![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="96" height="96"><rect fill-opacity="0"/></svg>){kind=small}
In recent days there has been a lot of talk about the existence of total surveillance by American intelligence agencies. Not to mention the fact that many well-known services have a disregard for the privacy of their users, not even providing HTTPS access.
For many, the topic of privacy is important. And we are not talking about hiding any evil intentions of users. Privacy and personal data is a completely legitimate right of a modern person..
There are several common options for protecting yourself from surveillance.:
- use HTTPS
- clear cookies
- use a proxy server
- use anonymous VPN
- use the TOR network
- use I2P network
- ...
Each option has its own disadvantages, advantages and a certain degree of protection. Let's take a closer look at them:
Clearing Cookies, prohibiting plugins (flash, java, etc.) and javascript
It is useful to delete regular and flash cookies if you do not need service personalization and advertising targeting. In this case, you only delete your connection with your profile/session on the site, and what is stored in cookies depends entirely on the service. If there are XSS vulnerabilities on a site that uses session cookies, third-party sites can easily de-anonymize you through a profile on such sites. For example, if you are logged in to linkedin, then by placing a link to view on your site his profile in the form of a picture, you can later see which Linkedin users viewed your page. It is also important to know that some plugins that your browser runs can reveal your real IP address, even if you use proxy/TOR/I2P and other anonymization tools.
Using HTTPS
(+) protects against interception or substitution of website content,
(−) DNS queries remain unencrypted. For example, if you suddenly use an unencrypted WiFi channel, then your neighbors and your ISP can find out the sites you visit.
(−) the website you opened in your browser knows your IP address.
Using a proxy server
There are several types of proxy servers:
- HTTP - relay GET/POST requests and can add your original IP address to the request header, as well as store a complete history of your interaction with the site.
(+) client anonymity (if used correctly)
(+) supported by almost all browsers
(+) DNS queries on behalf of the server
(−) History on the server
(−) Ability to filter and replace data using a proxy server
(−) works only for HTTP protocol
(−) does not protect against attacks via plugins and XSS
- In the case of a SOCKS proxy, the browser opens all TCP (and sometimes UDP) sockets on behalf of the server. In this case (depending on the browser), you can use your local DNS server, and the site will be able to track you using it, by issuing a unique name in its subdomain for each request and remembering from which addresses DNS requests come to them.
(+) client anonymity (if used correctly)
(+) the ability to forward an arbitrary TCP connection (for example SSH)
(+) DNS queries on behalf of the server (google chrome)
(−) DNS queries on behalf of the client (firefox)
(−) Ability to filter and replace data using a proxy server
(−) History on the server
(−) does not protect against attacks via plugins and XSS
Anonymous VPNs
Essentially they provide the same security as SOCKS proxy.
(+) client anonymity (if used correctly)
(+) you will have a network interface with an “anonymous” address, and you will not need to separately configure your browser and other programs to use it
(−) this is more expensive, as it requires assigning a separate IP address to each client
(−) does not protect against attacks via plugins and XSS
Rent a dedicated server
(+) client anonymity (if used correctly)
(+) the ability to configure SOCKS and HTTP proxies yourself, knowing that the request history will not leak anywhere
(+) saves you from attacks via plugins and XSS if you launch the browser remotely
(−) much more expensive and in some countries requires de-anonymization (passport, use of a credit card, etc..)
(−) the hoster can track your IP addresses from which you make connections to the server
Using TOR
(+) client anonymity (if used correctly)
(−) traffic may pass through another continent and/or through an IP address from a blacklist, and many Internet services will open more slowly or not open at all
(−) if you are not using HTTPS then exit nodes can view/filter your requests
(−) the site must be accessible on the Internet. That is, only the client is anonymous, but not the server.
(−) does not protect against attacks via plugins and XSS
I2P
An analogue of the TOR network is the I2P network, which also hides the network activity of users. In addition, you can create your own resource and advertise it on the I2P network, without knowing the real IP address of the site or service.
(+) client anonymity (if used correctly)
(+) server anonymity (if used correctly)
(−) traffic can pass through another continent (and more than once), and as a result - low speed and long response time
(±) lack of the usual DNS (due to complete decentralization) and the need to subscribe to the “correct” name server or add the site to the address book
(±) internal sites are not accessible via the Internet and vice versa (except for the use of gateways, where you can partially lose anonymity)
(−) does not protect against attacks via plugins and XSS
conclusions
It is obvious that ensuring your privacy is a complex task, and that no networks or tools provide guaranteed anonymity: you need to take into account XSS/cookies, software errors, requests to the DNS server, HTTP headers, incorrectly configured nodes in the I2P and TOR networks, etc. called “browser fingerprints” and much more, which I will write about in future articles.
Various “advanced laws” on closing anonymizers and networks such as TOR and I2P are making these networks increasingly popular, since due to their architectural features it is almost impossible to close them.
Over the past 10 years, the I2P network has grown from an academic project to a widely used product with a number of "unkilled resources" (for example, freezone.i2p, lib.i2p, btdigg.i2p)
Only registered users can participate in the survey. Sign in, Please.
How do you ensure your anonymity??
65.52%
No way - no one is interested in me
1484
14.22%
Turn off Cookies and/or use NoScript
322
15.81%
I use Proxy/VPN/my own server
358
22.74%
I use Tor or I2P
515
5.12%
I don’t use the internet, but prefer only offline meetings
116
2265 users voted.
442 users abstained.
Comments 57
And your article is also interesting, but some of the data is already outdated.
For example, I would argue with the “A” that Tor received in your article, such as “access to a full Internet” and “difficulty blocking».
Forced acquisition of knowledge that must be mastered due to a certain trend in the direction of the work of a number of state institutions in the Russian Federation?
