20 June 2014

HOW TO ANONYMIZE EVERYTHING YOU DO ON THE INTERNET; AND, STAY ‘HIDDEN’ IN PLAIN SIGHT

June 17, 2014
How To Anonymize Everything You Do On The Internet; And Stay Hidden In Plain Sight


Andy Greenberg has an article today (June 17, 2014) on the website Wired.com, “How To Anonymize Everything You Do On The Internet.” He begins by noting that “one year after the first Edward Snowden revelations, cryptography has shifted from an obscure branch of computer science, to an almost mainstream notion. It’s possible, user privacy groups and a growing industry of crypto-focused companies,” tell Wired, encryption on the Internet of Things is increasing in use, sophistication, and scope.

“Encryption,” Mr. Greenberg writes, “can hide the content of messages; but, not who’s communicating. Use of cryptographic anonymity tools to hide your identity, is becoming increasingly sophisticated — allowing savvy Internet users to truly remain hidden. “Though it’s hardly the sole means of achieving anonymity online,” adds Mr. Greenberg, “the software known as ToR, has become the most vouchsafed and developer-friendly method for using the Internet — incognito. The free, and open-source program triple-encrypts your traffic; and, bounces it through [a maze] of computers [and routers] around the world — making tracing it vastly more difficult [and time-consuming]. Most ToR users know the program as a way to anonymously browse the web. But, it’s much more,” contends Mr. Greenberg. “In fact,” he says, “ToR’s software runs in the background of your operating system and, creates a proxy connection that links with the ToR network. A growing number of apps and even operating systems provide the option to route the data over that connection, allowing you to obscure your identity — for practically any kind of online service.”

“Some users, in fact,” Mr. Greenberg adds, “are experimenting with ToR in almost all their communications.” “It’s like being a vegetarian, or a vegan,” says Runa Sandvik, a privacy activist and, former developer for ToR. “You don’t eat certain types of food, and for me — I choose to use ToR only. I like the idea that when I log onto a website, — it doesn’t know where I’m located, and it can’t track me.”

How To Use The Growing Array Of Anonymity Tools To Protect More Of Your Life Online

Web Browsing

“The core application distributed for free by the non-profit ToR Project, is the ToR Browser, a hardened, security-focused version of FireFox, that pushes all of your web traffic through ToR’s anonymizing network” wrote Mr. Greenberg. “Given the three encrypted jumps that traffic takes between computers around the world, — it may be the closest thing to true anonymity on the web. But, it’s also rather slow,” he adds. “But, the ToR browser is getting faster,” says Micha Lee, a privacy-focused technologist who has worked with the Electronic Frontier Foundation — one f the organization’s that funds the ToR Project — and, First Look Media. For the past month or so, Mr. Lee has tried to use it as his main browser — and, only switch back to traditional browsers occasionally, mostly for flash sites, and others that require plugins. After about a week, Mr. Lee said the switch was hardly noticeable.” “It may not be entirely necessary,” he added; “but, I haven’t found it that inconvenient either. And, it does have real privacy benefits. Everyone gets tracked everywhere they go on the Web. You can opt out of that,” he contends.

“The simplest way to send an anonymous email,” writes Mr. Greenberg, “is to use the webmail service in ToR Browser. Of course, he says that requires you to sign up for a new webmail account without revealing any personal information, — a difficult task given that GMAIL, OUTLOOK, and Yahoo mail all require a phone number.

Runa Sandvik suggests Guerrilla Mail, a temporary, disposable email service. Guerrilla Mail allows you to set up a new, random, email address, with only a click,” writes Mr. Greenberg. “Using it in the ToR browser — ensures that no one — not even Guerrilla Mail, — can connect your IP address with that ephemeral email address.”

“Encrypting messages with webmail can be tough,” he acknowledges and, “often requires the user to copy and paste messages into text windows, and then use the PGP to scramble and unscramble them. To avoid that problem, Mr. Lee suggests a different email setup, using a privacy-focused email host like RiseUp.net, the Mozilla email app Thunderbird, the encryption plugin Enigmail, and another plugin called TorBirdy — that routes its messages through ToR.”

Instant Messaging

“Adium, and Pidgin, the most popular MAC and Windows instant messaging clients that support the encryption protocol OTR, also support ToR. But, the ToR Project is working to create an IM program specifically designed to be more secure and anonymous. That ToR IM client, based on a program called Instant Bird, was slated for release in March of this year, but is behind schedule. The program is now scheduled to be released next month (July).”

Large File Transfers

“Google Drive, and Dropbox don’t promise much in the way of privacy; so, Lee created Onionshare, open-source software that lets anyone send big files via ToR. When you use it to share a file,” Mr. Greenberg says, “the program creates what’s known as a ToR-Hidden Service — a temporary, anonymous website — hosted on your computer. Give the recipient of the file the .onion address for that site, and they can securely and anonymously download it through their ToR Browser.”

