Pros and Cons of Different Online Anonymity Approaches

In recent days, there has been a lot of talk about the existence of total surveillance by US intelligence agencies. Not to mention the fact that many well-known services sin with a disregard for the privacy of their users, not even providing HTTPS access.
For many, the topic of privacy is important. And we are not talking about hiding any evil intentions of users. The privacy and personality of the data is a completely legal right of a modern person.
There are several common options to protect yourself from surveillance:
- use https
- clean cookies
- use proxy server
- use anonymous VPN
- use the tor network
- use I2P network
- ...
Each of the options has its drawbacks, advantages and a certain degree of protection. Let's take a closer look at them:
Clearing Cookies, banning plugins (flash, java, etc.) and javascript
Removing regular and flash cookies is useful if you do not need personalization of the service and advertising targeting. In this case, you only delete your connection with your profile / session on the site, and what is stored in cookies depends solely on the service. If there are XSS vulnerabilities on a site that uses cookies for sessions, third-party sites can easily deanonymize you through a profile on such sites. For example, if you are logged in to linkedin, then placing a link on your site to view your profile in the form of a picture, you can later see which of the users of linkedin viewed your page. It is also important to know that some plugins that are launched by your browser may reveal your real IP address, even if you use proxy / TOR / I2P and other anonymization tools.
Using HTTPS
(+) protects against interception or spoofing of site content,
(-) DNS queries remain unencrypted. For example, if you suddenly use an unencrypted WiFi channel, then your neighbors and your provider can find out the sites you visit.
(-) The website you opened in the browser knows your IP address.
Using proxy server
Proxy servers come in several forms:
- HTTP - relay GET / POST requests and can add your original IP address to the request header, as well as store the full history of your interaction with the site.
(+) anonymity of the client (if used correctly)
(+) is supported by almost all browsers
(+) DNS queries on behalf of the server
(-) History on the server
(-) The ability to filter and replace data with a proxy server
(-) works only for the HTTP protocol
(-) does not save from attack through plugins and XSS - In the case of SOCKS proxy, the browser opens all TCP (and sometimes UDP) sockets on behalf of the server. At the same time (depending on the browser), you can use your local DNS server, and the site can track you by it, by issuing a unique name for each request in its subdomain and remembering from which addresses DNS queries come to them.
(+) anonymity of the client (if used correctly)
(+) the ability to forward an arbitrary TCP connection (e.g. SSH)
(+) DNS queries on behalf of the server (google chrome)
(-) DNS queries on behalf of the client (firefox)
(-) Filtering and data substitution with a proxy server
(-) History on the server
(-) does not save from an attack through plugins and XSS
Anonymous VPN
In fact, they provide the same security as the SOCKS proxy.
(+) anonymity of the client (if used correctly)
(+) you will have a network interface with an “anonymous” address, and you do not need to configure the browser and other programs to use it separately
(-) this is more expensive, since it requires a separate IP for each client -addresses
(-) does not save from attack through plugins and XSS
Rent dedicated server
(+) anonymity of the client (if used correctly)
(+) the ability to configure SOCKS and HTTP proxies on their own, knowing that the request history does not leak anywhere
(+) saves from attacks through plugins and XSS if launching the browser remotely
(-) is much more expensive and in some countries it requires deanonymization (passport, use of a credit card, etc.)
(-) the host can monitor your IP addresses from which you make connections to the server
Using TOR
(+) client anonymity (if used correctly)
(-) traffic can go through another continent and / or through the IP address from the black list, and many Internet services will open more slowly or not at all
(-) if you do not use HTTPS, then output nodes can view / filter your requests
(-) the site should be accessible on the Internet. That is, only the client is anonymous, but not the server.
(-) does not save from attack through plugins and XSS
I2P
An analogue of the TOR network is the I2P network, which also hides the network activity of users. In addition, you can create your own resource and advertise it on the I2P network, while the real IP address of the site or service will not be known.
(+) client anonymity (if used correctly)
(+) server anonymity (if used correctly)
(-) traffic can go through another continent (moreover, more than once), and as a result - low speed and long response time
(±) the lack of the usual DNS (due to complete decentralization) and the need to subscribe to the “correct” name server or add a site to the address book
(±), internal sites are not accessible via the Internet and vice versa (except for the use of gateways, which can partially lose anonymity)
(-) does not save from attack through plugins and XSS
conclusions
Obviously, ensuring your privacy is a complex task, and that no networks and tools provide guaranteed anonymity: you need to consider XSS / cookies, software errors, queries to the DNS server, HTTP headers, incorrectly configured nodes on the I2P and TOR networks, so called "browser fingerprints" and much more, which I will write about in future articles.
Various kinds of "advanced laws" on the closure of anonymizers and networks such as TOR and I2P make these networks more and more popular, since due to their architectural features they are almost impossible to close.
Over the past 10 years, the I2P network has grown from an academic project into a widely used product with a number of “non-killed resources” (for example, freezone.i2p, lib.i2p, btdigg.i2p)
Only registered users can participate in the survey. Please come in.
How do you ensure your anonymity?
- 65.6% No way - I'm not interested in anyone 1,482
- 14.1% Turn off Cookies and / or using NoScript 319
- 15.7% I use Proxy / VPN / my server 356
- 22.7% Using Tor or I2P 514
- 5% I do not use internet, but prefer only offline meetings 115