Anonymity – Hiding Your Identity in 2006


Anonymity is derived from the greek word ἀνωνυμία (anonymia), meaning without a name or name-less. In colloquial use, the term typically refers to a person, and often means that the Ppersonal identity, or personally identifiable information of that person is not known.

The main question is of course, what are you trying to hide? Closely following that is how important is it?

The precautions you take have to weigh up to the value of the data you are trying to protect, in this case, you are trying to protect your anonymity.

In the recent years privacy and anonymity have become big issues with CCTV cameras everywhere, and projects like Echelon reading all your e-mails and reporting back to the Orwellian ‘Big Brother’.

So just for normal surfing, or if you are planning on hacking a foreign governments personnel database (not that we recommend that of course), you need to protect yourself in different ways.

Remember Anonymity is not an absolute, there are varying degrees.

The Myths

Using a proxy I found on the web in my browser is enough.

People have been using proxies for years, normally open proxies found from scanning large IP ranges on the internet, what you have to think though, is this proxy open for a purpose? Is this purpose to listen to what you are doing? To collect your passwords?

Also it’s not infallible, remember the traffic has to go from your computer to the proxy, and come back in, those records can be corelated in your country alone and need to external aid.

Plus the proxy may keep records of who access what and when, it make be a honeypot and keep full packet logs of all completed TCP/IP sessions.

The problem is you just don’t know.

If I chain proxies no one can find me.

Also not true, it doesn’t matter if you cross through Taiwan, Korea, Russia and Iraq, your ISP just needs to see the packets going out and coming in at the right times to your machine from the last proxy hop in your chain.

The Reality

It can be said, pretty much whole heartedly, there is no such thing as real anonymity online, if you do something bad enough, the people in power can find you.

IP Spoofing is misunderstood in 9/10 cases and is no protection against anything (I’ll write an article about this later).

And web proxies, as above, offer little or no protection. They are good enough if you just want to stop your school/parents/office from tracking your surfing habits, but they won’t protect you from doing time if you commit a federal crime.

There are a whole bunch of proxies to surf at school or work in this post.

The next best thing from this is Onion Routing, the common peer to peer implementation known as Tor.

Onion Routing prevents the transport medium from knowing who is communicating with whom — the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network.

Source: Onion Router

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

You can read more at the Tor site.

Getting Tored Up

For most people Tor is enough, I recommend getting the Tor Bundle, which includes Tor, TorCP and Privoxy.

All you need to do is set your applications to use a proxy, host is localhost and port is 8118.

Instructions with screenshots are here.

Then you’re done, it works for most applications.

Just remember though it’s encrypted from your machine to the end point, not from the end point to wherever it’s going, so that Tor node can see whatever traffic you are sending through Tor..

So make sure you encrypt (POPS, SMTP with TLS etc).

An example is here.

We at the h07 unix research team recognized that people paranoid enough to use tor are still dumb enough to use plaintext-authentication protocols like pop3 and telnet.

They might think it’s “secure because tor encrypts it”. This isn’t the case.

it’s encrypted, but …… communication from client to entry node and exit node to server will still remain as is. POP3, telnet and others will still be plain-text and thus subject to sniffing.

So please, always be REALLY careful :)

True Anonymity?

Still the best way is switching your MAC address and jacking an open Wireless Network, which ethics experts say is ok.

It may not be totally legal, but it’s pretty much bulletproof (Unless of course you get caught in a car parking jacking off to porn downloaded from an open Wireless Access Point).

When you do this, you should make sure you are using an anonymous operating system, so what better than a bootable distro especially for this purpose, called Anonym-OS

You can check it out here.

kaos.theory’s Anonym.OS LiveCD is a bootable live cd based on OpenBSD that provides a hardened operating environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized.

Simple Checks

The easiest thing you can do to test your anonymity is to go to and see if the IP showing up is yours or not.

After that you can check out services like:

AuditmyPC Privacy & Spyware Check


And then there are various proxy tests:

Proxy Test and Proxy Checker.

Here you can see if your setup is leaking any info.

