In the previous chapter, we discussed how to implement cyber anonymity and prerequisites to maintain cyber anonymity. When your objective is to maintain cyber economy, you need to think about multiple layers and plan accordingly. To do that, we need to understand the scope and implement the correct internet connection, as that is the medium to connect to cyberspace. When the medium is secured, you need to prepare a device and applications to maintain cybereconomy, as devices and applications track you in different ways.
This chapter explains how to maintain cyber anonymity and discusses the areas and techniques that we can use to maintain cyber anonymity. As we already know, applications and browsers track our behavior using multiple methods, including cookies and location tracking. When interacting with the internet, we also overexpose ourselves and share sensitive information intentionally or unintentionally, which attackers use to their advantage. We are going to discuss how to maintain cyber anonymity and the areas and techniques that we can use to maintain cyber anonymity in the following topics:
In the previous chapter, we discussed how to disable tracking in popular operating systems and some of the most popular apps. Without our knowledge, some apps can still track us, even if we configure cookies to maintain privacy. These apps are programmatically designed to collect information, especially the various web apps we access today. We discussed what web apps can do nowadays in previous chapters. One of the mechanisms that we can use to improve security is anti-tracking browser extensions. There are various anti-tracking browser extensions out there developed by individual developers, companies, and communities. When you access content on a web application or web page, some of the elements on the web page, known as trackers, are designed to collect details about your browsing habits and other information and send it back to third parties. These apps and sites violate privacy and consume lots of resources including your bandwidth to load the pages, as trackers need lots of bandwidth to communicate between the end user devices and the third-party activity tracker. Most web apps and sites collect your information for advertising purposes, but they may have other intentions. Some web apps use this information to provide meaningful content and easy access to information that you are looking for, but some apps can have more dubious intentions.
On the bright side, even though these web apps collect your information, there are various tools and plugins that can be used to make your browsing activity more private. Most of these tools and plugins are designed to let users know what type of information is collected by these apps, and they minimize annoying ads and save resources such as bandwidth from undesired usage.
Tracking is not only active when you are browsing the internet but also when you play games on the internet, watch movies on streaming services such as YouTube, chat with your friends on social media, read emails you have received – especially on free email services such as Gmail and Yahoo – and use apps that are downloaded on app service portals such as Google Play, Microsoft Store, or the iOS App Store. No matter what you do, you will create a digital footprint in cyberspace. Basically, if you have not taken proper precautions, every moment you spend in cyberspace will see you tracked. For example, if you are planning to buy a refrigerator and look at a few options, it’s not really a coincidence if you suddenly start getting advertisements for refrigerators on YouTube, news websites, and so on. Mostly, your browser cookies are directly responsible for this, and the rest is done by the trackers. When you access any website, a large number of cookie files are loaded onto your browser for different purposes. Currently, there are a few arguments going on related to allowing users to decide whether they want to be tracked or not by the apps that are installed on their devices. Some larger companies are against this option, as it can prevent the possibility of understanding user behavior and they will not be able to perform targeted advertisements. One such initiative is to introduce an option called app tracking transparency (ATT) with the iOS 14.5 mobile operating system, which allows users to decide whether they want to be traced or not. This initiative is also challenging to implement, as most apps track you with lines of code and not openly.
So, what’s the remedy for tracking? There are a few ways we can protect ourselves from different kinds of tracking, as follows:
Since we have already discussed protecting yourself from tracking cookies and using safe browsers, in this chapter we will be focusing on some of the very effective browser extensions and desktop apps that we can use to protect us from tracking. As we know, browsers are client programs that we primarily use to access the internet. Since browsers are the main way to access the internet, if we can block tracking from the browser itself, we should be able to stop tracking at the root.
Browser extensions can be treated as add-ons, plugins, or additional tools connected directly to a browser. Therefore, we can directly protect ourselves from being tracked by using proper extensions. It’s important that we select an extension that is not tracking us, as these extensions can be developed by companies and individuals for different objectives. We are going to go through some of the most popular and trustworthy extensions to see how they work and the advantages and disadvantages of these extensions. Most of these extensions are free, do not utilize a considerable number of resources, and are compatible with most of the popular browsers.
First, we need to know how to install a browser extension. The process is straightforward – you can either search for the desired extension on the web or install it on your browser directly from the extension provider. For example, if you need to install Disconnect, you need to access https://disconnect.me/disconnect and hit Get Disconnect.
Figure 9.1 – Installation of Disconnect on a browser
When you click on Get Disconnect, it will take you to the browser extension installation window. You will see this window when you are trying to install any browser extension in the future. For some browser extensions, you can use a search engine with the extension name. There are also websites with browser extension lists. When you search and click on Get Extension, you will be redirected to the browser extension page shown in the following figure.
