Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Privacy The Internet Your Rights Online

Do You Need to Surf Anonymously? 301

Posted by Zonk
from the don't-forget-to-wear-sneakers dept.
An anonymous reader writes "Computerworld has up an article entitled 'How to Surf Anonymously without a Trace'. It purports to offer tips on how to avoid detection by anyone attempting to monitor your internet access. 'If you don't like the limitations imposed on you by [proxy] sites like the Cloak or would simply prefer to configure anonymous surfing yourself, you can easily set up your browser to use an anonymous proxy server to sit between you and the sites you visit. To use an anonymous proxy server with your browser, first find an anonymous proxy server. Hundreds of free, public proxy servers are available, but many frequently go offline or are very slow. Many sites compile lists of these proxy servers, including Public Proxy Servers and the Atom InterSoft proxy server list.'"
This discussion has been archived. No new comments can be posted.

Do You Need to Surf Anonymously?

Comments Filter:
  • by db32 (862117) on Tuesday March 13, 2007 @11:05AM (#18333727) Journal
    Do you know who owns it? Do you know what kind of logs they keep? Do you know who else reads their logs? Seems to me like a terribly good way to fish for undesireables would be to setup an "anonymous" proxy and wait for people to start using it. I mean, its not like police go out and pretend to be hookers to catch 'johns', or pretend to be dealers to catch users, or even pretend to be young children to catch pedophiles. If you don't own it, you can't trust it, and if you do own it then its not terribly anonymous. Even the whole onion router business has come into question as of late.

    Not a whole lot of anonymous anything left on the internet these days with all the data mining that goes on. The best you can do is leech wireless and pretend to be someone else.
    • Re: (Score:3, Insightful)

      And even better, if you're using a web proxy then your ISP can still see what you're doing, after all your packets have to pass through their network first. They probably closely monitor anyone that they see connecting to an anonymous proxy, to see if you're doing anything they should cancel your connection for.

      An anonymous proxy may make you anonymous to the final site, but both your ISP and the proxy know where you've been and when.
      • by Intron (870560)
        "They probably closely monitor anyone that they see connecting to an anonymous proxy"

        My ISP doesn't even closely monitor whether my line is up or down. Look at Comcast, I just got an email from 24 seconds in the future. They can't even manage NTP on their email servers, how could they claim to be keeping accurate logs?

        Instead of logging HTTP traffic, the ones who really know what you're doing are a) search engines, and b) DNS servers. Just knowing what names you are looking up would give me more informat
        • Except if you're using an anonymous proxy the search queries and DNS queries are likely to be anonymised by it too.

          Though again the ISP and proxy can both log this info easily.
          • This is what Privoxy and certain Firefox extensions are for; they catch the outgoing DNS requests and make sure that they're relayed (in encrypted form) to the proxy as well, so that you're not giving away the addresses of the pages you're requesting by leaking DNS requests.

            IMO, all software ought to proxy DNS requests automatically if it's being told to use a proxy that supports DNS resolution (SOCKS4a or SOCKS5); that Firefox and some other software leak requests even in the presence of a proxy that's capable of doing it, is a serious bug and security flaw.
      • Re: (Score:3, Interesting)

        by Rei (128717)
        Also useful, besides anonymous proxies, are distorting proxies. They announce that you're surfing through a proxy, but they still mask your IP. I made good use of both a while back. Colbert Report fans probably remember his contest to get a bridge named after him. I was one of the people who wrote scripts to help him win (I think I was the only one with a Jon Stewart script, too, and got Jon up to second place). You had to vote with a unique email address and confirm the link that they send, so I wrote
      • by pclminion (145572)

        They probably closely monitor anyone that they see connecting to an anonymous proxy, to see if you're doing anything they should cancel your connection for.

        They most certainly don't. That would open them to an enormous liability. As soon as they start looking at traffic, they become responsible for enforcing regulations upon ALL users. If they screw up and miss something, they are now legally responsible. Who the hell would want to expose themselves to that kind of liability?

      • Re: (Score:3, Interesting)

        by db32 (862117)
        If you are clever you proxy with SSL :). The only thing people inbetween will see is encrypted traffic. Either way its still not a terribly efficient way to hide your identity. You are still correct in that they will still know that you are doing it, just not specifically what you are doing with it.
    • by jfengel (409917) on Tuesday March 13, 2007 @11:12AM (#18333863) Homepage Journal
      Or hack into somebody's wide-open box (usually Windows) and run your proxy daemon. It seems to keep the spammers safe.
    • If you don't own it, you can't trust it

      Yeah, I have a friend who accidentally ran an open proxy server and made the lists. He found out about it when a police department supeanoed his logs.

      I said, "my goodness - a police department that prosecutes online crime!"
    • by Lumpy (12016) on Tuesday March 13, 2007 @11:41AM (#18334343) Homepage
      The best you can do is leech wireless and pretend to be someone else.

      you are 1/2 way there. First use a OS that allows you to change your MAC address, BEFORE you ever go online and do things you dont want traced to you, CHANGE YOUR MAC ADDRESS. in fact I reccomend changing it every time you go online. That is what they are looking to trace because the data mining guys still think that it's a unique identifier. Second you need to use a browser that allows you to change it's identifier and allow you to destroy all cookies every session. Honestly changing your identifier on a regular basis a little bit and getting rid of cookies does help a LOT. last thing you need is having a doubleckick cookie ratting on you.

      Do those and NEVER use a network that is tied to you. This is all really basic dont get caught hacker stuff guys.
      • I wonder if anyone has a script that would automatically change your reported MAC address to a random (but valid) value, every 24 hours or so, or when the DHCP releases and renews.

        Doesn't seem like it would really be all that hard on a Linux/BSD system, no idea what it requires on Windows to script that sort of thing.
        • Under Windows you can just put that program in the Start menu.
        • by Crizp (216129)
          Google for a program that sets your MAC address. Run that program with necessary parameters in rc.local or read the man page for cron and add a job that runs every x hours...
          • Re: (Score:3, Informative)

            by isorox (205688)
            foo@bar:~$ ls -l /usr/local/bin/changeMac.sh

            -rwxr-xr-x 1 foo users 354 Feb 31 12:34 /usr/local/bin/changeMac.sh

            foo@bar:~$ cat /usr/local/bin/changeMac.sh

            #!/bin/bash
            IF=eth1
            HEX1=`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`
            HEX2=`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`:`printf '%02x' $(($RANDOM%256))`
            MAC=$HEX1:$HEX2
            echo "Setting $IF to $MAC"
            sudo ifconfig $IF down
            sudo ifconfig $IF hw ether $MAC
            sudo ifconfig $IF up

            foo@bar:~$ cron

      • by pclminion (145572)
        Umm... MACs do not pass over the Internet. The only place your MAC is visible is at the first hop, inside your ISP.
        • by drinkypoo (153816)

          Umm... MACs do not pass over the Internet. The only place your MAC is visible is at the first hop, inside your ISP.

          Uh, you are aware that cable modems (at least; not sure about DSL to be honest) have their own MAC, yes?

          As such, unless they are monitoring your CM, which I admit is not impossible, all they see is your cable modem's MAC.

          • by pclminion (145572)

            As such, unless they are monitoring your CM, which I admit is not impossible, all they see is your cable modem's MAC.

            Well yeah, but I'm not sure I understand your point. It sounds like you're saying "The cable company knows who their customers are." True, but I don't see what you're getting at.

            It seems we're in agreement that changing the MAC is a useless exercise. So I'm not sure what part of what I said you are disagreeing with.

      • Re: (Score:3, Insightful)

        by TheLastUser (550621)
        I didn't think that the mac went beyond the local net, its not part of ip packets. So changing it might theoretically prevent your local provider from tracking you. But then they know what port you are coming from and can always sniff that.

        Am I off base here?
        • Re: (Score:3, Informative)

          by Lumpy (12016)
          Yes you are off base.

          Think of it this way. your computer's MAC address is like your fingerprint. when you touch something you leave your fingerprint.

          If I use a phone to make long distance threats, my fingerprints dont transfer to the other side, but they are there on the phone that I used which is easily found.

          understand now?
          • Re: (Score:3, Informative)

            by db32 (862117)
            Please read about the concepts of routing and switching. MAC is not like a fingerprint in any way shape or form. Your analogy doesn't even begin to make sense based on how MACs are used. Aside from not being unique and being easily manipulated any trace of a MAC address only exists in the local subnet before it hits the first router and vanishes minutes after the last packet was sent.
        • by db32 (862117) on Tuesday March 13, 2007 @12:50PM (#18335595) Journal
          Your other replyer "Lumpy" doesn't know what he is talking about.

