Anonymous on the Internet
Test Center | 27 July 2009
We give you the lowdown on how to cover your tracks when on the Internet.
By DOMINIK HOFERER
In all probability, you are neither a secret service agent nor do you have to deal with jihadis on the Internet. You probably don’t even have information of an explosive nature on your computer, which would require you to encode your data with the most sophisticated cryptography methods. Nevertheless, your PC has documents which are no one else’s concern. These could be account statements from online banking or your tax returns. Also, your excursions on the Internet and the queries you make on Google should not be retraceable. This is why we will show you how to surf the web without leaving behind traces and how to store files on your computer with very little effort so that no stranger will be able to access it. You will find all the tools required for this purpose on this issue's CD/DVD.
Unscrupulous: Surf with Firefox
Firefox protects you against attacks from the web better than Internet Explorer although it too leaves behind traces like its Microsoft competitor. Website operators can keep track of your source, the sites surfed, as well as the products you checked out over a webshop. With these tricks you can prevent the fox from divulging a lot of information about you.
SETTINGS: For starters, make a few small changes in the browser. Under “Tools | Settings | Data protection | Private data” change the “settings” so that Firefox automatically deletes history, search data and cache as soon as you close the program. Furthermore, you must delve deeper into the configuration so that it does not reveal the sites you have surfed and camouflages your source instead.
For this purpose enter the above in the browser line and search for “send using filter”.
A few entries will appear, but only the “network.http.send RefererHeader” line is of interest. With a double-click, set the value of the variable to “0”. After this, website operators will not be able to trace the link through which you came across an online shopping site that offers wine at a reasonable rate nor the search key you entered in Google. This certainly is not information that you need to hide, but nevertheless, it is advisable to cover your tracks, to protect your privacy.
EXTENSION: The Customize Google add-on for Firefox goes yet another step further. It prevents the search engine from creating an exact profile of you. After installing the add-on, configure it under “Tools | Customize Google settings. For example, turn off click tracking by Google or delete annoying advertisements which could also track your clicks for the “Web” option.
You will find an important function for data protection under “Privacy". Here, you can make the UID, that is, the unique identifier of the Google cookie anonymous. With this you can prevent the search engine from creating your user profile.
APPLICATIONS: The Tor tool is more powerful. It is a proxy, which masks your identity. If you use it when surfing, website operators will never be able to trace your real IP address since you will get a new one from Tor. The simplest way to mask yourself is to cover yourself in an invisibility cloak by installing the complete Tor-&-Privoxy-&-Vidalia package. The most important tools have already been integrated in this. This is how it works:
Start the set-up and launch all the components on your computer. Furthermore, the package also adds the Tor button to your Firefox. With this button you can easily turn the proxy on or off directly from the status bar of the browser. The next time you start Firefox, you will see Tor's activation status at the bottom right-hand side. You can change the status with a right-click on this display, rendering yourself anonymous when surfing. www.whatismyip.com tells you your current identity, i.e. the IP address and your apparent country of origin. Since the proxy alters this information at irregular intervals, it is almost impossible to retrace your activities over the network. The flip side - your web surfing speed is reduced considerably.
The CyberGhost tool offers yet another alternative to this. Even though Tor conceals your traces in a better way, the CyberGhost application has an advantage over it - you can surf considerably faster. After starting the software, create a gratis account and
Note: If want to read your mail with Outlook or Thunderbird, you must add your provider with “Exceptions | E-Mails. Otherwise the software blocks e-mail traffic.
Tap-proof: e-mail with Thunderbird
No one likes strangers snooping around their personal mail? In case of mails one must mostly rely on the fact that freemail account providers do not check personal mails thoroughly. It is even worse if a stranger taps the messages with a sniffer.
Now with Mozilla Thunderbird and a few extensions, you can stop worrying about that. Use the GnuPG tool, which works smoothly with Thunderbird, to encode your mails so that only the receiver can read the messages. The coding is asynchronous and it functions as follows - With the help of GnuPG, you create a set of two keys; one personal and the other public. Give the public key to all those who would send you encoded mails. On the other hand, you must take good care of the personal key and should never reveal it under any circumstances. This is because you can decode the encoded mails of the sender only with this key. This is how it works.
Install GnuPG on your computer and add the Enigmail add-on to your Thunderbird. The “OpenPGP” entry appears on the menu of the mail client. Here, you will find the “Key management” menu item. Go to “Generate| New key pair” and select the user ID; this is the e-mail account, which you will manage with Thunderbird. Now enter a passphrase i.e. a complete sentence, which ideally should consist of numbers as well as alphabets to increase safety. Memorize this phrase well since you will require it to decode your mails. Professionals can also define the key strength under “Advanced” or select a specific algorithm as well.
You can now “Generate key pair”. This requires a few minutes. Your mail client is now ready to send concealed messages. GnuPG offers you two versions. The first is where you can sign the messages digitally. This way the receiver can determine whether the mail is truly sent by you. This is because with just a few tricks, hackers can send a mail under your name. Spammers love to disguise themselves. It's the easiest and most effective way to get someone to open a mail. You can avoid this risk by signing your e-mails and selecting “OpenPGP | Sign message”. If the receiver possesses your public key, Thunderbird confirms the correct sender and indicates this with a green bar on top of the mail. However, the content is still not encoded in this procedure. The second variant, which is safer and rather easy to manage, is encoded mail dispatch. Try it out and start a test run by sending an encoded mail to yourself through “Compose. Select “OpenPGP | Encode message” and send the mail. The message should get posted in your inbox after some time. Thunderbird indicates with a green bar that the mail was sent safely. GnuPG not only helps in encoding your mails but also encrypts local files. In the “Secret” section you will see how it works.
Secret: Encrypting with OpenSource
Be it just a telephone bill or a bank statement downloaded from a bank portal - paper is gradually disappearing from our daily lives. Nowadays, important documents are increasingly being sent in the PDF format. These often lie unprotected and open to prying eyes and anyone who has access to your computer, can get a fairly good idea of your financial status and other personal information. However, this can now be avoided.
SAFEGUARDING DOCUMENTS: Protect your individual files easily with passwords with the help of the GnuPG software, which we have already described earlier in the “Tap-proof” section. You can do this easily through the Windows context menu with the Gpg-4win application. After installation, if you right-click on a file, you can configure the encoder under “GPGee | Configure”. However, you must make sure to specify the “Path of the program” and search for the “gpg.exe” file here - it is mostly present in “C:ProgrammeGNU”. The software is now ready for use. With just a simple right-click on the PDF of the bank statement or whatever that you may wish to safeguard, you can encrypt individual files or a complete directory. The easiest method is Go to “GPGee | Encrypt (symmetrical)”. As soon as you enter a passphrase, the tool protects your data with a password. You can encrypt the files by opening the context menu with a right-click on the file, selecting “GPGee | Check/Encrypt” and entering the password.
ENCRYPTING DIRECTORIES: A more comprehensive tool is True-Crypt from Open-Source that is available in a portable version on the www.stadtbremerhaven.de blog. TrueCrypt can even protect portable storage media. We now explain how you can encrypt a USB stick with this tool. You can also use the program locally on the computer. This is how it works:
Unpack the file on your PC and copy the complete folder onto a USB stick. Start the TrueCrypt program and click on “Create volume”. Select the topmost option and create a virtual, encoded drive. In the window that follows, select the option to create a standard TrueCrypt volume. Click “Next” and then click “File. Now select your USB stick, specify the name of the container in which you wish to store the confidential information in an encoded form and confirm with “Save". After this is done, define the container size and specify a passphrase.
You can now alter the encoding strength by dragging the mouse over the window and generating random values for the key. The more numbers you create, the safer is the key. Eventually confirm everything with “Format". Your encrypted container is now ready for use. If you do not wish to create more safes, click “End". Your USB stick now contains a file with the name and size specified by you. No one can access the data in it without TrueCrypt and your passphrase.
To be able to open the safe and store a file, search for this file under “File” on the TrueCrypt interface and enter your password with “Integrate”. A virtual drive will then appear in “My Computer". You can directly open the safe from TrueCrypt by double clicking it. Once you have stored all the files in the safe, close it by selecting the virtual drive in the TrueCrypt overview and “disconnect” it. You can be rest assured that your data is now protected in case you happen to lose the USB stick.
PERMANENT DELETION: If a stick happens to fall in the hands of inquisitive strangers, they can restore the files you had deleted. You can now prevent this with the full version of Steganos Shredder and delete your data permanently from the respective data media.
Surf without Leaving traces
STOP THE CLICK TRACKER: