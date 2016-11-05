Ask Slashdot: What's the Best Way to Browse the Web Anonymously? 177
An anonymous reader asks: In an age of evercookies, zombie cookies, and always expanding efforts to track browsers, devices, and people -- is there any way to browse totally anonymous to the sites you are visiting?
With so many technologies quietly monitoring your activity, "How can a user today browse with confidence that they can't be tracked or identified, avoiding even being identified anonymously as a returning user or device?" Leave your best answers in the comments. What's the best way to browse the web anonymously?
use someone else's computer (Score:4, Funny)
or don't surf at all
Nah. Just use a burner laptop. (Score:5, Informative)
use someone else's computer
... or don't surf at all
Nah. Just use a burner laptop.
That you bought with cash.
At a suppler that doesn't have security cameras.
And walk to your car parked beyond traffic cam range.
Then use open WiFi - again while parked outside a free-WiFi providing business where you can approach and leave without driving near traffic cams.
Or, you know, incognito mode via a prepaid cell phone that you bought cash... that should be good enough for most people.
If you're ultra paranoid, you could set up a relay with two more cell phones so that the websites you are visiting trace back to the relay's cell tower instead of your physical location, but that seems like more trouble that could possibly be justified - unless you're doing something illegal.
And ride there on a stolen bike. [wikipedia.org]
Wearing a mask. [wikipedia.org]
With pebbles in your shoes. [wikipedia.org]
S 7 or NOTE 7?
Only the models with thermite batteries.
Also: (Score:2)
Also:
Pull the battery before driving away and insert it just before using it. (Don't have it powered when driving past a webcam.)
And NEVER use it with any user I.D. associated with you (or put any identifying info on it, to be grabbed by malware.)
Nothing to it! B-)
(Or follow the original poster's advice.)
suprised no ones mentioned RFC: 1149 yet.
No way man , those pigeons are working for the man
or don't surf at all
Or need to download a very large file - the library fits that bill.
Buy an AWS Linux VPS with a prepaid debit card.
Set up OpenVPN
Create a Linux VM on your PC.
Connect the VM to the VPS with OpenVPN and route all traffic through it.
Browse without flash and wipe the cookies every session. Reboot the AWS VPS regularly so you get a different public IP address.
Don't use the anonymized browsing VM to access any web site that's tied to you in some other way, such as your bank account or gmail account. Use your existing web browsing process to reach those servers.
i suppose onion is for terrerizts only so that will probably get you tracked by people investigating non existent cults
life is full of important choices
Oblg... (Score:4, Informative)
"The only winning move is not to play."
Using TOR is painting a target on your forehead - it will even play poorly in the jury trial when they describe it.
It's lost. (Score:1, Funny)
The Internet is a piece of shit. Burn it to the ground, and humanity as well.
The web is. The Internet is fine.
Serious Answer (Score:5, Insightful)
Depending on your level of paranoia...
Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.
Pick and choose to suit your level of paranoia.
I should have also noted that any passwords, usernames, etc you create should have nothing in common with anything you use now.
Also, don't log into sites unless you have to. You can read Slashdot, Hackernews etc without logging in. You can't vote/comment this way, but you can always create an account via tor if that's important, but of course that's an extra level of tedium and a lot of sites confront you with cloudflare-style captchas which are impossible to solve without javascript.
Re: (Score:3, Informative)
Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.
These are necessary, but not sufficient.
Not using cookies and javascript, flash, etc. These all can de-anonymize you. Hell even stupid things in javascript like the query for battery state can by themselves uniquely track you even if nothing else is given away by running scripts (which will not be the case; fonts available etc. all help to uniquely identify you).
Even if you are careful, and force dns to go through TOR or your vpn, you still have information leaking bugs like, https://blog.torproject.org/b [torproject.org]
Re:Serious Answer ][ (Score:2)
Tor Browser [torproject.org] is a good start.
So is Tails [boum.org].
Finally, try to keep your facebooking to under 15 minutes.
I would say pretty much the same thing. Depending on threat, use a VPN, an offshore VPN, or TOR.
Worries about access is fairly easy to deal with evercookies. Have a VM and use vagrant to kick it up, provision it with a web browser, ad blocking extensions and such. When done with that session, do a vagrant destroy.
Depending on your level of paranoia...
Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.
Pick and choose to suit your level of paranoia.
