"Hide and Seek": A bit about the technology of anonymity on the Internet

    Internet security has always been a hot topic of discussion. In particular, issues of ensuring anonymity on the network remain very popular.

    Today we would like to return to the topic of information security and conduct a short review of such solutions as VPN, proxies, Tor and several others. / photo Magnus CC




    Proxies


    The essence of the proxy server is to redirect traffic through itself as an intermediary. Thus, the destination node will consider that the request was sent not by you, but by the proxy server. This solution allows you to bypass the various network restrictions that some services establish (in particular, blocking by geographic location).

    There are several types of proxies. The first is web proxies, which only HTTP traffic pass through themselves, by default adding proxy usage data to the transmitted traffic. One of the disadvantages of this solution is the lack of support for scripts and plug-ins Java and Adobe Flash. In addition, many web proxies are used by a huge number of users, because they can easily get into the list of blocked on most network resources.

    The second type of proxy is SOCKS proxy servers. The SOCKS protocol is at the session level of the OSI model. Due to this, independence from high-level protocols (HTTP, FTP, POPZ, and so on) is achieved, which allows SOCKS to pass through all traffic, not just HTTP. Therefore, with their help you can, for example, upload files via FTP and send e-mail.

    Separately, we can mention CGI proxies or the so-called anonymizers, which are a web server with a form in which the user enters the address of the site he needs. After that, the page of the requested resource opens, but the address of the CGI proxy is displayed in the address bar of the browser. CGI proxy, like any web server, can use HTTPS to protect the communication channel between itself and the client.

    "+":

    • Public proxies are free
    • In most cases, they are enough for easy navigation on the Internet
    • Allows to bypass network restrictions
    • Allow circumvention of territorial restrictions

    "-":

    • Most implementations do not use data encryption.
    • Public proxies are often unstable
    • Most popular proxies are blocked by many sites.

    Tor


    Tor is one of the most popular identity hiding technologies on the Internet and the first to specialize in this. However, anonymity and security must be clearly distinguished. This technology does not allow you to protect your data from being intercepted outside the Tor network or to hide content from prying eyes, since information is encrypted only inside the system itself.

    However, even despite the vulnerability of traffic at the input and output of the network, Tor does not allow you to connect this data with you. The main idea of ​​the system is to redirect traffic through several anonymous servers so that at the exit from the network the destination node sees only the destination server, which is considered the data source.

    Traffic is redirected through an arbitrary number of servers (but not less than three), which allows you to hide quite well the real source of information by "obfuscating" metadata. Such a redirection system is called onion routing, when each node in the network can decrypt only a part of the message with traffic redirection instructions.

    The output node completely decrypts the message and redirects it to the end node of the open network. To do this, Tor forms a redirect channel and receives encryption keys from all network nodes included in this channel. The received keys are transmitted to the sender of the information that he uses to encrypt the data before sending it.

    Tor provideshigh-level network anonymity, but ensuring true anonymity is a problem whose solution is almost impossible to find. There is an "arms race" between the developers of the Tor network and hackers who want to be able to expose network users. It is worth noting that successful hacker attacks were carried out on the Tor network . Therefore, it cannot be argued that it allows you to hide a person with a 100% guarantee. However, Tor is still one of the most effective and reliable means of ensuring anonymity.

    "+":

    • Provides anonymity by masking a valid data source
    • Provides data encryption within the Tor network itself.
    • Good extra protection

    "-":

    • The Tor network does not provide data security because it does not implement point-to-point encryption. Other encryption applications must be used, such as HTTPS
    • The network depends on volunteers who support the operation of servers within the system
    • The network was attacked by hackers and intelligence agencies.

    VPN


    The way VPN works is similar to Tor and proxies. When connecting to a VPN, you redirect your data stream through the private network. This network has its own servers (intranet) and an output node (as is the case with Tor). Thus, if you connect to the Internet through a VPN, the destination host can only see the address of the VPN server.

    Unlike Tor servers, VPN servers supportlarge companies that often adhere to the principle of a ban on logging, and this additionally increases security. Almost all commercial VPN providers offer a choice of two implementations: OpenVPN and PPTP. Less commonly offered are L2TP + IPSec and SSTP options. Separately, it is worth noting the services that provide DoubleVPN, when before going to the Internet traffic passes through two different VPN servers in different countries, and QuadVPN - in this case 4 servers appear immediately.

