Ask Slashdot: Choosing Anonymous Proxies?

bradley13 writes "There are lots of anonymous proxies out there, and anyone concerned about their privacy probably uses one for at least some of their web browsing. The Megaupload story highlights the fact that having servers in the USA is not a great idea. There are also other countries one may not want to trust. Oddly, very few proxy services mention where their equipment is located. What anonymous proxy services do you use? What criteria do you use to select them? How paranoid are you, and for what types of Internet usage?"

Botnets and Seven Chains

[Christopher+B.+Linn]

It's the only way to stay truly anonymous and secure on the internet. You cannot trust companies to provide you true anonymity and proxies, especially if money is involved.

Never trust anyone, and never expose to anyone who you are. That is the only way to stay secure on the internet.

Re:Botnets and Seven Chains

[El+Torico]

Agent Mulder, is that you?

Re:Botnets and Seven Chains

[bobbied]

Smart, Maxwell Smart!

And Loving It!

Re:Botnets and Seven Chains

No, he is Christopher B. Linn; but don't tell anyone, especially the internet! (he doesn't want to reveal who he is!

All jokes aside, this reminds me of an XKDC post... about anonymity

http://xkcd.com/834/

Re:Botnets and Seven Chains

[Hatta]

Or Tor. Which is the same thing as a bot net proxy, but consensual. Make sure you don't send any personally identifiable traffic through the tunnel, because the exit nodes are monitored.

Re:Botnets and Seven Chains

never expose to anyone who you are

Aren't you the guy who just said:

I work as a software engineer at Cisco in our San Jose headquarters

Re:Botnets and Seven Chains

[GameboyRMH]

An anti-MITM browser plugin like Perspectives or Convergence is a good thing to use when browsing via a proxy.

Re:Botnets and Seven Chains

[postbigbang]

That's ok. We all use Christopher's machine for *our* anonymous proxies. Of course, he's probably unaware about those cites he surfed with our handy-dandy XSS routine that implanted the proxy on his machine in the first place. Chris, dude, don't you wonder about your cable bill-- at all?

Re:Botnets and Seven Chains

[Ethanol-fueled]

The point he's trying to make is that nobody knows that better than he does - Cisco gear is widely used to facilitate eavesdropping and contains multiple undocumented backdoors for the 3-letter agencies.

Your proxy could be 100% dedicated to customer privacy, but can be unwittingly monitored and its users exposed as long as the proxy utilizes Cisco gear.

He did not slip or contradict himself - he is doing you all a favor, and speaks with authority.

Re:Botnets and Seven Chains

Develop MPD. I split myself like this. The real life me, I have an email/chat account, that everyone knows, as far as they know I only spend time on the net reading or gaming. Then I have another completely different persona, facebook/gmail account for gaming and socializing, none of them with even a glimpse into my real life. Fake name, birth date, everything. There are some games where I spend some money. If those games I play with RL people, then I use my RL account, if not, I use another completely different persona, again different personal information.

Seems strange, paranoid, but that's not the reason I do it. I like my privacy and personal time. When I turn off the computer, my socializing on the web is done. RL is on and vice-versa.

For RL, I have a phone, and living in a small town makes any travel trivial.

Re:Botnets and Seven Chains

[jamstar7]

You sound like one of those evil evil filesharing pirates. Naughty, naughty.

Now give me the address of a couple good proxies so I can get some more bootlegged Canadian TV shows or I'll turn you in!

Re:Botnets and Seven Chains

[Dainutehvs]

Where does "seven chains" come from? Some metaphor? I assume it was meant as proxy behind proxy behind proxy .. makes You more difficult to find... But why seven? Is there a "seven chains" rule? Cannot google any sensible explanation.

Re:Botnets and Seven Chains

[TweakedDewAddict]

I thought it originated with this http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies

Re:Botnets and Seven Chains

http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html

http://www.networkworld.com/community/node/57070

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040407-username

Re:Botnets and Seven Chains

[Zero__Kelvin]

"No, he is Christopher B. Linn"

Or maybe we can conclude that the one person he is not is Christopher B. Linn. You don't need software to masquerade as someone else, you know. ;-)

Re:Botnets and Seven Chains

[torgis]

I accidentally the seven proxies. Is this bad?

Anonymouse

[Trepidity]

I use this thing.

Selection criteria:

1. First google hit for [anonymous proxy]
2. It's been around since forever and I remember its url (but when I don't, see #1)

Yeah, not that scientific.

The most venerable lineage in this space is probably The Anonymizer, which was once hosted by CMU researchers, but it seems to have been bought and turned into a commercial desktop application.

Re:Anonymouse

[mrclisdue]

I use whatever from the list here:

http://www.samair.ru/proxy/type-01.htm

Otherwise, it's TOR

cheers,

Obligatory TOR post

[ajpuciat]

It's easy, free, and for the most part anonymous if all you are doing is simple web browsing.

Not sure that I would want to do any banking or accessing sensitive data through that network, but it is a start.

They're all the same.

