Man
Professional
- Messages
- 2,965
- Reaction score
- 488
- Points
- 83
Methods for hiding your IP address on the network.
Changing your IP address, for example, using Socks or VPN, is not enough, because there are many technologies that allow you to identify it, which must either be disabled on your computer or deceived. It would also be a good idea to change the transmitted HTTP headers, this will allow you to “knock down” the definition of the installed software and the geographic location of the computer. You can check your computer in more detail in the extended version www.whoer.net/ext
VPN (Virtual Private Network, virtual private network)
Externally, a VPN connection is not much different from connecting to a regular local network: applications will not feel the difference at all and therefore will use it to access the Internet without any settings. When one of them wants to access a remote resource, a special GRE packet (Generic Routing Encapsulation, general route encapsulation) will be created on the computer, which will be sent encrypted to the VPN server. The VPN server, in turn, will decrypt this packet, figure out what it is (a request to download some HTTP page, just transferring data, etc.), and perform the corresponding action on its behalf (i.e., reveal its IP). Then, having received a response from the remote resource, the VPN server will place it in a GRE packet, encrypt it, and send it back to the client in this form.
Continuous encryption of transmitted data is a key point in ensuring security. PPTP traffic can be encrypted using MPPE (Microsoft Point-to-Point Encryption, supports 40-, 56-, and 128-bit keys). This is a Microsoft protocol. Earlier versions were monstrously leaky and were easy to hack, in new ones, gross errors have been corrected, but Microsoft's attempts to do something in the field of cryptography cause nothing but laughter. New versions of their protocols are simply not particularly analyzed for holes.
OpenVPN is a free implementation of VPN technology, organized on the basis of the TCP/IP protocol stack generally accepted on the Internet. This guarantees the connection to work even with those providers that do not support PPTP (most often these are mobile operators that cut all GRE packets passing through GPRS and EDGE). OpenVPN also works even when you do not have a real IP address, unlike PPTP, which requires the simultaneous establishment of two network sessions.
OpenVPN has a number of advantages over VPN technology:
1. Adaptive data compression in the connection using the LZO compression algorithm. The data transfer rate via OpenVPN is higher than that of PPTP;
2. Supports flexible methods of client authentication based on certificates;
3. Use of one TCP/UDP port without binding to a specific port (in our case, UDP);
4. 2048-bit encryption provides unprecedented security, implemented through a permanent key.
Servers for anonymous VPNs are usually installed in countries that are most tolerant of hacking, spam, etc. (China, Korea, etc.). In most cases, there is an agreement with the administration, which, for a certain fee, undertakes to ignore complaints to the abuse service and not keep logs.
Proxy, SOCKS
A proxy server (from the English proxy - "representative, authorized") is a service in computer networks that allows clients to make indirect requests to other network services.
First, the client connects to the proxy server and requests a resource (for example, a file) located on another server. Then the proxy server connects to the specified server, receives the resource from it and transfers it to the client.
Which servers and which protocols we can access through a proxy depend on the type of this proxy, i.e. the protocol by which we access it. There are several types of proxies: HTTP proxy, SOCKS4, SOCKS5 and some others.
HTTP proxies are the most common, they are the easiest to find on the Internet, but they work only with HTTP (there are also https proxies), and they can insert the client's address into the request headers, i.e. they are not anonymous.
The SOCKS protocol is most notable for the fact that it encapsulates protocols of the transport layer, not the application layer, i.e. TCP/IP and UDP/IP. Since only these protocols are possible to work on the Internet, SOCKS can be used to work with any servers, including the same SOCKS ones, and thus organize chains of SOCKS servers. For the same reason, all SOCKS servers are anonymous - it is impossible to transmit additional information at the TCP/IP and UDP/IP level without disrupting the operation of the higher protocol.
Another thing to note is anonymizers - they look like a regular search engine, only instead of words/phrases you need to enter the URL of the site you would like to view. Anonymizers are scripts written, for example, in perl, php, cgi scripts.
