16 May 2006 | 39,067 views

Anonymity – Hiding Your Identity in 2006

Check For Vulnerabilities with Acunetix

Introduction

Anonymity is derived from the greek word ἀνωνυμία (anonymia), meaning without a name or name-less. In colloquial use, the term typically refers to a person, and often means that the Ppersonal identity, or personally identifiable information of that person is not known.

The main question is of course, what are you trying to hide? Closely following that is how important is it?

The precautions you take have to weigh up to the value of the data you are trying to protect, in this case, you are trying to protect your anonymity.

In the recent years privacy and anonymity have become big issues with CCTV cameras everywhere, and projects like Echelon reading all your e-mails and reporting back to the Orwellian ‘Big Brother’.

So just for normal surfing, or if you are planning on hacking a foreign governments personnel database (not that we recommend that of course), you need to protect yourself in different ways.

Remember Anonymity is not an absolute, there are varying degrees.

The Myths

Using a proxy I found on the web in my browser is enough.

People have been using proxies for years, normally open proxies found from scanning large IP ranges on the internet, what you have to think though, is this proxy open for a purpose? Is this purpose to listen to what you are doing? To collect your passwords?

Also it’s not infallible, remember the traffic has to go from your computer to the proxy, and come back in, those records can be corelated in your country alone and need to external aid.

Plus the proxy may keep records of who access what and when, it make be a honeypot and keep full packet logs of all completed TCP/IP sessions.

The problem is you just don’t know.

If I chain proxies no one can find me.

Also not true, it doesn’t matter if you cross through Taiwan, Korea, Russia and Iraq, your ISP just needs to see the packets going out and coming in at the right times to your machine from the last proxy hop in your chain.

The Reality

It can be said, pretty much whole heartedly, there is no such thing as real anonymity online, if you do something bad enough, the people in power can find you.

IP Spoofing is misunderstood in 9/10 cases and is no protection against anything (I’ll write an article about this later).

And web proxies, as above, offer little or no protection. They are good enough if you just want to stop your school/parents/office from tracking your surfing habits, but they won’t protect you from doing time if you commit a federal crime.

There are a whole bunch of proxies to surf at school or work in this post.

The next best thing from this is Onion Routing, the common peer to peer implementation known as Tor.

Onion Routing prevents the transport medium from knowing who is communicating with whom — the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.

Source: Onion Router

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

You can read more at the Tor site.

Getting Tored Up

For most people Tor is enough, I recommend getting the Tor Bundle, which includes Tor, TorCP and Privoxy.

All you need to do is set your applications to use a proxy, host is localhost and port is 8118.

Instructions with screenshots are here.

Then you’re done, it works for most applications.

Just remember though it’s encrypted from your machine to the end point, not from the end point to wherever it’s going, so that Tor node can see whatever traffic you are sending through Tor..

So make sure you encrypt (POPS, SMTP with TLS etc).

An example is here.

We at the h07 unix research team recognized that people paranoid enough to use tor are still dumb enough to use plaintext-authentication protocols like pop3 and telnet.

They might think it’s “secure because tor encrypts it”. This isn’t the case.

it’s encrypted, but …… communication from client to entry node and exit node to server will still remain as is. POP3, telnet and others will still be plain-text and thus subject to sniffing.

So please, always be REALLY careful :)

True Anonymity?

Still the best way is switching your MAC address and jacking an open Wireless Network, which ethics experts say is ok.

It may not be totally legal, but it’s pretty much bulletproof (Unless of course you get caught in a car parking jacking off to porn downloaded from an open Wireless Access Point).

When you do this, you should make sure you are using an anonymous operating system, so what better than a bootable distro especially for this purpose, called Anonym-OS

You can check it out here.

kaos.theory’s Anonym.OS LiveCD is a bootable live cd based on OpenBSD that provides a hardened operating environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized.

Simple Checks

The easiest thing you can do to test your anonymity is to go to WhatismyIP.com and see if the IP showing up is yours or not.

After that you can check out services like:

AuditmyPC Privacy & Spyware Check

BrowserSpy

And then there are various proxy tests:

Proxy Test and Proxy Checker.

Here you can see if your setup is leaking any info.

Good luck, and stay secure :)

Digg This Article



Recent in Countermeasures:
- Passera – Generate A Unique Strong Password For Every Website
- HoneyDrive 3 Released – The Premier Honeypot Bundle Distro
- Codesake::Dawn – Static Code Analysis Security Scanner For Ruby

Related Posts:
- projectBypass
- Interpol Chief Ronald K. Noble Has Facebook Identity Stolen
- Hacking Tor – A Flaw Appears?

