A List of Tools

Below is a list of tools related to anonymous browsing and maintaining privacy while you use the web. There's also an explanation of how all these tools fit together into the encryption sandwich that's needed to successfully browse teh interwebz as an0n.

Tails - a distribution of Linux dedicated to keeping you anonymous.

Whonix - another Linux distribution dedicated to keeping you anonymous.

Tor - Tor is a tool for anonymization. All it does is anonymize your traffic. Tor is NOT an encryption tool - your traffic is not encrypted by Tor. Tor is NOT a content filter - it does not block cookies, Javascript, Flash, or any other nefarious elements in web pages that may be used to identify and track you. TOR ALONE IS NOT ENOUGH FOR TOTAL ANONYMITY.

Privoxy - acts as a content firewall, parsing and filtering HTTP content, searching/replacing, blocking ads/images/scripts, etc. Combined with Tor, this can provide you with powerful protection against cookies, Javascript, and other things that can identify and track you.

Stunnel - stunnel is a way of building encrypted HTTPS tunnels to carry arbitrary traffic through arbitrary ports. Can't get SSH through that pesky firewall? Wrap the request in SSL, run it through port 443 (HTTPS port), and you're on your way! Stunnel works similarly to SSH, in that you need a command line at both machines for this to work.

SSH - ah, yes, good ol' SSH. You can tunnel lots of stuff through SSH, which is protected with an SSL encryption layer. SSH tunnels are particularly versatile. For example, you can create an SSH tunnel to a local port, then run all of your browser traffic through that local port. All of your traffic will come out the other end, and all traffic will appear to come from the other end of the tunnel.

OpenVPN - you can use OpenVPN to build VPN networks, but there can be some gotchas to watch out for. Example: DNS requests may not be sent through the VPN, by default, which would make the use of a VPN to mask your location useless.

Proxychains - a program allowing you to run other programs through a proxy. This means you could, for example, run Nmap through a proxy server, or run it through Tor.

How The Tools Fit Together

Anonymous browsing requires a sandwich of tools to serve various purposes. This is because a computer does lots of different things that might give away its identity: perhaps through a bit of unencrypted traffic, or a native MAC address, or a nearby router, or a single login from an unobfuscated IP address, or a DNS request that wasn't sent through the right tunnel.

Think of anonymous browsing like launching a rocket. If you are successful, you can accomplish the (truly amazing) feat of being anonymous. You have the opportunity to step outside of your identity. But to successfully launch a rocket, you need to know all the different things that can go wrong (i.e., you've learned about all the other rockets that have exploded and figured out what they did wrong), and you have to take countermeasures, and make sure everything is secured properly, and all systems are go.

But rockets have many, many stages, just like you have many, many attack surfaces when you browse the internet. There are many methods for identification, fingerprinting, tracking, and location with all sorts of traffic, so it's important to understand what tells what to whom.

The different layers of the sandwich depend on the situation, but with a browser typically looks like this:

• You
• The Browser
• Content Filter
• Traffic Encryption
• Traffic Location Anonymization

You and the Browser

Traffic passing between you and the browser is definitely vulnerable to attack - if you're using a bluetooth keyboard, or a computer with a keylogger installed. (Hard to browse anonymously when your keystrokes are being broadcast, eh?) But we'll skip that for now.

The browser (I'll presume Firefox) is the final recipient of HTTP (port 80) and HTTPS (port 443) traffic. It renders what it receives into web pages. By itself, Firefox doesn't do a whole lot to protect you. It might warn you of bad certificates, but it won't block Javascript (although you can use the NoScript Extension) or cookies (although you can change the preferences) or strip out malicious headers (you gotta use Greasemonkey Extension for that).

• Install NoScript Extension
• Install GreaseMonkey Extension
• Install AdBlock Extension

The point is, the browser is a big gaping attack surface, and various extensions can be used to patch it. But generally you want the pre-browser layers to minimize (to ZERO you hope) the number of attacks that reach the browser.

That's why there are so many steps after this one.

The Content Filter

This is the role that Privoxy plays in the anonymous browsing chain.

A content filter is what things like AdBlock and NoScript do. They take the original version of a website (i.e., the original traffic), and modify it, by removing certain elements from the HTML - elements with ads in them, or elements with Javascript. They then return the modified version of the website (i.e., the filtered traffic).

With Privoxy, you basically run a lightweight, local proxy server, and that proxy server acts as an intermediary between you and the original version of a website. Privoxy filters contents based on various rules, with varying scrictness, and returns the filtered content to you. This all happens seamlessly and invisibly, until you start seeing how many elements on a page were blocked by Privoxy!

You'll be surprised, if you use the NoScript Extension, how pervasive cross-domain embedded Javascript is, and how many websites the scripts on a given page are communicating with.

Traffic Encryption

The Problem: Sniffable Traffic

Unfortunately, due to the lack of encryption available on many websites, there's virtually no way to guarantee that your traffic can't be sniffed. Even if you're using HTTPS, you're prone to sniffing attacks from Tor exit nodes.

That means, if a website DOES NOT offer HTTPS, you cannot make an encrypted connection with it, and your traffic WILL BE passed out of a Tor exit node in the clear and perfectly sniffable by the exit node operator.

The Tor browser bundle comes with HTTPS everywhere, but that just tries to use HTTPS everywhere. If a site doesn't offer a login menu with HTTPS (hint: a lot of sites), there's nothing you can do to hide that information.

And worse, these weaknesses are prone to happen on Tor exit nodes - and since operating an exit node requires peculiar resources, which requires money and/or power, this puts Tor exit nodes into particularly untrustable, grubby fat hands.

Which leaves you with very few options. How can you guarantee your traffic will be encrypted?

The Solution: Encrypted Connection

The solution is to bypass the Tor exit node sniffing by ensuring your traffic stays encrypted after it exits Tor. Any sniffer at an exit node would only see encrypted traffic. But, making an encrypted connection, by nature, requires a second entity on the other side, who can make an encrypted connection via your traffic exiting Tor.

How to make an encrypted connection to another entity? There are plenty of options.

Anonymous SSH

One method would be to connect to the machine via an SSH tunnel, routing the traffic for that tunnel starting with the encryption, at your computer, before it leaves to the network; through port 9050 and out to the Tor entry node; through the Tor bridge node; out again on the other side via the Tor exit node; and finally, to the computer you're connecting to. This configuration would allow a regular SSH connection, or it could be an SSH tunnel for carrying browser traffic and web requests (i.e., requests made locally are forwarded to the remote machine via the SSH tunnel). Alternatively, the tunnel could carry an X session, with the user running a (local) browser window corresponding to a browser instance on the remote machine.

Anonymous SSH - covers how to create an anonymous SSH connection to a remote machine over Tor.

Anonymous Stunnel

A further twist on this method would be to wrap this SSH connection into an SSL layer using Stunnel, allowing you to pass the SSH connection through HTTPS port 443, just like any other regular web traffic, except that it's an SSH tunnel. In both cases, the encrypted connection beginning at your computer, before it enters Tor, and ending at the remote computer, after it exits Tor, are what make it possible to circumvent Tor exit node sniffing.

Anonymous Stunnel - covers how to create an anonymous SSL tunnel on port 443 to carry arbitrary traffic (SSH tunnels, etc) over Tor.

Anonymous Squid

Another (theoretically) good alternative is to forward HTTPS traffic from your computer to the remote computer by running a proxy server on the remote computer - something like Squid. With Squid, you could make a secure HTTPS connection to the remote machine, protecting your connection on potentially hostile networks (like Tor).An HTTPS connection to the remote machine would be unsniffable by Tor exit nodes, and would then be translated into a web request on the remote end, which the remote proxy server would perform.Encryption happens on the local machine, before it enters Tor, and at the remote machine, before the traffic is returned via Tor. This means a Tor exit node has no way to sniff the unencrypted traffic.

However, unfortunately, this Squid page says that there isn't much support for a secure browser-remote proxy connection feature to be added into browsers: http://wiki.squid-cache.org/Features/HTTPS

So the Stunnel and SSH methods above will have to suffice.

Summary

Think of it like this: you want to add extra hops to either end of your encryption "traceroute", so that it is longer than your Tor "traceroute".

Traffic fingerprinting and traffic correlation attacks in the case of HTTPS (either with Stunnel to carry an SSH connection, or with Squid proxy handling an HTTPS-HTTP request) would still be possible here, since a Tor exit node would be able to see the destination of the encrypted traffic. But it would appear like any other HTTPS traffic. You'd have to get much more sophisticated to conduct a Man-in-the-Middle attack against this type of connection.

Traffic Location Anonymization

Traffic location anonymization is what Tor gets you. Tor anonymizes the location of origin of your traffic, by passing it through three layers of obfuscation: the Tor entry node, the Tor bridge node, and the Tor exit node. Each connection, between each layer, is made randomly, and each connection obfuscates further the geographic origin of the traffic. While this slows down traffic significantly, it also bounces your traffic all over the place, rendering it untraceable.

(Assuming, of course, you aren't sending your name and address over Tor unencrypted. See above.)