[RyuuzakiTetsuya]

See: http://xkcd.com/908/

Except it's all pointing to one gnarly Tor endpoint

The Onion Router

It is fine for most purposes, and if you are really worried about backtracking, login from an open WiFi, route through TOR out the exit node and through one or two of the numerous free online proxies. Slow as molasses in January, but there it is.

Anonymous != secure

[mindcandy]

Many TOR nodes are run for malicious purposes (a few have resorted to 'wall of sheep' sort of tactics' to reinforce this fact). TOR gives you anonymity but NOT privacy.

Re:Anonymous != secure

[lister+king+of+smeg]

that is what 'https everywhere' is for

Some options

I use Giganews' 'VyperVPN service. They have servers all over the world and you can select which country you want to use.
I've also used privatetunnels.com which is based in the Ukraine and that was a great service as well.

I do not trust Anonymous proxies.

[Dareth]

I do not trust Anonymous proxies. So I always host my own "anonymous" proxies myself. That is what I call secure!

Re:I do not trust Anonymous proxies.

[multimediavt]

I do not trust Anonymous proxies. So I always host my own "anonymous" proxies myself. That is what I call secure!

How do you figure that's "anonymous"? You are paying for the Internet connection so SOMEBODY knows who you are. If you are using a machine at work to do same, then still, SOMEBODY knows who you are. The bottom line is, there is no truly anonymous proxies anymore...not that there really were any to begin with. Somebody always knows unless you are IP spoofing on top of a proxy, but even that is becoming less secure as governments and law enforcement get more capable.

Re:I do not trust Anonymous proxies.

[obarthelemy]

and double whooosh !

Re:I do not trust Anonymous proxies.

[Cryacin]

There must be quite a few Sheldon Cooper's out there who don't understand sarcasm apparently. Informative? Really?!?

Re:I do not trust Anonymous proxies.

[v1]

How do you figure that's "anonymous"? You are paying for the Internet connection so SOMEBODY knows who you are.

I think that falls under the "I'm behind seven proxies, good luck!" meme. Granted, you get more and more latency each hop, but if you can give someone enough busywork trying to follow the breadcrumbs, you're likely to either (A) make them decide it's not worth the effort to get a 5th, 6th, and 7th court order, or by the time they get to the last proxy they have wiped your session data and simply have nothing to give anyone with a badge on their letterhead.

Good proxy providers make a point to not retain session data for any longer than is absolutely necessary. Or if they don't, you've made a bad selection of providers. I know if I were working in Anonymous, I sure as hell would be using a proxy chain paid for using prepaid visa cards.

Re:I do not trust Anonymous proxies.

[kiwimate]

Pfft, amateur. I use a WGET to have my web pages e-mailed to me. That way anyone who's watching my activity thinks it's Richard Stallman.

Re:I do not trust Anonymous proxies.

[elsurexiste]

I finally understand the "Woosh" idiom! Thank you multimediavt!

Re:I do not trust Anonymous proxies.

[sconeu]

Darn. I was going to guess sarcasm, but changed my mind!

Re:I do not trust Anonymous proxies.

[idontgno]

and double ROT13 whooosh !

FTFY.

Re:I do not trust Anonymous proxies.

[Joe+Snipe]

huh?

Re:I do not trust Anonymous proxies.

[Ocker3]

So, uh, with all this talk of warrantless wiretaps, you still think it's going to take a court order for them to back-trace the signal?

Re:I do not trust Anonymous proxies.

[godel_56]

>

Avoid HideMyAss at all costs. HideMyAss bent over, dropped their pants, and handed all their logs to the FBI when they were trying to track down anonymous DDoS activists last year. AirVPN's CEO posted a press release immediately afterward promising that AirVPN would never do anything like that to their customers and, being based in Europe, had no obligation to recognize U.S. laws.

Unfair, I don't think HMA ever pretended to be a TOR replacement, they're mainly a way to get disposable email addresses to hide from spam.

Re:I do not trust Anonymous proxies.

[v1]

So, uh, with all this talk of warrantless wiretaps, you still think it's going to take a court order for them to back-trace the signal?

The reason warrantless wiretapping works so efficiently in the USA is that every major phone exchange has a small room in the building with more alarms than you can shake a stick at, that's run remotely by DHS, and that's their siphon point for any traffic that runs through the building. (not making this up, I actually know someone that is cleared to work on the computers in one of those rooms) It lets them remotely grab any information they want, in real-time. There's no warrants, no court orders, no phonecalls, no faxes, they just press a button at their office in Cali or wherever and the information comes up on their screen. A lot of this hardware was installed before it was legal to use, as with most DHS stuff they implement it and then worry about making it retroactively legal later or maybe after they get caught using it.

So until DHS manages to secure space inside every major ISP, (and the day MAY come) we're ok for now. Warrantless wiretapping is already on the books, so they can do it to the telcos. There's nothing on the books yet that forces ISPs to let DHS have ongoing physical access. That I know of anyway. Anyone with information to the contrary please speak up. So for now at least it requires warrants or some personal social engineering at each proxy hop. Each of these hops takes time to get information on (from hours to days) to see where the next hop is. All they can do is hope the ISP they faxed has good turnaround time and hope that the next hop is actually the origin point. (and the really scary thing here is that most of them will just blindly reply back to any faxed request sent on authentic looking letterhead, since misuse of govt seal is a crime they can say it was safe to assume you were LEA, they have no further responsibility to verify the identity of the requestor - I have personal experience with handling such faxed requests)

On the surface I'm surprised that the ISPs aren't under the same controls as the telcos, but then again the telcos have a long history of working closely with law enforcement agents, (mostly to the benefit of the telcos) so maybe it was more a case of "you owe us one" that got a "foot in the door" (literally) for DHS. The ISPs have nothing to gain by being overly cooperative, and a lot to lose in the way of negative press if they do. Just imagine all the people that cancelled their subscriptions to HideMyAss after they handed over all their proxy records during the Anonymous witchhunt.

Overplay

[fiannaFailMan]

I use Overplay for region-restricted web content. Very useful when watching British TV shows on the BBC iPlayer and Irish Gaelic sports like hurling and Gaelic football which saves me the trouble of having to go to a pub and pay $20 per game.

Bitcoin, yes, seriously

Google for "vpn services accepting bitcoin". Done. We learned from the spectacular failure of HideMyAss that you cannot pay for you proxy with credit card when the FBI comes looking.

Re:Bitcoin, yes, seriously

[bryanp]

Pay cash for a visa gift card. Pay for proxy service with said gift card. When time comes to renew, repeat.

Re:Bitcoin, yes, seriously

[JWSmythe]

    That's not very hard. Plenty of people travel a lot. If I had been so inclined, I could have collected cards from multiple locations in about 12 states. Since you can buy them in most gas stations, you can get them anywhere, regardless of if it's on your route or not. If you're really dedicated, a nice 4 hour drive away can put you in another state to make the purchase.

    From what I have seen of the prepaid credit cards is, you are expected to provide personal information, and have the card with your name on it sent via USPS.

    Use of the temporary card is limited. You'll get funny looks using it at a point of sale. You'll have a hard time using it online if they ask for *any* identifiable information. You don't have even a name and zip code, which are the bare minimum that most ask for. Depending on the merchant account, they may let it slide, but it's a big risk for the vendor.

    Getting something less traceable, like a Starbucks gift card, isn't quite as usable for this purpose.

   

The best anonymouse proxy is an open wifi

[Anon-Admin]

I personally use open wifi connections, they are about as anonymous as you can get. I picked up a 10" google pad with GPS, installed the software and took a drive. They are all over the place, that is assuming you dont use the open one at the local bar, Denny's, McDonalds, Cigar club, Starbucks, etc, etc, etc.

If you look, you will find that open and available wifi connections are easy to find, completely anonymous, and fun. Fun because it is amazing what people will share on there local network with an open wifi connection ;)

Re:The best anonymouse proxy is an open wifi

[93+Escort+Wagon]

I personally use open wifi connections, they are about as anonymous as you can get. I picked up a 10" google pad with GPS, installed the software and took a drive. They are all over the place, that is assuming you dont use the open one at the local bar, Denny's, McDonalds, Cigar club, Starbucks, etc, etc, etc.

Hmm... so "Anon-Admin" likes cigars, lattes, Big Macs and Grand Slam Breakfasts - that narrows things down considerably... I've almost got him!

Re:The best anonymouse proxy is an open wifi

[Anon-Admin]

Ok, that is funny...

Cigars, yes

The rest, well they showed up on the wifi scan and most surprised me. Heck, all the Whataburgers now have open wifi's. I never would have thought that a chain like Wataburger would have open wifi.

Re:The best anonymouse proxy is an open wifi

[Crudely_Indecent]

Be sure to alter the MAC address of your wireless adapter, or the log files on the open wifi router could be used to identify your computer.

Re:The best anonymouse proxy is an open wifi

[mollymoo]

I hope you're spoofing your MAC address. Not that it's very likely random open networks will keep the log for very long, if at all, but if you really care you'd want to be sure.

Re:The best anonymouse proxy is an open wifi

[mjr167]

Doesn't count as unauthorized access to a computer network and is thus a crime?

Re:The best anonymouse proxy is an open wifi

[Jeng]

Or at one time visited or lived in the region that Whataburger is in.

Doesn't narrow it down much, hell he could have even googled that information.

Re:The best anonymouse proxy is an open wifi

[cayenne8]

I picked up a 10" google pad with GPS, installed the software and took a drive.

What software did you install on the google pad?

Re:The best anonymouse proxy is an open wifi

[cayenne8]

Whataburger is a regional chain, I'm guessing you are in Texas somewhere...

They have them in LA too....

Re:The best anonymouse proxy is an open wifi

[cayenne8]

I hope you're spoofing your MAC address. Not that it's very likely random open networks will keep the log for very long, if at all, but if you really care you'd want to be sure.

How does one do with with a windows machine?

Re:The best anonymouse proxy is an open wifi

[jackbird]

It's driver-dependent. All the consumer Linksys stuff I've run across has it, and some other vendors, too.

Re:The best anonymouse proxy is an open wifi

[Defenestrar]

Go for something like 01:23:45:67:89:AB. That way even if the logs get nabbed it'll save a lot of headache for both the open network admin and others involved. It makes it obvious that further tracking is pointless (good for you) and does a nice turn for anyone kind enough to leave open bandwidth for public use by (presumably) ending their harassment by investigators.

The other way to do it is to leave your home router's wireless open to the public (regulating bandwidth as you see fit), control the logs yourself, and then make any connection to a proxy via (registry/OS footprint free) utilities on a hidden volume or usb drive. Thus even if all of the proxies, anonymizers, and etc. are compromised you'll still have enough reasonable doubt. Of course reasonable doubt is only good in some locations. The places or circumstances these tools are often invented for (i.e. Arab Spring) may not care enough about western due process in the middle of a civil revolution.

Re:The best anonymouse proxy is an open wifi

[Bill_the_Engineer]

Go for something like 01:23:45:67:89:AB. That way even if the logs get nabbed it'll save a lot of headache for both the open network admin and others involved. It makes it obvious that further tracking is pointless (good for you) and does a nice turn for anyone kind enough to leave open bandwidth for public use by (presumably) ending their harassment by investigators.

Unless you happen to be the only person using that fake MAC address.

Re:The best anonymouse proxy is an open wifi

[Maniacal]

Wouldn't the ability to use spoofed MAC addresses negate the possibility of law enforcement identifying someone using MAC address. I mean it seems like any 2 buck lawyer would be able to argue that someone could have just spoofed your MAC address.

Re:The best anonymouse proxy is an open wifi

[Defenestrar]

Well don't leave your nic setup that way! What's the point of spoofing (in this case) if you stick around long enough to be photographed, triangulated, or otherwise caught with proof on the equipment seized?

Rules of MAC cloning: 1) leave it cloned if you're using a router with your ISP, 2) wipe the clone if you expect the inquisition to drop by for a late over a pendulum session.

Re:The best anonymouse proxy is an open wifi

[Lumpy]

No thanks. I prefer to change the mac address randomly EVERY time the dhcp lease is up. Trivial to do on any powerful OS.

Re:The best anonymouse proxy is an open wifi

[Anon-Admin]

Shhhh, stop telling them my secret. I work hard to through them off the scent and you go and give it away.

Re:The best anonymouse proxy is an open wifi

[Anon-Admin]

That would be this one.

https://market.android.com/details?id=de.carknue.gmon2&feature=search_result#?t=W251bGwsMSwyLDEsImRlLmNhcmtudWUuZ21vbjIiXQ..

Re:The best anonymouse proxy is an open wifi

[gknoy]

Sadly, nobody ever expects the Inquisition until its too late.

Re:The best anonymouse proxy is an open wifi

[Crudely_Indecent]

Yes, but, if you're in the habit of doing illegal things using open access points, you might not want to leave a trail that can be followed. Randomly assigning a mac address before connecting to an open wifi is a good way to prevent that kind of trail from ever getting started.

Re:The best anonymouse proxy is an open wifi

[BitwiseX]

I personally use open wifi connections, they are about as anonymous as you can get. I...... that is assuming you dont use the open one at the local bar, Denny's, McDonalds, Cigar club, Starbucks, etc, etc, etc.

If you look, you will find that open and available wifi connections are easy to find, completely anonymous, and fun. Fun because it is amazing what people will share on there local network with an open wifi connection ;)

Careful, I wouldn't trust those either. I've had plenty of fun setting up an "open" access point, and logging traffic with tcpdump etc. It's amazing what people will send across my network even though it's an open wifi connection ;)

Re:The best anonymouse proxy is an open wifi

[mlts]

In reality, the defense lawyer will argue that, while the prosecuter will then rebut with "realistically, would someone actually do this?"

A jury of /.-ers would acquit, or nullify. However, even though we wish that we would get a jury of our peers in cluefulness, most likely the jurors picked will have almost zero clue what a MAC address is, so a good prosecutor setting up a case can say something like it is impossible to forge with almost no real life cases. With this in mind, plus a "ignore the defense's mumbo-jumbo", and a jury with glazed eyes and a brain full of buzzwords they don't know or understand will likely convict... just so they can go back to Mike's Watering Hole and swill some Duff before traffic gets bad.

Re:The best anonymouse proxy is an open wifi

Wouldn't the ability to use spoofed MAC addresses negate the possibility of law enforcement identifying someone using MAC address. I mean it seems like any 2 buck lawyer would be able to argue that someone could have just spoofed your MAC address.

You might be right, but this type of evidence is more often used to get an indictment than in an actual trial. At an indictment you and your lawyer do not get to be there. The state only needs to convince a grand jury that there is a good chance you have committed the crime(s) they say you have. During a hearing for a secret indictment evidence normally considered too flimsy for trial gets used all the time. IANAL but I do forensic work.

Re:The best anonymouse proxy is an open wifi

DHCP? Random mac addresses? WTF?

Configure statically for each new wifi connection. Avoids DHCP / bootstrap protocol server logs and gives you control over who's DNS you use. Clear the ip settings at the end of each session.

Also, if it hasn't occurred to you that "law enforcement" is almost surely running plenty of wifi honeypots, then wake the fuck up.

Secure communications do not involve wires or radios of any kind.

Re:The best anonymouse proxy is an open wifi

[elashish14]

Don't forget your computer's hostname gets logged as well...

Re:The best anonymouse proxy is an open wifi

[Vrtigo1]

I think you have a false sense of security there. The connection may be anonymous, however the IP is still traceable to the venue's ISP account, and if they have surveillance cameras (like just about everywhere does these days, for legal liability reasons) it's a simple matter to look at the timestamp and see who was in the place on a laptop at the time in question.

I have servers in the USA

[ShavedOrangutan]

It's never been a problem. Ditto for lots of other people and companies. What's the issue?

Re:I have servers in the USA

[kiwimate]

1. People want to do illegal stuff and not get caught; and/or
2. People are overly paranoid.

Modern life is complicated enough without trying to get into trouble. Why bother? (Answer: people have a raging sense of entitlement. "Whine, I don't want to pay for stuff.")

Re:I have servers in the USA

[RatBastard]

It's not always about not paying for things. Some people have fetishes for... well, let us just say illegal things. In some places frontal nudity would count. Other places you're talking pictures featuring pyrohomonecropedobestiality.

Re:I have servers in the USA

[Genda]

Alright, you watch "48 Hours" or "Criminal minds" on TV and something you see about terrorism or murder piques your interest so gawd forbid you Google it. Whether it the "Anarchists Cookbook" or "How to hide murder by using succinylcholine", you have just made yourself a potential target of a law enforcement agency, and if gawd forbid again, anything bad happens in your household or neighborhood in the next 24 months, your browsing habits have just planted a smoking gun in your hand.

You don't even have to be the one who does the search. You leave you home PC logged in as you, and your eldest male-child does a search on how to "Terminate a butthead little brother" and you could be buggered.

Its not paranoia if Government Agencies have virtually unlimited resources to smoke your hinny like a Cohiba, at the first blush of illegal activity. Its also not particularly heart warming to discover that Prosecuting Attorneys have almost no interest in getting the right guy (that's the job of the police), just winning the case. The number of poor innocent bastards in prison in this country does not exactly inspire confidence in our legal system. Hell, Texas just executed what the entire planet now knows was almost certainly an innocent man just for political value.

You better believe that I find myself faced with two options in these modern times. They are; Willfully avoid any appearance or opportunity to be caught doing anything that might get me buggered, or Run silent and run deep. Anything else is Russian Roulette.

Re:I have servers in the USA

[Fned]

pyrohomonecropedobestiality.

I'm trying to figure out how this would work... fucking a fertilized-egg omelet with a strap-on...?

Re:I have servers in the USA

pyrohomonecropedobestiality.

I'm trying to figure out how this would work... fucking a fertilized-egg omelet with a strap-on...?

And somewhere, someone is starting a website right now.

Coffee shop?

[hawguy]

How about a coffee shop's free Wifi using a spoofed MAC address while I'm sitting at the restaurant next door?

Re:Coffee shop?

[parlancex]

Just make sure if you buy anything it's cash only. :)

Re:Coffee shop?

Wear latex gloves, shave every hair off, and wear a fake mustache....

Re:Coffee shop?

[Joe+Snipe]

Pawn Shop laptop at a McDonalds. Only way to go.

Re:Coffee shop?

[GameboyRMH]

And more important than all of that, use a totally clean browser with geolocation and any other privacy-destroying features disabled, and locked down tightly to put scripts, flash, cookies (including flash cookies and HTML5 storage) and off-site requests on a whielist system.

Re:Coffee shop?

[killmenow]

And make sure to turn off your cellphone

Pull the battery.

Re:Coffee shop?

[Lumpy]

Why?

Your laptop running a Live linux distro and USB drive. Untraceable, or do you think that Mac addresses can not be changed.

It is perfectly safe to use the same laptop for good and evil.

Re:Coffee shop?

[Lumpy]

"And more important than all of that, use a totally clean browser with geolocation and any other privacy-destroying features disabled,"

Again why? a good "haxor" would be running a script that is changing the data at random or delivering known false data. It's better to hide in a sea of noise than it is to stand out by delivering NOTHING at all.

Re:Coffee shop?

[hawguy]

Why?

Your laptop running a Live linux distro and USB drive. Untraceable, or do you think that Mac addresses can not be changed.

It is perfectly safe to use the same laptop for good and evil.

Topping that, why even bother spoofing your mac address when you can get a "disposable" usb wifi adapter for less than 10 $.

Because unless you dispose of it regularly, if the cops confiscate it and find that it matches the MAC address linked with questionable activity at a coffee shop, then you're screwed. If you set your MAC address to some randomly generated number on each visit, then they can't easily link your hardware to the coffee shop logs. (i'm ignoring other fingerprinting that they could be doing to identify your hardware since if someone is interested in you enough to do advanced network analysis to find you, they're interested enough to track down your Wifi signal the next time you get online.)

But if you are worried about Wifi fingerprinting, then the disposable Wifi adapters you mentioned would be the way to go - as long as you really do dispose of them.

Re:Coffee shop?

[Larryish]

True dat.

LiveCD is your friend.

Re:Coffee shop?

[BitterOak]

How about a coffee shop's free Wifi using a spoofed MAC address while I'm sitting at the restaurant next door?

Just make sure the restaurant doesn't have any security cameras. And make doubly sure you don't walk past that coffee shop going to the restaurant as their security cameras might pick you up through the window. And don't park anywhere nearby. And make sure no security cameras catch you walking from the restaurant to your car, etc.

Re:Coffee shop?

[AverageWindowsUser]

who even really needs a cell phone to begin with?

panopticlick

[jginspace]

What degree of anonymity are you looking for? Exactly which of the HTTP request headers do you wish to be anonymized? Okay so your proxy is not passing on your IP address. So It's not passing on common proxy behaviours (like HTTP 1.0 requests). And there's no 'proxy' anywhere in the request. You're not even using TOR. Well done. Now check Panopticlick. You're not anonymous. Now exactly what kind of proxy where you looking for and what kind of anonymity were you looking for?

Re:panopticlick

[Flere+Imsaho]

"Within our dataset of several million visitors, only one in 64,462 browsers have the same fingerprint as yours."

I'm special! I knew mother was right!

Re:panopticlick

[gknoy]

Your browser being unique means that, in theory, your behavior on various sites could be correlated, even if you have proxies hiding your IP. On the other hand, identifying who those fingerprints belong to might be a bit hard to do, except perhaps for various three letter agencies.

The moral is clearly that if one wants to do Secret Stuff online, one should use both many proxies (paid for with prepaid cards as mentioned above), and a browser/OS that is not your normal one. Don't post torrents on the same machine that you do your banking, basically.

Re:panopticlick

except the java shit i was asked to run...

Re:panopticlick

[religious+freak]

Wow - people should take a look at this. Great (if a little disturbing) info! I should really donate a few bucks to EFF.

Re:panopticlick

[Trax3001BBS]

"Within our dataset of several million visitors, only one in 64,462 browsers have the same fingerprint as yours."

I'm special! I knew mother was right!

Snicker... my browser's "fingerprint appears to be unique among the 1,935,397 tested so far."

Opera, I allow cookies which I then shift through for sites to put in my HOSTS file.

I know it's a site like GRC's "Sheilds up" https://www.grc.com/x/ne.dll?bh0bkyd2
I know better but still get a warm fuzzy being graded stealthy.

----
Thanks for posting this question. I've been thinking of putting
up a TOR site for public use, but for now pulling stuff out of my
rear as I know little to nothing about it.

This thread gives me more of a clue... Just need to figure out what a "Seven Chains" is :}

Get Coccon

[mbeckman]

I use Cocoon (GetCoccon.com). It's free, and they are very clear in their privacy policy that they don't store logs tracking where you go:

.

"Inside Cocoon we do not track where you go or what you do online... Only operational information, such as processing speed or what features are under greatest demand, may be used to ensure Cocoon provides the best possible performance and experience to our users."

There is the question of how enforceable this promise is, since Cocoon is ad-supported. It's in their privacy policy, however, so I presume that is legally binding on them. I like that Cocoon comes right out and say that they don't track anything, though. Does any other proxy do that?

Depends on why ..

[mindcandy]

Like always, the question you have to ask is "who am I hiding it from"?

TOR works well, but is neither anonymous or private (meaning TOR traffic is easy to identify at entry, so the ISP will know you're doing it). At exit, the traffic is the same as it entered .. so unless your transport itself is encrypted, it's game over if the exit op is malicious.

Paid proxies are good for casual "don't want the boss seeing it", and many of these are plain HTTPS so they're harder to spot. Teathering your personal phone also works here.

If you're doing something illegal, the safest bet is probably long-range wifi (to somebody else's equipment) + proxy (tor, VPS with stolen CC, etc.) and even then you've got to move around a bit.

VTunnel has a proven track record

[diversiform]

of thwarting FBI requests: http://arstechnica.com/tech-policy/news/2011/08/exclusive-how-the-fbi-investigates-the-activities-of-anonymous.ars

How do you know they're anonymous?

[harl]

Let me point out the elephant is in the room.

How do you verify the anonymity?

Re:How do you know they're anonymous?

[Dwedit]

Load a website you control and look for "X-Forwarded-For" in the HTTP headers?

Re:How do you know they're anonymous?

[kiwimate]

How do you verify the anonymity?

Because they haven't been caught yet. Duh.

It's either that, or face up to the fact that nobody's actually looking for you/you're not really all that terribly interesting.

Re:How do you know they're anonymous?

[harl]

How does that tell you that when someone comes asking they won't turn over all the logs?

Re:How do you know they're anonymous?

[Dwedit]

It doesn't. There's no way to find out who won't rat on you later on.

Re:How do you know they're anonymous?

[harl]

Exactly my original point.

but why so much?

[doston]

I completely respect people's privacy, but when they insist on SO MUCH and total privacy, it even makes me wonder what they're up to. Personally, I use the "do not track" feature on firefox, which is probably useless and per the WSJ article on privacy, I added the Ghostery and Better Privacy add-ons to Firefox...they're supposed to further help. I'm not sure what I'd be doing to require a botnet or a truly anonymous proxy. Even when I thought about growing my own pot, I just used my regular browser and emailed friends about it over gmail. Probably not real bright. I'd like to know what you're all up to that requires such anonymity.

Re:but why so much?

[That+Guy+From+Mrktng]

Wondering the same but just watching at the current situation there little difference between kiddiporn and some 12 yo downloading the latest Biever POS.

Soon Facebook will be the sanctioned INTERNET (with it's own currency and all) and everything outside will be cast with a shadow of illegality. Prove me wrong.

HideIPVPN

[b0bby]

http://www.hideipvpn.com/ has servers in the US & UK; I use them once in a while if I want to access region specific content. Pretty cheap and fast enough for my needs so I'm happy.

Re:HideIPVPN

[allo]

us and uk are the regions, where vpns need to keep logs. try using a swedish one, if you want to be anonymous.

FoxyProxy - fastest, most reliable IMO

[THE_WELL_HUNG_OYSTER]

https://getfoxyproxy.org/proxyservice/

Free VPN

[metrometro]

Many people will post suggestions for incredibly difficult to implement solutions. I work with groups of people (journalists, mostly) which need something NOW, that they can run themselves without getting a degree in network engineering.

For them, I send them to AnchorFree Hotspot Shield.

Free, ad supported (you can run AdBlockPlus) and allegedly does not log for non-paying accounts (I wouldn't want to know either). It gives you a random IP address terminating in Northern California, which is very helpful for people with censorship issues.

Never trusted them either

[AlienSexist]

Being paranoid, I cannot resolve the chain-of-trust for anonymous proxies. For all I know Big Brother, with his infinite budget, owns and operates all of these so called proxies anyway. Honeypots if you will. Not only are they well-positioned to see what you are trying to conceal but even collaborate among other owned nodes to see just how far you're willing to take it. So in the worst case you are drawing even more attention upon yourself. You cannot really know. Is it safer than not using a proxy at all? Possibly.

Recommended by Anonymous

[IronHalik]

IPpredator.se and anonine.se. Both from the freedom loving land of Sweden. You get SSL and PPTP with 2048kb or 128kb encryption (IPredator supports PPTP only IIRC).

PRQ

[dissy]

http://prq.se/?p=tunnel&intl=1

PRQ is based in Sweden, and has their own ASN (read: they are their own network, connected to multiple upstream backbones)
They offer all types of services in addition to VPNs: colo, dedicated hosting, and shared hosting.

Their tunnels offer a static IP and no ports blocked (for running servers if that's your thing), so you'll want to provide your own firewalling. They use straight OpenVPN too.
They have a strict privacy policy and appear to follow it.

This is the same ISP that hosts the pirate bay too, which should give you an idea how they handle requests from certain other countries due to the whining of certain media cartels...

I've been a customer for awhile now and quite happy.
I am even planning to colo with them in the next couple of months if all goes well. (Previous data center I've been with has changed company names like three times now in the past six months, and now plans to jack their pricing up)

Test them

[PPH]

1) Log on using someone else's credentials (someone you don't like).
2) Generate a file of random bytes.
3) Post it to a file sharing site through the proxy with an annotation that these are the final plans for World Jihad. Append "Allahu Akbar" for good measure.
4) See if the person who'd credentials you borrowed is dragged off to Gitmo.

Never underestimate traffic analysis...

[kbonin]

Think what you could do with an unlimited budget and sufficient taps of peering and backbone links. Now add in CALEA backdoors with poor security, and think about how these scale. Now think about how anonymizers work. Now read up on traffic analysis. Don tin foil hat...

VPNs

[penguinman1337]

IF you're really serious about security the best way is to find a non-logging vpn service, preferably one that's encrypted. US based companies are legally required to keep logs on their us based servers. Best bet is a sweedish server. It's not 100% but still much better than most options.

When it matters

When it really matters, and you don't want to rely on an open WiFi connection being available.

* Netbook/Laptop
* Fresh install of any convenient OS. Bonus for booting from USB.
* 3G USB modem - buy with cash.
* Prepaid 3G SIM chip - buy with cash.
* Voucher for prepaid SIM chip - buy with cash.

  If it really matters, destroy the SIM chip and 3G modem when done.

  Consider the possibility that you were recorded on CCTV when buying the SIM chip, the 3G modem, the voucher.
  The chance that the Powers That Be will trace the these to a given retail outlet and search back for CCTV is probably small, but if it matters enough, take appropriate steps - something simple might be OK, like wearing a Guy Fawkes mask while doing the shopping.
Buy your modem, simchip long before you need to use them. Top-up vouchers have a limited life, but are available everywhere. Choose somewhere without CCTV for buying this.

FYI

[dohnut]

Just so you know, some of these file sharing services block IPs coming from well known (often commercial) proxies. There are, of course, other sites that block IPs from proxies too which may or may not adversely affect your Internet experience while using said proxy.

The main reason to use a proxy when doing things like file sharing is to avoid detection by your ISP. Some ISPs are quite nosy and will block you from file sharing sites especially if they notice you are consuming "too much" bandwidth transferring data from those sites. In cases where your ISP is the only broadband game in town you may want to add an extra layer in between what you are doing online and the ISP and a proxy can be useful to that end. When the copyright owner complains they will complain to the operator of the proxy which then may terminate your (proxy) service but hopefully your ISP is kept out of the loop.

I would never trust a proxy to make me completely anonymous no matter where it was physically located. If you commit a serious enough crime no proxy will protect you.

If you want to be truly "anonomous"

[Lumpy]

Pay for a proxy, but use a prepaid visa that is not registered in your name (hard to od but not impossible) then NEVER connect to that proxy from the same starbucks, mcdonalds, etc...

Yes this means you have to use hacker tactics for not getting caught. That is the price for living in a oppressive country.

Re:you're chasing a snark

[EETech1]

The condos I used to live in came with free cable and Internet. When I called TWC to ask how to connect to the Internet, they told me to use the cable modem that was installed. When I said there was none, and after two weeks screwing around on the phone, I went into the local office, and asked there. She went through the billing, and found the old modem, and called someone and told them the old numbers, and gave me a new one. When I asked if they were using that modem to get free Internet at a different location, she laughed and said only for about 5 years now, but that will stop soon, as soon as they located which house it was in!

Cheers

Loads of services available to you

[beachcoder]

There are literally hundreds of anonymous proxy services for all kinds of situations. In the past I've used these:

Anonymous proxies
IPFreely Proxies

A private VPN might be more up your street though, depending on what exactly you're protecting, but the services will depend on where you live.

Torrentfreak has a nice list of private VPNs

[idonthack]

http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

Re:Torrentfreak has a nice list of private VPNs

[allo]

what does the P in VPN stand for?

Freenet

[nurb432]

Solves both problems. And you don't have to trust any one company, or result to illegal tactics like bot nets.

Its really about time everyone moves over to it.

Re:Freenet

[Rennt]

Tried it. Learned my lesson. The place is choked with CP. I'm talking actual rape here - not merely the kind of naked kiddie pictures that get you sent to a federal prison these days. This is stuff you NEVER see on the internet. The real, horrific, deal. There may be "safe" areas, but I couldn't find any, and I didn't exactly want to hang around to find out.

I want something like Freenet to exist. I believe we have the right to unregulated communication, individuals should just suck it up when they are offended rather then resorting to censorship and control. But Freenet appears to be used by criminals exclusively. I couldn't see any evidence of the kind of crypto-hippy idealism I expected.

I'm not going back anywhere near that cess-pit, and I'm not helping to enable it.

Re:Freenet

[karnal]

But if you have to look, then telling someone not to look at it is kind of an impossible proposition, right?

Re:Freenet

[nurb432]

Not really. If you are using the main 'index' sites, they do their best to completely remove CP and other hard core offensive items, and categorize what is left. So it's quite easy to avoid viewing the "sites" you don't agree with.

Sure you might see that it exists, but you wont see the actual content that offends you. Not much different than real life.

Not exactly anonymous, but close

[reboot246]

I live next door to CowboyNeal and use his unprotected wifi.

The first rule of proxies

[Vrtigo1]

Is you do not talk about proxies! Seriously though, anyone who is halfway serious about their privacy isn't going to post details of how they retain their anonymity on a public blog where it's easily accessible and their IP, e-mail and possibly name is just one subpoena away...

The big letdown...

[Vrtigo1]

...is that after all the hard work you put yourself through to buy untraceable visa gift cards to pay for a VPN service to use with your 7 proxies on an open wifi connection...you get no satisfaction. What do I mean? Well, what's the payoff? How do you know you were successful? When the feds DON'T break down your front door?

Answer to your question

[Nnaik]

So just out of laziness I posted without login in and SlashDot calls posting anonynously "Anonymous coward"? Strange!!! Timothy, All the anonymous proxies you mentioned are internet based proxies and you are right, it is hard to trust a third person with your data. But why dont you use janus VM(just mentioning because it is not one of the options on the link you provided). It is a VM you run on one of your systems on DMZ port for example and then you route through it. So yes, it is hard to trust someone else but you can trust yourself. Have fun. Timothy, All the anonymous proxies you mentioned are internet based proxies and you are right, it is hard to trust a third person with your data. But why dont you use janus VM(just mentioning because it is not one of the options on the link you provided). It is a VM you run on one of your systems on DMZ port for example and then you route through it. So yes, it is hard to trust someone else but you can trust yourself. Have fun. http://www.vmware.com/appliances/directory/86043 janusvm.com