under any name and disabled at any time. This is useful to hide your name from any online store, and deter fraudulent use of your credit card, though the virtual card company will still see a payment to the online store.

Alias/Authorized User/DBA (lvl 1): If avoiding giving your name to an online store is all you are looking to do, it is possible to just invent an alias and use the modern banking services we are all used to. Before you get worried I’m going to start talking about fraud and money laundering, there are actually a number of mundane and legal ways to go about this. First, you could add an authorized user to your existing credit card under an alias and use that to prevent being required to give your real name when processing a credit card. Secondly, (assuming you’re American) you can go to the IRS and get an EIN (employer identification number) for said ‘alias’ and cosign a credit card application with your real name (to get around no credit score on the EIN) to get a real credit card under the so called ‘alias’. Finally, you could file a DBA (or jurisdictional equivalent such as an ‘assumed name certificate’) to go with your ‘alias’ and EIN to open a bank account under the other name. Consider this a poor man’s shell corporation without the legal complication of a shell corporation.

Prepaid Cards & Gift Cards (lvl 2): You ever notice that nearly every corner store, gas station, and super market seem to have a bunch of gift cards and prepaid visas? Well you can always buy one of those with cash and then use that. The gift cards usually have no fee, but are limited to only a specific service; and the visa cards usually work anywhere within your country, but have a small fee attached.

Crypto: (lvl 1 or 2): You can buy crypto through a service like Coinbase and use that on any web store for level one privacy as you will not give the store your name or personal details through the transaction. If you want level two you have two options: first, you can buy crypto through a method that does not require personal details (such as with cash or prepaid visas); or you can buy it through methods like Coinbase and then move it around a few times, such as converting it to Monero and back several times. That said, between tools like Cipher Trace having unknown capabilities—and moving crypto around to hide it’s origin possible counting as money laundering—I can’t recommend doing that in any normal situation.

Money Orders (lvl 2): Despite the fact that you cannot cash a money order or check (or cheque, as you sophisticated people would spell it), sending a money order using cash is standard procedure. You can hand over the cash, fill out the money order, and mail it without any form of ID and sign it with any name. I actually new a guy who said he signed “Daffy Duck” on things like this.


Shipping and Receiving

This is probably the hardest part, since you actually need to pick it up from an address that you (presumably) have permission to ship to. That said, there are a number of ways to do this. If you are planning to simply avoid having the web store find your real name and/or home address there are a number of ways you can go about it, and there are still ways to go above and beyond.

Credit where credit is due, the last two methods are ripped strait from J.J. Luna’s book How to Become Invisible, third edition.

Alias and Home Address (lvl 1): If all you want to do is keep the web store from knowing your name, you can always just ship a purchase to your home address under a different name.

PO Boxes, etc (lvl 1): There are a large number of services that allow you to collect mail at a different address then your home address. From PO boxes, FedEx or UPS boxes, and mail forwarding services, these all allow you to collect mail without it being shipped to your home. Additionally, more one time services such as general delivery at post offices and amazon lockers allow you to pick up shipments on a more one time usage (and are generally free). You almost always need ID to use one of these services (though some smaller private mail forwarding/collection services may not require ID), however, you can usually still receive mail under different names if you have registered it as a DBA or jurisdictional equivalent.

Hotels (lvl 1 or 2): If you are staying at hotels, motels, or airbnbs then you can probably ship mail to that location. However, most (but not all) places will require an ID and/or a credit card for a security deposit.

Non-Local Local Businesses (lvl 2): It could be possible for you to ask around (best bet is on sites like Craigslist or equivalents) and see if a small business a bit of a distance away would be willing to receive your mail in exchange for a few bucks.

Uninhabited Properties (lvl 2): If you know of any uninhabited properties (from abandon warehouses to houses that are for sale but uninhabited), and you are able to track when the shipment will arrive, you could probably ship your mail to that property and pick it up when it’s arrived. It probably would not be morally or legally stealing since that would be your package, but I’m unsure if that’d be totally legal to ship to a property you do not own or have permission to ship to; as well as possible trespassing violations. If you did this you would probably want to bring a receipt for the shipment on the off chance you were questioned, as it probably would not look good if you were taking mail from a property you did not have permission to be on that did not match the name on your ID.


In Person Anonymity

To most people, going somewhere in person seems to provide the most privacy, while doing something online seems to provide the least. However, if you understand how to achieve privacy using tech then the reverse is actually true. This section of the guide is meant to provide you with a basic guide to ‘flying under the radar’ so to speak when performing actions in person (from picking up packages to buying items).

