How to Stay Actually Anonymous Online (Not Just Kinda)

Most 'anonymity' advice on the internet is about privacy — reducing tracking, hiding your IP, deleting cookies. That's useful. Real anonymity is something different and considerably harder. It means that a motivated, well-resourced adversary cannot connect your online activity to your real-world identity. The gap between privacy and anonymity is larger than most people think.

The Threat Model Question

Before doing anything, decide who you're hiding from. Hiding from ad networks requires different tools than hiding from your ISP, which requires different tools than hiding from law enforcement, which requires different tools than hiding from a nation-state intelligence agency. The tools and sacrifices scale with the adversary. Most people need ad-network-level privacy, not nation-state-level anonymity.

Operational security — OPSEC — is the discipline of managing information in a way that prevents adversaries from building a complete picture. The weakest link is almost never the technology. It's behaviour: logging into personal accounts, using recognisable writing styles, accessing from locations that can be physically tied to you.

The Network Layer

Tor is the strongest widely available option for network-layer anonymity. Three-hop onion routing means no single node knows both who you are and what you're accessing. For serious anonymity purposes, use the Tor Browser on a dedicated device, connect from a location not tied to your identity, and never access accounts or services that know who you are.

VPNs are not anonymity tools — they're privacy tools. A VPN shifts trust from your ISP to the VPN provider. If the VPN keeps logs, gets subpoenaed, gets hacked, or cooperates with authorities, your activity is linkable to you. For anonymity that must withstand legal pressure, VPNs are insufficient.

The Browser Layer

Browser fingerprinting links sessions across IP changes and cookie deletions. Tor Browser normalises fingerprint data — all Tor Browser users appear identical in key metrics. This is the right approach: make your browser indistinguishable from thousands of others, rather than trying to hide that you have a browser.

Wait — this matters. JavaScript is a massive fingerprinting attack surface. Disabling it (as the Tor Browser's security settings allow) breaks most of the web but dramatically reduces fingerprinting risk. The usability trade-off is real. Only worth it if your threat model actually requires it.

The Account and Identity Layer

Anonymous accounts require anonymous creation. A Gmail account created on your home IP, on your phone, after signing into your Apple ID, is not anonymous — Google, Apple, and your ISP all have records. Anonymous account creation requires Tor, a throwaway device or browser profile, payment via cryptocurrency bought with cash, and no linkage to any existing accounts.

Actually, scratch that — most people will never need this level of separation. But knowing what real anonymity requires clarifies what ordinary privacy tools actually provide. A VPN hides your IP from websites. Tor hides your IP from everyone and protects against traffic analysis. Browser hardening reduces fingerprinting. Operational discipline prevents the human errors that defeat all of it. Use the appropriate level for your actual situation.