In the previous chapter, we discussed how to maintain cyber anonymity and techniques that we can use to maintain cyber anonymity related to the following topics:
This chapter explains the tools and techniques that can be used to maintain cyber anonymity. During this chapter, you will come to understand what proxy chains and anonymizers are and gain knowledge on censorship circumvention. We will discuss live Operating Systems (OSes) for maintaining anonymity and how they work, how Virtual Private Networks (VPNs) work and maintain cyber anonymity, and finally, how we can use logless services to maintain cyber anonymity.
In this chapter, we will discuss the tools and techniques that can be used to maintain cyber anonymity related to the following topics:
The term proxy is used in information technology to define a tool or application that acts as an intermediary between a client and a server. Anonymizers are special kinds of proxy tools that can keep activities on the internet untraceable. In other words, anonymizers are special applications that can make activities that are usually traceable between client and server communication on the internet untraceable. Proxy chains are a series of proxy servers that forward traffic to each other. The objective is to provide higher anonymity than usual proxy servers or anonymizers. For example, even if the traffic is sent through a proxy server, from the internet side, it is always possible to detect the proxy IP. If the proxy servers are accessible and proxy server owners are cooperative, the real IP behind the proxy server can even be discovered by analyzing the proxy server logs. Most anonymizers say that they don’t provide information to third parties, but that depends on the requester. When using proxy chains, one proxy always forwards traffic to the other proxy on the chain, making it hard or impossible to trace the real IP of the user.
The main objective of anonymizers is to provide a reasonable level of confidentiality. Anonymizers support a range of protocols including internet traffic – Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) – and internet services – such as Gopher. Anonymizers typically act as an intermediate application between you and the service that you are accessing. The advantages of using anonymizers include the following:
Anonymizers typically access websites for you by protecting your privacy. There are many anonymizers you can use for this purpose including the following:
Figure 10.1: Zendproxy provides anonymous access when surfing the internet without any installation
Typically, ActiveX controllers, scripts, and mobile codes are used by web applications to collect information about you. Let’s look at the difference between accessing a website directly and through an anonymizer. First, let’s access https://ip.me directly from the browser:
Figure 10.2: https://ip.me shows your location and other information
When you directly access https://ip.me, it shows your IP address, location, and GPS information on the site, as the website collects all your information using your IP address. This is how web applications collect your information when you are navigating the internet. When you directly access the internet, it detects your IP address and from that application, detects your location as Melbourne, Australia, your ISP as Belong, the postal code of your location, and GPS information, including latitude and longitude. Scripts running on the web application show your location on a map.
Now, we will try to access the same website using the Zendproxy anonymizer:
Figure 10.3: Accessing through Zendproxy hides your location and other information
As you can see from Figure 10:3, when accessing through the Zendproxy anonymizer, it shows a completely different location – the location of the anonymizer in Amsterdam, Netherlands, and the GPS information, postal code, and service provider information are given as LeaseWeb Netherlands. Now, you may notice that the map doesn’t appear, as Zendproxy has removed the scripts and objects on the website.
Figure 10.4: Surfing the internet anonymously using Anonymouse
Anonymouse hides all your whereabouts when accessing the internet, providing a faster and easier way of accessing it safely. The best thing is that Anonymouse blocks all the scripts and mobile codes while providing faster access without any ads:
Figure 10.5: Surfing the internet without leaving any traces with Anonymouse
As you can see in Figure 10:5, you can access the internet without revealing your real information, the same as Zendproxy. Anonymouse removes the scripts and changes the real location to Frankfurt, Germany, and the other information accordingly.
Figure 10.6: HMA anonymizer provides a range of features
As you can see from Figure 10.6, HMA provides the option to select a location for users. Even when you are using the free version, you can select one of the desired locations.
Besides this, it also supports typical features such as encryption, disabling cookies, and removing scripts. The HMA free version is good enough for simple browsing and maintaining an acceptable level of anonymity, while HMA pro provides better features for larger devices and even for gamers using gaming apps.
Figure 10.7: Kproxy anonymizer for hiding your identity online
Data snooping by an ISP means that an ISP can sell your browsing activities, behaviors, and history to other parties that want to send you directed ads. Kproxy can prevent this and it also provides the option of selecting a range of Kproxy public servers to redirect your traffic.
We learned how to use anonymizers to surf the web without our data being collected while browsing. Many anonymizers we discussed support removing third-party cookies, objects, and scripts while browsing. Many open proxy servers are there if you want to redirect your traffic through proxy servers, but these proxy servers will not remove objects, cookies, or scripts – what they do is redirect traffic through their proxy. There are many sources that provide free proxy lists. If you search for free proxy server list on Google, you can find many proxy server lists. If you access https://geonode.com/free-proxy-list/, the best thing about Geonode is that it provides users with a long list of proxy servers that can be filtered based on the country, port, anonymity level, such as highly anonymous, anonymous, and non-anonymous, proxy protocol, speed, owned organization, and uptime, among other things:
Figure 10.8: Geonode free proxy list
If you need, you can export the current proxy list as a text file, a Comma-Separated Value (CSV) file, or a Java Script Object Notation (JSON) file. Once you have the information, you can configure your device or the browser to go through the proxy server. Depending on the browser, the configuration is varied. Typically, under the settings, you can find proxy configuration, or if you are using a Windows 10 device, you can go to the device settings, and under Network and Internet configurations, you can find the proxy settings. Then, you can configure the proxy IP and the protocol in the proxy settings and save them. Once you have saved the proxy settings, when you browse the internet, your internet traffic will be redirected through the configured proxy server. Similarly, you can find a proxy option on various browsers and different OSes, but the configurations are very similar, as our objective is to set up the IP and the port to redirect traffic:
Figure 10.9: Proxy configuration on a Windows 10 device
You might feel this configuration is cumbersome, as changing the proxy configuration each time is time-consuming. There are tools that can help to switch over multiple proxy servers quickly. FoxyProxy is one of these kinds of tools, which is available as a browser extension that can help you to configure multiple proxy configurations and change quickly whenever you need. You can access https://getfoxyproxy.org/downloads to download the FoxyProxy extension, which is available for multiple browsers, including Chrome, Safari, Microsoft Edge, Firefox, and Opera. With the same method we discussed earlier, we can install the FoxyProxy browser extension in the same way and enable it on our browser.
Then, click on the FoxyProxy browser extension and go to the Options tab. You can configure the proxy server IP and the port number on FoxyProxy for the desired proxy server configurations. You can select the Add new proxy option to add the servers:
Figure 10.10: Adding proxy servers to FoxyProxy
You can add all your proxy server configurations one by one to FoxyProxy.
Another option on FoxyProxy is configuring an automatic proxy configuration URL. You can use the Geonode free proxy list using the Load proxies through URL option given at https://geonode.com/free-proxy-list/. You can copy the URL from Geonode and paste the Automatic proxy configuration URL configuration into the FoxyProxy Proxy Details options. Then, FoxyProxy will use the automatic configuration:
Figure 10.11: Adding a proxy server to the FoxyProxy configuration
Once you have completed adding proxy configurations to FoxyProxy, you can close the Options window, go to your browser, click on FoxyProxy, and select the desired proxy server from the list to redirect your traffic. When you are using FoxyProxy, you can configure a list of proxy servers in different countries and different port numbers to redirect your traffic. Whenever you want to redirect traffic, it’s just one click away. You can save all the proxy server configurations on FoxyProxy and select which proxy you want to activate:
Figure 10.12: FoxyProxy helps to select the proxy server and redirect the traffic
When you select the proxy that you want to activate from the list of proxy servers you configured, FoxyProxy will start redirecting traffic straight away through the selected proxy server. This is a very efficient way of switching between multiple proxy servers on the go.
Proxy chaining is a method of forwarding internet traffic through a sequence of proxy servers before traffic reaches its real destination. Once you configure proxy chaining properly and then you try to access the internet, your request first forwards to the first proxy server, and then the first proxy server forwards it to the second proxy server. The second proxy server forwards it to the third proxy server and the third proxy server connects to the destination server. When you send traffic over proxy chains, it will be more secure and increase the level of anonymity, as the destination will only detect the IP address of the first proxy server.
If they need to trace the real IP, an investigation must be conducted to gather information from the log files residing on the first, second, and third proxy servers. If the attacker uses proxy servers from multiple geographies and multiple countries, this process can become very hard or impossible considering the technical, operational, and legal challenges. Proxy chains provide a way of maintaining anonymity, but they don’t provide complete anonymity, as every proxy server keeps the information about the connections in its logs. Typically, these log files must be obtained and analyzed to understand the connections made by the proxy servers with each other. When it comes to investigations, this is not an easy task, especially when the proxies are in multiple countries. Owners or administrators of each proxy server should support the process and provide logs if someone wants to investigate the incident. It can be very hard or impossible, but there is a possibility. Many attackers use proxy chains to launch attacks and typically, they use at least five foreign proxy servers when launching attacks:
Once you install Proxifier, you can easily create a proxy chain by clicking on Proxy Settings in the Profile menu. Then, you can use the Add button to add two or more proxy servers. Once the list of proxy servers is added to Proxifier, you can click on the Create button to create a proxy chain. Once you create the chain, you can drag and drop previously configured proxy servers into the proxy chain while maintaining the sequence in the way you want:
Figure 10.13: Proxifier can be used to create a proxy chain
Once you configure the proxy chain, Proxifier will redirect all your traffic through the proxy chain. The sequence of the proxy servers can always be changed by dragging and dropping them in the way you want. The last proxy server will always be the one connected to the target. You can enable and disable the proxy servers in the list using the checkbox. Proxifier provides all the information related to the connections, traffic, and statistics of the connection:
Figure 10.14: Proxifier redirects all the traffic generated by the device through the chain of proxy servers
Proxifier shows the connections made by each process within the device to the target. Interestingly, Proxifier has the option to configure rules to define which process needs to be using which proxy chain. You can create multiple proxy chains and define rules on Proxifier to redirect traffic according to your requirements – for example, if you want, you can send Google Chrome traffic through one proxy chain, while your email application uses another proxy chain:
Figure 10.15: Proxifier rules can be configured to direct traffic to different proxy chains
As you can see in Figure 10.15, you can configure Proxifier rules to direct traffic through different proxy chains. It shows all the applications are configured to direct traffic through proxy chain 1; if you create multiple proxy chains, you can create different rules to direct traffic generated by individual applications through a single proxy or a proxy chain or block traffic. Advanced configuration options are there to redirect traffic through different network interface cards if you have multiple network interface cards connected to your device. It’s a great feature to design traffic through different interface cards, especially on a virtual machine with multiple network interface cards.
