Overview of ways to stay anonymous online
It so happens sometimes that fantastic and espionage plots turn out to be not only the fruit of the author's sick imagination, but the real truth. More recently, some paranoid film about the total surveillance of a person by the state was perceived as another fairy tale, a game of the imagination of the author and screenwriters. Until Edward Snowden released information about PRISM, a user tracking program adopted by the US National Security Agency.
Cause for concern
After such news, jokes about paranoia have become completely irrelevant. And talking about surveillance can no longer be attributed to a shattered psyche. A serious question arises, is it worth feeling safe using your mail or communicating on a social network or chat? After all, many large companies have gone to cooperate with the special services: Microsoft (Hotmail), Google (Google Mail), Yahoo!, Facebook, YouTube, Skype, AOL, Apple. Given that PRISM was primarily aimed at spying on foreign citizens, and the volume of intercepted telephone conversations and electronic messages, according to some estimates, reached 1.7 billion per year, it is worth seriously considering how to protect your privacy from prying eyes.
Tor
The first reaction to the news about PRISM was the same for many: we will not allow ourselves to be monitored, we install Tor. This is, perhaps, actually the most popular tool, which we have talked about more than once on the pages of our magazine. It was also created by the American military, though for completely opposite purposes. Such is the irony. Users run Tor software on their machine that works as a proxy, it "negotiates" with other network nodes and builds a chain through which encrypted traffic will be transmitted. After some time, the chain is rebuilt and other nodes are already used in it. To hide information about the browser and the installed OS from prying eyes, Tor is often used in conjunction with Privoxy, a non—caching proxy that modifies HTTP headers and web data, allowing you to preserve privacy and get rid of annoying ads. In order not to climb through the configuration files and not to edit all the settings with handles, there is a wonderful GUI shell - Vidalia, available for all operating systems and allowing you to lift the door to the anonymous world on your PC in a couple of minutes. Plus, the developers tried to simplify everything as much as possible by providing users with one click to install Tor, Vidalia and a portable version of Firefox with various security addons. For secure communication, there is a decentralized anonymous messaging system — TorChat. The Tortilla utility is used for secure, anonymous and transparent redirection of all TCP/IP and DNS traffic through the Tor anonymizer network. The program allows you to anonymously run any software on a Windows computer, even if it does not support SOCKS or HTTP proxies, which was previously almost impossible to do under Windows. In addition, for the standard Tor+ bundle Vidalia + Privoxy there is a worthy alternative - Advanced Onion Router bit.ly/ancXHz, portable-a client for "onion routing". For those who are particularly concerned about their security, there is a Live CD distribution that is configured to send all traffic via Tor out of the box, — bit.ly/e1siH6 .
The main purpose of Tor is anonymous surfing plus the ability to create anonymous services. However, you have to pay for anonymity with speed.
I2P
In addition to "onion routing", there is also "garlic routing" used in I2P. Tor and I2P, with some external similarities, largely implement diametrically opposite approaches. In Tor, a chain of nodes is created through which traffic is transmitted and received, and in I2P, "incoming" and "outgoing" tunnels are used, and thus requests and responses go through different nodes. These tunnels are being rebuilt every ten minutes. "Garlic routing" implies that a message ("garlic") may contain many "cloves" — fully formed messages with information on their delivery. In one "garlic" at the time of its formation, many "cloves" can be laid, some of them can be ours, and some are transit. Whether this or that "clove" in "garlic" is our message, or it is someone else's transit message that passes through us, only the one who created "garlic" knows.
The main task of I2P, unlike Tor— is anonymous hosting of services, and not providing anonymous access to the global network, that is, hosting websites on the network, which in I2P terminology are called eepsites.
Pre-installed Java is required for I2P software to work. All management is carried out through the web interface, which is available at 127.0.0.1:7657. After all the necessary manipulations, you need to wait a couple of minutes until the network is configured, and you can use all its hidden services. In this case, we got anonymous access to the I2P network, that is, to all resources in the .i2p domain. If you want to access the global network, it is enough to simply register the use of the proxy server 127.0.0.1:4444 in the browser settings. The output from I2P to the global network is carried out through certain gateways (called outproxy). As you know, it is not necessary to count on a huge speed in this case. Plus, there is no guarantee that no one will sniff your traffic on such a gateway. Is it safe to host your anonymous resource on the I2P network? Well, no one can give a 100% guarantee of security here, if the resource is banally vulnerable, it will not be difficult to determine its true location.
GNUnet
What about secure and anonymous file sharing? For this purpose, you can resort to the help of GNUnet bit.ly/hMnQsu - a framework for organizing a secure P2P network that does not require centralized or any other "trusted" services. The main goal of the project is to create a reliable, decentralized and anonymous information exchange system. All nodes of the network work as routers, encrypt connections with other nodes and maintain a constant level of load on the network. As with many other solutions, nodes actively participating in the network are served with a higher priority. To identify objects and services, a URI is used, which looks like brunet://module/identifier, where module is the name of the network module, and identifier is a unique hash identifying the object itself. An interesting feature is the ability to configure the level of anonymity: from zero (not anonymous) to infinity (by default, it costs one). For secure transfer, all files are encrypted using ECRS (An Encoding for Censorship-Resistant Sharing - encryption for censorship-resistant file sharing). GNUnet is extensible, and new P2P applications can be built on its basis. In addition to file sharing (the most popular service), there are alternative services: the simplest chat, which is now in a semi-dead state, as well as distributed DNS. Well, as usual, you have to pay for anonymity: high latency, low operating speed and sufficiently high resource consumption (which is typical for all decentralized networks). Plus, there are backward compatibility issues between different versions of the framework.
RestroShare
RestroShare bit.ly/cndPfx — this is an open cross-platform program for building a decentralized network on the principle of F2F (Friend To Friend), using GPG. The basic philosophy is to share files and communicate only with trusted friends, and not with the entire network, which is why it is often referred to as darknet. To establish a connection with a friend, the user needs to generate a pair of GPG keys using RetroShare (or select an existing one). After authentication and exchange of an asymmetric key, an SSH connection is established using OpenSSL for encryption. Friends of friends can see each other (if users have enabled this feature), but they cannot connect. This is how a social network turns out :). But you can rummage folders between friends. There are several communication services on the network: private chat, mail, forums (both anonymous and with regular authentication), voice chat (VoIP plug-in), channels like IRC.
Mikrotik
In fact, Raspberry Pi is not the only small device on the basis of which you can organize anonymous access to the Network. A decent alternative to it will be a router from the Latvian company MikroTik, which is engaged in the production of network equipment and software for it. Such a device will cost a little more expensive, but will require less fuss when setting up. RouterOS products include a Linux-based operating system designed for installation on MikroTik RouterBoard hardware routers. Various variants of RouterBoard platforms allow you to solve various network tasks: from building a simple access point to a powerful router. Despite the presence of a power connector, almost all devices can be powered using PoE. A big plus is the availability of good documentation http://bit.ly/jSN4FL , which describes in great detail how you can create a security router based on RouterBOARD4xx by connecting it to the Tor network. It will not stop there, everything is described in great detail here.
Browser Addons
Most of the time on the Web is not spent on Skype conversations or social networking, but on simple surfing. But even here we are not left unattended. Social networks and other sites are trying to track which resources you visit, what you are looking for on the Web, so that they can then stuff you with ads on similar topics (as soon as I looked at one laptop once, it immediately started popping up everywhere in Google ads). This quickly becomes annoying and distracts from the main search. Anyway, we don't go online to show someone what we're looking for. So we have to deal with this somehow.
Disconnect
One of the best plugins that allows you to hide from advertising surveillance, available for Firefox, Chrome, Opera and Safari browsers. On the official website, you can watch a funny animated video demonstrating how some sites monitor users and prevent them from focusing on the search. After installing this extension, a button will appear on the toolbar, when clicked, a drop-down window will be displayed, and it will clearly show how many "left" requests (from Google, Twitter, Facebook, analytical and advertising sites) were blocked when entering this page. And also how much the page loading time was reduced and how much traffic was saved.
Adblock Plus
Another way to track the user (and also often the spread of malware) is advertising. And let most of the banners are quite harmless, but agree that a lot of animations and pop-ups are not only annoying, but also distract attention from the information you are looking for. To disable ads in Firefox, Opera and Chrome, it is enough to install the Adblock Plus extension.
DoNotTrackMe
DoNotTrackMe can serve as an alternative to the popular Disconnect, which also supports all popular browsers. The interface of both extensions is very similar. However, unlike a more advanced competitor, DoNotTrackMe gives the right to choose to block a particular spy site to the user himself. This approach is useful for those who want to leave everything as it is, blocking only some violators.
Ghostery
Another extension that allows you to block resources trying to track your location on the Network. It has a large database of "spying" sites. Unlike colleagues on the shop floor, it supports IE. Unfortunately, the plugin, although functional, has not been updated for a long time. You can download it on the official website.
Summing up
These are just the most popular solutions that allow you to somehow protect your privacy from the prying eyes of Big Brother. Perhaps new technologies will appear in the near future, or we will all actively use one of the ones discussed today. Who knows... Whatever it is, it is important to always remember that no solution is ever able to give a 100% guarantee of security. Therefore, do not feel completely safe by installing Tor, I2P or something else — many have already paid for the feeling of false security.