Anonymity complete GUIDE By
Theraider & Dangerous R.
Anonymity
on the web
[ t a b l e o f c o n t e n t s ]
01
- table of contents
02 - introduction
03 - first tips
04 - about proxies
05 - cookies
06 - ftp transfers
07 - secure transactions
08 - SSL tunelling
09 - anonymity on irc
10 - mail crypto (and pgp usage)
11 - icq privacy
12 - spyware
13 - cleaning tracks
14 - ending words
[ introduction ]
Nowadays, everyone wants privacy on the web, because no matter where you go,
someone could be watching you. Someone like your employer, someone trying to
hack your system, companies gathering all your info to sell to yet other
companies, or even the government, may be on your track while you peacefully
surf the web. Thus, anonymity on the web means being able tu use all of its
services with no concern about someone snooping on your data.
Your
computer being connected to the net has an IP [Internet Protocol] address. If
you have a dial-up connection, then your IP changes every time you connect to
the internet (this is not always true, though. There are dialup isps, specially
for university students, that do have static ips). Cable modems and DSL
connections have a static IP, which means that the IP address does not change.
One of the goals of getting anonymous is to make sure your ip, either static or
dynamic) isn't revealed to other users of the internet, or to server
administrators of the servers you roam around when using internet services.
This
text tries to give you some hints on how to maintain your anonimity on the web.
Some of the hints may sound banal, but think of, if you really abide them in
every situation.
[ first tips ]
When chatting on IRC, ICQ, AIM (etc..), do not give out personal information
about yourself, where you live, work, etc.
Do not use your primary email address (the one your ISP gave you) anywhere
except to family members, close friends or trusted people. Instead create for
yourself a web-based email account such as yahoo, hotmail, dynamitemail,
mail.com, etc. and use this e-mail address to signing up for services, when in
the need to give your mail to download something, or to publish on your
homepage.
When
signing up for services on the web, don't give your real information like
address, phone number and such unless you really need to do so. This is the
kind of information that information gathering companies like to get, so that
they can sell out and fill your mailbox with spam.
Use
an anonymous proxy to surf the web. This makes sure your ip doesn't get stored
on the webserver logs. (Webservers log every GET request made, together with
date, hour, and IP. This is where the proxy comes in. They get the ip from the
proxy, not yours)
Use a bouncer to connect to IRC networks, in case you don't trust the
administrators, or the other users. A bouncer is a program that sits on a
permanently connected machine that allows you to connect there, and from there
to the irc server, just like a proxy works for webservers.
Use anonymous remailers to send out your e-mails.
Cryptography can also help you by making sure the material you send out the
web, like by email, etc, is cyphered, not allowing anyone that doesn't have
your key to read it (in key-based cryptography). Programs like PGP (pretty good
privacy) are toolkits with all you need to cypher and uncypher your stuff.
Delete traces of your work with the computer including history files, cache or
backup files.
[ about proxies ]
Proxies are caches that relay data. When you configure your web browser to use
a proxy, it never connects to the URL. Instead it always connects to the proxy
server, and asks it to get the URL for you. It works similarly with other type
of services such as IRC, ICQ etc. There'll won't be direct connection between
you and the server, so your real IP address won't be revealed to the server.
When you view a website on the server, the server won't see your IP. Some of
web proxies do not support forwarding of the cookies whose support is required
by some of the websites (for ex. Hotmail).
Here
are some anonymous proxies that you can use to surf anonymously (notice that
some of these may be a payed service):
Aixs
- http://aixs.net/
Rewebber - http://www.anon.de/
Anonymizer - http://www.anonymizer.com/
The Cloak - http://www.the-cloak.com/
You'll
highly probably find many websites that provide the lists of unauthorised
proxies and remailers . Such lists are being compiled usually with the help of
port scanners or exploit scanners, scanning for computers with wingate or other
proxies' backdoors. Using these proxies is illegal, and is being considered as
unauthorized access of computer. If you get such list to your hands, check if
the info is legal or compiled by script kiddie, and act acordingly.