A couple of useful programs for working with http proxies and socks:
1. SocksChain — a program that allows you to work through a chain of SOCKS or HTTP proxies (you need to remember that any proxy server, especially a free one, keeps a log. And a person who has the appropriate rights will always be able to figure out where you went and what you did, even if you use chains of 10 anonymous proxy servers in different parts of the world).
2. FreeCap — a program for transparent redirection of connections through a SOCKS server of programs that do not have native support for SOCKS proxies.
TOR Tor (The Onion Router) is a free (BSD) implementation of the second generation of the onion router (the so-called "onion (multilayer) routing"). A system that allows users to connect anonymously, providing the transfer of user data in encrypted form. It is considered an anonymous network that provides anonymous web surfing and secure data transfer. With Tor, users can remain anonymous when visiting websites, publishing materials, sending messages and working with other applications that use the TCP protocol. Traffic security is ensured through the use of a distributed network of servers called "multilayer routers" (onion routers).
Tor network users run onion-proxy on their machine, this software connects to Tor servers, periodically forming a virtual chain through the Tor network, which uses cryptography in a multilayer way (analogy with an onion - English onion).
Each packet entering the system passes through three different servers (nodes), which are selected randomly. Before sending, the packet is successively encrypted with three keys: first for the third node, then for the second, and finally for the first.
When the first node receives the packet, it decrypts the “upper” layer of the cipher (analogy with peeling an onion) and finds out where to send the packet next. The second and third servers do the same. At the same time, the onion proxy software provides a SOCKS interface. Programs running on the SOCKS interface can be configured to work through the Tor network, which, multiplexing traffic, directs it through the virtual Tor chain, which ultimately allows for anonymous surfing on the network.
There are special Tor add-ons for the Opera and Firefox web browsers.
SSH tunneling
SSH (Secure Shell) is a network protocol that allows remote control of a computer and file transfer. It uses encryption algorithms for the transmitted information.
SSH tunneling can be considered as a cheap replacement for VPN. The principle of this implementation is as follows: all network software on the computer is forwarded to the designated port (of your local host), on which the service is connected via SSH to the server (and as we know, the connection via SSH protocol is encrypted) and tunnels all requests; then all your traffic (no longer encrypted) can be forwarded from the server to a proxy (supporting tunneling) or socks, which transmit all traffic to the necessary addresses. The presence of a proxy or socks is not necessary.
What are the advantages of this system:
1. To organize this scheme, you do not need to install server software (since the SSH account and socks can be easily obtained on the Internet);
2. Since the traffic is encrypted and compressed during an SSH connection, we get a small increase in the speed of work on the Internet (this is true when the socks daemon is on the same server);
3. In the case when the socks server is on another host, we get an additional chain of servers that increase our security and anonymity.
JAP
A rather clever way to maintain anonymity was developed in one of the German institutes. A special JAP proxy program is installed in the user's system, which accepts all user requests for connections, encrypts (AES with a 128-bit key length) and sends them in a secure mode to a special intermediate server (the so-called mix). The fact is that the mix is used simultaneously by a huge number of users, and the system is built in such a way that each of them is indistinguishable for the server. And since all the clients are the same, it is not possible to identify a specific user.
Mixes are usually installed on a voluntary basis, mainly in universities that officially confirm that they do not keep any logs. In addition, chains of mixes are usually used, usually 3 mixes.
P2P anonymizers
Let's consider the example of the Peek-A-Boot network:
Peek-A-Booty is a distributed peer-to-peer network of computers belonging to volunteers from different countries. The network was created so that users could bypass restrictions imposed by local censorship and gain access to Internet resources prohibited in a particular country.
Each network node is masked, so that the user can send requests and receive information from specific IP addresses, bypassing censorship barriers.
The user connects to a special network where Peek-A-Booty operates. Several randomly selected computers gain access to the website and forward data to the one who sent the request.
All traffic on this network is encrypted using the SSL standard adopted in e-commerce, so everything looks like an innocent transaction.
I2P
I2P (abbreviated from Invisible Internet Project/Protocol) is open source software created to organize an anonymous overlay network and is applicable for web surfing, instant messaging systems, blogging, and file sharing. You can read more on their official website
Conclusion
Of all the methods we have reviewed, only TOR and P2P are completely free, while being highly reliable, but, unfortunately, are not convenient for everyday use and setup.
