--- title: "Private Online Shopping" date: 2021-05-12T00:00:00 draft: false --- # Preface 6 months ago at the end of my post [Avoiding Consumer Surveillance](/2020/11/16/avoiding-consumer-surveillance/), I hinted at a post on anonymous online shopping. This is that post. As a heads up, I'll be focusing exclusively on web marketplaces since alternatives like Openbazaar are currently ghost towns. Sometimes it's wisest to focus on how to reduce the harm caused by doing something rather than trying to get people to stop doing it. So, in this post, I'm going to focus on harm reduction. Given that everyone isn't going to stop online shopping, how can it be done in a way that minimizes the harm to privacy? # Privacy Threats To reduce harm to privacy, I'm going to evaluate each threat one by one and offer mitigations to it. ## Real Name and Address Giving out your real name and address is a privacy threat that doesn't exist when interacting with a cashier in a physical store. As long as you're not using a dis-loyalty program, you never give the cashier your name or address. So they can't identify you that way. The online marketplace is a different story. It asks for both. ### Mitigation - Give a Fake Name There's a simple solution to the name problem. Give a fake name instead. It's legal and packages don't necessarily rely on names for shipping anyway. That said, there may be some potential negative consequences that could happen: * The package could get lost. * If several people live at the address, the package could be given to the wrong person. * The courier may fail to locate the recipient. The package will be sent back to sender or held for pickup. * Signing for a package won't work since there's no name. This could complicate delivery. * The courier may become suspicious and flag your address. This could cause your mail to be monitored. The potential consequences might not present a problem for you or they might be a dealbreaker. It just depends on your own personal situation. I have 2 pieces of general advice: * Always give your real name if you order something you can't afford to lose in transit. * Always give your real name if you give your real address. If you give your real address and not your real name, you're only increasing the anonymity set of who ordered the package by a few. It's not worth the trouble. Other than that, you'll have to make your own choice if the privacy is worth the risk. ### Mitigation - Give a Different Address The address problem isn't so easily solved. The address isn't redundant information. It's actually used for shipping. The cheapest mitigation is to use a geographically close friend's address for the package. Have them receive the package on your behalf. While possible in theory, there are several reasons this may be a bad idea, so I don't recommend it. Instead, you should pay for a proper mailbox service. A mailbox service can offer a real address that you can use online and a place to store your package until you go pick it up. The mailbox service may be willing to accept packages with a pseudonym, fake name, or no name at all, as well as your real name. Some mailbox services may hold your package and require you to show ID to receive it, which could get complicated if the package name and your real name don't match. This is why you should ask about their protocol for non-matching names before you register with the mailbox service. If you can make it work, a fake name combined with a mailbox service can fully anonymize you to the seller. ## Mailbox Service's Records Keep in mind that, if you choose to use a mailbox service, you aren't anonymous to that service. It's common for mailbox services to keep digital records of the sender, their address, the receiver, the type of package, weight, size and other information for months, years or even indefinitely. If the mailbox service ever has a data breach, the data will be available to everyone. Using a mailbox service is still better than the online marketplace knowing your name and address because at least the mailbox service doesn't know what you bought. Almost all online marketplaces automatically share your data with third parties. By using a mailbox service, you're not immediately identified, but the mailbox service's records still pose a privacy issue. ### Mitigation - Choose a Service With a Short Data Retention Period Some mailbox services keep records only for a few months. Others keep records for years. For some, how long the record is kept depends on the type of package and if it has tracking or requires a signature. The only way to find this stuff out is by doing your research and asking questions about their mail record retention policy before you register. It's important to choose the service that keeps records for the least amount of time. ## Email Address So you've given a fake name and your mailbox service's address which has a short data retention policy. But now, the marketplace wants your email. But giving out your email is nearly as identifying as giving out your real name. What to do? ### Mitigation - Give a Throwaway Email Don't give a fake email. You may be required to confirm the purchase over email or receive some other important information that way. This mitigation is comparatively easy: Simply create a one-time use email address for the purchase and never reuse it. Do this every time you make a purchase. ## Phone Number The bad news is the marketplace might still require a phone number. The good news is marketplaces don't usually require phone number verification for buyers. ### Mitigation - Give a Fake Phone Number Since marketplaces don't verify the number, you can make one up. The marketplace will probably only text it details of your order. I don't know of an online marketplace that forces buyers to verify their phone number. If you run across one, my advice is find a different marketplace. There's plenty out there. ## Browser Fingerprinting and IP Address If you made it this far, then you've managed to not explicitly give out any personal information. Unfortunately, because the web is a privacy disaster, this isn't enough. There are dozens of other ways to leak your identity without it being obvious. For example, many online shopping sites have proprietary JavaScript and cookies which facilitate tracking buyers across the web. Your IP address is also identifying information which can be used to deanonymize your purchases. But do not fear, for Tor Browser is here! ### Mitigation - Use Tor Browser The best way to avoid browser fingerprinting and leaking your IP address is installing [Tor Browser](https://www.torproject.org/download/). Tor Browser protects you from browser fingerprinting while making it very hard for the site to figure out your real IP address. Use Tor Browser on the highest security setting