- 1 A List of Tools
- 2 How The Tools Fit Together
- 2.1 You and the Browser
- 2.2 The Content Filter
- 2.3 Traffic Firewall
- 2.4 Traffic Encryption
- 2.5 Traffic Location Anonymization
A List of Tools
Below is a list of tools related to anonymous browsing and maintaining privacy while you use the web. There's also an explanation of how all these tools fit together into the encryption sandwich that's needed to successfully browse teh interwebz as an0n.
Tails - a distribution of Linux dedicated to keeping you anonymous.
Whonix - another Linux distribution dedicated to keeping you anonymous.
Stunnel - stunnel is a way of building encrypted HTTPS tunnels to carry arbitrary traffic through arbitrary ports. Can't get SSH through that pesky firewall? Wrap the request in SSL, run it through port 443 (HTTPS port), and you're on your way! Stunnel works similarly to SSH, in that you need a command line at both machines for this to work.
SSH - ah, yes, good ol' SSH. You can tunnel lots of stuff through SSH, which is protected with an SSL encryption layer. SSH tunnels are particularly versatile. For example, you can create an SSH tunnel to a local port, then run all of your browser traffic through that local port. All of your traffic will come out the other end, and all traffic will appear to come from the other end of the tunnel.
OpenVPN - you can use OpenVPN to build VPN networks, but there can be some gotchas to watch out for. Example: DNS requests may not be sent through the VPN, by default, which would make the use of a VPN to mask your location useless.
The first tool you can use to protect yourself is not to use your home ISP, but to VPN into a rented server with a different (presumably more forgiving) ISP.
You can set up a simple static key VPN for using a single client and a single server. Instructions for setting up a VPN, and double-checking the connection for leaky information, is covered here: OpenVPN/Static Key
However, OpenVPN by itself won't protect your traffic once it leaves the OpenVPN server. Traffic that's unencrypted when it is sent over the VPN tunnel is unencrypted when it comes out the other end. That's why you use OpenVPN and friends!
VPN + Content Filtering: Privoxy + OpenVPN
We can start by combining a VPN with a basic content firewall/filter like Privoxy. Privoxy is a proxy server running as a service on port 8118, so we'll be redirecting all of our browser traffic into port 8118.
The browser traffic will flow into the computer via port 8118 to Privoxy, which will perform content filtering. That traffic will come from our local VPN.
How The Tools Fit Together
Anonymous browsing requires a sandwich of tools to serve various purposes. This is because a computer does lots of different things that might give away its identity: perhaps through a bit of unencrypted traffic, or a native MAC address, or a nearby router, or a single login from an unobfuscated IP address, or a DNS request that wasn't sent through the right tunnel.
Think of anonymous browsing like launching a rocket. If you are successful, you can accomplish the (truly amazing) feat of being anonymous. You have the opportunity to step outside of your identity. But to successfully launch a rocket, you need to know all the different things that can go wrong (i.e., you've learned about all the other rockets that have exploded and figured out what they did wrong), and you have to take countermeasures, and make sure everything is secured properly, and all systems are go.
But rockets have many, many stages, just like you have many, many attack surfaces when you browse the internet. There are many methods for identification, fingerprinting, tracking, and location with all sorts of traffic, so it's important to understand what tells what to whom.
The different layers of the sandwich depend on the situation, but with a browser typically looks like this:
- The Browser
- Content Filter
- Traffic Encryption
- Traffic Location Anonymization
You and the Browser
Traffic passing between you and the browser is definitely vulnerable to attack - if you're using a bluetooth keyboard, or a computer with a keylogger installed. (Hard to browse anonymously when your keystrokes are being broadcast, eh?) But we'll skip that for now.
- Install AdBlock Extension
If you haven't filtered this stuff out with Privoxy (or, if you have, and you want to be sure), you can block other stuff with these extensions:
- Install NoScript Extension
- Install GreaseMonkey Extension
- Install AdBlock Extension
The point is, the browser is a big gaping attack surface, and various extensions can be used to patch it. But generally you want the pre-browser layers to minimize (to ZERO you hope) the number of attacks that reach the browser.
That's why there are so many steps after this one.
The Content Filter
This is the role that Privoxy plays in the anonymous browsing chain.
With Privoxy, you basically run a lightweight, local proxy server, and that proxy server acts as an intermediary between you and the original version of a website. Privoxy filters contents based on various rules, with varying scrictness, and returns the filtered content to you. This all happens seamlessly and invisibly, until you start seeing how many elements on a page were blocked by Privoxy!
A traffic firewall is a wall between you and the outside world. It prevents unwanted traffic from getting in, and it prevents unwanted traffic from getting out.
For example, a firewall could be used to block port 22, so that even if you have an SSH server running on your computer for local network connections, no remote connections from outside could be made to port 22.
However, this can also prevent unwanted traffic from going out - for example, by blocking port 53, which is the port normally used for DNS queries, you prevent some idiotic program that has implemented its own DNS query engine from broadcasting your native MAC and IP address.
- Block all ports except port 9050
- Block all DNS resolving queries sent from your client to any DNS server
- Block DNS queries made by clients toward external IP addresses on UDP port 53
- Force DNS queries through Tor (port 9050)
The Problem: Sniffable Traffic
Unfortunately, due to the lack of encryption available on many websites, there's virtually no way to guarantee that your traffic can't be sniffed. Even if you're using HTTPS, you're prone to sniffing attacks from Tor exit nodes.
