Let's talk a little about all the methods of anonymity that have been known for a long time. Useful material for both beginners and experienced.
Proxy servers
Globally, when they say a proxy server, they mean something that acts as an intermediary between the client and the addressee.
In the context of ensuring anonymity, proxy servers are:
- HTTP (web) proxy servers. Such servers pass only HTTP traffic through themselves, by default adding proxy usage data to the transmitted traffic;
- SOCKS proxy servers. Unlike HTTP proxies, SOCKS transmits all information without adding anything from itself. The SOCKS protocol is located at the session level of the OSI model, thereby achieving independence from high-level protocols: HTTP, FTP, POP3, etc., which allows SOCKS to pass all traffic through itself, and not just HTTP;
- separately worth mentioning are CGI proxies or "anonymizers", which are essentially a web server with a form where the client enters the address of the desired site. After that, the page of the requested resource opens, but the address of the CGI proxy is visible in the address bar of the browser. A CGI proxy, like any web server, can use https to protect the communication channel between itself and the client.
Pros of proxy servers:
- proxies are cheap, many free proxies can be found on the net.
Cons of proxy servers:
- you need to trust the proxy server;
- for an http proxy, you need to filter HTTP headers: "HTTP_X_FORWARDED_FOR: client, ip1 ...", HTTP_VIA, HTTP_FORWARDED, etc.;
- proxy protocols (http, SOCKSx) DO NOT support encryption between HTTP / SOCKS / Elite / Anonymous proxy and client. An SSL proxy only means that the client can work with https resources;
- proxy chains are ineffective: "Hi Proxy1, send my message:" forward to Proxy3; forward to Proxy4; forward to 'for Proxy2?” Thank you!;
- the need to configure a proxy server for each application or the use of separate programs-soxifiers, for example, Proxifier.
VPN / SSH
I'm going to talk about VPNs, and I mean SSH tunnels as well. Since, despite some differences, the basic principle is the same.
The following VPN protocols are currently offered by commercial providers:
- PPTP - the most widely used, fastest, easy to configure, but considered "least secure" compared to the rest;
- L2TP + IPSec. L2TP provides transport and IPSec is responsible for encryption. This bundle has stronger encryption than PPTP, is resistant to PPTP vulnerabilities, also ensures message integrity and party authentication;
- OpenVPN - secure, open source, and therefore widespread, allows you to bypass many locks, but requires a separate software client;
- SSTP is as secure as OpenVPN, does not require a separate client, but it is very limited in platforms: Vista SP1, Win7, Win8.
Almost all commercial VPN providers offer a choice of two protocols: OpenVPN and PPTP. Less commonly, L2TP + IPSec is offered. And very few offer the SSTP protocol.
Separately, it is worth noting the services that provide "DoubleVPN", when before going online, the traffic goes through 2 different VPN servers in different countries, or even "QuadVPN", when 4 servers are used, which the user can choose himself and place in an arbitrary okay.
An interesting study on the anonymity and reliability of commercial VPN servers was conducted by torrentfreak.com.
VPN providers were asked questions:
- Do you keep logs allowing you or a third party to map the ip address or timestamp to your client? If so, what data do you store?
- What jurisdiction does your company operate under and under what circumstances will you disclose your data to a third party?
- In case you receive a DMCA notice or its European equivalent, what do you do with it?
- What payment systems do you work with and how are they related to user accounts?
Summing up, it is worth noting that most VPN providers are unanimous in their answers: “The logs are not stored, and if they are, then they are stored for a very short time, it is impossible to calculate the subscriber from them. It is very difficult to put pressure on us and make us give out at least something ”. Of course, no other responses can be expected from services whose main purpose is to ensure user anonymity.
VPN / SSH Pros:
- fast and convenient, no need to separately configure applications.
Cons of VPN / SSH:
- you need to trust the VPN / SSH server / provider.
Tor. Great and terrible
Much has been said about Tor already, but I'll try to tell it simply
Tor is a router system in which a client connects to the Internet through a chain of nodes. As a rule, the chain consists of three nodes, each of them does not know the addresses of the client and the resource at the same time. In addition, Tor encrypts messages separately for each node, and open traffic is visible only to the egress router.
Tor is now 10 authoritative (governing) nodes, about 4,200 intermediary nodes, including approximately 900 exit nodes.
