In the first part of this feature we looked at some basic principles for retaining your privacy and staying secure online, in this second half we’ll look at some more advanced techniques for browsing the internet anonymously.
Anonymous web browsing
Staying anonymous while browsing the web is tricky. Everywhere you go your movements are being tracked and logged, whether it’s by an ISP or advertisers someone, somewhere is watching you.
However there are a couple of ways you can regain some privacy and anonymity with just a little effort.
Anonymous browsing with Tor
The Tor Project was created to provide secure, anonymous web access that could be utilised by anybody. It’s widely used by whistleblowers, political campaigners or just normal citizens in countries with oppressive internet policies to allow them to communicate freely without worrying about that early morning knock at the door.
Tor wraps web traffic in layers of encryption and routes the connection through a worldwide network of servers, terminating in an ‘exit node’ on the open internet. The servers in the middle can’t detect what you’re doing, web sites will only see the exit node IP address and your ISP will only pick up an encrypted connection to the very first Tor server.
If wielded correctly Tor offers a very high level of anonymity and privacy but it’s not a magic wand and careless use can breach its digital security blanket. It’s also important to note that Tor only protects traffic using applications configured for use with Tor, it will not work for any other activity.
Java and other scripts and plugins can bypass Tor and connect directly to your computer, revealing your true IP address to a web site, instantly rendering it useless. To get round this the Tor Browser Bundle blocks scripting and plugins by default. That means many web sites won’t function correctly, but if you install the plugins to use them it will compromise Tor.
You also need to be careful when browsing outside of Tor. There are sites run on Tor servers - denoted by a ‘.onion’ address - and because you’re still in Tor’s network these are totally anonymous and private. But once you connect to the real internet outside of the exit node you will lose your privacy if it’s not a secure HTTPS site.
While your ISP will still not be able to see your activities (since it’s coming back through Tor) the exit node could sniff your traffic, and indeed an experiment revealed that all kinds of sensitive data could be found this way.
Treat Tor like an internet cafe - browse the web to your heart’s content, but don’t enter your details into web forms or login to sites, even within .onion sites. That way you retain your anonymity and some privacy.
How to use Tor
For such a complex and powerful tool Tor is relatively easy to use.
- Download the Tor Browser Bundle
- Run the executable and choose a location on your hard disk to extract the files
- Run ‘Start Tor Browser.exe’
- Wait for Firefox Portable to load. Once connected to the Tor network you’ll see a confirmation message in the browser.
You can now start viewing web sites. Googling will reveal lists of secure .onion sites within the Tor network but beware that there is some very unsavoury and highly illegal content hosted on .onion domains, though you’re unlikely to stumble across it accidentally. Just watch where you click; Tor sites tend to do what they say on the tin and make no efforts to hide what they’re offering.
A Virtual Private Network shunts your entire connection through an encrypted server, hiding it from your ISP and disguising your true IP address to the rest of the world.
By itself a VPN is an excellent security measure as it can be used to access email, online banking and other sensitive sites when using a public connection since anybody monitoring will see nothing but a stream of encrypted traffic. But the combination of Tor plus VPN is about as secure as you can get for web browsing without resorting to a spy movie level of paranoia.
Connect your computer to a VPN, then load up Tor. Even if you access unencrypted sites they’ll only ever see the VPN’s IP. The VPN will also protect any other traffic to and from your computer, not just web browsing activity.
The weak link of a VPN is the service operator itself. While they will frequently claim to offer an anonymous service the majority ask for your name, address and payment info in order to sign up. They also say they don’t log data, but you’ve got no guarantees on that one.
However, the chances of anyone going through the effort of monitoring a connection secured with both Tor and a VPN are very slim. It is possible that an attacker could go directly to the VPN provider to sniff your traffic, but you’d have to be doing something extremely illegal to set off such a major criminal investigation and if it’s gone that far you’re beyond help.
If you’d like to try out VPN, Hotspot Shield and VPNReactor both offer free services (with some limitations of course). When it comes to purchasing a VPN service, check out TorrentFreak's guide which details the privacy levels of some of the biggest VPN packages.
If you regularly travel abroad or use public internet connections and need access to your email and other data a VPN is highly recommended to ensure your communications stay private.
A proxy acts as the middle man between your connection and a site or service you’re trying to access, masking your IP from the destination.
That’s the theory anyway, but proxy servers are riddled with holes and offer very little in the way of real anonymity or privacy. Like Tor, Java and other plugins can expose your true IP when going via a proxy, but more seriously there’s the danger of the proxy operator capturing traffic and recording data, and the proxy may not offer a HTTPS connection so traffic can be monitored from your ISP's side as well.
A proxy server is useful for bypassing geographical restrictions - using a US proxy to view streaming video normally only available to US residents for example - and is handy for accessing web sites which have been blocked, but they cannot be trusted with anything that might be at all sensitive or personal. You should never enter your personal details into a web form or login to any private service while connected to a proxy.