Think You Can Live Offline Without Being Tracked? Here's What It Takes

We asked the most privacy-aware people we could find what it would take to go off the radar. Hint: You're going to need to do more than throw away your laptop.

Nico Sell, the cofounder of a secure communication app called Wickr, has appeared on television twice. Both times, she wore sunglasses to prevent viewers from getting a full picture of what she looks like.

Sell, also an organizer of the hacker conference Def Con, places herself in the top 1% of the "super paranoid." She doesn’t have a Facebook account. She keeps the device that pays her tolls in a transmission-proof envelope when it’s not in use. And she assumes that every phone call she makes and every email she sends will be searchable by the general public at some point in the future.

Many of her friends once considered her habits to be of the tin-foil-hat-wearing variety. But with this summer's revelations of the NSA's broad surveillance program, they’re starting to look a little more logical. "For the last couple of months," Sell says, "My friends that are not in the security industry come up to me, and I hear this all the time, ‘You were right.’ "

But even as more people become aware they are being tracked throughout their daily lives, few understand to what extent. In a recent Pew Internet study, 37% of respondents said they thought it was possible to be completely anonymous online. From experts like Sell, you'll get a different range of answers about whether it's possible to live without any data trail: "100% no," she says.

The people who have actually attempted to live without being tracked—most often due to a safety threat—will tell you that security cameras are just about everywhere, RFID tags seem to be in everything, and almost any movement results in becoming part of a database. "It’s basically impossible for you and I to decide, as of tomorrow, I’m going to remain off the radar and to survive for a month or 12 months," says Gunter Ollmann, the CTO of security firm IOActive, who in his former work with law enforcement had several coworkers who dedicated themselves to remaining anonymous for the safety of their families. "The amount of prep work you have to do in order to stay off the radar involves years of investment leading up to that."

Fast Company interviewed the most tracking-conscious people we could find about their strategies for staying anonymous to different degrees. Here are just a handful of daily, offline tasks that get more complicated if you're avoiding surveillance.

1. Getting Places

A few years ago, a man who goes by the Internet handle "Puking Monkey" noticed devices reading his toll pass in places where there weren’t any tolls. He assumed that they were being used to track drivers’ movements. "People would say, 'Well you don’t know that, because it doesn’t tell you when it tracks you,'" he tells Fast Company. "I said, 'Okay, I’ll go prove it.' "

He rigged his pass to make a mooing cow noise every time a device read his toll payment tag. And sure enough, it went off in front of Macy’s, near Time Square, and in several other places where there was no tollbooth in sight.

It turns out the city tracks toll passes in order to obtain real-time traffic information, a benign enough intention. But what worries people like Puking Monkey about being tracked is rarely a database’s intended purpose. It's that someone with access to the database will misuse it, like when NSA employees have spied on love interests, A U.K. immigration officer once put his wife on a list of terrorist suspects in order to prevent her from flying into the country. Or that it will be used for a purpose other than one it was built for, like when social security numbers were issued for retirement savings and then expanded to become universal identifiers. Or, most likely, that it will be stolen, like the many times a hacker group called Anonymous gains access to someone's personal data and posts it online for public viewing. By one security company's count, in 2012 there were 2,644 reported data breeches involving 267 million records.

In order to stop his toll pass from being tracked, Puking Monkey keeps it sealed in the foil bag it came in when he's not driving through a toll. That only stops that data trail (minus toll points). Automatic license plate readers, often mounted to a police car or street sign, are also logging data about where cars appear. They typically take photos of every license plate that passes them and often these photos remain stored in a database for years. Sometimes they are linked with other databases to help solve crimes.

Puking Monkey avoids license-plate readers by keeping his old, non-reflective license plate, which is more difficult to read than newer, reflective models. Others who share his concerns salt their license plates, add bumper guards or otherwise obscure the writing—say by driving with the hatch down or driving with a trailer hatch attached—in order to avoid being tracked.

But that still doesn’t account for the tracking devices attached to the car itself. To identify tires, which can come in handy if they’re recalled, tire manufacturers insert an RFID tag with a unique code that can be read from about 20 feet away by an RFID reader. "I have no way to know if it’s actually being tracked, but there are unique numbers in those tires that could be used that way," Puking Monkey says.