The problem with that advise is it is all great until someone is actually actively looking for you. when they are actually looking you then your behaviour here is actually like a huge beacon saying "here look at me, perhaps I am the person you are looking for". Best advise is behave like a normal person on your own machines, no Tor, no VPN or anonymisers that might suggest you are someone of interest. Then if you need to do something that you don't want traced, go use a public PC or wireless in a place like
Re: (Score:2)
I prefer the Estwing sure strike 3lb sledge against a poured concrete base myself - very effective at cracking memory chips in half.
Bonus points for using an Estwing. The choice of rockhounds everywhere.
I prefer a cement kiln - anything entering it would definitely be scrambled.
Klingon Hammer: http://www.homedepot.com/p/Dea... [homedepot.com]
It's about 2 pounds. It doesn't replace the 5 lb mini sledge any more than the 5lb replaces the 20lb.
Don't (Score:1, Informative)
Get off the computer, go outside.
Get off the computer, go outside.
Why is this modded down? The poster has very adeptly answered a very silly question.
Perhaps but Samsungs do pull the old This message will self destruct in 5 seconds IMF trick.
Here are some ways... (Score:5, Informative)
Run your own DNS server (pihole is great) - point every device, router, etc you have at it - check with ipleak.net
On said DNS server make sure you use DNSSEC and only use servers that don't log and are DNSSEC enabled.
Run your own mail server (mail-in-a-box) - use let's encrypt on everything you can.
Use DNSOverride app for iPhone (A gem!) so your cellular doesn't get sucked up by ads and trackers
Root your android, run a custom rom - and use http://opengapps.org/ so you don't have to use all of Google.
Use Signal App for messaging on iPhone
Use Sudo App for iPhone to use temporary identities - it's free and awesome. Get free sms, phone number, email address, all in one click!
Running your own DNS server will protect you from most internet garbage.
Use lots of Sudo Identities with different emails to protect from password leaks. The more random your email is the less likely someone can correlate usernames of previously hacked accounts,
Re:Here are some ways... (Score:5, Informative)
Somebody forgot to mention: Use a clean Linux OS - Windows 10 can't be good for your data privacy. Maybe too obvious for this crowd, but it still has to be said.
Make sure to add facebook.com, microsoft.com, google.com, etc to your blocklist on PiHole. You don't need to talk to big brother....do you?
Running your own DNS server will protect you from most internet garbage.
Why is this? DNS just resolves IPs, do ISP DNS get hacked and redirected all the time?
Running your own DNS server will protect you from most internet garbage.
Why is this? DNS just resolves IPs, do ISP DNS get hacked and redirected all the time?
While that could happen, I think it's more of an issue of it being possible for your DNS provider to log all queries, and then have the ability to filter on IP address o get a list of every website (or other named service) you've visited
.
Yaz
This might help (in terms of reducing MITM attacks) if DNSSEC was widely implemented. It's not. Most DNS registrars I've dealt with don't even support it. And it's sufficiently obscure that very few customers of the registrars that do have it implemented. If you limit yourself to DNSSEC domains, you're going to cut out most of the Internet.
In terms of finding servers that "don't log", I think that's ea
Just to avoid confusion. Otherwise, great post.
Actually almost everybody here is talking bullshit too trying to sound smarter than everybody else.
First time on
/. I take it?
First time on
/. I take it?
You seem more like a first timer than the parent does... Just saying...
use tails (Score:5, Informative)
Burn Tails to a USB drive. Boot that for anonymous access.
https://tails.boum.org/ [boum.org]
Burn Tails to a USB drive. Boot that for anonymous access.
Using a laptop with Libreboot instead of a BIOS with Intel ME etc.
Issues like the lighteater [youtu.be] attack mean that Tails can be vulnerable when run on a computer that has the Intel Management Engine.
Also, log on to public wifi and use Tails to randomly assign the MAC address. Tails will generate plausible MAC addresses.
Cash is king... (Score:5, Informative)
Purchase everything you connect with in cash (if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again). Never connect to a network you pay for. Use free WiFi wherever you go. Build a cantenna and pick off any insecure networks around you. Create a wireless backup close to home but hidden off the property for anything you need to store. If you can, run your browser under an OS in a virtual machine run off a ramdisk.
Move to Idaho and drop out of modern life might help as well.
We always end up going to this place.
Some other issues where you can be tracked, and almost as well as the internet.
Buying anything anywhere on a credit card is bad. My gas card can generalize my whereabouts every time I use it. As can every other purchase. But don't use cash, as it can arouse suspicion. Barter only.
