Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
An Ethical Guide to Cyber Anonymity
An Ethical Guide to Cyber Anonymity

An Ethical Guide to Cyber Anonymity: Concepts, tools, and techniques to protect your anonymity from criminals, unethical hackers, and governments

eBook
€15.99 €22.99
Paperback
€27.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

An Ethical Guide to Cyber Anonymity

Understanding Sensitive Information

Before we start learning about the concept of cyber anonymity, it’s important to understand the level of sensitivity of information. In today’s world, information is power. If you look at the wealthiest companies in the world, all of them are related to information. Typically, we think illegal activities, including dealing drugs, selling weapons, and smuggling, generate lots of money and power, or “create kingdoms.” But the reality is, information has power exceeding all of these underground activities.

The world’s top wealthiest companies and individuals have gained this status by managing information. Typically, data is in the raw form of facts and statistics. This can be used for reference or analysis. Once properly analyzed, data becomes information. Information is generally processed data that gives us meaningful context that can be used for decision-making. That’s why information has become power as information is processed, structured, and organized data that enables powerful decision-making.

As an example, let’s take an advertising campaign that utilizes TV or social media advertisements. With TV broadcasting, it will broadcast to millions of people, but the target customer engagement would be a very low percentage. If social media is used, we could select the precisely interested or prospective users to advertise to. So, the impact will be very high. This is more powerful than we think. If you select the exact audience that you want the advertisement to reach, selecting attributes such as age group, gender, and geography, it will be more effective. Not only this, but nowadays, social media even has data about users’ genuine likes and dislikes. If we use social media, the advertisement will be delivered to prospective users. This is also known as direct marketing.

This chapter will cover the following main topics:

  • The categorization of information
  • Different forms of sensitive information
  • Raw data can create sensitive information
  • Privacy in cyberspace
  • Cyber anonymity

The categorization of information

Information can be further classified and categorized depending on the sensitivity. As an example, in today’s world, mobile phones have also become information repositories. Everyone’s mobile phone has a large amount of information that they have stored intentionally or unintentionally. Nowadays, information can be in different forms, not just text or numbers. It can be in the form of documents, images, videos, and so on. Some information is stored by users on their mobile phones intentionally. Users of mobile phones are aware that this information is stored. But there is also another set of information stored in phones without users’ knowledge.

People often confuse personal and sensitive information. Collecting, storing, using, or disclosing sensitive information is protected under different lawsuits around the world. A famous one is GDPR, passed by the European Union in 2016 and enforced in May 2018. These legal concerns are very strict on sensitive information. The reason behind this is disclosing sensitive information can have an irreversible effect on someone’s life. Let’s look at the difference between personal information and sensitive information:

  • Personal information: Personal information refers to any information about an individual or a person that makes them distinguishable or identifiable. Under the law, even if the information given is not accurate, it is still considered personal information.

Personal information includes an individual’s name, address, contact information, date of birth, email address, and bank information.

  • Sensitive information: Unlike personal information, sensitive information has a direct impact on the individual if disclosed. Sensitive information is a subcategory of personal information in a broader sense. Sensitive information may have a direct impact on or harm an individual if it is not handled properly.

Sensitive information includes an individual’s criminal record, health records, biometric information, sexual orientation, or membership in a trade union. If disclosed, the result may be discrimination, harassment, or monetary loss for the person to whom the sensitive information pertains.

If you look at the aforementioned information, what we need to understand is most Personally Identifiable Information (PII) is not confidential to our close relations and friends. Also, nowadays, our close circles have expanded to the global level with social media. Most social media users overexpose their own or other people’s personal information, either intentionally or unintentionally.

Different forms of sensitive information

Most users aren’t aware that when they access a web application or a website, it can collect some of their information. They just think that they are only accessing information from the web browser, but the reality is web applications can collect a lot more information than users think. To understand this, we can simply access https://www.deviceinfo.me (as shown in Figure 1.1). This website shows you how much information is collected from your device just by accessing a website. If you access this website with your mobile phone, it will display lots of information, including your mobile phone’s type/model, operating system, browser version, IP address, hostname, number of cores, memory, interfaces, and latitude and longitude. This shows that web applications and websites can collect almost all the information about a device.

Figure 1.1 – Information derived about your device

Figure 1.1 – Information derived about your device

This is a classic example of the data that a simple web application can collect, just by getting a device to access the application, without installing any agent or running a script.

