If you have significant reason to be concerned about your anonymity online, this installment will not be for you; please wait for the next installment. The methods described in this section are intended only for those who want to add a thin layer of anonymity on top of what they currently have (which is likely almost no anonymity).
Off the Shelf Solutions
There are quite a few excellent free and paid off the shelf solutions intended to protect your anonymity. And while each may offer a legitimate layer of protection, it is critical that you understand the risk you assume if you place all of your faith in the hands of a single entity. Should they be compromised, should they be corrupt, should they be monitored, should their product/service have serious unpublicized weaknesses, you would be potentially exposed. Only by combining these protections can you be sure you are truly anonymous; this will be covered in the next and more advanced installment. For now, if you need only minimal protection, you can explore these options alone.
The following are some of the popular and common options:
- Tor Browser Bundle
- SSH Tunnel (free/paid ssh tunnels)
- Open Proxies
- Xero Bank
I’ll attempt to briefly describe each and their role in your protection.
JonDonym is a brilliant approach to solving much of the problem of anonymity and access. It is designed from the ground up to be a means of protecting your anonymity and allowing people in repressive environments to access and share information. The technical details of how it works are beyond the scope of this document, I highly recommend visiting their site to learn the details if you are nerdly interested. I will do my best to provide a useful but crude and flawed description of the system.
To use JonDonym you download and run JonDo, formerly and sometimes still referred to as Java Anonymous Proxy (JAP). JonDo is a web proxy which when used with a properly configured browser will let your web traffic pass encrypted from your computer through your ISP through a series of JonDonym proxies located around the world before going to the website you requested. Your anonymity is protected through layered encryption, through the distribution of your requests, and through a blending of your requests with those of other people. The layered encryption makes it possible for there to be a separation between who knows who you are and who knows what data you are requesting and receiving. The first JonDonym proxy (mix server) that your JonDo proxy passes your request to cannot read the contents of your encrypted request, but it knows who you are, the IP from which the request came. That mix server passes the request with your identity encrypted in a way only it can read to the next JonDonym proxy who neither knows who you are nor what data you are passing. That data is then passed to an exit node which is able to decrypt your request, contact the website you wanted, and encrypt the response back to you, but it knows nothing of your identity. This response is then passed back through the chain. Further protection is provided because of the locations of the JonDonym servers, which are operated by different unrelated entities in different countries, and by the blending of your requests with others, such that traffic analysis would make it practically impossible for any government or private group to tie any requests to you.
The basic idea behind JonDonym is that you cannot place all your trust in any one entity. While each JonDonym server is required to sign legal documents stating they will be good shepherds to the bits they handle, and while they are periodically reviewed, there is always the possibility that one will be compromised. Because of the architecture of the JonDonym network and how your data is relayed through it any single failure in the chain nor any collusion between two of the three will not undo your anonymity.
It is very important to understand what protection JonDonym provides and what dangers it invites. Any data exchanged between you and a website not using the https protocol will travel unencrypted on the open internet between JonDonym exit node and destination website. That data could be monitored, and anything you include in that data could defeat the anonymity JonDonym has provided you (e.g., if you include your email address or name in a form, or if your browser is not properly secured and allows Java). It is vital that you use a properly secured and configured web browser to access your JonDo web proxy. JonDonym makes available the JonDoFox web browser for this purpose, which is a customized profile for Firefox with special plugins added. I strongly suggest you use only JonDoFox. A misconfigured browser will betray your anonymity.
JonDonym is both a free and a paid service. The free JonDonym service can only use two mix servers not three, so you will have reduced protection should one of the servers be compromised or should there be collusion. The free servers also handle more users and they will be slower in handling your traffic. JonDonym paid access is relatively cheap, and it can be purchased anonymously. I highly recommend purchasing access, current rates mean $12 will buy you access to about 3,600 web pages ($0.003 per page). The free service is good, and faster than solutions like the free Tor (described below), but your experience of the web will still be diminished, and you can support JonDonym and get a better experience at the same time.
While I strongly endorse JonDo, and believe them to be good and noble souls, having followed them since their early work on JAP, it’s important to remember that you should still not place all of your trust in one solution. JonDo can be combined with VPN, Tor, and other solutions to ensure that no single solution can betray your anonymity.
Tor Browser Bundle
Tor is a variation on the JonDonym theme. Rather than using officially sanctioned servers as JonDonym does, Tor relies primarily upon a peer to peer network to shuffle your data to its destination server. A peer to peer network is a network of decentralized personal computers like yours all working together towards a common goal of sharing information. When you run a Tor client on your computer it joins this peer to peer network and dynamically creates and manages these virtual circuits which will carry your data. This arguably may provide some additional protection through this decentralization but it also invites some trouble at the exit nodes. With no one vetting the exit nodes it is possible to position yourself as an exit node for the purpose of monitoring traffic you exchange on behalf of others and even modify that content before they receive it (if the connection was not https) in an effort to try to compromise the users.