Don't use a cell phone at all, ever. The entire concept of cell phones means that you are logged within about a 3/4 mile ar
However, the link between cash and purchases is important. Given that government/law enforcement could likely scrape the transactions of its people, looking for relationships between cash withdrawals and comparable "anonymous" purchases wouldn't be a far stretch (for example, your account shows you withdrawing $2000 from your account, but a computer store within radius X shows a cash sale for $1500 plus taxes wouldn
That's not so much that cash isn't anonymous, but that the store was under surveillance.
That's the thing, though- for at least the last ten years every store I've been in has had surveillance cams, every one of them. Mini mart, big box store, whatever- they all have cameras these days. So if they can determine where the phone was sold (which is apparently not that difficult to do) then it's just a matter of going there and pulling the video.
Maybe one way to get around this is to buy a phone and let it sit in a drawer for a year before using it. Hopefully any video of the sale is probably gone
Spoof your MACs.
Don't forget to launder that cash or the serial numbers CAN be traced back to you. Why do you think people who commit crime own laundry marts and other high cash turnover operations? Just to give legit sourcing for their capital.... nope, also to remove trace-ability of those dollars. All banks can not only count money automatically, but track serial numbers too.
Also connect via different methodologies AND systems/operating and hardware wise. If you use the same setup EVERY time, you'll be profiled.
Oh, mr/m
if you don't think a MAC address can't be linked to a specific model and the credit card used to buy it, think again
MAC addresses are visible only to the router you're connected to. They're not used by the IP protocol [abdn.ac.uk], but only by the underlying transport protocol, which is used only for the first hop. So, no, MAC addresses can't be used to identify you unless (a) the entity trying to spy on you is on the local network you're connected to, (b) some application-level protocol you use decides to send your MAC address, or (c) you're using IPv6 and your network stack decides to use your MAC address as the lower 48 bits of yo
with binoculars (Score:1)
Linux Live (Score:2)
Use a Linux Live distro which automatically connects through Tor. Don't want to build it yourself? No worries, it is already done for you! https://tails.boum.org/ [boum.org]
Whonix on Qubes OS (Score:4, Informative)
https://www.whonix.org/ [whonix.org]
TAILS tries to provide anonymity within the context of kernel-based security, but browser and privilege exploits are quite plentiful and such malware can go on to reprogram your firmware and peripherals. Qubes provides better protection of the core system, and Whonix ensures that Tor is utilized in a way that's optimum for anonymity.
I run Tor on Whonix through Tails. If you don't do this, I think you're an idiot, because the NSA and FBI are spying on you.
And when you use Tor, you become very interesting.
And when you use Tor, you become very interesting.
Which is why anyone who is serious about using Tor can/should use commercial VPNs with in ProxyVMs Qubes to shield oneself. (Or you could do this in iptables in a single arbitrary distro probably... but that's insanity.)
There are two different ways you could do this: a VPN to connect to Tor gateway (so your "real" ISP doesn't see you), or a VPN to connect to post-exit node (because Tor exit nodes are inherently suspect.) I don't see why you couldn't do both, though obviously your risk of performance is
As a sleeper spy says: Act "normal" (Score:5, Insightful)
If you act as a "normal user" of your ethnicity, religion, etc., this is the best way to remain "anonymous".
You don't use an anonymizer, anonymous browsing function, etc. because most people don't use them.
Then, when you really need to be "anonymous", you go to a public library or any commercial place that lets you browse the web without registering your ID.
You go there dressed like everyone else or bit cleaner, being nice but not annoying and do what you need to do and leave.
Socially being anonymous is always better than using any technology to remain anonymous because people who are trying to track you are looking for "oddness", not "normalness".
At the same time, try to work towards the normalization of good security practices.
For example, it used to be suspicious for people to use encrypted connections. These days, that has been normalized, resulting in a double benefit: not only can you use encryption without sticking out, it also greatly increases the difficulty of widespread surveillance in general because crooks and spies now have to decrypt lots of cat videos.
That's why pushing for widespread adoption of onion routers, alternative currencies,
Anonimity (Score:1, Insightful)
Want to be anonymous on the web? Don't do anything that attracts any particular attention to you.
Chances are, you are painfully insignificant, so nobody is tracking or spying on you, other than through "lazy" mechanisms, i.e., cookies and logging. This is the digital equivalent of paying someone to write down a physical description of every person that entered the mall.
