By cats
Introduction
A law was passed in Sweden, and is going to be taken in to use October 1 2009.
The law is called the "FRA law" and translated straight over to English it means "The Defenses Radio Institution law",
and states that all information that travels over the borders of Sweden (Internet, Phone ....etc) is to be sent to this institution and checked.
What exactly they check for and how, I don't know, but it's a fact that the law is a a threat against democracy and the privacy of the people, therefore
I am now writing this guide/article, to present to you some good ways to keep yourself anonymous, and to give you some good tip on how you keep yourself and your stuff organized on your computer. I will borrow some information from some of my older guides to make it easier for myself, so don't be surprised if you feel that you have seen some of the information here before.
Anonymity
I wake up every day, and the first thing I do, is turn on my computer and check my regular sites, like the news and maybe check if a new anime episode has come out. But I never stop to think, "is this connection encrypted? And where does it go? What nodes does it pass?", It never occurred to me before that a lot of the things I talk about on the internet, may be stuff that alerts the FRA's servers, and thereby making them log my conversations on the net, such as msn and IRC, heck, even my mail can be checked. Where is my anonymity? where did my private space go? Even if I try to hide myself, like using a proxy, who said that using a random proxy found online, was a safe choice? who knows what kind of person is hosting that proxy, grabbing my passwords, and sniffing my data, simply being the man in the middle.
TOR
TOR (The Onion Router) is a anonymity network, made to protect users from traffic analyzing. The principle of it is that a user connects to a site through the TOR network, and the connection through the network is encrypted, and chooses a random path between the routers of the network, and then it reaches the exit node which then makes it to the server that the user was trying to reach. The routers are hosted by volunteers that have to use their own bandwidth, so any kind of abuse of the network, such as using torrents, are prohibited. There are a few vulnerabilities in the network, and one of these was presented In September 2007 by Dan Egerstad (Sweden) who, by monitoring the TOR exit nodes were able to grab a large number of passwords for email accounts. So using TOR because you want to be safe, is not recommended, but it does help in being anonymous. Personally I would not use it for logging into any sites, but using it for regular surfing sounds pretty sweet to me.
Proxies, Socks and VPN's
Some may not think about it, but there is an essential difference between proxies and socks. While a proxy is a server that gets information from another server on the request of a client, the socks is a part of a proxy that is often implanted to let users connect to servers through firewalls. This is a good way to hide your IP address and keep it off the servers logs, but as mentioned before, do you know who hosts the proxies that you use? Because I certainly don't. Yet again it's a good way to do some regular surfing, but I wouldn't use it for important data, yeah you might think "pfft, what are the odds of that happening?", and yes you are right the odds are like 1/1000000, but WHAT IF it does happen? you just lost your bank account due to a stupid assumption, you can never be to secure on the internet (doesn't mean you should overdo it, just keep it effective). So If you want to hide your IP with a proxy but still want to use it for private stuff like banking and other sites that require login, use a professional pay service that you know works, either a pay proxy or a pay VPN service. Or in my case, setup a proxy at a friend in another country, and make it encrypt all the data from the client to the server and back (remember, the data in Sweden was to be monitored if it leaves the border). And for the VPN service. For those who doesn't know it, VPN stands for "Virtual Private Network" and is commonly used for connecting companies or employees that are not physically close to each other, to the same network, it's called a VPN tunnel and is created over the Internet (WAN) to a VPN service (server). Using professional VPN services to be anonymous is a good solution, but the same issues comes to mind here, just like proxies, you don't know who hosts it, and using non professional (for example free random services) is not a safe choice. But remember, using a good proxy or a good VPN service, doesn't mean that you are anonymous to the people who know what they are doing, a lot of things come to count when it comes to being totally anonymous on the internet.
Browsers
There are a few things you should know about your browser before you go thinking "hehe, proxy equals total anonymity", because that is a lie. The browser sends a bunch of information to the server that you might want to check before you do anything else. As a suggestion you could use a page programmed in PHP, to check if your current proxy really is hiding the info about you, it also requires some configuring in your browser.
* REMOTE_ADDR: The IP address from which the user is viewing the current page.
* REMOTE_HOST: The Host name from which the user is viewing the current page.
* HTTP_VIA: If this one is set, then a proxy is used, the value is the IP of the proxy in use
* HTTP_FORWARDED_FOR: If this one is set, a proxy is used and the value is the real IP of the client
* HTTP_X_FORWARDED_FOR: If this one is set, a proxy is used and the value is the real IP of the client
* HTTP_REFERRER: The site from which a user came from (if any)
All of these are important parts when you want to be anonymous on the web. And I made a little script in PHP that you can use to check if you really are anonymous or not, you can find it HERE. A typical output from it can look like this:
Code: Select all
IP: 218.28.49.172
HOST:
Referrer:
User agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0
Language: en-us,en;q=0.5
Proxy is used (HTTP_VIA): YES: 1.1 pc0.zz.ha.cn:3128 (squid/2.5.STABLE7)
Your IP is hidden by the proxy (HTTP_X_FORWARDED_FOR): NO: xx.xx.xx.207
Your IP is hidden by the proxy (HTTP_FORWARDED_FOR): YES
* Warning: Servers will know that you are using a proxy
* Warning: Servers will know your actual IP
Code: Select all
IP: 220.37.224.69
HOST:
Referrer:
User agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0
Language: en-us,en;q=0.5
Proxy is used (HTTP_VIA): NO
The script will be available at http://www.binarykitten.com
Organizing your stuff
Personally I am very organized and I like to keep my computer clean. For example, I keep all my games in C:\Games, I also have them in a separate folder in the Program menu (Start -> All Programs -> Games). I also, have a 500 GB disc where I keep my personal stuff. And of course I don't want people to sneak around and watch it, I mean, it's private and I might even have something illegal in there. So therefore I use truecrypt, to keep my stuff safe, and truecrypt is an application that creates virtual drives in separate files that is hard encrypted with methods of your choice, very effective I must say. Also, since not all (not even close to all) servers support SSL encrypted (HTTPS) connections, I mark all the bookmarks that has SSL, with a little wildcard "*", so that I know when I am, and when I am not entering an encrypted page. The wildcards are also a way for me to prepare for future modifications. So, keep yourself organized, and make sure you check that process list once in a while, and do regular scans with your favorite Anti virus software as well as your favorite Anti spyware software, you might as well scan for rootkits as well while you are at it. Since this is very rare for Linux users, you can almost ignore this ^^, but it's still good to think about. Using a process guard of some sort, might actually save you one day from process injecting malware.
Personally I don't think it's very safe to use Windows for important stuff, since the risk is higher that important data will be stolen because of malware that I failed to notice. So, all my gaming, is done on my Windows computer, while all my important stuff, coding, bank errands, browsing my regular sites which needs login. Is done on a Linux computer, since the risk of loosing it, is a lot smaller.
What is entering and leaving my computer?
Well, most users today have a broadband router, which functions as a firewall as well. It block incoming connections (yay no hackers intruding into my private life), but have you ever thought of what goes OUT of your computer? The router almost never blocks outgoing connections, and not all desktop firewalls do that either. So, let's say you download a keygen (using that as an example because 90% of them are malware) for an application, and it contains both the keygen and a backdoor. So the keygen starts to make you feel calm and trick you that it's what you want, but the backdoor just got secretly installed and is now reverse connecting back to it's creator, leaving you at loss. So, by blocking all the outgoing ports that you don't use, you increase your protection a great amount. And finding the ports for the applications is not hard, just by using Google you can find it in 5 seconds. Also a tip is to check if the application that you are opening ports for, is using a range of addresses, like 6800-6900, because in a way that is unsafe since you would have a bunch of open ports when maybe the application only uses one at a time. So make sure that you check if the application uses a random port in that range and if it can't use one port, it tries another one until it finds a match. This way you would only have to open one, or maybe two ports in that range. In Windows this is easy to do, just goto either Windows firewall and do it or the alternate one that you have installed, and fix it, you could also do it in the router (might actually be better since it would apply to all the computers in the network, but remember that the port range idea that I spoke of earlier might make it difficult since many computers might want to use the same ports, so you might want to give a small part of the application port range to each computer, it's a bit of work, but it's a safe solution). If you plan to go through with this little plan, then don't remember to check all of your programs that you want to be able to use for outgoing connections, like browser and such, also check the operating systems services if you need some of them to be able to use outgoing.
In Linux, this plan doesn't become much trickier, it's not point and click but it's still very easy. And I will explain it real quick, you can reefer to my iptables guide to get some more detailed info HERE.
Start logging in as root, next enter the following commands (this guide will assume that you already have basic INPUT iptables rules)
iptables -P OUTPUT DROP
Now, the first line will drop ALL outgoing connections, which isn't very good.
iptables -I OUTPUT -p TCP --dport 80 -j ACCEPT
this is just a quick example, and the line above would accept outgoing HTTP requests (browser). There are still a lot you need to think about, like your computer connecting to the broadband router and getting an IP, and what protocol is being used, etc. So make sure you do your homework before doing this on an important computer. A tip is that you install wireshark, then make it monitor your main NIC (Networking Interface) and check all the regular packets that your computer sends on a regular basis, like when it connects to your normal servers, gets an IP (TCP/IP Configs), etc.
E-mail encryption
Being anonymous when you are doing your regular mailing is pretty useless, since usually when you send anonymous E-mail, the recipient wont know who to answer to, thus making it useless in this question of protecting your privacy. No, what you need is to make sure that the mailman doesn't peek on the letter while it's being delivered. I'm not really talking about the mail server spying on you, simply that the nodes that the mail passes, might want to have a look at it (the FRA?), so what you really want is to encrypt it, which can be done in different ways when sending and receiving mail, some ways are difficult and some are not, but they are all effective in their own ways and unfortunately all of them are needed to completely secure you (meaning that you would need the really tricky ones as well). An easy way to encrypt the mail is to ask your E-mail provider to encrypt both incoming and outgoing E-mail with for example startTLS, which encrypts E-mail between servers, helping to decrease the risk of E-Mail peeking. In my case encrypting would only be important for the connection between my mail client and the SMTP server since it only has to leave to country to be safe from the FRA (my mail provider is located in Germany).
Now, the little trickier way, is to digitally sign your E-mail with a certificate and encrypt it. The issue is that if you create your own certificate you will have to give it to the ones you want to send, since they need it to decrypt the mail. There is another easier solution though, and it's to use a known organization and get a certificate from them. Usually these "known" organizations will already be added to the browsers and therefore treated as safe. To create and sign your own certificates you can use a firefox plugin called "Key Manager".
To get a certificate from an organization that is known and more official, you can visit the following links:
Code: Select all
http://www.verisign.com/
http://www.thawte.com/
http://www.instantssl.com/
Encrypt your chat
Personally, I use MSN, which doesn't encrypt my messages, making them easy to spy on. Using IRC though makes it a bit easier, simply get your admin to turn on and configure TLS/SSL encryption on the server (if it supports it) and then turn it on in your client, and voila, the messages are encrypted between the server and the client, making it harder for bystanders to watch them. So basically what you can do in your chat client, is to look for an encryption option, if the chat client is something like IRC that has loads of different public servers, you could ask the admin as mentioned above. Now, how would I solve that msn issue? since it doesn't support encryption then what can I do? Well, you could ask a very good friend of yours, to setup a private proxy that accepts encryption and then connect to it with an alternate msn client like Amsn. There's also a number of plugins for different chat clients that will encrypt the traffic, but this means that both chat clients needs the plugin.
Code: Select all
http://www.amsn-project.net/Code: Select all
http://www.msgplus.net/scripts/search/?q=encryptDownloading and the Scene
There are a number of groups out there in the file sharing world who are all a part of the so called "scene". These groups make releases of different kinds, from movies to music. The releases are professional and always very well made, always includes an informative file with the release information and is always packed in rar and split into usually around 80 files, this is for both security and efficiency, which means that if you download a movie and one of the partial files gets corrupted, you can easily download that part from someone else in a very short time since it's only about 7-40 MB or so. As mentioned, it functions as safety as well, since you are not seen downloading "Mission Impossible 2.avi" you are downloading "miimp2.r1-80" which is opened and extracted from all of the partial files. The releases are usually released on private FTP servers which are always very secure and have a lot of strict rules, the releases then almost always makes it out on DC++ hubs and then finally the torrent sites, and maybe a few unknown sites which uses the HTTP protocol for transferring the files.
And as everyone know, all of this is illegal, but people still do it because of selfish and economical reasons. And of course a lot of people are both being caught and fined for it. And the fines aren't of the smaller types. So, people want to apply even more security to the file sharing community. And I will tell you a few ground rules that you can follow.
Downloading from FTP: Well, FTP servers that host releases are often very secure, and offer both encryption as well as accounts that expire after one download. A lot of them use IRC servers to control the creation of the accounts, for example you have to get an account on the IRC server and be approved by the operators, after this you can use a bot on the channel and ask it to create a temporary account for you which only works for one login and for a small period of time.
Downloading from DC++ hubs: I have been a member of a DC++ hub for a while now, and I must say that they have very strict rules, which is good, but some of them just doesn't make sense. Anyway, you almost always need a pretty big share of files to even think about entering a hub, the good ones have a starter limit of usually around 200 GB, and this is in original releases, as in all unpacked rared files. If you share anything else that doesn't come from the scene, you will be out in no time. The hubs usually has a so called "reg hub" which is another server that you have to join first, for the operators to have a chat with you, and accept you into the network, create your account, check your share, etc. Since not everyone is a part of getting the newest scene releases, they often have so called "DUMP" clients, which are high speed connected bots that have all the newer releases for everyone to download. The only problem that I see with DC++ is that it seldom allows any encryption. Now, the idea with the releases and all the rules of the private hubs, are very secure and the risk of getting caught is small if you stick to the plan, but you can never be to secure when it comes to this.
Downloading using torrent files: This method is, as far as I know, the most unsafe one, since the 90% of the torrent sites needs no registration, and anyone can simply visit the site, and use a torrent to start the download, this means that anyone wanting to stop filesharing, can easily pick out a few IP's and log them for breaking copyright law. So if you want to use torrent files to download, use a private tracker, and make sure to always use encrypted transfers, since most clients support this.
Downloading from P2P: just like torrent files, the Peer 2 Peer networks are usually very unsafe and it's easy too grab IP's from people who are downloading. Encrypted transfers are available, but there aren't many "private" networks so hiding yourself is not always that easy. So, my recommendation is that you simply stay away from downloading illegal material from P2P networks, like kazza, shareaza and limewire. These networks are also known to have a lot of malware circulating the wires.
When downloading on the net, you want it to go fast, so using proxy servers or VPN networks are usually not the best choice, because by the time when the download is done, the government will already have had the time to walk all the way to the proxy providers, get the log, walk back, analyze it, and then walk all the way to your door, break in and find you still downloading that movie. There are methods to keep those bastards away though, it's never 100% safe methods, but it helps. For example, a program called "P2P Guardian" can be used to download lists of none wanted IP's and then block them, making it a little harder for government to catch you in the act.
Conclusion
Being paranoid is not always good, but being naive, is worse //cats