One advantage of Tor is that you can let your Tor client act relay Tor traffic for others and act as an exit node, thereby making it plausibly deniable that you were the one accessing particular websites. There would be no way to distinguish your activity from those of others using your network. This obviously can invite problems as well. You would need to sell this argument to the government should your network be used to access illegal content, and that could be a difficult, costly, and ultimately futile sales pitch, best reserved for use by those whose networks are already shared. This plausible deniability may also be partly possible under JonDonym if you opt-in to relay traffic to help others bypass censorship, though without being an exit node all it could do is mask your personal use JonDonym.
Security aside, the biggest disadvantage of Tor is its profound sluggishness. The speed of your experience with Tor will all depend on the circuit created with your peers. If all of your peers are on broadband connections with minimal criss-crossing of the globe, the experience will probably be very tolerable (though still noticeably slow). Most of the time, however, you are not so lucky and using Tor will be at times agonizingly slow. It is not uncommon to experience 15 – 45 seconds delays in loading a single page.
Another issue with Tor, which may also occur with JonDonym (though I have not encountered it there), is that many sites block access coming from Tor exit nodes. They do this because the Tor service has been widely abused, including being employed to spread comment spam. Your anonymity is better protected when no one knows you are trying to be anonymous.
The Tor Browser Bundle is arguably marginally easier to set up and use than the JonDo/JonDoFox combo.
Tor can be a great tool in your toolbox, and if you have minimal privacy concerns, the Tor Browser Bundle is good as a stand-alone solution, though I would still recommend JonDonym over it for sheer speed alone. Anonymity is only as good as the likelihood that you’ll employ it, and a strongly negative experience with Tor may cause you to settle for no anonymity.
SSH is a secure command line client, like an encrypted telnet (if you know what that is). It allows you to connect to a remote server and use encryption so that no one monitoring your network activity (packet sniffing) will be able to capture your username/password or anything you are doing after you log in. The brilliance of SSH is that built in to the server/client system is the ability to tunnel network traffic, including most notably for our purposes my web browser traffic. I can thus make sure my web traffic gets from my computer to the tunnel end point unread and any sites I access will think my traffic is originating at this tunnel endpoint, not from the location where my computer is.
SSH tunnels can be useful even if you do not need anonymity. It can protect you from deep packet inspection and traffic shaping by your ISP. It can protect you when you are using an unencrypted public wifi connection. You can also set up an SSH server at your home to allow you secure access to your home computers from elsewhere.
In this layered approach to anonymity I use one or more SSH tunnels to create secure hops, bouncing my web traffic between servers located in different countries (some with complicated US relations) to ensure that were someone to want to compromise my security they would ultimately need to get the cooperation of multiple nations and internet providers unlikely to cooperate.
Creating an SSH tunnel means you need SSH access to a server, which you can get by paid or free means. I keep a few paid (but cheap) SSH shell accounts in my back pocket; these are typically far more reliable and faster than the free options. I never use the same paid shell account for more than one billing cycle (usually a month). I purchase access with an anonymous online credit card, an anonymous email, and using an anonymous connection. Failure to maintain anonymity at any time with any of these layers will place your entire anonymity at risk.
I do also use free SSH shell accounts, which you can find on free SSH shell lists. Often these site operators require you to jump through hoops to get these free accounts. Sometimes they want you to participate in their community, other times they want to force you to look at advertisements, but other times they appear to just give you the access without restrictions, often because they are a new service just starting out.
The mechanics of actually setting up the SSH tunnel is a bit beyond the scope of this document, and is probably a little too tricky for beginners. It is not difficult, but neither is it obvious. If you are interested there are many guides available to help you.
It is vitally important to understand that SSH was not intended for anonymity, that is an accidental benefit. Any anonymity you achieve through it requires a browser that will not betray your anonymity and a filter to scrub your web communication (like Polipo or Privoxy).
For Windows users the best, oldest, and free SSH client is PuTTY.
An open proxy is a proxy which is publicly usable by any user’s browser, allowing you to indirectly request a web page. Instead of connecting directly http://www.cnn.com your browser would ask this open proxy which would in turn contact http://www.cnn.com. This can provide some minimal protection.
Many open proxies exist, but they are usually accidentally available. The popular Apache web server has an option whereby it can act as a proxy. This feature is sometimes enabled by accident or as the result of a default setting in a particular install package of Apache. A number of sites maintain lists of these open proxies, the proxies being found by their site or other sites doing port scans (and tests). Other sites maintain their own set of proxies which they allow others to use; Pick A Proxy is one such example.
Open Proxies can have their role in anonymity but they should be used very carefully. You need to assume anything passing through an open proxy will absolutely be read. You have no reason to believe otherwise. These are randomly found servers which happen to relay traffic. They may be accidentally available or they may be there intentionally to spy on poor fools who happen to use them. Since these servers are often not intentionally open, the sysadmin may eventually notice loading caused by its use and may freak out since you are passing through his computer and network without his permission or intention. He may react extremely badly, he may immediately report the activity to whoever he can, or he may spy on the traffic before reporting the activity. You simply have no idea.
The only open proxies I use are ones which I know have been intentionally made open for the purpose for which I am using them. I still assume all data passing through them is being read, but at least it’s not going to be read by people angry that I am using their server/network. 🙂
There are several companies which sell access to high speed VPN servers. The beauty of VPN is that unlike proxies, with a VPN every single bit of network traffic that leaves your computer (except for local intranet traffic) will be bundled and sent through this VPN connection, emerging from and returning to some remote VPN server. With Tor, proxies, or SSH tunnels only web traffic (or in the case of SSH, data sent to the tcp port you configure) will be sent via the protected channel. Any misconfiguration, any connections which aren’t specifically handled, will be able to reveal your real IP.
You can purchase access to a VPN service anonymously using the anonymous online credit card and anonymous email, but they will know the IP from which you are connecting, so again, it can be a first link in the chain, but alone it does not give you true anonymity.
XeroBank is a customized browser bundled with access to the free public or paid semi-private Tor network. XeroBank began as Torpark, which was an early Tor Browser Bundle-like package. The Tor network you can pay for access to was supposed to bring improvements over the slow experience of traditional Tor, though I did not entirely understand how they claimed to deliver on this promise. If you are still using the normal Tor network at some point I would expect speed improvements to be minimal.
I have not personally paid to try XeroBank’s semi-private Tor network.
I was sufficiently unimpressed with their software that I did not feel the desire to pay for the experiment. Also, when I tried to download their xb Machine software, which is a virtual machine they make available which can run their browser, all I got over several weeks was a PHP error. My using the xB Browser was a largely unhappy experience. It seemed to change my regular Firefox plug-in settings (leaving disabled many plugins I want in my non-anonymous life) and gave me a generally worse experience than the Tor Browser Bundle.
I therefore cannot currently recommend XeroBank, but it remains something to watch. I believe they are gearing up for a new software release.
Download XeroBank Browser at your own peril.
The solution and level of protection you choose will largely depend on who you fear and how much you fear them.
If you fear your ISP, a VPN is the easiest solution. If you fear the RIAA or the MPA, a VPN in a foreign nation with lax rules is preferable. If you only slightly fear your national government, a VPN, SSH tunnel, JonDonym, or Tor may provide you enough of a solution. If you strongly fear your government or you’re not even sure who to fear, you may need a layered approach involving a combination of a VPN, multiple SSH tunnel hops, JonDonym, going into the Tor network.
For most people with only slight fears I recommend JonDonym over international VPN when you need anonymity and international VPN alone when you simply want protection from your ISP and the US government packet sniffers.
Coming in the next edition, a greater description of layering these approaches and an introduction to securing your computer and the traces your activity leaves using encryption, virtual machines, and more.
Additional Important Tools and Topics
Anonymous Online Credit Card
Many people do not know this, but you can get a truly anonymous Visa or MasterCard that you can use to purchase items or services online. Technically it is not a credit card but a debit card, but only a very few sites actually care about this distinction. These cards are to be found in your local grocery store of pharmacy in the display where they have gift cards. You take them up the counter and give them the amount of cash you want available on the card. There is a limit of $500; I believe this limit is a be be a regulation to control.
When you first use the card to make a purchase you supply whatever fake name, address, and phone number details you want and the card will work. Depending on the card they may store some of this information and require you to re-use the same name, address, and phone number for subsequent purchases. You can also often log in to the debit card’s web site to check your current balance and add or update your fake information.
Fake Email Account
You should create several fake email accounts that you can use to separately sign up with the different sites/services you will need. Some email providers will not let you create anonymous email accounts (e.g., Google now requires telephone or text message verification for each account). Yahoo mail does not require this.
It is vitally important that you never access the mail server using the same IP or with your cookies still in place fro having logged in to their service under a different account. If you fail to be vigilant about this they could use this information to determine all the accounts are tied to one person. And if you used those separate accounts to purchase different items like shell accounts or proxy access it would remove those layers of protection.