Remaining anonymous on the internet is nearly impossible in today’s era of multi-tiered threats.
These threats come from all angles and following a solid threat modelling of your digital assets, you may feel as though you need the highest level of operational security.
Ensuring everything you do on your computer is never connected to your real identity provides you with the best possible experience of using the dark web and the wider internet in the most anonymous way possible.
A Virtual Private Network (VPN) is important, but a problem with these services is that you must trust the provider and leaving anything up to mere “trust” is a major point of weakness.
Can using cryptocurrency add that extra layer of protection that removes another point of weakness in your setup? Is it necessary? And does it even make a difference?
Basics of VPN Services
A VPN is a good first layer in a solid setup for accessing and using the dark web in a relatively safe manner.
A VPN can mask the websites you visit and the traffic that leaves your computer network from your internet service provider (ISP)—and your country of residence if desired.
The traffic sent from your home network in Country A is encrypted on its way to the VPN server in Country B, effectively meaning that your ISP, and any snooping threats at that ISP level, see your traffic as connecting to one other server, as oppose to the servers of every site you visit, and this covers the types of traffic sent (which is exactly what may be seen without a VPN).
The exit point for your data becomes the server over in Country B, which means the VPN server effectively becomes your ISP, seeing the same data that your ISP might have had access to. You need to trust your VPN provider to this end.
This is where choosing an VPN provider is important: the core characteristics you’ll want are “no-logs” and a jurisdiction far outside the legal relationships that your home, Country A, might have.
Anonymity with Cryptocurrency
When Bitcoin first hit the mainstream about five years ago, it was labelled as an “anonymous” means to transfer value anywhere around the world, most notably at the time for use in the Silk Road on the dark web.
The black and white truth is that it simply isn’t anonymous—at least, it isn’t anonymous any more. The alphabet agencies in the U.S. have been tracking Bitcoin users since 2013, likely in association with the highly publicized and political pitchfork festival against dark web users and the Silk Road in 2013.
This is where black and white glasses to view the world become blinding, because threat modelling is important to working out whether purchasing your VPN with cryptocurrency will really help you in accessing the dark web.
The world is grey after all. There is a bit of a mentality in the security community in relation to the capabilities of the major big and terrifying alphabet agencies: if you’re a target, you don’t stand a chance. Yes, it’s a bit defeatist to think like this, but we need to keep in mind that this is the mantra of the people within the community after all.
Who are we all to opine with our little bread crumbs of understanding that trickle out (mostly from Booz Allen)?
Taking their advice, think logically about it. There is an incredibly finite amount of resources, and the odds you’re actually being targeted by the big boys is statistically low. So why bother? Because there are other threats, and because making things as difficult as possible can lower the odds of anything being connected.
It’s still worth having a high operational security level, it’s just appropriate to be pragmatic in your assessment of your setup: you’re not going to outsmart the NSA with all the toys we publicly know about, and the arsenal of their toys that aren’t public.
What this means is that you likely don’t need to spend all your time trying.
Is It Worth Using Cryptocurrency to Pay for Your VPN?
It’s not about being entirely anonymous. It’s about understanding what you’re protecting yourself from, based on your actions and how you use the dark web.
Let’s take a few examples of what a typical person using a VPN is trying to do. If you’re a VPN customer, you don’t trust your ISP to some extent (with good reason). You might not trust your government either, especially if you’re in a supressed nation.
This raises the level of your threat. You might be a journalist or an activist. You might torrent a TV show that you can’t purchase when it is released.
A few of these examples may be criminal (torrenting a TV show, for example). Wanting your privacy respected certainly isn’t illegal, so it might not be worth the extra effort to pay with cryptocurrency if you’re just going about your normal business.
It comes down to this: paying with cryptocurrency for your VPN is about adding an extra barrier, an extra layer, an extra level of work and energy required to “de-mask” you.
International agencies may want to go to extra effort, but if the jurisdiction of the VPN is outside of the legal realm of the country you live in, maybe it simply doesn’t matter that your real billing information lives with them. You can’t trust where they locate this data though, or where they back this data up.
The head office is the only office that’s needed in, say, Panama. The server and operations of the VPN provider might all take place in Germany. A seizure of the VPN provider’s servers in Germany might be the server containing all the billing information.
If you want to pay with cryptocurrency, you need to have a separate email address and information for the account, completely separate from your identity. Paying cryptocurrency for a VPN is just a payment method—if your account is under your email address, it’s clear who the VPN is for.
The Bottom Line
There are many ways to identify a person on the internet. And if you have the time, resources and a toolbox full of exploits, you will likely find the real identity of anyone.
This is especially true if you have a third of a floor of an office in Maryland working on it. But if you put enough hurdles in the way for everyone else, say a lawyer working for a TV company seeking money from people who torrent, well you can seriously deter these relatively untargeted attempts.
Is it worth it? Probably not, especially if you use your VPN every day to log in to your personal email account, use social media or just browse the dark web.
If you’re doing highly illegal things, it may be worth it to you to create a second VPN account, without any identifiers, paid for with an anonymous cryptocurrency like Monero. It’s layers upon layers.
More effort may be worth it, based on the risks you face. But nobody on the internet can tell you what your threat modelling is.
This is something you must do, and from there, it might be worth it to you to remove this identifier.