Difference between revisions of "Anonymity"
(→IM & Chat) |
|||
Line 1: | Line 1: | ||
− | = | + | = General Services = |
− | + | == Virtual Private Servers == | |
− | + | ||
− | + | ||
− | + | ||
A VPS is your own personal server, hosted within a Virtual Machine. This is not as private as a Dedicated Server, as your information is accessible within a Shared environment, however they are cheap. | A VPS is your own personal server, hosted within a Virtual Machine. This is not as private as a Dedicated Server, as your information is accessible within a Shared environment, however they are cheap. | ||
− | + | == Virtual Private Networks == | |
A Virtual Private Network is an encrypted tunnel to a remote server running a VPN daemon such as OpenVPN. This allows you to authenticate over IPSEC and many other protocols to access remote networks as if they were local, depending on the configuration of your VPN. VPN Providers provide a simple tunnel, but not usually remote network resources. Essentially, VPN providers just offer an encrypted tunnel to proxy your connection from. However, using a VPS with TUN/TAP, or a Dedicated Server with OpenVPN running, you can setup your own network with internal resources. | A Virtual Private Network is an encrypted tunnel to a remote server running a VPN daemon such as OpenVPN. This allows you to authenticate over IPSEC and many other protocols to access remote networks as if they were local, depending on the configuration of your VPN. VPN Providers provide a simple tunnel, but not usually remote network resources. Essentially, VPN providers just offer an encrypted tunnel to proxy your connection from. However, using a VPS with TUN/TAP, or a Dedicated Server with OpenVPN running, you can setup your own network with internal resources. | ||
− | + | == SSH Tunneling == | |
An SSH tunnel is the process of encapsulating another Internet protocol within an existing SSH connection. This is often used for secured web-browsing, breaking out from restrictive firewalls or adding encryption to otherwise unencrypted traffic. | An SSH tunnel is the process of encapsulating another Internet protocol within an existing SSH connection. This is often used for secured web-browsing, breaking out from restrictive firewalls or adding encryption to otherwise unencrypted traffic. | ||
Line 18: | Line 15: | ||
You can effectively tunnel all of your local traffic through a remote server that you have an SSH account enabled on. Not only will your traffic appear to be originating from the remote servers IP address, but all traffic between yourself, your remote server and the final destination will be encrypted using the SSH protocol. This is a great technique for anonymity as it hides your original IP address and adds an extra layer of security to your communications. | You can effectively tunnel all of your local traffic through a remote server that you have an SSH account enabled on. Not only will your traffic appear to be originating from the remote servers IP address, but all traffic between yourself, your remote server and the final destination will be encrypted using the SSH protocol. This is a great technique for anonymity as it hides your original IP address and adds an extra layer of security to your communications. | ||
− | + | === Basic Example of SSH Tunneling === | |
{{LinuxCMD|ssh -D 8080 user@remotebox}} | {{LinuxCMD|ssh -D 8080 user@remotebox}} | ||
Line 24: | Line 21: | ||
What this does is tells your computer to listen on localhost:8080, and forward all requests to user@remotebox. Set your browser or application to use 127.0.0.1:8080 as a SOCKS5 proxy, and it will forward your traffic, provided your sshd_config is set to permit tunnel traffic. | What this does is tells your computer to listen on localhost:8080, and forward all requests to user@remotebox. Set your browser or application to use 127.0.0.1:8080 as a SOCKS5 proxy, and it will forward your traffic, provided your sshd_config is set to permit tunnel traffic. | ||
− | + | == Shell Accounts == | |
Shell accounts are simply a term for individual accounts on an SSH server. There are hundreds of providers of free shells accounts online, that will give you your own non-root account with SSH access on their server. Paid shell accounts also exist and usually supply you with more features such as root access or unrestricted outbound access. | Shell accounts are simply a term for individual accounts on an SSH server. There are hundreds of providers of free shells accounts online, that will give you your own non-root account with SSH access on their server. Paid shell accounts also exist and usually supply you with more features such as root access or unrestricted outbound access. | ||
Line 31: | Line 28: | ||
http://shells.red-pill.eu/ | http://shells.red-pill.eu/ | ||
− | + | == FTP / Telnet == | |
