Slashdot Mirror
The Drawbacks of Anonymous Surfing
BlueCup writes to tell us that one reporter decided to give anonymous web surfing a shot, and found it to be much more trouble than it was worth. Many users take advantage of Tor and other anonymous web browsing tools, but is the amount of hassle worth the effort it takes to remain anonymous?
If you have a few seconds, download Torpark and try it out. It shouldn't take more than half a minute and is Firefox based and pretty much automated.
And if you're worried about having to put Torpark on every machine you use, just put it on a very small USB thumbdrive on your keychain. Plug it into whatever computer you're using and browse the thumbdrive. Double click and go -- no need to worry about leaving personal information on your friend's computer. The application itself is very tiny so it would fit on even very cheap USB drives and there's a Thunderbird extension for it. I was at a conference once and got a free 512MB thumbdrive. I sharpied it as Torpark and now I can serf anonymously if I need to.
The only hassles I can find is that I have it set to not cache anything at all which means sites don't load as fast when I revisit them normally on my desktop. Also, the Tor servers can sometimes be slow to forward packets or the German ranged IP address it masks me with will cause a page to render in German. Oh gut, das ist wert es wohl.
My work here is dung.
on what you're surfing for, and who will be looking at your records in the future. Anon surfing might be a good idea for anyone who ever expects to go into politics, for example.
Is it just my observation, or are there way too many stupid people in the world?
Yes if you are going to lose your freedom, or be executed because of it, probably not if you are a general user who does nothing that could ever be used against them, and only use it in instances where you actually need anonymity rather than using it for all activity.
Warhammer forums
So use Mozilla/Firefox to prefill the forms.
Not if you erase history.
========
Nothing new here. Just someone complaining that privacy is not worth a slight inconvenience.
"People who are not willing to give up conveniences for the sake of privacy, deserve neither privacy nor sympathy." - Benjamisquoted Franklin
I bet the author votes Democrat.
Have you read my journal today?
This 'reporter' didn't know that he had to sacrifice a bit of convenience in order to maintain web anonymity?
What a useless article. You mask your IP and use proxies if you want to become *untraceable*. And this guy's crying about how he has to remember his passwords for every site. Bloody lout.
...is often helpful so you don't get sucked into flamewars, so I can see where having a bit of privacy while surfing can be helpful as well.
The Tor concept is a great idea, and seems to work okay, but the last time I tried it, it was so slow that it was mostly unusable. Has much changed in the past 6 months or so?
After reading the article and digestig what the reporter wrote, he wasn't being very anonymous even with his efforts. Sure, he deleted his cookies when he was done (I do too) but he never removed all his cache files which could be used to track you. Yes, this will increase the time it takes for a page to load but since apparently everyone but me uses a high-speed connection, waiting that extra half second doesn't seem to be that much of a hassle.
Also, since he had to relogin when he went to Amazon or other sites, he was giving up his anonymity because now the site can track when he last visited, what he went to and so forth.
As far as sites balking that he didn't have a cookie, um, so what? That is the whole point of trying to be anonymous, right?
Had the author simply stuck with sufing around and not registering with sites he would have a better case for his article. As it stands, not so much. He needs to look up the word anonymous and see why he wasn't.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Anonymous surfing is first equated with crime, and later a correlation is drawn between a desire for anonymity and Unabomber style, tinfoil hat paranoia.
There are plenty of legitimate reasons not to want your personal information all over the place, barely any of which were touched on in the article.
This is not true as javascripts can read your normal IP address. It can even get your local IP address. Except I've noticed that if you setup a local webserver and set that webservers IP address to 127.0.0.1 then the javascript just shows 127.0.0.1. Seems to work.
What I dont get is why we need to be worried about cookies, IP address tracking and such. So what if I can figure out what IP you came from. That doesnt tell me your name or your home address. The only need for annoimity that I see would be if you are looking at things that are illegal, or you want to bypass your work/school firewall. Other than that.....why does it really matter?
Tracking your IP can help you and web developers. It tells them what is popular, where you came from, and how you went around in the site. It tells them if you even saw some of the pages and how you got to those pages. Ads specific to your IP are also better for advertisers. Tracking helps you by targeting information to you based on your activitys and this makes you happier. So Tracking is good
Surely if you live under an oppresive regeime and your life depends on it, it's worth the hassle?
I have no reason to surf anonymously. Nor do I any confidence that if I did that an 'anonymiser' would really, really work. I did try it once some years back and it was a pain.
I agree with the reporter: surfing anonymously is too hard. You need to have at least a 2-digit IQ to do stay anonymous on the internet.
Man is a slave because freedom is difficult, whereas slavery is easy.
- Surfing anonymously is hard, and therefore not worth it.
- Oh noes! My Amazon purchase list is broken! This is stupid!
- Evil criminals can use it!
An excellent thing for a reporter to be saying to his readers. I'd sure love to be one of this guy's sources.I'll be honest, we're throwing science against the wall to see what sticks. -Cave Johnson
This reporter is dumb. He declares that he is a fan of convenience and doesn't care much about anonymity. As he found out that anonymity slows things down, he concluded that it's not worth it.
For him, he should add. If all you need anonymity for is so websites can't point personalised ads at you, guess what: you don't want military-grade anonymity through Tor, you want Adblock or Privoxy. While he continues his convenient existance, more and more people rely on Tor for their democratic right to free unpopular speech. Tor may slow you surfing down, but it sure beats political imprisonment or being outed for being whatever is unpopular where you live.
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
Just use a fake name, especially the name of someone you don't like. That's sure to conceal your tracks... anonymous site data looks weird in a log, but Joe Jerkoff looks like legit traffic, plus you get to peg him/her with the goatse bookmarks, or whatever sick thing you wanted anon surfing for.
stuff |
if something is hard, it's not worth doing.
How we know is more important than what we know.
That "Post Anonymously" checkbox ought to be enough for anybody.
Heh, if he's crying like this for anonymous surfing on the WWW, I'd like to see him try Freenet/Frost!
Anyone else think the comments just weren't rendering right before they turned off ABP and saw ads?
It lacks the "paid for by the people who hate free speech" line.
Quite seriously, if you have troubles setting up TOR, it might be good for the net as a whole if you stayed out.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
To me, one of the biggest threats to privacy is google's logging of what I search for. I tried using foxyproxy, but found it hard to find reliable and speedy proxy servers (which btw need to be in the US else google renders the version tailored for whatever country the ip address comes from). So my solution: I'm writing a little script that will periodically read random entries from a text file I have and submit a search to google for the data. For example, my data file contains "kill the president", "blowjobs from hookers", "boiling dead dogs", "where purchase drugs", "flowers for wifey", "plumbing supplies", etc. More sophisticated versions will include clicking on some of the links returned by google, and better combinatorics for the seach data. All I need do is make the fake google searches outnumber the real searches, and I've got plausible deniability on anything.
- First they ignore you, then they laugh at you, then ???, then profit.
I don't think the author of the article has a handle on this whole privacy thing. People who care about privacy don't sign up for "loyalty" cards at grocery stores, don't give out their phone numbers to every retail clerk who asks for it, don't put their names in telephone directories, don't enter contests that require you to provide personal information on the entrance form
I could go on and on.
He laments the loss of "conveniences" such as not having to enter his username and password everytime he logs on to the Wall Street Journal online, or having Amazon recommend books to him based on his past purchases. If these things are more important to him than his privacy, that's his choice.
You have to determine what price would you pay to receive these services, then ask youself if that is a fair price for the data you are providing to the providers of these services, and anyone they choose to sell the data to in the future. I suspect that for the majority of people, the answer would - unfortunately - be yes.
I don't care why you're posting AC
Many users take advantage of Tor and other anonymous web browsing tools, but is the amount of hassle worth the effort it takes to remain anonymous?
If you're growing mushrooms, you'd better fucking believe it!
Seriously though, as has already been mentioned, torpark and FoxyProxy (my personal choice) both require about a 5 minute investment of your time. With Tor running as an automatic background service, I don't even have to think about it, FoxyProxy simply kicks in when I visit a site matching my predefined patterns designated to Tor.
First, using Tor is easy. Just use the Torbutton http://freehaven.net/~squires/torbutton/
Now turn Tor off when not needed, and turn it on with a click when you like to.
Since you go through other hosts, it is often slow, but usually OK.
Also, if a lot of your Google searches returns Wikipedia pages, just search directly in Wikipedia and so on.
"Fix it"
The "hassles" he talks about are mostly the lost convienences of cookies and the occassional site that doesn't work w/out cookies.
Seriously.
That about sums up his complaints.
I'm not terribly impressed by the issues he discovered while using an anonymizing service.
[Fuck Beta]
o0t!
Yes if you are going to lose your freedom, or be executed because of it,
The nature of the internet and the records kept means you could pay for something you did last night, 10 years from now. Take the whole steroid hysteria right now. 3 years ago, if you used andro, you did nothing illegal, it wasn't considered a steroid and was available at practically every health shop. If there is an internet record of you talking about using andro and the great results you got from it now, NOW YOU'RE A STEROID USER WITH A DOCUMENTED HISTORY OF USING, because now it's illegal and considered a steroid. This could happen with just about anything in this nation of partisan embiciles.
The problem with the question of "is it worth it?" is, you don't know if it was worth it for you personally, until you find yourself in circumstances where either doing it saved your ass, or not doing it costs you dearly.
"Our morality is good, theirs is repressive."- Partisanship Rule #3
I also had to re-enter a login name and password when I returned to sites requiring registration, like The Wall Street Journal Online. On Amazon.com, I couldn't immediately see book recommendations based on past purchases _ something I enjoy.
Thank god they can't find out who I am based on my payment details . . . oh . . wait.
Your hair look like poop, Bob! - Wanker.
The "anonymous surfing experience" can improved greatly with a little software:
Wallet software (i use kwallet) that auto-fills login forms from a local encrypted storage.
Software that blocks all cookies from ad agencies (blacklist, anyone?) and auto-deletes the rest when closing the last window viewing a given site. (I don't know of any way to set this up in konqueror, please suggest. Privoxy perhaps?)
For the all-important slashdot login, a way to tick off sites that "can keep cookies for a year". That would probably be quite few sites, so wouldn't be much hassle.
That aside, lobbying for better privacy laws would probably also have a quite good ROI. The US has something to learn from the EU there.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
Yes, privacy is generally important. But, no, that doesn't mean you have to be a complete tinfoil nutcase about it.
E.g., I'd be hard pressed to see anything bad in what I buy on Amazon. If a prosecutor with a search warrant wants to see that this month I've preordered Neverwinter Nights 2 on Amazon, by all means, be my guest.
Mind you, I don't see any use in Amazon's recommendations either. But if anyone finds them useful, it's bloody stupid to ask -- nay, _demand_ -- that they give that up in the name of privacy. It's just asking to give up something useful (for them), in return for zero actual benefit.
E.g., I actually _want_ FilePlanet to keep knowing it's me, so I can download through the non-queue servers I subscribed to. I _don't_ want some idiotic piece of "privacy protection" software to keep confusing the site into thinking I'm not even logged in all the time. (Don't laugh, MacAffee did exactly that.) And, yes, if any prosecutor wants to find out that I've downloaded some UT mods and levels, by all means, knock yourself out.
Now I _might_ want to hide some other stuff, even if it's not criminal. E.g., I don't want my parents to find out my IM number, because, frankly, they're the kind of smothering intrusive idiots that would be all over me 24 hours a day if they could. In fact, they actually did before, on the old number. (And I'm in the mid-30, living on my own, half a country aws.)
Basically there are two _very_ distinct kinds of data: that which I'd rather keep secret, and that which, for all I'm concerned, I actually _want_ the web site to know. There are also two very different kinds of web-sites: those I'd rather be anonymous on, and those which, by all means, I _want_ them to know it's me. They're very distinct, and it's up to me to decide which is which. And for whom.
The view that it's either-or, that either you're against the very principle of privacy _or_ you're anonymous all the time, is such an OCPD view that it's not even funny. The real world has more nuances and special cases there. (Or in any other problem.)
And I do believe that what TFA discovered is that currently the available software makes it a pain in the butt to actually deal with those nuances and special cases. A lot of software (and not only privacy software) is based, basically, on a black-and-white all-or-nothing OCPD view of the world, and/or needs more work than it's worth (to a non-geek) to configure all the exceptions and special cases.