Being a Unix program, ProxyChins works in the terminal. You can download ProxyChains from GitHub or use Linux security distributions such as Kali Linux or Parrot Security, which have ProxyChains preloaded. If you use a Debian-based Linux distribution, you can get ProxyChains by executing the following command on the terminal:
apt-get install proxychains
The first thing to do when configuring ProxyChains is edit the configuration file stored in /etc/proxychains.conf. The main configuration is selecting the mode. There are three modes in proxy chains, which you can enable on ProxyChains by uncommenting the desired mode in the configuration file:
Then, you can configure the list of proxy servers on the same file using the following format:
type host port [username password]
Once you have configured /etc/proxychains.conf with the desired proxy servers, it will look as follows:
socks5 192.168.67.78 1080 lamer secret
http 192.168.89.3 8080 justu hidden
socks4 192.168.1.49 1080
Once you have configured ProxyChains, you are ready to go. When you edit /etc/proxychains.conf with the proxy servers and the mode you desire (dynamic chain is the best mode to maintain anonymity), you can start using proxy chains with any program that you would like to use. It’s easy to redirect traffic using ProxyChains – you need to simply follow the following syntax:
proxychains [original command]
For example, let’s say you wanted to surf a website. Then, you need to execute the following command to redirect traffic through ProxyChains:
proxychains firefox packtpub.com
The following are some of the commands that you can execute to tunnel traffic through ProxyChains:
ProxyChains will tunnel the traffic through the chain of proxy servers that we configured by configuration file and mode.
The name Tor was derived from the privacy project managed by the naval research lab in the United States known as The Onion Router. The principle of The Onion Router is to maintain privacy through a number of encrypted layers and encapsulating data like in the layers of an onion. Inside the Tor network, there are a large number of sites known as <sitename>.onion that provide hidden services. The design of the Tor network facilitates anonymous web surfing by processing the traffic that goes into or goes through Tor network nodes, immediately relaying to the next destination without collecting or analyzing the destination or original sender. This design obfuscates the original source and the destination of the messages, providing a higher level of anonymity.
The Tor browser provides the easiest method for accessing the Tor distributed network. The installation of the Tor browser is straightforward. Once you download the browser from the original location provided earlier, you can easily install Tor on your device. Then, you can open Tor and access the internet just like any other browser, but Tor ensures anonymity by redirecting traffic through a chain of distributed proxies. The Tor browser has built-in security features to ensure security and privacy, such as disabling JavaScript and other mobile codes, automatic images, videos, and scripts. The Tor browser, including the additional software bundle, is developed and maintained by The Tor Project, which is a non-profit organization continuously carrying out research to improve anonymity in the face of newer developments.
The Tor browser provides access to the internet known as the searchable internet or surface internet – just like any other browser – but Tor also provides access to the unsearchable internet referred to as the dark web. According to research, the dark web has more sites and information than the searchable surface internet, which was primarily only accessible by the Tor browser. When compared to the dark web, the usual surface internet was referred to as the tip of the iceberg. Even though some legitimate sites are available on the dark web, including a lot of information related to scientific research, many of the sites on the dark web are said to be illegal sites that promote drugs, counterfeit money, child pornography, weapons, and other kinds of illicit material. Even hackers can be hired on the dark web for hacking assignments. Illegal activities take place because of the higher level of anonymity provided within the dark web.
Apart from the access to the dark side of the internet, Tor also provides many advantages to people who would need to maintain anonymity for ethical reasons. Sometimes, people need to maintain anonymity to prevent discrimination while accessing information as a part of their job. These special categories of users include the following:
Tor provides benefits for them by bypassing censorship and avoiding spying and information collection:
Figure 10.16: Tor tunnels traffic through relays
Tor provides privacy using a network of virtual tunnels on the internet by sending your traffic via three random relays (offered by servers maintained by volunteers around the globe known as relays). The last relay forwards traffic to the target via the public internet. As you can see in the figure, when using Tor, it sends the traffic through the computers in the middle and maintains encryption between the client and each relay. As you can see in the figure, it anonymizes the network connection and the IP address that you are connecting from.
However, while Tor was designed to provide security and anonymity, there have been some occasions where authorities revealed the real identities of the attackers even though they were using Tor. Even though the number of occasions where the authorities unmasked the identities is low, this shows that there is a possibility that attackers can be traced. This raises the question of how they can reveal people even if they use Tor when Tor has multiple layers to maintain anonymity. The answer is not hard; Tor provides network-level anonymity, as we discussed before, but there are many other layers still collecting your information, such as the OS and the applications that you use.
While Tor maintains a higher level of anonymity at the network layer, masking your IP, if you are using OSes that collect your information, or if you use your real information on the application, Tor cannot protect you. This is the reason we have discussed multiple layers of anonymity. When you need to maintain a higher level of anonymity, it’s essential to maintain anonymity at all the layers. For example, you need to use pseudonyms instead of your real name and shouldn’t be revealing your real location, as an IP address is not the only way of revealing your real location.
The reality is that a small clue is more than enough to reveal your entire identity. In particular, investigators can concentrate on behavior-based analysis from open source intelligence and collected information from the searchable internet, the dark web, and various sources that carry telematic information (information that is collected by OSes or applications). This can be used to build a sketch of the picture, adding little pieces of information and clues to it that reveal a real identity, even though this can be a cumbersome process. For this reason, we should maintain anonymity at all layers. Some systems can block Tor. You can use Tor bridges to access Tor in places where it’s blocked. In the Tor browser settings, you can configure a Tor bridge by requesting a bridge from The Tor Project, using a known bridge, or building a bridge through systems such as obfs4, Snowflake, or meek azure.
In the cyber world, censorship is the suppression of internet activities, including communicating and publishing information that can impact governments and repressive regimes. Then, governments or repressive regimes can force ISPs to enforce censorship. When the ISPs enforce censorship, these websites, services, or applications will not be accessible within these regions.
Internet censorship circumvention defeats censorship using various methods. These methods range from low-tech methods to complex methods depending on the technology that the ISP has to censor, using different services including the following:
Figure 10.17: Censorship circumvention using alternative IP
Figure 10.18: Censorship circumvention using hexadecimal encoding
Figure 10.19: Google cache copy of the Microsoft website
As you can see from the preceding figure, Google has cached a copy of the Microsoft website and kept it in Google cache servers. When the next snapshot is taken, Google will replace this copy with the latest snapshot.
If you use the Wayback Machine, it will keep multiple snapshots taken from time to time of the websites. You can access the Wayback Machine at https://archive.org/web/. Enter the site you wish to access and click on BROWSE HISTORY:
Figure 10.20: The WayBack Machine keeps over 7 billion web pages
Once you enter the website that you wish to access and press BROWSE HISTORY, it will show you the snapshots of the website taken over time. Then, you can select any snapshot you wish to view:
Figure 10.21: The Wayback Machine shows the saved snapshots
As you can see in the figure, the Wayback Machine shows all the snapshots taken over time. In this example, www.packtpub.com appeared on the internet for the first time in 2004. When you select 2006, it shows snapshots taken during the year in blue color circles. When you select the blue circle, it will even show you the time of the snapshot. When you select the required time, the Wayback Machine will load the snapshot. This method is useful to access content that is censored:
Once you have downloaded Psiphon, you can execute the program straight away without additional configuration and it will connect to a censorship-circumvention network. Additionally, you can select the region to which you want to connect, as Psiphon provides a list of servers from around the world:
Figure 10.22: Psiphon connects to a censorship circumvention network in Singapore
Psiphon is open source software where the source code is available in GitHub but it maintains all servers by itself. When it comes to privacy concerns in Psiphon, it uses cookies and shares access data with Psiphon partners who can see website visits and statistics. According to the privacy bulletin of Psiphon, it occasionally records usage-related data. When it comes to privacy and anonymity considerations, Psiphon may not be the best pick, as the objective of Psiphon is to provide censorship circumvention without drawing unwanted attention, as Psiphon uses common transport protocols. As we discussed, Tor is the best option when it comes to privacy and anonymity, but ISPs can detect if someone uses Tor.
As we discussed in the previous topic, Tor provides privacy and anonymity at the network level. In other words, maintaining privacy and anonymity cannot be achieved just by using Tor. We need to concentrate on various other layers if privacy and anonymity are our concerns. The main reason is our privacy is compromised at various layers not just at the network layer. The OS in particular collects information, from the time of logging in to the system to an entire set of activities. As a part of the OS, it creates temporary files, a cache, logs, and events for every activity we perform on the device. Depending on the OS, the amount of data collected can vary but typically, any OS which is installed on the device collects information for various reasons, including auditing, troubleshooting, and improving systems performance.
