Nov 5, 2013

Nikos Deja Vu - Anonymity, Privacy and Security Online

Anonymity, Privacy
and Security Online

Few things that you maybe don't know: A new survey finds that most internet users would like to be anonymous online, but many think it is not possible to be completely anonymous online. Some of the key findings:

86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email.
55% of internet users have taken steps to avoid observation by specific people, organizations, or the government.

The representative survey of 792 internet users also finds that notable numbers of internet users say they have experienced problems because others stole their personal information or otherwise took advantage of their visibility online. Specifically:

!. 21% of internet users have had an email or social networking account compromised or taken over by someone else without permission.
2. 12% have been stalked or harassed online.
4. 11% have had important personal information stolen such as their Social Security Number, credit card, or bank account information.
5. 6% have been the victim of an online scam and lost money.
6. 6% have had their reputation damaged because of something that happened online.
7. 4% have been led into physical danger because of something that happened online.

“Users clearly want the option of being anonymous online and increasingly worry that this is not possible. Their concerns apply to an entire ecosystem of surveillance. In fact, they are more intent on trying to mask their personal information from hackers, advertisers, friends and family members than they are trying to avoid observation by the government.”

How to Be Online Anonymously

Method 1 of 2: Gaining Knowledge

Know why you should be anonymous. There are endless reasons to be anonymous, or to increase your privacy.

The most obvious reason is your personal freedom. It is rarely in your interest that your government, your Internet provider's administrators/supporters or your company knows what you are doing online. What illness are you googling about? What porn do you watch? What political party do you favor? Do you search pirated software? The list is endless and everyone is affected.

There are other reasons to be anonymous, too. You could register multiple accounts on social networks (Facebook, YouTube, MySpace, Gmail, your favorite Internet forum, etc.) if you were anonymous. This is something a lot of people require once in a while, but most get caught doing it because they lack knowledge.

Gain knowledge about being anonymous online. To speak the truth, the Internet just looks simple from the user point of view; but, in reality, the protocols used to make this possible are very complex. The Internet was never designed to be an anonymous platform and as it grew the different governments of course had no interest that people could speak anonymously.

Every connection on the Internet has one thing in common: the IP Address. The data sent and received always contains a destination and a source IP Address, no matter what you did (email, surfing, file sharing, listening to a music stream or watching a video). This IP Address can be used to identify you (through the help of your provider, to break into your computer or to deny you access or track your access.

When surfing (using a browser like Firefox, Chrome or Opera to access HTTP pages) there is more information transmitted than you would ever guess! Your browser sends information about itself, about your operating system, your language and much more information. This information also tells a lot about your identity and can be used to give you customized text but also against you.

Know what has to be done to gain anonymity. The main factor is your IP Address, it needs to be obfuscated. Next your cookies need to be removed and finally your user agent should be changed. Changing the IP requires a tool/service called proxy the cookies can be removed through your browser settings and the user-agent is also part of your browser configuration.

Method 2 of 2: Using a Proxy

Understand that a proxy server can be configured in your browser network-connection settings. When using a online proxy, your browser will send all data requests to the proxy, the proxy will route it to the destination and send you back the data. This is "transparent" to you as user; the destination will only see the proxy IP address.
Use an open proxy. Open proxies are free proxies that can be found on the Internet. There are hundreds, even thousands, of open proxies, but be aware that using them can be dangerous. Most open proxies run against the will of their server owner sometimes through hacking the server and installing it. Using such a proxy includes a very high risk that all of your data is read by the operator of the proxy. Passwords, email addresses and similar are not protected.
One more important fact about open proxies is that many of them send your real IP as hidden variable to the web-server.

You can use the analyzer (see previous step) to test if your real IP was sent or not. Proxies that do not send your real IP address are called Anonymous proxies or Elite proxies. It is suggested you not use such a proxy if you do not have to.

Use a private proxy. Private proxies are proxies that require a login and password; usually you pay monthly to receive this information. Such proxies are much more secure than open proxies if the commercial operator is a trustworthy source.

In case someone offers thousands of proxies, you should take a very good look at it as this is a sign of a so-called bot network. Using a bot network as proxy can get you to court even if you thought you were using a legal service! So after all: look exactly who you give your money, do they look professional?

Use a web proxy. Such proxies are usually web scripts that allow you to enter a URL and forward all traffic for you. There are thousands of free web proxies available, but all of them have got their advantages and disadvantages.

One of the advantages of a web proxy is that you do not need to configure anything; as long as you just want to browse the web, they are the easiest thing to use.
But, a lot of websites do not work proper if you use a web-proxy, and Java applets or scripts can still catch your real IP. It is also a fact that most of those proxies log your data connection, steal your passwords and sneak advertisements into your traffic. At least most web proxies are operated by their legal owner, so you don't risk more than your privacy and data security when using them.

Use an anonymizing network. Networks like Tor are free to use, and provide very high anonymity and privacy. They tunnel your connection encrypted through several proxies, resulting in the fact that even your proxy does not know who the source of the request was. Those are very secure, and as good as always legally operated. The good news is that you no longer need to be a technician to utilize Tor. PAPARouter is a plug and play anonymity router that has Tor embedded in it. Just plug your ethernet cable into it and then connect one or many devices to it via it's wireless access point.

Keep in mind that using a proxy can be not enough to be anonymous. If your OS has proprietary, non-opensource code, it may contain built-in spyware. This makes all your security efforts useless.

At present, Tails and Whonix OS are recommended for anonymous browsing. Tails is an incognito amnestic OS running from a USB-stick or a CD and relying on the Tor network to keep the user secure with the consequent wipe of all browsing traces at reboot or shutdown. Better yet, anonymize several devices, even your whole house, with a PAPARouter, a Tor router.

Whonix implements the workstation-gateway design based on the free VirtualBox virtual machine to achieve three anonymity goals:
1. The virtual machine's hardware data instead of the real hardware data are transmitted;
2. All connections from Whonix to the Internet are established through the secure hardened Torrified gateway, thus limiting the malware adverse impact on anonymity.
3. The user is allowed to save their own configurations of the software including any changes made to the OS and the OS snapshots which can be used later to roll back to a previous anonymity state or as "other virtual identities". Also, multiple browser profiles may be enabled for additional virtual identities.


Nikos Deja Vu

No comments:

Post a Comment