So How Do You Browse Securely?

16 comments

Ever since the AOL data leak I've become much more concerned about about keeping my self hidden. My browser is set destroy all but a handful of cookies every time it closes, but what I'm really concerned about is IP tracking.

There's not much I can do about my ISP giving or reselling the data, and to be honest that's not who I'm worried about. What I am worried about giving all of the search engines any meaningful data about my browsing habits, and secondarily the websites I visit.

I've tried a number of proxy service software programs and have been less than thrilled with the results. The ones that work the best often route me through non-US ip's so my Google searches sometimes take me to a language I can't read. Some of the others interact in bizarre ways with security certificates in my browser throwing up continual warning messages making for a less than thrilling browsing experience. I've even tried the Tor service which is generating quite the buzz lately, however it slows my browsing down to dial-up like speeds.

I'm going to wager I'm not alone in looking for a more anonymous way to browse that's relatively painless, and relatively fast, so what are you using.

Editors note: I'm not opposed to commercial products being mentioned and discussed, however if you look, smell, act, or feel like a shill prepare to be edited.

Comments

Old Thread

Some bloke called NickW posted about this years ago - thread.

A while ago I tried findnot.com for a while. You get what you pay for, obviously, but it was time consuming trying to find one of their servers that was up for any length of time. And we had to use SocksCap due to firewall.

Depends on your ISP

Some ISPs with variable IPs will give you a different IP pretty much every time you connect - if this is the case cleaning cookies and reconnecting will make your history quite difficult to track. (On the other hand with other ISPs you pretty much get the same IP every time you reconnect.)

If you can find a large ISP with a goodly range of variable IPs that will give you a different IP at each connection, this is about as good as you will get. (BT in the UK is giving us 4 or 5 different C classes at the moment - this can be a real pain if you want to limit access to certain web apps to a set of IP addresses.)

..Thinks...

Better still would be to have accounts with two or more ISPs with variable IPs - okay it will cost you a bit and you may have to fiddle around with router logins, cabling and networking stuff to make it slick, but it would certainly solve the speed thing.

There are ways all users

can be tracked regardless of the proxies, firewalls, or other items being used to hide their identity. However 99.99% of the ad networks that would be tracking you do not employ those kinds of methods. So I'd say you're relatively safe with deleting cookies and making sure there is no spyware or adware on your machine.

BTW, you can be tracked even with session based IP's. Especially by the ISP that has asigned you the IP. They will always know who you are and can tie it back to you with each concurrent connection. It's called a MAC address....

In the near future...

Random idea: Someone could set up a bunch of proxies on Amazon EC2, which has DHCP assigned IPs...

I use lynx a lot, and try not to search for stuff that could be interpreted as private info...

Here are some useful anonymity links

Bookmarked them ages ago and never quite got around to reading them (obviously I didn't use a social bookmarking site... I'm paranoid)

http://www.wired.com/wired/archive/14.08/howtosecurity.html
http://www.theregister.co.uk/2001/11/14/doityourself_internet_anonymity/

live in a highly populated

live in a highly populated area with big apartment buildings then steal, i mean borrow a different wifi signal everyday.

as for the browser selection for the paranoid :)
use a non-ie browser and completely uninstall and reinstall weekly

ADSL accounts + no cookie storage + no flash storage + Linux

Most ADSL accounts have variable IPs. Its very easy to release and resubscribe the line. ATT/SBC has a huge network.

On the other hand, most cable connections give you a fixed IP, so there you will have to use proxies.

If you are super paranoid, you could always use dial up networks, and rotate through several ISPs.

Also, don't forget that flash can store data much like cookies.

But, I have to say, if you are really paranoid, why are you still using Windows?

Get yourself a Linux desktop, you could be extra paranoid and boot from a live Linux CD which minimizes the risk of OS corruption.