Picking a Location: To begin, you first need to choose where you will be. Your best bet is to go several towns or even a city away. Furthermore, if what you are buying is from a store, choose one you are rarely (if ever) in.

Getting to the Location: It really doesn’t matter how you get to the area, but it does matter that you walk the final distance. If you drove, rode a bike, or took public transport then make sure to stop a couple of blocks away and walk the rest of the distance. Yes, there may be records of you being in the area, but that is not important as long as there are no easy records of you traveling to that specific location. This certainly would not be a good strategy if you were committing a crime (or at least a serious crime), but if you are just looking to fly under the radar then it doesn’t matter that there are records of you being in a city, only that there are no records of you being a specific person at a specific store (or other intended location).

Cell Phones: There is no need for you to buy a burner phone or leave your personal at home. Just turn it on airplane mode and then wrap it in tin foil (or another signal blocking method) to prevent it from pinging cell towers. Please note that it is possible for some cell phones, even ones uncompromising with malware or other malicious software, to ping a cell tower while in airplane mode or while turned off—so signal blocking using tin foil and the like is still useful. If you really need an electronic device bring a tablet with the location turned off and do not connect it to the internet while you are near the location. If you really need a device for GPS use that tablet, but make sure that the maps software is not storing your location. If you are on Android consider trying OSMand.

Clothing: Most of your clothing does not matter too much, just make sure to wear clothing that does not stand out and that hides any tattoos or other marking features of your body. A hat is also good for hiding your face a bit, especially from cameras. Gloves, if they do not stand out, will prevent fingerprints (but gloves themselves can sometimes leave a unique print), however, this is not something to worry about unless you are planning on committing some sort of crime and thus outside of this guide.


Facial Recognition

With many city governments, business, and even some nations now applying facial recognition to all individuals within the vicinity of the scanners, it now may be worth addressing facial recognition regardless of whether you are actually committing a crime or not (not that commuting crimes is recommended by this guide). Facial recognition works by identifying mostly the eyes and shape of the face, though some more advanced ones can now identify you based on things such as your walk as well. That said, hiding your face will be your best bet, and a nondescript brimmed hat to block your face entirely from certain angles is a good start. Additionally, since eyes are the focus a pair of sunglasses are the next logical step. However, since many cameras use infrared light you may need a special pair of sunglasses to prevent your sunglasses from appearing completely clear to the camera. You can pay like $400 for a pair of reflectables brand glasses, or you can buy an $8 pair of infrared resistant sunglasses intended to prevent second hand Infrared and UV exposure in lab or welding environments.

Please not that while large amounts of infrared or UV is dangerous (which is why those protective glasses are made) infrared is naturally occurring. Some infrared cameras use naturally occurring infrared light, and some make a small amount of their own, but do not worry your eyes are not in danger from infrared capable cameras.

Finally, regarding facial recognition, a mask may be a useful tool. In the past it would have drawn too much attention, and in many jurisdictions such as NY it was (and still technically is) illegal to wear a mask in public; however, at the time of writing this it is perfectly acceptable to wear a mask in public. A mask like a bandanna would be best for anonymity, since it hides the shape of your entire face instead of showing your cheekbone size in the case of a surgical/n95 mask, and is not tight enough to show your face’s outline like in the case of a neck gator. That said, plenty of facial recognition software was quickly updated to identify people wearing masks during 2020 (albeit with a lesser degree of accuracy), both because eyes are more so the focus, and because surveillance always finds a way.


Closing Notes

I figured I’d leave the more boring monologue to the end here, so continue on at your own risk. Anyway, I have been hanging around in the virtual precious metals communities a bit lately and hear plenty of sentiment regarding the need for privacy (which who can blame anybody if you are storing literal gold or other precious metals at your home). Now, I don’t have too much, and most all of it is ETFs in my Roth (blasphemous, I know); but since I’m in tech I thought that something like this might be found useful by some people. I’ve also heard about plenty of issues in other areas, from online knife sellers in Australia having issues to people just wanting privacy on sensitive purchases.

Anyway, whether you are buying gold or sex toys, if you are looking for privacy then I hope I helped you with this guide. As noted above, you are free to redistribute this guide in any way you see fit. I’m just going to toss it up on the internet and if you find it interesting then feel free to share it around. The link below is to a web page that has a download link for this guide, as well as any other quick guides like this that I have done, and some details about me. http://nathankmbowie.com/pamphlets.html