It sometimes happens that fantasy and spy stories turn out to be not only the fruit of the author’s sick imagination, but the real truth. Just recently, some paranoid film about total state surveillance of a person was perceived as just another fairy tale, a play of the imagination of the author and screenwriters. Until Edward Snowden released information about PRISM, a user tracking program adopted by the US National Security Agency.
After this news, jokes about paranoia became completely irrelevant. And talk about surveillance can no longer be attributed to a shattered psyche. A serious question arises: should you feel safe using your email or communicating on a social network or chat? After all, many large companies have agreed to cooperate with intelligence services: Microsoft (Hotmail), Google (Google Mail), Yahoo!, Facebook, YouTube, Skype, AOL, Apple. Considering that PRISM was aimed primarily at spying on foreign citizens, and the volume of intercepted telephone conversations and electronic messages by some estimates reached 1.7 billion per year, it is worth seriously thinking about how to protect your privacy from prying eyes.
The first reaction to the news about PRISM was the same for many: we won’t allow ourselves to be monitored, we’ll install Tor. This is, perhaps, in fact the most popular remedy, which we have talked about more than once on the pages of our magazine. It was also created by the American military, although for completely opposite purposes. Such is the irony. Users run Tor software on their machine, which works as a proxy; it “negotiates” with other network nodes and builds a chain through which encrypted traffic will be transmitted. After some time, the chain is rebuilt and other nodes are used in it. To hide information about the browser and installed OS from prying eyes, Tor is often used in conjunction with Privoxy, a non-caching proxy that modifies HTTP headers and web data, allowing you to maintain privacy and get rid of annoying advertising. In order not to go through configuration files and edit all the settings manually, there is a wonderful GUI shell - Vidalia, available for all operating systems and allowing you to open the door to the anonymous world on your PC in a couple of minutes. Plus, the developers tried to simplify everything as much as possible, allowing users to install Tor, Vidalia and the portable version of Firefox with various security add-ons in one click. For secure communication, there is a decentralized anonymous messaging system - TorChat. To securely, anonymously and transparently redirect all TCP/IP and DNS traffic through the Tor anonymizer network, use the Tortilla utility. The program allows you to anonymously run any software on a Windows computer, even if it does not support SOCKS or HTTP proxies, which was previously almost impossible to do under Windows. In addition, for the standard Tor + Vidalia + Privoxy combination there is a worthy alternative - Advanced Onion Router bit.ly/ancXHz, a portable client for “onion routing”. For those who are especially concerned about their security, there is a Live CD distribution that is configured out of the box to send all traffic through Tor - bit.ly/e1siH6.
The main purpose of Tor is anonymous surfing plus the ability to create anonymous services. True, you have to pay for anonymity with speed.
In addition to “onion routing,” there is also “garlic” routing, used in I2P. Tor and I2P, although somewhat similar in appearance, largely implement diametrically opposed approaches. In Tor, a chain of nodes is created through which traffic is transmitted and received, while in I2P “incoming” and “outgoing” tunnels are used, and thus requests and responses go through different nodes. Every ten minutes these tunnels are rebuilt. “Garlic routing” implies that a message (“garlic”) can contain many “cloves” - fully formed messages with information on their delivery. One “garlic” at the moment of its formation can contain many “cloves”, some of them may be ours, and some may be in transit. Whether this or that “clove” in the “garlic” is our message, or whether it is someone else’s transit message that passes through us, only the one who created the “garlic” knows.
The main task of I2P, unlike Tor, is anonymous hosting of services, and not providing anonymous access to the global network, that is, hosting websites on the network, which in I2P terminology are called eepsites.
The I2P software requires Java to be pre-installed. All management is carried out through the web interface, which is available at 127.0.0.1:7657. After all the necessary manipulations, you need to wait a couple of minutes until the network is configured, and you can use all its hidden services. In this case, we received anonymous access to the I2P network, that is, to all resources in the .i2p domain. If you want to access the global network, then simply set the use of the proxy server 127.0.0.1:4444 in the browser settings. Exit from I2P to the global network is carried out through certain gateways (called outproxy). As you understand, you can’t count on great speed in this case. Plus, there is no guarantee that no one will sniff your traffic on such a gateway. Is it safe to host your anonymous resource on the I2P network? Well, no one can give a 100% guarantee of security here; if the resource is simply vulnerable, then it will not be difficult to determine its true location.
In many countries, such as China, Iran, providers are actively fighting against the use of Tor, using DPI (deep packet inspection), keyword filtering, selective blocking and other methods. In order to bypass censorship, torproject released a special tool obfsproxy bit.ly/z4huoD, which converts traffic between the client and the bridge in such a way that it looks completely harmless to the provider.
