Slightly anonymous
Discussion of anonymity should not begin with the words proxy / torus / vpn, but with the task definition: anonymously connecting to someone else's server via SSH is one thing, anonymously raising your website is another, working anonymously on the internet is the third, etc. - and all these tasks are solved in different ways. This article is about the task of "working anonymously on the Internet as a user."
Recently, there have been many articles on Habré on the topic of ensuring anonymity on the Internet, but they all describe the “a little bit of anonymous” approach. Being “a little bit anonymous” is almost meaningless, but judging by the comments on these articles, many do not understand this.
First, you need to adequately evaluate a potential adversary . If you want to be "anonymous", then you are trying to avoid the possibility of linking your activity on the Internet with your physical location and / or real name. Ordinary users already do not have the ability to track you (technically, social methods when your forum nickname is easily googling your account in social networks with all personal data we do not consider here). Your provider / neighbors may be able to listen to most of your traffic, but as a rule, you are not interested in them (yes, neighbors may steal your passwords, but they will not be able to track your activity or deanonymize them). As for the owners of the resources you use (websites, proxy / vpn servers, etc.), they have a lot of tools at their disposal to track you (DNS-leaks, Flash / Java plug-ins, banner networks, browser prints, many different types of cookies, etc.) plus a serious commercial interest in ensuring that you are tracked reliably (for targeting advertising, selling data, etc.). But the government and special services can access both the data that websites collect on you and the data that providers collect. Thus, it turns out that those who have the ability and desire to track you - have access to the most possible channels of leakage .
')
Secondly, the channels of information leakage are very, very much . And they are very diverse (from a suddenly disconnected VPN to getting a real IP via the browser's Flash / Java plug-ins or sending a serial to your server by some thread when trying to update). Moreover, new ones are regularly discovered (and created). Therefore, an attempt to block each of them individually, using unique methods, simply does not make sense , anyway, something will leak somewhere.
Thirdly, when working on the Internet, not only the browser is used - the majority also use IM, torrents, mail, SSH, FTP, IRC ... often the information transmitted through these channels intersects and allows them to be interconnected (.torrent- The file downloaded from the site under your account is loaded into the torrent client, the link that came in the letter / IM / IRC opens in the browser, etc.). Add to this the fact that your OS and applications also regularly climb to the Internet on their business, while transmitting a bunch of information that deanonimizes you ...
From all this it follows logically that trying to add "a little bit of anonymity" by using a browser with built-in Tor, or setting up a torrent client to work through SOCKS - it makes no sense. Most of you will not be able to track them without these measures, and those who have the capacity and desire to track you will not be stopped by these measures (the maximum will complicate / slow down their work a little).
In general, there is only one way to ensure full anonymity. For some particular tasks, there may be simpler solutions - for example, to anonymously connect to the server via SSH seems to be using Tor. But these are exceptions, which can be resorted to only if they are rare one-time tasks, and even then you need to be careful enough to avoid, for example, DNS-leaks. Considering the risks, I would not recommend resorting to such solutions in general - if sometimes there is a need for anonymity, then it is safer and easier to implement a full-fledged anonymous access to the Internet once and use only them. Therefore, it is much more useful to describe (and help with installation / configuration) the realization of full anonymity than to describe the differences between different versions of the SOCKS protocol or embed Tor into a specific web browser.
First we need a virtual machine. It will have a virtual network interface that works through NAT, i.e. with IP like 192.168.xx and left MAC. Thus, no Flash / Java plug-ins, or even exploits that have hacked your browser, can find out your real IP.
Next, you need to install either free OS and all applications (Linux), or stolen and hacked (Windows) into this virtual machine - so that when you transfer your license numbers to the Internet with these applications, they cannot be linked to you.
To hide your IP from visited sites, and hide your traffic from your provider / neighbors / Tor exit node, you will need access to a VPN service (it doesn’t matter based on OpenVPN or SSH). This should be either a free VPN, or paid via Bitcoin - but in any case there should not be an opportunity to link (for example, via a credit card used for payment) you with this service. (And, by the way, when paying via Bitcoins, you should also be careful .) The OS needs to be configured so that all traffic goes only through VPN .
To hide your IP from the owners of the VPN service and their provider, you need to send a VPN connection through Tor.
To ensure that no failures (or hacking with reconfiguration) inside the virtual machine "light up" your real IP address, you must configure the firewall on the main (host) system so that the whole (ie, not only TCP, but really all!) virtual machine traffic was passed exclusively to Tor and nowhere else.
And finally, but very importantly: you shouldn’t enter anything inside this virtual machine that could be related to your real identity - name, credit card numbers, log in to “your” accounts on any sites, upload ( at least, without clearing the EXIF-metadata) on the sites pictures taken by their main camera / phone, etc. Create separate "left" accounts on all the necessary sites, create separate email / IM-accounts (and do not correspond between your real and these accounts). Buy only virtual goods (which do not need to be delivered to your physical address) and only for bitcoins.
That's all. Having such a system, you can no longer worry about being tracked through different types of cookies, HTTP headers and plugins, or a VPN connection will accidentally fall off. Those. they will be able to track, but physically they will not be able to bring profiles created by them to you. I would also recommend using a browser and IM / email clients visually different from those in your main system — to eliminate the unintended use of the “wrong” system.
Theoretically, there is still a chance to track you by the style of your texts ... but practically for this, you should first suspect that your usual non-anonymous account and your anonymous account is one person - which will not happen if you follow the rules described above. And if such a suspicion still arose, then in our conditions, no one will bother with text analysis, they will simply break into your home and study your computer.