That means, if a website DOES NOT offer HTTPS, you cannot make an encrypted connection with it, and your traffic WILL BE passed out of a Tor exit node in the clear and perfectly sniffable by the exit node operator.
The Tor browser bundle comes with HTTPS everywhere, but that just tries to use HTTPS everywhere. If a site doesn't offer a login menu with HTTPS (hint: a lot of sites), there's nothing you can do to hide that information.
And worse, these weaknesses are prone to happen on Tor exit nodes - and since operating an exit node requires peculiar resources, which requires money and/or power, this puts Tor exit nodes into particularly untrustable, grubby fat hands.
Which leaves you with very few options. How can you guarantee your traffic will be encrypted?
The Solution: Encrypted Connection
The solution is to bypass the Tor exit node sniffing by ensuring your traffic stays encrypted after it exits Tor. Any sniffer at an exit node would only see encrypted traffic. But, making an encrypted connection, by nature, requires a second entity on the other side, who can make an encrypted connection via your traffic exiting Tor.
How to make an encrypted connection to another entity? There are plenty of options.
Option 1: HTTPS Absolutely Everywhere
The HTTP Everywhere extension for Ffirefox allows you to use HTTPS where it is available. But you can also put it in a mode where it will ONLY make HTTPS connections. This will prevent any unencrypted traffic, and is a great feature if you are using a hostile network where you know traffic will be observed.
Option 2: HTTPS Via Proxy Server
Another option is to use a private proxy service (paid for with bitcoin, of course) to maintain encrypted connections over Tor. You can maintain an encrypted connection to the proxy server, which then makes all of your requests for you. While this doesn't do anything to protect the web requests made from that proxy server, it is a way of protecting your identity when making requests to that proxy server.
Option 3: Anonymous SSH + Socks
One method would be to connect to the machine via an SSH tunnel, routing the traffic for that tunnel starting with the encryption, at your computer, before it leaves to the network; through port 9050 and out to the Tor entry node; through the Tor bridge node; out again on the other side via the Tor exit node; and finally, to the computer you're connecting to. This configuration would allow a regular SSH connection, or it could be an SSH tunnel for carrying browser traffic and web requests (i.e., requests made locally are forwarded to the remote machine via the SSH tunnel). Alternatively, the tunnel could carry an X session, with the user running a (local) browser window corresponding to a browser instance on the remote machine.
Anonymous SSH - covers how to create an anonymous SSH connection to a remote machine over Tor.
Option 4: Anonymous Stunnel
A further twist on this method would be to wrap this SSH connection into an SSL layer using Stunnel, allowing you to pass the SSH connection through HTTPS port 443, just like any other regular web traffic, except that it's an SSH tunnel. In both cases, the encrypted connection beginning at your computer, before it enters Tor, and ending at the remote computer, after it exits Tor, are what make it possible to circumvent Tor exit node sniffing.
Anonymous Stunnel - covers how to create an anonymous SSL tunnel on port 443 to carry arbitrary traffic (SSH tunnels, etc) over Tor.
Maybe An Option: Anonymous Squid
Another (theoretically) good alternative is to forward HTTPS traffic from your computer to the remote computer by running a proxy server on the remote computer - something like Squid. With Squid, you could make a secure HTTPS connection to the remote machine, protecting your connection on potentially hostile networks (like Tor).An HTTPS connection to the remote machine would be unsniffable by Tor exit nodes, and would then be translated into a web request on the remote end, which the remote proxy server would perform.Encryption happens on the local machine, before it enters Tor, and at the remote machine, before the traffic is returned via Tor. This means a Tor exit node has no way to sniff the unencrypted traffic.
However, unfortunately, this Squid page says that there isn't much support for a secure browser-remote proxy connection feature to be added into browsers: http://wiki.squid-cache.org/Features/HTTPS
So the Stunnel and SSH methods above will have to suffice.
Think of it like this: you want to add extra hops to either end of your encryption "traceroute", so that it is longer than your Tor "traceroute".
Traffic fingerprinting and traffic correlation attacks in the case of HTTPS (either with Stunnel to carry an SSH connection, or with Squid proxy handling an HTTPS-HTTP request) would still be possible here, since a Tor exit node would be able to see the destination of the encrypted traffic. But it would appear like any other HTTPS traffic. You'd have to get much more sophisticated to conduct a Man-in-the-Middle attack against this type of connection.
Traffic Location Anonymization
Traffic location anonymization is what Tor gets you. Tor anonymizes the location of origin of your traffic, by passing it through three layers of obfuscation: the Tor entry node, the Tor bridge node, and the Tor exit node. Each connection, between each layer, is made randomly, and each connection obfuscates further the geographic origin of the traffic. While this slows down traffic significantly, it also bounces your traffic all over the place, rendering it untraceable.
(Assuming, of course, you aren't sending your name and address over Tor unencrypted. See above.)
br0wsing the web an0nymouslythe anonymity-encryption-privacy-firewall sandwich required to successfully hide your identity and browse anonymously online.
Pi Hole uses a Raspberry Pi as an intermediate sinkhole for "extra" traffic, trackers, scripts, etc.
You · Your Browser · Content Filter · Traffic Encryption · Traffic Location Anonymization
Flags · Template:AnonymousBrowsingFlag · e