What about secure and anonymous file sharing? For this purpose, you can resort to the help of GNUnet bit.ly/hMnQsu - a framework for organizing a secure P2P network that does not require centralized or any other “trusted” services. The main goal of the project is to create a reliable, decentralized and anonymous information exchange system. All network nodes act as routers, encrypt connections with other nodes and maintain a constant level of load on the network. As with many other solutions, nodes that are actively participating in the network are served with higher priority. To identify objects and services, a URI is used that looks like gnunet://module/identifier, where module is the name of the network module, and identifier is a unique hash that identifies the object itself. An interesting feature is the ability to configure the level of anonymity: from zero (not anonymous) to infinity (the default is one). For secure transmission, all files are encrypted using ECRS (An Encoding for Censorship-Resistant Sharing). GNUnet is extensible and new P2P applications can be built on top of it. In addition to file sharing (the most popular service), there are alternative services: a simple chat, which is now in a half-dead state, as well as distributed DNS. Well, as usual, you have to pay for anonymity: high latency, low speed and fairly high resource consumption (which is typical for all decentralized networks). Plus, there are problems of backward compatibility between different versions of the framework.
RestroShare bit.ly/cndPfx is an open cross-platform program for building a decentralized network based on the F2F (Friend To Friend) principle using GPG. The core philosophy is to share files and communicate only with trusted friends and not the entire network, which is why it is often classified as darknet. To establish a connection with a friend, the user needs to generate a GPG key pair using RetroShare (or select an existing one). After authentication and asymmetric key exchange, an SSH connection is established using OpenSSL for encryption. Friends of friends can see each other (if users have enabled this feature), but cannot connect. This is how a social network turns out :). But you can rummage through folders between friends. There are several services for communication on the Internet: private chat, mail, forums (both anonymous and with basic authentication), voice chat (VoIP plugin), channels like IRC.
You might be wondering: what does Raspberry Pi have to do with it? We are talking about anonymity. And despite the fact that this small device will help achieve this anonymity. It can be used as a router/client, giving you access to Tor/I2P networks or anonymous VPN. Besides this, there is another plus. In decentralized networks, it is possible to achieve an acceptable speed of access to intranet resources only if you are constantly in it. For example, in I2P, the trust of other “garlic routers” in such a node will be greater, and accordingly the speed will be higher. It’s unreasonable to keep your computer constantly on for this purpose or to start a separate server, but it doesn’t seem like a shame to spend only $30 on it. In everyday life, you can use a regular connection, and when you need to anonymously go online, you just let all the traffic go through the mini-device and don’t worry about any settings. It must be said that until recently there was no point in installing I2P software written in Java on Blackberry. The resource-hungry Java machine did not have enough of the standard 256 MB of RAM. With the release of the Raspberry Pi model B, which already carries 512 MB on board, this has become quite possible. So let's look at the main points related to installation. Let's say we are using Raspbian. First of all, let's update:
Sudo apt-get update; sudo apt-get dist-upgrade
Then we install Java, but not the standard package, but a special version tailored for ARM processors - bit.ly/13Kh9TN (as practice shows, the standard one will eat up all the memory). Download and install:
Sudo tar zxvf jdk-8-ea-b97-linux-arm-vfp-hflt-03_jul_2013.tar.gz -C /usr/local/java export PATH=$PATH:/usr/local/java/bin
Then download and install I2P:
Cd ~ mkdir i2pbin cd i2pbin wget http://mirror.i2p2.de/i2pinstall_0.9.7.jar java -jar i2pinstall_0.9.7.jar -console
To turn Raspberry into an I2P router, you need to do a little magic with the configs. Go to ~/.i2p and start editing the clients.config file. There we need to comment out the line
ClientApp.0.args=7657::1,127.0.0.1 ./webapps/
and uncomment
ClientApp.0.args=7657 0.0.0.0 ./webapps/
And then in the i2ptunnel.config file replace the addresses in the lines
Tunnel.0.interface=127.0.0.1 tunnel.6.interface=127.0.0.1
to 0.0.0.0 . Then we can start the I2P router by running:
Cd ~/i2pbin ./runplain.sh
You can also add the following lines to crontab so that the software is automatically raised when the system starts or after a crash:
0 * * * * /home/pi/i2pbin/runplain.sh @reboot /home/pi/i2pbin/runplain.sh
All that remains is to organize remote access to the device. The best way is to use dynamic portforwarding via SSH. To do this, you just need to set up an I2P tunnel in the settings, which would point to port 22 on the local machine. In the same way, you can turn the Pi into an anonymous VPN (how to do this, you can see here -http://bit.ly/11Rnx8V) or connect to Tor (an excellent video manual on this http://bit.ly/12RjOU9) . Or you can come up with your own way to use the device for anonymous travel on the Internet.
In fact, the Raspberry Pi is not the only small device on the basis of which you can organize anonymous access to the Network. A worthy alternative would be a router from the Latvian company MikroTik, which produces network equipment and software for it. Such a device will cost a little more, but will require less fuss when setting up. Among the company's products, RouterOS is a Linux-based operating system designed for installation on MikroTik RouterBOARD hardware routers. Various versions of RouterBOARD platforms allow you to solve various network problems: from building a simple access point to a powerful router. Despite the presence of a power connector, almost all devices can be powered using PoE. A big plus is the availability of good documentation http://bit.ly/jSN4FL, which describes in great detail how you can create a security router based on RouterBOARD4xx by connecting it to the Tor network. We will not dwell on this; everything is described in great detail.
