STAY ANONY­MOUS ON­LINE

WOR­RIED ABOUT LEAK­ING YOUR IDEN­TITY ON­LINE? NIK RAWL­IN­SON SHOWS HOW IT’S POS­SI­BLE TO STAY ANONY­MOUS WITH A FEW CLEVER TOOLS – AND A LIT­TLE COM­MON SENSE

PC & Tech Authority - - CONTENTS -

Wor­ried about leak­ing your iden­tity on­line? Nik Rawl­in­son shows how it’s pos­si­ble to stay anony­mous with a few clever tools – and a lit­tle com­mon sense

Google Chrome’s “incog­nito” mode used to open up with a warn­ing that, even while you were sup­pos­edly sur ng anony­mously, se­cret agents could still be track­ing your on­line ac­tiv­ity. Most of us smiled and dis­missed the idea as fan­tas­ti­cal; then Ed­ward Snow­den broke cover and wiped the smiles from our faces. That speci c dis­claimer no longer ap­pears, per­haps be­cause we’ve all learned our les­son.

It cer­tainly doesn’t mean the is­sue has gone away. On­line sur­veil­lance is still a con­stant threat, and there are plenty of le­git­i­mate rea­sons for want­ing to stay anony­mous on­line. So how can we en­sure that what we do in the pri­vacy of our browser re­ally does stay pri­vate?

The short an­swer is that we can’t What we can do, how­ever, is min­imise our ex­po­sure and make life as hard as pos­si­ble for would-be snoop­ers.

SIGN UP TO A VPN

Per­haps the sim­plest and most ef­fec­tive step you can take to pro­tect your pri­vacy is to sign up with a rep­utable VPN provider, prefer­ably one based overseas. This acts as an en­crypted con­duit for your in­ter­net ac­tiv­ity, so that your ISP and other Aus­tralian-based bod­ies can’t mon­i­tor what you’re do­ing – and it makes it a lot harder for the sites to trace where your con­nec­tion is com­ing from.

There are plenty of ser­vices to choose from, but our ad­vice has al­ways been to pay for a rep­utable VPN ser­vice. Free providers are by no means uni­ver­sally il­le­git­i­mate, but we’ve heard sto­ries of user data be­ing ac­ci­den­tally leaked, or de­lib­er­ately sold to fund op­er­a­tions – which un­der­mines the whole point.

Free providers may also insert their own con­tent into your traf c, re­plac­ing third-party ads with their own, which isn’t al­ways trans­par­ent and raises some trou­bling questions. At the end of the day, you need your VPN ser­vice to be 100% on your side, since they have the ca­pa­bil­ity, should they choose, to see ev­ery­thing you do, from read­ing your emails to track­ing your pur­chases on Ama­zon.

As long as you have picked a ser­vice you can trust, how­ever, a VPN of­fers great peace of mind. There’s a sup­ple­men­tary bene t, too: you can nor­mally route your con­nec­tion through servers in a va­ri­ety of dif­fer­ent coun­tries. This al­lows you to ac­cess con­tent that’s not gen­er­ally avail­able to Aus­tralian browsers, or see how your own site looks to in­ter­na­tional vis­i­tors – an

easy way to check there are no is­sues with page load­ing times, ren­der­ing or cen­sor­ship.

TURN TO TOR

Tor stands for “The Onion Router” – a name that hints at the mul­ti­lay­ered way it works, rout­ing in­ter­net traf c through mul­ti­ple servers be­fore nally pass­ing it on to its des­ti­na­tion.

There’s noth­ing new about the gen­eral idea of for­ward­ing traf c around in this way – that’s ba­si­cally how the whole in­ter­net op­er­ates. But Tor adds an en­cryp­tion el­e­ment, with each node that your data passes through de­crypt­ing a lit­tle more of the packet, like peel­ing away an­other layer of onion skin. By the time your re­quest reaches its des­ti­na­tion (the web­site you want to visit), it will have been fully de­crypted, but any­one try­ing to in­ter­cept it en route won’t have a com­plete record of your ac­tiv­ity. For the same rea­son, even the nodes that han­dle your re­quest won’t know pre­cisely where it came from.

Tor sounds like the per­fect tool for es­pi­onage – so it per­haps makes sense that it’s at least partly the prod­uct of the United States fed­eral govern­ment, hav­ing been orig­i­nally de­vel­oped at the United States Naval Re­search Lab­o­ra­tory and re ned by DARPA prior to its pub­lic launch in 2003.

There are questions, how­ever, over whether Tor is re­ally se­cure. Ear­lier this year, a vul­ner­a­bil­ity was found in the Tor web browser that could re­sult in users ac­ci­den­tally con­nect­ing di­rectly (and trace­ably) to their re­quested sites, with­out the bene t of Tor’s ob­fus­ca­tion. Uni­ver­sity re­searchers have found ways to work out the ori­gins of Tor pack­ets, and Europol has re­cently made some high-pro le ar­rests by suc­cess­fully ex­pos­ing the iden­ti­ties of Tor users – though,

un­der­stand­ably, the agency hasn’t gone into de­tail about its meth­ods.

If you want to give Tor a go, it’s easy: visit tor­pro­ject.org and you can down­load a browser (based on Fire­fox) for Win­dows, Ma­cos and Linux that routes all of the traf c through the Tor net­work, as well as clear­ing out cook­ies and brows­ing his­tory au­to­mat­i­cally. How­ever, if you pre­fer to stick with Chrome, you will nd a se­lec­tion of Tor ex­ten­sions in the Chrome Web Store.