Recently, there have been many articles on Habré on the topic of ensuring anonymity on the Internet, but they all describe the “a little bit of anonymous” approach. Being “a little bit anonymous” is almost meaningless, but judging by the comments on these articles, many do not understand this.
First, you need to adequately evaluate a potential adversary . If you want to be "anonymous", then you are trying to avoid the possibility of linking your activity on the Internet with your physical location and / or real name. Ordinary users already do not have the ability to track you (technically, social methods when your forum nickname is easily googling your account in social networks with all personal data we do not consider here). Your provider / neighbors may be able to listen to most of your traffic, but as a rule, you are not interested in them (yes, neighbors may steal your passwords, but they will not be able to track your activity or deanonymize them). As for the owners of the resources you use (websites, proxy / vpn servers, etc.), they have a lot of tools at their disposal to track you (DNS-leaks, Flash / Java plug-ins, banner networks, browser prints, many different types of cookies, etc.) plus a serious commercial interest in ensuring that you are tracked reliably (for targeting advertising, selling data, etc.). But the government and special services can access both the data that websites collect on you and the data that providers collect. Thus, it turns out that those who have the ability and desire to track you - have access to the most possible channels of leakage .
')
Secondly, the channels of information leakage are very, very much . And they are very diverse (from a suddenly disconnected VPN to getting a real IP via the browser's Flash / Java plug-ins or sending a serial to your server by some thread when trying to update). Moreover, new ones are regularly discovered (and created). Therefore, an attempt to block each of them individually, using unique methods, simply does not make sense , anyway, something will leak somewhere.
Thirdly, when working on the Internet, not only the browser is used - the majority also use IM, torrents, mail, SSH, FTP, IRC ... often the information transmitted through these channels intersects and allows them to be interconnected (.torrent- The file downloaded from the site under your account is loaded into the torrent client, the link that came in the letter / IM / IRC opens in the browser, etc.). Add to this the fact that your OS and applications also regularly climb to the Internet on their business, while transmitting a bunch of information that deanonimizes you ...
From all this it follows logically that trying to add "a little bit of anonymity" by using a browser with built-in Tor, or setting up a torrent client to work through SOCKS - it makes no sense. Most of you will not be able to track them without these measures, and those who have the capacity and desire to track you will not be stopped by these measures (the maximum will complicate / slow down their work a little).
In general, there is only one way to ensure full anonymity. For some particular tasks, there may be simpler solutions - for example, to anonymously connect to the server via SSH seems to be using Tor. But these are exceptions, which can be resorted to only if they are rare one-time tasks, and even then you need to be careful enough to avoid, for example, DNS-leaks. Considering the risks, I would not recommend resorting to such solutions in general - if sometimes there is a need for anonymity, then it is safer and easier to implement a full-fledged anonymous access to the Internet once and use only them. Therefore, it is much more useful to describe (and help with installation / configuration) the realization of full anonymity than to describe the differences between different versions of the SOCKS protocol or embed Tor into a specific web browser.
First we need a virtual machine. It will have a virtual network interface that works through NAT, i.e. with IP like 192.168.xx and left MAC. Thus, no Flash / Java plug-ins, or even exploits that have hacked your browser, can find out your real IP.
Next, you need to install either free OS and all applications (Linux), or stolen and hacked (Windows) into this virtual machine - so that when you transfer your license numbers to the Internet with these applications, they cannot be linked to you.
To hide your IP from visited sites, and hide your traffic from your provider / neighbors / Tor exit node, you will need access to a VPN service (it doesn’t matter based on OpenVPN or SSH). This should be either a free VPN, or paid via Bitcoin - but in any case there should not be an opportunity to link (for example, via a credit card used for payment) you with this service. (And, by the way, when paying via Bitcoins, you should also be careful .) The OS needs to be configured so that all traffic goes only through VPN .
To hide your IP from the owners of the VPN service and their provider, you need to send a VPN connection through Tor.
To ensure that no failures (or hacking with reconfiguration) inside the virtual machine "light up" your real IP address, you must configure the firewall on the main (host) system so that the whole (ie, not only TCP, but really all!) virtual machine traffic was passed exclusively to Tor and nowhere else.
And finally, but very importantly: you shouldn’t enter anything inside this virtual machine that could be related to your real identity - name, credit card numbers, log in to “your” accounts on any sites, upload ( at least, without clearing the EXIF-metadata) on the sites pictures taken by their main camera / phone, etc. Create separate "left" accounts on all the necessary sites, create separate email / IM-accounts (and do not correspond between your real and these accounts). Buy only virtual goods (which do not need to be delivered to your physical address) and only for bitcoins.
That's all. Having such a system, you can no longer worry about being tracked through different types of cookies, HTTP headers and plugins, or a VPN connection will accidentally fall off. Those. they will be able to track, but physically they will not be able to bring profiles created by them to you. I would also recommend using a browser and IM / email clients visually different from those in your main system — to eliminate the unintended use of the “wrong” system.
Theoretically, there is still a chance to track you by the style of your texts ... but practically for this, you should first suspect that your usual non-anonymous account and your anonymous account is one person - which will not happen if you follow the rules described above. And if such a suspicion still arose, then in our conditions, no one will bother with text analysis, they will simply break into your home and study your computer.
Source: https://habr.com/ru/post/191448/
All Articles