A polar bear is a cartesian bear after a coordinate transform.
but is the amount of hassle worth the effort it takes to remain anonymous?
Yes.
Tor's not a real hassle to use, but it is slow (just like FreeNet is), and always will be.
To use Tor, simply install it, then tell your browser (or privoxy proxy) to use the socks proxy on port 9050 (or wherever). Nothing much can be done about the sluggish latency and low bandwidth, though, because for true anonymity to work you just HAVE to relay through a certain random number of random nodes of various quality. So instead of taking 15 fast intra-country hops to reach Google, it might take 100+ hops all over the globe and back, with each hop being another weak link in the chain.
Speed is the #1 reason I don't use Tor much... except for the rare occasion when I need to upload beheading videos^W^W^W send ransom notes^W^W^W troll IRC^W^W hide p2p downloads^W^W^W research something privately.
Power to the Peaceful
Some websites only offer their services depending on which country you come from and the ip address tells them the country and town
cleaning the history, cookies and cache on a regular basis is all that is really needed; the one problem is with the browsers, Safari has "private browse" mode for those times what you don't want anything...Firefox should have this too.
As a result of everything I did, Web surfing got a lot more difficult. It took a few seconds longer for pages to load, and I received error messages from certain sites, which apparently balked at my not having cookies.
The reason you recieve error messages is cause the sites were built to track you. If more people became anonymous then, the sites would be built to not track you. If a new version of IE (i hate it but all the "i bought a computer, can i have a fork?" retarded people use it so more people use it than most others) came out that by default had you surf anonymous then the sites that track you would grow less and less popular as the people get errors and go to other sites where they dont get errors. This would cause the designers to change the site and make the error vanish. This is like anything that you change, its going to be a little annoying at first but youll kiss yourself after a while at how much better it is.
Freedom is a state of mind. A mind is a state of being. Stay the fuck out of my mind and my being. - Corporate Avenger
The speed is significantly better. Still noticably slower than a reg'lar connection, but no longer is it so slow that impatient folks like me abandon it altogether.
;-)) is to download and run Torpark -- it's portable, pre-configured to establish a Tor circuit, and it pretty much runs right out of the box.
The quickest way to give it a speed test (after all, if you're testing speed you probably don't want to be slow about it
If you want to help the speed even more, be a good citizen and run a Tor server.
Pi Ran Out
I want to know the surfing habbits of polititions: imagine that the internet came about 50 years earlier: what would the "history" of GWB look like Vs Algore? not totaly usefull, but an interesting insight...
what forensic traces are left on YOUR machine.
It's about what trace you leave across the Internet/Googlesphere/SkyNet.
"Flyin' in just a sweet place,
Never been known to fail..."
I've been using FoxyProxy/Privoxy/Tor for a few months now. It wasn't nearly as difficult to set up as I'd imagined (I'm running Ubuntu), and it didn't degrade or slow down my web experience as much as I feared, either. It caused me an unexpected problem last week, though. I ordered some hardware from NewEgg. The process went exactly as usual and I got the confirmation e-mails as usual. The next day, however, I got another form e-mail that said my order had been cancelled because my bank was outside the United States. WTF, I thought - this is clearly not the case. I called NewEgg's support line and was told that it was actually *my* IP that appeared to be outside the US. I explained that I was using anonymizing software to protect my privacy online, but that I'd used my NewEgg account and completed the VerifiedByVISA process, and that I was shipping to a verified address, etc. The support guy said he couldn't un-cancel my order; I'd just have to re-order using "my real IP" this time. Fine, I grumbled. I went through the process again; when I supplied NewEgg's cart app with my account credentials this time, I was told that my account was suspended! I called NewEgg again; apparently my account was suspended because of the "suspicious transaction" referenced above. It took me a half hour to get my account reinstated.
You can make Tor very easy to use with any application (on Windows or other VMWare/OpenVPN supported OS) with JanusVM:
http://januswifi.dyndns.org:85/
When you start the Windows VPN connection to the VMWare virtual machine that PPTP network becomes you default route. All DNS lookups, http requests, and other TCP traffic is now transparently routed through Tor. Simply disconnect the VPN to terminate anonymous onion routing...
Also see the user documentation: http://januswifi.dyndns.org:85/Instructions.htm
Transparent proxy avoids many common problems with explicit SOCKS configuration and DNS leaks. Worth a look...
"KISS" = "Keep It Simple, Stupid"
I don't know why everybody insists on missing the obvious... just use somebody else's or a public wireless connection. That's *all* that I use, and I'm even more anonymous than somebody using Tor. It's not like a wide open wireless connection is tough to find! The *only* way that I could be tracked down was if the feds found the WAP, then kicked in the doors of every building (and car) within a certain radius, and I happened to still be there.
Why crap on the parent? He's not saying that cookies are a good thing; he's merely pointing out that TFA's complaints boil down to, "It goes too slow without cookies". It's the author of the article who's minimizing the security concerns, not the parent poster.
-Mike
I'm sorry; I don't know what I was thinking!
It's really becoming a problem lately, as the latest round of cachey-cookies can SUCK YOUR CREDIT CARD NUMBER FROM YOUR BRAIN!!!
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
I used to live like that when I was younger: fearing that someone would discover that I'm gay, and taking elaborate measures to keep that secret, including the "anonymizing" and "encryption" technology of the day (e.g. giving people a fake name, going to a gay bar in another city, having magazines mailed to me in a sturdy plain brown wrapper). That's no way to live. I resolved almost 20 years ago that I wasn't going to let anyone force me into hiding... and along with countless other people coming out of the closet along the way, it's become a lot safer for anyone to live an openly gay life. That's how you regain freedom: by asserting it. And I think it's kinda sad how quickly so many people are scurrying into the shadows instead, out of fear. (A bit like the American public's willingness to trade freedom for "security" over the past five years, I suppose.) If your safety is dependent on keys (whether cryptographic or physical), you don't have real freedom.
http://alternatives.rzero.com/
I looked up how to evade taxes online and I got slammed by the government. I couldn't believe it! How did they know I was planning to not pay my taxes?! I didn't fill out the tax forms and they still got me! The thing is though. I was using an anonomiser when I was looking up the tax evasion stuff, and that did NOTHING. They're a bloody waste of slow page loading time. The only thing I can tell you is to play by the rules and don't look up anything that might get you in trouble. This is the sort of world we live in. We outnumber the poloticians but we still get kicked around. I guess this is the price we pay for public health care.
This is why I never memorize anything important.
Posting AC, because
If people are going to write tech articles you'd think that they would have some idea of what they are talking about. Hiding an IP address doesn't mean anything when your ISP is keeping a nice fat log of everything that goes through your account 'just in case'. You need to encrypt and mask if you're going to do it properly. You can use a service like safepeak which has encrypted VPN and IP masking, it's not free but you get what you pay for I guess - every free service I have ever tried has been slower than an asthmatic sloth. Do your research before writing about a subject.
If I'm going and using other people's machines, isn't that already anonymous?
...To just buy a unix shell from a co, order a dedi or otherwise acquire a shell that is on a 10/100mbit server and load up a proxy.
Many people disable cookies for security/privacy reasons. It definitely doesn't increase security.
When cookies are disabled, many websites add ?PHPSESSID=abcdef to URLs (instead of setting a cookie PHPSESSID=abcdef). This allows session hijacking using the HTTP referrer header.
For example, if you are on a site http://www.slashdot.org/?PHPSESSID=abcdef and you click on an external link, the remote site gets your session ID. If you have cookies enabled, this attack is impossible.
...is that it makes you unable to use sites which actively block known Tor exit ports. Of course, I'm sure no one here uses such sites...
And yes, I know that both of those sites allow Tor-based browsing, just not Tor-based posting. However, they both have user login systems, and there's no good reason to not allow those through Tor. If you don't trust your password protections enough to allow Tor-based users to access them, why do you trust regular users?
Are there any Linux and MacOS X 10.2.8 ports or similiar Web browsers? I just tried this in Windows XP Pro. SP2. It's nice.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
None of you have posted in 4chan's b section, have you. THAT is the finest example of anonymous surfing's drawbacks.
Not if you erase history
Erase history?!?
