How to be anonymous on the Internet
When I am out talking to people or companies’, one question is more frequently asked than others. This question is, or related to, being anonymous/incognito online. Usually I only have the time to give a short and sweet answer. But there is so much more than just using a simple solution. You should also know WHY you need to use it and in general HOW it works and WHAT it protects. If you don’t understand how internet and your system work you might make mistakes on the way, the whole effort to remain anonymous will have been in vain.
This article series is not meant to give detailed knowledge about everything internet related. I will not go into the lower layers of the TCP/IP packet or explain the inner workings of encryption. My goal is to give an overall view of how the internet works and how we can change the way we are being tracked and listened in on. Another, and perhaps more, challenging goal is to keep it simple.
What is internet?
It feels strange for me to explain what internet is and how it is built up. I have been using it since the early 90s and for me it is obvious how it is built up and how it works. But it seems that many people today are, more or less, clueless to this fact. The lack of knowledge is of no fault of their own. It is a part of human nature. If it works then why question it? It is like the rocket engine for me. I know what it is for and how it, in general, works. But I have no clue to the details and the inner workings of a rocket engine. To me there are too many pipes for its own good. Let’s face it: rocket scientists are just glorified plumbers.
In this part I want us all to get the same understanding of how internet works and we get the same reference point when the more technical language makes its appearance later on in the text. I will take up what I consider being the most important points. The rocket fuel and jet nozzle if you will.
In the most basic and simplest terms internet is a bunch of computers connected to each other in a network. These computers can be personal computers (PC), servers and/or phones. I want to make sure that you are aware that when I speak of PC in this text it includes ALL kinds of computers; everything from smartphone, Windows, Linux systems, UNIX systems and Apple etcetera. In other words everything that connects to internet and connects to other computers/servers. The difference between a PC and a server is that the server has something to offer and is meant to provide the PC with information or a service. Examples of this could be a web page, text document, movie, and music or telephone services. In the image below we can see a PC, internet and a server. Internet is often shown as a cloud. It is because internet is considered to be something hard to define, diffuse, abstract and many different parts in between the personal computer and server; as you will see in later parts of this article. We will use this traditional way of drawing internet but we will continue to add and subtract things from it but this is the template of which we start.
Transmission Control Protocol/Internet Protocol or TCP/IP for short is an agreed way for computers to talk to each other. One could say that this is the foundation language the computers share. They wrap information in neat little digital packages and send them back and forward. The packages are a collection of different data. For example a web page would be many small packages that are packaged by the server and then sent to the PC who opens them and present the information to the screen. A text document saying “Hello! How are you doing?” might be divided up into several of such packages. In the first it says “Hello! How ” and the next would be “are you doi” and the last “ng?”. The PC then puts it all back together for you and shows it on your screen or saves it in a file for future reading.
IP-address – This is needed for the computers to be able to find each other. You could see it as a telephone number. It is divided up into 4 clusters of numbers separated by a dot. For example: 192.168.1.10. Theoretically the IP-address can range between 126.96.36.199 up to 255.255.255.255. Without complicating it further with sub nets and other technical definitions. Every PC or servers connected to the Internet have a, in some way a, unique IP-address.
There are basically two ways the computer and server can send information.
Transmission Control Protocol (TCP) – The PC and server connects to each other and keeps the connection alive for future connections. They keep track of the packages sent back and forward making sure they arrive safely.
User Diagram Protocol (UDP) – The PC or the server sends a package (or many packages) not caring whether or not the package arrived. This makes the transmission faster but less stable.
I want to apologize in advance for even bringing this topic up but it is needed in order to explain the whole concept of anonymity.
Switch – This device is used to connect many different computers or networks together. This is needed for the packages to be re-routed to its destination.
Router – It has almost the same function as a switch but it forwards the packages rather than re-route them. They often also contain different functions or features such as for example firewall or Wi-Fi functionality.
Backbone network (Backbone) – These are the cables (highway) that binds WAN or LAN networks together.
LAN – Local Area Network. This is a local network. The network inside your home or company could be called LAN.
WAN – Wide Area Network. This is a network that covers a broad area for example an metropolis or internet itself.