Figure 9.2 – Installing the extension on the Chrome browser
Clicking on Add to Chrome will install the Disconnect browser extension on the Chrome browser. Installation steps are very similar on other browsers. In some browsers, after the installation of the extension, you need to enable it to see it on the browser.
Figure 9.3 – Enabling an extension on the Chrome browser
Once the extension is installed, you might need to enable and pin it to the browser to work. Once pinned, you will see the browser extension on the browser menu. By clicking on the extension icon, you can access the features of the extension.
There are many browser extensions commonly used to prevent tracking and data collection from users by competitors and advertising companies. Some of the browser extensions are not trustworthy, as they also collect information from the users. The following list of extensions is carefully selected based on trustworthiness and functionalities:
Figure 9.4 – A basic version of Disconnect blocks many trackers
As you can see in the preceding figure, Disconnect has blocked 35 trackers, including Facebook, Google, and Twitter-related trackers. Even the basic version of Disconnect can block a range of trackers accessing your information, including Facebook, Google, and Twitter-related trackers. Disconnect also supports major browsers, including Google Chrome, the Samsung browser on mobile phones, Opera, Safari, and Firefox. Once Disconnect blocks different types of trackers and add-ons from websites, they will load much faster than usual, which saves user bandwidth. Disconnect helps to block a large number of tracking websites, improves website loading time by up to 27%, supports website blacklisting and whitelisting, and has a built-in dashboard that visually displays a range of information, including bandwidth and other information. The only disadvantage is that the basic version has limited capabilities.
When you click on the Disconnect toolbar button, it will show you the total number of tracking requests you received on every page you visited in real time. Disconnect will show you in green the number of requests that it blocked. Disconnect will show you in a gray color the requests that are not blocked. You can click a button to see and block or unblock the requests.
In the Analytics section, you can view different types of sites that send requests and the status of whether a request is blocked or not. In the Options section, you can whitelist or blacklist the site that you are on; this information will be stored in Disconnect and used when you access the site the next time. On the dashboard, you can see the time and bandwidth you saved, and the number of Wi-Fi requests secured by Disconnect if you are connected using a Wi-Fi network.
Ghostery is similar to Disconnect; it provides a simple interface but if you need a more detailed view, you have that option too. Ghostery offers a range of security features known as “boosted features” that offer advanced privacy protection, which block trackers, anonymize your data, and block ads and are totally customizable. Ghostery insights provide a state-of-the-art web analytics tool that provides real-time statistics on the performance of every page you visit. The ad-free private search engine provides zero history tracking, zero ads, and no tracing when you search on the web. All these features come as standard with the Ghostery privacy suite.
You can install the browser extension by visiting https://www.ghostery.com/ghostery-browser-extension and selecting the respective browser from the drop-down menu. Currently, Ghostery supports Google Chrome, Mozilla Firefox, Safari, Edge, and Opera browsers. Ghostery’s free browser extension provides basic browser protection, whereas Ghostery Plus provides a subscription-based service, which provides basic browser protection and advanced device protection. Once you have installed the Ghostery extension on your browser, you might need to enable and pin it to the browser using the same steps we discussed previously for Disconnect installation. Let’s try to access a website and see how Ghostery responds to it.
Figure 9.5 – A simple view of Ghostery blocking many trackers
As you can see from Figure 9.5, Ghostery has blocked seven trackers, modified two trackers, and loaded a page faster. You are given the option to trust the site (which is similar to whitelisting in Disconnect), restrict the site (which is similar to blacklisting in Disconnect), or pause Ghostery for a desired duration. Also, note that smart browsing is on by default. You can turn it on or off, as well as anti-tracking, ad-blocking, or smart-browsing, from the extension itself quite easily. If you click on the detailed view, you can individually block or allow different trackers. You have the option of restricting the same tracker on all sites or only on the specified site by simply clicking on the detailed view of Ghostery.
Figure 9.6 – The detailed view of Ghostery provides advanced features
The basic version of Ghostery offers a range of features, but historical stats will only be available once you have upgraded Ghostery to the paid version. The unique set of features offered by Ghostery includes award-winning artificial intelligence-based anti-tracking technology, informing you about what companies are tracking you, and an open source anti-tracking browser extension for a range of popular browsers (as discussed before), increasing the page loading speed by decluttering pages. The easy-to-use interface of Ghostery displays the status of the web page at the bottom of the Ghostery extension, although some websites that use counter-anti-tracking methods might not be identified by Ghostery and might cause Ghostery to not work as expected.
