Hey, all.
I will soon be staying at an institution where masking identities of “accounts or machines” (including VPNs) is not allowed. In essence, I need to setup two computers and a phone to route all traffic through Tor, hide the fact from any network administrator, and disguise my ownership of the devices. Here is my current idea:
Android phone (GrapheneOS)
Orbot w/ obfs4
System killswitch
MAC spoofing baked in to GrapheneOS
Change device name & bluetooth name
I will have a desktop and laptop both running Arch Linux
Encrypt system (never did it on installation )
Route entire system through obfs4 Tor (a couple options)
I don’t care as much right now about anonymity as far as third parties go (I don’t browse a whole lot), just essentially spoofing my location. For the local administrators, however, I want no evidence linking back to me.
I’d appreciate tips and suggestions a lot.
Thanks!
TL;DR I don’t know what exactly you want to achieve, but it sounds very unlikely that you can do it 100% reliably.
I think you need to better define what you want:
Does it mean that currently your devices’ MAC addresses, device names, Bluetooth names are linked to your human self, and you want to modify them in such a way that they essentially look like new, never before seen on your institution, devices? That is, give them a new identity?
That is, hide which services you’re actually using through Tor?
Either way, I think it’s extremely hard to hide the fact that a machine is using Tor when all of its traffic is observable if there is an designated investigation. You may avoid automated detection mechanisms, but if there are people out there to get you, it’s unlikely.
Based on your description, a huge tell would be that you’re only connected to just one IP address.
Another thing is preventing the new devices’ identities’ from getting linked back to your physical body. If there are security cameras, and basic network logs, they can correlate the mystery devices’ activity with your body’s activity.
I’m pretty sure that this is next to impossible and if VPN is banned then you probably can’t hide a VPN with a VPN. Also from what I can tell “IVPN” is just a crappy ripoff of OVPN.
My best and most realistic advise would be either don’t bother hiding or just simply buy new devices so they aren’t linked to any previous history.
Your current desire is to be an unknown, unmonitored, and invisible traffic network user for a facility which sounds to be pretty heavy in terms of security protocol, this adds to why it is unfeasible.
Many places such as colleges, universities and even libraries issue network access credentials which are derived from a digital key specifically assigned to you as an individual so you can’t hide anyway.
You can obfuscate that you’re using a VPN by using a protocol that will do that, for example:
There are additional steps involved when faced with a captive portal. I think I remember reading that you could buy a small travel router to place between your device and the network your trying to use, but it also involved some complicated (to me) steps as far as spoofing the various devices’ MAC addresses, which steps to take first, things of that nature. Good luck with all of it.
)