If
you anyhow decide not to use proxy, at least do not forget to remove your
personal information from your browser. After you remove details like your name
and e-mail address from your browser, the only info a Web site can sniff out is
your ISP's address and geographical location. Also Java and JavaScript applets
can take control of your browser unexpectedly, and if you are surfing to
unknown and potentially dangerous places you should be aware of that. There are
exploitable browser bugs (mainly Internet explorer ones) reported ever week.
[ cookies ]
Maybe you're not aware of the fact that if you have the "allow
cookies" feature in your browser on, websites can store all sorts of
information on your harddrive. Cookies are small files that contain various
kind of information that can be read bt websites when you visit them. The usual
usage is to track demographics for advertising agencies that want to see just
what kinds of consumers a certain site is attracting. Web sites also use
cookies to keep your account information up-to-date. Then for instance when you
visit your e-mail webbased account without being unlogged some hours later, you
find yourself being logged on, even if you turn off your computer. Your login
and password was simply stored on your harddrive in cookie file. This is
security threat, in case that there is more persons who have the access to your
computer.
Most
of the browsers offer the possiblity to turn off the cookies, but some of sites
like Hotmail.com require them to be turned on. In case you decided to allow
cookies, at least never forget to log off from the websites when you're
finishing visiting them.
[ ftp transfers ]
When using an FTP client program to download files, assure yourself, that it's
giving a bogus password, like guest@unknown.com, not your real one. If your
browser lets you, turn off the feature that sends your e-mail address as a
password for anonymous FTP sessions.
[ secure transaction ]
Everything being sent from the web server to your browser is usually in plain
text format. That means, all transferred information can be easily sniffed on
the route. Some of the web servers support SSL (which stands for Secure Socket
Layer). To view and use these websites you'll need SSL support in your browser
as well. You recognize, that the connection is encrypted, if URL starts with
https:// instead of usual http://. Never use web server without SSL for sending
or receiving sensitive private or business information (credit card numbers,
passwords etc.)
[ SSL tunelling ]
What is SSL?
SSL
stands for Secure Socket Layer. The ?Secure? implies an encryption, while
Socket Layer denotes an addition to the Window Socket system, Winsock. For
those that don?t know, a Socket is an attachment to a port on a system. You can
have many sockets on one port, providing they are non-blocking (allowing
control to pass through to another socket aware application which wishes to
connect to that port).
A
Secure Socket Layer means that any sockets under it, are both secure and safe.
The idea behind SSL was to provide an encrypted, and thus, secure route for
traffic along a socket based system, such as TCP/IP (the internet protocol).
Doing this allows security in credit card transactions on the Internet,
encrypted and protected communiqué along a data line, and overall peace of
mind.
The
SSL uses an encryption standard developed by RSA. RSA are a world respected
American organisation that specializes in encryption and data security.
Initially, they developed a cipher length of only 40 bits, for use with the
Secure Socket Layer, this was considered weak and therefore a longer much more
complicated encryption cipher was created, 128 bits. The reasoning behind it
was simple: it needs to be secure.
The
RSA site puts the advantage of a longer encryption length pretty clearly:
because 40-bit encryption is considered to be relatively weak. 128-bits is
about 309 septillion times ( 309,485,000,000,000,000,000,000,000 ) larger than
40-bits. This would mean it would take that many times longer to crack or break
128-bit encryption than it would 40-bit.
If
you want more information on the technicalities or RSA?s SSL encryption engine,
visit their site: http://www.rsasecurity.com/standards/ssl.
But
what does all this encryption and security have to do with you?
Well,
that?s a simple question. No matter how hard you try, at times your privacy
will need to be knowingly invaded so you can make use of the product offered
for doing so. If you think about food, for example, one cannot eat without
swallowing. When we wish to make a transaction or view a site on the internet,
where we have to give enough information away so that it happens, we also want
to be assured no one else along the line gathers that data. An encrypted
session would mean our data is not at the hands of any privacy perpetrators
unless they knew how to decode it ? and the only ones in the know, are those
you specifically wish. SSL uses public key encryption as explained in the PGP
section.
To
put this at a head: if you use an encrypted connection or session, you can be
relatively assured that there are no prying eyes along the way.
