If you want to use the internet anonymously, you need to pay attention to a few simple rules to protect your identity and your system.
- Securing your system against malicious scripts, rats, and so on:
- Windows/Mac/Android/iOS Users:
- Use an antivirus software. There are several free AVS which are well known to be reliable: Kaspersky Rescue ISO(Any PC system, ISO which will boot as DVD/on USB an independent system based upon Gentoo which will detect and remove any kind of virus even any kind of Bundestrojaner and comparable), BitDefender(Windows/Mac), PandaAntivirus(Windows), Qihoo 360 Total Security Essential(Windows/Android/Mac), Avira Antivirus(Windows/Mac/Android/iOS), Avast Antivirus(Windows/Mac/Android/iOS), Malwarebytes Anti-Malware (Windows/Android), AVG Antivirus(Windows/Mac/Android/iOS), Comodo Antivirus(Windows), Ad-Aware Antivirus(Windows), Forticlient(Windows/Mac/Andorid/iOS), ZoneAlarm Antivirus(Windows), Kaspersky Security Scan(Windows/Mac/Android/iOS)
- Use a script blocker plugin for your browser like NoScript: you will get rid of adds, prohibit malicious scripts etc.
- Use firewall software. Mac users should use the integrated firewall. The following software firewalls are for free: ZoneAlarm Firewall(Windows), Comodo Firewall(Windows), Ashampoo Firewall (Windows,Android), NoRoot Firewall(Android), DroidWall(Android), AFWall(Android), Little Snitch(Mac)
- Or use a hardware firewall(Most Routers/Modems should have a software firewall integrated. You can build your own hardware firewall/router in our Ultra Low Budget Router Tutorial)
- Linux Users:
- IMA/EVM (Trusted Computing, Signing of files, core, modules, etc. | hindering any manipulation)
- Iptables (Firewall; anyways you have to write the rules by your own ;) )
- GrSec/Pax Kernel Patches (According actual kernel versions you need a license. There were a few jurisdictional disputes, since a few kernel devs were of the opinion that the GNU licenses were harmed by the GrSec patches. Other kernel devs like Linus Torwalds did not like that most plug and play functionalities might get constricted. Anyways this is not correct since all of those issues depend on the configuration of GrSec's patches; the GNU licenses are not harmed in any way.)
- SELinux (System directives/rules/multi user security (e.g. netboot pool pcs, etc.))
- RKH(Lynis) or other Root Kit Hunter scripts (scanning for rootkits and comparables)
Using Proxy Services:
- Leviathan Security demonstrated how to inject binary files on the fly by code caves as containers using a TOR Network proxy node. Therefor, you should have a virus scanner and process checking av/firewall/security software to spot injected threads. Comparing MD5 Sums is also crucial to identify any manipulation of the downloaded file.A simple SSL download will not ensure the validity of your download when weak ciphers are used for key exchange. There are possibilities of MITM attacks by non-visual SSL proxies, which then open up the possibility of manipulation of a binary file when it is transferred.
- Proxy services do not use (strong) encryption! This results in easy readable data transfer packages. The better choice is an encrypted VPN connection.
Staying anonymous using VPN/Proxy:
Logging into a social network account by Facebook,Google,Yahoo,Twitter,etc. will create tracking cookies used to track users actions. If you log into a Facebook account, for instance and then open up pages having a Facebook plugin implemented, Facebook will register that you have visited this page + exact URL + time and date of access, and so on . If you are using a Google account, any page with Google Analytics plugins, etc. tracks your visit/actions. By tracking, you could be specified as a malware user or similar using VPN services which were abused in the past. Using TOR you will maybe have a higher possibility of being labeled as a consumer of child porn material or similar. A different case is identity theft according to social networking: If your account got hacked, the attacker could use the same VPN service you were using to cover his tracks.
It is not recommend using Proxy or VPN Servers for accessing important accounts like online banking, social networking and similar. Even though the connection is encrypted there could be security flaws with your browser or the online banking server. You can check the SSL security of HTTPS servers with online tools like this: https://www.ssllabs.com/ssltest/analyze.html
Preventing DNS Leaks/Eaves Drop using VPN:
- If your connection is dropped client/server-sided, there might be a so-called eaves drop(revealment) of your current connections which will take place by the default route of your system (e.g. your service provider) -> this can be prevented easily if you are using no default route and/or a blackhole(Linux) for any other traffic which is not declared in your routing tables. (This also depends on the VPN software of your provider and/or the configuration you are using) If you are using a professional VPN Service having a secure Application, this problem should not occur.
Open Source users will have to check this! As follows, 4routing describes how to use static hosts (with a blackhole) for Linux users.
- To prevent DNS Leaks you should check your ethernet/wireless connection for having an external DNS configured (dynamic name server which is resolving the IPv4/v6 address of www.somedomain.com to xxx.xxx.xxx.xxx) (you could use 18.104.22.168, 22.214.171.124, 126.96.36.199, etc.). If this does not work for your provider since it is blocking external name servers, you can add your router IP as fall back solution.
- If you are using a VPN, check with tracert #target_ip/domain(Windows), traceroute/tracepath #target_ip/domain (Linux/Mac) the route of the traffic to #target_ip/domain. In some cases you are using IPv4 Tunnels but you are still connected by IPv6 with a default route in your routing tables which makes all traffic/DNS requests go through your IPv6 gateway.
Solution1: Disable IPv6 by device/systemwide/ or on your router (last will not work for any provider)
Solution2: Delete the IPv6 Routes
Possible side effects you should expect using VPN/Proxy Services:
- Most online services will check the geolocation of your IP and if the location differs, you might have to acknowledge your identity to gain access to your account(answer your security question, etc.).
- Access to some online services could be (temporary) blocked if the server was abused by hackers/bots/etc.
Posted at 2015-05-14 18:04:29
( updated at 2021-10-05 18:22:03 - cr4sh )