When you look at the data that we have on our devices, mobile phones, or desktops, it can be sorted into a few categories. But not every case will contain PII.

Any form of information that could lead to any type of loss, such as financial, if accessed by a third party can be considered sensitive information.

Sensitive information can take different forms.

Mostly, people think that sensitive information is banking account information, including credit card numbers and social media account information. But a private picture or video clip can be even more sensitive than the preceding listed examples of sensitive information.

If you lose your credit card, the maximum damage that can occur is the credit limit of the stolen credit card is reached. But if someone accesses a private picture or video clip of yours, it can create more damage that might not be reversible.

Sometimes, we disclose sensitive information unintentionally. Let’s look at the following photo:

Figure 1.2 – Photo of a car, carrying sensitive information

Figure 1.2 – Photo of a car, carrying sensitive information

This photo was taken by someone trying to sell their car. As a precaution, the seller has even masked the numberplate to reduce the information this photo discloses. Even if you inspect this photo closely, you might not find any interesting information. But although the seller has masked part of the vehicle identification number, there is still a lot of information given away with this photo without their knowledge. This information is known as metadata. Metadata can be defined as data about data.

We usually look at the content of a file, but metadata discloses even more information than we are aware of.

Let’s look at the metadata of the preceding photo. Let’s access http://metapicz.com/, upload the image, and see what we can find. This site can acquire meta information on an image. It extracts information including the camera make, model, exposure, and aperture of the device.

Figure 1.3 – Derived information from a picture

Figure 1.3 – Derived information from a picture

The preceding screenshot shows the make of the device that captured the photo of the car, as well as the model and exposure. Exposure refers to the amount of light that comes in while you are pressing the capture button of a camera. Aperture refers to the opening of the lens of the camera to allow light through and focal length is the distance between the lens and the image sensor. So, if someone analyzes an image, they can get a massive amount of information, even about the lighting conditions of the environment during the time of capturing this image.

Figure 1.4 – More information from the image metadata

Figure 1.4 – More information from the image metadata

The preceding screenshot shows information related to the time the photo was taken, such as the created date and offset. Typically, offset refers to the time zone. According to this screenshot, the offset is +05.30, which refers to GMT +5:30, which is Asia/Colombo time, specifically, Kolkata. By analyzing this, we now know the region in which the photo was taken.

Figure 1.5 – Lens and GPS information derived from the image

Figure 1.5 – Lens and GPS information derived from the image

Personally identifiable data or information is anything that discloses information about you, including your name, address, telephone number, or social media identity, photos with contents that identify you, and even metadata. Also, your email address or IP can be treated as PII. We should be able to control our privacy and decide when, how, and to what extent our PII is revealed.

This is also known as data privacy. There are many initiatives and acts around the globe that relate to data privacy, but data privacy can be violated at various levels. Most of the devices we use today compromise our privacy even without us being aware. We will take Android as an example. Whenever you use an Android phone, it collects a lot of information about you as we usually connect our Gmail account to get the full functionality of the Android device. Once you have connected your Gmail account to the Android device, it will start collecting your information.

If you want to see what information about you Google is collecting, access https://myactivity.google.com/ and log in using your Google account that is connected to your device. You will be amazed to see how much information Google collects, including your web and app activity, your location history, and your YouTube watch history, that is, all the videos you watch and search for on YouTube.

If you go to the location history and click the Manage Activity link, you will see how much data your device has uploaded to Google.

Figure 1.6 – Activity recorded in Google

Figure 1.6 – Activity recorded in Google

If you select any of the dates, it will show you all your movements, including the method of commute, very accurate information about your walk, and even photos that you took taken during the journey using your device’s camera.

Figure 1.7 – Detailed information captured by Google

Figure 1.7 – Detailed information captured by Google

Even if you disable data connectivity on your Android device while traveling, the device will still collect all this information and upload it to Google whenever you connect your device to the internet later. This doesn’t just occur on the Android operating system; all devices do this – even your iPhone or Windows device.

If you want to check what information is being stored on your Windows device, press the Windows key + I to access Windows Settings | Privacy | Diagnostics & feedback | Open Diagnostic Data Viewer.

Figure 1.7 – Detailed information captured by Google

Figure 1.8 – Telemetric data shared with Microsoft by your device

This shows what your device is sharing with Microsoft. Not only operating systems but also applications collect our information. You may have noticed that many applications that you install on your device request access to your location, photos, and other sources of information, even if the app doesn’t need to use this information. As an example, if you install a flashlight app and it requests access to your location, that is suspicious.

