If you want to use the internet anonymously, you need to pay attention to a few simple rules to protect your identity and your system.
- Securing your system against malicious scripts, rats, and so on:
- Windows/Mac/Android/iOS Users:
- Use an antivirus software. There are serveral free avs which are well known to be reliable: Kaspersky Rescue ISO(Any PC system, ISO which will boot as DVD/on USB an independent system based upon Gentoo which will detect and remove any kind of virus even any kind of "Bundestrojaner" and comparable), BitDefender(Windows/Mac), PandaAntivirus(Windows), Qihoo 360 Total Security Essential(Windows/Android/Mac), Avira Antivirus(Windows/Mac/Android/iOS), Avast Antivirus(Windows/Mac/Android/iOS), Malwarebytes Anti-Malware (Windows/Android), AVG Antivirus(Windows/Mac/Android/iOS), Comodo Antivirus(Windows), Ad-Aware Antivirus(Windows), Forticlient(Windows/Mac/Andorid/iOS), ZoneAlarm Antivirus(Windows), Kaspersky Security Scan(Windows/Mac/Android/iOS)
- Use a script blocker plugin for your browser like NoScript: you will get rid of adds, prohibit malicous scripts etc.
- Use firewall software. Mac users should use the integrated firewall. The following software firewalls are for free: ZoneAlarm Firewall(Windows), Comodo Firewall(Windows), Ashampoo Firewall (Windows,Android), NoRoot Firewall(Android), DroidWall(Android), AFWall(Android), Little Snitch(Mac)
- Or use a hardware firewall(Most Routers/Modems should have a software firewall integrated. You can build your own hardware firewall/router in our Ultra Low Budget Router Tutorial)
- Linux Users:
- IMA/EVM (Trusted Computing, Signing of files, core, modules, etc. | hindering any manipulation)
- Iptables (Firewall; anyways you have to write the rules by your own ;) )
- GrSec/Pax Kernel Patches (According actual kernel versions you need a licence. There were a few jurisdictional disputes since a few kernel dev were of the opinion that the GNU licences were harmed by the GrSec patches. Other kernel devs like Linus Torwalds did not like that most plug and play functionalities might get constricted. Anyways this is not correct since all of those issues depend on the configuration of GrSec's patches; the GNU licences are not harmed in any way.)
- SELinux (System directives/rules/multi user security (e.g. netboot pool pcs, etc.))
- RKH(Lynis) or other Root Kit Hunter scripts (scanning for rootkits and comparables)
Using Proxy Services:
- Leviathan Security demonstrated how to inject binary files on the fly by code caves as containers using a TOR Network proxy node. Therefor you should have a virus scanner and process checking av/firewall/security software to spot injected threads. Comparing MD5 Sums is also crucial to identify any manipulation of the downloaded file.A simple SSL download will not ensure the validity of your download when weak ciphers are used for key exchange. There are possibilities of MITM attacks by non visual SSL proxies which then open up the possibility of manipulation of a binary file when it is transfered.
- Proxy services do not use (strong) encryption! This results in easy readible data transfer packages. The better choice is an encrypted VPN connection.
Staying anonymous using VPN/Proxy:
Logging into a social network account by Facebook,Google,Yahoo,Twitter,etc. will create tracking cookies used to track users actions. If you log into a facebook account for instance and then open up pages having a facebook plugin implemented, facebook will register that you have visited this page + exact url + time and date of access, and so on . If you are using a Google account any page with Google Analytics plugins, etc. tracks your visit/actions. By tracking you could be specified as a malware user or similar using VPN services which were abused in the past. Using TOR you will maybe have a higher possibility of beeing labeled as a consumer of child porn material or similar. A different case is identity theft according to social networking: If your account got hacked the attacker could use the same VPN service you were using to cover his tracks.
It is not recommend using Proxy or VPN Servers for accessing important accounts like online banking, social networking and similar. Even though the connection is encrypted there could be security flaws with your browser or the online banking server. You can check the SSL security of HTTPS servers with online tools like this: https://www.ssllabs.com/ssltest/analyze.html
Possible sideeffects you should expect using VPN/Proxy Services:
- Most online services will check the geolocation of your ip and if the location differs you might have to acknowledge your identity to gain access to your account(answer your security question, etc.).
- Access for some online services could be (temporary) blocked if the server was abused by hackers/bots/etc.
Posted at 2015-05-14 18:04:29 ( updated at 2021-08-11 19:49:16 - cr4sh )