Regular FTP and Telnet communications are outdated and generally considered to be very insecure. You are not suggested to use these protocols if you have any of the above methods available to you. | Regular FTP and Telnet communications are outdated and generally considered to be very insecure. You are not suggested to use these protocols if you have any of the above methods available to you. | ||
Line 43: | Line 40: | ||
SSH is the logical replacement for Telnet, however there are plenty of tools to wrap a telnet-style session in SSL/TLS layers, such as NCAT | SSH is the logical replacement for Telnet, however there are plenty of tools to wrap a telnet-style session in SSL/TLS layers, such as NCAT | ||
− | + | = Web-Browsing = | |
− | + | == Firefox == | |
First and foremost, if you haven't visited [http://www.mozilla.org/en-US/plugincheck/ PluginCheck], go ahead and do so now. No really, we'll wait. | First and foremost, if you haven't visited [http://www.mozilla.org/en-US/plugincheck/ PluginCheck], go ahead and do so now. No really, we'll wait. | ||
− | + | === Recommended Extensions === | |
{| class="wikitable" | {| class="wikitable" | ||
Line 93: | Line 90: | ||
|} | |} | ||
− | + | == TODO == | |
- Cookies & cache | - Cookies & cache | ||
Line 105: | Line 102: | ||
- Personal Identifiable Information | - Personal Identifiable Information | ||
− | + | = Email Privacy = | |
− | + | == PGP / GNUPG Encryption == | |
PGP is an encryption method based on private and public key files, which can be used to easily encrypt or sign messages. The PGP software is available for all major operating systems and is very easy to setup and use. When you first setup PGP, you will create a key pair that is used for all future encryption and signing. It is also possible to digitally 'sign' a message or file using your PGP key pair. When your key pair is created, it is given a unique signature that is specific to you and your email address. | PGP is an encryption method based on private and public key files, which can be used to easily encrypt or sign messages. The PGP software is available for all major operating systems and is very easy to setup and use. When you first setup PGP, you will create a key pair that is used for all future encryption and signing. It is also possible to digitally 'sign' a message or file using your PGP key pair. When your key pair is created, it is given a unique signature that is specific to you and your email address. | ||
Line 116: | Line 113: | ||
− | + | == Anonymous Remailers == | |
Add content here | Add content here | ||
− | + | == Throw-away Accounts == | |
Throw-away account are one-time-usage email accounts that when paired with message encryption and some form of traffic proxying (Tor, SSH tunnel, etc) provide a very good method for sending or receiving anonymous emails. There are services that will provide free throw-away accounts but these generally limit you to either sending or receiving only and for a limited period of time. If this is not ideal for your situation, you could always create a free email account with any provider and simply use the account for a specific period of time or specific purpose. | Throw-away account are one-time-usage email accounts that when paired with message encryption and some form of traffic proxying (Tor, SSH tunnel, etc) provide a very good method for sending or receiving anonymous emails. There are services that will provide free throw-away accounts but these generally limit you to either sending or receiving only and for a limited period of time. If this is not ideal for your situation, you could always create a free email account with any provider and simply use the account for a specific period of time or specific purpose. | ||
Line 126: | Line 123: | ||
When using throw-away accounts, it is very important that you take all the usual steps in protecting your identity and anonymity. This includes making sure your IP address is hidden via proxying, avoiding DNS leaks and encryption the messages you send or receive. If you are not using a throw-away email service, make sure you delete your messages from the Inbox and Sent Messages after every single correspondence. | When using throw-away accounts, it is very important that you take all the usual steps in protecting your identity and anonymity. This includes making sure your IP address is hidden via proxying, avoiding DNS leaks and encryption the messages you send or receive. If you are not using a throw-away email service, make sure you delete your messages from the Inbox and Sent Messages after every single correspondence. | ||
− | + | = IM & Chat = | |
− | + | == Instant Messaging == | |
− | + | === Pidgin === | |
− | + | ==== Using OTR ==== | |
− | + | === TorChat === | |
− | + | === TorPM === | |
− | + | === ICQ === | |
− | + | == Chat == | |