Like a VPN, Tor doesn’t just en­crypt your data: it also con­ceals your lo­ca­tion and other

details about your con­nec­tion. When we used the Tor Browser run­ning on a Mac just out­side Syd­ney to visit iplo­ca­tion.net, we were identi ed as a Win­dows 7 user in Auck­land. Sub­se­quent at­tempts lo­cated us in Melbourne and Sin­ga­pore, so it’s go­ing to be pretty hard for any­one to re­li­ably track your on­go­ing ac­tiv­ity. The only catch is that Tor’s con­vo­luted rout­ing has a big im­pact on brows­ing speed – us­ing it can feel like a trip back to the days of the dial-up mo­dem.

For An­droid users, an­other op­tion is Or­web Pri­vate Web Browser, which routes re­quests over the Tor net­work.

FLUMMOX FINGERPRINTING

Stay­ing anony­mous on­line isn’t just about en­sur­ing your traf c can’t be in­ter­cepted. The sites you visit can keep records of your vis­its and build up an alarm­ingly de­tailed pro le of your in­ter­ests and ac­tiv­ity – even if you’re us­ing a sup­pos­edly pri­vate browser that doesn’t store cook­ies from one ses­sion to the next.

They do this by recog­nis­ing the de­vice you’re us­ing to con­nect. Af­ter all, there prob­a­bly aren’t many PCs out there with the ex­act same com­bi­na­tion of browser, mem­ory, graph­ics hard­ware, screen res­o­lu­tion and so forth. The dis­tinc­tive con gu­ra­tion of your com­puter acts like a nger­print, so you can be identi ed each time you come back to the site – and there’s not much you can do to change it. Even if you switch browsers, you’re only al­ter­ing one el­e­ment of your unique tech­nol­ogy mix. Un­less you also swap out the graph­ics card, pro­ces­sor and sev­eral other el­e­ments at the same time, it’s likely you’ll still be recog­nised as the same per­son.

The thing that’s sin­is­ter about

nger­print­ing is that it’s not lim­ited to a sin­gle site: nger­print data can be shared and sold, so even sites you’ve never vis­ited be­fore can iden­tify and track you as you move around the web – even if you’re not ac­cept­ing cook­ies.

There are ways to de­feat nger­print­ing. As we’ve seen, when you surf with the Tor browser, the server you’re con­nect­ing to sees the details of the exit point of your con­nec­tion, rather than the com­puter you’re sit­ting at, so it can’t build up a pro le. Us­ing a VPN isn’t so safe, though: your ap­par­ent lo­ca­tion changes, but in­for­ma­tion about your com­puter con gu­ra­tion is for­warded to the site you’re vis­it­ing.

You can re­duce your ex­po­sure to nger­print­ing by dis­abling Java Script, be­cause many servers

use Java Script rou­tines to gather their data. Un­for­tu­nately, this will also stop many sites from work­ing prop­erly. It’s also worth look­ing for browser ex­ten­sions that can block speci c

nger­print­ing tech­niques.

CRUNCHING COOK­IES

We all know that cook­ies al­low web­sites to store in­for­ma­tion about you, and if you value your pri­vacy it’s a sen­si­ble idea to clear them out reg­u­larly. But these aren’t the only sort of data that sites might store on your PC.

For ex­am­ple, when you ac­cess an Adobe Flash el­e­ment, data pack­ets called “lo­cal shared ob­jects” are saved onto your PC. These are man­aged by the Flash host, rather than the browser, so they may not be deleted when you purge your cook­ies, and they can be used to iden­tify you even if you switch browsers.

Flash isn’t as ubiq­ui­tous as it once was, but it’s still worth check­ing if you’ve got Flash ob­jects hang­ing around on your sys­tem by in­spect­ing the fol­low­ing lo­ca­tions (in File Ex­plorer, make sure “View hid­den items” is ticked) :

C:\Users\[you]\Ap­pData\ Lo­cal\Macro­me­dia\Flash Player\#SharedOb­jects\

C:\Users\[you]\Macro­me­dia\Flash Player\macro­me­dia.com\sup­port\ flash­player\sys\

If you’re us­ing Chrome, also check this folder:

C:\Users\[you]\Ap­pData\Lo­cal\Google\ Chrome\UserData\De­fault\Pep­per Data\Shock­waveFlash\Wri­ta­bleRoot\ #SharedOb­jects

An­other sort of cookie that isn’t eas­ily dis­lodged is the sin­is­ter “Ever cookie”. This track­ing le is dropped onto your PC by a Java Script app em­bed­ded in a web­site; it’s saved in the reg­u­lar cookie folder, but also du­pli­cated in more than a dozen lo­ca­tions across your PC. If you delete the cookie, the script will qui­etly re­in­state a copy from these lo­ca­tions, and the track­ing will con­tinue.

Ever cookie isn’t merely a the­o­ret­i­cal threat, though: ac­cord­ing to doc­u­ments re­leased by Ed­ward Snow­den, GCHQ in the UK and the Na­tional Se­cu­rity Agency (NSA) in the US have both shown in­ter­est in us­ing Ever cookie to track users across the Tor net­work. There’s no straight­for­ward, univer­sal way of purg­ing all of the Ever cookie data, al­though dis­abling Java Script should pre­vent deleted cook­ies from be­ing re­placed. If you’re con­cerned, a quick web search will yield a few ap­proaches to try.

A VPN en­crypts your net­work traf­fic, mak­ing it all but im­pos­si­ble for your ISP and oth­ers to spy on you

Graph­i­cal tricks can be used to “fin­ger­print” your PC – even if you’re not ac­cept­ing cook­ies The Tor Browser en­crypts your net­work traf­fic and routes it through many dif­fer­ent nodes to hide your lo­ca­tion

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.