Tag Archives: Opennet

Resources for being Anonymous on Internet

Resources for being Anonymous on Internet

In this text i will present some of the many different solutions available to those who wish to become anonymous on the internet as well as their strengths and drawbacks.

Proxy

In short proxy is a service that does the work for you.

Example: Let’s say that you want to access a webpage. You then configure your browser to use this proxy. The browser connects to it and tells it what page you want to access. The proxy then goes out and fetches that page and sends it back to your browser.

Proxy Concept

Pro

  • If the proxy is configured correctly it can provide you with anonymity.
  • It can filter out bad code, cookies, words and even check for malware.
  • It is possible to bypass local censorship of the internet.
  • It is possible to bypass Geo-blocking of internet.
  • Bypass any blocking of Skype etc.

Con

  • If the proxy does not remove code such as JavaScript your true IP can be revealed.
  • Free proxies are few and often change. Most of them are wrongly configured company proxies being abused.
  • DNS leaks is almost always the case.
  • Information could be logged to and on the proxy.
  • Many of the free web based proxy services are logged which means that you might as well do without unless trying to avoid Geo-blocking.
  • The browser, and all other applications using internet, needs to be configured correctly in order to remain anonymous.

Best used for: Hiding IP, Geo-blocking

VPN

A VPN works by encrypting the traffic between you and the VPN server. All traffic between you and the server is hidden from outside prying eyes. The connection between the VPN server and, for example, web server is normal traffic. The web server only see the VPN server connecting to it and not you. Green line on the picture below marks encrypted traffic. Make sure you use OpenVPN rather than PPTP.

VPN dns

Pro

  • The whole internet connection and all the applications using internet are protected. In other words, there is no need to configure the applications separately.
  • Pretty simple setup.
  • It is possible to bypass local censorship of the internet.
  • It is possible to bypass Geo-blocking of internet.

Con

  • DNS leaks may occur if the client is not programmed correctly.
  • Most, if not all, American providers of VPN are forced to log, parts or, all traffic. Some providers say they do not log but in fact have to by law. Sweden is one of few countries in where the VPN providers are not required by law to log.
  • You have to be VERY CAREFUL in selecting your provider.
  • The browser, its add-on, or other applications using internet, might still reveal information about you.

Best for: Hiding IP, Geo-blocking

Our recommended VPN providers: Check back soon
Read more about VPN here: How VPN works in many words

Darknet

In general terms a darknet is a VPN where you have to know, and trust, at least one other person be granted access. Darknet is sometimes referred to as Friend-to-Friend (F2F) or, and perhaps more often as, Peer to Peer (P2P).

Tor

Tor was previously an acronym for The Onion Router. Just like Shrek, and other ogres, it has layers. In the case of Tor it has layers of encryptions to anonymize communication. The whole network is built up on thousands of computers and relays on the internet. Most of them are from volunteers. As you might remember from the article “Being anonymous on internet” (http://paranoidmind.com/anonymous-internet/) the TCP/IP traffic takes a direct, and fastest, route on Internet from its source to its target. Tor network tries to take a very crooked route. For example it might connect you from Sweden to USA to Thailand to Australia before connecting to the target server in the Netherlands. Through Tor you can access both normal internet sites and hidden services only accessible though Tor (or specific proxies). The nodes only know of the previous and next node. They do not know where the package came from or where it is going. Only the first and last node knows this. In order to hide your own traffic even more you can elect to be a node, as well as a client, and thereby make it harder for the next node to know if it is your traffic or if it is traffic that you are relaying.

The domain names of hidden services often end with .onion. For example: http://idnxcnkne4qt76tg.onion/

Example: You want to access a webpage. You connect to the tor network. Tor client tries to create a circuit by contacting a chain of nodes and shares separate encryption keys with each node. When this is done the request is encrypted and sent to the first node. That node encrypts it again and sends the double encrypted to the next node. That, in turn, encrypts it again and sends it to a third node. The third node decrypts everything and the request and sends it to the server. The server responds to the third node that encrypts the reply and it goes back the same way it came. When it reaches your computer it is decrypted and presented to you.

Tor Path

Pro

  • The final destination does only know the last nodes IP not the source.
  • The nodes only know the previous and next nodes IP not the source or destination.
  • The anonymity is pretty good.
  • Easy to use and set up.
  • It is possible to bypass local censorship of the internet.
  • It is possible to bypass Geo-blocking of internet.
  • If you set your client as a relay your traffic will be hidden amongst others.

