We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Real Anonymity Discussion

yosan
yosan asked
on
Medium Priority
215 Views
Last Modified: 2013-12-04
Question about Anonymity - SSL

Hey peeps, I have been to many sites looking to talk about anonymity and what really can be done etc, in order to cover ones identity for different purposes, The first thing people tend to assume is that you are trying to cover some illegal activities which in many peoples case is true, I myself like to hide what sites I visit etc simply out of being paranoid about what data is collected about me which I give no authority for this to be taken.

Yeah it may be located in the 454th line of the agreement but a lot of sites say your privacy is our main goal, but I feel this is not the case as so many times my email address has probably been sold to spammers as well as information on what I like to look at etc.

This is the bases of the question, Now I understand a fair bit about anonymity on the whole, but would love input as elsewhere I have received peanuts to say the least.

First off, You may say to me proxies, Now When I first saw these I was amazed at the idea, that it really does cover your tracks in one respect but then I thought to myself, A log of your IP connecting to the server is most likely been logged, and therefore it is pointless as it does not really hide your details, I also thought to myself a lot of people may set up a proxy on their machine deliberately simply to sniff the traffic as it comes through.

This worries me greatly, as normal HTTP requests would be clear text, now I know the registration etc would be SSL, which would be hard to sniff as from my knowledge this would take a long time to crack (would love clarification on that) as I have heard in many areas that SSL is actually quite weak encryption.

Connecting to IRC for example, using a SSL connection would mean the traffic itself including the destination IP and source IP is blocked? Or is it simply inside the packet itself the data that is ciphered?.

Now yeah there can be many secure and insecure proxies, from companies
Leaving proxy servers open without realizing to people deliberately setting up honey pot like proxy servers. This leads me on to think that the best form of proxy would probably be in the middle east or ASIA if not eastern Russia or Russia as a whole due to the lack of stringent action lawfully wise. No one would really care what you were going on etc, as might be the case with a proxy in the United Kingdom or USA or mainland western Europe.

Next on the list of protection is,  chained proxies, now this seems much more secure from the outlook, as if you have to go through 5 different machines to get to a target location surly and correct me if I am wrong, the destination or source at each step would be anonymous (I can only think that a traceroute would show the original destination?, this being one thing I don't understand though, I mean do a traceroute on hwo to get to Microsoft.com and I know it has a TTL of 1 etc returns and then has 2 so it shows you the routers it passed to get to a location, but surly you cant do a traceroute on a specific connection? As in packet to determine how it got there?

Next form of anonymity is the applications like TOR and JAP and also anonymous applications such as Surf Anonymous, now are these really secure and safe?,,, Looking at the design of TOR, it looks really secure in terms of encryption and not knowing where the data originated from at each point, this is why I said in chained proxies do each of the hops as it were know where the data originated from as Id assume the proxy 3 for example only knows the data came from proxy 2.

Can TOR connections be sniffed actively just like normal proxies, I assume no as its encrypted along the way, but I have heard sniffing it and finding the original IP is possible, would need more clarification on that.

I guess the last form of anonymity on a client machine base, would be to use a shell, on another machine and do everything from that, although most of it is CLI I'm sure web browsing is possible? Would also need a few comments on that, as I know so many people use shells / bouncers on IRC, just a c: on another machine basically in CMD as my knowledge goes, not sure exactly how this works again, But I get the jist.

Even with this in place though logs are on that machine in question showing the connections and such, maybe if not with the application then in event logs, so one has to ask, if event logs are turned off on the remote machine and the application itself does not keep logs, is there any location in Windows that actually keeps logs.

To close this, and I know this is long winded, the best bet of total anonymity would to be using a laptop in a car accessing the net through another persons connection, but this only goes to show what your doing really is illegal.

So if your thinking, well what do you want me to say? I just want your input, your thoughts on what I have said and answers to the questions within this post.

Thanks ever so much
Yosan


Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Unfortunately, illegal purposes is why many people do indeed ask about staying anonymous on the internet. That doesn't speak for all people, however.

TOR networks are good to an extent... apparently there are ways to start figuring out who someone is when you're transmitting large enough volumes of data, so it's with its imperfections at this point. I think you have to sniff from points OUTSIDE of the TOR network to be able to get the IP so easily though.

Your weak point with SSL depends on the countries. For example, if another country is using US technology, there are limits on the strength of encryption that can be exported legally. Yet if someone in the US is using European technology, they can use unlimited strength (as long as the host country allows for exportation of high strength encryption) However, the data is encrypted and signed.

Hope this serves as a start... it's definitely not a 1-2 comment conversation, but it's also something one has to choose their words carefully on in order to ensure we're staying in an entirely legal, yet educational context.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.