Good luck, and stay secure :)

Digg This Article

Posted in: Countermeasures, Hacking Tools, Privacy

, , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

12 Responses to Anonymity – Hiding Your Identity in 2006

  1. Richard Harlos May 16, 2006 at 1:55 pm #

    Wow… just what I’ve been wanting to know for some time now… and all in one place!

    You guys are among my favorite sites to visit daily! Many thanks!

  2. Gouki May 16, 2006 at 6:02 pm #

    Great! article Shaolin! Congrats.

  3. Darknet May 17, 2006 at 4:03 am #

    Richard: Thanks a lot! Hope you can spread the article around a bit. Cheers

    Gouki: Thanks too ;)

  4. Michael Hampton May 23, 2006 at 1:06 pm #

    This looks much like an article I wrote last month. I mention it because Tor will only protect you up to a certain point: If a government gets interested enough in you to turn its massive surveillance apparatus at you, or to have the U.S. do it for them, then there are other things you need to do, in addition to using Tor.

  5. T-zee September 24, 2006 at 4:56 am #

    Well simple question here, might not be the good topic but bah.

    I recently installed winssh on my computer to tunnel some of my traffic and also privoxy to surf using it into a ssh tunnel from work. but the question is….

    The network will change soon at my work. for now we have a few port open for example 21 22 443 80 8080 and a few other port are open, port 80 is monitored by a proxy. and sooooon they will block everything exept port 80 and 443 with is monitored by Checkpoint firewall/proxy.

    What i’ve tryed is to use gnu httptunnel or httphost to make a http tunnel then do a ssh connection tru it to do the rest of my tunnel, but the proxy seem to be intelligent enought to scan packet and analyse it to see if its really a http packet, I really have no clue if i’m thinking the good way there but…. if I do a httptunnel from hope to my pc (wich is workin) and try to open a ssh session I get a timeout, thing works fine when I do it on my 2 pc at home…

    ssh 22 : gnuhttptunnel 22 80 : gnuclienthttptunnel 80 12345 : ssh localhost:12345. this sequence work fine when I try on my 2 computer at home, but once I try at my job (at least when I try to do it tru the port 80) it doesn’t work.

    I was wondering if there were any other work around, or if at least there were an encrypted free http tunnel that could work. maybe the proxy analyse the packet in a way that it (gnuhttptunnel isn’t encrypted just like httphost) detect the inside and see hey… that ain’t http traffic inside that wrap….

    for now I just work with privoxy and winssh.

    admin know that I fuck around but they won’t help me pass their settings, so I have to search for help elsewere :X there must be so much log pointing to me lol.

    I’am french. kthx.
    and don’t hesitate to e-mail me.


  6. Arnold September 28, 2006 at 3:52 pm #

    Great article, i’m behind ISA firewall i used TOR that u mention in your article..i could used tor ports for GAIM messenger & other programs…Good Luck Guys

  7. Prince December 5, 2006 at 2:45 pm #


    Need Help here :D Cant Active an account can some one or somebody help me or Explain it more specificly?


  8. roberto December 8, 2006 at 4:37 pm #

    new proxy site with both, cgi and PHP

  9. Rich Harlos December 8, 2006 at 5:00 pm #

    My only concern with proxies is that I don’t know how to be certain that the proxy is run by people with a sincere dedication to anonymity.

    Just to take the extreme paranoia position for a moment, for the sake of discussion:

    WHAT IF any one of those (or other) proxies were run by government personnel; what then of the assumed advantage of using a proxy?

    Not bashing the proxy list so don’t anyone get mad at me (please!), I’m just putting this out there for discussion.


  10. Parker January 18, 2007 at 3:17 am #

    ok i have been trying to cover up where i go on the internet and my brother has seemed to filter everything. i figured out how to go to myspace through however i would like to be able to go wherever i want on the internet without my brother looking at it and asking me a million questions on what website it is & what its about. im 17 yrs old, & im too old for this Child Safe program. any suggestions of how to block some stuff?

  11. Rom June 16, 2007 at 10:15 pm #

    Fresh directory of anonymity services and guides.