The reality is most operating systems, applications, devices, and even manual systems collect this information. Sometimes, disclosing personal information can be dangerous. There was an incident reported in India recently related to this. A Business Process Outsourced (BPO) company that provides services to overseas companies from India was advertising a vacancy. Many people came for the interview. At the security post, there was an open register on which each candidate had to fill in information, including their name, address, telephone number, and email address. (This is common in many Asian countries.) There was a woman who attended the interview that got a call for a second interview at a different location in the evening. It was a bit suspicious, but the BPO company operates 24x7, so this wasn’t too odd of a scenario as during the first interview, they informed candidates that the job would be on a shift basis. The woman went for the second interview but never came back. Later investigations found that the call for the second interview was fake; her information was collected by someone who came to the same interview and as everyone was filling in an open registry, they were able to access all previous records. This shows how dangerous disclosing personal information can be. But still, I have seen many locations where retail stores do it especially during the 2020 pandemic, as they wanted to trace positive cases of COVID-19 and inform people who had come into contact with those infected people.

Raw data can create sensitive information

There are different ways we disseminate our data knowingly or unknowingly, including participating in different types of surveys. Sometimes, researchers who conduct surveys may not use the data for the intended purpose. Often, data collected as part of open or public surveys is used for different purposes. If a researcher is collecting data, it’s important that they disclose the purpose of the data collection, and the data collected cannot and should not be used for any other purpose than that.

The main advantage of having raw data for an attacker is that this raw data can be processed to get PII or sensitive information, which can be used for direct and indirect attacks.

In the previous section, we discussed what PII and sensitive information are. Let’s take an example. When you call a bank or service provider, typically, they ask a few questions to verify your identity. The questions they ask are really basic; as we discussed earlier, this might even be information you’ve shared with your close circle. These questions can include your full name, address, contact number, and email address. (In fact, I still remember the full names of most of my schoolmates as the first thing that is done in the morning at schools in my country is marking the register. Teachers usually read names aloud one by one, and if the student is present, they have to shout, “Present!” Because of this, I still remember most of my classmates’ full names and initials, even though we have long names in our culture!)

Why do service providers ask these sorts of questions? Because by collecting a series of information such as this, they can identify that they are communicating with the correct person. This is the principle behind claims-based authentication in federation trusts. Claims, rather than credentials, will be shared between the identity provider and service provider. Claims are typically attributes, and they are treated as raw data.

Another interesting fact is, once someone has collected raw data, they can easily find personal and sensitive information too. For these types of searches, attackers use different tools. One such tool is Social Searcher (https://www.social-searcher.com/).

If you want to find more information on someone, so long as you know their first name and last name, you also can start searching for them on social media. The Social Searcher web app is connected to multiple social media APIs and provides information related to the searched name and its respective social media accounts. There are many internet resources and tools like this that can be found in many open source distributions, including Kali, Parrot OS, Security Onion, and Predator. Later chapters will discuss different tools and techniques in detail to understand what type of integration these tools have with collecting information and how can we prevent creating sensitive information.

Privacy in cyberspace

Every country has its own jurisdiction system and laws. Typically, respective laws are applicable within the country. Even within federal governments, sometimes different states will have different laws and acts. The reason is if any incident takes place, the law enforcement bodies of respective areas or state stake the required actions.

Cyberspace works completely differently, though, as in most incidents, the perpetrator connects remotely over the internet with the target. Most of the time, the attacker is located in a different state or country than the target. The internet is an unregulated space and no one has direct ownership. Every time we access the internet, we need to remember that we are connected to an unregulated space and we need to look after our own security as the internet cannot be completely governed due to its architecture and very nature.

Whenever we are connected to cyberspace using any type of device, we are risking breaches of our privacy. In reality, we compromise our privacy in different layers. When we connect to the internet, we use different kinds of devices. It can be a mobile device, laptop, desktop, and so on. The first layer is the device that we connect to the internet as it stores lots of information. Then, we have the application that we use to access and surf the internet, typically a browser. The browser also keeps lots of information. Then, the device must be connected to the internet using some sort of media; this can be a wired or wireless connection. Whatever connection we use, there is a possibility that the network is collecting information on us. This is known as network capturing.