I understood your comment correctly?)
It would be great if jsmith11 integrated my findings into the wiki
Registration via tor is available?
problems with bidirectional protocols such as FTP (in active mode), UDP connection tracking and much more. But this is a topic for a separate article
You can use a VPS instead of a whole server. There will only be:
and for this there is another VPS
Buy VPS possible for Bitcoin.
And then there will be no ends left at all. )
As far as I know, wallets can be generated in any quantity.
I wonder how this “need to feel social approval” was satisfied before the advent of social networks? You know, there is a difference between a person who has no friends and a person who has a high enough IQ to understand how harmful it is to use social networks (from a waste of time to providing a bunch of personal data to unknown third parties).
You greatly exaggerate the IQ of a person who “understands how harmful it is to use social networks.” If the IQ is high enough, then it is sufficient to understand that this is a tool. And like any tool, it is of great benefit only when it is used as needed, and when needed..
If you also don’t understand what the author does, I recommend Googling: stroking theory Eric Berne
Moreover, the question is not even what benefit they can give me, but that the harm from them so far more than outweighs this benefit. I am registered in those social networks that do me more good than harm (Habr, Linkedin, Odesk), and am not registered in the others (Twitter, Facebook, Google Plus, VKontakte, Odnoklassniki, etc.). This choice is determined by the need to publicly discuss work-related information and the lack of desire publicly discuss personal information (both your own and others’). As for Twitter, I just don’t like its format - I prefer to receive and transmit news/information less often and in larger blocks, for example in the form of articles on Habré.
These are not my misconceptions about socialization, these are your misinterpretations of my comment. This has already been discussed two comments above..
Besides everything else, for me social networks are another very wide channel for conveying and gaining knowledge.
And of course, in current realities, this is a very good channel for mass (or targeted, targeted, group, etc.) notification, both about current events and activities, and about urgent news/actions.
That's the minimum. There are many more things that may be useful
And “likes and retweets” are just that, an auxiliary (but in some cases extremely useful) option.
Some software e-book readers can search for quotes on Facebook, but cannot search somewhere else outside
if you need to have a way to get these quotes out of them... authorize this program so that its posts are visible only to yourself (the visibility area is “only me” / “close friends” (if you have a normal account, why not) and search for quotes, then through a service like IFTTT /Zapier we send these quotes where they belong
Well, the drawback is clear - at the same time we share them with those who can get them from Facebook + there is a risk of errors in the settings and everything is in public + you still need to have this account, even with fake data
the alternative is true - use an e-reader where this is not necessary:
— Kindle (everything, and it means that we read from different devices) - all quotes from Kindle Store books on kindle.amazon.com/your_highlights (but unfortunately _only_ from Kindle Store books, from those uploaded to Kindle Personal Documents - we need to do it a little differently)
— Marvin for iOS - at least connect Evernote (or any other service - you can do it there), or simply export quotes from the book after reading (you can and conveniently there)
possible in other similar cases…
and so, if you need to do something on the network so that it is more difficult to find you, then the left SIM card, the left phone (you can, of course, limit yourself to free Wi-Fi in these days), the left beech, the left car, do the job and burn everything) ps sarcasm based on spy films and books )
Customizable. For example, I immediately install the Foxy Proxy plugin in FF. It also routes DNS requests to a proxy.
VDS\VPS is quite enough. Dedik is redundant for one user.
No. See .onion.
To be honest, I’m already fed up with the same type of articles in the style of “I googled on the Internet about the topic of anonymity, here’s a summary of what I googled, I didn’t understand it myself, but the boys write that...”. One gets the impression that you (specifically you and the authors of similar articles) are simply trying to gain karma on the wave of public interest in anonymization.
So let me give you some advice. Team up with other authors writing similar articles and collect material, check it out to the extent possible (okay, look for vulnerabilities of cryptographic algorithms in the source code, but measuring the speed yourself and avoiding factual errors in the article is quite possible) and post together one article/series of articles with a list of authors below. Then it will make sense. And that article mentions terrible browser cliches, but in none of them did I read the word privoxy.
I am ready to technically support this endeavor and also proofread before publication.
AWS. All you need is the phone number you are calling and a credit card. The phone number is created using the left SIM card, and the card is created using qiwi via Tor from the same left SIM card. Immediately after activation, the phone and SIM card are thrown away.
Nobody forces you to buy a server in these countries. And they ask for a scan of your passport, not the passport itself. A scan of the passport is made using the program. (Question for lawyers: is such a trick a crime from the point of view of the laws of the Russian Federation??)
Can't if you connect to the server via Tor.
So, almost perfect anonymity and having an IP that is not blacklisted is actually almost free: free VPN (vpngate will do) + Tor + AWS. Access to the external Internet occurs only from AWS. I think the resources required to break this anonymity are enormous. For someone to start doing this (with unknown success), you have to do something very bad on the Internet (which none of us wants to do, of course). I repeat, this scheme is almost free for the user.
Or something very unpleasant to someone powerful enough.
In general, if you don’t commit crimes, then there’s nothing to be afraid of..
Thanks for the survey.
> For example, jaws dropped at the sight of the closure of the popular website about the game EVE Online for “drugs” (which merely described the use of fictional chemicals on fictional characters) - and now the bill will also prohibit information about the methods of using “substances similar to narcotic drugs and psychotropic substances effects on the human body».
Can you imagine how such a law could fit “perfectly” with this? habrahabr.ru/post/178773?
Well, or for example, you sent a patch to the developers of Tor or i2p a couple of years ago and then suddenly you fall under the article: habrahabr.ru/post/182150. and so on.
> It’s great to understand that there are still not so many paranoids even on Habré.
Well, what's so beautiful about it??