In terms of high security and ease of setup, OpenVPN is the leader, but its prices start at $15 per month. DoubleVPN technology is now becoming widespread, in which packets pass through two VPN servers. This is probably the fastest and most convenient solution to the issue of guaranteed anonymity, but the price...
An intermediate solution can be the so-called VPN analogue - SSH tunneling, for which only shell access is enough, which is very cheap, and the connection itself is configured, for example, through Putty. Unfortunately, the setup is not simple and labor-intensive, ease of use is also lame, so this is still an option for "geeks".
Non-standard methods for determining the IP address.
Cookies
In general, an IP address cannot be determined using Cookies. However, when you first enter a website, the client's IP address (determined by the server, i.e. IP proxy) can be saved by the server in Cookies. And the next time you enter the site, the server again determines your IP and compares it with the one saved in Cookies. And if the old and new IP addresses differ, the server can draw conclusions. And if you do not prohibit Cookies, no proxy will help you.
JavaScript
JavaScript - these are scripts designed to run active scripts on your computer. They are quite simple and have limited functions, but they can determine the real IP and many other browser settings.
The only solution may be to disable scripts in the browser.
Java
Java - unlike the previous one, is a full-fledged programming language and a program written in this language can easily determine your real IP.
There is only one solution for protection: completely disabling Java, since it has a lot of different network functions and it is problematic to prohibit them all.
ActiveX
These are full-fledged programs that run on the user's computer. Their capabilities are even better than the previous two. They can easily determine any browser settings and calculate your real IP address and even easily change proxy settings.
Protection from them is a complete ban on ActiveX.
If you have prohibited Cookies, execution of active scripts, Java and ActiveX, then it is quite easy to knock down such protection: you just need to build a site based on Java / JavaScript / Cookies / Action X, and then the user will have no choice but to allow all this in the browser.
But still, if you want to remain anonymous, and for Java / JavaScript / Cookies / Action X to be there - there is a way out. This is FIREWALL, in which it is necessary to prohibit all connections except for the connection with a proxy or VPN server.
Changing your IP address, for example, using Socks or VPN, is not enough, because there are many technologies that allow you to identify it, which must either be disabled on your computer or deceived. It would also be a good idea to change the transmitted HTTP headers, this will allow you to “knock down” the definition of the installed software and the geographic location of the computer. You can check your computer in more detail in the extended version www.whoer.net/ext
VPN (Virtual Private Network, virtual private network)
Externally, a VPN connection is not much different from connecting to a regular local network: applications will not feel the difference at all and therefore will use it to access the Internet without any settings. When one of them wants to access a remote resource, a special GRE packet (Generic Routing Encapsulation, general route encapsulation) will be created on the computer, which will be sent encrypted to the VPN server. The VPN server, in turn, will decrypt this packet, figure out what it is (a request to download some HTTP page, just transferring data, etc.), and perform the corresponding action on its behalf (i.e., reveal its IP). Then, having received a response from the remote resource, the VPN server will place it in a GRE packet, encrypt it, and send it back to the client in this form.
Continuous encryption of transmitted data is a key point in ensuring security. PPTP traffic can be encrypted using MPPE (Microsoft Point-to-Point Encryption, supports 40-, 56-, and 128-bit keys). This is a Microsoft protocol. Earlier versions were monstrously leaky and were easy to hack, in new ones, gross errors have been corrected, but Microsoft's attempts to do something in the field of cryptography cause nothing but laughter. New versions of their protocols are simply not particularly analyzed for holes.
OpenVPN is a free implementation of VPN technology, organized on the basis of the TCP/IP protocol stack generally accepted on the Internet. This guarantees the connection to work even with those providers that do not support PPTP (most often these are mobile operators that cut all GRE packets passing through GPRS and EDGE). OpenVPN also works even when you do not have a real IP address, unlike PPTP, which requires the simultaneous establishment of two network sessions.
OpenVPN has a number of advantages over VPN technology:
1. Adaptive data compression in the connection using the LZO compression algorithm. The data transfer rate via OpenVPN is higher than that of PPTP;
2. Supports flexible methods of client authentication based on certificates;
3. Use of one TCP/UDP port without binding to a specific port (in our case, UDP);
4. 2048-bit encryption provides unprecedented security, implemented through a permanent key.
Servers for anonymous VPNs are usually installed in countries that are most tolerant of hacking, spam, etc. (China, Korea, etc.). In most cases, there is an agreement with the administration, which, for a certain fee, undertakes to ignore complaints to the abuse service and not keep logs.
Proxy, SOCKS
A proxy server (from the English proxy - "representative, authorized") is a service in computer networks that allows clients to make indirect requests to other network services.
First, the client connects to the proxy server and requests a resource (for example, a file) located on another server. Then the proxy server connects to the specified server, receives the resource from it and transfers it to the client.
Which servers and which protocols we can access through a proxy depend on the type of this proxy, i.e. the protocol by which we access it. There are several types of proxies: HTTP proxy, SOCKS4, SOCKS5 and some others.
HTTP proxies are the most common, they are the easiest to find on the Internet, but they work only with HTTP (there are also https proxies), and they can insert the client's address into the request headers, i.e. they are not anonymous.
The SOCKS protocol is most notable for the fact that it encapsulates protocols of the transport layer, not the application layer, i.e. TCP/IP and UDP/IP. Since only these protocols are possible to work on the Internet, SOCKS can be used to work with any servers, including the same SOCKS ones, and thus organize chains of SOCKS servers. For the same reason, all SOCKS servers are anonymous - it is impossible to transmit additional information at the TCP/IP and UDP/IP level without disrupting the operation of the higher protocol.
Another thing to note is anonymizers - they look like a regular search engine, only instead of words/phrases you need to enter the URL of the site you would like to view. Anonymizers are scripts written, for example, in perl, php, cgi scripts.
A couple of useful programs for working with http proxies and socks:
1. SocksChain — a program that allows you to work through a chain of SOCKS or HTTP proxies (you need to remember that any proxy server, especially a free one, keeps a log. And a person who has the appropriate rights will always be able to figure out where you went and what you did, even if you use chains of 10 anonymous proxy servers in different parts of the world).
2. FreeCap — a program for transparent redirection of connections through a SOCKS server of programs that do not have native support for SOCKS proxies.
TOR Tor (The Onion Router) is a free (BSD) implementation of the second generation of the onion router (the so-called "onion (multilayer) routing"). A system that allows users to connect anonymously, providing the transfer of user data in encrypted form. It is considered an anonymous network that provides anonymous web surfing and secure data transfer. With Tor, users can remain anonymous when visiting websites, publishing materials, sending messages and working with other applications that use the TCP protocol. Traffic security is ensured through the use of a distributed network of servers called "multilayer routers" (onion routers).
Tor network users run onion-proxy on their machine, this software connects to Tor servers, periodically forming a virtual chain through the Tor network, which uses cryptography in a multilayer way (analogy with an onion - English onion).
Each packet entering the system passes through three different servers (nodes), which are selected randomly. Before sending, the packet is successively encrypted with three keys: first for the third node, then for the second, and finally for the first.
When the first node receives the packet, it decrypts the “upper” layer of the cipher (analogy with peeling an onion) and finds out where to send the packet next. The second and third servers do the same. At the same time, the onion proxy software provides a SOCKS interface. Programs running on the SOCKS interface can be configured to work through the Tor network, which, multiplexing traffic, directs it through the virtual Tor chain, which ultimately allows for anonymous surfing on the network.
There are special Tor add-ons for the Opera and Firefox web browsers.
SSH tunneling
SSH (Secure Shell) is a network protocol that allows remote control of a computer and file transfer. It uses encryption algorithms for the transmitted information.
SSH tunneling can be considered as a cheap replacement for VPN. The principle of this implementation is as follows: all network software on the computer is forwarded to the designated port (of your local host), on which the service is connected via SSH to the server (and as we know, the connection via SSH protocol is encrypted) and tunnels all requests; then all your traffic (no longer encrypted) can be forwarded from the server to a proxy (supporting tunneling) or socks, which transmit all traffic to the necessary addresses. The presence of a proxy or socks is not necessary.
