A Simple Guide to Anonymity On the Internet

-Part 1-

Preface:

A good chance is that you have most likely heard of the expression, “Anonymity on the Internet.” What does it mean, why would you want this, and how does one become anonymous on the internet? To answer this we must realize that anonymity doesn't necessarily deal with “illegal activities.” Many people do not like to use their name or to give out their personal information to strangers because it can lead to potential problems later on. Whenever you request any information to be sent to you through the internet your identity is constantly being exposed. Information such as you name, location, and the time of the request is being remembered, or more technically described as “logged” on the internet by the party from which the information is being requested. So how can you help to protect yourself from stalkers, angry people, fraud, and identity theft? We will discuss some of the more basic ways of doing this in this handy guide.

Dynamic and Static IP addresses:

If you are using Dial-Up to connect to the internet, chances are you have a dynamic IP address. An IP address is assigned to you every time your computer connects to the internet. IP addresses are unique for each computer at a given time. What is the difference between a dynamic and a static IP address? A static IP is going to stay the same for your computer through a very long period of time. You can shutdown you computer, thus terminating an internet session if there was one, and then reconnect again and still have the same IP. Dynamic IP addresses, on the other hand, are going to be different every time you connect to the internet. As mentioned earlier, most Dial-Up internet connections have dynamic IP addresses. The pros of having a dynamic IP are that if a person with malicious intentions on his mind, finds your IP number by any means, it is possible to simply hang up (or disconnect) and reconnect again, thus gaining a new IP address and thus if the hacker wishes to do malicious activities with your old IP address he will not succeed. The cons of a dynamic IP are that if you are planning to make a web server it can be very tricky, because the address of your computer will keep on changing and you may not know for certain the IP of your server when you try to connect to it remotely. This, however, can be solved by using DNS services available for a fee. It is also quite tricky to set up large networks on dynamic IP addresses.

About Proxies

In this section we will discuss how it is possible to connect to other servers, which have certain ports open, and which give you access to them furthermore gaining the server's IP rather than your own. Although it may sound a little bit complicated at first, it really is quite simple. First off you need to find a place where you can locate constantly updated proxies. Some of the very good places on the internet where this information can be obtained are: http://www.atomintersoft.com/products/alive-proxy/proxy-list/ and http://www.samair.ru/proxy/realtime/. There are however, hundreds and possibly thousands of places where you can locate free public proxy lists. There are quite a few websites which offer proxy lists for which you have to pay in order to be able to view. If you have the extra money then you might want to go for it, but if not, then it is no problem- simply Google for the free legal proxy lists.

Strictly speaking there are two kinds of proxies; proxies that are anonymous and proxies that aren't. Truly anonymous proxies do not store your information anywhere when passing it to the server. While many proxies claim to be anonymous, it is a fact that most aren't. Proxies that are not anonymous will change your IP address, but still pass it with the information to servers.

Starting experimenting with HTTP proxies:

Note: Each browser is dependent on its own HTTP connection; therefore, if you are using Internet Explorer and have Firebird also, the settings which you put for IE will not work for Firebird. For the sake of the majority of the people using IE, I will demonstrate how to connect to an HTTP proxy in IE. Figuring out how to do this in other browsers shouldn't be very hard.

If you have a dial-up internet connection: Find a list of public proxies. Choose a proxy and take note of its IP address and port number. Open internet explorer and: Go to Tools>--Internet Options>--click on the connections tab>--click on settings . Note that this is NOT the same as LAN settings.>--Under the heading “Proxy server” check the little box and enter the before found IP of the proxy and the port of the proxy in the next box. >--Press Okay. If you have a hi-speed or LAN internet connection: Find a list of public proxies. Choose a proxy and take note of its IP address and port number. Open internet explorer and: Go to Tools>--Internet Options>--click on the connections tab>--click on LAN Settings . Note that this is NOT the same as settings.>--Under the heading “Proxy server” check the little box and enter the before found IP of the proxy and the port of the proxy in the next box. >--Press Okay. 

Now you can go to a website such as http://www.whatismyip.com and see what your IP is. It should tell you the IP of the proxy rather than your real one.

