This document is available on the Internet at:  http://urbanmainframe.com/folders/blog/20040924/folders/blog/20040924/

Anonymous Registration (and Browsing)

Date:  24th September, 2004

Tags:

An increasing number of websites and web-based services require registration before you can enjoy their "premium" content or facilities.

In most cases, the registration process demands a live email address to which a confirmation notice and/or account activation link will be delivered.

You want to access the page or service but you know that, by submitting your email address, you're gambling with your privacy.

Registration bypass services like Bug Me Not provide "public" accounts for popular websites by sharing login details. However these services are only really useful if they have account details for the website you are trying to access. Furthermore, shared accounts are useless when you need a unique identity on a website (examples: discussion forums, web-mail, etc).

Happily, it is possible to get through website registration procedures with complete anonymity whilst still generating a unique identity...

“We might as well have left our fingerprints behind!”

What's needed is a throwaway email address - one that can be easily discarded once a registration process has been completed. Now you could create email accounts at a web-mail service like Lycos Mail but you have to register first!

Enter Mailinator, a no sign-up "super-instant, always-ready, any-email-you-want" service. Here's how it works:

  • you visit a website that requires registration
  • complete the registration form using fictitious information
  • use a Mailinator email address (up_to_15_random_characters@mailinator.com)
  • submit registration details
  • visit http://www.mailinator.net/ and check the inbox for the address you have used
  • activate your account

Your registration is completely anonymous - they don't know who you are, Mailinator doesn't know who you are - you have your unique identity!

Cloaking Your Password

You can now register at hundreds of websites with complete spam-immunity and anonymity. In order to ease your login, you'll probably use the same username/password combination at many (or all) of these websites.

Suppose one of those websites has its user accounts database compromised and your account details are stolen. The bad guy is likely to try logging in with your identity at a variety of websites. Imagine the consequences if he were to be able to log in to your online banking service, or other sensitive website!

In an ideal world you'd have a unique password for every website. Nic Wolff has created a little bookmarklet that lets you do just that.

Nic's "Password Generator" creates a unique password for a website by creating a MD5-encrypted string based on a master password and the website's hostname.

Not only does the bookmarklet generate unique passwords for you, it also automatically inserts them (once created) in to the password field when you return to a website's login page. Isn't that cool?

Still Paranoid?

Even with our fictitous profile and non-existent email address, we've still left one little identifying record with the web-server we're trying to hide from. When we registered, the web-server almost certainly recorded our IP address in its logs. We might as well have left our fingerprints behind!

We can hide our IP address by routing our requests through a secure proxy. Stay Invisible maintains an up-to-date list of open proxies. Simply configure your web-browser with one of the proxy addresses from the list and your IP address becomes invisible to remote servers - which could only record the IP address of the proxy server.

A visit to WhatISMyIP.com will confirm the IP address we are currently masquerading as.

Conclusion

It is possible, and relatively easy, to remain anonymous and untraceable on the Web. It is possible to create unique accounts on websites that require registration, without exposing our email address. It is possible to increase the security of our accounts while using a common username/password pair for multiple services.

Remember: On the Internet, you should be paranoid!