Month: January 2012

How to be Anonymous on the web

Some people ask how to be truly anonymous on the web, or how to protect your privacy on the internet. A lot of people don’t know that quite a bit of information can be collected by websites or hackers without you even being aware of it. This post will try to make clear what actions you can take on protecting your privacy on the web.

Everything you read here is for security and educational purposes only. If you use this information for any illegal actions this is on your own responsibility.

I will be covering some techniques to protect your privacy on the web. However keep in mind that you will never be 100% anonymous. It just depends on how much time and money they want to waste on finding you.

What information can they gather about me ?

Well, the answer is really easy. Almost everything they want : ip-adress, location, internet service provider (isp) , browser you’re using, … If you want to check what a webserver can tell about you, you can simply use this website : http://www.whatsmyip.org/more-info-about-you/

If you scroll down the middle of the page you’ll see they can also determine what plugins you have installed on your machine, this in particular can come in handy for hackers to exploit bugs in these plugins.

How to hide this information ?

Well , just switching off the plugins is the only way to protect against exploit or bugs in these plugins. To truely stay anonymous on the web you will have to scramble your ip-adress. The only way to this, is by using other machines to access a given webserver.

Proxies

A proxy server can be seen as a box with a lot of incoming connections with different IP-adresses and one outgoing IP-adress. If you browse to a webserver using a proxy server your request will first be sent to the proxy server. The proxy server will ask the information at the webserver and redirects the information to your machine. The result ? The webserver will only see the IP-adress of the proxy server you used. So if you live in Belgium you can use a proxy server located in France to browse to a webserver in Italy. If the proxy server doesn’t keep logs of the connections it’s very hard to determine who connected to the proxy server. So if you choose a proxy server make sure you choose one without logs that are being kept. Some good proxy servers can be found here : http://www.socks24.org/

Proxies can be chained to scramble even more the path between the server and your machine. For a tutorial check google and firefox users maybe want to check the FoxyProxy plugin. But sometimes even proxy’s aren’t enough.

The TOR Project

The TOR Project was developed to provide a secure line for the US Military forces to transmit information and create an encrypted network. After the project became open source it is now used to browse anonymously on the web. The key principle used in TOR is based on connecting different nodes to each other using encrypted connections. It is build in an onion kind of way. When a user requests a certain webpage the request will go through different layers using encrypted connections. The n-th node doesn’t know anything about the n-1-th node. Following image shows how the network works :
Every time a request is sent a new random path is chosen , this is a solution to protect yourself against traffic analysis.

However some say the Tor network is being infiltrated by the government that installs exit nodes that keeps information about your machine. It’s recommended to switch off the Java plugin when using Tor. Sometimes a webpage can ask for permission to run a java applet, this is a perfect manner to obtain the IP-adress of a machine. How than may you ask ? Well, in short , Java applications run in a Java Virtual Machine. Tor can protect your IP-adress when you’re using firefox (with the Tor plugin) but it can’t route your information through the network when the request is being launched from the JVM. Interested to start using Tor or to learn more about it : https://www.torproject.org

Be warned, the Tor network is not for the fainthearted. Tor is being used also by criminals that use it to share : child pornography, black market , racism forums, etc.. Use it wisely. But can we even be more anonymous?

Virtual Private Networks (VPN’s)

A virtual private network (VPN) is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network.
VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.

The Wikipedia quote above sums it pretty much all up. The ideal situation is to use a VPN in addition to TOR. The best VPN services are often paid. I prefer GhostVPN : http://cyberghostvpn.com/ and here’s a list with some other good VPN’s :

  • http://www.swissvpn.net
  • http://perfect-privacy.com
  • https://www.ipredator.se
  • http://www.anonine.se
  • SSL and HTTPS

    A last tip is the fact you should use the HTTPSEverywhere plugin for firefox. This plugin will make sure your machine connects to every webserver (where possible) through an encrypted connection using the SSL encryption protocol. Very simple said : it will scramble the text you send over a network and the receiving machine is capable to put it back into readable text. For example use Facebook secure : https://facebook.com notice the ‘https’ prefix. This protects you from eavesdroppers on a local network, in a college house for example.

    Conclusion

    This is just a basic summary in internet security. But it already shows that a secure internet connection needs a lot of knowledge. Use this information to protect and secure your own privacy. Be anonymous, and enjoy. Any questions or remarks : comment below.