Watch Me If You Can (1 of 3): Anonymous and Secure Browsing

On: September 13, 2013
About Philip Anderson


   

This is the first post in a short series on how to remain secure and anonymous online. Part one will cover internet browsing, part two will cover communicating online, and part three will cover file transferring and downloading. Parts 2 and 3 will be posted over the next few days.

It has been known openly for years that governments around the world, and the National Security Agency in particular, have been conducting mass online surveillance. However, the recent information revealed by Edward Snowden, and the subsequent media coverage, has brought issues of privacy and anonymity into the wider public discourse.

Anonymity is more important now than ever. With governments and corporations constantly analyzing, quantifying, and often selling your information, the ability to hide your identity is crucial. From journalists using software to protect their communications with whistle-blowers, to dissidents circumventing censorship and identification, it is important to have the ability to keep your online and real personas separate. There are more real-world reasons to support anonymity as well. Maybe you’re researching something that you wouldn’t want linked to your real identity, or maybe you’re running a website that allows sexual abuse victims to discuss their experiences without the fear of being identified. Anonymity allows for greater creativity, honesty, and risk to flourish online.

The rest of this post is not going to delve into the deeper philosophical issues surround anonymity and security online (though future posts will cover this topic). Rather, it is going to explain in practical steps how to utilize current technologies to subvert government and corporate monitoring through the use of the Tor network and related software.

Disclaimer: No method of encryption, anonymization, or obfuscation is 100% effective. These are steps that can be taken to make it more difficult for your internet activity to be monitored.

 

–The Tor Project–

How to download Tor:
1.Go to www.TorProject.org
2.Click “Download Tor” button
3.Follow the steps to download the correct version for your computer

What is Tor?
Tor is free software and an open network that helps defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

What is traffic analysis?
Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. Traffic analysis becomes easier when organizations such as the NSA control entry and exit nodes in the network. In recent leaked information, it has been implied that the NSA and other government agencies control many of the Tor exit nodes. Even with exit nodes being monitored, it is possible to hide your traffic using tools such as SkypeMorph (http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf). SkypeMorph alters your connection to the Tor network to make it look like a Skype video call, therefore drawing less attention to your traffic.

How does Tor work?
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. The more people who use Tor, the safer it becomes since there are more relays to bounce your traffic through.

How Tor works

Tor circuit step two

Tor circuit step three

Things to remember:
1. Tor prevents traffic analysis, remember to use email encryption services like PGP, TorMail, and CryptoCat when communicating with others. This will be explained in more depth in the second post on secure and anonymous communications.
2. Don’t open documents downloaded through Tor while online: This will reveal your non-Tor IP address. If you must work with DOC and/or PDF files, it is recommended to either use a disconnected computer, or download VirtualBox and use it with a virtual machine image with networking disabled.
3. Remember: Tor ONLY keeps third parties from seeing websites you visit. If you tell a website who you are (say, by signing in) Tor can’t help you.
4. Use common sense: If something looks wrong, don’t risk it.

Sources:

www.TorProject.org

http://www.theguardian.com/technology/2012/apr/19/online-identity-authenticity-anonymity

http://en.wikipedia.org/wiki/Traffic_analysis

http://www.informationweek.com/security/government/want-nsa-attention-use-encrypted-communi/240157089

http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf

Comments are closed.