Categories
Website design By BotEap.comDifferent needs and different threat models lead to misunderstandings between people. Let’s say you want to leave the most anonymous comment possible on a social network. What do you need for it? VPN? Hill? Do you have SSH tunnel? Well, it is enough to buy any SIM card and a used phone from the nearest store, then go a considerable distance from where you live, insert one into another, post your message and sink the phone. You have fulfilled your mission 100%.
Website design By BotEap.comBut what if you don’t want to leave a unique comment or hide your IP address from some site? What if you want such an advanced level of anonymity that it constitutes the most intricate puzzle with no room for any tricks at any level? And also hiding the very fact of using anonymity tools on the go? This is what I’m going to talk about in this article.
Website design By BotEap.comPerfect anonymity is above all a dream, like everything is perfect. But that doesn’t mean you can’t get close enough. Even if identified with the fingertips of the system and other means, it may still remain indistinguishable from the mass of general Web users. In this article I will explain how to achieve it.
Website design By BotEap.comThis is not a call to action, and the author in no way calls for illegal actions or violation of the laws of any state. Consider it just a fantasy about “if I were a spy.”
Website design By BotEap.comBasic protection level
Website design By BotEap.comThe basic level of protection and anonymity looks roughly like this: client → VPN / TOR / SSH tunnel → destination.
Website design By BotEap.comActually, this is just a slightly more advanced version of a proxy that allows you to substitute your IP. This way you will not achieve any real or quality anonymity. Just a wrong or default setting in the notorious WebRTC, and your real IP is revealed. This type of protection is also vulnerable to node compromise, fingerprints, and even simple log analysis with your provider and data center.
Website design By BotEap.comBy the way, there is a general opinion that a private VPN is better than a public one, since the user trusts their system settings. Consider for a moment that someone knows your external IP. So you know your data center too. Therefore, the data center knows the server to which this IP belongs. And now imagine how difficult it is to determine which real IP is connected to the server. What if you are the only customer there? And if they are numerous, for example 100, it becomes much more difficult.
Website design By BotEap.comAnd this is not to mention that few people will bother to encrypt their disks and protect them from physical deletion, so they will hardly notice that their servers reboot with initialization level 1 and activate VPN logs with the excuse of “minor technical difficulties. in the data. center “. Also, it is not necessary even in things like this, because all the incoming and outgoing server addresses are already known.
Website design By BotEap.comSpeaking of Tor, its use itself can raise suspicions. Second, the outgoing nodes are only around 1000, many of them are included in the block list and they are not valid for many sites. For example, Cloudfare introduces the ability to enable or disable Tor connections through a firewall. Use T1 as the country. Also, Tor is much slower than VPN (currently Tor network speed is less than 10 Mbit / s and often 1-3 Mbit / s).
Website design By BotEap.comSummary: If all you need is to avoid showing your passport to everyone, avoid simple site locks, have a fast connection and route all traffic through another node, choose a VPN and it better be a paid service . For the same money, you will get dozens of countries and hundreds and even thousands of outgoing IP addresses instead of a VPS with only one country that you will have to painfully configure.
Website design By BotEap.comIn this case, it doesn’t make much sense to use Tor, although in some cases Tor will be a decent solution, especially if you have an extra layer of security like VPN or an SSH tunnel. More on this below.
Website design By BotEap.comMedium protection level
Website design By BotEap.comA medium protection level looks like an advanced version of the basic one: client → VPN → Tor and variations. This is an optimal working tool for anyone who is afraid of IP spoofing. This is a case of synergy when one technology strengthens the other. But make no mistake. While it is really difficult to get your real address, you are still vulnerable to all the attacks described above. Your weak chain is your workplace, your work computer.
Website design By BotEap.comHigh level of protection
Website design By BotEap.comClient → VPN → Remote Workplace (via RDP / VNC) → VPN.
Website design By BotEap.comYour work computer shouldn’t be yours, but a remote machine with, say, Windows 8, Firefox, a couple of plugins like Flash, a couple of codecs, and no unique fonts and other plugins. A boring and simple machine indistinguishable for millions of people. In case of any leak or compromise, you will still be covered by another VPN.
Website design By BotEap.comTor / VPN / SSH / Socks was previously believed to allow a high level of anonymity, but today I would recommend adding a remote workplace to this setup.
Website design By BotEap.comPerfect
Website design By BotEap.comClient → Double VPN (in different data centers, but close to each other) → Remote workplace + Virtual machine → VPN.
Website design By BotEap.comThe proposed scheme consists of a primary VPN connection and a secondary VPN connection (in case the first VPN is compromised due to some leak). It serves to hide ISP traffic in order to hide the address of your real ISP in the data center with a remote workplace. Next, a virtual machine is installed on the server. I guess you understand why a virtual machine is so vital – go back to the more standard, banal system with a standard set of plugins after every download. And this should be done at a remote workplace instead of a local one, because people who used a virtual machine locally in conjunction with TripleVPN once opened an IP check site and were very surprised to see their real and real IP address on the “WebRTC” field. I don’t know and I don’t want to know what software some developer will develop tomorrow and install in their browser without their concern. So don’t think about it and don’t store anything locally. Kevin Mitnick found out 30 years ago.
Website design By BotEap.comWe have tested this configuration, the delays are significant even if you configure everything correctly in terms of geography. But these delays are tolerable. We assume that the user will not place the servers on different continents. For example, if you physically reside in New York, put your first VPN also in New York, the second in Mexico, etc., your remote workplace in Canada, and the final VPN, say, in Venezuela. Do not put different servers in the euro zone as those governments cooperate closely, but on the other hand, do not separate them too far from each other. Neighboring countries that hate each other would be the best solution for your chain;)
Website design By BotEap.comYou can also add automatic background website visiting from your real machine, thus mimicking web browsing. This dispels the suspicions that you use some anonymity tools because your traffic always goes to a single IP address and through one port. You can add Whonix / Tails and connect over a public Wi-Fi network in a cafe, but only after changing the network adapter settings, which could also lead to its deanonymization. You could even change your appearance so that you are not visually identified in the same cafe. You can be identified by various means, from your coordinates in a photo captured by your phone to your writing style. Just remember that.
Website design By BotEap.comOn the other hand, most people are perfectly suited to an anonymizer, but even our anonymizer, after all our efforts to make it useful, is still lacking in terms of browsing experience. Yes, a normal VPN is a normal and suitable solution to avoid simple blocks with a decent speed. Do you need more anonymity and are you willing to sacrifice some speed? Add Tor to the mix. I want something else? Do the above.
Website design By BotEap.comFingerprints, like efforts to detect VPN use, are very difficult to bypass due to the time it takes to send packets from the user to the website and from the website to the user’s IP address (regardless of blocking only from specific incoming requests). You can cheat on a check or two, but you can’t be sure that a new “nightmare” won’t show up overnight. This is why you need both a remote workplace as well as a clean virtual machine. So this is the best advice you can get right now. The cost of such a solution starts from just $ 40 a month. But keep in mind that you only need to pay with Bitcoin.
Website design By BotEap.comAnd a little epilogue. The main and most important factor in your success in achieving true anonymity is separating personal and secret data. All the tunnels and intricate schemes will be absolutely useless if you log into, for example, your personal Google account.
Website design By BotEap.comBe anonymous!
