Pros and cons of various approaches to anonymity in the network

In recent days, there has been a lot of talk about the existence of total surveillance by the American special services. Not to mention the fact that many well-known services sin with disregard for the privacy of their users, without even providing HTTPS access.

For many, the topic of privacy is important. And we are not talking about hiding any evil intentions of users. Privacy and personal data is a completely legitimate right of a modern person.
')
There are several common ways to protect yourself from surveillance:

• use https
• clean cookies
• use proxy server
• use anonymous VPN
• use the TOR network
• use I2P network
• ...

Each option has its own advantages, advantages and a certain degree of protection. Let's take a closer look at them:

Cleaning cookies, disabling plug-ins (flash, java, etc.) and javascript

Removing regular and flash cookies is useful if you do not need personalization of the service and advertising targeting. In this case, you only delete your connection with your profile / session on the site, and what is stored in cookies depends entirely on the service. In the case of XSS vulnerabilities on a site that uses cookies for sessions, third-party sites can easily deanonymize you through a profile on such sites. For example, if you are logged in to linkedin, then by placing on your website a link to view your profile in the form of a map, then you can see which of the users of the linkedin viewed your page. It is also important to know that some plugins that are launched by your browser may reveal your real IP address, even if you are using proxy / TOR / I2P and other means of anonymization.

Using HTTPS

(+) protects from interception or substitution of site content,
(-) DNS queries are left unencrypted. For example, if you suddenly use an unencrypted WiFi channel, then your neighbors and your provider may find out the sites you visit.
(-) The website that you opened in the browser knows your IP address.

Using proxy server

Proxy servers come in several forms:

1. HTTP - retransmit GET / POST requests and can add your original ip-address to the request header, as well as keep a complete history of your interaction with the site.
   
   (+) client anonymity (if used correctly)
   (+) supported by almost all browsers.
   (+) DNS requests on behalf of the server
   (-) Server history
   (-) Ability to filter and substitute data by a proxy server
   (-) works only for HTTP protocol
   (-) does not save from attack through plugins and XSS
   
   
2. In the case of SOCKS proxy, the browser opens all TCP (and sometimes UDP) sockets on behalf of the server. At the same time (depending on the browser), you can use your local DNS server, and the site will be able to track you through it by issuing a unique name for each request in your subdomain and remembering from which addresses DNS requests come to them.
   
   (+) client anonymity (if used correctly)
   (+) the ability to forward an arbitrary TCP connection (for example, SSH)
   (+) DNS queries on behalf of the server (google chrome)
   (-) DNS queries on behalf of the client (firefox)
   (-) Ability to filter and substitute data by a proxy server
   (-) Server history
   (-) does not save from attack through plugins and XSS
   

Anonymous VPN

In essence, they give the same security as the SOCKS proxy.
(+) client anonymity (if used correctly)
(+) you will have a network interface with an “anonymous” address, and you do not need to separately configure the browser and other programs to use it
(-) is more expensive because it requires the allocation of a separate IP address to each client
(-) does not save from attack through plugins and XSS

Rent a dedicated server

(+) client anonymity (if used correctly)
(+) the ability to configure SOCKS and HTTP proxies independently, knowing that the request history will not leak anywhere
(+) saves from attack through plugins and XSS, if you start the browser remotely
(-) is much more expensive and in some countries requires de-anonymization (passport, use of a credit card, etc.)
(-) the hoster can track your IP addresses from which you make connections to the server

Using TOR

(+) client anonymity (if used correctly)
(-) traffic may pass through another continent and / or through the IP address from the blacklist, and many Internet services will open more slowly or not open at all
(-) if you do not use HTTPS, then the output nodes can view / filter your requests
(-) site should be available on the Internet. That is, only the client is anonymous, but not the server.
(-) does not save from attack through plugins and XSS

I2p

An analogue of the TOR network is the I2P network, which also hides the network activity of users. In addition, you can create your own resource and announce it on the I2P network, without knowing the real IP address of the site or service.

(+) client anonymity (if used correctly)
(+) server anonymity (when used correctly)
(-) traffic can pass through another continent (and more than once), and as a result - low speed and long response time
(±) the absence of the usual DNS (in view of complete decentralization) and the need to subscribe to the "correct" name server or add the site to the address book
(±) internal sites are not accessible via the Internet and vice versa (with the exception of the use of gateways on which you can partially lose anonymity)
(-) does not save from attack through plugins and XSS

findings

Obviously, ensuring your privacy is a complex task, and that no networks or tools provide guaranteed anonymity: XSS / cookies must be considered, software errors, DNS server requests, HTTP headers, incorrectly configured nodes in the I2P and TOR networks, called “browser prints” and more, which I will write about in the following articles.

Various “advanced laws” on the closure of anonymizers and networks such as TOR and I2P make these networks more and more popular, since, due to architectural features, it is almost impossible to close them.

Over the past 10 years, the I2P network has grown from an academic project to a widely used product with a number of “non-kill resources” (for example, freezone.i2p, lib.i2p, btdigg.i2p)