• General

  • How to (not) screw your privacy efforts..

Hi all! What a shitty day for me. I potentially screwed up all my privacy efforts to remain as anonymous as possible.

My Pixel with GOS was not tied to my identity during purchase and it's been running on a VPS with permanent killswitch (also not tied to my real identity).

However, today, I stupidly connected my Pixel to my OpenVPN service, hosted at my NAS at home that is tied to my real identity. This connection was for less than 10 minutes and basically connected my device to my NAS domain, which is consequently linked to my identity.

While I am of course not doing anything that would land in me legal trouble as I am an ordinary law-abiding person just trying to improve my digital privacy (ie., my threat model is not high), I supposed I ruined most of my progress with stupid move to make a raw connection from my anonymous device to home.

So I guess my carrier (not tied to my real identity), now has sufficient data to enable an adversary know that my Pixel's IMEI belongs to me and as I connected to my NAS via OpenVPN.

Damnit.

    • [deleted]

    • Post #2

    I am so cynical anymore I feel like it's a waste of time to even TRY to be more private, because surely we will slip up and reveal our identity, probably a thousand different ways we aren't even aware of.

      • [deleted]

      • Post #4

      treequell You are absolutely right. My mistake.

        contour0806 However, today, I stupidly connected my Pixel to my OpenVPN service, hosted at my NAS at home that is tied to my real identity. This connection was for less than 10 minutes and basically connected my device to my NAS domain, which is consequently linked to my identity.

        Help me understand something…
        If you used a VPN to connect to your NAS. Who else has a record of that? Not your ISP right?

        Would wiping your NAS erase any tracks?

          How'd you slip? Did you accidentally load the wrong configuration for VPN on your device?

          Certainly game over if there are any active investigations current or in the near future. But you might be okay long-term if your ISP resides in a jurisdiction with strong privacy laws and data retention limits.
          If not, assume 5 eyes have already scraped netflow and has permanently stored this relationship between your device and your identity.

            Graphite Yeah, lets

            Graphite I slipped because my device connected to my NAS, which has an OpenVPN instance installed. So basically, I deliberately called back my physical home. My mobile carrier knows I connected to this domain/IP, which is at my home. So yeah. Also live in a five eyes country.

                  • [deleted]

                  • Post #9
                  • Edited

                  contour0806 I feel unless you were being specifically targeted I don't think this is really going to compromise anything that matters, as far as your privacy or anonymity, since it sounds like based on your threat model you are mostly worried about automated systems?