The next layer is the devices to which the network is connected. This includes Wi-Fi routers, switches, and firewalls that are connected to the network, and they also collect information. The network connection is then connected to the Internet Service Provider (ISP), which collects different kinds of information about the connection. If you are accessing a particular website, the host web server collects information about the connection. This information includes the timestamp, your public IP address, the type of browser being used, and the operating system.

Figure 1.9 – Different layers where different types of information pass through

Figure 1.9 – Different layers where different types of information pass through

When you look at these layers, even if an attacker is not involved, there are multiple layers where information is being collected about your connection. As we discussed earlier, this includes personal and sensitive information about you.

This gives an understanding of the different layers between the web application and the device. Importantly, if any of the layers are compromised by attackers, it will become more crucial as then attackers have control and access to these layers. They can even intercept communications and acquire credentials if the protocols of the communication used are weak.

When you perform any activity on the internet, or within the network using an application, data goes through these layers when communicating with other entities. As an example, when you draft an email using an email client such as Microsoft Outlook, data is created in the application layer and all the other layers are responsible for different tasks:

  • Layer 7 – application: This layer is where the users are directly interacting with the device using an application such as a browser.
  • Layer 6 – presentation: This layer is preparing source and destination devices to communicate with each other. Encryption and decryption take place in this layer.
  • Layer 5 – session: This layer helps to establish, manage, and terminate the connection between the source and destination devices. Communication channels are referred to as sessions.
  • Layer 4 – transport: Transporting data from the source to the destination takes place in this layer. If the dataset is large, then data will be broken into pieces in this layer.
  • Layer 3 – network: This layer is responsible for mapping the best paths for data traversal between devices and delivering messages through nodes or routers.
  • Layer 2 – data link: This layer is responsible for switching connected devices.
  • Layer 1 – physical: This layer represents the physical connectivity, including cables and other mediums responsible for sending data as frames.

When thinking of privacy, you need to concentrate on all the layers, including the device, application, network, communication, and web servers. For example, if you are using a shared device and save passwords on the web browser, your private information can be stolen easily, as there are many free tools out there to make life more easy.

If you access https://www.nirsoft.net/utils/web_browser_password.html, you can download web browser password viewers, which can retrieve stored passwords easily.

The same site also provides you with a range of free tools that can be used with the Graphical User Interface (GUI) or scripts (command-line tools) to automate the process.

Cyber anonymity

We have discussed how our privacy can be compromised and different levels of privacy.

Cyber anonymity is the state of being unknown. With cyber anonymity, the activities performed in cyberspace will remain, but the state will be unknown. As an example, if an attacker performs an attack anonymously, the attack will still be effective but the attacker’s identity will be unknown. Being completely anonymous is a complex process as there are multiple layers of collecting information, as explained earlier.

If we look at the same set of layers that we discussed, to be anonymous in cyberspace, we need to concentrate on each layer. The main idea here is for the attacker to eliminate all traces of themselves as if even a single amount of information is left, they can be identified. That’s how many anonymous groups have been traced, in some cases after many years of research.

There was one case related to the world-famous Silk Road, an anonymous marketplace on the dark web mostly selling drugs to over 100,000 buyers around the world. Later, the Federal Bureau of Investigation (FBI) seized the site. With the site, the United States government seized over 1 billion US dollars' worth of Bitcoin connected to Silk Road. Even though the main actors behind Silk Road were arrested, the administrators of the site started Silk Road 2, but that was also seized by the US government. However, the site was completely anonymous for a few years until the FBI traced and shut it down. According to the media, the infamous Dread Pirate Roberts, the pseudonym of Ross Ulbricht, the founder of Silk Road, was taken down because of a misconfigured server. This server was used to maintain the cyber anonymity of Silk Road, but due to a single misconfiguration, it uncovered the real IPs of some requests instead of them being anonymous. As a result, the FBI was able to track down the communication and traced the perpetrator using the IP.

This is a classic example to illustrate how even though efforts were made to remain anonymous on all layers, a small mistake revealed their whereabouts. This is why it is stated that cyber anonymity is a complicated process that involves various technologies. Also, it requires concentrating on all the layers to be completely anonymous. There are many common technologies, including Virtual Private Networks (VPNs), proxy servers, censorship circumvention tools, and chain proxies, that help with maintaining cyber anonymity, which will be discussed in upcoming chapters.

Typically, all operating systems, applications, and appliances are designed to keep different types of information in the form of logs to maintain accountability and to be able to help with troubleshooting. This information can be volatile or static. Volatile information will be available until the next reboot or shutdown of the system in memory. Forensic and memory-capturing tools can be used to dump volatile data, which can then be analyzed to find out specific information.

Static data can be found in temporary files, registries, log files, and other locations, depending on the operating system or application. Some information that is available is created by the user activity and some is created as a part of the system process.

If you need to maintain complete anonymity, this information is useful as you need to minimize or prevent the footprints created in different layers. To overcome this challenge, the most used technique is using live boot systems. Most Linux systems provide the flexibility of running a live operating system, using CDs/DVDs, live boot USB drives, or virtual systems directly connected to an ISO file. Some operating systems that have the live boot option available are as follows:

  • Kali Linux live boot – penetration testing environment
  • Parrot Security or Parrot OS live boot – security testing
  • Gentoo – based on FreeBSD
  • Predator OS
  • Knoppix – based on Debian
  • PCLinuxOS – based on Mandrake
  • Ubuntu – based on Debian
  • Kubuntu – KDE Ubuntu version
  • Xubuntu – light Ubuntu version that uses an Xfce desktop environment
  • Damn Small Linux – Debian (Knoppix remaster)
  • Puppy Linux – Barry Kauler wrote almost everything from scratch
  • Ultimate Boot CD (UBCD) – diagnostics CD
  • openSUSE Live – based on the Jurix distribution
  • SystemRescue CD – Linux system on a bootable CD-ROM for repairing your system and your data after a crash
  • Feather Linux – Knoppix remaster (based on Debian)
  • FreeBSD – derived from BSD
  • Fedora – another community-driven Linux distribution
  • Linux Mint – an elegant remix based on Ubuntu
  • Hiren’s BootCD PE (Preinstallation Environment) – Windows 10-based live CD with a range of free tools

Once you boot from live boot systems, it reduces or prevents creating logs and temporary files on the actual operating system straight away. Once the live boot system is shut down or rebooted, volatile data and static data are created because your activities are completely removed; when you boot next time, it will be a brand-new operating system. If you require, you always have the option to permanently install most of these operating systems.

Whenever you access the internet, DNS information will be cached in the local system until you manually remove it, the Time to Live (TTL) value is reached, or you run an automated tool. When you access any website, the local DNS resolver resolves it and keeps it in the cache until the TTL value becomes 0. When configuring DNS on the domain service provider’s portal or DNS server, usually, the TTL values are added.

As an example, by using the nslookup command, we can check the TTL value.

Let’s use nslookup on microsoft.com:

Figure 1.10 – DNS information retrieval with nslookup

Figure 1.10 – DNS information retrieval with nslookup

This shows the TTL value of microsoft.com is 300 seconds/5 minutes.

If we access the Microsoft website, this DNS entry will be cached in the local cache.

We can check this by executing ipconfig /displaydns on Windows Command Prompt.

Figure 1.11 – Information retrieved by ipconfig/displaydns

Figure 1.11 – Information retrieved by ipconfig/displaydns

If you are using PowerShell, you can use the Get-DnsClientCache cmdlet to get a similar result.

Figure 1.12 – Information retrieved by Get-DnsClientCache

Figure 1.12 – Information retrieved by Get-DnsClientCache

This information is categorized as volatile information. However, until your next reboot or shutdown, these entries will be there if the TTL value has not reached 0.

If you execute the preceding command a few times, with some intervals, you will realize every time you run it, the TTL value of the result is always less than the previous TTL value. When the TTL value becomes 0, the entry will be automatically removed. This is how DNS has been designed, to provide optimum performance during the runtime and when you change the DNS entry. That’s the reason why when you change the DNS entry, it can take up to 48 hours to completely replicate the DNS as some clients might still have resolved IPs from DNS entries in their cache.

This is not just the case on the local cache; if you have DNS servers in the infrastructure, these DNS servers also cache the resolved DNS entries for later use.

Summary

This chapter focused on five core areas to provide a clear foundation for cyber anonymity. We learned how to identify sensitive information and categorize and classify it. We also learned about the ways that an attacker can retrieve sensitive information from raw data. We also discussed privacy concerns in cyberspace and areas to look at when it comes to cyber anonymity.

In the next chapter, you will learn the reasons why attackers are interested in breaching your privacy and how attackers use stolen data for their benefit.