Firewall – This device or function is used to prevent unauthorized access to the LAN (see below) from the WAN (see above).
Port – When a connection between the server and PC is established it uses a port. These ports can be seen as the extension number of the telephone number. For example if you call a larger company you, sometimes, have to ask for an extension before you reach the correct person. A port can be between 1 up to 65535. There are some standards to this. Worth mentioning here is http which is port 80. When you then surf to http://paranoidmind.com then you get connected to port 80 by default.
DNS – Translates domain names to IP-addresses. Since us humans rather use names and letters than numbers, besides being easier to remember, the DNS lets us write letters instead of numbers when we want to reach a website. The name paranoidmind.com is automatically sent to a DNS and translated into numbers. These numbers are then sent to your computer who contacts the IP-address. This process is called a DNS lookup.
DNS lookup – see above.
Encryption – A mathematical formula is used to hide the real data. For example, let’s use the above text of “Hello! How are you?” The encrypted packages might then look as follows. First package says “Sfj3f#jf3%” and the next would be “ERRFjfe93jdfj3f” and the last “f35ofjsldFeo34u”.
Decryption – It is reversing the above encryption back to its original state.
The typical setup at home, or at a company, is that the PC is connected to a switch or a router. The firewall could be built into the router or as a separate device. This in turn is connected to internet.
The typical setup for the server is that the internet is connected to a firewall which in turn is connected to a server.
If we then put them together we get the typical communication on the internet.
If you use a command to follow the packages on their way from your computer to the server you can see all the different routers and switches that it passes on its way to its goal and how fast it goes.
On the image shown above you can see that I opened a command prompt and ran the commando tracert -d paranoidmind.com
In the table we can then find out (reading left to right) what hop it is (the number) and the time it takes for a package to reach that hop and back to my computer. The reason why there are three times on each row is because a package is sent and timed three times. The last is the IP-address of the hop. The stars at the end show that the packages disappeared. Most likely because the firewall on the other end was instructed to drop the packages without giving a reply. The first (1) IP-address is the internal IP-address of my router/firewall. The next number (2) is the first switch of my internet provider. 3 is the second switch and so on until we reach the last switch (8) before the firewall of the webserver (see image below). This means that 7 switches now have logged that we were trying to reach the webserver. They often log everything that goes on in case the police, or others, want that information. It should also be said that the package does not travel the shortest distance. They travel the fastest route. If, for example, you sit in Germany and trying to access a webpage in Spain, then the packet might be re-routed through Sweden and Denmark or even USA if that route is considered the fastest. Instead of the shortest this, in this case, would be through France.
One more step
Unfortunately things are rarely this simple. If you visit a page on the internet you will contact, not only that page, but also other pages. Let’s say that you visit news site A called NewsA. Imbedded in the webpage there are often codes that are being loaded from, for example, Google. There are also ads on this site. These are collected from ad agency 1, 2 and 3. Then they probably also have tracking from external sources. This so that they can present articles many read and aimed advertisement connected to the articles. These come from Tracker a1 and a2. Of course there could be many more sources connected to one page. But in our example we keep it simple. If we calculate all the ad agencies, script providers, pages and trackers we quickly see that instead of connecting to 1 IP-address (NewsA), we have connected to 7 IP-addresses. If we add the number of switches, as we used above with the hops, and we make the presumption that we always have 7 hops to the target server, we now know that at least 49 machines know exactly what we are doing at that particular web site and that one page. Every page we then click we get tracked by 49 different machines and with every ad or image from an external source give another connection to another IP-address which in turn will log your visit. If you would do the same calculation on a web site that provides erotic entertainment you could double or even triple that number. Not counting the governmental surveillance.
What information is collected and saved?
It depends on the laws on the specific country, the tracker, ad agency and the page you visit. Many times it is IP-address, date, time, what page you were on just before coming there, what link you clicked, how long you stayed, what browser you used, what operating system you use, what resolution you have on your screen and so on. Out of all this information the most important is the IP-address. As you remember from above, that is what is unique in all of the information. All other information that is collected is then associated with this IP-address.
