Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Privacy Security The Internet

Ask Slashdot: What's the Best Way to Browse the Web Anonymously? 177

An anonymous reader asks: In an age of evercookies, zombie cookies, and always expanding efforts to track browsers, devices, and people -- is there any way to browse totally anonymous to the sites you are visiting?
With so many technologies quietly monitoring your activity, "How can a user today browse with confidence that they can't be tracked or identified, avoiding even being identified anonymously as a returning user or device?" Leave your best answers in the comments. What's the best way to browse the web anonymously?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: What's the Best Way to Browse the Web Anonymously?

Comments Filter:
  • by Anonymous Coward on Saturday November 05, 2016 @09:36PM (#53220937)

    or don't surf at all

  • Oblg... (Score:4, Informative)

    by Anonymous Coward on Saturday November 05, 2016 @09:37PM (#53220939)

    "The only winning move is not to play."

  • It's lost. (Score:1, Funny)

    by Anonymous Coward

    The Internet is a piece of shit. Burn it to the ground, and humanity as well.

    • by fisted ( 2295862 )

      The web is. The Internet is fine.

      • by hughbar ( 579555 )
        Agree, abandon port 80 (already done to some extent), abandon 443 and build something more most that doesn't 'contain' Facebook, Google and all the other large commercial players. OK, that's a bit of a pipe dream, but it's good to dream.
  • Serious Answer (Score:5, Insightful)

    by Notabadguy ( 961343 ) on Saturday November 05, 2016 @09:40PM (#53220955)

    Depending on your level of paranoia...

    Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.

    Pick and choose to suit your level of paranoia.

    • I should have also noted that any passwords, usernames, etc you create should have nothing in common with anything you use now.

      • by Threni ( 635302 )

        Also, don't log into sites unless you have to. You can read Slashdot, Hackernews etc without logging in. You can't vote/comment this way, but you can always create an account via tor if that's important, but of course that's an extra level of tedium and a lot of sites confront you with cloudflare-style captchas which are impossible to solve without javascript.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.

      These are necessary, but not sufficient.

      Not using cookies and javascript, flash, etc. These all can de-anonymize you. Hell even stupid things in javascript like the query for battery state can by themselves uniquely track you even if nothing else is given away by running scripts (which will not be the case; fonts available etc. all help to uniquely identify you).

      Even if you are careful, and force dns to go through TOR or your vpn, you still have information leaking bugs like, https://blog.torproject.org/b [torproject.org]

    • Or you can have a virtual machine using different mac address also (encrypted)Delete the VM when you're done.
    • Tor Browser [torproject.org] is a good start.

      So is Tails [boum.org].

      Finally, try to keep your facebooking to under 15 minutes.

    • by mlts ( 1038732 )

      I would say pretty much the same thing. Depending on threat, use a VPN, an offshore VPN, or TOR.

      Worries about access is fairly easy to deal with evercookies. Have a VM and use vagrant to kick it up, provision it with a web browser, ad blocking extensions and such. When done with that session, do a vagrant destroy.

    • by Anonymous Coward

      Depending on your level of paranoia...

      Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.

      Pick and choose to suit your level of paranoia.

      The problem with that advise is it is all great until someone is actually actively looking for you. when they are actually looking you then your behaviour here is actually like a huge beacon saying "here look at me, perhaps I am the person you are looking for". Best advise is behave like a normal person on your own machines, no Tor, no VPN or anonymisers that might suggest you are someone of interest. Then if you need to do something that you don't want traced, go use a public PC or wireless in a place like

  • Don't (Score:1, Informative)

    by Anonymous Coward

    Get off the computer, go outside.

  • by Anonymous Coward on Saturday November 05, 2016 @09:49PM (#53220985)

    Run your own DNS server (pihole is great) - point every device, router, etc you have at it - check with ipleak.net
    On said DNS server make sure you use DNSSEC and only use servers that don't log and are DNSSEC enabled.
    Run your own mail server (mail-in-a-box) - use let's encrypt on everything you can.
    Use DNSOverride app for iPhone (A gem!) so your cellular doesn't get sucked up by ads and trackers
    Root your android, run a custom rom - and use http://opengapps.org/ so you don't have to use all of Google.
    Use Signal App for messaging on iPhone
    Use Sudo App for iPhone to use temporary identities - it's free and awesome. Get free sms, phone number, email address, all in one click!
    Running your own DNS server will protect you from most internet garbage.
    Use lots of Sudo Identities with different emails to protect from password leaks. The more random your email is the less likely someone can correlate usernames of previously hacked accounts,

    • by ruir ( 2709173 ) on Saturday November 05, 2016 @10:03PM (#53221033)
      Actually, it is DNSCRYPT that you want in your DNS resolver.
    • by Anonymous Coward

      Make sure to add facebook.com, microsoft.com, google.com, etc to your blocklist on PiHole. You don't need to talk to big brother....do you?

    • Running your own DNS server will protect you from most internet garbage.

      Why is this? DNS just resolves IPs, do ISP DNS get hacked and redirected all the time?

      • Running your own DNS server will protect you from most internet garbage.

        Why is this? DNS just resolves IPs, do ISP DNS get hacked and redirected all the time?

        While that could happen, I think it's more of an issue of it being possible for your DNS provider to log all queries, and then have the ability to filter on IP address o get a list of every website (or other named service) you've visited .

        Yaz

    • On said DNS server make sure you use DNSSEC and only use servers that don't log and are DNSSEC enabled.

      This might help (in terms of reducing MITM attacks) if DNSSEC was widely implemented. It's not. Most DNS registrars I've dealt with don't even support it. And it's sufficiently obscure that very few customers of the registrars that do have it implemented. If you limit yourself to DNSSEC domains, you're going to cut out most of the Internet.

      In terms of finding servers that "don't log", I think that's ea

    • Very succinct and informative. I think the OP meant to say Pseudo instead of Sudo though:
      • Pseudo - false or fake
      • Sudo - A command in linux that allows for elevated privileges

      Just to avoid confusion. Otherwise, great post.

  • use tails (Score:5, Informative)

    by MSG ( 12810 ) on Saturday November 05, 2016 @09:52PM (#53220997)

    Burn Tails to a USB drive. Boot that for anonymous access.

    https://tails.boum.org/ [boum.org]

    • Burn Tails to a USB drive. Boot that for anonymous access.

      Using a laptop with Libreboot instead of a BIOS with Intel ME etc.

      Issues like the lighteater [youtu.be] attack mean that Tails can be vulnerable when run on a computer that has the Intel Management Engine.

      Also, log on to public wifi and use Tails to randomly assign the MAC address. Tails will generate plausible MAC addresses.

  • Cash is king... (Score:5, Informative)

    by Timothy2.0 ( 4610515 ) on Saturday November 05, 2016 @09:53PM (#53220999)
    Purchase everything you connect with in cash (if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again). Never connect to a network you pay for. Use free WiFi wherever you go. Build a cantenna and pick off any insecure networks around you. Create a wireless backup close to home but hidden off the property for anything you need to store. If you can, run your browser under an OS in a virtual machine run off a ramdisk.
    • Purchase everything you connect with in cash (if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again). Never connect to a network you pay for. Use free WiFi wherever you go. Build a cantenna and pick off any insecure networks around you. Create a wireless backup close to home but hidden off the property for anything you need to store. If you can, run your browser under an OS in a virtual machine run off a ramdisk.

      Move to Idaho and drop out of modern life might help as well.

      We always end up going to this place.

      Some other issues where you can be tracked, and almost as well as the internet.

      Buying anything anywhere on a credit card is bad. My gas card can generalize my whereabouts every time I use it. As can every other purchase. But don't use cash, as it can arouse suspicion. Barter only.

      Don't use a cell phone at all, ever. The entire concept of cell phones means that you are logged within about a 3/4 mile ar

    • Cash doesn't give you quite as much anonymity as you might expect. There was a famous case of an art thief who paid cash for a cell phone [bbc.co.uk] and was caught. The cell phone was used to make ransom demands, but the police were able to determine the serial number of the phone and trace it back to the store where it was purchased. In-store security cameras showed the thief buying the phone (with cash). With those surveillance photos, they were able to catch the thief. (He turned himself in after he was identi
      • That's not so much that cash isn't anonymous, but that the store was under surveillance.

        However, the link between cash and purchases is important. Given that government/law enforcement could likely scrape the transactions of its people, looking for relationships between cash withdrawals and comparable "anonymous" purchases wouldn't be a far stretch (for example, your account shows you withdrawing $2000 from your account, but a computer store within radius X shows a cash sale for $1500 plus taxes wouldn
        • That's not so much that cash isn't anonymous, but that the store was under surveillance.

          That's the thing, though- for at least the last ten years every store I've been in has had surveillance cams, every one of them. Mini mart, big box store, whatever- they all have cameras these days. So if they can determine where the phone was sold (which is apparently not that difficult to do) then it's just a matter of going there and pulling the video.

          Maybe one way to get around this is to buy a phone and let it sit in a drawer for a year before using it. Hopefully any video of the sale is probably gone

    • Spoof your MACs.

    • by Anonymous Coward

      Don't forget to launder that cash or the serial numbers CAN be traced back to you. Why do you think people who commit crime own laundry marts and other high cash turnover operations? Just to give legit sourcing for their capital.... nope, also to remove trace-ability of those dollars. All banks can not only count money automatically, but track serial numbers too.

      Also connect via different methodologies AND systems/operating and hardware wise. If you use the same setup EVERY time, you'll be profiled.

      Oh, mr/m

    • if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again

      MAC addresses are visible only to the router you're connected to. They're not used by the IP protocol [abdn.ac.uk], but only by the underlying transport protocol, which is used only for the first hop. So, no, MAC addresses can't be used to identify you unless (a) the entity trying to spy on you is on the local network you're connected to, (b) some application-level protocol you use decides to send your MAC address, or (c) you're using IPv6 and your network stack decides to use your MAC address as the lower 48 bits of yo

  • through your neighbor's window.
  • Use a Linux Live distro which automatically connects through Tor. Don't want to build it yourself? No worries, it is already done for you! https://tails.boum.org/ [boum.org]

  • Whonix on Qubes OS (Score:4, Informative)

    by Burz ( 138833 ) on Saturday November 05, 2016 @10:08PM (#53221041) Homepage Journal

    https://www.whonix.org/ [whonix.org]

    TAILS tries to provide anonymity within the context of kernel-based security, but browser and privilege exploits are quite plentiful and such malware can go on to reprogram your firmware and peripherals. Qubes provides better protection of the core system, and Whonix ensures that Tor is utilized in a way that's optimum for anonymity.

  • by Anonymous Coward on Saturday November 05, 2016 @10:24PM (#53221079)

    If you act as a "normal user" of your ethnicity, religion, etc., this is the best way to remain "anonymous".
    You don't use an anonymizer, anonymous browsing function, etc. because most people don't use them.

    Then, when you really need to be "anonymous", you go to a public library or any commercial place that lets you browse the web without registering your ID.
    You go there dressed like everyone else or bit cleaner, being nice but not annoying and do what you need to do and leave.

    Socially being anonymous is always better than using any technology to remain anonymous because people who are trying to track you are looking for "oddness", not "normalness".

    • by methano ( 519830 )
      I think it's call "Security by Obscurity".
    • At the same time, try to work towards the normalization of good security practices.

      For example, it used to be suspicious for people to use encrypted connections. These days, that has been normalized, resulting in a double benefit: not only can you use encryption without sticking out, it also greatly increases the difficulty of widespread surveillance in general because crooks and spies now have to decrypt lots of cat videos.

      That's why pushing for widespread adoption of onion routers, alternative currencies,

    • by tflf ( 4410717 )
      Unless you decide to "opt out" of modern life, stop all social interactions, avoid coming into contact with anything using electricity or fossil fuels and go live in an isolated cave, cut off from all human contact, you will be tracked. Property taxes, rental payments, pay cheques, utility bills, grocery shopping, warranty, etc. (basically pretty much everything you buy or pay when living even a semi-normal life) leaves an electronic footprint. Security by obscurity is not perfect, but, when the vast majori
    • Do not confuse "looking normal" (hiding the fact that you're hiding anything, from your ISP's point of view) with protecting yourself from tracking by remote services and websites. The questioner appeared to be concerned only with the latter, so the suggestions to use a stateless system (Qubes' DispVM, or a live distro like TAILS) seem a lot more relevant than trying really hard to look normal to the guys in the black van.
  • Anonimity (Score:1, Insightful)

    by Anonymous Coward

    Want to be anonymous on the web? Don't do anything that attracts any particular attention to you.

    Chances are, you are painfully insignificant, so nobody is tracking or spying on you, other than through "lazy" mechanisms, i.e., cookies and logging. This is the digital equivalent of paying someone to write down a physical description of every person that entered the mall.

    This form of tracking is rather benign, in a tumor sort of way. You can avoid most of it by not using Facebook, Google, Amazon, etc, and by

    • by Anonymous Coward

      Apparently you missed the memo where EVERY SINGLE PERSON THAT CAN BE TRACKED, IS TRACKED, AND THAT DATA CAN AND IS USED IN THEIR FUTURE ENDEAVORS, even for seemingly innocuous and "normal" things.

      Being "normal" is the thing that gets you tracked. You have to work hard to not be tracked or be tracked as little as possible.

  • Qubes OS + VPN (Score:5, Informative)

    by Shane_Optima ( 4414539 ) on Saturday November 05, 2016 @10:43PM (#53221123) Homepage Journal
    Install Qubes OS [wikipedia.org] on a spare SSD, preferably on a computer that supports vt-d properly (older business class notebooks can be really good here if you're on a budget.) Choose KDE or XFCE for your DE, and decide whether you want to use Debian or Fedora for your templates[1]. Configure your DispVM to use a ProxyVM for connectivity using commercial VPN, paid for using bitcoin/giftcards/prepaid credit cards if you're feeling paranoid. (This will be something like $3 / month, depending on who you're buying with.) Make sure you configure the ProxyVM to fail-hard if you lose your connection to the VPN [qubes-os.org], as opposed to connecting over clearnet in the event of a VPN failure.

    (Optional: use a Tor ProxyVM instead of a commercial VPN ProxyVM. Qubes does ship with Tor and Whonix VMs for this very purpose but this is tricky business... Tor exit nodes are definitely not to be trusted. If you did this, I would advise using a VPN layer in addition to Tor in order to protect yourself from the exit node... just make sure the VPN hop is coming AFTER Tor, not before. Also, expect plenty of transient performance hits.)

    Next, customize your DispVM's browser [qubes-os.org] to include extensions such as uBlock Origins[2], self-destructing cookies[3], and a user agent randomizer (which you should configure to only change to the more popular browsers currently in use.)

    The result of all of this? Your DispVM is a stateless VM; all data is lost every time it's shut down (Joanna currently has it set to auto-shut down every time you close the browser, which I find annoying as hell but I guess it's handy for a lot of people.) Your browser extensions will help guard against tracking in-between DispVM restarts. And by configuring it to use the ProxyVM, you'll never using your real IP address (and ideally you should alter your exit point from the VPN as well.) Unlike most VPN setups, a bug or exploit in the browser or in anything else in the DispVM's operating system will not leak data over the un-VPNed internet.

    None of what I just said is trivial to set up, but guides are available and this setup would be extremely robust and easy to use (once configured.) The core of the Qubes UI/UX is in fact quite user-friendly, with an emphasis on GUI tools. It's also a pretty nifty hypervisor [slashdot.org] even if you don't give a toss about the increased security. It's damn fast, easily portable between different physical machines, templates are handy as hell, and all of your windows from all of your VMs (including your Windows 7 VMs) can appear in a single desktop with a single taskbar, alt-tab menu, etc. (KDE or XFCE; your choice.)


    1. You could also built your own template using some other distro (like Ubuntu [qubes-os.org]) if you really wanted. Templates allow you to have multiple VMs with different personal files but with the same apps and configuration (installing anything to the template instantly installs it on all VMs based on that Template.) Also, they're stupid fast.

    2. This is basically Adblock Plus done right, with a dash of Request Policy and Noscript tossed in for good measure. You can easily toggle between blacklisting and whitelisting philosophies; it's awesome. (Note that uMatrix is available from the same author for people who want even more fine-grained control.) Note your whitelists / blacklists will be lost every time you shut down your DispVM, so if you've done a lot of tinkering be sure to export them and send them to another stateful VM to merge back into the DispVM image eventually. (This can be done with a simple right-click in a file browser.)

    3. Not the best general purpose cookie manager but it's the easiest to use, particularly in a DispVM setup
    • Quick note: there are obviously more details to worry about, and I did gloss over some steps there... but it's not a terribly arduous process.