Left arrow icon Right arrow icon

Key benefits

  • Leverage anonymity to completely disappear from the public view
  • Be a ghost on the web, use the web without leaving a trace, and master the art of invisibility
  • Become proactive to safeguard your privacy while using the web

Description

As the world becomes more connected through the web, new data collection innovations have opened up more ways to compromise privacy. Your actions on the web are being tracked, information is being stored, and your identity could be stolen. However, there are ways to use the web without risking your privacy. This book will take you on a journey to become invisible and anonymous while using the web. You will start the book by understanding what anonymity is and why it is important. After understanding the objective of cyber anonymity, you will learn to maintain anonymity and perform tasks without disclosing your information. Then, you’ll learn how to configure tools and understand the architectural components of cybereconomy. Finally, you will learn to be safe during intentional and unintentional internet access by taking relevant precautions. By the end of this book, you will be able to work with the internet and internet-connected devices safely by maintaining cyber anonymity.

Who is this book for?

This book is targeted at journalists, security researchers, ethical hackers, and anyone who wishes to stay anonymous while using the web. This book is also for parents who wish to keep their kid's identities anonymous on the web.

What you will learn

  • Understand privacy concerns in cyberspace
  • Discover how attackers compromise privacy
  • Learn methods used by attackers to trace individuals and companies
  • Grasp the benefits of being anonymous over the web
  • Discover ways to maintain cyber anonymity
  • Learn artifacts that attackers and competitors are interested in
Estimated delivery fee Deliver to Hungary

Premium delivery 7 - 10 business days

€25.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 16, 2022
Length: 322 pages
Edition : 1st
Language : English
ISBN-13 : 9781801810210
Category :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Hungary

Premium delivery 7 - 10 business days

€25.95
(Includes tracking information)

Product Details

Publication date : Dec 16, 2022
Length: 322 pages
Edition : 1st
Language : English
ISBN-13 : 9781801810210
Category :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 108.97
Digital Forensics and Incident Response
€41.99
Cybersecurity and Privacy Law Handbook
€38.99
An Ethical Guide to Cyber Anonymity
€27.99
Total 108.97 Stars icon
Banner background image

Table of Contents

15 Chapters
Part 1: The Basics of Privacy and Cyber Anonymity Chevron down icon Chevron up icon
Chapter 1: Understanding Sensitive Information Chevron down icon Chevron up icon
Chapter 2: Ways That Attackers Use Your Data Chevron down icon Chevron up icon
Part 2: Methods and Artifacts That Attackers and Competitors Can Collect from You Chevron down icon Chevron up icon
Chapter 3: Ways That Attackers Reveal the Privacy of Individuals and Companies Chevron down icon Chevron up icon
Chapter 4: Techniques that Attackers Use to Compromise Privacy Chevron down icon Chevron up icon
Chapter 5: Tools and Techniques That Attackers Use Chevron down icon Chevron up icon
Chapter 6: Artifacts that Attackers Can Collect from You Chevron down icon Chevron up icon
Part 3: Concepts and Maintaining Cyber Anonymity Chevron down icon Chevron up icon
Chapter 7: Introduction to Cyber Anonymity Chevron down icon Chevron up icon
Chapter 8: Understanding the Scope of Access Chevron down icon Chevron up icon
Chapter 9: Avoiding Behavior Tracking Applications and Browsers Chevron down icon Chevron up icon
Chapter 10: Proxy Chains and Anonymizers Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Full star icon 5
(6 Ratings)
5 star 100%
4 star 0%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




