August 26, 2013 at 19:25A little bit anonymous
The discussion of anonymity should not begin with the words proxy / tor / vpn, but with the definition of the task: anonymously connecting to someone else's server via SSH is one thing, anonymously raising your website is another, working anonymously on the Internet is the third, etc. - and all these tasks are solved in different ways. This article is about the task of "anonymously surfing the Internet as a user."
Recently, many articles on the topic of ensuring anonymity on the Internet have appeared on the hub, but they all describe the “slightly anonymous” approach. Being “a little anonymous” is practically meaningless, but judging by the comments on these articles, many do not understand this.
First, you need to adequately assess the potential adversary. If you want to be “anonymous,” then you are trying to avoid the possibility of associating your online activity with your physical location and / or real name. Ordinary users and so do not have the ability to track you (technically, social methods when your nickname on the forum easily googles your account in social networks with all personal data, we do not consider here). Your provider / neighbors may be able to listen to most of your traffic, but, as a rule, they are not interesting to you (yes, neighbors can steal your passwords, but they will not engage in monitoring your activity or your deanonymization). As for the owners of the resources you use (websites, proxies / vpn servers, etc.), they have at their disposal a lot of tools for tracking you (DNS-leaks, Flash / Java-plugins, banner networks, “Browser fingerprints”, many different types of cookies, etc.) plus a serious commercial interest in tracking you reliably (for targeting ads, selling data, etc.). Well, the government and special services can access both the data that websites collect on you and the data that providers collect. Thus, it turns out thatthose who have the ability and desire to track you have access to most of the possible leakage channels .
Secondly, there are a lot of channels of information leakage . And they are very diverse (from a suddenly disconnected VPN to getting a real IP via Flash / Java browser plug-ins or sending a serial to your server with some thread by an application when trying to update). Moreover, new ones are regularly discovered (and created). Therefore, an attempt to block each of them individually, using methods unique to each, simply does not make sense , anyway, something will leak somewhere.
Thirdly, when "surfing the Internet" is used not only a browser- the majority also use IM, torrents, mail, SSH, FTP, IRC ... and often the information transmitted through these channels intersects and allows you to connect them (.torrent file downloaded from the site under your account is loaded into the torrent client, the link has arrived in the letter / IM / IRC opens in a browser, etc.). Add here that your OS and applications also regularly go to the Internet on their own business, while transmitting a bunch of information that deanonymizes you ...
From all this it logically follows that trying to add “a little bit of anonymity” by using a browser with Tor built-in, or setting up a torrent client to work through SOCKS - it makes no sense. Most of you will not be able to track without these measures, and those who have the ability and desire to track you will not stop these measures (maximum - they will complicate / slow down their work a little).
In general, there is only one way to ensure complete anonymity. For some private tasks, simpler solutions may exist - for example, to use an anonymous SSH connection to the server, it seems to be enough to use Tor. But these are exceptions that can only be resorted to if they are rare disposabletasks, and even then you need to be careful enough to avoid, for example, DNS-leaks. Taking into account the risks, I would not recommend resorting to such decisions at all - if sometimes there is a need for anonymity, then it is more reliable and easier to implement full anonymous access to the Internet once and use only it. Therefore, it is much more useful to describe (and help with installation / configuration) the implementation of full anonymity than to describe the differences between different versions of the SOCKS protocol or embed Tor in a specific web browser.
First we need a virtual machine. She will have a virtual network interface working through NAT, i.e. with IP like 192.168.xx and left MAC. Thus, no Flash / Java plug-ins, or even exploits hacking your browser will be able to find out your real IP.
Next, you must install in this virtual machine either free OS and all applications (Linux), or stolen and hacked (Windows) - so that when you transfer your license numbers to the Internet with these applications, you could not associate them with you.
To hide your IP from the sites you visit, and to hide your traffic from your provider / neighbors / Tor exit node, you need access to a VPN service (it doesn’t matter, based on OpenVPN or SSH). It should be either a free VPN or paid via Bitcoin - but in any case there should be no way to connect you (for example, with the credit card used to pay) with this service. (And by the way, when paying through bitcoins, you should also be careful .) The OS must be configured so that all traffic goes only through the VPN .
To hide your IP from the owners of the VPN service and their provider, you need to route the VPN connection through Tor.
In order to guarantee that no failures (or hacking with reconfiguration) inside the virtual machine will not "light up" your real IP address, you need to configure the firewall on the main (host) system so that the whole (i.e. not only TCP, but really all!) virtual machine traffic was passed exclusively to Tor and nowhere else.
Well, the last, but, nevertheless, very important: you should not enter anything inside this virtual machine that could be related to your real identity - name, credit card numbers, go to "your" accounts on any sites, fill in ( at least, without clearing EXIF metadata) to sites of photos taken with their main camera / phone, etc. Create separate “left” accounts on all the necessary sites, create separate mail / IM accounts (and do not correspond between your real and these accounts). Buy exclusively virtual goods (which do not need to be delivered to your physical address) and only for bitcoins.
That's all. Having such a system, you can no longer worry that you will be tracked through different types of cookies, HTTP headers and plugins, or a VPN connection will accidentally fall off. Those. they will be tracking, but physically the profiles created by them will not be able to lead to you. I would also recommend using a browser in a virtual system and IM / email clients that are visually noticeably different from those in your main system - to prevent inadvertent use of the “wrong” system.