− | + | === IRC === | |
− | + | ==== Using OTR ==== | |
− | + | === SILC === | |
− | + | ==== Key based authentication ==== | |
− | + | === Utilising IRC Bouncers === | |
− | + | = Files & Hard-Disk Encryption = | |
- TrueCrypt | - TrueCrypt | ||
Line 163: | Line 160: | ||
− | + | = Possible Downfalls = | |
− | + | == Network Performance == | |
When using multiple proxies or other means of hiding your IP address, one of the main downfalls is latency. With more connections and hops that need to be made between you and your final destination, the connection will take longer and longer to be made. This is most evident in systems like the TOR network, for example. While TOR does provide reasonably good anonymity, it also takes much longer for connections to occur. | When using multiple proxies or other means of hiding your IP address, one of the main downfalls is latency. With more connections and hops that need to be made between you and your final destination, the connection will take longer and longer to be made. This is most evident in systems like the TOR network, for example. While TOR does provide reasonably good anonymity, it also takes much longer for connections to occur. | ||
− | + | == Personal Information == | |
While Tor provides anonymity via onion routing to hide your IP, anyone can run a Tor node, so you should be cautious what kind of information you transmit over the Tor network, as it might be subject to interception, which is usually why you use Tor to connect to an two-way encrypted endpoint. | While Tor provides anonymity via onion routing to hide your IP, anyone can run a Tor node, so you should be cautious what kind of information you transmit over the Tor network, as it might be subject to interception, which is usually why you use Tor to connect to an two-way encrypted endpoint. | ||
− | + | == IP Leaks == | |
Add content here | Add content here | ||
− | + | == DNS Leaks == | |
Add content here | Add content here |
Revision as of 12:06, 5 May 2012
Contents
General Services
Virtual Private Servers
A VPS is your own personal server, hosted within a Virtual Machine. This is not as private as a Dedicated Server, as your information is accessible within a Shared environment, however they are cheap.
Virtual Private Networks
A Virtual Private Network is an encrypted tunnel to a remote server running a VPN daemon such as OpenVPN. This allows you to authenticate over IPSEC and many other protocols to access remote networks as if they were local, depending on the configuration of your VPN. VPN Providers provide a simple tunnel, but not usually remote network resources. Essentially, VPN providers just offer an encrypted tunnel to proxy your connection from. However, using a VPS with TUN/TAP, or a Dedicated Server with OpenVPN running, you can setup your own network with internal resources.
SSH Tunneling
An SSH tunnel is the process of encapsulating another Internet protocol within an existing SSH connection. This is often used for secured web-browsing, breaking out from restrictive firewalls or adding encryption to otherwise unencrypted traffic.
You can effectively tunnel all of your local traffic through a remote server that you have an SSH account enabled on. Not only will your traffic appear to be originating from the remote servers IP address, but all traffic between yourself, your remote server and the final destination will be encrypted using the SSH protocol. This is a great technique for anonymity as it hides your original IP address and adds an extra layer of security to your communications.
Basic Example of SSH Tunneling
Terminal |
localhost:~ $ ssh -D 8080 user@remotebox |
What this does is tells your computer to listen on localhost:8080, and forward all requests to user@remotebox. Set your browser or application to use 127.0.0.1:8080 as a SOCKS5 proxy, and it will forward your traffic, provided your sshd_config is set to permit tunnel traffic.
Shell Accounts
Shell accounts are simply a term for individual accounts on an SSH server. There are hundreds of providers of free shells accounts online, that will give you your own non-root account with SSH access on their server. Paid shell accounts also exist and usually supply you with more features such as root access or unrestricted outbound access. These accounts, free or paid, are a quick and easy way to create a secured proxy via SSH tunnelling. Often times you will be able to use the account for other things such as email or IRC access. The link below contains a rather large list of free and paid shell account providers, detailing which features are offered at each host and other important information.
FTP / Telnet
Regular FTP and Telnet communications are outdated and generally considered to be very insecure. You are not suggested to use these protocols if you have any of the above methods available to you.