When talking about privacy and anonymity on the Internet, we cannot ignore the use of a VPN for these purposes. We have already talked about how to set up your own VPN server in the Amazon cloud bit.ly/16E8nmJ, and we looked in detail at installing and fine-tuning OpenVPN. You can see all the necessary theory in these articles. However, I would like to remind you once again that VPN is not a panacea. Firstly, there may be situations where traffic can “leak” past the VPN connection, and secondly, in networks based on the PPTP protocol, there is a real opportunity to decrypt the intercepted data (“Such an insecure VPN” [Aker No. 170). So you should not believe in complete security when using virtual private networks.
These are just the most popular solutions that allow you to somehow protect your privacy from the prying eyes of Big Brother. Perhaps in the near future new technologies will appear or we will all actively use one of the ones discussed today. Who knows... Whatever it is, it is important to always remember that no solution can ever provide a 100% guarantee of security. Therefore, do not feel completely safe by installing Tor, I2P or anything else - many have already paid for the feeling of false security.
In addition to the sensational opinion on all corners of the Internet about hiding the IP address, there are many other details. By and large, all methods and means of anonymity have the goal of hiding the provider. Through which it is already possible to obtain the physically exact location of the user, having additional information about him (IP, browser fingerprints, logs of his activity in a certain network segment, etc.). And also most methods and means are aimed at maximizing concealment/non-disclosure of this indirect information, according to which it will later be possible to ask the provider of the desired user.
If we talk about separate units of anonymization (after all, there are also schemes in the form of combining one or another means of anonymity), we can highlight the following:
1) Proxy servers- There are different types, with their own characteristics. Proxy classification under spoiler.
HTTP proxy– works over the http protocol and performs a caching function.
Degrees of anonymity: transparent, distorting, anonymous, elite.
A chain of HTTP proxies can be built only if they support the CONNECT method, with the exception of building a chain using special. programs.
HTTPS proxy(aka CONNECT) – proxies supporting HTTP 1.1, which in turn has two specifications - RFC 2616 and the outdated RFC 2068. They differ in that in special. RFC 2616 documents the CONNECT method.
All of these proxy subtypes have the same capability - they can work using the CONNECT method (in addition to GET/POST).
The difference between the subtypes lies solely in the settings of the proxy server programs:
If the proxy server settings allow connection using the CONNECT method to port 443 (https:// addresses), then this is an HTTPS proxy;
If the proxy server settings allow connection using the CONNECT method to any ports (except 443 and 25), then it is called CONNECT proxy (in ICQ such a proxy is called HTTP proxy);
If the proxy server settings allow connection using the CONNECT method to port 25 (mail service), then it can be used to send mail and such a proxy is called mail-enabled, or 25 port enabled, or a proxy with the 25th port open.
FTP proxy– works via the ftp protocol and is designed for anonymous management of the site (server). All ftp proxies are anonymous because the FTP protocol does not provide for a proxy.
There are no proxies in the FTP public. It is impossible to build a chain of FTP proxies.
CGI proxy(web anonymizer) is a page on a website where you enter the URL, and it displays the specified page. In this case, the address of this page (indicated in the address field) from the point of view of your computer will be different - something like
http://www.cgi-proxy.com/http/www.your-url.com/path/
From an anonymity point of view, CGI proxies are the same as HTTP proxies. In “mixed” chains, this type of proxy can only be in last place.
SOCKS– this type of proxy has 2 specifications:
Socks 4 works via TCP protocol
Socks 5 Supports TCP, UDP, authentication and remote DNS query. Socks by its nature is truly anonymous (because it works directly with TCP). You can build a chain from proxies of this type. Sox is the best way to remain anonymous on the Internet.
Anonymity Proxy
Everyone knows that when a client interacts with a server, the client sends some information to the server (mostly it is sent by the browser, but the proxy can also add something there “of itself”). This means the name and version of the operating system, the name and version of the browser, browser settings (screen resolution, color depth, java / javascript support, ...), client IP address (if a proxy is used, it is replaced by a proxy server with an IP proxy), used or a proxy server (if a proxy is used, then the client’s IP is an IP proxy - added by the proxy server), if a proxy is used, then your real IP address (added by the proxy server) and much more...
This information is passed in the form of environment variables.
I will only focus on those related to anonymity.
So, If a proxy is not used, then the environment variables look like this:
REMOTE_ADDR= Your IP
HTTP_VIA= not defined
HTTP_X_FORWARDED_FOR= not defined
Transparent proxies do not hide information about the real IP:
REMOTE_ADDR= IP proxy
HTTP_VIA
HTTP_X_FORWARDED_FOR= real IP
Anonymous proxies(anon) do not hide the fact that a proxy is used, but change the real IP to their own:
REMOTE_ADDR= IP proxy
HTTP_VIA= IP or proxy name (proxy server is used)
HTTP_X_FORWARDED_FOR= IP proxy
Distorting proxies do not hide the fact that a proxy server is being used. However, the real IP is replaced with another (generally arbitrary, random):
REMOTE_ADDR= IP proxy
HTTP_VIA= IP or proxy name (proxy server is used)
HTTP_X_FORWARDED_FOR= random IP
Elite proxies(elite, high anon) not only change the IP, but also hide even the fact of using a proxy server:
REMOTE_ADDR= IP proxy
HTTP_VIA= not defined
HTTP_X_FORWARDED_FOR= not defined
2) VPN services- also work using different protocols, which are offered by providers to choose from.
3) SSH tunnels, were originally created (and still function today) for other purposes, but are also used for anonymization. The principle of operation is quite similar to VPNs, so in this topic all conversations about VPNs will imply them too.
4) Dedicated servers- the main advantage is that the problem of disclosing the request history of the node from which the actions were carried out disappears (as can be the case with VPN/SSH or a proxy).
Is it possible to somehow hide the fact of using Tor from the provider?
Yes, the solution will be almost completely similar to the previous one, only the scheme will go in the reverse order and the VPN connection will be “wedged” between Tor clients and the network of onion routers. A discussion of the implementation of such a scheme in practice can be found on one of the project documentation pages.
I2P is a distributed, self-organizing network based on the equality of its participants, characterized by encryption (at what stages it occurs and in what ways), variable intermediaries (hops), IP addresses are not used anywhere. It has its own websites, forums and other services.
In total, when sending a message, four levels of encryption are used (end-to-end, garlic, tunnel, and transport level encryption); before encryption, a small random number of random bytes are automatically added to each network packet to further depersonalize the transmitted information and complicate attempts to analyze the content and block it transmitted network packets.
All traffic is transmitted through tunnels - temporary unidirectional paths passing through a number of nodes, which can be incoming or outgoing. Addressing occurs based on data from the so-called network database NetDb, which is distributed to one degree or another across all I2P clients. NetDb contains:
The principle of interaction between the nodes of this network.
Stage 1. Node “Kate” builds outgoing tunnels. He turns to NetDb for data about routers and builds a tunnel with their participation.
Stage 2. Boris builds an input tunnel in the same way as an outgoing tunnel. It then publishes its coordinates or so-called "LeaseSet" to NetDb (note here that the LeaseSet is passed through the outbound tunnel).
Stage 3. When "Kate" sends a message to "Boris", he queries "Boris's" NetDb LeaseSet. And it forwards the message through outgoing tunnels to the recipient’s gateway.
It is also worth noting that I2P has the ability to access the Internet through special Outproxy, but they are unofficial and, based on a combination of factors, are even worse than Tor exit nodes. Also, internal sites in the I2P network are accessible from the external Internet through a proxy server. But at these entry and exit gateways there is a high probability of losing some anonymity, so you need to be careful and avoid this if possible.
What are the advantages and disadvantages of an I2P network?
Advantages:
1) High level of client anonymity (with any reasonable settings and use).
2) Complete decentralization, which leads to network stability.
3) Data confidentiality: end-to-end encryption between client and recipient.
4) A very high degree of anonymity of the server (when creating a resource), its IP address is not known.
Flaws:
1) Low speed and long response time.
2) “Your own Internet” or partial isolation from the Internet, with the opportunity to get there and an increased likelihood of deanon.
3) Does not save you from attacks via plugins (Java, Flash) and JavaScript, unless you disable them.
What other services/projects are there to ensure anonymity?- Japanese client for Windows for file sharing. The anonymity of the Perfect Dark network is based on the refusal to use direct connections between end clients, the unknown of IP addresses and the complete encryption of everything possible.
The next 3 projects are especially interesting in that their goal - to hide the user - is realized by freeing oneself from provider dependence on an Internet connection, through the construction of wireless networks. After all, then the Internet will become even more self-organized:
In addition to bundles and combinations of various methods, such as Tor+VPN, described above, you can use Linux distributions tailored to these needs. The advantage of such a solution is that they already have most of these combined solutions, all settings are set to provide the maximum number of boundaries for de-anonymizers, all potentially dangerous services and software are cut out, useful ones are installed, some, in addition to the documentation, have pop-up tips that will not let later users in the evening to lose vigilance.
Based on my experience and that of some other knowledgeable people, I would choose the Whonix distribution, since it contains the latest techniques for ensuring anonymity and security on the network, is constantly evolving and has very flexible configuration for all occasions of life and death. It also has an interesting architecture in the form of two assemblies: Gateway and Workstation, which function in conjunction. The main advantage of this is that if, as a result of the appearance of some 0-day in Tor or the OS itself, through which they try to reveal the hiding Whonix user, then only the virtual Workstation will be “de-anonymized” and the attacker will receive “very valuable” information such as IP 192.168.0.1 and Mac address 02:00:01:01:01:01.
But you have to pay for the presence of such functionality and flexibility in configuration - this determines the complexity of the OS configuration, which is why it is sometimes placed at the bottom of the top operating systems for anonymity.
Easier analogues to set up are the fairly well-known Tails, recommended by Snowden, and Liberte, which can also be successfully used for these purposes and which have a very good arsenal for ensuring anonymity.
Yes, I have. There are a number of rules that it is advisable to adhere to even in an anonymous session (if the goal is to achieve almost complete anonymity, of course) and measures that must be taken before entering this session. Now we will write about them in more detail.
1) When using VPN, Proxy, etc., always set the settings to use static DNS servers of the service provider in order to avoid DNS leaks. Or set the appropriate settings in the browser or firewall.
2) Do not use permanent Tor chains, regularly change output nodes (VPN servers, proxy servers).
3) When using the browser, disable, if possible, all plugins (Java, Flash, some other Adobe crafts) and even JavaScript (if the goal is to completely minimize the risks of deanon), and also disable the use of cookies, history keeping, long-term caching, do not allow send HTTP User-Agent and HTTP-Referer headers or replace them (but special browsers are needed for anonymity, most standard ones do not allow such luxury), use a minimum of browser extensions, etc. In general, there is another resource that describes settings for anonymity in various browsers, which is also worth contacting if desired.
4) When accessing the network in anonymous mode, you should use a “clean”, fully updated OS with the latest stable software versions. It should be clean - so that it is more difficult to distinguish the “fingerprints” of it, the browser and other software from the average statistical indicators, and updated, so that the likelihood of picking up some kind of malware is reduced and creating certain problems for yourself that jeopardize the work of all means focused on anonymization.
5) Be careful when warnings about the validity of certificates and keys appear to prevent Mitm attacks (eavesdropping on unencrypted traffic).
6) Do not allow any left-wing activity in the anonymous session. For example, if a client from an anonymous session accesses his page on social media. network, then his Internet provider will not know about it. But social the network, despite not seeing the client’s real IP address, knows exactly who is visiting.
7) Do not allow simultaneous connection to a resource via an anonymous and open channel (the danger was described above).
8) Try to “obfuscate” all your messages and other products of the author’s intellectual production, since the author can be determined with fairly high accuracy by the jargon, vocabulary and stylistics of speech patterns. And there are already companies that make a whole business out of this, so don’t underestimate this factor.
9) Before connecting to a local network or wireless access point, first change the MAC address.
10) Do not use any untrusted or unverified application.
11) It is advisable to provide yourself with a “penultimate frontier”, that is, some kind of intermediate node to your own, through which to conduct all activity (as is done with dedicated servers or implemented in Whonix), so that if all previous obstacles are overcome or the working system is infected third parties gained access to the intermediary blank and did not have any special opportunities to move further in your direction (or these opportunities would be extremely expensive or require a very large amount of time).
Almost all of us from time to time face problems associated with anonymity on the Internet: when we need to take some action and remain completely unnoticed. For example, you want to hide your visit to social media from the all-seeing eye of administrators at work. networks and passwords to them (which are not so difficult to intercept). Or go somewhere under someone else’s account, but in such a way that you are 100% not identified. In other words, hide your activity on both sides: on your side and on the side with which you interact.
Yes, it’s even trivial that it’s necessary somehow bypass blocking of prohibited sites(at work or throughout Russia). The problem is popular now. We’ll talk about all these problems in today’s article.
I would like to note right away that these methods of ensuring anonymity on the Internet are not a panacea, nor are they a complete set of anonymization that is needed by someone who is going to break banks, the FSB and other structures of this kind. This article is intended to provide basic ways to solve the most common range of problems. The rest will be discussed in my next article.
Let's start with something simple...
There are a whole lot of ways.
Method No. 1. Web anonymizers.
Perhaps the most accessible and simplest of all. They are also called web proxies (synonyms). These are sites that are themselves browsers, i.e. have an address line in which you enter the address of the blocked resource, after which the anonymizer site displays all its contents on itself (in an iframe).
The most successful web anonymizers that I have used:
It is worth understanding that, in fact, the request to the site you are trying to access will be made on behalf of a completely foreign server, and it would seem that you are not only bypassing the blocking, but also remaining anonymous to the resource object, but that’s not the case.
Important points to remember when using any web anonymizers:
So it goes. In other words, web proxies are good when you need to quickly (without installing any software) bypass blocking on a not-so-secret resource.
Method number 2. Regular proxies (http/SOCKS).
For the most part, similar web proxies with the only difference being that you can use them to access not only websites, but also any other content (for example, play online games or go somewhere via ftp / ssh / RDP / something else).
Such proxies are either paid or die quickly, so I don’t provide a list here. And, to be honest, I haven’t used them for a long time.
Further methods allow you not only to bypass the blocking, but also to remain anonymous in terms of the resources you visit.
Method No. 3. TOR browser/network.
The TOR network is a fairly well-known thing. This is a kind of network of voluntarily maintained nodes around the planet, which are some kind of analogue of a SOCKS proxy, but with important differences. Each TOR node:
And most importantly: when connecting via TOR, you always use a whole chain of TOR nodes! Each subsequent node is connected to the previous one with the same secure TLS connection, which ultimately makes your Internet activity almost untraceable.
How does it work and how to use the TOR network? There are two options.
The first - simplified - is the TOR browser. Download it from here (official project website).
After a simple installation, you launch the TOR browser, which is 99.9% identical to regular Firefox:
When you launch the browser, your TOR chain is automatically generated (consists of random nodes, each launch the chain is different) and connections are made automatically. It's simple. However, only your running browser remains anonymous. No games, applications, RDP or other browsers will be anonymous.
And to have them, you need to download and use the full version called Expert Bundle (available at the link above). Download the archive, unpack and run the tor.exe file. Then in the console you observe the process of generating the chain and completing the connection to the TOR network. At the end you will see something like this:
Already from this screen you can see that on port 9050 of your local computer (127.0.0.1) there is a SOCKS5 proxy, which you are free to use for any purpose, while remaining completely anonymous. :) What's next? It's simple: in the settings of your browser (or any other software that you want to run through TOR), set the proxy parameters: address - 127.0.0.1, port - 9050. That's it, the job is done.
But don't delude yourself too much. The TOR network itself is safe and has been tested many times; all proxy sources are open and can be easily viewed for various types of bookmarks. But this does not mean that users of this network are never identified. If you use the Tor network to hack the FSB, and at the same time log into your VKontakte account, then you should hardly be surprised when the door is knocked down with a sledgehammer a couple of hours later.
Important rules for using the TOR network:
Compliance with these simple rules guarantees you a very high degree of anonymity. And of course, it will allow you to bypass any restrictions. By the way, there are portable versions of Tor, including the TOR browser. In other words, you can carry it with you on a flash drive, which can be extremely convenient.
Method number 4. Anonymous VPN service.
Also not bad, but most importantly, a convenient way of anonymization and bypassing restrictions. If you don't know what a VPN is, go here. It is worth noting that in this method we are talking about encrypted and anonymous VPN services (i.e. pure L2TP and the like are no longer needed).
The good thing about this option is that it does not require you to make any settings or manipulate programs, browsers, or distortions for services that cannot work with proxies (and therefore using TOR will be difficult, although quite possible!). Just create a connection or install a program for your VPN service, and all problems are solved: your IP and system information are securely hidden, the channel is quite securely encrypted, restrictions / blocking of prohibited sites are removed.
In addition, a significant advantage of any adequate VPN service is the ability to choose the IP address (= country) of the server from a fairly large variety. It makes sense if you need the IP of a specific country in which some resource is allowed. Or, for example, you want to create a network of foreign contacts on Facebook or LinkedIn (they track your profile country and real IP, after which they easily distribute bans)
But anonymous VPNs also have their disadvantages:
In this regard, it is worth looking for VPN services that, according to their statements and a number of reviews, comply with the following rules:
And here is a list of such VPN services (tested either by me personally or by my colleagues):
Here are the main really interesting and useful options. It’s not worth looking among Russian ones, but if you’ve already set your sights on low prices and don’t intend to do anything illegal, then take a look at HideMyAss: the price tag is not bad, and the choice of IP providers is large and very convenient. For creating a network of fake accounts on LinkedIn (which many outsourcing companies in our country do, using this particular service :)) will be a great fit.
What should you choose in the end? What's the best way to become anonymous? It all depends on your goals. If you just want to bypass site blocking, a web anonymizer or a regular proxy can help you. Do you also want to hide your traffic from those who can listen to it? And at the same time from all the sites you visit? Then definitely TOR or anonymous VPN. Do you want to choose the IP of the country you need? The answer is clear: an anonymous VPN network.
In any case, it is worth remembering that there are no ideal means of ensuring anonymity, and before committing any illegal activity, you should think carefully about its feasibility and risks. And if you decide, then do not forget about the principle of echeloning your personal defense. ;)
Sincerely, Lysyak A.S.
Recently, the popularity of “anonymous surfing” on the RuNet has increased sharply. Tor, VPN, and other services allow you to protect trade secrets and gain access to sites and services that, for various reasons, are inaccessible with a regular connection. We have prepared a guide to the “internet without barriers” for those who want to decide for themselves which sites they should visit and which they should not.
What is this?
An anonymizer is a software tool that allows the user to hide information about his computer, change the IP address, make it impossible to identify someone by traffic, and so on.
Why are anonymizers needed?
Some people think that anonymizers are only needed by criminals and hackers, but in reality this is not the case. The ability to access the Internet via a secure channel and encrypt Internet traffic will be useful to many ordinary users. Let's consider the main methods of application:
- Access to blocked sites. If your provider or, for example, employer blocks some sites, you can easily access them by changing the IP address. Thus, if a company has banned Odnoklassniki, employees will be able to continue using their favorite network. The same applies, for example, to torrent trackers or online libraries. If you do not have access to any site from Russia, you can connect the IP address of the desired country, after which the system will successfully recognize you as a foreigner. Thus, you can access services and sites that are not available on the RuNet - for example, streaming services like Spotify or Netflix. Anonymizer makes you virtually invulnerable to censorship attempts on the Internet. Are you going on vacation to China, but don’t want to lose Facebook and Twitter? With anonymizers this is not a problem.
- Bypassing the ban. If you are banned by your IP address on some resource, just change it and you can use its capabilities again.
- Overcoming virus attacks. Some malware is so advanced that it can even block access to antivirus sites so that you cannot clean your computer, but an anonymizer can help in this case too.
- Ensuring Internet Privacy. If you need to hide your Internet activity from outsiders as much as possible (for example, you are the head of a company who is afraid of surveillance from competitors), anonymizers will help you make your Internet traffic and browser activity less accessible to intelligence agencies and hackers.
- Bypass ISP speed limits. If you try, using an anonymizer you can bypass the limits set by providers on connection speed when transferring certain types of data. For example, the author of this material in this way bypasses Yota’s restrictions on downloading via torrents.
- Using anonymizers, you can gain access to the “deep” Internet. These are sites that are inaccessible to ordinary users; they simply will not open via a link if you are not connected, for example, to the TOR network.
How to set up a proxy and VPN on your computer?
0. Super easy ways:
Turbo mode in the browser. In “accelerating” turbo mode, browsers pass traffic through their own proxy servers, which are mainly located in other countries. Thus, you can easily bypass blocking. True, there will be no anonymity, and all this does not always work; many sites are simply incompatible with turbo modes. The most advanced and useful turbo mode in Russia's favorite Opera browser. The method is useful because it is easy to activate: you see that your access to some site is blocked, and simply switch the browser to turbo mode. It is highly likely that access will appear.
Online anonymizers. These are simple sites into which you can enter a link to a resource that is blocked for you and gain access to it. It works quite slowly, but, in principle, stable. You just need to be extremely careful and use only trustworthy sites, because fraud associated with theft of passwords and other unpleasant things is widespread in this segment of services. You can use, for example, PageWash, ProxyWeb , HideMyAss .
TOR is an entire ecosystem that has become a symbol of the era of the anonymous Internet. The network has a large number of users; it even has its own analogue of the Internet, which is not accessible from the main version of the global network.
The system works as follows: TOR users run a proxy server on their computer, which connects to the servers of the TOR “onion” network. Packets in the system pass through several random proxy servers, each of the packets is pre-encrypted with several keys, which are then decrypted by the proxy nodes.
Actually, this is why TOR is called the onion network - since the proxy servers gradually, layer by layer, “undress” the packet cipher, as if peeling the husk from an onion. Passing through this complex network, the traffic becomes almost anonymous; it turns out that it is still possible to determine where it comes from, but it is difficult and very resource-intensive. However, such protection significantly slows down the Internet speed.
Using TOR, you can anonymously surf the regular Internet with a “floating” IP address. This will bypass all blocking. You will also be able to access sites on the “hidden” Internet. You can view their list in the “hidden Wikipedia” Hidden Wiki (available only with an established TOR connection). However, when surfing the secret internet, be extremely careful. The sites located there do not obey any laws; there you can easily encounter dangerous scammers, inadvertently give out your data to hackers, come across illegal pornography and other unpleasant things.
TOR is an open source service that is distributed free of charge. At the same time, using TOR is very simple; the system requires virtually no configuration. You can download it for free from the official website; there are versions for Windows, Linux, Mac OS X and Android.
After downloading the client, just click the Connect button and connect to the TOR network, after which TOR Browser will automatically open - a version of Firefox specially configured for maximum security. In principle, nothing prevents you from continuing to use any other browser, although security when using TOR Browser will definitely be higher. That's all - as soon as the connection is established, you are no longer subject to blocking and can browse the sites freely and uncensored.
pros - easy to set up, free
Minuses - slow
2. Paid VPN services
If not only freedom, but also speed is important to you, you will have to use a VPN connection. VPN (Virtual Private Network) is an encrypted “tunnel” connection over the Internet that allows relatively secure transfer of information to and from remote servers. This allows you to interact with the Internet using an external intermediary who has the desired location and, accordingly, an IP address.
There are a lot of VPN services, but most of them are not free (albeit inexpensive). We will not advertise individual VPN providers, but we note that a Google search is enough to quickly find several foreign companies offering similar services.
VPN is a fairly reliable way to transfer information. The fact is that even if your traffic is intercepted, it will still remain encrypted, which will allow you to avoid, for example, the notorious NSA surveillance. However, you are not immune from the dishonesty of the VPN provider itself. At the same time, the VPN connection practically does not slow down the speed of the Internet, unlike TOR.
If you have an activated VPN connection to a provider from another country, sites will take you not as a Russian, but, for example, as an Englishman, a Bulgarian, or a resident of any other country of your choice. This will allow you, for example, to make sure that resources open by default in the language you need (for example, if you go to England, but would like your usual sites to open in Russian). And, of course, this will be useful for bypassing blocking.
pros: speed of operation
Minuses: dependence on the VPN provider, mostly provided for a fee
3. Jap
This is a somewhat unusual VPN system that allows you to work with the Internet by passing the connection through several foreign servers using a cascade system. This ensures anonymity and the ability to use a European IP address.
The application can be downloaded for free from the project website; unfortunately, it is only available for Windows. But Jap's settings are more complicated than those of TOR.
After downloading the Jap client, disable the Windows Firewall. After launching the application, enable anonymity in the options. Then go to your browser and configure it for traffic via Jap. This is done differently in different browsers. For example, in Internet Explorer you need to select "Tools", click on "Internet Options" and go to "Connections". After clicking on "LAN Settings", enable "Use a proxy server for local connections". Enter the address 127.0.0.1, port 4001. After this you can start using it.
pros: there is a free version, the system is safe and very reliable
Minuses: lack of support for OSs other than Windows, low speed of the free version, relative complexity of setup.
4. Ultrasurf
A convenient and easy way to work with blocked sites. The application is distributed free of charge, available exclusively on the Windows platform. The application uses a highly complex and partially secret encryption system to access the Internet. There is virtually no need to configure Ultrasurf - just download the client and install it. True, work with Ultrasurf is carried out only using the Internet Explorer browser, which is not famous for its user-friendly interface. Also, some users do not trust the service, considering it to be controlled by the NSA and American intelligence agencies.
pros: good speed, ease of use
Minuses: opacity of the work scheme, "common" on Internet Explorer
On smartphones
You can also access Odnoklassniki or other sites blocked for you using mobile devices. Often the easiest way is, again, to simply use “turbo mode” in Chrome, Yandex.Browser, or any other browser that can compress traffic. In order to “lighten” the pages, it passes a stream of data through its servers - that is, it does, in essence, the same thing as an anonymizer (although for Google or Yandex themselves, of course, you are not anonymous). However, this simple method does not work with all sites, unfortunately.
For iOS users, we can recommend Onion Browser (yes, exactly the one that is used on computers to access the TOR network). It allows you to fully use the Internet privately and anonymously. You can download it from the App Store for 33 rubles. The Onion Browser is not available for Android users, but there is an excellent alternative client, Orbot, that allows you to quickly and easily connect to the TOR network. The application, of course, does not look so great, but it does its job reliably and is distributed free of charge on Google Play.
If you don't want to use third-party browsers, you can set up a VPN on your phone to secure all Internet traffic. This is a rather complex operation, which is more suitable for advanced users. A good option is a relatively simple application for iOS and Android that reliably creates a VPN connection. However, you can use it to transfer only 500 megabytes per month for free; you will have to pay extra for the rest.
But Windows Phone, unfortunately, does not yet support establishing VPN connections. They haven’t released it for the platform and private browsers, so users of Microsoft’s OS have nowhere to go for now.
Instead of an afterword
We live in an era of ongoing regulation of the Internet - the distribution of pirated content on the global network is being increasingly controlled, restrictions on access to certain information are being introduced, social networking sites are being blocked, and so on. However, for many years the Web has been the personification of the era of information freedom created by humanity, the highest achievement of civilization, which allows us to bring together all countries and nations in a single, albeit chaotic, information space.
Having become a global and universal phenomenon, the Internet has absorbed the norms and frameworks inherent in human society - this is, perhaps, a natural process. But fortunately for those who cannot live without digital freedom, TOR and VPN exist.
Federal Law of July 2, 2013 No. 187-FZ “On Amendments to Legislative Acts of the Russian Federation on the Protection of Intellectual Rights in Information and Telecommunication Networks” (formerly Draft Law No. 292521-6, also known in the media as the “Anti-Piracy Law”, “ Russian SOPA", "Law against the Internet" and "Law on Arbitrary Blocking") - a law that implies the possibility of blocking sites containing unlicensed content at the request of the copyright holder. Initially, it was assumed that this would apply to all types of information, however, after amendments, the law will apply only to video products. If, after warning, the site owners do not remove the controversial material, the entire resource will be blocked. However, the copyright holder will have to prove that he has the rights to the content posted online that he intends to remove.
The first to be blacklisted by Roskomnadzor were torrents - sites that illegally distribute content without the permission of the copyright holder. On November 9, the most famous torrent tracker on the RuNet, RuTracker, was blocked. The site administration offered to optionally take a survey of two options in favor of saving or blocking content. 67% of the million users voted in favor of saving the content. True, Roskomnadzor is not very concerned about this yet.
But OFFICEPLANKTON knows how to become invisible on the Internet. For those who want to bypass the Roskomnadzor ban, we have looked at 5 proven ways to bypass site blocking.
AnonyMouse or anonymous mouse is a site that has existed since 1997, which will make you invisible and you will be able to access any blocked site. All you have to do is log in to the site, enter the desired URL, and you're done. The site itself will redirect you to the specified URL, and will issue a proxy server through which you can safely explore any site or Internet.
Ninja Hideout is the second free way to hide on the Internet. The Ninjacloak website will make you invisible, allowing you to bypass the blocking of not only Roskomnadzor and the administrator, but also the enabled firewall.
The TOR browser (possible replacement for Opera, Google Chrome, Mozilla FireFox) is a real light at the end of the tunnel. At the end of the tunnel of the Internet you are familiar with, TOR will allow you to enter a world hidden from the eyes of respectable mortals.
Go to the site, download your browser and surf the Internet through it. It immediately has a built-in proxy server system that gives you anonymity on the network. In addition to the deep Internet, you can freely work on the normal (ordinary) Internet.
In addition to a PC, TOR can be installed on a smartphone or tablet.
The Zenmate plugin is available in two versions: free and paid. Installed on any browser (Chrome, Opera, Mozilla), as well as on Android and iOS mobile platforms. Install and view your favorite sites and no one will know about your Internet adventures.
Frigate is a browser application that allows you to bypass any blocking (not only by the administrator but also by Roskomnadzor). The application uses dedicated proxy servers, and high-speed website surfing is ensured by minimizing speed loss. Without registering.
Such knowledge will serve everyone well in terms of freedom of choice when even this is deprived of you. Knowledge of the laws and the ability to bypass the system while maintaining one’s human dignity is the main and correct path of a modern citizen.
OFFICEPLANKTON does not call for massive disregard of the laws of the Russian Federation and other countries, but the freedom to calmly navigate the Internet, surf whatever your heart desires - these are your rights that no one dares take away.
Continuing the theme of useful hacking, we present hidden ones that you didn't know about.