      You don't need to be a command line wizard; you don't need to understand the full intricacies of iptables (although honestly this won't hurt.) But mainly, you just need to understand how things work at a 30,000 foot level. I'd say it's a "power user" distro much more than it's an "expert" distro.
  • I am developing a browser for Android and Chrome OS called Privacy Browser that is designed to provide as much anonymity as possible. For example, JavaScript, cookies, and DOM storage are disabled by default, which mitigates many of the tracking techniques used by websites. It also integrates with Orbot (Android's official Tor client). https://f-droid.org/repository... [f-droid.org] https://www.stoutner.com/priva... [stoutner.com]
    • by JustNiz ( 692889 )

      Why just Android? Are you going to do a PC version?

      • Once the features are fully fleshed out on Android, the goal is to develop a version for iOS, macOS, Windows, and Linux (probably based on the KDE framework). But right now it is only available for Android and Chrome OS.
  • bill@clintonemail.com

  • by shess ( 31691 ) on Sunday November 06, 2016 @12:16AM (#53221363) Homepage

    You'll probably need to hangout in high-traffic areas, like airports.

  • is there any way to browse totally anonymous to the sites you are visiting?

    there is actually a very simple way to do this, don't visit the site! however, to see the content of the site without visiting it, just plug the address into archive.org and you can see a snapshot of the page at certain dates. to ensure that a sneaky javascript isn't phoning home, use "noscript" or just use a browser without javascript execution capabilities.

  • Web pages are arbitrary software and can fingerprint you by your keystroke cadence, patterns of mouse movements and vocabulary choices. This, combined with detailed profile of your hardware and software, can be later matched when you enter your credit card on Amazon.

    You can make big brother's life a bit more difficult by getting a second laptop, booting it from a live USB distro that never saves anything to disk and using it some distance away from home on a public WiFi hotspot. But make sure you dedicate i

  • Onion routing is owned by the US by federal police level at a per case budget. Your ip will be tracked federally as a given just for using such services.
    VPN can be tracked at a clandestine service level with no extra effort under collect it all.
    Your MAC or any other unique computer number or browser details can be requested or stored.
    So find a new computer, paid for with cash, wait a few months for any CCTV to clear.
    When using this clean computer never do any of the things done on your normal account
  • 1. Go to library.

    2. Find a book on the subject.

    3. Read at the library.

    4. Afterwards go to bar and have a drink that pay for with cash (optional).

  • Use a botnet to get others to do your browsing for you. Include lots of noise in the botnet's behavior so that it's difficult to tell what among the information it retrieves is the information you want. Make the botnet appear to be a failure at accomplishing some different goal, so that the people who investigate botnets pass over investigating yours in favor of investigating one of the ones that appears to be doing something successfully.

    Alternatively, use mind control to get a billionaire to put a netw
  • I just call the server admin from a burner phone and ask him what's on the screen.

  • You might not have all the pages online at any given time, but it shure is safe.
    Remember to use do not track curtains.
    This will keep your surfing absolutely anonymous.

    For deepweb I suggest a telescope

  • Well, daaang.

    Last night, my computer and Slashdot combined to throw away a 4 hour description on how to maintain anonymity when under omnipresent surveillance. That was frustrating. But, after a night's sleep and some reflection, I think it was for the best. The required skills and commitment are almost superhuman. Today, US citizens can expect little privacy in their purchases, travel, interpersonal communication or internet activity. We need better answers that will help everybody. If we train ourselves

  • The Hardest Part isn't the routing or means of connection, it's the OS and Browser itself you choose to use.

    What you need to do, is find an OS and a Browser you can use *with the default settings unchanged*. Making Configuration or Preference adjustment paints you with an identifiable combination of unique settings visible to the web itself as you surf.
  • I think this can quickly go defeatist if you try to be completely watertight.

    Trying only to maintain some privacy enough to get cheaper flight tickets, less spam and less echo chamber circle jerking might be more reasonable than trying to beat the NSA.

    I really think there ought to be a turn-key solution with all of the low impact stuff already enabled.

    For example:
    - cookies and cross site data (i.e. tracking pixels) to be permitted cross site only if approved... but always approved if on the same domain. Wip

... though his invention worked superbly -- his theory was a crock of sewage from beginning to end. -- Vernor Vinge, "The Peace War"

Working...