Wang Products
Articles

You can view/search all past articles by clicking here


Most Read Articles:
Click here to access our RSS/XML feed
 

Related Links



 
FAQ Article: Basics of remaining anonymous on the net

The Internet is a realm of information. Anyone can go online and find out about any subject that interests them...but how much can they find out about you?

The answer - more than you would think! Lets take a normal example...a friend sends you an address of a web site to go to, say www.example.com - and you go there. Now, the owner of the www.example.com can look in his server logs, and if he wanted to - determine the following things about you:


  • What Internet Provider you use (i.e. Aol, Virgin etc.)

  • Your IP address (which uniquely identifies your connection to the ISP)

  • What Operating System you use (e.g. Windows 98)

  • What browser you are using (e.g. Netscape, Internet Explorer)

  • Where you are in the world (e.g. UK, America, Japan, and probably which city you are in)

  • Your screen resolution (e.g. 640 x 480)

  • The URL you were visiting before you went to www.example.com (e.g. www.barbie.com )

  • And more....



For proof that this is possible - go to http://www.anonymizer.com and look at what they know about you already! Visiting a web site is not the only way someone can get information about you though. Everytime you are on IRC, ICQ, AIM, Online gaming, Email etc. etc. you are giving away more information about yourself.

How is this possible??

Well, your computer is making a connection with the web site right? So, for that web site to send you information - it needs to know your IP address. Bang! it has your IP, which it can then convert to a hostname and see what ISP you are with.

The site needs to have information like your browser name and version, screen resolution, operating system etc. so that it knows how to correctly display the page for you. For example, some sites look very different in Netscape and Internet Exploder, so sometimes the site will have two version of the site - one for each.

It will then perform a check on your computer to find which browser you are using, and then display the right version of the site. Useful huh? Well, the problem is - any site can get that information just simply because it wants to know more about you :)

Java/javascript also has commands and functions that will find out information about you, and cookies are a wealth of information to the web site owner.

Don't forget browser holes and exploits as well - if your outdated browser has an exploit, they may be able to exploit it and get more information.

What can I do to stop them finding out this information??

There are many different levels you can take this to...we will start off simple, and get more paranoid :)


Proxies

Ok, so proxies aren't strictly for making you more anonymous - but they do. Proxies are meant to be there to speed up your Internet connections. If you need to contact some site on the other side of the world - you will probably find it is a bit slow. So, instead you use a proxy.

Your web site request goes through to the proxy (which will hopefully be located a bit closer to home, try and pick a proxy in your own country) which then checks its cache to see if any of its other users have accessed that page recently. If they have, it can then perform a simple file size check at the site (to make sure the page it has is still up to date) and if its ok, it can send it to you. And all that should take less time than you contacting the site yourself.

So how are proxy servers anonymizing you say? Well think about it - do you actually make any contact with the web site? No...the proxy does it all for you. Therefore, the web site won't be able to get any information on you.

There are some exceptions, as some proxies aren't completely anonymous (they may pass some data across to the site), but the way to check this is to use the proxy to go to a test page like the one at www.anonymizer.com and see if they come up with your details, or the proxy servers details.

To get a proxy, you can either:


  • Ask your ISP if they have a proxy server for you to use

  • Find a public proxy, there are lists all over the net

  • Do a search at a good search engine for "public proxy servers" or similar.



Also, there are different kinds of proxies for different kinds of Internet activity. For example, you can get HTTP proxies for web browsing, FTP proxies for accessing FTP servers, Socks proxies for telnet and IRC etc. etc.

These different proxies usually use different ports to each other. HTTP proxies are usually something like ports 8080, 8010, 1080, 80 and Socks usually use 3128, 1080.

For more information about proxy servers - see our other FAQ article "what is a proxy server?".


Encryption

If you ever get your computer hacked by someone over the net, or someone hacks your email - they are going to be able to go through the private information. Encryption is a way of making your private files and emails un-readable to anyone who doesn't know how to decrypt them.

Obviously, some encryptions are trivial and can be cracked in minutes (caeser shifts, XOR encryptions, character substitutions etc.). However, there are encryptions out there that are very very strong. And your average script kiddie who breaks into your mail will not have a chance in hell of decrypting it.

See our article "what is PGP / GnuPG?" for more information.


Web based email accounts

Generally, web based email is good to use. You can sign up for a web based email account, and you don't really need to give them any personal details. http://www.hotmail.com is an example of a web based email service.

Ever been to http://www.hushmail.com ? They are an anonymous web based mail service. And they offer very strong email encryption as well. Basically, when you use your hushmail account to send a mail - your IP address is not included in the email headers (see hack faq 2 for a description of email headers) which means that the reciever of the mail can't trace you back to your ISP - they can only trace you back to hushmail. However, hushmail do not keep any details about you - so effectively you are anonymous. Also, the service is quite nice :)


Spyware / Adware

Spyware is any software that covertly gathers user information through your Internet connection without your knowledge, usually for advertising purposes.

Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware.

You should scan your PC regularly to remove Spyware/Adware using a scanner such as Ad-Aware.


Cookies

You may have heard people ranting about cookies, but what are they?, and why might you not want them?

When you visit a web site, it is entirely possible that the site could place a cookie on your computer. A cookie is basically a piece of information, stored in a file on your computer. These files are refered to as cookies, or cookie files. Basically, the site can put whatever they want in the cookie, and then access the cookie again when you next go back to the site.

Why do this you ask? Well, its simply for convienience. Ever logged into a web based email service - and then found that next time you go back there it automatically has your login name entered for you? or ever been to a web site which actually tells you how many times you have visited the page before? The site knows this because the information was stored on your computer.

Netscape and IE both have facilities for cookies - and in both browsers you can turn cookies off using the options. However, you will suddenly realise how many web sites use cookies - and how many web sites get annoyed when they can't use cookies on you.

It may also be worth mentioning that some cookies are only present for the time that you have the browser open - these are generally used for security purposes, like when you login to your web based email, and then goto another site, and then go back to your mail - it might want to check the cookie to make sure you are the same computer that accessed the mail a short while ago. So think carefully before turning cookies off. I also believe that IE (and I think Netscape?) has the facility to ask you whether or not to accept the cookie each time a site tried to use one on you.


I am really paranoid - what can I do?

Ok - so you want to take it a stage further? Well, this is actually a good idea anyway. Here we go:


  • Get a personal Firewall - There are loads out there and some of them are free for personal use. Just do a search in a search engine and you should find some - Zonealarm at http://www.zonelabs.com is a good example.

  • Switch off java/javascript. Your browser will have an option for this.

  • Turn off cookies. Your browser will have an option for this.

  • Use Proxomitron or Privoxy. Basically, these are web filtering programs. You can set it up so that it also sends back 'altered' http headers - so you can fake what browser/operating system etc. etc. you are using.
Posted on: 22-10-2000
Article has been viewed 78485 times
 
Comments
Comment by me - 09-07-2007

Very helpful! Thanks!



Comment by Laura - 02-12-2009

How can I stop my name and address and phone number from appearing when I google my name and say white pages. How can I stop these white page and people directories from listing my address? Whatever happened to privacy?



Post a comment

Please use the form below to post your comments on this article. All comments will be reviewed by the admin before being published publically.


Your Name
Comment
  Please enter the code from the image below into the code box
Code
 
 

articles | security | software | music | links | request article | tea | contact us

Copyright © 2000 - 2005 www.wangproducts.com. All Rights Reserved.

Valid XHTML 1.0! Valid CSS!

Wang Products Articles Security News and Articles/FAQs Wang Products Software Guitar MP3 tracks by Wang Links