If your connection, after already being connected to the internet, does not work, then the most probable cause of this is that the proxy server is dead meaning that it is no longer online, is experiencing trouble due to high traffic/whatnot, or that you messed up on entering the proxy's IP address and/or the port number. Some proxy list resources include an option to check if proxies are online or if they are “dead,” meaning that they are off-line. Note that most of the proxies are not consistent in their connection/speed, so you may be having a very fast connection on one day and no connection or a very slow connection on the next.

What is Chaining Proxies and how is it Effective?

To really understand this you will have to understand how proxies and the retrieval of internet data work. If you already know this from whatever other source, then feel free to skip to the next paragraph. When you connect to a particular website all that basically takes place is your computer asking the server containing the data that you are asking for to retrieve certain information for you and possibly display it in a web browser. When you use a proxy then it isn't your computer that is asking the server for information. It is the proxy asking for information and then passing the information back to you. Proxies act like a middle-man and all of the information that you ask for with a browser is passed through the proxy before it reaches you. The process of using one proxy can be summarized with the following: you>proxy>server>proxy>you . You request the information from the proxy and the proxy requests the information from the destination server. The server then passes the information to the proxy and the proxy passes the information on to you. But how and why do the servers which you request information from know you? All servers store information about you. This information normally includes your IP and the date of the visit. Servers store this information in a file referred to as “log.” A proxy works almost like a regular server so if you use a proxy it also logs your IP. If somebody is seeking to find you and has the IP of the proxy that you use(d) then all that he or she has to do is come to the proxy owner and ask the owner to provide him with the logs. After being provided with the logs the person seeking to find you will analyze the logs and find your IP quite easily. The complication is that in order for this to work the owner of the proxy has to give the information to the seeking party or the seeking party will have no log to analyze. There are federal laws which make it mandatory for proxy owners to provide people with authority with logs in some countries. Most proxy owners do not want any trouble therefore they provide the personas asking for the logs with no problem. Yes, even the common day folk (if one asks nicely) sometimes. So what is the advantage of chaining multiple proxies? It is the fact that a person who is seeking to find your identity will have to go through much trouble to find it. He or she will have to contact each owner of the proxy that you have chained and ask them for the logs. Most of the time, when the seeking party gets to the second proxy owner's logs and starts analyzing them, the third proxy owner has already erased the logs from his server to free up some space. The diagram which depicts proxy chaining can be described as the following: you>proxy1>proxy2>proxy3>server>proxy3>proxy2>proxy1>you .

You, or anyone else, can chain as much proxies as they want; however, as you might guess the passing of information through several computers before it reaches you adds quite a large period of time, so your connection will get slower as you chain more proxies. Don't overdo the number of proxies you chain because your internet speed will become unbearably slow. Three or so chained proxies should be more than enough to hide your true identity quite well. If you are very concerned with your privacy then it is also best to find proxies in different countries when using the chaining technique so that it will be even harder for the seeking party to even ask for the logs, due to language barriers, local laws, racism, etc. Now unto the part on how chaining proxies is done.

Chaining HTTP Proxies with Your Address Bar

There are several ways to chain proxies, but the easiest (although not the most efficient) way is simply using your browser's address bar to do the work! How does this work? The answer is quite simple. This is the ‘pattern,' if you will, which you need to follow for chaining HTTP proxies via the address bar:

http://proxyname.domain.com/-_-/http://www.google.com

Here, the “proxy.domain.com” is to be replaced with the proxy's name, followed by the signs “-_-” another forward slash and then the destination location (in this case google.com). The above described method only went through just one proxy. Using the same principle we can chain multiple proxies. Here is the pattern one would use for chaining multiple proxies.

http://firstproxy.domain.com/-_-/http://secondproxy.domain.com/-_-/http://thirdproxy.domain.com/-_-/http://www.google.com

IMPORTANT: Even if one proxy in the chain is broken, the whole chain will not work and you'll have to go through a heap of trouble to find which one is broken; therefore, it is suggested that you don't chain more than three/four proxies at any one time.

Chaining Proxies in Your Browser's Settings

So you've learned how chaining proxies with a browser's address bar basically works. As you may have already guessed, it is rather annoying to keep on typing the whole chain over again if you wish to visit a different website. So is there a simple way around this? Yes. Simple chaining proxies within your browser's settings allows you to do this by the browser doing the whole work for you and you not having to type the whole proxy chain over again.

To do this: First find several live proxy servers, and write their IP addresses as well as port numbers down. Go to your proxy settings (refer to the “Starting experimenting with HTTP proxy servers” section of this paper if you don't know how to do this). In the proxy tab, instead of putting only one proxy, we will input several of them, which will all have their port numbers followed after their IP addresses and all separated by a space. The pattern which you should follow for this is:

111.111.111.11:80 222.222.222.22:8080 333.333.333.33: 3128

Things to keep in mind: Change the IP numbers of the above formulas to the ones that you have found earlier followed by their correct port number. Notice that you can use proxies which have different IP numbers as long as they pertain to that particular proxy (obviously). Also notice that there are no spaces in between the end of the proxy's IP number, the “:” and the port number; only after the port number there is a space if another proxy is following it. The rule of, “if one of the proxies is broken then the whole chain is broken” also applies here. Your IP address (for surfing at least) will always be that of the last proxy, so in the case mentioned above you IP would show up as 333.333.333.33 because it is the proxy that is requesting the information from the server.

Other Usage of Proxies

Using proxies in conjunction with surfing the internet isn't the only way to successfully apply them for anonymity on the web. There are some applications which depend on internet connections and can accept cache relays (another term for proxies). Some of these include FTP clients, chat clients, downloading programs and etcetera. You will need to explore the settings of these clients because all are different and it is almost impossible to provide instructions for each. Usually these settings are located in options with a title such as, “Firewall” or “Connections.” To take advantage of using proxies with these programs however, you will need to know that some proxies don't accept certain protocols or transfers.

Wingates

Wingates are installed on computers to allow shared connection. Wingates function the same way as proxies accept that they allow connections on port 23, which is the telnet port. If you like to have anonymity while using telnet to: access a shell account, connect to a website, use IRC, etc- then wingates are a must. So where can wingates be found? This is a rather hard question since there are very few places which provide wingate lists of public, legal to use wingates. Most of the times, in order to find wingates you will need to perform a port scan on a range of IPs. Note that in most places this practice is illegal and can in the worst case scenario wind you up being knocked off of your ISP. That being said, there are tools to perform scans for open wingates. My two favorite tools for this are WinScan and GateScan, both are free and easy to use programs. Why is there such a small number of wingates around? The reason in most of the cases is because one would have to be rather not security alerted to install a wingate on his or her machine and allow anonymous outside access.

Experimenting with wingates:

After you find open wingates then start up command prompt (DOS) and connect to the wingate by typing the following: telnet 111.111.111.11 23 –Replace the 111.111.111.11 IP with the correct IP of the wingate followed by the port number of 23 (although not necessary in most cases). You should then see something like this: WINGATE> -you have two options now. You can chain more wingates by simply typing the IP of the wingate followed by the port or you can start connecting to the destination source from within the wingate prompt. You can connect to the destination source by the means of telnet and your IP will be replaced by that of the wingate, henceforth it will gain you simple anonymity. Chaining wingates is highly recommended to guarantee you more security from your real identity being discovered.

SSL Tunneling

When talking about SSL many usually think of setting up certificates and OpenSSL on a server for secure transactions, we will deal with proxies and SSL in this part.