He uses a camera flash to zap his tires with enough energy to destroy the chips.

2. Buying things

Depending on your level of concern, there are several ways to produce less data exhaust when making purchases. None of the privacy experts who I spoke with sign up for loyalty cards, for instance. "It’s the link between your home address, what you’re purchasing, age, your movements around the country, when you’re shopping in different locations, that is tied to purchases you’re making in-store," Ollmann says. In a recently publicized example, Target used data collected from loyalty cards to deduce when its customers were pregnant—in some cases, before they had shared the news with their families.

Tom Ritter, a principal security consultant at iSEC Partners, has come up with a creative way to subvert loyalty tracking without giving up discounts. When he sees someone has a card on their key chain, he asks if he can take a photo of the bar code to use with his own purchases. They get extra points, and he gets discounts without giving up any of his privacy.

What you buy can paint a pretty good picture of what you’re doing, and many people aren’t willing to leave that information in a credit card company's database either. Adam Havey, an artist who makes anti-surveillance gear, puts all of his purchases on a credit card registered under a fake name. Then he uses the credit card in his actual name to pay the bill (Update: Harvey clarified that this is a technique he heard about from Julia Angwin, who is writing a book about surveillance). Ollmann buys prepaid gift cards with no attribution back to him to do his online shopping.

The most intense privacy seekers have a strict cash-only policy—which can mean they need to get paid in cash. At Ollmann’s old law enforcement job, one employee didn’t get paid, but vaguely "traded his services for other services."

"A barter system starts to appear if you want to live without being tracked," Ollmann says.

3. Having Friends

Friends can be an impediment to a life off the radar. For one, they probably think they’re doing you a favor when they invite you to a party using Evite, add you to LinkedIn or Facebook, or keep your information in a contact book that they sync with their computer.

But from your perspective, as someone trying to remain as untraceable as possible, they are selling you out. "Basically what they’ve done is uploaded all of my contact information and connected it to them," Sell says.

Same goes for photos, and their geolocation metadata, when they're added to social networking sites. Sell, with her sunglasses, is not alone in being concerned about putting her appearance online. At some security events, where there are often speakers and attendees with reasons to keep off the radar, organizers distribute name tags with different color stickers. The stickers indicate whether each attendee is okay with having his or her photo taken.

Sure, it seems paranoid today. But Facebook and Twitter already run photos posted on their sites through a Microsoft-developed system called PhotoDNA in order to flag those who match known child pornography images. Most would not argue with the intention to find and prosecute child pornographers, though it's not difficult for privacy activists to imagine how the same technology could be expanded to other crimes. "Every time you upload a photograph to Facebook or put one on Twitter for that matter you are now ratting out anybody in that frame to any police agency in the world that’s looking for them," digital privacy advocate Eben Moglen told BetaBeat last year during a rant against one of its reporters. "Some police agencies in the world are evil. That’s a pretty serious thing you’ve just done."

Ritter says he (not his company) personally thinks someone will build a facial recognition algorithm to scan the Internet within the next 10 years. "I can just imagine them opening it up where you would submit a Facebook photo of your friend, and it would show all the images that match it," he says. "We have the algorithms, we know how to crawl the Internet. It’s just a matter of putting the two together and getting a budget."

4. Just About Everything Else

It’s almost impossible to think of all the data you create on a daily basis. Even something as simple as using electricity is creating data about your habits. It’s more than whether or not you turned the lights on—it’s how many people are in your house and when you’re usually around.

RFID tags aren’t just in tires, they’re in your clothing, your tap-to-pay credit cards, and your dry cleaning. Ollmann zaps his T-shirts in the microwave. Others carry an RFID-blocking wallet to avoid having their RFID-enabled cards read when they're not making a purchase.

Maybe you've thought about the cameras that stores use to track customer movements. But cameras are also in your television, in your computer, and on the front of your phone. Earlier this year, security experts discovered a way to hack into Samsung Smart TVs and surreptitiously turn on the built-in camera, allowing anyone who exploited the security hole to watch you as you watched TV. Though the vulnerability has since been fixed, it demonstrated that the security of connected objects isn't guaranteed. Sell responded by covering all of the cameras in her household electronics with masking tape.