What are the advantages of this system:
1. To organize this scheme, you do not need to install server software (since the SSH account and socks can be easily obtained on the Internet);
2. Since the traffic is encrypted and compressed during an SSH connection, we get a small increase in the speed of work on the Internet (this is true when the socks daemon is on the same server);
3. In the case when the socks server is on another host, we get an additional chain of servers that increase our security and anonymity.
JAP
A rather clever way to maintain anonymity was developed in one of the German institutes. A special JAP proxy program is installed in the user's system, which accepts all user requests for connections, encrypts (AES with a 128-bit key length) and sends them in a secure mode to a special intermediate server (the so-called mix). The fact is that the mix is used simultaneously by a huge number of users, and the system is built in such a way that each of them is indistinguishable for the server. And since all the clients are the same, it is not possible to identify a specific user.
Mixes are usually installed on a voluntary basis, mainly in universities that officially confirm that they do not keep any logs. In addition, chains of mixes are usually used, usually 3 mixes.
P2P anonymizers
Let's consider the example of the Peek-A-Boot network:
Peek-A-Booty is a distributed peer-to-peer network of computers belonging to volunteers from different countries. The network was created so that users could bypass restrictions imposed by local censorship and gain access to Internet resources prohibited in a particular country.
Each network node is masked, so that the user can send requests and receive information from specific IP addresses, bypassing censorship barriers.
The user connects to a special network where Peek-A-Booty operates. Several randomly selected computers gain access to the website and forward data to the one who sent the request.
All traffic on this network is encrypted using the SSL standard adopted in e-commerce, so everything looks like an innocent transaction.
I2P
I2P (abbreviated from Invisible Internet Project/Protocol) is open source software created to organize an anonymous overlay network and is applicable for web surfing, instant messaging systems, blogging, and file sharing. You can read more on their official website
Conclusion
Of all the methods we have reviewed, only TOR and P2P are completely free, while being highly reliable, but, unfortunately, are not convenient for everyday use and setup.
In terms of high security and ease of setup, OpenVPN is the leader, but its prices start at $15 per month. DoubleVPN technology is now becoming widespread, in which packets pass through two VPN servers. This is probably the fastest and most convenient solution to the issue of guaranteed anonymity, but the price...
An intermediate solution can be the so-called VPN analogue - SSH tunneling, for which only shell access is enough, which is very cheap, and the connection itself is configured, for example, through Putty. Unfortunately, the setup is not simple and labor-intensive, ease of use is also lame, so this is still an option for "geeks".
Non-standard methods for determining the IP address.
Cookies
In general, an IP address cannot be determined using Cookies. However, when you first enter a website, the client's IP address (determined by the server, i.e. IP proxy) can be saved by the server in Cookies. And the next time you enter the site, the server again determines your IP and compares it with the one saved in Cookies. And if the old and new IP addresses differ, the server can draw conclusions. And if you do not prohibit Cookies, no proxy will help you.
JavaScript
JavaScript - these are scripts designed to run active scripts on your computer. They are quite simple and have limited functions, but they can determine the real IP and many other browser settings.
The only solution may be to disable scripts in the browser.
Java
Java - unlike the previous one, is a full-fledged programming language and a program written in this language can easily determine your real IP.
There is only one solution for protection: completely disabling Java, since it has a lot of different network functions and it is problematic to prohibit them all.
ActiveX
These are full-fledged programs that run on the user's computer. Their capabilities are even better than the previous two. They can easily determine any browser settings and calculate your real IP address and even easily change proxy settings.
Protection from them is a complete ban on ActiveX.
If you have prohibited Cookies, execution of active scripts, Java and ActiveX, then it is quite easy to knock down such protection: you just need to build a site based on Java / JavaScript / Cookies / Action X, and then the user will have no choice but to allow all this in the browser.
But still, if you want to remain anonymous, and for Java / JavaScript / Cookies / Action X to be there - there is a way out. This is FIREWALL, in which it is necessary to prohibit all connections except for the connection with a proxy or VPN server.