How to Be Anonymous Online
True anonymity online is extremely difficult to achieve - It requires eliminating not just your IP address but also browser fingerprinting, account identifiers, behavioural patterns, and metadata. Most people need privacy, not full anonymity. This guide explains the difference and outlines a layered approach for those who genuinely need to minimise their digital footprint.
Anonymity vs Privacy - The Key Difference
| Property | Privacy | Anonymity |
|---|---|---|
| Goal | Control who can see your data | Prevent anyone from knowing who you are |
| IP address | Hidden from websites via VPN | Hidden via Tor (multi-hop, no single point of trust) |
| Accounts | You may use real identity accounts | No accounts tied to real identity - Everything disposable |
| Fingerprinting | Partially mitigated | Must be fully mitigated - Consistent Tor Browser settings |
| Difficulty | Moderate - VPN + good browser + habits | Very high - Requires constant operational security (opsec) |
The Layered Anonymity Stack
For strong anonymity: use the Tor Browser (do not resize the window; do not install extensions; keep JavaScript on Standard mode unless necessary to disable). Route Tor through a trustworthy VPN if you need to hide Tor usage from your ISP. Use cash-purchased or privacy-respecting services where possible. Never log into personal accounts. Use a separate device (or at minimum a separate browser profile) for sensitive activity.
What You Cannot Fully Hide
- Timing correlation attacks: if an adversary controls both the entry and exit of the Tor network, they can correlate traffic timing to deanonymise you. This requires nation-state level capabilities.
- Account behaviour: logging into any real-identity account (Google, Facebook, email) immediately deanonymises that session regardless of what tools you use.
- Writing style and language patterns (stylometry) can identify authors across pseudonymous accounts.
- Device-level identifiers: hardware fingerprints from WebGL, canvas, audio APIs, and screen dimensions can persist across browser sessions - Use the browser fingerprint tool to see what yours reveals.
- Metadata in uploaded files: photos contain EXIF data including GPS coordinates, device model, and timestamp unless stripped before uploading.