    "+":

    • Provides good encryption
    • VPNs provide additional security systems: firewalls with NAT, protection against DNS leaks, private DNS, etc.

    "-":

    • Running VPN on a computer requires additional computing power
    • Your traffic is visible to administrators of VPN servers (which can be avoided when using encryption using SSL / TSL)

    Combination of Tor and VPN


    VPN is a great way to protect data, which, in combination with means of ensuring anonymity on the network (Tor), allows you to achieve a higher level of "peace of mind".

    Tor through a VPN

    VPN server with this scheme is a constant input node, after which encrypted traffic is sent to the Tor network. In practice, the scheme is implemented simply: first, a connection is made to the VPN server, then a Tor browser is launched, which will automatically configure the necessary routing through the VPN tunnel.

    Such a scheme allows you to hide the fact of using Tor from your ISP. And in the case of theoretical compromise of Tor, we will be protected by the VPN boundary, which does not store logs. Note that using a proxy server instead of a VPN is meaningless: without the encryption provided by the VPN, such a scheme does not have any significant advantages.

    "+":

    • Your provider will not know that you are using Tor (although it may know that you are using a VPN)
    • The Tor Host will not know your real IP address.
    • Allows access to hidden addresses on the Tor network (.onion)

    "-":

    • The VPN provider will know your valid IP address.
    • No vulnerability protection on Tor exit nodes

    VPN through Tor

    With this scheme, data is first encrypted to be sent to the VPN server, and then it is transferred through the Tor network. In this case, you need to configure the VPN client to work with Tor.

    A similar connection scheme can be used to bypass the blocking of Tor nodes by external resources, plus it should protect traffic from listening on the output node. It is also important to note that any output node can easily allocate the client in the general flow, since most users go to different resources, and in this scheme the client always goes to the same VPN server. Naturally, the use of conventional proxy servers after Tor does not make much sense, since traffic to the proxy is not encrypted.

    "+":

    • The VPN provider does not know the actual IP address of the source, but only the IP address of the output node of the Tor network
    • Protection against the vulnerability of output nodes of the Tor network is provided, since all traffic is encrypted by the VPN client
    • Allows you to choose the location of the servers
    • All Internet traffic goes through the Tor network, even if the programs do not initially support it.

    "-":

    • Your VPN provider can see your traffic, although it cannot connect it with you
    • Complex implementation of the scheme

    Whonix


    Additionally, we note that to ensure anonymity, there are specially designed operating systems. One such OS is Whonix. Her work is based on two Debian operating systems running on VirtualBox virtual machines.

    In this configuration, one system is the gateway, sending all traffic through the Tor network, and the second is an isolated workstation that connects to the network only through the gateway. This mechanism is called an isolated proxy server. This scheme avoids many vulnerabilities associated with the software on the workstation, since the machine itself does not know its external IP address.

    The Whonix OS implements many useful anonymity mechanisms. For example, it can provide secure hosting services - even if an attacker hacked a web server, he could not steal the private key. Whonix also supports bridges that allow you to hide the fact of using Tor from the provider, and offers the possibility of tunneling through other anonymous networks, such as Freenet, I2P, etc. You can find more detailed information about the features of such connections here .

    This system is tested and well-documented, and also works great with all combinations of Tor / VPN / Proxy, but still has certain disadvantages. These include fairly complicated configuration and the need to support two virtual machines or separate physical equipment. It is also worth noting that the Whonix project is developing independently of Tor and its tools, therefore it is not able to protect against their vulnerabilities.

    Instead of a conclusion: other ways to ensure anonymity


    In addition to the above methods of "anonymization", there are dozens of individual projects devoted to anonymity on the Internet. Today, the following solutions are actively developing: Freenet, GNUnet, JAP, RetroShare, Perfect Dark. Anonymous Wi-Fi-based networks can also be of interest, allowing you to achieve independence from Internet providers: Byzantium project, Netsukuku project, BATMAN project

    Additional reading: IaaS digest - 25 materials on technology and business transformation .

    Also popular now: