Author Topic: 6 - Anonymous browsing  (Read 3230 times)

Offline APX808

  • Administrator
  • *****
  • Posts: 1804
  • Karma: +10/-0
    • APX R4nt5
6 - Anonymous browsing
« on: May 05, 2014, 09:44:46 AM »
Anonymous browsing

A lot is being written lately about anonymous browsing, sadly much of the available information is misleading as some parties
look at it as a way to make money instead of providing real anonymity.

In this article I’ll discuss the alternatives for anonymous browsing and we will see how good do they accomplish their task, if
they do it at all.

Proxies
A proxy is a computer that will act as an intermediary, if you want to see a webpage you ask the proxy and the proxy will ask
the webpage for you.
Proxies may ask you to logging and also can provide your real IP to the destination passing it in the
HTTP_X_FORWARDED_FOR or similar HTTP header param, proxies that doesn’t send your real IP are called anonymous proxies.

These days is hard to find anonymous proxies, as usually they are used to do all the bad things you can imagine on the
Internet, like sending spam, brute forcing sites etc.

Even if you had some skills and could install your own anonymous proxy, you have the problem of a single point of failure,
using a proxy chain of your own proxies could be better but a lot of work to do and maintain for sure.

Also if you can exploit a computer to install the proxy, that means that someone tracking you could exploit that computer just
as you did and locate you.

tl;dr: Proxies aren’t a good option.

VPNs
VPNs for real anonymity absolutely suck, to begin with most of them are paid services, that means they will know your real
name and IP, if they accept bitcoin someone with a lot of patience could track your payments and end up knowing who you
are.
As VPNs are a service provided by a company that means the government can legally force those companies to provide their
access logs, that happened before and will happen again.
They also have the single point of failure problem.

tl;dr: VPNs are faster and more comfortable than proxies, but they absolutely suck in regards to anonymity.

Tor
This is the way to go, TOR is what I use and I recommend. A lot of people like to bitch about TOR and that isn’t perfect and
that people got caught even using it, let me clarify something:

Until this day not even one person was caught because of a failure in TOR, they all got caught because of human failure!

Some people use their personal emails in the same session they want to be anonymous, or use public computers where they
are being filmed while using TOR, or they have javascript turned on and Firefox is exploited, as happened in “Freedom
Hosting” take down.

TOR was the acronym of  “The Onion Router”, now is just Tor and is an open network made with free software, it’s open
source so everyone can get the code and analyze it or compile it, that makes a lot of people review the code, and after years
of it working there haven’t been any backdoors or bad stuff found in it.

Tor can be found at: https://www.torproject.org/

How Tor works
Explaining how TOR works would be pretty complicated and lengthy, but I found two awesome videos explaining what is
Onion Routing and TOR, check them out and then we can continue.

Onion Routing and TOR (Part 1): Motivation and Introduction


Onion Routing and TOR (Part 2): High-Level Mechanics


Part 2 mentions Diffie-Hellman here is a graphic that explains crystal clear what it is all about:



Hidden Services
Tor allows the users to be anonymous but also the servers providing content, so you can access a webpage no one knows
where is located.
Basically you as client will have three jumps until a “rendezvous point” and the server will have it’s own three jumps, that way
both parties are kept anonymous.

Hidden services URLs are a bunch of seemingly random characters ending in .onion, the reason of those uncomfortable URLs is
that those random characters are the public key, if you want more details about this, check this link.

Also go HERE for a more complete explanation about Hidden Services with graphics and whatnot.
Probably you read somewhere about the “Deep Web”, Hidden Services are a part of it, deeper and darker parts can be found
 using I2P or Freenet, but let me give you a warning about the Deep Web, you’ll find a lot of offensive content like profanity,
child porn, gore, drugs etc. If you’re easily offended avoid it.

Here are a few .onion addresses for you to visit, nothing offensive in these but you can end up anywhere from there. You’ll
need to have Tor installed to use them, your usual browser won’t be able to resolve the IP addresses and will give you an
error.

DuckDuckGo https://3g2upl4pq6kufc4m.onion
The Pirate Bay http://uj3wazyk5u4hnvtk.onion
The Hidden Wiki http://kpvz7ki2v5agwt35.onion

Tor for anonymous browsing
At last, this is why I started to talk about Tor in the first place…You can use Tor to navigate to any website.

When visiting a web from Tor your request will go through the encrypted chain of servers, called nodes, until it reaches the
last one, called “Exit node”, the Exit node will route your request to its original destination and forward you the response.

The site you want to visit will think the request comes from the Exit Node, that means that sometimes you’ll see the page you
wanted in a different language, and sadly it could happen that the site you want to visit doesn’t allow visits from Tor and you’ll
start seeing cumbersome captchas or in the worst cases you won’t be able to use the websites at all.

Always remember that Exit Nodes can see your original request, so the traffic in there can be sniffed, saved and analysed, to
avoid that use HTTPS whenever is possible.

Tips for a Tor beginner
1 - Use HTTPS always or exit nodes could sniff your traffic.
2 - Never use personally traceable accounts on Tor in the same session where you are trying to stay anonymous.
3 - Turn Javascript off, only activate it if you absolutely need it and are willing to assume the risk.
4 - Always use the latest Tor version available.
5 - Remember that Tor traffic can be detected by your ISP or network manager, they can know you’re using it, that can result
in traffic shaping, that is reducing the bandwidth available to use, or they can use that to identify you, for instance, using Tor
in a public library where you are being filmed on CCTV is a very bad idea.
6 - Encourage others to use Tor, if the amount of people using it increases, using it won’t mean you are doing something
“sensitive”, and Big Brother will have a lot of work because it won’t know who to target.


Practice

This lesson practice is easy, we will install the Tor browser bundle and use it.

1 - Download the Tor browser bundle from https://www.torproject.org/
2 - Install it
3 - Execute it, and you’ll see a Firefox browser window, be careful not to confuse it with your usual browser, you’ll notice they have different icons.
4 - Navigate to any site you usually visit and see if it works with Tor, don’t logging to sites if the site doesn’t provides HTTPS.
5 - Visit the hidden wiki http://kpvz7ki2v5agwt35.onion and have some fun in the deep web.

As always, don’t doubt in messaging me if you have any question.
« Last Edit: May 13, 2014, 03:12:26 PM by APX808 »

Offline JohnyMac

  • Administrator
  • *****
  • Posts: 9348
  • Karma: +11/-0
Re: 6 - Anonymous browsing
« Reply #1 on: May 05, 2014, 04:46:20 PM »
 :thumbsUp:
Defund both the Democrats and Republicans to stop their collusion with the Insurance companies!

Offline EJR914

  • Hardcore Prepper
  • ******
  • Posts: 2423
  • Karma: +1/-0
    • EJR914 Youtube Page
Re: 6 - Anonymous browsing
« Reply #2 on: May 13, 2014, 03:04:45 PM »
Hell yeah, APX, awesome info!   :thumbsUp:

Offline JohnyMac

  • Administrator
  • *****
  • Posts: 9348
  • Karma: +11/-0
Re: 6 - Anonymous browsing
« Reply #3 on: May 13, 2014, 05:37:00 PM »
We have to figure out a way to smuggle APX, his GF and her Ninja Poodles out of Argentina into the US. The man is brilliant and is wasting his time where he is.

I would love to get APX in front of a class room training us IT challenged folks!
Defund both the Democrats and Republicans to stop their collusion with the Insurance companies!

Offline crudos

  • Community Moderator
  • *****
  • Posts: 2564
  • Karma: +7/-2
  • Expect Resistance
Re: 6 - Anonymous browsing
« Reply #4 on: May 14, 2014, 07:27:52 AM »
Thanks for the awesome info APX! You cleared up a couple of things about Tor I was unclear about.  :bravo:

Offline crudos

  • Community Moderator
  • *****
  • Posts: 2564
  • Karma: +7/-2
  • Expect Resistance
Re: 6 - Anonymous browsing
« Reply #5 on: May 14, 2014, 01:59:14 PM »
Posted via Tor! :thumbsup:

Offline special-k

  • Peasant Extraordinaire
  • Administrator
  • *****
  • Posts: 2003
  • Karma: +8/-0
Re: 6 - Anonymous browsing
« Reply #6 on: May 14, 2014, 02:37:17 PM »
I finally have a rainy day here so I can work on this.

Could you please simplify (in nube terms) what this means and/or how to accomplish it:

Quote
...use HTTPS whenever is possible.
"Never interrupt your enemy when he is making a mistake." - Napoleon Bonaparte

Offline APX808

  • Administrator
  • *****
  • Posts: 1804
  • Karma: +10/-0
    • APX R4nt5
Re: 6 - Anonymous browsing
« Reply #7 on: May 14, 2014, 04:14:47 PM »
Usually the URLs you use are something like http://www.google.com, that is HTTP and all the traffic goes in clear text.
HTTPS URLs start with HTTPS like https://www.google.com when you use those the traffic is encrypted, for instance most login pages or home banking services will run using HTTPS.

Depending the browser it will display an special icon in the address bar when you are using HTTPS, something like a padlock.

The Tor browser bundle includes a Firefox extension called "HTTPS Everywhere" made by the EFF that will activate HTTPS wherever it can
https://www.eff.org/https-everywhere

In a nutshell HTTPS is a protocol for two computers to communicate using HTTP over a secure channel, to negotiate a key it uses diffie-hellman to avoid an eavesdropper to know it.

Sorry my explanation isn't very deep as I'm in the middle of a move LOL

I plan to write a lesson about HTTPS in a near future.


Offline Kbop

  • Hardcore Prepper
  • ******
  • Posts: 1229
  • Karma: +8/-0
Re: 6 - Anonymous browsing
« Reply #8 on: May 16, 2014, 09:18:12 PM »
For those of you who like TOR - you should check out TAILs.  It is a Linux distro that uses TOR natively.  you can put your OS on a CD and boot up on almost any computer.  Linux is open source and free.
https://tails.boum.org/
http://en.wikipedia.org/wiki/Tails_(operating_system)
Murphy was an optimist.

Offline EJR914

  • Hardcore Prepper
  • ******
  • Posts: 2423
  • Karma: +1/-0
    • EJR914 Youtube Page
Re: 6 - Anonymous browsing
« Reply #9 on: August 25, 2016, 11:15:56 PM »
Let's say I've compromised myself, I've accidentally royal screwed myself and logged into my personal email after or before I start anonymously browsing some very subversive sites and send some very subversive messages with TOR, is there anything I can do now to try make it a little better on myself?

Yes, this just happened to me.

Just kidding.   ;)

Offline JohnyMac

  • Administrator
  • *****
  • Posts: 9348
  • Karma: +11/-0
Re: 6 - Anonymous browsing
« Reply #10 on: August 26, 2016, 05:31:34 AM »
Interesting question EJR.

I do know that only you can screw up your anonymity with TOR by signing onto a website with your actual information - Got that.

APX is far better at this subject then I however, I would think you screwed up your anonymity with only that one site.

TOR is a great site to use in doing research on a project that by you going to that site might cause embarrassment or legal problems in the future.

I once had a IT Tech tell me that to never go to a site or write an email that I would have to explain to my Mom or be forced to read in a court of law by a Prosecutor.

With that written, where are those plans for a "Lightning Link"?
Defund both the Democrats and Republicans to stop their collusion with the Insurance companies!

Offline Well-Prepared Witch

  • Committed prepper
  • *****
  • Posts: 780
  • Karma: +12/-0
    • The Well-Prepared Witch
Re: 6 - Anonymous browsing
« Reply #11 on: August 26, 2016, 06:46:32 AM »
Fascinating article, thanks!
If that which you seek you find not within yourself, you shall never find it without.  - Charge of the Goddess, Doreen Valiente
http://wellpreparedwitch.com

Offline special-k

  • Peasant Extraordinaire
  • Administrator
  • *****
  • Posts: 2003
  • Karma: +8/-0
Re: 6 - Anonymous browsing
« Reply #12 on: August 26, 2016, 09:17:02 AM »
Due to my finger-f***ing the settings in NoScript, and downloading an add-on (I never installed it)...my TOR browser started acting strange... extremely slow to open/close the browser, or even open simple pages.

So I decided I want a fresh install of TOR, but I can't figure out how to uninstall the old one.

I used CCleaner to uninstall... because CCleaner has never failed to uninstall anything for me before.

Then I downloaded & installed a fresh copy of TOR.  But once it started...it obviously had my old settings and data...such as my home page (I prefer startpage instead of duckduckgo), and it had my bookmarks.

So... How do I REALLY uninstall the TOR browser and all of the data associated with it?
« Last Edit: August 26, 2016, 09:23:58 AM by special-k »
"Never interrupt your enemy when he is making a mistake." - Napoleon Bonaparte

Offline APX808

  • Administrator
  • *****
  • Posts: 1804
  • Karma: +10/-0
    • APX R4nt5
Re: 6 - Anonymous browsing
« Reply #13 on: August 26, 2016, 09:42:19 AM »
As far as I know Tor is portable, you just decompress the file into a folder and execute it there.

Are you getting it from here: https://www.torproject.org/download/download-easy.html.en ?

Offline Erick

  • Committed prepper
  • *****
  • Posts: 671
  • Karma: +7/-0
Re: 6 - Anonymous browsing
« Reply #14 on: August 26, 2016, 02:56:12 PM »
Thanks APX!  :)
Every day, men who will follow orders to kill you, exercise. Do you?

Offline Nemo

  • Hardcore Prepper
  • ******
  • Posts: 3081
  • Karma: +11/-1
  • From My Cold Dead Hands
Re: 6 - Anonymous browsing
« Reply #15 on: August 26, 2016, 03:44:33 PM »
What about the idea of someone hacking my laptop and then getting into my finances and all that stuff.  ID theft with sufficent into to take it to the max.  Dump everything into cash, send that to a bitcoin account and disappear in the great dark wilderness?

Can they come back through TOR or is that idea do-able from where I am as I post this?  As I understand it, TOR is basically 20% of the way into the darkweb.  Which is not a good place to explore if you are rather illiterate in computer stuff.

Nemo
If you need a second magazine, its time to call in air support.

God created Man, Col. Sam Colt made him equal, John Moses Browning turned equality to perfection, Gaston Glock turned perfection into plastic fantastic junk.

Offline JohnyMac

  • Administrator
  • *****
  • Posts: 9348
  • Karma: +11/-0
Re: 6 - Anonymous browsing
« Reply #16 on: August 26, 2016, 05:49:04 PM »
« Last Edit: August 26, 2016, 07:45:39 PM by APX808 »
Defund both the Democrats and Republicans to stop their collusion with the Insurance companies!

Offline special-k

  • Peasant Extraordinaire
  • Administrator
  • *****
  • Posts: 2003
  • Karma: +8/-0
Re: 6 - Anonymous browsing
« Reply #17 on: September 05, 2016, 12:20:30 PM »
I've still had no luck in completely uninstalling the TOR browser.

I searched "TOR" on my hard drive and it resulted in only 2 results... .dmg & .app.

I scrubbed (overwrote) the .dmg and .app.

Then I installed a fresh copy of TOR.

It still had all my old settings and data (bookmarks).

What am I missing?  Where & what else has TOR secretly hidden on my hard drive?
"Never interrupt your enemy when he is making a mistake." - Napoleon Bonaparte

Offline Kbop

  • Hardcore Prepper
  • ******
  • Posts: 1229
  • Karma: +8/-0
Re: 6 - Anonymous browsing
« Reply #18 on: September 05, 2016, 12:35:45 PM »
have you considered re-imaging your drive?
Murphy was an optimist.

Offline APX808

  • Administrator
  • *****
  • Posts: 1804
  • Karma: +10/-0
    • APX R4nt5
Re: 6 - Anonymous browsing
« Reply #19 on: September 05, 2016, 12:43:43 PM »
I don't understand how that's even possible, Tor browser is a portable app, it uncompress in some directory and don't install anything.

Maybe you installed a Tor that wasn't a real Tor, maybe because of downloading the program from a non official site.

In the Contact section of Tor https://www.torproject.org/about/contact.html.en there are some IRC channels and a stack exchange page were you can post your issue and maybe they figure out what's going on

Offline special-k

  • Peasant Extraordinaire
  • Administrator
  • *****
  • Posts: 2003
  • Karma: +8/-0
Re: 6 - Anonymous browsing
« Reply #20 on: September 05, 2016, 12:52:43 PM »
I got it from your link APX. 

But anyway, I just found the hidden files...I don't know why they did not show up in my hard drive "Spotlight" search...since "TOR" was clearly part of the name of the folder.

This is where I found the data on my Mac:
Finder > Library > Application Support > TorBrowser Data

I scrubbed the "TorBrowser Data" folder along with the .app & .dmg, then reinstalled another fresh copy...now all is good.
"Never interrupt your enemy when he is making a mistake." - Napoleon Bonaparte