"Hide and seek": A little about the technologies of anonymity on the Internet
Internet security has always been a hot topic of discussion. In particular, the issues of anonymity online remain very popular.
Today we would like to return to the topic of information security and a small review of solutions such as VPN, proxy, Tor and several others.
/ photo Magnus CC
The essence of the proxy server is to redirect traffic through itself, as an intermediary. Thus, the destination node will assume that the request was sent not by you, but by the proxy server. This solution allows you to bypass various network restrictions that some services establish (in particular, blocking by geographic location).
')
There are several types of proxy servers. The first is a web proxy that only HTTP traffic passes through itself, by default adding data about the use of a proxy to the transmitted traffic. One of the drawbacks of this solution is the lack of support for scripts and Java and Adobe Flash plug-ins. In addition, many web proxies are used by a huge number of users, because they can easily get on the list of blocked on most network resources.
The second type of proxy is SOCKS proxy servers. The SOCKS protocol is at the session level of the OSI model. Due to this, independence from high-level protocols (HTTP, FTP, PORZ and so on) is achieved, which allows SOCKS to pass all traffic through itself, not just HTTP. Therefore, with their help, you can, for example, upload files via FTP and send e-mail.
Separately, you can note the CGI-proxy or the so-called anonymizer, which is a web server with a form in which the user enters the address of the site he needs. After that, the page of the requested resource opens, but the address of the CGI proxy is displayed in the address bar of the browser. A CGI proxy, like any web server, can use HTTPS to protect the communication channel between itself and the client.
"+":
"-":
Tor is one of the most popular technologies for hiding identity on the Internet and the first one that specializes in it. However, anonymity and security must be clearly separated. This technology does not allow you to protect your data from being intercepted outside the Tor network or to hide content from prying eyes, since the information is encrypted only within the system itself.
However, even despite the vulnerability of traffic at the entrance and exit of the network, Tor does not allow to connect this data with you. The main idea of ​​the system is to redirect traffic through several anonymous servers in such a way that at the exit from the network the destination node can only see the destination server, which is considered the source of data.
Traffic is redirected through an arbitrary number of servers (but not less than three), which makes it possible to quite well hide the real source of information by “tangling” the metadata. Such a redirection system is called onion routing, where each node in the network can decipher only a portion of the message with instructions about traffic redirection.
The output node fully decrypts the message and forwards it to the end node of the open network. To do this, Tor generates a redirection channel and receives encryption keys from all network nodes in the channel. The received keys are transmitted to the sender of the information that he uses to encrypt the data before sending it.
Tor provides high-level network anonymity, but ensuring real anonymity is a problem whose solution is almost impossible to find. There is a "arms race" between the developers of the Tor network and hackers who want to be able to expose the users of the network. It is worth noting that successful hacker attacks were carried out on the Tor network. Therefore, it cannot be argued that it allows you to hide a person with a 100% guarantee. However, Tor is still one of the most effective and reliable means of ensuring anonymity.
"+":
"-":
The principle of VPN is similar to Tor and proxy servers. When you connect to a VPN, you redirect your data stream over a private network. Inside this network there are own servers (intranet) and an output node (as is the case with Tor). Thus, if you connect to the Internet through a VPN, the destination can only see the address of the VPN server.
Unlike Tor servers, VPN servers support large companies, which often adhere to the principle of prohibiting logging, and this further enhances security. Almost all commercial VPN providers offer a choice of two implementations: OpenVPN and PPTP. Less common options are L2TP + IPSec and SSTP. We should also mention the services that provide DoubleVPN, when before going on the Internet traffic passes through two different VPN servers in different countries, and QuadVPN - in this case 4 servers appear at once.
"+":
"-":
VPN is a great way to protect data, which, in combination with the means of ensuring anonymity on the network (Tor), allows for a higher level of “peace of mind”.
Tor via VPN
The VPN server with such a scheme is a permanent entrance node, after which encrypted traffic is sent to the Tor network. In practice, the scheme is implemented simply: first, a connection is made to the VPN server, then a Tor browser is launched, which automatically sets up the necessary routing through the VPN tunnel.
This scheme allows you to hide the very fact of using Tor from an Internet provider. And in the case of a theoretical compromise of Tor, we will protect the VPN line, which does not store logs. Note that the use of a proxy server instead of VPN is meaningless: without the encryption provided by the VPN, such a scheme does not have any significant advantages.
"+":
"-":
VPN via Tor
With such a scheme, data is first encrypted to be sent to the VPN server, and then their transfer over the Tor network. In this case, you need to configure the VPN client to work with Tor.
Such a connection scheme can be used to bypass the blocking of Tor nodes by external resources, plus it must protect traffic from listening on the output node. It is also important to note that any output node will easily allocate a client in the general stream, since most users go to different resources, and in this scheme the client always goes to the same VPN server. Naturally, the use of conventional proxy servers after Tor does not make much sense, since traffic to the proxy is not encrypted.
"+":
"-":
Additionally, we note that to ensure anonymity, there are specially designed operating systems. One such OS is Whonix. Her work is based on two Debian OSs running on VirtualBox virtual machines.
In this configuration, one system is a gateway, sending all traffic through the Tor network, and the second is an isolated workstation that connects to the network only through a gateway. Such a mechanism is called an isolating proxy server. This scheme avoids many software vulnerabilities on the workstation, since the machine itself does not know its external IP address.
OS Whonix implements many useful mechanisms of anonymity. For example, it is able to provide secure hosting services — even if an attacker has hacked a web server, he will not be able to steal the private key. Whonix also supports bridges that allow you to hide the fact that you are using Tor from a provider, and offers the possibility of tunneling through other anonymous networks, such as Freenet, I2P, etc.
This system has been tested and well documented, and also works great with all combinations of Tor / VPN / Proxy, but it still has certain disadvantages. These include quite complex configuration and the need to support two virtual machines or separate physical equipment. It is also worth noting that the Whonix project develops independently of Tor and its tools, and therefore is not able to protect against their vulnerabilities.
In addition to the “anonymization” methods listed above, there are dozens of separate projects dedicated to anonymity on the Internet. The following solutions are actively developing today: Freenet, GNUnet, JAP, RetroShare, Perfect Dark. Also of interest may be anonymous networks built on the basis of Wi-Fi, allowing to achieve independence from Internet providers: the project Byzantium, the project Netsukuku, the project BATMAN
Additional reading: IaaS-digest - 25 materials on the transformation of technology and business .
Today we would like to return to the topic of information security and a small review of solutions such as VPN, proxy, Tor and several others.
/ photo Magnus CC
Proxy servers
The essence of the proxy server is to redirect traffic through itself, as an intermediary. Thus, the destination node will assume that the request was sent not by you, but by the proxy server. This solution allows you to bypass various network restrictions that some services establish (in particular, blocking by geographic location).
')
There are several types of proxy servers. The first is a web proxy that only HTTP traffic passes through itself, by default adding data about the use of a proxy to the transmitted traffic. One of the drawbacks of this solution is the lack of support for scripts and Java and Adobe Flash plug-ins. In addition, many web proxies are used by a huge number of users, because they can easily get on the list of blocked on most network resources.
The second type of proxy is SOCKS proxy servers. The SOCKS protocol is at the session level of the OSI model. Due to this, independence from high-level protocols (HTTP, FTP, PORZ and so on) is achieved, which allows SOCKS to pass all traffic through itself, not just HTTP. Therefore, with their help, you can, for example, upload files via FTP and send e-mail.
Separately, you can note the CGI-proxy or the so-called anonymizer, which is a web server with a form in which the user enters the address of the site he needs. After that, the page of the requested resource opens, but the address of the CGI proxy is displayed in the address bar of the browser. A CGI proxy, like any web server, can use HTTPS to protect the communication channel between itself and the client.
"+":
- Public proxies are free
- In most cases, they are sufficient for easy navigation on the Internet.
- Allow to bypass network restrictions
- Allow to bypass restrictions on a territorial basis
"-":
- Most implementations do not use data encryption.
- Public proxies are often unstable.
- The most popular proxies are blocked by many sites.
Tor
Tor is one of the most popular technologies for hiding identity on the Internet and the first one that specializes in it. However, anonymity and security must be clearly separated. This technology does not allow you to protect your data from being intercepted outside the Tor network or to hide content from prying eyes, since the information is encrypted only within the system itself.
However, even despite the vulnerability of traffic at the entrance and exit of the network, Tor does not allow to connect this data with you. The main idea of ​​the system is to redirect traffic through several anonymous servers in such a way that at the exit from the network the destination node can only see the destination server, which is considered the source of data.
Traffic is redirected through an arbitrary number of servers (but not less than three), which makes it possible to quite well hide the real source of information by “tangling” the metadata. Such a redirection system is called onion routing, where each node in the network can decipher only a portion of the message with instructions about traffic redirection.
The output node fully decrypts the message and forwards it to the end node of the open network. To do this, Tor generates a redirection channel and receives encryption keys from all network nodes in the channel. The received keys are transmitted to the sender of the information that he uses to encrypt the data before sending it.
Tor provides high-level network anonymity, but ensuring real anonymity is a problem whose solution is almost impossible to find. There is a "arms race" between the developers of the Tor network and hackers who want to be able to expose the users of the network. It is worth noting that successful hacker attacks were carried out on the Tor network. Therefore, it cannot be argued that it allows you to hide a person with a 100% guarantee. However, Tor is still one of the most effective and reliable means of ensuring anonymity.
"+":
- Provides anonymity by masking a valid data source
- Provides data encryption within the Tor network itself.
- Good extra security
"-":
- The Tor network does not provide data security because it does not implement point-to-point encryption. You must use other encryption applications, such as HTTPS
- The network depends on volunteers who support the servers within the system.
- The network has been subject to attacks by hackers and special services.
VPN
The principle of VPN is similar to Tor and proxy servers. When you connect to a VPN, you redirect your data stream over a private network. Inside this network there are own servers (intranet) and an output node (as is the case with Tor). Thus, if you connect to the Internet through a VPN, the destination can only see the address of the VPN server.
Unlike Tor servers, VPN servers support large companies, which often adhere to the principle of prohibiting logging, and this further enhances security. Almost all commercial VPN providers offer a choice of two implementations: OpenVPN and PPTP. Less common options are L2TP + IPSec and SSTP. We should also mention the services that provide DoubleVPN, when before going on the Internet traffic passes through two different VPN servers in different countries, and QuadVPN - in this case 4 servers appear at once.
"+":
- Provides good encryption
- VPNs provide additional security systems: firewalls with NAT, protection against DNS leaks, private DNS, etc.
"-":
- Running a VPN on a computer requires additional computing power.
- Your traffic is visible to VPN server administrators (which can be avoided by using encryption using SSL / TSL)
The combination of Tor and VPN
VPN is a great way to protect data, which, in combination with the means of ensuring anonymity on the network (Tor), allows for a higher level of “peace of mind”.
Tor via VPN
The VPN server with such a scheme is a permanent entrance node, after which encrypted traffic is sent to the Tor network. In practice, the scheme is implemented simply: first, a connection is made to the VPN server, then a Tor browser is launched, which automatically sets up the necessary routing through the VPN tunnel.
This scheme allows you to hide the very fact of using Tor from an Internet provider. And in the case of a theoretical compromise of Tor, we will protect the VPN line, which does not store logs. Note that the use of a proxy server instead of VPN is meaningless: without the encryption provided by the VPN, such a scheme does not have any significant advantages.
"+":
- Your provider will not know that you are using Tor (although it may know that you are using a VPN)
- The Tor login node will not know your real IP address.
- Allows you to access hidden addresses on the Tor network (.onion)
"-":
- VPN provider will know your valid IP address
- No vulnerability protection on Tor exit nodes
VPN via Tor
With such a scheme, data is first encrypted to be sent to the VPN server, and then their transfer over the Tor network. In this case, you need to configure the VPN client to work with Tor.
Such a connection scheme can be used to bypass the blocking of Tor nodes by external resources, plus it must protect traffic from listening on the output node. It is also important to note that any output node will easily allocate a client in the general stream, since most users go to different resources, and in this scheme the client always goes to the same VPN server. Naturally, the use of conventional proxy servers after Tor does not make much sense, since traffic to the proxy is not encrypted.
"+":
- The VPN provider is not aware of the actual IP address of the source, but only knows the IP address of the output node of the Tor network.
- Provides protection against Tor exit nodes because all traffic is encrypted by the VPN client.
- Allows you to select the location of servers
- All Internet traffic goes through the Tor network, even if the programs do not initially support it.
"-":
- Your VPN provider can see your traffic, although it cannot connect it to you.
- Difficult implementation of the scheme
Whonix
Additionally, we note that to ensure anonymity, there are specially designed operating systems. One such OS is Whonix. Her work is based on two Debian OSs running on VirtualBox virtual machines.
In this configuration, one system is a gateway, sending all traffic through the Tor network, and the second is an isolated workstation that connects to the network only through a gateway. Such a mechanism is called an isolating proxy server. This scheme avoids many software vulnerabilities on the workstation, since the machine itself does not know its external IP address.
OS Whonix implements many useful mechanisms of anonymity. For example, it is able to provide secure hosting services — even if an attacker has hacked a web server, he will not be able to steal the private key. Whonix also supports bridges that allow you to hide the fact that you are using Tor from a provider, and offers the possibility of tunneling through other anonymous networks, such as Freenet, I2P, etc.
This system has been tested and well documented, and also works great with all combinations of Tor / VPN / Proxy, but it still has certain disadvantages. These include quite complex configuration and the need to support two virtual machines or separate physical equipment. It is also worth noting that the Whonix project develops independently of Tor and its tools, and therefore is not able to protect against their vulnerabilities.
Instead of a conclusion: other ways to ensure anonymity
In addition to the “anonymization” methods listed above, there are dozens of separate projects dedicated to anonymity on the Internet. The following solutions are actively developing today: Freenet, GNUnet, JAP, RetroShare, Perfect Dark. Also of interest may be anonymous networks built on the basis of Wi-Fi, allowing to achieve independence from Internet providers: the project Byzantium, the project Netsukuku, the project BATMAN
Additional reading: IaaS-digest - 25 materials on the transformation of technology and business .
Source: https://habr.com/ru/post/312032/
All Articles