GUNDERSTONE Jun 28, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The rise of the internet has allowed for new data collection methods that threaten personal privacy. With online activity tracking and storage, identity theft has become a genuine concern. However, there are ways to mitigate these risks and use the web safely and anonymously. "An Ethical Guide to Cyber Anonymity," written by Kushantha Gunawardana, takes readers on a journey to attain cyber anonymity.Kushantha Gunawardana is a renowned cybersecurity expert with extensive experience as a trainer, consultant, blogger, YouTuber, and public speaker. In recognition of his exceptional skills and contributions to the field, he was awarded the EC-Council Instructor Circle of Excellence Global Award in 2021. Over the past 20 years, he has participated in numerous overseas projects, providing training in cybersecurity and forensics to thousands of university students, government employees, professionals, military personnel, and police officers across 25 countries.Kushantha holds a master's degree in networking, with distinction, from the University of Colombo. He also received the JICA Award 2011 (Gold Medal) and led the team that won the National Hacking Challenge in Sri Lanka in 2013. Currently, he is pursuing a Ph.D. in cyber forensics."An Ethical Guide to Cyber Anonymity" begins by defining anonymity and its significance in the digital age. It then covers methods for maintaining anonymity and performing tasks without revealing personal information. Readers will also learn about the tools and infrastructure that make up the cybereconomy and how to stay safe online. By the book's end, readers will have the skills to navigate the web safely and anonymously.This book is ideal for journalists, security researchers, ethical hackers, and anyone who values online privacy. Parents who want to protect their children's identities online will also find this book helpful.To understand the concept of cyber anonymity, it is imperative to appreciate the sensitivity of information in today's world. Information is power, with the wealthiest companies and individuals managing it to maintain their status. Once analyzed, raw data in facts and statistics become structured and organized information, enabling informed decision-making.For instance, in advertising, using social media platforms allows for targeted advertising, reaching the exact audience by selecting attributes such as age group, gender, and geography. In addition, social media platforms now have data on user preferences and interests, making direct marketing more effective than traditional methods like TV broadcasting, which has a shallow target customer engagement rate.It is important to note that this power of information comes with potential risks to personal privacy, making cyber anonymity essential. By maintaining anonymity and protecting personal information, individuals can navigate the web safely and avoid these risks.Data breaches have become common worldwide, with new cases reported frequently. Hackers and hacker communities continually compromise systems to steal data, ranging from personal-level to enterprise-level breaches, which can devastate a company's economy and reputation. Attackers often use stolen data as a gateway to commit more crimes or attack other companies.Therefore, to address data privacy in cyberspace, examining how attackers use stolen data after a breach is crucial.Overall, this book is an excellent guide for anyone looking to maintain privacy and anonymity while using the internet.
Amazon Verified review Amazon
MYOB Feb 17, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I genuinely believe that most individuals today underestimate the extent of how much of their data is openly available and accessible on the web. They also underestimate the dangers of this information being in the wrong person's hands. The author does an excellent job of explaining the personal data types that are accessible on the internet and how easy it is to find this data using primarily free and open-source tools. He also explains to the reader what specific tools are used to accomplish this and how to use them. More importantly, this book provides the reader with resources and tools that can help the reader to work toward building and maintaining a more anonymous life.There are however a few things in this book that I would not recommend to users. For example, there are better practices than the recommendation of 8-character passwords and requiring a user to change them every 35 days. Long passphrases are proven to be much better than complex short passwords, and constant changing of passwords conditions end-users to adopt poor password hygiene. Also, the Author mentions LastPass as a Password Manager option. I advise against this due to a recent data breach that shed light on LastPass' not-so-great security hygiene. There are better options, which the author also mentioned, particularly Bitwarden, 1Password, KeePass.
Amazon Verified review Amazon
Tomica Kaniski Apr 24, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I really liked this book as it covers the basics of privacy and anonymity in cyberspace by understanding what sensitive information you may share (intentionally or not) and how attackers can use those data, but also how you can protect from it, and maintain or upgrade your anonymity level.Seems like a book that anyone in cyberspace should at least skim through, to be more aware of its privacy and dangers which are lurking out there, together with tools and techniques to fight them.
Amazon Verified review Amazon
Cody May 27, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Most people have heard of phishing, malware, password/identity theft, social media “hacking”, etc… but they have no idea how it’s actually done, and therefore no REAL idea how to protect themselves from it. This book will show you both how systems and accounts are compromised and how to actually protect yourself as best possible.This book seems geared toward those with slightly more than average computer knowledge but less knowledge than someone who has studied or worked in cyber security - so if you find yourself in between, this book will fill the gap for you… and let’s face it, a lot of cyber security text books fail to show you how it’s done too, so this is also helpful for those studying the field.
Amazon Verified review Amazon
Dwayne Natwick May 24, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
GDPR has the right to be forgotten, but what about the right to not be found at all. An Ethical Guide to Cyber Anonymity by Kushantha Gunawardana from Packt provides practical techniques and controls to use within your cloud and hybrid environment to protect against identity and data exposure. The author provides clear guidance and techniques for maintaining data privacy and avoid exposure of PII. There are third party tools and operating system capabilities to shield devices from attackers. The author also brings you into the mind and tactics of an attacker. This book is a must have for anyone that wants to maintain and govern the privacy of identities and data.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact [email protected] with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at [email protected] using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on [email protected] with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on [email protected] within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on [email protected] who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on [email protected] within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela