This document provides tips for maintaining anonymity on the web. It discusses using proxies to hide your IP address from websites and servers. It also recommends using encrypted connections like SSL and cryptography tools like PGP to encrypt emails and files. Cookies are described as posing a privacy threat by storing information on your computer, so the document advises disabling them or logging out of sites completely. Other tips include using anonymous remailers, deleting browser history/cache files, and avoiding giving out personal details online.
This document provides tips for maintaining anonymity on the web. It discusses using proxies to hide your IP address from websites and servers. It also recommends using encrypted connections like SSL and cryptography tools like PGP to encrypt emails and files. Cookies are described as posing a privacy threat by storing information on your computer, so the document advises disabling them or logging out of sites completely. Other tips include using anonymous remailers, deleting browser history/cache files, and avoiding giving out personal details online.
This document provides tips for maintaining anonymity on the web. It discusses using proxies to hide your IP address from websites and servers. It also recommends using encrypted connections like SSL and cryptography tools like PGP to encrypt emails and files. Cookies are described as posing a privacy threat by storing information on your computer, so the document advises disabling them or logging out of sites completely. Other tips include using anonymous remailers, deleting browser history/cache files, and avoiding giving out personal details online.
[ t a b l e o f c o n t e n t s ] 01 - table of contents 02 - introduction 03 - first tips 04 - about proxies 05 - cookies 06 - ftp transfers 07 - secure transactions 08 - SSL tunelling 0 - anon!"it! on irc 10 - "ail cr!pto #and pgp usage$ 11 - ic% pri&ac! 12 - sp!'are 13 - cleaning tracks 14 - ending 'ords [ introduction ] (o'ada!s) e&er!one 'ants pri&ac! on t*e 'eb) because no "atter '*ere !ou go) so"eone could be 'atc*ing !ou+ So"eone like !our e"plo!er) so"eone tr!ing to *ack !our s!ste") co"panies gat*ering all !our info to sell to !et ot*er co"panies) or e&en t*e go&ern"ent) "a! be on !our track '*ile !ou peacefull! surf t*e 'eb+ ,*us) anon!"it! on t*e 'eb "eans being able tu use all of its ser&ices 'it* no concern about so"eone snooping on !our data+ -our co"puter being connected to t*e net *as an ./ 0.nternet /rotocol1 address+ .f !ou *a&e a dial-up connection) t*en !our ./ c*anges e&er! ti"e !ou connect to t*e internet #t*is is not al'a!s true) t*oug*+ ,*ere are dialup isps) speciall! for uni&ersit! students) t*at do *a&e static ips$+ 2able "ode"s and 3SL connections *a&e a static ./) '*ic* "eans t*at t*e ./ address does not c*ange+ 4ne of t*e goals of getting anon!"ous is to "ake sure !our ip) eit*er static or d!na"ic$ isn5t re&ealed to ot*er users of t*e internet) or to ser&er ad"inistrators of t*e ser&ers !ou roa" around '*en using internet ser&ices+ ,*is text tries to gi&e !ou so"e *ints on *o' to "aintain !our anoni"it! on t*e 'eb+ So"e of t*e *ints "a! sound banal) but t*ink of) if !ou reall! abide t*e" in e&er! situation+ [ first tips ] 6*en c*atting on .72) .28) 9.: #etc++$) do not gi&e out personal infor"ation about !ourself) '*ere !ou li&e) 'ork) etc+ 3o not use !our pri"ar! e"ail address #t*e one !our .S/ ga&e !ou$ an!'*ere except to fa"il! "e"bers) close friends or trusted people+ .nstead create for !ourself a 'eb-based e"ail account suc* as !a*oo) *ot"ail) d!na"ite"ail) "ail+co") etc+ and use t*is e-"ail address to signing up for ser&ices) '*en in t*e need to gi&e !our "ail to do'nload so"et*ing) or to publis* on !our *o"epage+ 6*en signing up for ser&ices on t*e 'eb) don5t gi&e !our real infor"ation like address) p*one nu"ber and suc* unless !ou reall! need to do so+ ,*is is t*e kind of infor"ation t*at infor"ation gat*ering co"panies like to get) so t*at t*e! can sell out and fill !our "ailbox 'it* spa"+ ;se an anon!"ous prox! to surf t*e 'eb+ ,*is "akes sure !our ip doesn5t get stored on t*e 'ebser&er logs+ #6ebser&ers log e&er! <=, re%uest "ade) toget*er 'it* date) *our) and ./+ ,*is is '*ere t*e prox! co"es in+ ,*e! get t*e ip fro" t*e prox!) not !ours$ ;se a bouncer to connect to .72 net'orks) in case !ou don5t trust t*e ad"inistrators) or t*e ot*er users+ 9 bouncer is a progra" t*at sits on a per"anentl! connected "ac*ine t*at allo's !ou to connect t*ere) and fro" t*ere to t*e irc ser&er) >ust like a prox! 'orks for 'ebser&ers+ ;se anon!"ous re"ailers to send out !our e-"ails+ 2r!ptograp*! can also *elp !ou b! "aking sure t*e "aterial !ou send out t*e 'eb) like b! e"ail) etc) is c!p*ered) not allo'ing an!one t*at doesn5t *a&e !our ke! to read it #in ke!-based cr!ptograp*!$+ /rogra"s like /</ #prett! good pri&ac!$ are toolkits 'it* all !ou need to c!p*er and unc!p*er !our stuff+ 3elete traces of !our 'ork 'it* t*e co"puter including *istor! files) cac*e or backup files+ [ about proxies ] /roxies are cac*es t*at rela! data+ 6*en !ou configure !our 'eb bro'ser to use a prox!) it ne&er connects to t*e ;7L+ .nstead it al'a!s connects to t*e prox! ser&er) and asks it to get t*e ;7L for !ou+ .t 'orks si"ilarl! 'it* ot*er t!pe of ser&ices suc* as .72) .28 etc+ ,*ere5ll 'on5t be direct connection bet'een !ou and t*e ser&er) so !our real ./ address 'on5t be re&ealed to t*e ser&er+ 6*en !ou &ie' a 'ebsite on t*e ser&er) t*e ser&er 'on5t see !our ./+ So"e of 'eb proxies do not support for'arding of t*e cookies '*ose support is re%uired b! so"e of t*e 'ebsites #for ex+ ?ot"ail$+ ?ere are so"e anon!"ous proxies t*at !ou can use to surf anon!"ousl! #notice t*at so"e of t*ese "a! be a pa!ed ser&ice$@ 9ixs - *ttp@AAaixs+netA 7e'ebber - *ttp@AA'''+anon+deA 9non!"iBer - *ttp@AA'''+anon!"iBer+co"A ,*e 2loak - *ttp@AA'''+t*e-cloak+co"A -ou5ll *ig*l! probabl! find "an! 'ebsites t*at pro&ide t*e lists of unaut*orised proxies and re"ailers + Suc* lists are being co"piled usuall! 'it* t*e *elp of port scanners or exploit scanners) scanning for co"puters 'it* 'ingate or ot*er proxies5 backdoors+ ;sing t*ese proxies is illegal) and is being considered as unaut*oriBed access of co"puter+ .f !ou get suc* list to !our *ands) c*eck if t*e info is legal or co"piled b! script kiddie) and act acordingl!+ .f !ou an!*o' decide not to use prox!) at least do not forget to re"o&e !our personal infor"ation fro" !our bro'ser+ 9fter !ou re"o&e details like !our na"e and e-"ail address fro" !our bro'ser) t*e onl! info a 6eb site can sniff out is !our .S/5s address and geograp*ical location+ 9lso Ca&a and Ca&aScript applets can take control of !our bro'ser unexpectedl!) and if !ou are surfing to unkno'n and potentiall! dangerous places !ou s*ould be a'are of t*at+ ,*ere are exploitable bro'ser bugs #"ainl! .nternet explorer ones$ reported e&er 'eek+ [ cooies ] :a!be !ou5re not a'are of t*e fact t*at if !ou *a&e t*e Dallo' cookiesD feature in !our bro'ser on) 'ebsites can store all sorts of infor"ation on !our *arddri&e+ 2ookies are s"all files t*at contain &arious kind of infor"ation t*at can be read bt 'ebsites '*en !ou &isit t*e"+ ,*e usual usage is to track de"ograp*ics for ad&ertising agencies t*at 'ant to see >ust '*at kinds of consu"ers a certain site is attracting+ 6eb sites also use cookies to keep !our account infor"ation up-to-date+ ,*en for instance '*en !ou &isit !our e-"ail 'ebbased account 'it*out being unlogged so"e *ours later) !ou find !ourself being logged on) e&en if !ou turn off !our co"puter+ -our login and pass'ord 'as si"pl! stored on !our *arddri&e in cookie file+ ,*is is securit! t*reat) in case t*at t*ere is "ore persons '*o *a&e t*e access to !our co"puter+ :ost of t*e bro'sers offer t*e possiblit! to turn off t*e cookies) but so"e of sites like ?ot"ail+co" re%uire t*e" to be turned on+ .n case !ou decided to allo' cookies) at least ne&er forget to log off fro" t*e 'ebsites '*en !ou5re finis*ing &isiting t*e"+ [ ftp transfers ] 6*en using an E,/ client progra" to do'nload files) assure !ourself) t*at it5s gi&ing a bogus pass'ord) like guestFunkno'n+co") not !our real one+ .f !our bro'ser lets !ou) turn off t*e feature t*at sends !our e-"ail address as a pass'ord for anon!"ous E,/ sessions+ [ secure transaction ] =&er!t*ing being sent fro" t*e 'eb ser&er to !our bro'ser is usuall! in plain text for"at+ ,*at "eans) all transferred infor"ation can be easil! sniffed on t*e route+ So"e of t*e 'eb ser&ers support SSL #'*ic* stands for Secure Socket La!er$+ ,o &ie' and use t*ese 'ebsites !ou5ll need SSL support in !our bro'ser as 'ell+ -ou recogniBe) t*at t*e connection is encr!pted) if ;7L starts 'it* *ttps@AA instead of usual *ttp@AA+ (e&er use 'eb ser&er 'it*out SSL for sending or recei&ing sensiti&e pri&ate or business infor"ation #credit card nu"bers) pass'ords etc+$ [ !!" tunelling ] 6*at is SSLG SSL stands for Secure Socket La!er+ ,*e GSecureG i"plies an encr!ption) '*ile Socket La!er denotes an addition to t*e 6indo' Socket s!ste") 6insock+ Eor t*ose t*at donGt kno') a Socket is an attac*"ent to a port on a s!ste"+ -ou can *a&e "an! sockets on one port) pro&iding t*e! are non-blocking #allo'ing control to pass t*roug* to anot*er socket a'are application '*ic* 'is*es to connect to t*at port$+ 9 Secure Socket La!er "eans t*at an! sockets under it) are bot* secure and safe+ ,*e idea be*ind SSL 'as to pro&ide an encr!pted) and t*us) secure route for traffic along a socket based s!ste") suc* as ,2/A./ #t*e internet protocol$+ 3oing t*is allo's securit! in credit card transactions on t*e .nternet) encr!pted and protected co""uni%uH along a data line) and o&erall peace of "ind+ ,*e SSL uses an encr!ption standard de&eloped b! 7S9+ 7S9 are a 'orld respected 9"erican organisation t*at specialiBes in encr!ption and data securit!+ .nitiall!) t*e! de&eloped a cip*er lengt* of onl! 40 bits) for use 'it* t*e Secure Socket La!er) t*is 'as considered 'eak and t*erefore a longer "uc* "ore co"plicated encr!ption cip*er 'as created) 128 bits+ ,*e reasoning be*ind it 'as si"ple@ it needs to be secure+ ,*e 7S9 site puts t*e ad&antage of a longer encr!ption lengt* prett! clearl!@ because 40-bit encr!ption is considered to be relati&el! 'eak+ 128-bits is about 30 septillion ti"es # 30)485)000)000)000)000)000)000)000 $ larger t*an 40-bits+ ,*is 'ould "ean it 'ould take t*at "an! ti"es longer to crack or break 128-bit encr!ption t*an it 'ould 40-bit+ .f !ou 'ant "ore infor"ation on t*e tec*nicalities or 7S9Gs SSL encr!ption engine) &isit t*eir site@ *ttp@AA'''+rsasecurit!+co"AstandardsAssl+ Iut '*at does all t*is encr!ption and securit! *a&e to do 'it* !ouG 6ell) t*atGs a si"ple %uestion+ (o "atter *o' *ard !ou tr!) at ti"es !our pri&ac! 'ill need to be kno'ingl! in&aded so !ou can "ake use of t*e product offered for doing so+ .f !ou t*ink about food) for exa"ple) one cannot eat 'it*out s'allo'ing+ 6*en 'e 'is* to "ake a transaction or &ie' a site on t*e internet) '*ere 'e *a&e to gi&e enoug* infor"ation a'a! so t*at it *appens) 'e also 'ant to be assured no one else along t*e line gat*ers t*at data+ 9n encr!pted session 'ould "ean our data is not at t*e *ands of an! pri&ac! perpetrators unless t*e! kne' *o' to decode it G and t*e onl! ones in t*e kno') are t*ose !ou specificall! 'is*+ SSL uses public ke! encr!ption as explained in t*e /</ section+ ,o put t*is at a *ead@ if !ou use an encr!pted connection or session) !ou can be relati&el! assured t*at t*ere are no pr!ing e!es along t*e 'a!+ 9nd *o' do . i"ple"ent SSL 'it* SSL ,unnellingG 6e kno' t*at a Secure Socket La!er is safe) but '*at 'e donGt kno' is '*at a ,unnel is+ .n t*e "ost si"plistic for") a tunnel is a prox!+ Like prox! &oting in general elections) a tunnel 'ill rela! !our data back and fort* for !ou+ -ou "a! be a'are t*oug*) t*at t*ere are alread! GproxiesG out t*ere) and !es) t*at is true+ ,unnelling is done &ia proxies) but it is not considered to be t*e sa"e as a standard prox! rela!ing si"pl! because it isnGt+ ,unnelling is &er! special kind of prox! rela!) in t*at it can) and does rela! data 'it*out interfering+ .t does t*is transparentl! and 'it*out grie&ance or an! care for '*at is passing its 'a!+ (o') if 'e add t*is abilit! to GtunnelG data) an! data) in a pipe) to t*e Secure Sockets La!er) 'e *a&e a closed connection t*at is independent of t*e soft'are carr!ing itJ and so"et*ing t*at is also encr!pted+ Eor t*ose of !ou 'anting to kno' a little "ore about t*e tec*nicalities) t*e SSL la!er is also classless in t*e sense it does not interferer 'it* t*e data passed back and fort* G after all) it is encr!pted and i"possible to ta"per 'it*+ ,*at attribute "eans an SSL capable prox! is able to transfer data out of its GproxiedG connection to t*e destination re%uired+ So to su" up) 'e *a&e bot* a secure connection t*at does t*e >ob and rela!s t*ings in t*e rig*t directionJ and 'e *a&e direct tunnel t*at doesnGt care '*at 'e pass t*roug* it+ ,'o &er! useful) and al"ost blind entities+ 9ll 'e need no' is a secure prox! t*at 'e can use as t*e tunnel+ /roxies@ Secure proxies are alike standard proxies+ 6e can eit*er use an ?,,/ base SSL e%uipped prox! - one specificall! designed for securit! ?,,/ traffic) but because of t*e ignorant nature of SSL co""unication) it can be bent to an! needs G or 'e can use a proper SSL ser&ice designed for our connection G like !ou 'ould use a secure ((,/ #ne's$ progra" 'it* a secure prox! on port 563 instead of taking our long 'a! - '*ic* 'ould probabl! 'ork as 'ell+ 9 secure ?,,/ prox! operates on port 443+ ?ost proxies are not public) t*at "eans t*e! operate for) and allo' onl! traffic fro" t*eir subnet or t*e .S/ t*at operates t*e" G but) t*ere are "an! badl! configured ?,,/ proxies and so"e public ones out t*ere+ ,*e use of a progra" called ?,,rack #a&ailable on (e'order$ 'ill aid !ou in scanning and searc*ing for proxies on !our net'ork or an!'*ere on t*e .nternet if !our .S/ does not pro&ide !ou 'it* one+ (e'order also features a nu"ber of sites dedicated to listing public proxies in t*e 9non!"it! section+ 6*ile itGs often *ard to find a suitable fast prox!) itGs 'ort* t*e effort '*en !ou get one+ So *o' can . secure "! connections 'it* SSL ,unnellingG ,*atGs a big %uestion) and be!ond t*e scope out t*is tuition as it "ust co"e to and end+ . can *o'e&er) point !ou in t*e rig*t direction of t'o resources t*at 'ill aid !ou in tunnelling bot* .72) and "ost ot*er connections &ia a ?,,/ prox!+ Eor 6indo's) t*e first stop 'ould be *ttp@AA'''+totalrc+netGs Socks2?,,/+ ,*is is an SSL tunnelling progra" t*at turns a nor"al socks prox! connection into a tunnelled SSL connection+ ,*e second stop) for bot* 6indo's and ;nix is stunnel+ Stunnel is a <(; kit de&eloped for SSL tunnelling an! connection+ .t is a&ailable for co"pile and do'nload as binar! *ere@ Stunnel *o"epage - *ttp@AA"ike+dae'oo+co"+plAco"puterAstunnel [ anonymity on irc ] 9 I(2) or a Iouncer - is used in con>unction 'it* .72 as a 'a! of *iding !our *ost '*en people A'*ois !ou+ 4n "ost .72 net'orks) !our *ost isnt "asked '*en !ou '*ois) "eaning t*e entire ./ appears) like 14+2+0+21) '*ic* can be resol&ed+ 4n ot*er net'orks) !our *ost "ig*t be "asked) like .72net'ork-0+1 but it can still gi&e &aluable infor"ation) like nationalit! if !our *ost is not a ./) but a 3(S resol&ed *ost) like "!+*ost+cn 'ould be "asked to .72net'ork-*ost+cn but t*is 'ould still tell t*e person '*o '*oised !ou) t*at !ou are fro" 2*ina+ ,o keep infor"ation suc* as t*is *idden fro" t*e ot*er users on an .72 net'ork) "an! people use a Iouncer) '*ic* is actuall! >ust a /rox!+ Let us first dra' a sc*e"atic of *o' a nor"al connection 'ould look) 'it* and 'it*out a I(2 installed+ 6it*out a I(2@ !our+*ost+cn KK--LL irc+box+sk 6it* a I(2@ !our+*ost+cn KK--LL "!+s*ell+co" KK--LL irc+box+sk -ou 'ill notice t*e difference bet'een t*e t'o+ 6*en !ou *a&e a I(2 installed) a s*ell functions as a link bet'een !ou and t*e .72 ser&er #irc+box+sk as an exa"ple$+ -ou install a I(2 on a s*ell) and set a port for it to listen for connections on+ -ou t*en login to t*e s*ell 'it* !our .72 client) Iitc*MAMc*atA".72) and t*en it 'ill login to t*e .72 ser&er !ou specif! - irc+box+sk in t*is case+ .n affect) t*is c*anges !our *ost) in t*at it is "!+s*ell+co" t*at "akes all t*e re%uests to irc+box+sk) and irc+box+sk doesn5t kno' of !our+*ost+cn) it *as ne&er e&en "ade contact 'it* it+ .n t*at 'a!) depending on '*at *ost !our s*ell *as) !ou can login to .72 'it* a *ost like i+rule+co") t*ese &*osts are t*en actuall! >ust an alias for !our o'n "ac*ine) !our+*ost+cn) and it is all co"pletel! transparent to t*e .72 ser&er+ :an! ser&ers *a&e sock bots t*at c*eck for socket connections+ ,*ese aren5t I(2 connections) and I(2 cannot be tested using a si"ple bot) unless !our s*ell *as a socket port open #nor"all! 1080$ it 'ill let !ou in 'it* no proble" at all) t*e s*ell is not acting as a prox! like !ou 'ould expect) but "ore as a si"ple .72 prox!) or an .72 router+ .n one 'a!) t*e I(2 >ust c*anges t*e packet and sends it on) like@ to@ "!+s*ell+co" -L to@ irc+box+sk -L to@ "!+s*ell+co" fro"@ !our+*ost+cn K- fro"@ "!+s*ell+co" K- fro"@ irc+box+sk ,*e I(2 si"pl! s'aps t*e *ost of !our packet) sa!ing it co"es fro" "!+s*ell+co"+ Iut also be a'are) t*at !our o'n "ac*ine is perfectl! a'are t*at it *as a connection establis*ed 'it* "!+s*ell+co") and t*at -4; kno' t*at !ou are connected to irc+box+sk+ So"e I(2s are used in .72 net'orks) to si"ulate one *ost+ .f !ou *ad a global .72 net'ork) all linked toget*er) !ou could *a&e a local ser&er called@ cn+"!ircnet'ork+co" '*ic* 2*inese users 'ould log into+ .t 'ould t*en Iounce t*e" to t*e actual net'ork ser&er) in effect "aking all users fro" c*ina *a&e t*e sa"e *ost - cn+"!ircnet'ork+co") "asking t*eir *osts+ 4f course) !ou could c*ange t*e *ost too - so it didn5t re&eal t*e nationalit!) but it is a nice gesture of so"e net'orks) t*at t*e! "ask all *osts fro" e&er!one) but it "akes life *ard for .72ops on t*e net'ork - but its a s"all price to pa! for pri&ac!+ (ote@ =&en if !ou do use .72 bouncer) 'it*in 322 transfers or c*at) !our ./ 'ill be re&ealed) because 322 re%uires direct ./ to ./ connection+ ;sual "istake of .72 user is to *a&e 322 auto-repl! turned on+ Eor an attacker is t*en eas! to 322 c*at !ou or offer !ou a file) and '*en .72 clients are connected) *e can find out !our ./ address in t*e list of *is ,2/A./ connections #netstat$+ ?o' do . get .72 bouncerG !ou do'nload and install bouncer soft'are) or get so"eone to install it for !ou #probabl! t*e "ost kno'n and best bouncer a&ailable is I(2) *o"epage @ *ttp@AAgotbnc+co"A$ !ou configure and start t*e soft'are - in case it5s bouncer at ;nix "ac*ine) !ou start it on !our s*ell account #let5s sa! s*ell+so"e'*ere+co"$ !ou open .72 and connect to t*e bouncer at s*ell+so"e'*ere+co" on t*e port !ou told it to start on+ all depending on t*e setup) !ou "a! *a&e to tell it !our pass'ord and tell it '*ere to connect) and !ou5re no' on irc as s*ell+so"e'*ere+co" instead of !our regular *ostna"e 0 "ail cr!pto 1 ;suall! t*e safest 'a! to ensure t*at !our e-"ail 'on5t be read b! unaut*orised persons is to encr!pt t*e"+ ,o be co"patible 'it* t*e rest of t*e 'orld .5d suggest to use free /</ soft'are+ /</ #/rett! <ood /ri&ac!$ is a piece of soft'are) used to ensure t*at a "essageAfile *as not been c*anged) *as not been read) and co"es fro" t*e person !ou t*ink it co"es fro"+ 3o'nload location@ *ttp@AA'''+pgpi+orgA ?o' does pgp 6orkG ,*e '*ole idea be*ind /</ is t*at of /ublic and /ri&ate ke!s+ ,o explain t*e algorit*" /</ uses in order to encr!pt t*e "essage 'ould take too "uc* ti"e) and is be!ond t*e scope of t*is) 'e 'ill *o'e&er look at *o' it ensures t*e integrit! of t*e docu"ent+ 9 user *as a pass'ord) t*is pass'ord *as to be c*osen correctl!) so don5t c*oose pass'ords like DpopD or Dilo&e!ouD) t*is 'ill "ake an attack "ore likel! to succeed+ ,*e pass'ord is used to create a pri&ate ke!) and a public ke! - t*e algorit*" ensures t*at !ou can not use t*e public ke! to "ake t*e pri&ate ke!+ ,*e public ke! is sent to a ser&er) or to t*e people !ou send e-"ailsAfiles) and !ou keep t*e pri&ate ke! secret+ 6e 'ill use a fe' ter"s and people in t*is introduction) t*e! are@ /k - /ublic Ne!) Sk - Secret Ne! #pri&ate ke!$+ 9da" 'ill send an e-"ail to =&e) and 7ita 'ill be a person in bet'een) '*o 'e are tr!ing to *ide t*e content of t*e "ail fro"+ 7ita 'ill intercept t*e e"ail #/</ doesn5t ensure t*at 7ita cant get *er *ands on t*e package) s*e can - its not a secure line like ot*er tec*nologies$ and tr! to read itA"odif! it+ 9da" *as a Sk1 and a /k1) and =&e *as a Sk2 and a /k2+ Iot* 9da") =&e) and 7ita *a&e /k1 and /k2) but Sk1 and Sk2 are presu"ed to be totall! secret+ Eirst) *ere is a sc*e"atic of *o' it all looks@ /;IL.2 S=7O=7 /k1) /k2 9da" K------------------------------------------L =&e Sk1 P Sk2 Q Q Q Q 7ita So 9da" 'ants to send a packet to =&e) 'it*out 7ite reading it) or editing it+ ,*ere are t*ree t*ings t*at 'e need to "ake sure@ ,*at 7ita cant read t*e text 'it*out per"ission ,*at 7ita cant edit it in an! 'a!) 'it*out =&e and 9da" kno'ing ,*at =&en kno's t*at 9da" sent it Eirst t*ing is "aking sure 7ita cant read t*e text+ 9da" does t*is b! encr!pting t*e "essage 'it* =&es /k2 '*ic* *e *as found on t*e ser&er+ -ou can onl! =ncr!pt 'it* t*e /k) not decr!pt) so 7ita 'ont be able to read t*e data unless =&e *as re&ealed *er Sk2+ ,*e second t*ing to "ake sure) is t*at 7ite cant edit t*e "essage+ 9da" creates a *as* fro" t*e "essage *e *as created+ ,*e *as* can be encr!pted using /k2) or sent as it is+ 6*en =&e gets t*e "essage) s*e decr!pts it) and creates a *as* *erself) t*en c*ecks if t*e *as*es are t*e sa"e - if t*e! are) t*e "essage is t*e sa"e) if its different) so"et*ing *as c*anged in t*e "essage+ ,*e ?as* is &er! secure) and it is in t*eor! i"possible to "ake a c*ange) and get t*e *as* to re"ain t*e sa"e+ ,*e t*ird) and probabl! one of t*e "ost i"portant t*ings to ensure) is t*at 7ita *asn5t grabbed t*e "ail) "ade a ne' one) and sent it in 9da"s na"e+ 6e can ensure t*is b! using /ublic ke! and /ri&ate ke! too+ ,*e Sk can be used bot* to encr!pt and to decr!pt) but /k can onl! encr!pt+ 6*en 9da" nor"all! sends a "essage : to =&e) *e creates t*e encr!pted "essage 2 b! doing@ 2R/k2#:$+ ,*is "eans) 9da" uses /k2 #=&es /k$ on "essage : to create "essage 2+ ."age t*is@ 9da" can encr!pt t*e "essage 'it* *is Sk1) because it is i"possible to deri&e Sk1 fro" t*e "essage) t*is is secure and 'it*out an! danger) as long as no one kno's t*e pass'ord used to "ake Sk1 'it*+ .f t*e "essage : is encr!pted 'it* Sk1) *e gets a "essage called M) =&e can decr!pt t*e "essage using /k1 '*ic* is public+ .f t*e "essage decr!pts to so"et*ing t*at "akes sence) t*en it "ust be fro" 9da") because Sk1 is considered as secret) and onl! 9da" kno's it+ ,*e entire process looks like t*is) '*en sending "essage 2@ 9da" signs *is digital signature on 2) and *as*es 2@ MRSk1#2$+ ,*en 9da" encr!pts t*e "essage for =&e@ :R/k2#M$+ ,*e "essage is sent) and looks all in all like t*is@ :R/k2#Sk1#2$$+ 7ita can intercept :) but not decr!pt) edit) or resend it+ =&e recei&es :) and decr!pts it@ MRSk2#:$+ ,*en s*e c*ecks t*e digital signature@ 2R/k1#M$ and c*ecks t*e ?as* on t*e 'a!+ ,*is 'a!) t*e /</ /ublicA/ri&ate ke! s!ste" ensures integrit! and securit! of t*e docu"ent e-"ail) but /</ is not t*e onl! algorit*" t*at uses t*e /ublicA/ri&ate ke! t*eor!) Ilo'fis*) and 7S9 are a"ong t*e "an! ot*er tec*nologies t*at use it) /</ is >ust t*e "ost popular for e-"ail encr!ption) but "an! don5t trust it because of ru"ors of backdoors b! t*e (S9 #. don5t kno' if its true t*oug*$+ /</ co"es in a co""ercial) and a free'are &ersion for 6indo's) and is a&ailable for Linux as 'ell+ 6*at e&er encr!ption !ou use) it 'ill be better t*an none+ [ anonymous remailers ] 7e"ailers are progra"s accessible on t*e .nternet t*at route e"ail and ;S=(=, postings anon!"ousl! #i+e+) t*e recipient cannot deter"ine '*o sent t*e e"ail or posted t*e article$+ ,*is 'a! t*e sender can5t be traced back b! routing *eaders included in t*e e-"ail+ ,*ere are different classes of re"ailers) '*ic* allo' anon!"ous exc*ange of e"ail and anon!"ous posting to ;S=(=, and often "an! ot*er useful features+ 7esources@ 2*ain is a "enu-dri&en re"ailer-c*aining script@ *ttp@AA'''+obscura+co"Acr!pto+*t"l 7ap* Le&ien5s re"ailer a&ailabilit! page offers co"pre*ensi&e infor"ation about t*e sub>ect *ttp@AA'''+sendfake"ail+co"ASrap*Are"ailer-list+*t"l ,*e 2!p*erpunks 7e"ailers are being de&eloped to pro&ide a secure "eans of pro&iding anon!"it! on t*e nets+ ?ere !ou can find out about t*e a&ailable re"ailers) t*ose '*ic* *a&e been standard in existance for a long ti"e as 'ell as t*e ne' experi"ental re"ailers and anon!"ous ser&ers+ *ttp@AA'''+csua+berkele!+eduAc!p*erpunksAre"ailerA [ ic# pri$acy ] ?o' can . keep "! pri&ac! at .28G Send and recei&e "essages &ia .28 ser&er) not directl!+ =&er! direct connection enables attacker to learn !our ./+ =ncr!pt !our "essages b! dedicated soft'are) encr!ption addons+ ?o' to encr!pt .28 "essagesG ,*ere are addons '*ic* en*ance !our .28 'it* possibilit! to encr!pt outco"ing "essages+ ,*e user on t*e ot*er side needs to *a&e t*e addon as 'ell in order to decr!pt !our "essage+ 7esources@ *ttp@AA'''+encrsoft+co"AproductsAts"+*t"l ,op Secret :essenger #,S:$ - trial &ersion *as onl! 'eak 8-bit encr!ption *ttp@AA'''+planet-express+co"As&enAtec*nicalAde&Ac*atbudd!Adefault+*t"l 2*at Iudd! - a free'are 6indo's application for encr!pting c*at sessions *ttp@AA'''+algonet+seAS*enisakAic%Aencr!pt-&5+txt *o' encr!ption 'orks in .28 protocol &5 [ spyware ] 9s 'e all 'ork *ard to beco"e "ore sa&&! about protecting our personal infor"ation and keeping as anon!"ous as possible on t*e 'eb) ad&ertising co"panies are 'orking >ust as *ard to co"e up 'it* ne' 'a!s of getting our personal infor"ation+ 4ne of t*e 'a!s t*e! acco"plis* t*is is t*roug* sp!'are+ Sp!'are are applications t*at are bundled along 'it* "an! progra"s t*at !ou do'nload for free+ ,*eir function is to gat*er personal infor"ation about !ou and rela! it back to ad&ertising fir"s+ ,*e infor"ation is t*en used eit*er to offer !ou products or sold to ot*er ad&ertisers) so t*e! can pro"ote ,?=.7 products+ ,*e! clai" t*is is all t*e! do 'it* t*is infor"ation) but t*e proble" is nobod! reall! kno's for sure+ Sp!'are fits t*e classic definition of a tro>an) as it is so"et*ing t*at !ou did not bargain forT'*en !ou agreed to do'nload t*e product+ (ot onl! is sp!'are an in&asion of !our pri&ac!) but #especiall! if !ou *a&e a fe' different kinds on !our "ac*ine$ it can also c*e' up band'idt*) "aking !our internet connection slo'er+ So"eti"es) t*ese spies reall! are *ar"less) "erel! connecting back to t*e *o"e ser&er to deli&erT!ou "ore ad&ertising+ So"e) like <ator for instance) send out detailed infor"ation about !our surfing *abits) operating s!ste") inco"e) age de"ograp*ic et cetera+ 9&oiding sp!'are 9&oiding sp!'are is getting *arder and *arder) as "ore soft'are distributors are c*oosing it as a "et*od of profiting fro" free'are and s*are'are distributions+ Ie leer! of progra"s 'it* cuteTlittle icons like <ator+ 9lso) 'atc* t*ose (apster 'annabes like 9udio<alax!) Li"e'ire) and NaBaa+ .5&e !et to find one t*at didn5t include sp!'are+ Iefore !ou do'nload) c*eck to see if t*e progra" is kno'n to contain sp!'are+ Eor a list of "ost kno'n sp!'are) t*e best .5&e found is *ere@ *ttp@AA'''+infoforce+%c+caAsp!'areAenkno'nlistfr"+*t"l <etting rid of sp!'are .n "ost cases) !ou can re"o&e t*e sp!'are fro" !our s!ste" and still use t*e application !ou do'nloaded+ .n t*e case of <ator and 2o"et 2ursor) t*e t*e '*ole progra" is sp!'are an it "ust be co"pletel! re"o&ed to stop t*e sp!ing+ ,*ere are se&eral 'a!s to get rid of sp!'are on !our s!ste"+ -ou can use a fire'all to "onitor outgoing connections+ ,*e progra""ers t*at put t*ese t*ings toget*er) *o'e&er) are getting sneakier and sneakier about getting t*e" to circu"&ent fire'alls+ 2o"et 2ursor) for instance uses an ?,,/ post co""and to connect 'it*out t*e inter&ention of a fire'all+ -ou can also install a registr! "onitor suc* as 7eg"on to "onitor !our registr! for un'anted registr! registr! c*anges) but t*is is not foolproof eit*er+ /robabl! t*e best "et*od of re"o&al is to do'nload a sp!'are re"o&al progra" and run it like it 'as a &irus scanner+ ,*e best exa"ples of t*ese progra"s are@ La&asoft5s 9da'are+ 9&ailable at *ttp@AA'''+la&asoftusa+co"A 4r professional c!bernut Ste&e <ibson5s 4pt4ut+ 9&ailable at@ *ttp@AAgrc+co"Aoptout+*t" Iot* of t*ese progra"s are free and are updated regularl!+ ?ere are so"e links) if !ou 'is* to learn "ore about sp!'are@ *ttp@AA'''+sp!c*ecker+co"A *ttp@AAgrc+co"Aoptout+*t" *ttp@AA'''+t*ebee+co"Ab'ebAiinfo200+*t" [ cleaning tracs ] 7esources@ Iurnt 2ookies - allo's auto"atic detection and optional deletion of 2ookies deposited b! Ianner 9d 'eb-sites *ttp@AA'''+andersson-design+co"AbcookiesAindex+s*t"l Surfsecret - auto"aticall! kills files like !our .nternet cac*e files) cookies) *istor!) te"porar! files) recent docu"ents) and t*e contents of t*e 7ec!cle Iin+ *ttp@AA'''+surfsecret+co"A (ote@ 4ne sidenote on cleaning tracks+ 6*en !ou delete so"e files on !our "ac*ine) t*ese aren5t actuall! deleted+ 4nl! t*e reference to t*eir location in t*e *ard dri&e is deleted) '*ic* "akes t*e 4S t*ink t*at t*at location on t*e ?3 is free and read! to take t*ings+ ,*us) t*ere are 'a!s to reco&er data e&en after !ou delete t*e"+ ,*ere are *o'e&er) se&eral 'a!s to U'ipeU t*is infor"ation+ /rogra"s t*at fill *ard disk locations 'it* Beros) t*en 'it* 1s) on se&eral passes are !our best bet to "ake sure no docu"ent goes to t*e 'rong *ands+ 4ne of suc* progra"s is /</+ /?/i no' co"es 'it* a utilit! t*at does t*is 'ork) and !ou can e&en select t*e nu"ber of passes to 'ipe files+ Eor Vnix) t*ere is also t*e D'ipeD progra"+ ;se t*ese '*en !ou feel !ou *a&e data t*at needs secure cleaning+