An excellent question was posed to me recently and I figured I would share the answer with my friends here at T-Nation.
Q- What precautions can I take to ensure privacy when ordering items online. Can I cover my tracks… etc?
Covering your tracks - Buying AA?s over the internet and how to ensure privacy.
Well interesting question and I’m afraid to inform you and whoever else that reads this note, you cannot entirely cover your tracks and under most circumstances, no matter what precautions you take in your living room with your PC, the evidence exists elsewhere beyond your control.
A brief explanation on how your computer communicates with the internet and how that information is transferred, logged and stored.
Your computer most likely connects to the internet via a modem, either dialup, broadband(cable) or DSL.
When you establish your internet account with your ISP, you provide them with a Name, Address and contact information. This information can be crossed reference at anytime to your account. Most ISP?s log connection traffic and if needed, they can tell whomever had authority when your connection was used (your username and your password) and what personal identifier was issued to your computer (an IP address that is significant only to that machine for the most of the time while you are using it*).
This IP address is logged and in most cases, used as an identifier not only with your ISP but all the websites/servers you access.
So, in English?
I connect to my isp from my basement, my computer sends my personal username and password to the company and it then permits me access to the internet and assigns me an IP address.
When I visit my favorite science supply site to order research chemicals. That site most likely logs my IP address, the same address that my ISP assigned to me when my computer connected.
Now, when you view a page on the internet, that page request is sent to the site and it returns the page to your computer, that information can be logged as well by ISPs.
Can meaning that under most circumstances the information being sent back and forth is not logged due to system performances. BUT, if your under suspicion, its as easy as checking a checkbox to log all traffic to your IP.
So the logs will look like this.
10.10.115.225,June5,22:45,httprequest, www.fakesupplyname.com/sales/newstuff.html, sent.
That one line can be proven in court that “that” particular IP address visited that particular website at that particular moment and downloaded that SPECIFIC page.
ALL this without even looking at your PC.
What about proxies and encryption?
Proxies are ways you can restrict your IP address from being recorded at the science site. This means that even though your being logged at your end, they wont be able to log it at their end.
Using a proxy this way is difficult to set up and far to cumbersome. The other issue is back to logging, if someone is looking for something, chances are it will still be available from the logs at your own ISP?
Encryption, the little padlock you see when you checkout of most commerce sites, ensures that any information being sent between the two computers cannot be easily read.
How does this effect your ISP logs?
They will show most of the same information, but, logging additional traffic will not be shown. Since most science supply companies use encryption, but only during the checkout phase, your ISP logs should look like this…
IP, Date, Time, Action, address, response (before you buy, just browsing)
IP, Date, Time, Action, Address (Checking out/purchase)
They can see that your on the site, at that time and your at the checkout, but cant see what your buying unless they can access the logs from the science site.
This means they can see the pages, but, smaller information on what details of the page cannot be logged, details like charge card numbers and transaction details.
Your computer does track information, BUT, in most cases of purchasing science supplies. All the information they need is provided to them from logs outside your home.
Legally, how do you stand.
Well so far we have seen how authorities can prove that “a” computer connected to the isp. That computer used a username and pw assigned to you. Connected to a website that sold science supplies and visited a checkout.
We have not proven the following…
Who did the transaction.
Where (address, physical location) the purchase was made.
Who was at the computer.
Who owns the computer.
Who received the good.
This is very important. You cant prove a crime if there is no evidence. Buying supplies online is not illegal if you never received the supplies.
In all honesty, for personal use amounts, I would not put much thought into this since the expense needed to convict someone is immense.
The acquisition of logs, warrants and such is unlikely to happen for personal use. BUT, there are rare cases of individuals being tracked.
Can you do anything?
Nope. Even if you were to cover all your bases, the authorities will likely just grab you when you posses the items. Case closed.
At the end of the day, buy your supplies. Read up on secure shipping (I can dig up a post somewhere) and hope that uncle sam, Martha or whomever runs your country isn?t bored that day.
Bottom line, if the authorities want to catch you, chances are they will. Regardless of what you do at your end. The other equation is this? if they catch you, they have to prove it in court and as long as you have determination (aka money), you CAN beat any charge.
Note: This is under most normal circumstances, the advanced security expert can cover some of their tracks but it would require extensive tools, research and knowledge. These items are far more expensive, time consuming and not worth it because there will ALWAYS be evidence.
I hope this answers your questions. If not, send me more Smile