Each time you send or receive some information on the internet, the information sent or received is in plain text format. This means that a skillful person with malicious intentions can intercept this data and read the contents. The contents can be your passwords, usernames, credit card information, personal information, the URL of your request etc. To prevent such an abuse, the system of SSL was developed by Netscape Communications. SSL stands for Secure Socket Layer and basically means that the data which is passed through SSL enabled relays (or proxies) will be encrypted. As you most likely know, encrypted data requires a certain method to decrypt it for it to be understandable. To further expand upon this thought, proxies which support SSL CONNECT method have no way of knowing what the information passing through them is, because of encryption. SSL enabled proxies can be set up to encrypt data in different security levels. Most of the SSL proxies operate on the 128-bit level, but they can also be set up on lower levels (eg. 40-bits) which will make the encryption a lot easier to crack for a person with malicious intentions. For those who are curious, SSL (v3) uses <a href=“http://www.rsasecurity.com/standards/ssl/”>RSA</a> encryption, and encrypts the data with this algorithm. This data includes the URL of your GET request to the destination server, the regular data of a document sent by a server, and the forms and passwords which you may have submitted. Some clients or browsers are able to support the full SSL feature and others don't. If you use a browser which fully supports SSL, the data will be encrypted while being sent to the proxy from you, then to the server, and then back. Clients that do not have native support for SSL will send information on input to the proxy in plain text format (HTTP), but send the information from the proxy to the server encrypted. Netscape Navigator, Internet Explorer, as well as Mozilla Firefox, all support SSL fully so information sent from the client to the proxy will be encrypted as well. In order for SSL to work a certain handshake between the client (you) and the server has to happen. The handshake consists of the client and the server agreeing on what level of security to use, while the SSL enabled proxy has no way of knowing what security level is being used.

Some web servers are also set up to support Secure Socket Layer connections. The default port which you connect to while using SSL enabled website, is 443 (as defined by the IANA). The URL of such a connection has the prefix of https:// instead of the regular http:// which usually takes place via port 80. When a website requires for you to disclose private information, then it is always a good choice to check if it supports SSL. Some web browsers will also tell you if the connection is secure or not. Internet Explorer will show you if a connection is secure or not by showing a little lock at the lower right hand corner of the browser window. 

Note: To set up SSL to work on your server, simply install OpenSSL and ModSSL on your server. Doing this is out of the scope of this tutorial.

Using SSL enabled proxies:

Using SSL enabled proxies isn't any different then regular proxies which don't have support for SSL. First you need to find a proxy that supports SSL CONNECT method, which is a little rare, but certainly not impossible. Some public proxy lists have an option which shows if the proxy supports SSL or not. You may then enter the information of the proxy's port and IP as you did earlier with regular proxies. Voila, you have a SSL tunneled connection!

This pretty much covers the basics of anonymity on the internet.

Conclusion

Words of wisdom:

You have probably heard this a million times, but I would just like to remind you not to do anything illegal on the internet which may result in your prosecution. I ask that you do not engage in illegal malevolent computer activities with the information obtained from this tutorial. There is always someone better then you and there are plenty of government agencies which would love to set an example out of someone. You can chain three wingates and think that you are totally secure and anonymous, but I can assure you that this is not the case. Some of the proxies are owned by government agencies which look for anyone who abuses the internet laws.

About the Tutorial:

I had written this tutorial to assist those who are paranoid with their privacy; those who don't like to give out their information on message boards and get threats; those who don't like to buy things off of the internet and have their IPs logged and etcetera.

I hope the tutorial had helped you and if you have requests for tutorial subjects, suggestions, complains, remarks or any type of information which you consider constructive you may contact me on the Hack In the Box forums. Please do read through the troubleshooting sections of this tutorial if a proxy that you used didn't work before asking this type of question on the forum.

Future plans:

I have plans to write a second and possibly third tutorial about anonymity very soon. A new tutorial might be already available on the Hack In the Box website so check it out and monitor it closely. It will be most likely more advanced then this tutorial and explain things like the use of SOCKS protocol and what it is, anonymity when emailing, anonymity on chat clients and specific programs that use internet, IP spoofing and what it is, routers part in anonymity, port redirecting and etcetera.

Also if you have a good tutorial dealing with security and wish it to be made into an animated version contact me, and I will see if I have the time and can successfully compile an animated version similar to this. Please do not submit tutorials which are all written in "1337," I will not consider them. "We can't help everyone, but everyone can help someone." -Ronald Reagan

This tutorial was written by whereami (Russ) from Hack In the Box -Keeping the knowledge free.

Cheers folks!

References:

http://www.freewebs.com/securitydocs/anonymity.zip - the animated version of the tutorial. The file is in the zip format and includes three swf (Flash) files along with their HTML versions. Nicely animated with interesting information.

http://www.freewebs.com/securitydocs/anonymity2.htm - the second version of the anonymity tutorial that deals with more advanced subjects, including SOCKS proxies, and anonymity when dealing with FTP servers.