Do You Need to Surf Anonymously?

An anonymous reader writes "Computerworld has up an article entitled 'How to Surf Anonymously without a Trace'. It purports to offer tips on how to avoid detection by anyone attempting to monitor your internet access. 'If you don't like the limitations imposed on you by [proxy] sites like the Cloak or would simply prefer to configure anonymous surfing yourself, you can easily set up your browser to use an anonymous proxy server to sit between you and the sites you visit. To use an anonymous proxy server with your browser, first find an anonymous proxy server. Hundreds of free, public proxy servers are available, but many frequently go offline or are very slow. Many sites compile lists of these proxy servers, including Public Proxy Servers and the Atom InterSoft proxy server list.'"

Public Proxy != Anonymous

[db32]

Do you know who owns it? Do you know what kind of logs they keep? Do you know who else reads their logs? Seems to me like a terribly good way to fish for undesireables would be to setup an "anonymous" proxy and wait for people to start using it. I mean, its not like police go out and pretend to be hookers to catch 'johns', or pretend to be dealers to catch users, or even pretend to be young children to catch pedophiles. If you don't own it, you can't trust it, and if you do own it then its not terribly anonymous. Even the whole onion router business has come into question as of late.

Not a whole lot of anonymous anything left on the internet these days with all the data mining that goes on. The best you can do is leech wireless and pretend to be someone else.

Re:Public Proxy != Anonymous

[jfengel]

Or hack into somebody's wide-open box (usually Windows) and run your proxy daemon. It seems to keep the spammers safe.

Re:Public Proxy != Anonymous

[Zonk+(troll)]

I don't know why people need to surf anonymously. At home I rarely surf anonymously. However, when I'm at a hotel, coffee shop, on campus, etc I always browse anonymously. If I'm doing casual browsing I'm using either JAP or Tor+Privoxy. If I'm logging in to, say, Gmail or Slashdot I OpenVPN into my home network and browse from there.

You never know who's monitoring you, especially on an open wifi network.

Also, if you're using Tor or JAP it's a good idea to also run Adblock+ (use easylist and add the tracking filter), Flashblock, and Noscript to make sure you keep your anonymity.

So if you are doing something that you don't want people to know you are doing, my question is, what the hell is wrong with you? Please post your full name, address, pictures of yourself and your family, and a full log of everything you've done in the last month. Don't want to? What are you trying to hide?

Re:Public Proxy != Anonymous

[Lumpy]

The best you can do is leech wireless and pretend to be someone else.

you are 1/2 way there. First use a OS that allows you to change your MAC address, BEFORE you ever go online and do things you dont want traced to you, CHANGE YOUR MAC ADDRESS. in fact I reccomend changing it every time you go online. That is what they are looking to trace because the data mining guys still think that it's a unique identifier. Second you need to use a browser that allows you to change it's identifier and allow you to destroy all cookies every session. Honestly changing your identifier on a regular basis a little bit and getting rid of cookies does help a LOT. last thing you need is having a doubleckick cookie ratting on you.

Do those and NEVER use a network that is tied to you. This is all really basic dont get caught hacker stuff guys.

Re:Public Proxy != Anonymous

[Lumpy]

Yes you are off base.

Think of it this way. your computer's MAC address is like your fingerprint. when you touch something you leave your fingerprint.

If I use a phone to make long distance threats, my fingerprints dont transfer to the other side, but they are there on the phone that I used which is easily found.

understand now?

Re:Public Proxy != Anonymous

[db32]

Your other replyer "Lumpy" doesn't know what he is talking about.

1. You are correct, the MAC address doesn't get any farther than the first router. That is how routers operate, by swapping the mac address in the packet with their own and the next hop while leaving the network address the same so it can be 'routed' there.
2. If you own the whole network you can eventually trace a mac back to an originating port on a switch, but that involves owning quite a bit of gear, and its not like its a logged thing, switches eventually allow mac entries to expire or things would break if you moved ports on the switch.
3. In the instance of home networking you are behind a router before you even get to your ISPs router, they never see your mac (unless you are directly connected to the modem, but we are talking leeching wireless).
4. MAC address ARE NOT UNIQUE! They are nearly unique, but if you operate under the idea that mac addresses are unique then your life will be hell when you have to track down a duplicate MAC on a large enterprise network because you believe it cannot happen. It does, although infrequently, and it makes networking very very 'interesting' when it happens.

The best they can do is rush down and grab that wireless access points within a few minutes of the last packet you sent and try and get the MAC before it gets flushed. Then they would have to go after the manufacturer to try and associate that MAC to YOU purchasing it. Now given that the manufacturer has likely made more than one device with that same MAC under the correct assumption they will likely never exist on the same network, and also that a MAC is not a hard thing to spoof, that information is completely worthless. Saying they can track you down based on your MAC is like saying I can identify an individual based on him using 192.168.100.15. Ultimately the best they can really do is determine that the traffic came from the IP the ISP assigned, and there is no real way to verify with any accuracy the traffic came from any specific hardware.

Re:Public Proxy != Anonymous

[db32]

Please read about the concepts of routing and switching. MAC is not like a fingerprint in any way shape or form. Your analogy doesn't even begin to make sense based on how MACs are used. Aside from not being unique and being easily manipulated any trace of a MAC address only exists in the local subnet before it hits the first router and vanishes minutes after the last packet was sent.

Re:Public Proxy != Anonymous

[TheLinuxSRC]

My company hosts an anonymous proxy (see my sig). While there is a fair amount of pr0n and the like, there is a *lot* of traffic from China and other countries with restrictive laws about what you can and cannot research. This only amounts to about 15-30% of our traffic though. Most of our traffic is to sites like myspace, facebook, photobucket etc.

There are actually many good reasons for using an anonymous proxy.

1). You want to search for information regarding an embarrassing physical condition and don't want those URLs logged at your router.
2). You are worried about the site you are visiting trying to infect your machine. Most anonymous proxies will block most scripts (in addition to advertisements).
3). You are researching your competitions website and don't want to show up in their logs.
4). In the U.S. you have a right to privacy and you simply want to exercise that right.
5). You work in government and want to visit sites that might otherwise be logged or blocked.

There are many other legitimate uses for anonymous proxies.

As a disclaimer, my company does not keep any logs -- the logs are rotated nightly at which point a cron runs and deletes all of the previous days logs. Our URLs are obfuscated but not encrypted. A sysadmin on the clients end could log all of these connections at their router and be able to decipher the URLs someone is visiting.

We also offer an SSL encrypted (https://) version of the site. You do have to trust our certificate though :) Logs are rotated nightly and dumped, same as on the "insecure" version of the site.

Re:Public Proxy != Anonymous

[db32]

Only when you and the investigator are both active on the network at the same time in which case changing your MAC really makes no real difference. As I mentioned, the MAC goes away within minutes on the network, its not transmitted past the first hop router, and its not unique beyond the 1st hop router. Given that that end of forensics is part of my job I am pretty sure I know how it works. I don't care what your friends tell you, the cops, feds, and investigators are not using MAC addresses as 'fingerprints' of hardware. It just simply cannot be used like that with even a shred of reliability. The only place your MAC address even is used in ANY part of the connection is between your computer and your default gateway with any switches (not hubs) in between keeping that record for a few minutes.

Re:Public Proxy != Anonymous

[TheLinuxSRC]

Bingo! Advertisers want to know how many pageviews you get.

Re:Public Proxy != Anonymous

[number11]

First use a OS that allows you to change your MAC address

For Win XP, you can use FOSS macshift to set either a specific or random MAC address.

Re:Public Proxy != Anonymous

You don't even have to install anything else to proxy DNS requests in Firefox. Just go to about:config and set network.proxy.socks_remote_dns to true.

public proxies?

[N3wsByt3]

Meh. There are enough good alternatives: TOR, I2P Freenet (if they ever make a useful thing out of it, because after more then 5 years development, they fall kinda short. Maybe things will get better with their Openet, though - but when will that happen?).

Anyway, public proxies are only haphazard and temporary solutions, and not very good ones at that. First of all, they're often unreachable, unusable or slow. Secondly, you never know WHICH proxy you actually use; I mean; who owns the damn thing? What does he log?

Ofcourse, with enough proxies to choose from, and trying out at randomn, it may be a small chance that you end up with someone that actually makes your privacy more in danger, but still... The systems mentionned above (include JAP to that) are much safer for anonymous browsing.

cite please

[way2trivial]

you claim It is illegal for a library to keep a record of the books you have checked out after they're returned

I say, you should be right, but you are completely wrong.
try this http://www.google.com/search?hl=en&q=fbi+library+r ecords

so, if you have a citation to back up your assertion, please, supply the citation.
I say, you are flat out wrong.