First time traveling DeLoreans, and now this!?!
What's this world coming to when history itself can be erased on a whim!
Anonymous surfing is simple.
http://www.iphantom.com/
That's it -- all in hardware, no configuration, works behind a router. Works on your whole network, works on one computer on your network, allows all P2P, allows you to play online -- you name it, it does it.
Like political commentary...
...
...
or
Religous commentary...
or
Independant news reporting
or
Organizing a union or a protest rally...
or
Reporting crime...
or
???
Your right of course. Self censorship due to fear of reprisal is really all for the best.
Hehehe, this was very funny (I'm seriously not the O.P.). Really. You don't believe me, but I'm not.
I was going to post a lengthy rebuttal, but {sigh}, I dunno, it's almost quitting time.
Of course you lose personalization when you're anonymous. The reporter should change his name to TautologyMan.
Cookies are less of an issue if you use a proxy that rewrites them on the fly to be session-only and encrypted (like anonymizer.com, if they're still running).
Here are some of the real problems.
To provide reasonable anonymity your proxy has to block Java and Javascript. Many sites will stop working.
Given my line of work I researched Tor and out of the first N places I tried to visit, the fraction that blocked Tor exit nodes was 100%. Now that's a real inconvenience.
If you're using a single-stage proxy instead of Tor then the anonymizing proxy might be a honeypot.
A single-stage proxy only protects you from being identified by the destination web site. Your ISP could still have records of where you went and when.
You're still identifiable by the remote site if you've ever visited it before, if it left a cookie, and if you don't have something in place to block cookie transmission. One visit to cheerleadersincombatboots.com you might explain as a slip of the mouse, weekly visits over a year could get you in trouble.
It's hard to get IP-hiding proxies right. Your IP might leak if there's a transparent proxy between you and the anonymous proxy, if you use Internet Explorer, or you could be hit by a bug in the anonymous proxy's Javascript blocking. How many undiscovered, unfixed, or reintroduced bugs are there in whatever anonymous proxy you use?
I am surprised they even let this article through. It would be a shame for more visitors here to get interested in Tor, only to find that they are not welcome at Slashdot.
If I were a covert organization like *** and ### and $$$$, (you choose) I would set up a few companies that offer anonymous surfing. If I were a repressive government of a country, (we know who they are) I would set up a few companies in Canada or the USA (or other "free" country) and offer anonymous surfing while covertly promoting it in my country. Wanna bet it's already done.
Holy shit, I type out hundreds of words a day and and misspell one and Slashdot jumps all over me.
Brilliant use of wordnet there, but you were late, someone already got a +4 funny on that one.
*the sound of one hand clapping*
Looks like someone at that mysterious company ripped off the design of http://www.sftpdrive.com/ for Prove.Your.Worth.
You got it wrong. KISS = "Keep It Stupid, Simple!"
Then it'll actually work.
How many escape pods are there? "NONE,SIR!" You counted them? "TWICE, SIR!"
I've got a Mac, and i have Camino and Safari set up to not use Tor. Both of those browsers use the global proxy settings. However, I've setup Firefox to use Tor when it launches. That way, if I need the privacy (or to break thru the Chinese firewall), I use Firefox. If I desire speed, I use Camino.
if we had a poll on Tor users, or anonymous proxie users, im sure we would find a LARGE percintile of /. often use anonymous proxies... like me, right now :P the only hastle i get is having to wait a couple more seconds for a page to load, and unless your a porn mongering geek that is in a hurry, i wouldnt worry about that
Don't feel down about the responses...Tor can be used for torrenting, as long as you only use Tor to cover the traffic to the tracker! You get the torrent info from the tracker via Tor, but the actual data transfer from other peers does not go through Tor. You can easily set it up this way in Azureus but im not sure how to do this in other clients. Read the FAQ on using Tor on Azureus website, as it goes into it in a lot more detail. This way, if MPAA gets hold of the tracker server, they don't have records of your IP, but an FBI agent sharing out Da Vinci Code to you can clearly see who he is sharing to :) Of course, you could use Tor on the data transfer as well, but as the reply mentioned, it's not very nice to the other Tor users.
"Everyone knows that vi vi vi is the number of the beast" -- Richard Stallman