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,083 views
- Password Hasher Firefox Extension - 116,971 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,545 views

Advertise on Darknet

14 Responses to “Anonymity – Hiding Your Identity in 2006”

  1. Richard Harlos 16 May 2006 at 1:55 pm Permalink

    Wow… just what I’ve been wanting to know for some time now… and all in one place!

    You guys are among my favorite sites to visit daily! Many thanks!

  2. Gouki 16 May 2006 at 6:02 pm Permalink

    Great! article Shaolin! Congrats.

  3. Darknet 17 May 2006 at 4:03 am Permalink

    Richard: Thanks a lot! Hope you can spread the article around a bit. Cheers

    Gouki: Thanks too ;)

  4. Michael Hampton 23 May 2006 at 1:06 pm Permalink

    This looks much like an article I wrote last month. I mention it because Tor will only protect you up to a certain point: If a government gets interested enough in you to turn its massive surveillance apparatus at you, or to have the U.S. do it for them, then there are other things you need to do, in addition to using Tor.

  5. T-zee 24 September 2006 at 4:56 am Permalink

    Well simple question here, might not be the good topic but bah.

    I recently installed winssh on my computer to tunnel some of my traffic and also privoxy to surf using it into a ssh tunnel from work. but the question is….

    The network will change soon at my work. for now we have a few port open for example 21 22 443 80 8080 and a few other port are open, port 80 is monitored by a proxy. and sooooon they will block everything exept port 80 and 443 with is monitored by Checkpoint firewall/proxy.

    What i’ve tryed is to use gnu httptunnel or httphost to make a http tunnel then do a ssh connection tru it to do the rest of my tunnel, but the proxy seem to be intelligent enought to scan packet and analyse it to see if its really a http packet, I really have no clue if i’m thinking the good way there but…. if I do a httptunnel from hope to my pc (wich is workin) and try to open a ssh session I get a timeout, thing works fine when I do it on my 2 pc at home…

    ssh 22 : gnuhttptunnel 22 80 : gnuclienthttptunnel 80 12345 : ssh localhost:12345. this sequence work fine when I try on my 2 computer at home, but once I try at my job (at least when I try to do it tru the port 80) it doesn’t work.

    I was wondering if there were any other work around, or if at least there were an encrypted free http tunnel that could work. maybe the proxy analyse the packet in a way that it (gnuhttptunnel isn’t encrypted just like httphost) detect the inside and see hey… that ain’t http traffic inside that wrap….

    for now I just work with privoxy and winssh.

    admin know that I fuck around but they won’t help me pass their settings, so I have to search for help elsewere :X there must be so much log pointing to me lol.

    I’am french. kthx.
    and don’t hesitate to e-mail me.

    T-zee

  6. Arnold 28 September 2006 at 3:52 pm Permalink

    Great article, i’m behind ISA firewall i used TOR that u mention in your article..i could used tor ports for GAIM messenger & other programs…Good Luck Guys

  7. Prince 5 December 2006 at 2:45 pm Permalink

    Ei,

    Need Help here :D Cant Active an account can some one or somebody help me or Explain it more specificly?

    (AnyOne?)

  8. roberto 6 December 2006 at 11:10 pm Permalink

    the key to anonymity
    in internet is to use always a web-proxy, to use one without the word proxy in the name and not to use the same all the time!!

    this is a nice list!!

    http://www.cristine.info
    http://www.shannen.info
    http://www.analise.info
    http://www.affrica.info
    http://www.charleen.info
    http://www.alaura.info
    http://www.bernadine.info
    http://www.adita.info
    http://www.anjelita.info
    http://www.brygida.info
    http://www.cristine.info
    http://www.giuliana.info
    http://www.giuliana.info
    http://www.wynonna.info
    http://www.wenda.info

  9. roberto 8 December 2006 at 4:37 pm Permalink

    new proxy site with both, cgi and PHP

    http://www.rofflecakes.org

  10. Rich Harlos 8 December 2006 at 5:00 pm Permalink

    My only concern with proxies is that I don’t know how to be certain that the proxy is run by people with a sincere dedication to anonymity.

    Just to take the extreme paranoia position for a moment, for the sake of discussion:

    WHAT IF any one of those (or other) proxies were run by government personnel; what then of the assumed advantage of using a proxy?

    Not bashing the proxy list so don’t anyone get mad at me (please!), I’m just putting this out there for discussion.

    Thanks!

  11. Parker 18 January 2007 at 3:17 am Permalink

    ok i have been trying to cover up where i go on the internet and my brother has seemed to filter everything. i figured out how to go to myspace through pusher.net however i would like to be able to go wherever i want on the internet without my brother looking at it and asking me a million questions on what website it is & what its about. im 17 yrs old, & im too old for this Child Safe program. any suggestions of how to block some stuff?

  12. Rom 16 June 2007 at 10:15 pm Permalink

    Fresh directory of anonymity services and guides.
    http://www.anonymity.ws