Re:cite please

[tiltowait]

Here ya go, 48 State Privacy Laws Regarding Library Records. Since the USA PATRIOT Act (and in the 1970s during the FBI's "Library Awareness" investigations), however, federal law (NSA letters, for example) can trump these statutes. So the OP is partially right.

Librarians learned in the 60s not to keep patron records like this. It turns us in to sleeper agents for a snooping government. Pre-9/11 this was the widespread sentiment too.

I guess that the 9/11 hijackers used library computers doesn't help, nor does the current "Library 2.0" movement to offer customized services.

Re:Starting at the desktop

[EllisDees]

Here's how: google for 'nph-proxy.cgi' and then find one that uses https. Your employer will only see an ssl connection being made to the same server over and over.

A Guide For Windows

[muhgcee]

I wrote up a very simple set of step-by-step instructions entitled "How to be Anonymous on the World Wide Web Using Windows"

Re:Starting at the desktop

[Zonk+(troll)]

Check Peacefire. Every week or so on the mailing list they announce a new web-based proxy. The current one is StupidCensorship.com. The code is available so you can run your own "proxy."

Still, your employer probably keeps logs. If you really must visit sites that you don't want your employer to know about (ie, jobsearch), do it sparingly or just wait until you get home. You could also set up OpenVPN and run that over a proxy server and browse from your home network.

Re:It is illegal to ...

[geoffspear]

Most libraries in the US make it a point to get rid of any data linking a book to a patron once the book's returned, especially since the passage of the USA PATRIOT Act (which requires them to turn over such data to the government if they're asked for it, but doesn't require them to actually keep the data in the first place). However, I'm not aware of any state that actually makes it illegal to keep such data. I've got tens of thousands of old books with cards listing everyone who checked them out within a certain time period, before there were computers to track such things, and it's certainly not illegal to have these. The law in my state does make it illegal to turn over these records to anyone who doesn't have a court order to see them, but just keeping them isn't illegal. In fact, I'd say the Justice Department would probably like it very much if it was actually required to keep the records forever. Or, you know, turn them over to be put in a federal database every time a book is checked out, so they could do some datamining to find potential terrorists.

Anonymousity

[falconwolf]

Why do people do things anonymously that they wouldn't do if their name was stamped on it? I think the world would be a lot better place if everyone took responsibility for what they said and what they did.

I don't know about you but I don't want any government tracking me or monitoring what I say or where I go, online or offline. If a person is concerned about who's taking note of what they say then they won't exercise political speech freely.

Falcon

Re:Starting at the desktop

[Hatta]

The question is, how does one surf anonymously at work when you're forced to use your employer's proxy to get through the firewall.

Ssh into your box at home and use freenx (or regular x-forwarding if your latency is low enough). Then just use it as if you were browsing at home.

Re:Change MAC when renewing DHCP?

[isorox]

foo@bar:~$ ls -l /usr/local/bin/changeMac.sh

-rwxr-xr-x 1 foo users 354 Feb 31 12:34 /usr/local/bin/changeMac.sh

foo@bar:~$ cat /usr/local/bin/changeMac.sh

#!/bin/bash
IF=eth1
HEX1=`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`
HEX2=`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`
MAC=$HEX1:$HEX2
echo "Setting $IF to $MAC"
sudo ifconfig $IF down
sudo ifconfig $IF hw ether $MAC
sudo ifconfig $IF up

foo@bar:~$ crontab -l

12 * * * * /usr/local/bin/changeMac.sh

Anonymous != illegal behavior

[kiddailey]

The real question is why do so many individuals automatically think that if you need to be anonymous, you're doing something illegal? I can think of a handful of perfectly legal uses for anonymity on the net (though some might require you to put your tin-foil hat on for a moment) without even working to hard:

• You want to do research about a specific health disorder, but don't want your family, work or your insurance company to know
• You want to do educate yourself on details, before forming an opinion on a topic that might otherwise set off law-enforcement watchdogs
• You want to be part of a group of people with similair, perfectly legal interests, but don't want to relate it to your "real" life
• You want to publish a strong, but legal, opinion on a topic that might generate hate mail and death threats
• You want to "out" a person or company that is doing something illegal without fear of retaliation