If you need to maintain the highest level of anonymity, you need to get rid of installed OSes and installed applications before you connect to the Tor network. Even though Tor protects you at the network level, your OS and installed application can still unmask you in cyberspace. We already discussed live OSes before and booting your device with a live OS without really installing it on the device. This prevents the creation of logs, events, and temporary files on the device. Especially to overcome the concern that we have with Tor, which is maintaining OS-level anonymity, we can use OSes such as Tails or Qubes OS, which support booting the systems using a USB drive without installing it in the device.
Tails is a portable OS, fully compatible with running on a USB stick in external hardware, which protects you from censorship and surveillance. Tails is also capable of protecting you from trackers and advertising. Tails on a USB can be used to start your computer instead of the installed OS and doesn’t leave any trace once the device is shut down. Tails comes with a bunch of applications that support maintaining privacy and anonymity and are ready to use. Tails is designed with security, privacy, and anonymity in mind – it will be ready to use with even default settings. Tails is a Linux Debian-based, free, and open source OS, which security researchers can always verify and validate its code against privacy and anonymity. Tails provides benefits for a range of users including the following:
You can download Tails from https://tails.boum.org/install/index.en.html – there are many options when it comes to downloading Tails, including the following:
Tails doesn’t support smartphones or tablets. When downloading Tails, you need to transfer an image to the USB drive. There are many tools that you can use to transfer a downloaded image to a USB drive, but Tails recommends you use balenaEtcher, which is a free and open source tool that you can download from https://www.balena.io/etcher/ depending on your OS. balenaEtcher is a cross-platform tool that can flash USB drives and create live SD cards and live USB sticks from .iso, .img, and even .zip folders. If you want to create a Tails virtual machine, you can skip balenaEtcher.
If you are using a virtual machine, you can boot Tails directly from the .iso file. Once you boot from Tails from the ISO file, it will prompt you with the welcome screen that allows you to select the language and keyboard layout, as with any OS. Then, you need to connect Tails to the network using the network connectivity option –if you are using a virtual machine, Tails will automatically connect using the available network. The next major step is connecting to the Tor network, as Tails traffic is redirected through the Tor network to maintain network-level anonymity:
Figure 10.23: The Tails OS needs to connect through the Tor network
Everything you do with the internet from Tails goes through Tor, which maintains network-level anonymity. As we know, Tor encrypts your internet traffic through three relays that are operated by volunteers around the world. There are two options in Tails to connect to Tor:
If you select the first option, Connect to Tor automatically (easier), Tails will enable another checkbox option, Configure a Tor bridge; Tor bridges are secret relays that can evade Tor restrictions. For example, some countries, universities, enterprise networks, or parental controls can block the use of Tor. In these scenarios, you can configure a Tor bridge or Tails will auto-direct to a Tor bridge if your connection is blocked and you need one. Then you can click Connect Tor to connect Tails to the Tor network. This will connect Tails to the Tor network and direct internet traffic through Tor.
If you are using any other OS, it will store the following:
When you use Tails, it will never write anything on your hard drive. Everything you do will remain in memory. When you shut down or restart Tails, everything will be removed, and Tails will always start from the same clean state. If you really wanted to store some data, you could create encrypted persistent storage on the USB stick where Tails operates. This option is available only if you need it.
Tails comes with a ready-to-use set of applications, which can be used with safe default settings to work on sensitive documents if required and communicate safely. These preconfigured applications include the following:
The default settings and the configurations of the applications that are readily available on Tails are safe to use even without additional configuration. For additional security, if any of the applications try to connect to the internet without Tor, the application will be automatically blocked by Tails.
When using Tails, every bit of communication goes through the Tor network. As we discussed before, Tor encrypts the traffic using three secure relays in different locations around the world. Relays are maintained by different volunteers and organizations around the world.
A single relay out of three relays participating in any communication in Tor doesn’t know all the information about the communication. When traffic is generated, the first relay only knows about the source of the traffic but not the destination of the traffic. Out of the three relays, the third relay only knows about the destination but not the traffic source. Since the traffic is encrypted using different keys from one relay to another, relays don’t really know much information about the communication.
When using Tails connected to Tor, it prevents online censorship and surveillance at multiple layers. This prevents someone from monitoring you and your activities on the internet. Even if you are from a region or country with heavy censorship enforced and even Tor blocked, you can still use Tor bridges to hide that you are connected to Tor. This completely prevents advertisers, trackers, and anyone who is monitoring you from tracing you unless you reveal yourself or your real identity on blogs or any online services. If you are using pseudonyms instead of real identities, online trackers won’t be able to trace you again. The best part is using Tails and Tor is completely free!