Years ago a dude did

Years ago a dude did something bad and caused a big problem on the web. His girlfriend Melissa was not directly involved. As things got out of control, a NIC appeared on a desk in the big open room, with no apparent owner. In a room full of world-class r&d geeks running all flavors of OS's, anything made of Si gets reused so that NIC should not have lasted for long. Yet, it did. It would disappear, only to reappear orphaned a few hours later. That poor NIC floated around the labs for weeks, with no owner, and no admitted knowledge of it's source nor destination.

That MAC went down in infamy.

Re: MAC address

Many routers have the ability to change MAC addresses too. Yet, routers between the host and the ISP are going to distort your MAC anyway.

All routers change mac addresses

All routers change the mac address from the original source. It is the way it works. You communicate with MAC address while on the local segment. When your traffic gets routed you pick up the mac of the router that has performed the routing. In the case of the virus author he was tracked due to MS Word embedding the MAC address into the document. They have since changed this in the newer versions and offer a tool to strip your mac from older documents.

I do computer forensics and security all day. Most everything is tracable. If you dont want to be tracked use someones wireless from a parking lot. Dont ever login to accounts from home. If your using hotmail - you need to create the account on the road and I repeat never login from your real IP address. It call all be traced. Even US based proxy services will cave in and provide logs..

Live Linux Distros are great because they dont leave any trace evidence on the computer. Windows leaves traces of internet activity all over the machine and makes it a PITA to clean up.

some choices

Not long ago I saw mention of lostinthecrowd.org - they work by submitting random searches for different things through search engines, using your cookie. The idea is that there'd be so much noise from your record in the search engine's logs, no one could then use those records against you.

I don't think Lost-in-the-Crowd is a very good concept for improving privacy, though. I imagine search engines hate it, for hitting them with utterly pointless, automated searches. And, I think it could be possible for a dedicated investigator to analyze to differentiate one's actual searches from the random ones. Not to mention, you might be held responsible for searches for content that you didn't even search for!

The prob with most proxy services is that you're just moving your need for privacy from the search engine over to another site. Likely, the best way to make your web browsing more private would be to use multiple proxies, so that portions of your browsing get distributed all over.

One really good option I've seen was developed by one of Yahoo's engineers: mozmonkey.com/switchproxy/. This allows you to easily use multiple different proxy services, and to easily switch between them from your browser toolbar.

Hey Lotto

Since you're here, how about an exhaustive listing of all the places that internet activity is stored on a Windows 200x system by IE6/7?

Yes, because

the router has a MAC address of its own. Not what I was referring to but point noted. It is possible to pull the exact MAC address of any machine sans the router's MAC address. Anyone using a browser leaves traces that can be tracked back to the source. My point is that proxies and IP spoofing alone don't make you safe.

A lot of us are more advanced users. The average user doesn't even know what Linux is. Until Linux is recognized for being used on more than just web servers - it's a Windows world - which leaves most ad networks open to track anything they like, within reason of course. Privacy issues can be nullified by using non-identifying data. Try to tell ISP's that however and it will fall on deaf ears.

I'm not so paranoid

I'm not so paranoid as to worry about MAC addresses and such, but for simple everyday surfing Cavency is my friend :)

Anonymous Browsing

Following a story in The Register , I took a look at Torpark . The Regs take on it is.

Quote:
Working in conjunction with The Onion Router (TOR) network, the tool anonymises a user's connection through encryption and constantly changing net addresses. This makes it incredibly difficult for ISPs to track an individuals web-related activity and location.

In other words it appears to be a variant/improvement on the setup that Graywolf quotes at the start of this thread.

Quote:
Download Torpark and put it on a USB Flash keychain. Plug it into any internet terminal whether at home, school, or public. Run Torpark.exe and it will launch a Tor circuit connection, which creates an encrypted tunnel from your computer indirectly to a Tor exit computer, allowing you to surf the internet anonymously. How much does Torpark cost? IT'S FREE.

..

I just downloaded Topark and have started playing with it... So far it looks very good, as far as privacy goes.

There is an addon to Topark that will change your PCs IP every minute and so far it works like a dream...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.