Mobile Devices

“Anonymity tools for [mobile] phones and tablets, are far behind the desktop,” notes Mr. Greenberg, “but, catching up fast. The Guardian Project, created an app called Orbot, that runs ToR on Android. Web browsing, email, and IM on the phone can all be set to use Orbot’s implementation of ToR as a proxy.”

“Apple users don’t yet have anything that compares,” says Mr. Greenberg, “but, a 99 cent app called Onion Browser in the iOS app store offers anonymous web access from iPhones, and iPads. An audit by ToR developers in April revealed; and, helped fix some of the program’s vulnerabilities. But, Sandvik suggests that prudent users should still wait for more testing. In fact, she argues that the most sensitive users should stick with better desktop ToR implementations. “If I were in a situation where I needed anonymity, mobile is not a platform I would rely on,” she said.

Everything Else

“Even if you run ToR to anonymize every individual Internet application you use, your computer might still be leaking identifying information online,” writes Mr. Greenberg. “The NSA has even used unencrypted Windows error messages sent to Microsoft to finger users and track their identities,” he writes. “An attacker can compromise a web page you visit and use it to delver and exploit — that breaks out of your browser; and, sends an unprotected message revealing your location.”

“So for the truly paranoid,” Mr. Lee and Ms. Sandvik recommend using entire operating systems designed to send every scrap of information they communicate over ToR. The most popular ToR OS is Tails — or, — The Amnesiac Incognito Live System. Tails can boot from a USB stick, or DVD, so no trace of the session remains on the machine, and anonymizes all the information. Snowden associates have said the NSA whistleblower [leaker] is himself a fan of the software.”

“For the even more paranoid,” writes Mr. Greenberg, “there is a lesser-known ToR enabled OS called, Whonix. Whonix creates multiple “virtual machines,” on the user’s computer — software versions of full computer operating systems that are designed to be indistinguishable from a full computer. Any tracker trying to compromise the user’s computer will be confined to that virtual machine. That virtualization trick underlines an important point for would-be anonymous Internet users,” Lee says. “If your computer gets hacked, the game is over. Creating a virtual sandbox around your online communications is one way to keep the rest of your system protected.”

“ToR is awesome, and can make you anonymous,” concludes Mr. Lee. “But, if your endpoint gets compromised, your anonymity is compromised too,” he added. “If you really need to stay anonymous, you also need to be really secure,” he said.

How To Hide In Plain Sight On The Internet

New York Times writer, Somini Sengupta, had an article in the July 18, 2013 edition of her newspaper wrote that, “with no fail-safe technological tricks to minimize your digital footprint, a cottage industry of sorts is emerging — with a variety of sophisticated “tools” to hide your identity as well as what you are accessing and emailing.”

Password managers are now storing this information in an encrypted safe, “to which only you (the customer) has the key.” Ms. Sengupta notes that DashLane, LastPass, and RoboForm all have digital tools available in this area. Apple’s new operating system, iOS7, includes a so-called Password Generator that can produce “a unique, hard-to-guess password,” as well as “remember it for you.”

Two-step authentication/authorization is another safeguard that is becoming more the norm than the exception — with Google, Yahoo, and LinkedIn — among others — offering this option.

Tracker blocking tools let you see the companies/people tracking your activities on the Web and then blocks them if you wish. How foolproof this technology really is and whether or not the company/person attempting to track you — can employ their own cyber “cloak device,” was left unanswered. I suspect these techniques work against 80% of the “problem,” but for the sophisticated hackers and Nation-States — I suspect they have the technical knowhow to eventually penetrate this cyber “maginot line.” Some of the most popular tracker blocking tools include Ghostery, Disconnect, and Abine.

Silent Circle, offers encrypted phone, text messaging, encrypted file transfer and encrypted video chat services.

OffTheRecord offers an encrypted instant messaging service while RedPhone encrypts calls from end-to-end and keeps no data on itself — meaning no cell phone carrier can keep a record of the conversation nor, comply with a wiretap order or law enforcement inquiry.

KoolSpan and Secrypt both offer downloadable encrypted apps that prevents snooping or accessing your cell phone data; but, as with all of these tools — nothing is perfect and there are also the laws of unintended consequences. Bad guys can employ these same tools and, when using an encrypted phone — law enforcement would have to go through the company in order to break the encryption — in any kind of timely fashion. Thus, if you were in a situation where you needed 911 assistance — you better hope you are capable of telling the first responder where you are — they won’t be able to ping your phone. Perhaps in time there will be a 911 over-ride; but for now, you have to weigh the pros and cons for all the above. Also remember, unless you live in a cave and/or operate totally disconnected from the net — it is very difficult to stay hidden — if someone with deep enough “pockets” wants you to be found. V/R, RCP.

No comments: