Anonymous Browsing and Tor


A lot is being written lately about anonymous browsing, sadly much of the available information is misleading as some parties look at it as a way to make money instead of providing real anonymity.

In this article I’ll discuss the alternatives for anonymous browsing and we will see how good do they accomplish their task, if they do it at all.

Proxies

A proxy is a computer that will act as an intermediary, if you want to see a webpage you ask the proxy and the proxy will ask the webpage for you.
Proxies may ask you to logging and also can provide your real IP to the destination passing it in the HTTP_X_FORWARDED_FOR or similar HTTP header param, proxies that doesn’t send your real IP are called anonymous proxies. These days is hard to find anonymous proxies, as usually they are used to do all the bad things you can imagine on the Internet, like sending spam, brute forcing sites etc.

Even if you had some skills and could install your own anonymous proxy, you have the problem of a single point of failure, using a proxy chain of your own proxies could be better but a lot of work to do and maintain for sure. Also if you can exploit a computer to install the proxy, that means that someone tracking you could exploit that computer just as you did and locate you.

tl;dr: Proxies aren’t a good option.

VPNs

VPNs for real anonymity absolutely suck, to begin with most of them are paid services, that means they will know your real name and IP, if they accept bitcoin someone with a lot of patience could track your payments and end up knowing who you are.
As VPNs are a service provided by a company that means the government can legally force those companies to provide their access logs, that happened before and will happen again.
They also have the single point of failure problem.

tl;dr: VPNs are faster and more comfortable than proxies, but they absolutely suck in regards to anonymity.

Tor

This is the way to go, Tor is what I use and I recommend. A lot of people like to bitch about Tor and that isn’t perfect and that people got caught even using it, let me clarify something:

Until this day not even one person was caught because of a failure in Tor, they all got caught because of human failure!

Some people use their personal emails in the same session they want to be anonymous, or use public computers where they are being filmed while using Tor, or they have javascript turned on and Firefox is exploited, as happened in the “Freedom Hosting” take down.

TOR was the acronym of “The Onion Router”, now is just Tor and is an open network made with free software, it’s open source so everyone can get the code and analyze it or compile it, that makes a lot of people review the code, and after years of it working there haven’t been any backdoors or bad stuff found in it.

Tor can be found at: https://www.torproject.org/

How Tor works

Explaining how TOR works would be pretty complicated and lengthy, but I found two awesome videos explaining what is Onion Routing and TOR, check them out and then we can continue.




Part 2 mentions Diffie-Hellman here is a graphic that explains crystal clear what it is all about:



Hidden Services

Tor allows the users to be anonymous but also the servers providing content, so you can access a webpage no one knows where is located.
Basically you as client will have three jumps until a “rendezvous point” and the server will have it’s own three jumps, that way both parties are kept anonymous.

Hidden services URLs are a bunch of seemingly random characters ending in .onion, the reason of those uncomfortable URLs is that those random characters are the public key, if you want more details about this, check this link.

Also go HERE for a more complete explanation about Hidden Services with graphics and whatnot.
Probably you read somewhere about the “Deep Web”, Hidden Services are a part of it, deeper and darker parts can be found using I2P or Freenet, but let me give you a warning about the Deep Web, you’ll find a lot of offensive content like profanity, child porn, gore, drugs etc. If you’re easily offended avoid it.

Here are a few .onion addresses for you to visit, nothing offensive in these but you can end up anywhere from there. You’ll need to have Tor installed to use them, your usual browser won’t be able to resolve the IP addresses and will give you an error.

DuckDuckGo  https://3g2upl4pq6kufc4m.onion
The Pirate Bay  http://uj3wazyk5u4hnvtk.onion
The Hidden Wiki  http://kpvz7ki2v5agwt35.onion

Tor for anonymous browsing

At last, this is why I started to talk about Tor in the first place…You can use Tor to navigate to any website.

When visiting a web from Tor your request will go through the encrypted chain of servers, called nodes, until it reaches the last one, called “Exit node”, the Exit node will route your request to its original destination and forward you the response.

The site you want to visit will think the request comes from the Exit Node, that means that sometimes you’ll see the page you wanted in a different language, and sadly it could happen that the site you want to visit doesn’t allow visits from Tor and you’ll start seeing cumbersome captchas or in the worst cases you won’t be able to use the websites at all.

Always remember that Exit Nodes can see your original request, so the traffic in there can be sniffed, saved and analysed, to avoid that use HTTPS whenever is possible.

Tips for a Tor beginner

1 - Use HTTPS always or exit nodes could sniff your traffic.
2 - Never use personally traceable accounts on Tor in the same session where you are trying to stay anonymous.
3 - Turn JavaScript off, only activate it if you absolutely need it and are willing to assume the risk.
4 - Always use the latest Tor version available.
5 - Remember that Tor traffic can be detected by your ISP or network manager, they can know you’re using it, that can result in traffic shaping, that is reducing the bandwidth available to use, or they can use that to identify you, for instance, using Tor in a public library where you are being filmed on CCTV is a very bad idea.
6 - Encourage others to use Tor, if the amount of people using it increases, using it won’t mean you are doing something “sensitive”, and Big Brother will have a lot of work because it won’t know who to target.

Practice

This lesson practice is easy, we will install the Tor browser bundle and use it.
1 - Download the Tor browser bundle from https://www.torproject.org/
2 - Install it
3 - Execute it, and you’ll see a Firefox browser window, be careful not to confuse it with your usual browser, you’ll notice they have different icons.
4 - Navigate to any site you usually visit and see if it works with Tor, don’t logging to sites if the site doesn’t provides HTTPS.
5 - Visit the hidden wiki http://kpvz7ki2v5agwt35.onion and have some fun in the deep web.

As always, don’t doubt in messaging me if you have any question.

No comments:

 
hit counter script