Theoretically, there is still a chance to track you according to the style of your texts ... but for this to happen, you should first suspect that your regular, non-anonymous account and your anonymous account are one person - which will not happen if you adhere to the rules described above. And if such a suspicion nevertheless arose, then in our conditions no one will bother with text analysis, they will simply break into your home and study your computer.
Recently, many articles on the topic of ensuring anonymity on the Internet have appeared on the hub, but they all describe the “slightly anonymous” approach. Being “a little anonymous” is practically meaningless, but judging by the comments on these articles, many do not understand this.
First, you need to adequately assess the potential adversary. If you want to be “anonymous,” then you are trying to avoid the possibility of associating your online activity with your physical location and / or real name. Ordinary users and so do not have the ability to track you (technically, social methods when your nickname on the forum easily googles your account in social networks with all personal data, we do not consider here). Your provider / neighbors may be able to listen to most of your traffic, but, as a rule, they are not interesting to you (yes, neighbors can steal your passwords, but they will not engage in monitoring your activity or your deanonymization). As for the owners of the resources you use (websites, proxies / vpn servers, etc.), they have at their disposal a lot of tools for tracking you (DNS-leaks, Flash / Java-plugins, banner networks, “Browser fingerprints”, many different types of cookies, etc.) plus a serious commercial interest in tracking you reliably (for targeting ads, selling data, etc.). Well, the government and special services can access both the data that websites collect on you and the data that providers collect. Thus, it turns out thatthose who have the ability and desire to track you have access to most of the possible leakage channels .
Secondly, there are a lot of channels of information leakage . And they are very diverse (from a suddenly disconnected VPN to getting a real IP via Flash / Java browser plug-ins or sending a serial to your server with some thread by an application when trying to update). Moreover, new ones are regularly discovered (and created). Therefore, an attempt to block each of them individually, using methods unique to each, simply does not make sense , anyway, something will leak somewhere.
Thirdly, when "surfing the Internet" is used not only a browser- the majority also use IM, torrents, mail, SSH, FTP, IRC ... and often the information transmitted through these channels intersects and allows you to connect them (.torrent file downloaded from the site under your account is loaded into the torrent client, the link has arrived in the letter / IM / IRC opens in a browser, etc.). Add here that your OS and applications also regularly go to the Internet on their own business, while transmitting a bunch of information that deanonymizes you ...
From all this it logically follows that trying to add “a little bit of anonymity” by using a browser with Tor built-in, or setting up a torrent client to work through SOCKS - it makes no sense. Most of you will not be able to track without these measures, and those who have the ability and desire to track you will not stop these measures (maximum - they will complicate / slow down their work a little).
In general, there is only one way to ensure complete anonymity. For some private tasks, simpler solutions may exist - for example, to use an anonymous SSH connection to the server, it seems to be enough to use Tor. But these are exceptions that can only be resorted to if they are rare disposabletasks, and even then you need to be careful enough to avoid, for example, DNS-leaks. Taking into account the risks, I would not recommend resorting to such decisions at all - if sometimes there is a need for anonymity, then it is more reliable and easier to implement full anonymous access to the Internet once and use only it. Therefore, it is much more useful to describe (and help with installation / configuration) the implementation of full anonymity than to describe the differences between different versions of the SOCKS protocol or embed Tor in a specific web browser.
First we need a virtual machine. She will have a virtual network interface working through NAT, i.e. with IP like 192.168.xx and left MAC. Thus, no Flash / Java plug-ins, or even exploits hacking your browser will be able to find out your real IP.
Next, you must install in this virtual machine either free OS and all applications (Linux), or stolen and hacked (Windows) - so that when you transfer your license numbers to the Internet with these applications, you could not associate them with you.
To hide your IP from the sites you visit, and to hide your traffic from your provider / neighbors / Tor exit node, you need access to a VPN service (it doesn’t matter, based on OpenVPN or SSH). It should be either a free VPN or paid via Bitcoin - but in any case there should be no way to connect you (for example, with the credit card used to pay) with this service. (And by the way, when paying through bitcoins, you should also be careful .) The OS must be configured so that all traffic goes only through the VPN .
To hide your IP from the owners of the VPN service and their provider, you need to route the VPN connection through Tor.
In order to guarantee that no failures (or hacking with reconfiguration) inside the virtual machine will not "light up" your real IP address, you need to configure the firewall on the main (host) system so that the whole (i.e. not only TCP, but really all!) virtual machine traffic was passed exclusively to Tor and nowhere else.
Well, the last, but, nevertheless, very important: you should not enter anything inside this virtual machine that could be related to your real identity - name, credit card numbers, go to "your" accounts on any sites, fill in ( at least, without clearing EXIF metadata) to sites of photos taken with their main camera / phone, etc. Create separate “left” accounts on all the necessary sites, create separate mail / IM accounts (and do not correspond between your real and these accounts). Buy exclusively virtual goods (which do not need to be delivered to your physical address) and only for bitcoins.
That's all. Having such a system, you can no longer worry that you will be tracked through different types of cookies, HTTP headers and plugins, or a VPN connection will accidentally fall off. Those. they will be tracking, but physically the profiles created by them will not be able to lead to you. I would also recommend using a browser in a virtual system and IM / email clients that are visually noticeably different from those in your main system - to prevent inadvertent use of the “wrong” system.
Theoretically, there is still a chance to track you according to the style of your texts ... but for this to happen, you should first suspect that your regular, non-anonymous account and your anonymous account are one person - which will not happen if you adhere to the rules described above. And if such a suspicion nevertheless arose, then in our conditions no one will bother with text analysis, they will simply break into your home and study your computer.