Suggested replacements for these protocol include:
- SFTP
- SCP
- FTPS (Command and Data channel)
SSH is the logical replacement for Telnet, however there are plenty of tools to wrap a telnet-style session in SSL/TLS layers, such as NCAT
Web-Browsing
Firefox
First and foremost, if you haven't visited PluginCheck, go ahead and do so now. No really, we'll wait.
Recommended Extensions
Extension | Purpose | Link |
---|---|---|
Adblock Plus | Filters a lot of ads, regular updates | XPI |
Adblock Plus Popup Addon | Enhancement to ABP, blocks popups | Addon Site |
BetterPrivacy | Blocks Flash Cookies & LSOs | Addon Site |
Disconnect | Blocks Social Media tracking widgets | Addon Site |
DoNotTrack Plus | Blocks Social Network, Ad Company ads | Addon Site |
FlashBlock | Blocks Flash/Silverlight, enables click-to-play | Addon Site |
NoScript | Blocks javascript unless you allow it per site | Addon Site |
Torbutton | Enables quick access to the Tor network, provided you have Tor installed | Addon Site |
User Agent Switcher | Allows you to emulate almost any device or OS with a menu-driven interface | Addon Site Latest XML |
TODO
- Cookies & cache - Proxies - Tor - Privoxy - Using SSH tunnels as a SOCKS5 proxy - Online purchases - Private browsing - Google vs Scroogle - Personal Identifiable Information
Email Privacy
PGP / GNUPG Encryption
PGP is an encryption method based on private and public key files, which can be used to easily encrypt or sign messages. The PGP software is available for all major operating systems and is very easy to setup and use. When you first setup PGP, you will create a key pair that is used for all future encryption and signing. It is also possible to digitally 'sign' a message or file using your PGP key pair. When your key pair is created, it is given a unique signature that is specific to you and your email address.
By signing a message or file, your PGP signature is attached to the document and can be used to verify that you are who you say you are. This is very useful for email correspondence where it is possible for messages to be intercepted or otherwise tampered with. If you encrypt and sign an email message using PGP, you are verifying to the recipient that you are the original sender and also making sure that your message cannot be read during transmission.
Anyone who has access to your public key is capable of decrypting messages that you have encrypted. Your private key, on the other hand, should not be given out to anyone and you must keep it in a safe location to avoid theft or copying. If your private key is stolen, it would be possible for the attacker to sign and encrypt messages using your digital identity.
Anonymous Remailers
Add content here
Throw-away Accounts
Throw-away account are one-time-usage email accounts that when paired with message encryption and some form of traffic proxying (Tor, SSH tunnel, etc) provide a very good method for sending or receiving anonymous emails. There are services that will provide free throw-away accounts but these generally limit you to either sending or receiving only and for a limited period of time. If this is not ideal for your situation, you could always create a free email account with any provider and simply use the account for a specific period of time or specific purpose.
When using throw-away accounts, it is very important that you take all the usual steps in protecting your identity and anonymity. This includes making sure your IP address is hidden via proxying, avoiding DNS leaks and encryption the messages you send or receive. If you are not using a throw-away email service, make sure you delete your messages from the Inbox and Sent Messages after every single correspondence.
IM & Chat
Instant Messaging
Pidgin
Using OTR
TorChat
TorPM
ICQ
Chat
IRC
Using OTR
SILC
Key based authentication
Utilising IRC Bouncers
Files & Hard-Disk Encryption
- TrueCrypt - One Time Pads - Full Disk Encryption - IronKey USB drives - Operating System logs - System memory - Forensics
Possible Downfalls
Network Performance
When using multiple proxies or other means of hiding your IP address, one of the main downfalls is latency. With more connections and hops that need to be made between you and your final destination, the connection will take longer and longer to be made. This is most evident in systems like the TOR network, for example. While TOR does provide reasonably good anonymity, it also takes much longer for connections to occur.
Personal Information
While Tor provides anonymity via onion routing to hide your IP, anyone can run a Tor node, so you should be cautious what kind of information you transmit over the Tor network, as it might be subject to interception, which is usually why you use Tor to connect to an two-way encrypted endpoint.
IP Leaks
Add content here
DNS Leaks
Add content here