Previously, we discussed Tails, which provides privacy and anonymity at the OS and application levels. Since Tails connects to the internet through Tor, it also maintains anonymity at the network level. Qubes OS is a security-oriented OS that takes a different approach to providing security through isolation. Qubes OS is a free and open source distribution that provides desktop computing over virtualization powered by Xen. Qubes OS provides the ability to create and manage isolated compartments known as Qubes, leveraging Xen-based virtualization. Even Edward Snowden, an American former computer intelligence consultant who became popular in 2013 after leaking highly classified information from the American Security Agency, used Qubes OS for his work. You can download Qubes OS at https://www.qubes-os.org/downloads/.
As per the Qubes OS tagline itself on the Qubes home page, “a reasonably secure operating system,” it provides security through virtualization, using compartmentalization and integrated privacy features and allowing freedom. The approach taken by Qubes is virtualization, which provides security-over-virtualization. For example, in Qubes OS, you can run the same browser side by side on different security domains – while logged in to your account on one browser for a specific service, the other browser can work without logging in, as both browsers will run on different virtual instances where it creates two separate sessions on the same browser. The reason is both browsers are working on different domains with separate sessions, technically on separate virtual instances. In Qubes OS, separate virtual machines are used to separate and compartmentalize the environment. Technically speaking, it’s like running multiple virtual machines on the same environment, which is integrated by Qubes. For this reason, Qubes doesn’t support the live OS scenario that we discussed before and it would not be totally compatible to install Qubes on a virtual machine, as then it would be nested virtualization.
When it comes to maintaining anonymity and privacy, we cannot ignore VPN solutions. VPNs have been around for a long time, even before the internet was introduced. Before the internet was introduced, there was no common way to connect multiple networks. The only available option was to use someone else’s network that was already implemented to connect two networks. For example, let’s say you had a Local Area Network (LAN) in one geographical location and you had another LAN in a different geographical location. If you needed to communicate from one LAN to another since there was no internet at that time, you could use an already established network maintained by a different company, but the question was that even if the physical network was there, when you connected your LAN to it, the company owning the network could see the communication that you sent through it. To overcome this problem, traffic between one LAN and another LAN was encrypted so that the company providing the infrastructure to connect two LANs could not monitor the traffic. The term “secure VPN” was used for this type of solution.
When the internet was introduced, it provided a great way of not only interconnecting two networks but the same technology also allowing a device in one geographical area to connect to a LAN in a different geographical area through the internet securely. Since the connection was encrypted, they could use even the inherently unsecured public internet for this secure communication. A VPN extends a private network through a public network, which allows users to communicate securely as the VPN provides security, functionality, and management. Initially, VPNs were created by establishing point-to-point connectivity through dedicated circuits managed by different companies, but now, the same implementation can be done over the public internet using tunneling protocols. When using VPN solutions, you can configure different types of VPN solutions including the following:
Typically, in point-to-site VPN implementations, VPN servers are responsible for accepting requests coming from VPN clients. The VPN server has a public IP address to which VPN clients are initiating the connection. Clients usually need VPN client software to be installed on the client device unless the VPN configuration is native (for example, if you use a Microsoft server to configure as a VPN server, Windows clients have VPN client capability built-in and you don’t have to install any client software). A VPN client is configured with connectivity information such as the IP of the VPN server, tunneling protocol information, and authentication information.
Even though the classification of VPN solutions is into point-to-point and point-to-site, there are many other classifications of VPNs including the following:
When considering privacy and anonymity, this technology provides a range of benefits including the following:
There are many free and commercial solutions that can be used to maintain privacy and anonymity. We discussed the configuration of a free VPN solution known as OpenVPN in Chapter 7, Introduction to Cyber Anonymity.
VPN servers have a capability known as Authentication, Authorization, and Accounting (AAA), which means VPN servers are authenticating the requests, providing access only to the authenticated users, and keeping information about the connections. This means that even though VPN solutions have promising capabilities to improve privacy and anonymity, they also collect and keep information about the connections made. In a corporate environment, it is acceptable to keep a track of all the connections. When it comes to privacy and anonymity, this is a major concern. This capability varies depending on the solutions. Because of this, we need to look at solutions that do not collect or keep information about the connections if we are looking at maintaining anonymity.
As we discussed before, VPN servers or service providers perform authentication. This means they validate the users. Even though some of the VPN service providers claim that they provide complete anonymity, the reality is these service providers can see your IP addresses and your whereabouts, as you need to register on the service by providing your information and they can even keep this data in their logs. Some VPN service providers provide an acceptable level of privacy with strong encryption along with a no-logs policy. They won’t guarantee complete anonymity, but they ensure your online activities are kept secret. The best thing about VPN services is that they encrypt your traffic during communication, which enhances privacy even if you are connected to an untrusted public Wi-Fi network or even if your ISP is trying to monitor you. As we discussed before, privacy and anonymity are two different concepts and most VPN service providers use the term “anonymous” just to refer to providing a stronger VPN with zero logs, which actually means they provide privacy. However, the advantage is that even if surveillance agencies wanted to analyze the traffic, they wouldn’t be able to do that since the services aren’t maintaining any logs. If you want to be truly anonymous, it’s better to use a service such as Tor, as we discussed earlier in this chapter, rather than just a VPN solution.