that doesn't break site functionality. If "safest" mode breaks the website, try "safer". If "safer" mode breaks the site, use "standard". I also recommend using the [LibreJS](https://www.gnu.org/software/librejs/) addon to prevent proprietary JavaScript analytics scripts from running in your browser. ## Tor is Blocked If you can't access the site on the "standard" security setting in Tor Browser, then it probably blocks Tor exit nodes. Some sites do allow you to browse while using Tor, but won't let you purchase anything. You just have to find out which ones are Tor friendly and which aren't by trial and error. If a site isn't Tor-friendly, all is not lost. There is still hope with Proxychains. ### Mitigation - Use Proxychains If you still insist on using that website for your purchase, you can configure [proxychains](http://proxychains.sf.net/) to hide the fact that you're using Tor while still getting the privacy benefits of the Tor Browser. Just search for the IP address and port number of an open proxy. If you've properly configured Proxychains and Tor Browser is still not letting you visit the site, then most likely the site does some kind of anti-spam browser fingerprinting to determine if you're a real user and Tor browser is getting you flagged as a bot since it's resistant to fingerprinting. You could use a different browser proxied through Tor, but at this point I'd just look for the item on a different website. If the website requires browser fingerprinting, then you can't expect to buy anything anonymously. ## Payment Method I wish I could say that's all because it feels like the overhead for making a private purchase is getting outrageous. But there is one more privacy threat to overcome. That is the payment method. The payment method more than anything is going to eliminate online web stores from our list of private marketplaces. Here's a non-exhaustive list of the payment methods that you have to throw out the window when it comes to privacy: * debit card * credit card * Paypal * Google Wallet * Stripe * Apple Pay * Amazon Payments * Square Cash App * Skrill * Venmo * WePay * And more... Any payment system that identifies you can't be used for privacy. Until something like [GNU Taler](https://taler.net) becomes popular, we're left with 1 option that offers real payment anonymity: cryptocurrency. ### Mitigation - Monero Since most places require some form of ID verification to buy cryptocurrency and cryptocurrency ledgers allow transactions to be easily traced, no cryptocurrency is suited for an anonymous purchase, except for 1: [Monero](https://www.getmonero.org/) or XMR. It's so private that [the IRS is offering $625,000 to anyone who can crack it](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/). You can acquire Monero through centralized or peer-to-peer exchanges. The great thing about Monero is you don't need to acquire it anonymously to make an anonymous purchase with it. Coins are untraceable and transactions are unlinkable. Feel free to acquire the Monero however is most convenient for you. Localmonero.co is a solid option that doesn't require any identification or proprietary JavaScript and it has a Tor onion service. Just remember to store the coins on the Monero wallet on your own machine, not on an exchange. Also I recommend proxying the Monero client through Tor to prevent transactions being linked to your IP address. Unfortunately few online stores actually accept Monero. Bitcoin still reigns supreme. Luckily there are coin swap services online that accept Monero and pay out Bitcoin. [Kilos' KSwap](http://mlyusr6htlxsyc7t2f4z53wdxh3win7q3qpxcrbam6jf3dmua7tnzuyd.onion/coinswap) (WARNING: NSFW) is one example. It requires no sign up, no JavaScript and it's a Tor onion service. The hidden fees are of course embedded in the exchange rate. When you go to buy Monero, you're going to take a hit and when you pay to convert it to Bitcoin, you're going to take a hit. In the end, you may end up paying 20% more than you otherwise would have had you just bought the item with a debit card. That's not even including the costs involved in a mailbox service. But that's just the price of your privacy if you insist on buying online. There's no easy way around it. ## Third Parties Many sites you run into have no problem giving your IP address and other identifying information to third parties. If you follow all the steps above, you don't have anything to worry about. But if you skip some steps or you just want to be thorough, you should still take note of the online shop's privacy policy. ### Mitigation - Read the Privacy Policy Every online shop has its own privacy policy. Read it carefully before you make a purchase so that you understand what's going to happen to the data you provide. If you provide all fake data, then the privacy policy doesn't affect you. However, if you provide any identifying information during a purchase, even non-obvious identifying information like your real IP address, you should read the privacy policy. Just be aware of how the data you provided is going to be used. ## Conclusion At this point, you're probably thinking I've wasted my time writing all this. I understand that 99.9% of people aren't going to even attempt to do any of these steps. They're going to use Goolag Chrome browser with their real IP address with 1000 tracking cookies providing all their real information and paying with a credit card. I know this. The primary purpose of writing all this is not actually to teach you how to shop online anonymously. It's expensive, tiresome and tedious. The primary purpose of this post is to show you just how impractical it is to shop online in privacy. The goal is by showing you how far you need to go to have real privacy shopping online, you'll decide to buy things in person with cash instead, when possible. Compared to walking into a store, paying with cash and rejecting the rewards program, the process I've outlined for getting equivalent privacy online is a nightmare to go through. This post could have been 2 sentences long: > "Private online shopping isn't practical. Buy in person with cash instead." But, in writing all this out, I think I've made a really strong case for just buying things in person with cash when possible. If it's not possible to purchase in person, you now have some tips for staying anonymous while online shopping. Remember that privacy isn't binary. You can follow as many of my advices as you're willing to. Don't give up completely just because you can't follow every piece of advice. If you do nothing more than start reading the privacy policies and becoming more aware of how your data is used, that's a plus in my book. As always, thank you for reading if you made it this far and feel free to send a donation if you think my posts are valuable.