Con

  • If there are faults it is at the client and server end.*
  • The browser needs to be configured correctly in order to remain anonymous.
  • Slow!

Best used for: Hiding IP, Geo-blocking, Information sharing

If you decide to use Tor I suggest the Tor Browser Bundle. It works on Windows, Apple OS X, GNU/Linux and Android. It contains a modified version of Firefox ESR (browser), Tor (Vidalia) and Torbutton. Read more about, and download it here.

Don’t forget to disable JavaScript in the modified Firefox that comes with the bundle or press the Torbutton.

* FBI, with the help of their arch enemies Anonymous, managed to track down many pedophiles on Tor network because of a security flaw in one of the hidden services. This flaw was exploited and a script was implanted which reviled the true IP of the source clients. This flaw brought down an entire network of pedophiles; both providers and users of child pornography. It should be noted that it was not a flaw with Tor and its setup but rather with the server providing the child pornography. Also, the clients used to connect to the server were not sufficiently configured.

Freenet

The thought behind this darknet is not as much as hiding the IP-address as Tor is but more share information and sharing it anonymously. The information is not stored at a central location but rather being spread out amongst several clients (nodes). If one client goes down there is always another place where the information is stored and can be accessed. Not only can the same information be in many nodes at once, the information can also be divided up and distributed to many different nodes.

Freenet only allows you to communicate within Freenet. In other words you cannot use Freenet to access paranoidmind.com unless I, or anyone else, put it up there. In order to find things on Freenet you either have to know the address (key) or you have to use any of the special “search engines” available. You can access forums, web pages, information, even send emails, chat, and more within the Freenet. Freenet could be seen as a separate internet within internet.

Example: A requests to information is sent from A to B (1). B sends the request to C (2). C does not have it and don’t know anyone else so it sends a fail to B (3). B Asks E (4) who in turn asks F (5). F doesn’t know so many others so it asks B (6) who sends back a fail (7). F then considers the request failed and sends the fail back to E (8). E then asks D (9). D has it and sends the data to E (10) who sends it to B (11) who, at last, sends it to A (12).

Freenet Request Sequence

You can set up your client to save information (data) on your computer. That way you might have much faster access to data you want and need. The data will be downloaded and saved in encrypted containers on your hard drive. The information you surf to will be mixed with random downloaded data. That way the specific data you requested cannot be singled out. It is, however, still recommended that the entire drive or partition holding Freenet is encrypted. For disk encryption, like all other security focused products, we recommend open source such as Truecrypt. We will talk more about security and open source software in another post.

Freenet comes in two modes: Darknet and opennet. In darknet mode you have to know and trust the person you connect to in order to get initial information. Your information will not be passed on through the chains of nodes. You will only have access to the nodes that you know and trust. The opennet mode lets you connect to the network through any of its users, and they through you. Needless to say: Darknet mode is much more anonymous than opennet.

Pro

  • Anonymity not dependent on browser vulnerability.
  • The data stored and accessed are not centralized but distributed.
  • You are very protected if you connected to Freenet in the darknet mode.
  • Fast access to the information that you frequently access.
  • Only a few, theoretical, flaws in the design.
  • No DNS leaks.

Con

  • Difficult for the average user to set up in an optimal way.
  • Slow! At times access to data is extremely slow (if the information is not cached).
  • If information has not been accessed in a long time it can actually disappear from Freenet.
  • Freenet takes a, relatively, long time to start up which means that it is best if Freenet is turned on 24/7.
  • No access to “normal” internet.

Best used for: Information sharing

Instructions and software can be found on the Freenet Project homepage.

Conclusion

Even though there are many ways to become, and remain, anonymous on internet it is much about WHY you want to be anonymous. If it is about sharing information then some methods are better than others. If it is to prevent that your government snoops in on your habits then there are other ways. If it is to avoid being blocked to webpages because you are in a country and your government does not want you to go there, or companies don’t want people in your country to see a video clip or information, then another method is more valid. Regardless of what method you choose, and you might choose several, the weakness is often in the browser or at the server. Make sure that your browser, or other application, is protected by using the method you choose. In other words, even though you use a method that, in theory, is secure it is not a replacement for knowledge.

Copyrights
All rights to the image describing how Tor works belongs to The Tor Project, Inc.. I have made minor modifications.
All rights to the image describing how Freenet works belongs to Freenet Project.