Figure 9.7 – uBlock Origin features
Most importantly, uBlock Origin is free and open source with a public license. Basically, this means people from the tech community volunteer to maintain it and work hard to keep other people safe from ads and tracking. You can install uBlock Origin by visiting https://ublockorigin.com and clicking on the Get uBlock Origin link. The original browser extension on uBlock Origin was first developed by Raymond Hill back in 2014 to maintain a community-maintained block list and add additional features to improve privacy. uBlock Origin is an open source ad blocker that provides CPU - and memory-efficient technology and supports a range of popular browsers. uBlock Origin has attracted the attention of over 5 million active users of Firefox and over 10 million active users of Google Chrome, winning the prestigious IoT honor of “Pick of the Month” by Mozilla. At the time of writing, uBlock Origin is continuously maintained and under development by the founder and lead developer, Raymond Hill, and remains an industry-leading, open source, cross-platform browser extension that provides privacy from ads and trackers. Apart from being an anti-tracking extension, it also provides a pop-up window blocker, a large media element blocker, and a cosmetic filter disabling feature, and it blocks remote fonts and disables JavaScript on websites.
Privacy Badger was developed to be used as a single extension to block a range of adversaries and trackers once they have violated user consent. Importantly, Privacy Badger will work without any additional settings or configurations by the end user. It has a set of algorithms that decide whether a website is tracking a user or not. Conventional browser extensions simply block ads while Privacy Badger mainly concentrates on privacy. For example, no ads will be blocked by Privacy Badger if they are not tracking the user. However, trackers will be blocked by Privacy Badger by default. Privacy Badger is purely a tracker blocker.
You can install Privacy Badger by visiting https://privacybadger.org and clicking on the respective browser. Privacy Badger supports a range of popular browsers, including Google Chrome, Mozilla Firefox, Opera, and Edge.
Figure 9.8 – Privacy Badger blocks trackers by default
Privacy Badger supports Global Privacy Control (GPC) – a specification that provides control to users to notify companies that they would like to opt out of them keeping, sharing, or selling their data. Privacy Badger supports GPC by sending every company that users are interacting with a do not track (DNT) signal. When DNT was developed, most companies simply ignored it, so the Privacy Badger browser extension acts as an enforcer of the DNT signal.
Privacy Badger is very easy to configure; it blocks a range of trackers, including invisible trackers. It will not block ads if they are not tracking you, although it is capable of blocking a range of ads. The only drawback of Privacy Badger is that is consumes a noticeable amount of memory.
Figure 9.9 – The AdGuard range of products to improve privacy
AdGuard has different offerings, including browser extensions to improve privacy. AdGuard has been developed as a desktop application with a range of features, including the following:
You can download the AdGuard browser extension at https://adguard.com/en/adguard-browser-extension/overview.html. This is AdGuard’s lite version that effectively blocks all types of ads and allows safe, fast, and ad-free browsing.
Figure 9.10 – The AdGuard browser extension to block ads
AdGuard provides you with a range of actions through its browser extension to block ads on a specific website straight away, and you can check the security of the website. When you click on the Check website security option, it will redirect you to AdGuard’s security report of the respective site. AdGuard maintains a database of websites that can produce security reports. A report contains the trustworthiness of the site, child safety settings, and other information related to safe browsing indexes maintained by Google and Yandex. If you go to the statistics, it will show you how many websites were blocked in the past. AdGuard maintains a filtering log that has real-time information about filtering.
Figure 9.11 – The AdGuard filtering log
When you click on the filtering log, it will show you the real-time status of the filtering, including AdGuard filters and filtering rules. This shows you how many trackers and ads were blocked by AdGuard.
AdGuard also provides a desktop application that you can install on Windows, Android, iOS, or macOS devices to protect you from privacy-related attacks.
In previous topics, we discussed various types of browser extensions that can be used while browsing to block trackers and ads. Sometimes, users might accidentally allow some trackers and ads while browsing. In that case, simple browser extensions might not be effective. Then, another option is to block trackers and ads from other possible layers. Anti-tracking software can be the option for these types of cases:
DuckDuckGo is a search engine and a browser that keeps your data safe and unreachable from advertising companies that use your personal data for advertising purposes. DuckDuckGo also offers a browser extension mode where you can very easily integrate DuckDuckGo into the browser of your choice. When it comes to performance, DuckDuckGo provides faster access, as it disables ads, cookies, and traces and provides complete anonymity. DuckDuckGo comes with an attractive user interface that allows users to access any website without being tracked. As we discussed before, many websites track user data, location, and cookies to collect a lot of information. But with DuckDuckGo, your privacy will be ensured while you are surfing the web. Some users find DuckDuckGo search results are not always accurate, the reason being that DuckDuckGo is not using your private data to refine the results any further.
If you access https://duckduckgo.com, you can add DuckDuckGo to your browser as an extension.
Figure 9.12 – The DuckDuckGo search engine and browser extension
Adding DuckDuckGo as a browser extension is straightforward, as we discussed earlier. But if you need to install DuckDuckGo as an app, you need to visit https://duckduckgo.com/app and install it on the specific operating system that you are using. DuckDuckGo not only protects your privacy by blocking trackers and ads but also forces websites to establish encrypted connections, when possible, to protect users’ data that is communicated between the browser and the server.
Cliqz works as a first-class doorman, protecting you from unwittingly revealing your data. Just like a doorman, the software only gives access to you, not trackers, ads, and other adversaries. Cliqz comes with anti-tracking, ad-blocker, and anti-phishing capabilities. Cliqz also offers encryption to protect you from sniffing and man-in-the-middle attacks. Cliqz claims that it never collects user data, and its certification company, TUV, has approved Cliqz's architecture in terms of data protection. The Cliqz browser and all integrated function modules are open source. You can download Cliqz by accessing https://downloads.cliqz.com/CliqzInstaller-en.exe. It is also available in the Mac, iOS, Android, and Amazon app stores.
Avast AntiTrack Premium was developed initially as an antivirus software that is user-friendly, and it provides an exclusive summary of trackers blocked by the software. Another feature that comes with Avast AntiTrack Premium is an app that supports anonymous browsing, preventing trackers and data collection while surfing the web. This is also capable of effectively blocking a range of scripts that try to collect and track information. The program automatically changes a user’s digital footprint to maintain anonymity after deleting tracking attempts.
Browser extensions and anti-tracking applications can protect websites from tracking and collecting information from you.
When you access web applications and sites, they create cookies in a browser; some cookies are direct cookies, while other cookies are third-party cookies that collect and share information about you with third parties. While avoiding tracking apps and protecting ourselves using browser extensions and anti-tracking tools allows us to surf the web safely, there can still be cookies and scripts created within a browser when you access web applications and websites to collect information about you. Sometimes, attackers and advertising companies can be very tricksy. They might use legitimate websites to store scripts, cookies, and other tracking components within browsers when you access the web. The solution is to use tracking-removal tools to remove cookies and temporary files created when web browsing. There are different kinds of tracking-removal tools available to do this, but some tools can also track you to collect information. Most of these tools are commercial tools, but they also offer free versions with limited features:
Figure 9.13 – CCleaner scans and removes temporary files created in browsers
As the preceding figure shows, CCleaner scans all the browsers installed on a system, analyzes the files, and prompts you for action. If you want, you can run the cleaner to clean the files from the system with just one click. It also includes a special browser that can be used without tracking. While the professional version provides a wider range of features, the free version provides interesting features, including a PC health check that automatically analyzes, tunes, and fixes device performance, an app controller that increases the performance of a device, and privacy protection that removes tracking and browsing data.
Figure 9.14 – SUPERAntiSpyware scans a computer for harmful files
You can download SUPERAntiSpyware at https://www.superantispyware.com. SUPERAntiSpyware has a free version and an AI-powered Professional X edition. Even the free version is good enough for tracking removal, but the Professional X version has an attractive set of features not included in the free version, including an AI-backed, real-time scanning engine that is capable of blocking over 1 billion malicious threats, securely deleting malicious files, analyzing a system in depth, cleaning up browser cookies and popups, and stopping ransomware and trackers.
Figure 9.15 – SUPERAntiSpyware scans and removes PUPs
SUPERAntiSpyware can be a very effective tool to remove trackers, including adware and potentially harmful software.
In the previous topic, we discuss how to avoid browsers and applications from tracking our online behavior. Most browsers and applications track us without our knowledge or consent. Another area to concentrate on when it comes to privacy is communication and collaboration. We typically share private and personal information with our loved ones and people we trust. Communication and collaboration play major roles today, as everyone is connected virtually with each other by various applications, irrespective of geographic location. Traditionally, people met in person to maintain social networks. This was followed by telephone communication.
In today’s world, various communication applications and social media are the main ways we maintain social networks. Users typically perform one-to-one communication or one-to-many communications, using various communication tools. These communication tools support video-, audio-, and text-based communication with one recipient at a time, known as a private chat, or with many recipients at a time, called group communication. Typically, these communications can often include personal, private, and confidential information shared with the recipients. Mainly, we need to understand who we are communicating with, especially when communicating in a group.
Sometimes, there can be users in a group that we assume we can trust, but there can be complete strangers in the same group. For example, I have a practice of saving numbers on my phone whenever I receive a call from an unknown number for the first time. I can then call the person back later or identify the same caller next time. Let’s say I get a call from someone that was a student when I taught certified ethical hacker training in Australia, and his name is John. I would save his number as “John CEH student Australia.” When he phones me the next time, I know that it’s him. If the same student phoned me again from a different number – using multiple numbers is common these days – I will save the second number under the same contact. Now, I have two numbers saved under the “John CEH student Australia” contact. Let’s say I need to create a group known as “CEH students Australia.” Using my chatting application, I will create a group and add contacts to the group. Now, I believe all the contacts in the “CEH students Australia” group are students who were attendees of my certified ethical hacker training. But what if John had use one of his friends’ mobile phones to call me in the second instance? I assumed both numbers are owned by John; that’s the reason I saved both numbers under his name. But the second number is someone else’s. If I start sharing confidential information, assuming all the contacts in the group are trustworthy, I’m making a mistake.
This can happen to anyone, especially with large groups. When it comes to maintaining privacy on communication and collaboration apps and tools in cyberspace, we need to look at these areas. Otherwise, we will be compromising our privacy on these apps. Users have a responsibility when it comes to communication and the application has a responsibility as well.
When dealing with chatting and collaborating apps, we need to look at two aspects:
When it comes to communication and collaboration there is a range of apps available that support multiple operating systems, including Windows, Mac, and Linux desktop operating systems and Android, iOS, and Windows mobile operating systems. Messaging apps provide a range of communication and collaboration capabilities, including simple chat, video and audio communication, file sharing, screen sharing, group communication, and location sharing. Typically, messaging apps provide an easy way of maintaining social relationships with colleagues and keeping in touch with family and friends. However, while providing a range of benefits, we need to be aware of online privacy and security concerns related to messaging apps.
When it comes to privacy and security, the potential violations and concerns are as follows:
To avoid these privacy concerns, we need to evaluate messaging apps before we start using them for communication and collaboration. There are many apps available in all the app stores, including Microsoft Store, Google Play Store, Apple Store, Amazon Store, and desktop app stores, that support communication and collaboration. There are commercial and free apps available for this purpose. Some apps are even open source, developed by communities, and their source code is available to the public. When evaluating these apps for privacy and security, the key considerations should be the following:
While discussing various ways to maintain anonymity, we looked at how to improve privacy. When it comes to privacy, encryption is a technology or process that we can never exclude. Simply, we cannot talk about privacy in cyberspace without encryption. I’m providing a basic explanation about encryption here to help us understand more about the technologies we can use to improve privacy. Encryption is a process that encodes information so that it can only be accessible by authorized users. Encryption converts human-readable plain text (in encryption, plain text refers to information in a raw format or its original representation) to ciphertext (ciphertext is a converted alternative format that cannot be read or understood by humans), which can only be deciphered as plain text by authorized parties. For this purpose, an algorithm is commonly used to cipher and decipher the text. Since everyone uses industry-standard algorithms, users can use a key to encrypt the message. If a user needs to decrypt the message, they require the key.
There are two versions of encryption:
When using messaging tools, users don’t have to enter keys to encrypt and decrypt data, as it will be managed by the messaging software in the background.
As we discussed, there are many messaging apps available in app stores that support many operating systems, including mobile operating systems such as Android and iOS, and desktop operating systems such as Windows and Mac. Even though all messaging apps provide similar capabilities, some apps have been proven to be more secure than others and provide users with a higher level of privacy. Let’s look at some of the popular messaging apps to see the level of privacy that they provide and what the weak messaging apps are when it comes to privacy and anonymity:
These are the most popular messaging apps that are available on the most popular platforms. They have their own pros and cons when it comes to privacy. Depending on your requirements or required level of privacy and anonymity, you can decide which app suits you. Open source apps can typically be trusted, as they maintain a high level of transparency.
One of the common ways of exposing ourselves in cyberspace is via emails and contact numbers. For example, there are many requirements to share our email address, contact number, or both to receive activation links, download e-books, access various services, and so on. When we share our email address or contact numbers, companies or attackers use them for various types of malicious purposes. Some companies sell collected information to advertising and marketing companies. Some attackers misuse this information and use it for other attacks.
We need to know the ways to protect ourselves against these attacks without exposing our private email addresses and contact numbers. But this becomes an issue when we need to provide a contact number or email address to gain access to these services. The solution to this is to use virtual numbers and throwaway email addresses. Some services providers such as Yahoo.com provide throwaway email addresses, similar to an alias; once your communication with the service is over, you can disable the email addresses so that they are no longer available for communication.
Another option is using disposable email address. Many disposable email address providers provide disposable email addresses to receive emails temporarily without registration. These email addresses are available either for a certain temporary period or until you refresh the browser. You can just use these email addresses to receive emails or any sort of information, and then you can just forget about them. This is a good way of receiving activation links or download links. Once you have received the link, you can access content without disclosing your real email address, so even if an attacker or company shares or sells this email address, it doesn’t matter. However, if you need to reuse the email address, then you need to again register on the services, although most services are available without registration.
The following is a list of disposable email service providers:
If you visit www.temp-mail.org, it automatically generates a disposable email address that can be used to receive any activation link or download link.
Figure 9.16 – Disposable email address to receive emails
This will prevent attackers from collecting authentic email addresses using different tricks, including providing you with interesting links and registering you on their websites. Once you have used the temporary email address, you can just close the browser.
Keeping your personal contact number safe is extremely important today, as many services use your number to identify and authenticate you. In the past, contact numbers kept on changing. When you moved from one service provider to another, your contact number changed, and when you moved from one city to another, your number changed; it was like your postal address, which changed when you moved from one house to another. But now, in most countries, your contact number is like your passport number or identity number, which never changes. In most countries, you can even change a service provider or phone package without changing the number. Some countries, such as Australia, even have government services that authenticate you by a contact number. When you call them, their systems automatically identify your number, and they can access your information. This makes the contact number more sensitive to privacy breaches than ever before.
If you need to provide a contact number to receive a one-time password (OTP) or code, then there are multiple options available that allow you to do so without disclosing your real contact number. There are many online and free SMS receiving services to use. First, let’s look at free online services that can be accessible without any registration over a browser:
All these services provide a similar service; once you access one of the preceding links, you typically need to select the country in which you want to receive the message. For example, receive-SMS-online.info is a free service based on a real SIM and shows the content of the SMS messages you receive to a SIM via a web interface. These numbers are based on real SIMs, but the contents of the messages are shown publicly. If you want to receive a code or OTP, you can use online SMS receiving services. Most of the services do not filter or restrict anything. Since the numbers that these services use are publicly available, some services might have already used them.
Figure 9.17 – Receiving an SMS for any country
When you access one of the links given previously, you will need to select the country in which you would like to use the number. You can decide based on the country or the number that you would like to use. Once selected, you will be redirected to a web page that receives SMS messages for the selected number.
Figure 9.18 – Receiving an SMS for any country
Then, you will see the messages received by the number on the web page; when you use this number on any service, it will display the messages sent to the number publicly. The disadvantage is that all the messages sent to this number will be visible to the public. For some requirements, it’s okay to receive messages publicly, as only you can use the code sent to the number for a specific service.
We need a contact number for various reasons, including contacting an emergency service, catching up with family and friends, contacting for official purposes, business requirements, registering with various services, and banking and tax purposes. On top of that, if you want to sell something online or wanted to sell your car, you advertise information with a contact number so that buyers can reach you. When you do this, not only buyers but also various adversaries can get your number easily. Then, you will start receiving promotional calls and text messages, as there are companies that deliberately collect contact numbers for advertising purposes, which is annoying.
Let’s say you wanted to register on a dating app and use your contact number. If you use your permanent number, if you change your mind and deactivate your account, the people you connected with on the dating site can still reach you with your number. Sometimes, attackers can even use your number for other attacks. Another problem is that when you use a smartphone, your phone number is integrated with various apps, including messaging apps. Once people get your number, they can search for you on popular apps such as WhatsApp, Line, and Viber. They also can find your profile pictures set up on these messaging apps and other information, depending on the app. This makes it easy for an attacker to gather information about you.
The solution to this issue is a burner phone. Usually, the term burner phone refers to a disposable phone with no contract number that is used for a temporary purpose. Typically, it is a prepaid mobile number with a super-cheap handset that you buy on the go, from a shop or supermarket. Some burner phones include a SIM for a certain call time. After the defined period is over, the number will expire. Mostly, these types of packages are used by tourists. For example, if you want to sell something on an online marketplace such as Facebook, you can use a burner phone. Once the item is sold, you can switch off the phone. Since you are using a prepaid number, it will not charge you on monthly basis. Whenever you need, you can top up and start using it. Some packages even support changing numbers. These cheap handsets don’t have an option to connect to the internet or install apps. You can usually only call and text using a burner phone. Once done with it, you can get rid of the phone and the number. A burner phone provides stronger privacy as it does not keep any metadata within it. When the phone and SIM are destroyed, there are no traces left.
As we discussed, freely available services can be used to receive messages without exposing your number, or you can use burner phones to maintain privacy. But if you don’t want others to see the message, you cannot use public SMS receiving services. If you already have an Android or iPhone, you might not want to carry another device, such as a burner phone, with you. Then, the only option available is a virtual number or second number that you can get on your phone.
There are many apps available in app stores that provide a second or temporary number for this purpose. When you download an app, you can obtain a number that can be used as a virtual number. You can use the virtual number to make or receive calls. You can also send or receive SMS messages, depending on the service that you subscribe to. Some services even provide temporary numbers that you can change from time to time:
We discussed how we can create a virtual machine with proper network configuration in Chapter 8, Understanding the Scope of Access. Once you have created a virtual machine, it can be used for multiple purposes. Remember that virtual machines also work like physical machines on a network. When you check your virtual machine from the network perspective, there is not much difference between the physical machine and the virtual machine. Both will have IP addresses assigned, run an operating system, and have applications installed. When we concentrate on the privacy factor, it provides the advantage that we can revert the virtual machine to a previous state whenever we want, or we can simply reset the virtual machine every time we need to. It will look like we're using a new system every time we access the network.
Once you revert a virtual machine, all the trackers, cookies, and scripts that attackers plant will be removed from the system. From an attacker’s perspective, once you revert the virtual machine, your traces will have disappeared. Another advantage of using virtual machines is isolation. Even if your web surfing opens the door for malicious code or malware onto a system, you are still safe. Once you have reverted the virtual machine, they all will be removed. There are various virtualization platforms that you can use to build your virtual machine. It’s always a good idea to create a snapshot from the virtual machine so that you can revert to a previous state whenever you want. In Chapter 8, Understanding the Scope of Access I explained how to configure a VMware virtual machine.
Figure 9.19 – Creating a snapshot of a virtual machine
You can create a snapshot easily on a VMware virtual machine. Just select the virtual machine, go to the VM menu, and select the Take Snapshot… option. This creates a snapshot of the virtual machine. As you can see in the preceding screenshot, there are two snapshots created.
Whenever you want to revert the virtual machine, you can simply go to the same menu and click on the Revert to Snapshot option. Then, the virtual machine will be restored to the previous state, clearing all the traces. This is an advantage of using virtual machines. In simple words, the virtual machine will not create additional protection for anonymity, as on the internet, what others see are packets. It doesn’t matter whether the access is virtual or physical in cyberspace. But virtual machines allow you to revert to a previous state, or in other words, every time you access the internet, it’s like a brand new entry without any previous states.
We previously discussed preventing tracing and ads at the browser or application level by using anti-tracking applications or browser extensions. Using virtual machines, we can prevent tracing at the operating system level. For example, if you create a snapshot just after the fresh installation of an operating system and then you access the internet, by reverting to a previous state, you can remove all the traces, cookies, temporary files, and caches created within the system within a few seconds. If, next time, you access the internet using the same virtual machine, there won’t be any traces of the previous access. In a worst-case scenario, you even have the option to delete the virtual machine completely and recreate another one with minimum effort, unlike rebuilding a physical machine. It’s like having a second machine; deleting and creating virtual machines do not have an impact on your daily activities and you won’t lose your important data.
As a best practice, what you can do is use your usual computer with browser extensions enabled to access the internet, and then you can clear the artifacts created in your device using CCleaner frequently. If there are any suspicious links or artifacts to check for, you can use your virtual machine.
Once we have taken actions to protect ourselves at the operating system level, then we can think of the application level. As we discussed, applications keep traces of our various activities. When it comes to applications related to privacy, there are two types of apps that we can consider:
The term portable applications refers to applications or software that do not require any installation. In other words, all required files to run the software are typically stored in a single folder or single executable. You can even keep portable applications on a single USB drive, bringing all the required software wherever you go. Previously, you could carry all your software on a CD or DVD; as few people nowadays use CDs or DVDs, you can use a USB instead. Most importantly, you can use the applications and software on any computer and it will feel like it’s your computer, as all the required software is present on the USB. When it comes to privacy and anonymity, the best part is that portable software does not store any settings in the Windows registry. Portable software is fully functional like installed software, so we don’t have to worry about reduced functionality in portable software.
There are advantages to using portable applications for cyber anonymity, including the following:
Portable apps have become very popular due to these advantages, and now it’s not hard to find portable applications. Many of these portable applications can be located and downloaded for free from https://portableapps.com/apps. Portableapps.com offers its own app store, with a collection of apps to select from with proper categories, and you can launch an app straight away without any limitations. Alternatively, some leading software vendors offer portable versions of the same software. It is recommended to download portable apps from trustworthy sources as they may contain bundleware (bundleware is software that comes with additional software as a bundle, which can be malicious or dubious). Downloading from a direct software vendor or portableapps.com is recommended, as portableapps.com scans all the apps available on the site frequently with antivirus engines before publishing them on the site.
These portable apps can save you time while protecting you from traces created while surfing the web. A combination of these tools can be an ideal way of surfing the web. Let’s say you want to surf the web without leaving any traces of your presence. You can download the following portable apps to a sanitized USB stick:
When you have these three portable apps, you can maintain anonymity while surfing the internet. Let’s imagine you have these portable apps on a sanitized USB stick. You can insert the USB stick on the physical machine and connect the drive to your virtual machine. It’s easy if you are using the VMware workstation that we created earlier. The only thing you need to do is connect the USB drive to the virtual machine.
Figure 9.20 – Connecting a USB drive to a virtual machine
Once you have connected the USB drive to the virtual machine on the VMware workstation, you can log in to the virtual machine. When you go to File Explorer, you can access the drive. Then, you can access the folder that contains the Opera GX browser or any browser of your choice and open it within the virtual machine. This prevents any artifacts from being created on the virtual machine; even if they are created, we always can revert the virtual machine. Once you complete the work, you can run USB Oblivion to remove the traces created on the USB drive from the virtual machine. Later, if you want to, you can completely wipe the USB drive using Eraser.
There are many interesting portable applications that improve privacy and can be downloaded from portableapps.com, including the following:
Virtual applications are applications that are optimized to run in a virtualized environment, typically without the requirement to be installed first. An application can reside on the cloud or on-premises but execute on the local device. Using virtual apps provides user privacy and safety, as data will not be stored locally. There are different ways of providing application virtualization. Desktop and application virtualization provides an extra layer of security. In today’s world with complex requirements in personal and enterprise systems, virtualization is the best way to handle safety and privacy. On personal and enterprise systems, we have different device form factors such as laptops, desktops, and mobile devices. These devices use different operating systems such as Windows, Linux, Android, and iOS. When you look at the ownership of devices, some are owned by companies whereas others are owned by users. If users access organizational data from their own devices, the privacy and safety of data can be challenging. Even for personal requirements, we might use multiple devices with different ownership to access our data.
Desktop virtualization is the best way to handle this, as it provides access to data using any device type and any operating system, but once you access the data, it will remain in a virtual environment. For example, even if you have access to the data, you will not be able to copy it from the virtual application and paste it into the local device. This separates personal data and organizational data. In other words, desktop and application virtualization provides a range of privacy and security for users, including the following:
Desktop and application virtualization can even be a solution for individuals. There are different cloud-based service providers that provide desktop virtualization for individuals:
As well as cloud solutions, there are various on-premises solutions that you can build and use within your infrastructure that provide similar functionalities. As an example, Microsoft Remote Desktop Services provides desktop virtualization with which you can keep data centrally and provide access to users.
When it comes to individual requirements, cloud solutions and on-premises solutions might not be ideal for privacy considerations. The solutions we discussed previously definitely help small, medium, and enterprise-level organizations to protect their data and maintain data privacy and compliance standards, while leveraging the benefits of utilizing the personal devices of users. Companies do not need to invest in devices, as they can use user devices to access virtual desktops and applications while keeping their data protected. That is one of the reasons companies encourage users to use their own devices, known as bring your own device (BYOD). The major concern that many organizations have is data privacy and safety, when users are allowed to use their own devices to access organizational data. Desktop and application virtualization provides the solution for this. Even Microsoft desktop virtualization provides an application virtualization solution where users will not even realize that they are using a virtual application, as it provides the same experience and the same interface that they used to have when using the installed application, yet still provides data privacy and maintains the required compliance standards.
In this chapter, we discussed different ways and techniques that we can maintain cyber anonymity. We discussed methods to maintain cyber anonymity by using virtual machines at the operating system level. Then, we discussed how we can maintain cyber anonymity at the application level, including application and desktop virtualization. Since we mostly access cyberspace using web browsers, we discussed how to prevent tracking on browsers using browser extensions. Browser extensions can prevent tracking and ads while displaying blocked trackers. There are anti-tracking tools that are capable of blocking trackers at the application level. When the trackers create cookies and scripts for use later or by other applications, we can remove them using trace removal programs. When you go through these methods, you will understand that tracking is possible in multiple layers. When it comes to cyber anonymity, we need to plan and maintain all these layers. Leaving traces on even a single layer will provide enough information to attackers to carry out an attack. We discussed how we can protect ourselves in different layers and maintain cyber anonymity.
This chapter explained how to maintain cyber anonymity and areas and techniques that we can use to maintain cyber anonymity under the following topics:
By now, you will understand the behavior-tracking techniques and different types of secure messaging apps that can be used to communicate without compromising privacy. Also, you will understand the importance of disposable email addresses and contact numbers. We discussed the importance of virtualization in cyber anonymity and the importance of maintaining cyber anonymity in all the layers.
The next chapter explains the tools and techniques that can be used to maintain cyber anonymity.