This form of tracking is rather benign, in a tumor sort of way. You can avoid most of it by not using Facebook, Google, Amazon, etc, and by
Apparently you missed the memo where EVERY SINGLE PERSON THAT CAN BE TRACKED, IS TRACKED, AND THAT DATA CAN AND IS USED IN THEIR FUTURE ENDEAVORS, even for seemingly innocuous and "normal" things.
Being "normal" is the thing that gets you tracked. You have to work hard to not be tracked or be tracked as little as possible.
Qubes OS + VPN (Score:5, Informative)
(Optional: use a Tor ProxyVM instead of a commercial VPN ProxyVM. Qubes does ship with Tor and Whonix VMs for this very purpose but this is tricky business... Tor exit nodes are definitely not to be trusted. If you did this, I would advise using a VPN layer in addition to Tor in order to protect yourself from the exit node... just make sure the VPN hop is coming AFTER Tor, not before. Also, expect plenty of transient performance hits.)
Next, customize your DispVM's browser [qubes-os.org] to include extensions such as uBlock Origins[2], self-destructing cookies[3], and a user agent randomizer (which you should configure to only change to the more popular browsers currently in use.)
The result of all of this? Your DispVM is a stateless VM; all data is lost every time it's shut down (Joanna currently has it set to auto-shut down every time you close the browser, which I find annoying as hell but I guess it's handy for a lot of people.) Your browser extensions will help guard against tracking in-between DispVM restarts. And by configuring it to use the ProxyVM, you'll never using your real IP address (and ideally you should alter your exit point from the VPN as well.) Unlike most VPN setups, a bug or exploit in the browser or in anything else in the DispVM's operating system will not leak data over the un-VPNed internet.
None of what I just said is trivial to set up, but guides are available and this setup would be extremely robust and easy to use (once configured.) The core of the Qubes UI/UX is in fact quite user-friendly, with an emphasis on GUI tools. It's also a pretty nifty hypervisor [slashdot.org] even if you don't give a toss about the increased security. It's damn fast, easily portable between different physical machines, templates are handy as hell, and all of your windows from all of your VMs (including your Windows 7 VMs) can appear in a single desktop with a single taskbar, alt-tab menu, etc. (KDE or XFCE; your choice.)
1. You could also built your own template using some other distro (like Ubuntu [qubes-os.org]) if you really wanted. Templates allow you to have multiple VMs with different personal files but with the same apps and configuration (installing anything to the template instantly installs it on all VMs based on that Template.) Also, they're stupid fast.
2. This is basically Adblock Plus done right, with a dash of Request Policy and Noscript tossed in for good measure. You can easily toggle between blacklisting and whitelisting philosophies; it's awesome. (Note that uMatrix is available from the same author for people who want even more fine-grained control.) Note your whitelists / blacklists will be lost every time you shut down your DispVM, so if you've done a lot of tinkering be sure to export them and send them to another stateful VM to merge back into the DispVM image eventually. (This can be done with a simple right-click in a file browser.)
3. Not the best general purpose cookie manager but it's the easiest to use, particularly in a DispVM setup
You don't need to be a command line wizard; you don't need to understand the full intricacies of iptables (although honestly this won't hurt.) But mainly, you just need to understand how things work at a 30,000 foot level. I'd say it's a "power user" distro much more than it's an "expert" distro.
Commercial VPN still has the problem of your traffic being very *interesting*, and your patterns showing in the drawer of *interesting* sflow logs (though most are just pirates, there are plenty of fools too).
Getting untainted exit is nominally difficult. Depending on your insight into tier1 taps, you might be better off with chaining tor to vpngate which mostly goes through consumer broadband.
I view the exit node as being the primary potential (likely?) bad actor to worry about, but of course if we're concerned first and foremost about how things look from your ("real") ISP's point of view, there's almost no way to look normal. As a dozen people here have said already: if that's your big worry, get a cantenna, change your MAC and find a hotspot to use that isn't in your name. Anything short of that is probably going to fail. (As you imply, there is a TON of three letter agency interest in both
Well of course if your adversary model isn't a state actor like this, it's probably not worth bothering with hardened xen vm and Tor to begin with - especially if you're going to ruin it with PIA at the exit point.