These are the “safe” and “good” guys. Just imagine what information you would give away if you visited a page with less than honorable intentions. And imagine how many servers collect your everyday habits and your none-habits.
Alternatives (the good stuff)
Proxy – A proxy is as it sounds. It is a server that stands between you and the web page you want to reach. This means that the web server you are trying to reach logs the proxy servers IP-address instead of yours. There are many different kinds of proxies such as transparent, SOCKS, HTTP and so on. The security for you is all dependent on what kind of proxy you choose. To know what kind of security the proxy has you really need to do your homework on the specific server. You also need to be aware that you will have to configure every applications individually in order to use the proxy. For every application to remain anonymous it needs to use the proxy in the same way as the browser. Some proxies encrypt the packages from you to itself. Some do not. If they don’t then the switches on the way to the proxy still record everything you see and do. If you are lucky then the web server still believes it is the proxy visiting. But that is really not that secure.
Unfortunately many proxies log your IP-address and what page you were trying to reach through it’s system which just means that using that proxy has nothing to do with security. Then a proxy would only be used to access web services that are blocked to your location.
There is also the DNS lookups to be taken into account. Different proxy services treat DNS lookups differently. Some do it for you and others let you do it. If the proxy lets you do it it is called a DNS leak. Then information on where you want to go are leaked and connected directly to your IP-address instead of the proxy. If this happens then it really doesn’t matter if you use a proxy or not since it is known where you are, what you visit and then matching the timestamps of your DNS lookup with a specific visit on the log on the web server will be a small matter.
Often the Proxy cannot handle TCP connections but instead uses UDP. However, there are different ways around that but that is another story.
I am not even going to try and hide that I think that VPN is a superior solution when it comes to anonymity online. But I want to be perfectly clear that it all depends on what VPN provider you choose.
VPN stands for Virtual Private Network and is a way to connect securely between, at least, two points. If you choose a good VPN provider it is fully encrypted, fast and very secure. On the image I will introduce a VPN and also a line showing encryption. The green line is illustrating encryption in this image.
We can see that the packages are encrypted on the user’s PC and are kept encrypted all the way to the VPN server. There it is decrypted and sent to the web server. The switches between you and the VPN server can only see that you are communicating with the VPN. They cannot see your final destination or what you are doing. Only THAT you are communicating. Let’s say that you start an application that connects to internet, for whatever reason, you don’t have to configure it to use the VPN. The route out on internet is all handled automatically. The application will, in other words, take the same route to internet as your web browser. So it really doesn’t matter what you do on internet or what application you use, what web service you use. All your traffic will stay anonymous from prying eyes. If your computer does a DNS request it will also be encrypted and sent through the VPN.
Every time you start the VPN client on your computer you will get a new IP-address. This means that even if the web servers and trackers are saving information it will not be valid the next time you visit.
Applications that use internet
Now that our connection to internet is secure the only weakness is our browser (and other applications on the PC).
Cookies – On the web browser there is saved small text documents called cookies. These save information about what we do on the webpage. Sometimes these cookies are used for legitimate reasons. For example keeping track on what you put in your shopping cart so that you have the right items and right number of items when you check out. Another example could be a web page where you log in to be social or pay bills. They need a cookie in your browser in order to keep you logged in or else you would have to log in on every new page you visit.
Cookies are also used for advertisement reasons. Keeping track on what links you click and then they can present you with targeted advertisement.
Scripts – Scripts are small pieces of code that is mostly used on webpages in order to make them more usable and interactive.
The VPN (or PROXY) does not protect you from going in on the wrong pages. It does not protect you from cookies, scripts or any faults in your operating system. It does, if used in a correct way, protect you from surveillance and prying eyes. It keeps your habits private and is not a substitution for knowledge and/or bad habits.
I will be reviewing different VPN providers and i will also go in deeper into the world on the VPN in another article. Check back at a later date. I am in the process of trying them out as i write this document.
Read more about Proxy, VPN and Darknet such as Tor and Freenet here.
In all fairness, if rocket scientists are glorified plumbers. Then I am a glorified typewriter user.
If there are any questions or comments you are welcome to e-mail us. Perhaps a topic you would like explained or if you find faults in my explanations.