And
how do I implement SSL with SSL Tunnelling?
We
know that a Secure Socket Layer is safe, but what we don?t know is what a
Tunnel is. In the most simplistic form, a tunnel is a proxy. Like proxy voting
in general elections, a tunnel will relay your data back and forth for you. You
may be aware though, that there are already ?proxies? out there, and yes, that
is true. Tunnelling is done via proxies, but it is not considered to be the
same as a standard proxy relaying simply because it isn?t.
Tunnelling
is very special kind of proxy relay, in that it can, and does relay data
without interfering. It does this transparently and without grievance or any
care for what is passing its way.
Now,
if we add this ability to ?tunnel? data, any data, in a pipe, to the Secure
Sockets Layer, we have a closed connection that is independent of the software
carrying it; and something that is also encrypted. For those of you wanting to
know a little more about the technicalities, the SSL layer is also classless in
the sense it does not interferer with the data passed back and forth ? after
all, it is encrypted and impossible to tamper with. That attribute means an SSL
capable proxy is able to transfer data out of its ?proxied? connection to the
destination required.
So
to sum up, we have both a secure connection that does the job and relays things
in the right direction; and we have direct tunnel that doesn?t care what we
pass through it. Two very useful, and almost blind entities. All we need now is
a secure proxy that we can use as the tunnel.
Proxies:
Secure
proxies are alike standard proxies. We can either use an HTTP base SSL equipped
proxy - one specifically designed for security HTTP traffic, but because of the
ignorant nature of SSL communication, it can be bent to any needs ? or we can
use a proper SSL service designed for our connection ? like you would use a
secure NNTP (news) program with a secure proxy on port 563 instead of taking
our long way - which would probably work as well.
A
secure HTTP proxy operates on port 443. Host proxies are not public, that means
they operate for, and allow only traffic from their subnet or the ISP that
operates them ? but, there are many badly configured HTTP proxies and some
public ones out there. The use of a program called HTTrack (available on
Neworder) will aid you in scanning and searching for proxies on your network or
anywhere on the Internet if your ISP does not provide you with one.
Neworder
also features a number of sites dedicated to listing public proxies in the
Anonymity section. While it?s often hard to find a suitable fast proxy, it?s
worth the effort when you get one.
So
how can I secure my connections with SSL Tunnelling?
That?s
a big question, and beyond the scope out this tuition as it must come to and
end. I can however, point you in the right direction of two resources that will
aid you in tunnelling both IRC, and most other connections via a HTTP proxy.
For
Windows, the first stop would be http://www.totalrc.net?s Socks2HTTP. This is
an SSL tunnelling program that turns a normal socks proxy connection into a
tunnelled SSL connection.
The
second stop, for both Windows and Unix is stunnel. Stunnel is a GNU kit
developed for SSL tunnelling any connection. It is available for compile and
download as binary here: Stunnel homepage -
http://mike.daewoo.com.pl/computer/stunnel
[ anonymity on irc ]
A BNC, or a Bouncer - is used in conjunction with IRC as a way of hiding your
host when people /whois you. On most IRC networks, your host isnt masked when
you whois, meaning the entire IP appears, like 194.2.0.21, which can be
resolved. On other networks, your host might be masked, like IRCnetwork-0.1 but
it can still give valuable information, like nationality if your host is not a
IP, but a DNS resolved host, like my.host.cn would be masked to
IRCnetwork-host.cn but this would still tell the person who whoised you, that
you are from China.
To
keep information such as this hidden from the other users on an IRC network,
many people use a Bouncer, which is actually just a Proxy. Let us first draw a
schematic of how a normal connection would look, with and without a BNC
installed.
Without
a BNC:
your.host.cn
<<-->> irc.box.sk
With
a BNC:
your.host.cn
<<-->> my.shell.com <<-->> irc.box.sk
You
will notice the difference between the two. When you have a BNC installed, a
shell functions as a link between you and the IRC server (irc.box.sk as an
example). You install a BNC on a shell, and set a port for it to listen for
connections on. You then login to the shell with your IRC client,
BitchX/Xchat/mIRC, and then it will login to the IRC server you specify -
irc.box.sk in this case. In affect, this changes your host, in that it is
my.shell.com that makes all the requests to irc.box.sk, and irc.box.sk doesn't
know of your.host.cn, it has never even made contact with it.
In
that way, depending on what host your shell has, you can login to IRC with a
host like i.rule.com, these vhosts are then actually just an alias for your own
machine, your.host.cn, and it is all completely transparent to the IRC server.
Many
servers have sock bots that check for socket connections. These aren't BNC
connections, and BNC cannot be tested using a simple bot, unless your shell has
a socket port open (normally 1080) it will let you in with no problem at all,
the shell is not acting as a proxy like you would expect, but more as a simple
IRC proxy, or an IRC router. In one way, the BNC just changes the packet and
sends it on, like:
to:
my.shell.com -> to: irc.box.sk -> to: my.shell.com from: your.host.cn
<- from: my.shell.com <- from: irc.box.sk
The
BNC simply swaps the host of your packet, saying it comes from my.shell.com.
But also be aware, that your own machine is perfectly aware that it has a
connection established with my.shell.com, and that YOU know that you are
connected to irc.box.sk. Some BNCs are used in IRC networks, to simulate one
host. If you had a global IRC network, all linked together, you could have a
local server called: cn.myircnetwork.com which Chinese users would log into. It
would then Bounce them to the actual network server, in effect making all users
from china have the same host - cn.myircnetwork.com, masking their hosts. Of
course, you could change the host too - so it didn't reveal the nationality,
but it is a nice gesture of some networks, that they mask all hosts from
everyone, but it makes life hard for IRCops on the network - but its a small
price to pay for privacy.
Note:
Even if you do use IRC bouncer, within DCC transfers or chat, your IP will be
revealed, because DCC requires direct IP to IP connection. Usual mistake of IRC
user is to have DCC auto-reply turned on. For an attacker is then easy to DCC
chat you or offer you a file, and when IRC clients are connected, he can find
out your IP address in the list of his TCP/IP connections (netstat).
How
do I get IRC bouncer?
you
download and install bouncer software, or get someone to install it for you
(probably the most known and best bouncer available is BNC, homepage :
http://gotbnc.com/)
you configure and start the software - in case it's bouncer at Unix machine,
you start it on your shell account (let's say shell.somewhere.com)
you open IRC and connect to the bouncer at shell.somewhere.com on the port you
told it to start on.
all depending on the setup, you may have to tell it your password and tell it
where to connect, and you're now on irc as shell.somewhere.com instead of your
regular hostname
[ mail crypto ]
Usually the safest way to ensure that your e-mail won't be read by unauthorised
persons is to encrypt them. To be compatible with the rest of the world I'd
suggest to use free PGP software.
PGP
(Pretty Good Privacy) is a piece of software, used to ensure that a
message/file has not been changed, has not been read, and comes from the person
you think it comes from. Download location: http://www.pgpi.org/
How
does pgp Work?
The
whole idea behind PGP is that of Public and Private keys. To explain the
algorithm PGP uses in order to encrypt the message would take too much time,
and is beyond the scope of this, we will however look at how it ensures the
integrity of the document. A user has a password, this password has to be
chosen correctly, so don't choose passwords like "pop" or "iloveyou",
this will make an attack more likely to succeed. The password is used to create
a private key, and a public key - the algorithm ensures that you can not use
the public key to make the private key. The public key is sent to a server, or
to the people you send e-mails/files, and you keep the private key secret.
We
will use a few terms and people in this introduction, they are: Pk - Public
Key, Sk - Secret Key (private key). Adam will send an e-mail to Eve, and Rita
will be a person in between, who we are trying to hide the content of the mail
from. Rita will intercept the email (PGP doesn't ensure that Rita cant get her
hands on the package, she can - its not a secure line like other technologies)
and try to read it/modify it. Adam has a Sk1 and a Pk1, and Eve has a Sk2 and a
Pk2. Both Adam, Eve, and Rita have Pk1 and Pk2, but Sk1 and Sk2 are presumed to
be totally secret. First, here is a schematic of how it all looks:
PUBLIC
SERVER
Pk1, Pk2
Adam <------------------------------------------> Eve Sk1 ^ Sk2
|
|
|
|
Rita
So
Adam wants to send a packet to Eve, without Rite reading it, or editing it.