The picture shows a simplified diagram of the operation of Tor
I note that traffic goes back in clear text, at the output node it is encrypted with a temporary symmetric key and transmitted along the chain (yes, the traffic itself is encrypted using symmetric keys, and these keys are encrypted using asymmetric keys).
Tor abuse because they require too much of him: to safely transfer the network traffic of any application, the protection of the global observer, the privacy of transmitted data, etc. But it solves the main problem with their threat models :. A sufficiently high level of customer anonymity in transmission only http- traffic subject to all mandatory rules: www.torproject.org/download/download-easy.html.en
Pros of Tor :
- a high degree of anonymity of the client, while observing all the rules;
- ease of use (download Tor Browser Bundle, launch and use).
Cons of Tor:
- output traffic is monitored;
- low speed;
- availability of control servers.
On one of the forums, I found a poll regarding Tor. The number of respondents does not indicate the reliability of the results, but the winning answer is quite correct
The work of Tor is invariably accompanied by doubts of people about its reliability and anonymity. Now we will not analyze it in detail, I promise to do this in the next articles of the cycle, where I will describe in detail some important details of Tor and try to answer all the questions.
I2P
Many words have been said about I2P, I will be laconic and try to explain everything clearly.
I2P is an anonymous network that runs over the Internet. It has its own sites, forums and other services. By its architecture, it is completely decentralized, and ip-addresses are not used anywhere in I2P.
There are two main concepts in I2P:
- A "tunnel" is a temporary, unidirectional path through a list of nodes. Tunnels are inbound and outbound;
- "NetDb network base", which is distributed to one degree or another across all I2P clients. Its purpose is to store information about how the client can connect to a specific addressee.
The NetDb base stores in itself:
- RouterInfos - contact details of routers (clients), used to build tunnels (to simplify, they are cryptographic identifiers of each node);
- LeaseSets - contact details of recipients, used to connect outgoing and incoming tunnels.
At the beginning of 2013, I2P included 25,000 routers and 3,000 LeaseSets.
I'll tell you about the algorithm for the interaction of nodes:
Step one. The Kate node builds outgoing tunnels. It turns to NetDb for data about routers and builds a tunnel with their participation.
Step two. Boris builds the ingress tunnel in the same way as it builds the outbound tunnel. Then it publishes its coordinates or the so-called "LeaseSet" to NetDb (note here that the LeaseSet is sent through the outgoing tunnel).
Step three. When Kate wants to send a message to Boris, she asks for Boris in NetDb LeaseSet. And on outgoing tunnels forwards the message to the destination gateway.
I2P has the ability to access the Internet through special Outproxy, but they are unofficial and by a combination of factors are even worse than the Tor output nodes. I2P developers say: "If you want the Internet, use Tor."
Pros of I2P:
- a high degree of client anonymity;
- complete decentralization, which leads to the stability of the network;
- data confidentiality: end-to-end encryption between client and addressee.
Cons of I2P:
- low speed;
- "Your Internet".
Other means
In fact, there have been and are dozens of separate projects devoted to anonymity on the Internet, this is not counting "browser add-ons" and "programs for anonymity." It's just that other, less popular, solutions are either already compromised, or are not yet so popular, and therefore have not been studied by the world expert community to speak of their sufficient reliability. The following most promising projects are now actively developing:
- Freenet freenetproject.org
- GNUnet gnunet.org
- JAP (Aka John Donym, based on Tor) anon.inf.tu-dresden.de/index_en.html
- RetroShare retroshare.sourceforge.net
- Perfect Dark www21.atwiki.jp/botubotubotubotu
- Byzantium project - project-byzantium.org
- Netsukuku project - Networked Electronic Technician Skilled in Ultimate Killing, Utility and Kamikaze Uplinking: netsukuku.freaknet.org
- BATMAN project - Better Approach To Mobile Ad-hoc Networking: www.open-mesh.org/projects/open-mesh/wiki
Conclusion
In conclusion, I will quote from the main page of the I2P project: “ Anonymity does not have a definite threshold after which you can relax - we are not trying to create something“ completely anonymous ”, but we are working to make attacks on such a network more and more “expensive” for intruders ".
Indeed, the technical part is only a small part of anonymity on the Internet. It is important to understand that the reliability of each such scheme rests on means: material resources and time that can be spent on compromising it.