I disagree that Qubes (the "hardened Xen VM") isn't worth the bother. Regardless of your security concerns, if you ever find yourself using VMs heavily Qubes is a great option that requires very little effort relative to the power it offers. (It's not good for 3d gaming at the moment; that's the biggest indictment I have of it right now.)
I'm also not convinced PIA (or another VPN) post- exit point "ruins" Tor usage, if you've taken proper precautions in the purchase and setup. None of these comparisons
Regardless (mainly because this is an interesting problem to consider), the best possible exit plan for the super paranoid would probably just be buying your own cloud servers with anon funds and essentially creating your own VPN (mixing in Tor, commercial VPNs or whatever else suits your fancy as desired.)
Or would that just make you look even more suspicious? That's the
It seems to me that leaves pre-paid credit cards, but the places that sell them also seem to have a lot of cameras and I'm not sure how many VPS providers would accept them.
From my understanding, they appear (from the vendor's point of view) to be indistinguishable from regular credit cards. The DEA and plenty of three-letter organizations aren't happy about their existence though, and there's definitely going to be a push at some point to require ID every time you want to load money.
With "cameras" we're back into that slightly awkward point of the conversation where one must pause and say "...and what, pray tell, are you up to again that this is actually going to matter?"
A geek can enhance that setup using Tor or VPNs or MAC address spoofing, but those things are basic
Privacy Browser available on Android and Chrome OS (Score:1)
Why just Android? Are you going to do a PC version?
Re: (Score:1)
Have web pages emailed to you... (Score:2, Funny)
bill@clintonemail.com
Only browse via Wireshark. (Score:3)
You'll probably need to hangout in high-traffic areas, like airports.
Browse but don't browse! (Score:2)
is there any way to browse totally anonymous to the sites you are visiting?
there is actually a very simple way to do this, don't visit the site! however, to see the content of the site without visiting it, just plug the address into archive.org and you can see a snapshot of the page at certain dates. to ensure that a sneaky javascript isn't phoning home, use "noscript" or just use a browser without javascript execution capabilities.
You can't (Score:2)
Web pages are arbitrary software and can fingerprint you by your keystroke cadence, patterns of mouse movements and vocabulary choices. This, combined with detailed profile of your hardware and software, can be later matched when you enter your credit card on Amazon.
You can make big brother's life a bit more difficult by getting a second laptop, booting it from a live USB distro that never saves anything to disk and using it some distance away from home on a public WiFi hotspot. But make sure you dedicate i
What will work and will fail (Score:2)
VPN can be tracked at a clandestine service level with no extra effort under collect it all.
Your MAC or any other unique computer number or browser details can be requested or stored.
So find a new computer, paid for with cash, wait a few months for any CCTV to clear.
When using this clean computer never do any of the things done on your normal account
Who needs a computer (Score:1)
1. Go to library.
2. Find a book on the subject.
3. Read at the library.
4. Afterwards go to bar and have a drink that pay for with cash (optional).
Botnet (Score:2)
Alternatively, use mind control to get a billionaire to put a netw
Easy peasy, 100% secure (Score:2)
I just call the server admin from a burner phone and ask him what's on the screen.
Move to tall building beside another - binoculars (Score:1)
You might not have all the pages online at any given time, but it shure is safe.
Remember to use do not track curtains.
This will keep your surfing absolutely anonymous.
For deepweb I suggest a telescope
The best answer isn't more anonymity. (Score:2)
Last night, my computer and Slashdot combined to throw away a 4 hour description on how to maintain anonymity when under omnipresent surveillance. That was frustrating. But, after a night's sleep and some reflection, I think it was for the best. The required skills and commitment are almost superhuman. Today, US citizens can expect little privacy in their purchases, travel, interpersonal communication or internet activity. We need better answers that will help everybody. If we train ourselves
The Hardest Part ... (Score:2)
What you need to do, is find an OS and a Browser you can use *with the default settings unchanged*. Making Configuration or Preference adjustment paints you with an identifiable combination of unique settings visible to the web itself as you surf.
A half measure isn't useless (Score:1)
I think this can quickly go defeatist if you try to be completely watertight.
Trying only to maintain some privacy enough to get cheaper flight tickets, less spam and less echo chamber circle jerking might be more reasonable than trying to beat the NSA.
I really think there ought to be a turn-key solution with all of the low impact stuff already enabled.
For example:
- cookies and cross site data (i.e. tracking pixels) to be permitted cross site only if approved... but always approved if on the same domain. Wip
KUse a public library PC.
Re: (Score:2)