There are three things that we need to make sure:
That
Rita cant read the text without permission
That
Rita cant edit it in any way, without Eve and Adam knowing
That
Even knows that Adam sent it
First
thing is making sure Rita cant read the text. Adam does this by encrypting the
message with Eves Pk2 which he has found on the server. You can only Encrypt
with the Pk, not decrypt, so Rita wont be able to read the data unless Eve has
revealed her Sk2.
The
second thing to make sure, is that Rite cant edit the message. Adam creates a
hash from the message he has created. The hash can be encrypted using Pk2, or
sent as it is. When Eve gets the message, she decrypts it, and creates a hash
herself, then checks if the hashes are the same - if they are, the message is
the same, if its different, something has changed in the message. The Hash is
very secure, and it is in theory impossible to make a change, and get the hash
to remain the same.
The
third, and probably one of the most important things to ensure, is that Rita
hasn't grabbed the mail, made a new one, and sent it in Adams name. We can
ensure this by using Public key and Private key too. The Sk can be used both to
encrypt and to decrypt, but Pk can only encrypt. When Adam normally sends a
message M to Eve, he creates the encrypted message C by doing: C=Pk2(M). This
means, Adam uses Pk2 (Eves Pk) on message M to create message C. Image this:
Adam can encrypt the message with his Sk1, because it is impossible to derive
Sk1 from the message, this is secure and without any danger, as long as no one
knows the password used to make Sk1 with. If the message M is encrypted with
Sk1, he gets a message called X, Eve can decrypt the message using Pk1 which is
public. If the message decrypts to something that makes sence, then it must be
from Adam, because Sk1 is considered as secret, and only Adam knows it.
The
entire process looks like this, when sending message C: Adam signs his digital
signature on C, and hashes C: X=Sk1(C). Then Adam encrypts the message for Eve:
M=Pk2(X). The message is sent, and looks all in all like this: M=Pk2(Sk1(C)).
Rita can intercept M, but not decrypt, edit, or resend it. Eve receives M, and
decrypts it: X=Sk2(M). Then she checks the digital signature: C=Pk1(X) and
checks the Hash on the way.
This
way, the PGP Public/Private key system ensures integrity and security of the
document e-mail, but PGP is not the only algorithm that uses the Public/Private
key theory, Blowfish, and RSA are among the many other technologies that use
it, PGP is just the most popular for e-mail encryption, but many don't trust it
because of rumors of backdoors by the NSA (I don't know if its true though).
PGP comes in a commercial, and a freeware version for Windows, and is available
for Linux as well. What ever encryption you use, it will be better than none.
[ anonymous remailers ]
Remailers are programs accessible on the Internet that route email and USENET
postings anonymously (i.e., the recipient cannot determine who sent the email
or posted the article). This way the sender can't be traced back by routing
headers included in the e-mail. There are different classes of remailers, which
allow anonymous exchange of email and anonymous posting to USENET and often
many other useful features.
Resources:
Chain
is a menu-driven remailer-chaining script:
http://www.obscura.com/crypto.html
Raph
Levien's remailer availability page offers comprehensive information about the
subject
http://www.sendfakemail.com/~raph/remailer-list.html
The
Cypherpunks Remailers are being developed to provide a secure means of
providing anonymity on the nets. Here you can find out about the available
remailers, those which have been standard in existance for a long time as well
as the new experimental remailers and anonymous servers.
http://www.csua.berkeley.edu/cypherpunks/remailer/
[ icq privacy ]
How can I keep my privacy at ICQ?
Send
and receive messages via ICQ server, not directly. Every direct connection
enables attacker to learn your IP. Encrypt your messages by dedicated software,
encryption addons.
How
to encrypt ICQ messages?
There
are addons which enhance your ICQ with possibility to encrypt outcoming
messages. The user on the other side needs to have the addon as well in order
to decrypt your message.