What makes totally avoiding surveillance really difficult is that even if you've thought of everything—to the point where you're covering your tablet's front-facing camera with masking tape—you can always think of more ways your data could be misused. Because you're constantly trying to prevent something that hasn't necessarily happened yet, the precautions you can take are just as endless.

Sometimes, as in the case of the NSA scandal, you find out that they were warranted. Most of the time, you never really know.

Ritter, for instance, recently met an insurance executive who always pays for meals with cash because he believes some day that data will be linked to his coverage. "I’m not saying this is a definite thing that happens," Ritter says. "but I don’t see any definite reason why it couldn’t."

"And that kind of concerns me, ya know?"

[Image: Flickr user Vox Efx]

Add New Comment


  • John Andry

    can anyone tell me what is the process of data transmission from RFID tag to reader. is there any boud rate consideratiion

  • someonedardy

    We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.

  • incognitoPlayer

    the only reason you would truly care about this is if you have or about to do something wrong, or you think your so fucking special that they are watching you. ahaha

  • m8r-vhoxd8

    If you dont have anything to hide, how about you post all of your usernames and passwords and we can double check for you. ;-)

    We'll be waiting, but I doubt you will submit.

  • m8r-vhoxd8

    if that is what you think, that you have nothing to hide, then how about you post all of your usernames and passwords and we will double check for you.

  • Kay O. Sweaver

    Jews, gypsies and homosexuals weren't doing anything wrong in 1930's Germany. Governments change, sometimes very quickly. Not to mention that things that things that were illegal in the past we've decided are okay today, alcohol in the US, marijuana in Washington and Colorado, gay marriage, women voters, etc. Imagine if they'd had this technology back in the days of the Civil Rights movement...

    P.S.: Why do I have to use facebook or twitter to comment? Huh?

  • Doodpants

    "By one security company's count, in 2012 there were 2,644 reported data breeches involving 267 million records."

    I assume you meant "data breaches"... or were there really 2,644 reported data trousers? How much data can your pants carry? :-)

  • MyDogSamEatsPurpleFlowers

    Don't forget one other thing. If you don't like big lips Obama, don't comment. Obama, the dictasting dictator is too self righteous to think he could EVER make a mistake. LOL

  • Juliette Akinyi Ochieng

    Psalm 91:1 He that dwelleth in the secret place of the most High shall abide under the shadow of the Almighty.

  • pjb1

    Go buy yourself a battle rifle and a case of ammo. Trust me, it will make you feel better, and you won't care what they track. In fact, buying a battle rifle is a way of sneering, "Track THIS!"

  • Larry Arnold

    [Fast Company interviewed the most tracking-conscious people we could find ]
    Um. If you could find them...

  • olita

    To all y'all who have the "if you aren't doing anything illegal, you have nothing to worry about" need to examine the question of WHO decides what is and what is not illegal. WHO decides what activities are acceptable to engage in? We already know that the government spied on peace activists during the lead up to the Iraq war. What about corporations? Surely you don't need to be convinced that a corporation would resort to shady practices to protect their interests. Organizing a labor union is a right in the USA, but corporations don't like unions. It would be a lot easier to sabotage one before it gets off the ground by spying on employees they suspect of organizing a union rather than engage in open negotiations. ...and that's just the tip of the iceberg.

  • chånz

    the ultimate counter measure for people hacking your cameras and watching you.. masking tape. peel it off when you want to use the camera.

  • Hewhoknows

    I dont know what is more horrible, the fact that you will soon need to be very rich to stay offline or the fact that '2644 data breeches' went unnoticed by so many commentators? The word is 'breach' Sarah Kessler as in breach of contract.

  • Decaptured Da Vinchi

    If you're poor you cannot afford traceable gadgets, you don't have a money to spend and you're living nowhere. Tell me now there isn't advantage to be utterly moneyless. If those people above with plenty of money give a chance to throw away their comfort, belongings and money and go to live anywhere in the middle of Arizona in a caravan and paying with cash only if they need (also not living on a s**t fast food so don't need health service) they wouldn't have any problem pictured above. Well, this is their choice with consequences.