Let’s look at some of the popular VPN solutions and evaluate how they improve privacy and anonymity. When comparing available solutions, you will understand which solutions are better in terms of maintaining privacy and anonymity. Since our main objective is to maintain privacy and anonymity, we need to consider whether these VPN solutions provide the following:
Considering these facts, let’s try to assess some of the popular VPN servers that claim to provide anonymity:
From the easy-to-manage user interface, you can select any VPN location that you want, with server clusters located in North America, South America, Europe, Asia, Africa, and Oceania from over 700 VPN servers. Each location is powered with top-of-the-line hardware for faster connection and better speeds. They have over 300,000 available IP addresses and over 70 server locations and guarantee that “no third party will ever have access to your privacy.”
ExpressVPN provides more promising features in terms of anonymity, as it allows users to pay for the subscription using cryptocurrency (for example, you can pay for an ExpressVPN subscription using Bitcoin). ExpressVPN supports cross-platform, as you can use ExpressVPN on Windows, mac, iOS, Android, Linux devices, and even routers and game controllers. ExpressVPN also supports a range of advanced features including the following:
Typically, VPN solutions don’t provide complete anonymity, but ExpressVPN provides a faster and more reliable VPN solution that completely conceals your online activities from governments, ISPs, or any surveillance agency trying to track you. While providing a promising set of features, ExpressVPN has the capability of obfuscating your traffic to conceal it from ISPs by disguising it as regular HTTPS traffic.
Apart from the preceding services offered by NordVPN, it also provides a set of advanced features including the following:
Thousands of servers around the world from undefined countries provide easy access to censored content regardless of where you live. PIA is completely open source, which makes it the most secure of all, as anyone can access and check the source code. PIA has built-in ad blocking that blocks ads, trackers, and malicious websites to provide users with a faster and safer internet browsing experience. PIA also supports a kill switch, split tunneling, which we discussed before, torrent support, and highly flexible settings, including support for various themes, OpenVPN encryption, obfuscation, and port forwarding. PIA has also proven its zero-log policy a couple of times even if the origin is the United States – in front of a United States court, it has been proven that PIA doesn’t collect any logs of the connections made by the users.
When concentrating on cyber anonymity, it is very important to understand the layers at which your information is collected and how they can be accessed by ISPs, governments, and other snoopers. We have discussed the different layers that collect your information. In the previous section, we discussed how important VPN solutions can be for cyber anonymity, but it can be challenging if snoopers can get information from VPN solution providers, as they can see your activities from the logs that are maintained by them. The best solution for this is logless or zero-log VPN services. The reason is that if the VPN service is not collecting logs, no one, not even VPN solution providers, will not know your activities on the internet. Even in the worst case, if law enforcement wanted to analyze your activities while you were on the VPN connection, they would not be able to do so, as there are no logs whatsoever collected by the VPN solutions provider if they maintain a zero-log policy. Some of the VPN service providers even audit their services on zero-logs policy using independent and public audits. Some VPN service providers have proved during court cases that they never collect logs.
The tricky part is that even though some VPN service providers claim that they don’t collect logs, they still keep logs. Because of this reason, before selecting a VPN service provider, you should check whether they conduct independent audits against their zero-log policy, whether they have any mechanism for leak protection, where their services are offered from (as an example, we already discussed Switzerland has strong jurisdiction to protect privacy), and whether they have services such as a kill switch feature to automatically suspend the connection when the VPN is disconnected. Some service providers even keep the services in volatile memory, meaning they never write anything onto hard drives. Importantly, when subscribing to these services, if the users are given the option to make payments using cryptocurrency such as Bitcoin, this will be a definite advantage when maintaining anonymity. Otherwise, users must reveal their real identity to the VPN service provider along with credit card payment information, which will provide the option for them to validate the real whereabouts of the users and compromise anonymity.
We discussed how an OS runs on a USB connected to Tor and can provide anonymity at multiple layers, taking Tails as an example. The idea is to understand how to battle at multiple layers to maintain anonymity in the preying eyes of attackers. There are various options available to ensure anonymity at multiple layers. Apart from the Tor chain proxies, we discussed how VPN solutions can be effective and useful in this regard, especially VPN solutions with zero-log policies. When you look at the multiple layers that we have to consider when maintaining cyber anonymity, you must be thinking it’s cumbersome. If a layman or a basic user wanted to maintain anonymity on the internet without much of a technical background, how would they maintain and configure all this before connecting to the internet?
To provide an answer to this question, there are easy-to-use free OSes available for such scenarios that come with secure default configuration, easy-to-use graphical user interfaces, and no additional configuration required to maintain cyber anonymity at multiple layers. The best example is Whonix, which is a security-hardened OS designed to provide anonymity on the internet.
Whonix is a security distribution based on Kicksecure. Kicksecure is a security-hardened Debian-based Linux distribution that provides better protection from malware attacks. You can download Whonix, which is an easy-to-use and beginner-friendly open source distribution, from here: https://www.whonix.org/wiki/Download.
The main objective of Whonix is to provide stronger privacy and anonymity for users with any knowledge level. In particular, they are trying to keep Whonix an easy-to-use, beginner-friendly, and free OS to overcome all the obstacles we discussed before to being protected and anonymous when surfing the internet. The Whonix website home page provides an interesting comparison between Whonix and VPNs with regard to privacy and anonymity and shows how secure Whonix is when compared to the VPNs that we discussed. Other than hiding your IP address, which is a unique identifier when you access the internet commonly supported by both Whonix and VPNs, Whonix provides a range of safety features in a single OS that most of the VPNs don’t provide:
Figure 10.24: Comparison between the Whonix OS and VPN solutions
Whonix supports a range of additional privacy and anonymity features that VPNs don’t, including the following:
Whonix is available on a range of platforms, including Windows, macOS, Linux, Debian, Kicksecure, VirtualBox, Qubes, USB, and KVM.
There are two options to select when downloading Whonix as beginner-friendly:
You can select any of these Whonix versions depending on your requirements. Let’s say we’ve chosen the Windows user version with the GUI Xface beginner-friendly version. This will download the Whonix.ova (Open Virtual Appliance) file. Once you have downloaded the .ova file, you can import it to VirtualBox. VirtualBox is a free, general-purpose full virtualization platform powered by Oracle. Installing and configuring VirtualBox is like the VMWare workstation that we discussed before. VirtualBox can be downloaded from https://www.virtualbox.org/wiki/Downloads for free. Let’s say you have installed VirtualBox on your device. Then, you can import Whonix.ova directly to VirtualBox using VirtualBox Manager. Open the VirtualBox menu, click on Import, select Whonix-XFCE-16.0.5.3.ova, and click Open. Once open, you can change the hardware configurations if required, and this will import two virtual systems:
Figure 10.25: Importing Whonix to VirtualBox
First, you need to start Whonix-Gateway, as it will be routing all the traffic to the Tor network. You can start Whonix-Gateway by simply double-clicking on it. When starting Whonix-Gateway for the first time, it will prompt you to configure how you want to connect your Whonix box to the internet. You cannot use Whonix-Gateway to access the internet, as browsing is disabled on Whonix-Gateway by default:
Figure 10.26: Whonix-Gateway settings to connect the Whonix workstation to the Tor network
There are three configuration options as you can see. The first option is the best for most scenarios where it will connect Whonix-Gateway directly to the Tor network. The second option to configure will be useful if Tor is censored and blocked and you need to use Tor bridges, as we discussed in the previous section. The last option is to disable Tor, but it will prompt you next time on how you want to connect. This configuration can be changed later by just running Anon Connection Wizard under the System tab in the Whonix menu. Once you click Next, Whonix-Gateway will connect to the Tor network to provide a higher level of anonymity.
Then, you need to start Whonix-Workstation by double-clicking on it, as browsing is disabled in Whonix-Gateway:
Figure 10.27: Whonix-Workstation hides your whereabouts completely
Whonix-Workstation also comes with a range of apps that are preconfigured with the relevant security settings to ensure application-level anonymity, including the following:
These tools are pre-installed in Whonix-Workstation, which is ready to use. When you are using Whonix, it protects you from a range of snooping and information gathering at multiple layers. Whonix is a great, free, open source, less complex solution that can be even used by a beginner without much technical knowledge, as Whonix looks after all the layers that we discussed, maintaining privacy and anonymity with the support of the Tor network.
In this chapter, we discussed the tools and techniques that can be used to maintain cyber anonymity, using proxy chains and anonymizers and taking Tor as an example, using censorship circumvention, taking Psiphon as an example, using a live OS, with Tails as an example, a range of VPN solutions and how VPN solutions can protect your privacy, and logless services, with Whonix as an example.
After this chapter, readers will understand what proxy chains and anonymizers are and improve their knowledge on censorship circumvention, understand how live OSes maintain anonymity and how they work, understand how VPN techniques work and maintain cyber anonymity, and finally, understand how to use logless services to maintain cyber anonymity.
Cyber anonymity is very essential, as most devices, applications, and browsers collect information on every single activity that you perform in cyberspace. Once you know how to maintain cyber anonymity, depending on what your objective is, it will be helpful to perform tasks without disclosing your information. The objective of this book is to give you enough of an understanding to work with the internet and internet-connected devices safely by maintaining cyber anonymity. This book not only provides conceptual knowledge and understanding but also tools that can be used to maintain cyber anonymity.