Resources:
http://www.encrsoft.com/products/tsm.html
Top Secret Messenger (TSM) - trial version has only weak 8-bit encryption
http://www.planet-express.com/sven/technical/dev/chatbuddy/default.html
Chat Buddy - a freeware Windows application for encrypting chat sessions
http://www.algonet.se/~henisak/icq/encrypt-v5.txt
how encryption works in ICQ protocol v5
[ spyware ]
As we all work hard to become more savvy about protecting our personal
information and keeping as anonymous as possible on the web, advertising
companies are working just as hard to come up with new ways of getting our
personal information. One of the ways they accomplish this is through spyware.
Spyware
are applications that are bundled along with many programs that you download
for free. Their function is to gather personal information about you and relay
it back to advertising firms. The information is then used either to offer you
products or sold to other advertisers, so they can promote THEIR products. They
claim this is all they do with this information, but the problem is nobody
really knows for sure.
Spyware
fits the classic definition of a trojan, as it is something that you did not
bargain for+when you agreed to download the product. Not only is spyware an
invasion of your privacy, but (especially if you have a few different kinds on
your machine) it can also chew up bandwidth, making your internet connection
slower.
Sometimes,
these spies really are harmless, merely connecting back to the home server to
deliver+you more advertising. Some, like Gator for instance, send out detailed
information about your surfing habits, operating system, income, age
demographic et cetera.
Avoiding
spyware
Avoiding
spyware is getting harder and harder, as more software distributors are
choosing it as a method of profiting from freeware and shareware distributions.
Be leery of programs with cute+little icons like Gator. Also, watch those
Napster wannabes like AudioGalaxy, Limewire, and Kazaa. I've yet to find one
that didn't include spyware. Before you download, check to see if the program
is known to contain spyware.
For
a list of most known spyware, the best I've found is here:
http://www.infoforce.qc.ca/spyware/enknownlistfrm.html
Getting
rid of spyware
In
most cases, you can remove the spyware from your system and still use the
application you downloaded. In the case of Gator and Comet Cursor, the the
whole program is spyware an it must be completely removed to stop the spying.
There
are several ways to get rid of spyware on your system. You can use a firewall
to monitor outgoing connections. The programmers that put these things
together, however, are getting sneakier and sneakier about getting them to
circumvent firewalls. Comet Cursor, for instance uses an HTTP post command to
connect without the intervention of a firewall. You can also install a registry
monitor such as Regmon to monitor your registry for unwanted registry registry
changes, but this is not foolproof either.
Probably
the best method of removal is to download a spyware removal program and run it
like it was a virus scanner. The best examples of these programs are:
Lavasoft's Adaware. Available at http://www.lavasoftusa.com/ Or professional
cybernut Steve Gibson's OptOut. Available at: http://grc.com/optout.htm Both of
these programs are free and are updated regularly.
Here
are some links, if you wish to learn more about spyware:
http://www.spychecker.com/
http://grc.com/optout.htm
http://www.thebee.com/bweb/iinfo200.htm
[ cleaning tracks ]
Resources:
Burnt
Cookies - allows automatic detection and optional deletion of Cookies deposited
by Banner Ad web-sites
http://www.andersson-design.com/bcookies/index.shtml
Surfsecret
- automatically kills files like your Internet cache files, cookies, history,
temporary files, recent documents, and the contents of the Recycle Bin.
http://www.surfsecret.com/
Note:
One sidenote on cleaning tracks. When you delete some files on your machine,
these aren't actually deleted. Only the reference to their location in the hard
drive is deleted, which makes the OS think that that location on the HD is free
and ready to take things. Thus, there are ways to recover data even after you delete
them.
There
are however, several ways to _wipe_ this information. Programs that fill hard
disk locations with zeros, then with 1s, on several passes are your best bet to
make sure no document goes to the wrong hands. One of such programs is PGP. PHPi
now comes with a utility that does this work, and you can even select the
number of passes to wipe files. For *nix, there is also the "wipe"
program. Use these when you feel you have data that needs secure cleaning.
