Slashdot Mirror
Ask Slashdot: What's the Best Way to Browse the Web Anonymously?
An anonymous reader asks:
In an age of evercookies, zombie cookies, and always expanding efforts to track browsers, devices, and people -- is there any way to browse totally anonymous to the sites you are visiting?
With so many technologies quietly monitoring your activity, "How can a user today browse with confidence that they can't be tracked or identified, avoiding even being identified anonymously as a returning user or device?" Leave your best answers in the comments. What's the best way to browse the web anonymously?
With so many technologies quietly monitoring your activity, "How can a user today browse with confidence that they can't be tracked or identified, avoiding even being identified anonymously as a returning user or device?" Leave your best answers in the comments. What's the best way to browse the web anonymously?
or don't surf at all
"The only winning move is not to play."
The Internet is a piece of shit. Burn it to the ground, and humanity as well.
Depending on your level of paranoia...
Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.
Pick and choose to suit your level of paranoia.
Get off the computer, go outside.
Run your own DNS server (pihole is great) - point every device, router, etc you have at it - check with ipleak.net
On said DNS server make sure you use DNSSEC and only use servers that don't log and are DNSSEC enabled.
Run your own mail server (mail-in-a-box) - use let's encrypt on everything you can.
Use DNSOverride app for iPhone (A gem!) so your cellular doesn't get sucked up by ads and trackers
Root your android, run a custom rom - and use http://opengapps.org/ so you don't have to use all of Google.
Use Signal App for messaging on iPhone
Use Sudo App for iPhone to use temporary identities - it's free and awesome. Get free sms, phone number, email address, all in one click!
Running your own DNS server will protect you from most internet garbage.
Use lots of Sudo Identities with different emails to protect from password leaks. The more random your email is the less likely someone can correlate usernames of previously hacked accounts,
Burn Tails to a USB drive. Boot that for anonymous access.
https://tails.boum.org/
Purchase everything you connect with in cash (if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again). Never connect to a network you pay for. Use free WiFi wherever you go. Build a cantenna and pick off any insecure networks around you. Create a wireless backup close to home but hidden off the property for anything you need to store. If you can, run your browser under an OS in a virtual machine run off a ramdisk.
through your neighbor's window.
Use a Linux Live distro which automatically connects through Tor. Don't want to build it yourself? No worries, it is already done for you! https://tails.boum.org/
https://www.whonix.org/
TAILS tries to provide anonymity within the context of kernel-based security, but browser and privilege exploits are quite plentiful and such malware can go on to reprogram your firmware and peripherals. Qubes provides better protection of the core system, and Whonix ensures that Tor is utilized in a way that's optimum for anonymity.
If you act as a "normal user" of your ethnicity, religion, etc., this is the best way to remain "anonymous".
You don't use an anonymizer, anonymous browsing function, etc. because most people don't use them.
Then, when you really need to be "anonymous", you go to a public library or any commercial place that lets you browse the web without registering your ID.
You go there dressed like everyone else or bit cleaner, being nice but not annoying and do what you need to do and leave.
Socially being anonymous is always better than using any technology to remain anonymous because people who are trying to track you are looking for "oddness", not "normalness".
Want to be anonymous on the web? Don't do anything that attracts any particular attention to you.
Chances are, you are painfully insignificant, so nobody is tracking or spying on you, other than through "lazy" mechanisms, i.e., cookies and logging. This is the digital equivalent of paying someone to write down a physical description of every person that entered the mall.
This form of tracking is rather benign, in a tumor sort of way. You can avoid most of it by not using Facebook, Google, Amazon, etc, and by blocking known ad and tracking domains. For all intents and purposes, you don't exist to them, hence, anonymity.
However, using tor, proxies, vpns and asking around "how to be anonymous" is a great way to pin a big bullseye on your forehead. Your traffic may be encrypted, but "they" will know that you are hiding something by virtue of what your are connecting to. Remember, your IP address is public, and between you and the VPN provider, there are dozens of places where your traffic can be monitored.
A high number of "this IP address connected to a known tor entry point" should be enough to pique "their" interest.
Best course of action is to hide in plain sight and keep your nose clean.
Install Qubes OS on a spare SSD, preferably on a computer that supports vt-d properly (older business class notebooks can be really good here if you're on a budget.) Choose KDE or XFCE for your DE, and decide whether you want to use Debian or Fedora for your templates[1]. Configure your DispVM to use a ProxyVM for connectivity using commercial VPN, paid for using bitcoin/giftcards/prepaid credit cards if you're feeling paranoid. (This will be something like $3 / month, depending on who you're buying with.) Make sure you configure the ProxyVM to fail-hard if you lose your connection to the VPN, as opposed to connecting over clearnet in the event of a VPN failure.
(Optional: use a Tor ProxyVM instead of a commercial VPN ProxyVM. Qubes does ship with Tor and Whonix VMs for this very purpose but this is tricky business... Tor exit nodes are definitely not to be trusted. If you did this, I would advise using a VPN layer in addition to Tor in order to protect yourself from the exit node... just make sure the VPN hop is coming AFTER Tor, not before. Also, expect plenty of transient performance hits.)
Next, customize your DispVM's browser to include extensions such as uBlock Origins[2], self-destructing cookies[3], and a user agent randomizer (which you should configure to only change to the more popular browsers currently in use.)
The result of all of this? Your DispVM is a stateless VM; all data is lost every time it's shut down (Joanna currently has it set to auto-shut down every time you close the browser, which I find annoying as hell but I guess it's handy for a lot of people.) Your browser extensions will help guard against tracking in-between DispVM restarts. And by configuring it to use the ProxyVM, you'll never using your real IP address (and ideally you should alter your exit point from the VPN as well.) Unlike most VPN setups, a bug or exploit in the browser or in anything else in the DispVM's operating system will not leak data over the un-VPNed internet.
None of what I just said is trivial to set up, but guides are available and this setup would be extremely robust and easy to use (once configured.) The core of the Qubes UI/UX is in fact quite user-friendly, with an emphasis on GUI tools. It's also a pretty nifty hypervisor even if you don't give a toss about the increased security. It's damn fast, easily portable between different physical machines, templates are handy as hell, and all of your windows from all of your VMs (including your Windows 7 VMs) can appear in a single desktop with a single taskbar, alt-tab menu, etc. (KDE or XFCE; your choice.)
1. You could also built your own template using some other distro (like Ubuntu) if you really wanted. Templates allow you to have multiple VMs with different personal files but with the same apps and configuration (installing anything to the template instantly installs it on all VMs based on that Template.) Also, they're stupid fast.
2. This is basically Adblock Plus done right, with a dash of Request Policy and Noscript tossed in for good measure. You can easily toggle between blacklisting and whitelisting philosophies; it's awesome. (Note that uMatrix is available from the same author for people who want even more fine-grained control.) Note your whitelists / blacklists will be lost every time you shut down your DispVM, so if you've done a lot of tinkering be sure to export them and send them to another stateful VM to merge back into the DispVM image eventually. (This can be done with a simple right-click in a file browser.)
3. Not the best general purpose cookie manager but it's the easiest to use, particularly in a DispVM setup
use someone else's computer ... or don't surf at all
Nah. Just use a burner laptop.
That you bought with cash.
At a suppler that doesn't have security cameras.
And walk to your car parked beyond traffic cam range.
Then use open WiFi - again while parked outside a free-WiFi providing business where you can approach and leave without driving near traffic cams.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Also:
Pull the battery before driving away and insert it just before using it. (Don't have it powered when driving past a webcam.)
And NEVER use it with any user I.D. associated with you (or put any identifying info on it, to be grabbed by malware.)
Nothing to it! B-)
(Or follow the original poster's advice.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I am developing a browser for Android and Chrome OS called Privacy Browser that is designed to provide as much anonymity as possible. For example, JavaScript, cookies, and DOM storage are disabled by default, which mitigates many of the tracking techniques used by websites. It also integrates with Orbot (Android's official Tor client). https://f-droid.org/repository... https://www.stoutner.com/priva...
KUse a public library PC.
Tor Browser is a good start.
So is Tails.
Finally, try to keep your facebooking to under 15 minutes.
-------------------
This is my SIG. There are many like it, but this one is mine.
bill@clintonemail.com
Perhaps but Samsungs do pull the old This message will self destruct in 5 seconds IMF trick.
Or, you know, incognito mode via a prepaid cell phone that you bought cash... that should be good enough for most people.
If you're ultra paranoid, you could set up a relay with two more cell phones so that the websites you are visiting trace back to the relay's cell tower instead of your physical location, but that seems like more trouble that could possibly be justified - unless you're doing something illegal.
Using TOR is painting a target on your forehead - it will even play poorly in the jury trial when they describe it.
You'll probably need to hangout in high-traffic areas, like airports.
is there any way to browse totally anonymous to the sites you are visiting?
there is actually a very simple way to do this, don't visit the site! however, to see the content of the site without visiting it, just plug the address into archive.org and you can see a snapshot of the page at certain dates. to ensure that a sneaky javascript isn't phoning home, use "noscript" or just use a browser without javascript execution capabilities.
Anons need not reply. Questions end with a question mark.
Web pages are arbitrary software and can fingerprint you by your keystroke cadence, patterns of mouse movements and vocabulary choices. This, combined with detailed profile of your hardware and software, can be later matched when you enter your credit card on Amazon.
You can make big brother's life a bit more difficult by getting a second laptop, booting it from a live USB distro that never saves anything to disk and using it some distance away from home on a public WiFi hotspot. But make sure you dedicate it to just your secret web browsing and never use the same hardware to read slashdot.
And ride there on a stolen bike.
Wearing a mask.
With pebbles in your shoes.
Onion routing is owned by the US by federal police level at a per case budget. Your ip will be tracked federally as a given just for using such services.
VPN can be tracked at a clandestine service level with no extra effort under collect it all.
Your MAC or any other unique computer number or browser details can be requested or stored.
So find a new computer, paid for with cash, wait a few months for any CCTV to clear.
When using this clean computer never do any of the things done on your normal account and never at the same time or in the same area or the same tools, OS, software..
Different OS, short bust encrypted messages only, become a numbers station.
Anything with text gives patterns, linguistics.
For an average user a VPN with router support and shut out on connect fail is good. Every connection is then via a router. Anything done to the OS should be under that VPN ip.
VPN payment is the tracking option for a federal case.
The problem with browsing is so much data is requested, collected and patterns build up.
Most people then fall back into habits and visit that one old site again, or post in a very unique style.
Domestic spying is now "Benign Information Gathering"
1. Go to library.
2. Find a book on the subject.
3. Read at the library.
4. Afterwards go to bar and have a drink that pay for with cash (optional).
Use a botnet to get others to do your browsing for you. Include lots of noise in the botnet's behavior so that it's difficult to tell what among the information it retrieves is the information you want. Make the botnet appear to be a failure at accomplishing some different goal, so that the people who investigate botnets pass over investigating yours in favor of investigating one of the ones that appears to be doing something successfully.
Alternatively, use mind control to get a billionaire to put a network of free tor nodes in low earth orbit. You'll be harder to pinpoint if the size of the "parking lot" where you pick up the free wifi is a couple hundred km across.
I just call the server admin from a burner phone and ask him what's on the screen.
Just cruising through this digital world at 33 1/3 rpm...
Why just Android? Are you going to do a PC version?
Does a Samsung Galaxy 7 count as a "burner laptop" ?
That's what I was wondering - why did none of the responses above suggest this?
You might not have all the pages online at any given time, but it shure is safe.
Remember to use do not track curtains.
This will keep your surfing absolutely anonymous.
For deepweb I suggest a telescope
S 7 or NOTE 7?
Only the models with thermite batteries.
Last night, my computer and Slashdot combined to throw away a 4 hour description on how to maintain anonymity when under omnipresent surveillance. That was frustrating. But, after a night's sleep and some reflection, I think it was for the best. The required skills and commitment are almost superhuman. Today, US citizens can expect little privacy in their purchases, travel, interpersonal communication or internet activity. We need better answers that will help everybody. If we train ourselves to defeat the current generation of surveillance and discovery, we will be faced with even more intrusive measures. We need to change the game in fundamental ways.
The initial problem seems to be that we don't trust each other or government. The cause of that distrust seems to be that we all keep secrets from each other. But, when you look at the cause of the secrets, you find that we have created incentives for secrecy and distrust. In our current laws and culture we benefit from keeping secrets from each other and from the government. Our government benefits from keeping secrets from us. We all have created an economy of discovering and exploiting each other's secrets. Thus, we have created incentives that motivate secrecy, deceit, surveillance, and betrayal. This is not a good way to live.
It seems like we aren't valuing privacy enough. But, I think it is just the opposite. We value privacy enough spend resources to penetrate, subvert, and deny it. The answer isn't to increase the value of anonymity. That will just increase the incentive to destroy privacy. We somehow need to regain privacy and anonymity by devaluing the secrets. We also need to increase the value of trust, while we increase the cost of betrayed trust.
I can see how to accomplish this at the local level. If I am more open, honest and involved with my friends, family and community, then we increase in trust towards each other and know each other's secrets. At that point, our secrets have no value and there is everything to lose and nothing to gain from surveillance, deceit, or betrayal.
I've got no idea how the fix my broken relationship with the highest levels of government.
Local government is small and well behaved. I know them and they know me. We have no meaningful secrets. We have years of mutual support and trust.
I have no problem with telling my next door neighbor, the-city-councilman all the details of my life. We have lived next to each other for almost 4 decades. We have raised each other's children. I know several good policemen and women. I know a good FBI agent. But, somewhere at the top, it all goes sour.
The Feds seem to get great benefit from lying to me, and betraying my trust. I don't know how to make it stop. The CPI (Consumer Price Index) is a bad, blatant lie. I can't imagine why they feel they need to lie about things that are intimate knowledge to every American. It's embarrassing. And the lie damages almost every American. The published employment rates don't pass any kind of simple fact checking. We all nodded along for decades while the Feds inflated the dangers of marijuana. And, now that it is all revealed as an colossal fabrication, they refuse to admit error or correct the damage. All for no obvious reason. The Feds can't admit mistake. The Feds can't correct mistake. And, it appears that they can't tell fact from wild delusion. With that history, I can't stand the idea of giving them more power over me.
And the Feds keep trying to pass their bad habits to my state and local governments.
Once the features are fully fleshed out on Android, the goal is to develop a version for iOS, macOS, Windows, and Linux (probably based on the KDE framework). But right now it is only available for Android and Chrome OS.
The Hardest Part isn't the routing or means of connection, it's the OS and Browser itself you choose to use.
What you need to do, is find an OS and a Browser you can use *with the default settings unchanged*. Making Configuration or Preference adjustment paints you with an identifiable combination of unique settings visible to the web itself as you surf.
I think this can quickly go defeatist if you try to be completely watertight.
Trying only to maintain some privacy enough to get cheaper flight tickets, less spam and less echo chamber circle jerking might be more reasonable than trying to beat the NSA.
I really think there ought to be a turn-key solution with all of the low impact stuff already enabled.
For example:
- cookies and cross site data (i.e. tracking pixels) to be permitted cross site only if approved... but always approved if on the same domain. Wipe pixels periodically
- cycle VPN access reliably and always within the same country
- locally run DNSCRYPT
The hassle in privacy IMHO is that the tech is too varied in what it can do. The usability isn't there. i.e Noscript is useful but it's hassle to use. The thing is, it should be hassle to use in a very secure way, but there should be more moderate ways to use it which is less work.
A blog I run for the wealth