          1. You are correct, the MAC address doesn't get any farther than the first router. That is how routers operate, by swapping the mac address in the packet with their own and the next hop while leaving the network address the same so it can be 'routed' there.
          2. If you own the whole network you can eventually trace a mac back to an originating port on a switch, but that involves owning quite a bit of gear, and its not like its a logged thing, switches eventually allow mac entries to expire or things would break if you moved ports on the switch.
          3. In the instance of home networking you are behind a router before you even get to your ISPs router, they never see your mac (unless you are directly connected to the modem, but we are talking leeching wireless).
          4. MAC address ARE NOT UNIQUE! They are nearly unique, but if you operate under the idea that mac addresses are unique then your life will be hell when you have to track down a duplicate MAC on a large enterprise network because you believe it cannot happen. It does, although infrequently, and it makes networking very very 'interesting' when it happens.

          The best they can do is rush down and grab that wireless access points within a few minutes of the last packet you sent and try and get the MAC before it gets flushed. Then they would have to go after the manufacturer to try and associate that MAC to YOU purchasing it. Now given that the manufacturer has likely made more than one device with that same MAC under the correct assumption they will likely never exist on the same network, and also that a MAC is not a hard thing to spoof, that information is completely worthless. Saying they can track you down based on your MAC is like saying I can identify an individual based on him using 192.168.100.15. Ultimately the best they can really do is determine that the traffic came from the IP the ISP assigned, and there is no real way to verify with any accuracy the traffic came from any specific hardware.
      • Re: (Score:3, Informative)

        by number11 (129686)
        First use a OS that allows you to change your MAC address

        For Win XP, you can use FOSS macshift [natetrue.com] to set either a specific or random MAC address.
  • That doesn't allow you to see ComputerWorld sites?

    What I need is a meta-surfer, a free port 80 VPN with a built in browser on the client side....maybe one day I'll build one myself.
    • by nahdude812 (88157) *
      How's this? [whitefyre.com]. Put it on your external server under a UN/PW and on https, and you have yourself a free dedicated locally anonymizing proxy that will work through existing filtering proxies, and not permit them to sniff any of your traffic or even know what you're doing thanks to the https. The admins of the filtering proxy won't even be able to tell that it IS a proxy since they won't have your UN/PW. All they'll know is that you're doing a certain amount of https traffic to this external IP.
  • by Nom du Keyboard (633989) on Tuesday March 13, 2007 @11:06AM (#18333751)
    The question is, how does one surf anonymously at work when you're forced to use your employer's proxy to get through the firewall. Tried configuring Tor to encrypt and hide my queries before the ISA proxy ever saw them, but never could figure out how to get FireFox to work with it, nor find any Tor help sites or discussion groups for what should be a simple enough question.
    • by EllisDees (268037) on Tuesday March 13, 2007 @11:23AM (#18334079)
      Here's how: google for 'nph-proxy.cgi' and then find one that uses https. Your employer will only see an ssl connection being made to the same server over and over.
    • Re: (Score:3, Informative)

      by Zonk (troll) (1026140)
      Check Peacefire [peacefire.org]. Every week or so on the mailing list they announce a new web-based proxy. The current one is StupidCensorship.com [stupidcensorship.com]. The code is available so you can run your own "proxy."

      Still, your employer probably keeps logs. If you really must visit sites that you don't want your employer to know about (ie, jobsearch), do it sparingly or just wait until you get home. You could also set up OpenVPN and run that over a proxy server and browse from your home network.
    • by Hatta (162192) on Tuesday March 13, 2007 @12:17PM (#18334975) Journal
      The question is, how does one surf anonymously at work when you're forced to use your employer's proxy to get through the firewall.

      Ssh into your box at home and use freenx (or regular x-forwarding if your latency is low enough). Then just use it as if you were browsing at home.
    • Re: (Score:3, Interesting)

      by Kjella (173770)
      The question is, how does one surf anonymously at work

      You don't. It's even more fundamentally impossible as DRM, because you're de/encrypting it on the machine you're trying to hide it from. Certainly you can encrypt past a proxy, but if they see encrypted traffic coming from your machine, they have every right to capture it locally. Their computer, their network, their sensitive data on it.
    • Re: (Score:3, Insightful)

      by westlake (615356)
      The question is, how does one surf anonymously at work when you're forced to use your employer's proxy to get through the firewall.

      if you are attempting to surf anonymously at work - outside the scope of your employment - then you are an idiot. your employer will assume - probably quite rightly - that whatever it is you are after, it is not good news.

    • Re: (Score:3, Insightful)

      by why-is-it (318134)

      The question is, how does one surf anonymously at work when you're forced to use your employer's proxy to get through the firewall.

      Let's see:

      • your employer owns the workstation/laptop
      • your employer owns the LAN
      • your employer owns the firewall
      • your employer pays for the WAN connection to the internet
      • Your employer pays you to do something other than surf the net for your own amusement

      It seems to me that there is a simple and obvious solution to your problem: do your recreational surfing at home, and do w

  • You got proxy, kid (Score:4, Insightful)

    by Reason58 (775044) on Tuesday March 13, 2007 @11:08AM (#18333801)
    Seems to me like proxy servers just replace Big Brother knowing everything you do with some tiny "anonymous browsing" site. And you are willfully giving them all this information to boot, so if they decide to turn over all their logs there isn't a thing you could do.
    • Seems to me like proxy servers just replace Big Brother knowing everything you do with some tiny "anonymous browsing" site. And you are willfully giving them all this information to boot, so if they decide to turn over all their logs there isn't a thing you could do.

      Hence why the folks behind Tor developed onion routing systems in the first place. They're not foolproof, but they don't place all your trust on the administrator of one server. They spread the trust out among a bunch of servers, such that your
  • by boxlight (928484) on Tuesday March 13, 2007 @11:10AM (#18333823)
    It is illegal for a library to keep a record of the books you have checked out after they're returned.
    It should also be illegal for your ISP to record your browsing history.
    It's about privacy and freedom.
    • cite please (Score:5, Informative)

      by way2trivial (601132) on Tuesday March 13, 2007 @11:22AM (#18334057) Homepage Journal
      you claim It is illegal for a library to keep a record of the books you have checked out after they're returned

      I say, you should be right, but you are completely wrong.
      try this http://www.google.com/search?hl=en&q=fbi+library+r ecords [google.com]

      so, if you have a citation to back up your assertion, please, supply the citation.
      I say, you are flat out wrong.
      • Re: (Score:3, Informative)

        by tiltowait (306189)
        Here ya go [ala.org], 48 State Privacy Laws Regarding Library Records. Since the USA PATRIOT Act (and in the 1970s during the FBI's "Library Awareness" investigations), however, federal law (NSA letters, for example) can trump these statutes. So the OP is partially right.

        Librarians learned in the 60s not to keep patron records like this. It turns us in to sleeper agents for a snooping government. Pre-9/11 this was the widespread sentiment [webjunction.org] too.

        I guess that the 9/11 hijackers used library computers [firstmonday.org] doesn't help, nor do
        • Re: (Score:3, Interesting)

          by shess (31691)
          I guess that the 9/11 hijackers used library computers doesn't help, nor does the current "Library 2.0" movement to offer customized services.

          This doesn't sound right, but ... why _shouldn't_ the 9/11 hijackers have used library computers? I mean, it's terrible that library computers were used, but it's not like that made them complicit. The hijackers probably also travelled on public roads, and drank water from municipal water supplies, and benefitted from living in a safe neighborhood due to local law e
      • by be951 (772934)
        It is possible that some state laws preclude the state's public libraries from retaining records of materials checked out by patrons. More likely, though, individual libraries (or cooperatives/whatever, e.g. at the county level) would set the policy on record retention. I've been told that my local public library does not keep a record of who has previously checked out an item once it has been returned (in usable condition) and checked back in (unless there is an overdue fine, in which case the details re
    • by voice_of_all_reason (926702) on Tuesday March 13, 2007 @11:29AM (#18334167)
      Libraries are run by the government, which you are in a relationship with by fiat.

      Private enterprises (an ISP) are free to impose any demands they like (as long as the government agrees)
      • by jpetts (208163)
        At best, misleading; at worst bullshit. Libraries are typically run by local governments (most often city, but sometimes county). Also, there are plenty of private libraries.
        • You're right, private libraries do exist. But what magical rules prevent them from making lists of what you read? Certainly my college did - I would get late fees added to my account without any of the fuss public libraries had to go through. Again, I was free to tell them to stuff it and leave the college.
  • public proxies? (Score:4, Informative)

    by N3wsByt3 (758224) <NewsbyteNO@SPAMfreenethelp.org> on Tuesday March 13, 2007 @11:11AM (#18333855) Homepage Journal
    Meh. There are enough good alternatives: TOR, I2P Freenet (if they ever make a useful thing out of it, because after more then 5 years development, they fall kinda short. Maybe things will get better with their Openet, though - but when will that happen?).

    Anyway, public proxies are only haphazard and temporary solutions, and not very good ones at that. First of all, they're often unreachable, unusable or slow. Secondly, you never know WHICH proxy you actually use; I mean; who owns the damn thing? What does he log?

    Ofcourse, with enough proxies to choose from, and trying out at randomn, it may be a small chance that you end up with someone that actually makes your privacy more in danger, but still... The systems mentionned above (include JAP to that) are much safer for anonymous browsing.

  • by gatorflux (759239) on Tuesday March 13, 2007 @11:13AM (#18333879)
    Anyone who has ever needed this capability already knew how to do it. The article will undoubtedly lead to many "normal" users trying it out and inevitably deciding it is a waste of time. The majority of proxy servers are as slow as molasses since the adult site crackers are running all their scripts through them. You have to be pretty dedicated to actually use these servers on a regular basis.
  • That's it? (Score:3, Insightful)

    by omeomi (675045) on Tuesday March 13, 2007 @11:15AM (#18333917) Homepage
    That's it? Use a proxy? Who here didn't already know that?
    • by alienmole (15522)
      Zonk?
  • It's tough to find good anonymizing proxies, especially all-purpose socks proxies. However, for your browsing needs, there is a decent list of webproxies at this website [freeproxy.ru] as well as some lists of socks but I can't really vouch for those.

    I personally have used anonymouse. It has an annoying popup and can be fairly slow and has sketchy cookies support (which can be a drag for messageboard use) but it's reliable enough for the occasional session.
  • It doesn't take too much paranoia to realize that some percentage of the public proxies are undoubtably controlled by spooks running some carnivore type software. The only surefire way to access the internet anonymously is through open WiFi APs.
  • by RyanFenton (230700) on Tuesday March 13, 2007 @11:17AM (#18333951)
    Yes, defending your own brand of craziness from the craziness of others is sometimes important, and for that reason and many others, anonymity can be very important in a civilized society. But I think it is somewhat overused on the internet.

    The other half of the anonymity consideration though is that when everyone gets used to only having 'full' freedom when cloaked from the sight of others, they begin to accept a greater lack of freedom in their 'real' lives. That's why I don't choose anonymity whenever I can - I want my mistakes to be my own, and when I discuss, for instance, digital freedoms, I don't want to hide behind the ubiquitous pseudonyms we've all grown so used to while doing so.

    I don't want to 'get away' with looking into for 'bad things' - I want REAL people to be free to do what they want. Of course, I, like everyone else, have some things I'm not going to disclose, and would like to have anonymity available - but I'd much rather push for less need to hide things, rather than disappear behind a fake name most of my online life.

    Ryan Fenton
    • by inviolet (797804)

      The other half of the anonymity consideration though is that when everyone gets used to only having 'full' freedom when cloaked from the sight of others, they begin to accept a greater lack of freedom in their 'real' lives. That's why I don't choose anonymity whenever I can - I want my mistakes to be my own, and when I discuss, for instance, digital freedoms, I don't want to hide behind the ubiquitous pseudonyms we've all grown so used to while doing so.

      I don't want to 'get away' with looking into for 'ba

  • OK, use a laptop. Connect to an open AP. Then log on to someone else's server with open telnet port. From there use a script with elinks/lynx/wget so that all requests for web content are made to Google's cache. I think this is reasonably safe.
    • by Vexorian (959249)
      The cache? I've seen people using google translator for that.. but then you still have to trust google.
  • MiM attack. (Score:3, Insightful)

    by s31523 (926314) on Tuesday March 13, 2007 @11:31AM (#18334191)
    Seems like a great front for a Man in The Middle attack, except that rather then setting up tons of fake ARP packets you get people to come to your site. Brilliant! Why not just use the coffee shop in the town next to you, and reprogram your MAC address to.
  • Telling people "anonymous proxies" are useful to protect themselves is dangerously misleading. It'll prevent the destination website from finding out what your IP address is (maybe -- if you're not leaking that information some other way), but it'll do absolutely nothing to undermine the extensive network-level snooping going on nowadays. Your packets are still in the clear, readable, and sniffable at any point on the network; they're just taking a little detour through someone else's server so the destinat

  • Proxies I learned about oh... 1995? Today if you want anonymous surfing, use Torpark or setup your own Tor+Privoxy+Firefox with a tiiiny amount more effort. Solved problem.

If it happens once, it's a bug. If it happens twice, it's a feature. If it happens more than twice, it's a design philosophy.

Working...