Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What's the Best Way to Browse the Web Anonymously?

Posted by EditorDavid on from the watching-the-watchmen dept.

An anonymous reader asks: In an age of evercookies, zombie cookies, and always expanding efforts to track browsers, devices, and people -- is there any way to browse totally anonymous to the sites you are visiting?
With so many technologies quietly monitoring your activity, "How can a user today browse with confidence that they can't be tracked or identified, avoiding even being identified anonymously as a returning user or device?" Leave your best answers in the comments. What's the best way to browse the web anonymously?

11 of 177 comments (clear)

  1. Oblg... by Anonymous Coward · · Score: 4, Informative

    "The only winning move is not to play."

  2. Don't by Anonymous Coward · · Score: 1, Informative

    Get off the computer, go outside.

  3. Here are some ways... by Anonymous Coward · · Score: 5, Informative

    Run your own DNS server (pihole is great) - point every device, router, etc you have at it - check with ipleak.net
    On said DNS server make sure you use DNSSEC and only use servers that don't log and are DNSSEC enabled.
    Run your own mail server (mail-in-a-box) - use let's encrypt on everything you can.
    Use DNSOverride app for iPhone (A gem!) so your cellular doesn't get sucked up by ads and trackers
    Root your android, run a custom rom - and use http://opengapps.org/ so you don't have to use all of Google.
    Use Signal App for messaging on iPhone
    Use Sudo App for iPhone to use temporary identities - it's free and awesome. Get free sms, phone number, email address, all in one click!
    Running your own DNS server will protect you from most internet garbage.
    Use lots of Sudo Identities with different emails to protect from password leaks. The more random your email is the less likely someone can correlate usernames of previously hacked accounts,

    1. Re:Here are some ways... by ruir · · Score: 4, Informative

      Actually, it is DNSCRYPT that you want in your DNS resolver.

  4. use tails by MSG · · Score: 4, Informative

    Burn Tails to a USB drive. Boot that for anonymous access.

    https://tails.boum.org/

  5. Cash is king... by Timothy2.0 · · Score: 5, Informative

    Purchase everything you connect with in cash (if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again). Never connect to a network you pay for. Use free WiFi wherever you go. Build a cantenna and pick off any insecure networks around you. Create a wireless backup close to home but hidden off the property for anything you need to store. If you can, run your browser under an OS in a virtual machine run off a ramdisk.

  6. Whonix on Qubes OS by Burz · · Score: 3, Informative

    https://www.whonix.org/

    TAILS tries to provide anonymity within the context of kernel-based security, but browser and privilege exploits are quite plentiful and such malware can go on to reprogram your firmware and peripherals. Qubes provides better protection of the core system, and Whonix ensures that Tor is utilized in a way that's optimum for anonymity.

  7. Re:Serious Answer by Anonymous Coward · · Score: 3, Informative

    Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.

    These are necessary, but not sufficient.

    Not using cookies and javascript, flash, etc. These all can de-anonymize you. Hell even stupid things in javascript like the query for battery state can by themselves uniquely track you even if nothing else is given away by running scripts (which will not be the case; fonts available etc. all help to uniquely identify you).

    Even if you are careful, and force dns to go through TOR or your vpn, you still have information leaking bugs like, https://blog.torproject.org/bl... And, things like bittorrent will de-anonymize you (it hands your IP out to peers), if they go over the same circuit as you are web browsing. Tons of other information leaking apps.

    Tor now supports unix domain sockets instead of TCP, you can make a container/vm for your browser with this socket mounted (bind mount / plan9fs if vm), and use something like socat to mediate to allow your browser to work with a unix socket. If there is no network besides localhost in another namespace/isolated vm/jail, then even bugs like above will not leak info. Destroy everything to do with the browser profile every time you restart this container/vm. Even the localhost network will be unnecessary, eventually (tor browser has a wishlist item to use unix socket and not need a tcp stack at all).

    Your browser may still give you away as a unique identity. See, https://panopticlick.eff.org/

    If you log into *anything*, or visit local sites like cityname.craigslist.org, you have given up information on yourself.

    If you use tor, *assume* that the exit node is spying on all your clear text communication.

    In short, you really need to work hard to be _sort of_ anonymous, but you will not ever be fully anonymous.

  8. Qubes OS + VPN by Shane_Optima · · Score: 5, Informative

    Install Qubes OS on a spare SSD, preferably on a computer that supports vt-d properly (older business class notebooks can be really good here if you're on a budget.) Choose KDE or XFCE for your DE, and decide whether you want to use Debian or Fedora for your templates[1]. Configure your DispVM to use a ProxyVM for connectivity using commercial VPN, paid for using bitcoin/giftcards/prepaid credit cards if you're feeling paranoid. (This will be something like $3 / month, depending on who you're buying with.) Make sure you configure the ProxyVM to fail-hard if you lose your connection to the VPN, as opposed to connecting over clearnet in the event of a VPN failure.

    (Optional: use a Tor ProxyVM instead of a commercial VPN ProxyVM. Qubes does ship with Tor and Whonix VMs for this very purpose but this is tricky business... Tor exit nodes are definitely not to be trusted. If you did this, I would advise using a VPN layer in addition to Tor in order to protect yourself from the exit node... just make sure the VPN hop is coming AFTER Tor, not before. Also, expect plenty of transient performance hits.)

    Next, customize your DispVM's browser to include extensions such as uBlock Origins[2], self-destructing cookies[3], and a user agent randomizer (which you should configure to only change to the more popular browsers currently in use.)

    The result of all of this? Your DispVM is a stateless VM; all data is lost every time it's shut down (Joanna currently has it set to auto-shut down every time you close the browser, which I find annoying as hell but I guess it's handy for a lot of people.) Your browser extensions will help guard against tracking in-between DispVM restarts. And by configuring it to use the ProxyVM, you'll never using your real IP address (and ideally you should alter your exit point from the VPN as well.) Unlike most VPN setups, a bug or exploit in the browser or in anything else in the DispVM's operating system will not leak data over the un-VPNed internet.

    None of what I just said is trivial to set up, but guides are available and this setup would be extremely robust and easy to use (once configured.) The core of the Qubes UI/UX is in fact quite user-friendly, with an emphasis on GUI tools. It's also a pretty nifty hypervisor even if you don't give a toss about the increased security. It's damn fast, easily portable between different physical machines, templates are handy as hell, and all of your windows from all of your VMs (including your Windows 7 VMs) can appear in a single desktop with a single taskbar, alt-tab menu, etc. (KDE or XFCE; your choice.)


    1. You could also built your own template using some other distro (like Ubuntu) if you really wanted. Templates allow you to have multiple VMs with different personal files but with the same apps and configuration (installing anything to the template instantly installs it on all VMs based on that Template.) Also, they're stupid fast.

    2. This is basically Adblock Plus done right, with a dash of Request Policy and Noscript tossed in for good measure. You can easily toggle between blacklisting and whitelisting philosophies; it's awesome. (Note that uMatrix is available from the same author for people who want even more fine-grained control.) Note your whitelists / blacklists will be lost every time you shut down your DispVM, so if you've done a lot of tinkering be sure to export them and send them to another stateful VM to merge back into the DispVM image eventually. (This can be done with a simple right-click in a file browser.)

    3. Not the best general purpose cookie manager but it's the easiest to use, particularly in a DispVM setup

  9. Nah. Just use a burner laptop. by Ungrounded+Lightning · · Score: 4, Informative

    use someone else's computer ... or don't surf at all

    Nah. Just use a burner laptop.

    That you bought with cash.

    At a suppler that doesn't have security cameras.

    And walk to your car parked beyond traffic cam range.

    Then use open WiFi - again while parked outside a free-WiFi providing business where you can approach and leave without driving near traffic cams.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  10. Re:Nah. Just use a burner laptop. by lxs · · Score: 5, Informative

    And ride there on a stolen bike.
    Wearing a mask.
    With pebbles in your shoes.