MAGAZINE
How to stay anonymous online

In this extract from Index on Censorship's Autumn issue, Mark Frary looks at some of the tactics you can use to remain safe and invisible when browsing

11 Oct 2016
BY MARK FRARY
CREDIT: ra2studio / Shutterstock

CREDIT: ra2studio / Shutterstock

Securing your connection

Activists in countries where the web is heavily censored and internet traffic is closely monitored know that using a virtual private network or VPN is essential for remaining invisible.

A VPN is like a pair of curtains on a house: people know you are in but cannot see what you are doing. This is achieved by creating an encrypted tunnel via a private host, often in another country, through which your internet data flows. This means that anyone monitoring web traffic to find out persons of interest is unable to do so. However, the very fact that you are using a VPN may raise eyebrows.

An increasing number of VPNs promise truly anonymous access and do not log any of your activity, such as ExpressVPN and Anonymizer. However, access to some VPN providers is blocked in some countries and their accessibility is always changeable.

Know your onions

One of the internet’s strengths is also one of its weaknesses, at least as far as privacy is concerned. Traffic passes over the internet in data packets, each of which may take a different route between sender and recipient, hopping between computer nodes along the way. This makes the network resilient to physical attack – since there is no fixed connection between the endpoints – but also helps to identify the sender. Packets contain information on both the sender’s and recipient’s IP address so if you need anonymity, this is a fatal flaw.

“Onion” routing offers more privacy. In this, data packets are wrapped in layers of encryption, similar to the layers of an onion. At each node, a layer of encryption is removed, revealing where the packet is to go next, the benefit being that the node only knows the address details of the preceding and succeeding nodes and not the entire chain.

Using onion routing is not as complicated as it may sound. In the mid-1990s, US naval researchers created a browser called TOR, short for The Onion Routing project, based on the concept and offered it to anyone under a free licence.

Accessing the dark web with the Tor browser is a powerful method of hiding identity but is not foolproof. There are a number of documented techniques for exploiting weaknesses and some people believe that some security agencies use these to monitor traffic.

Put the trackers off your scent

Every time you visit a popular website, traces of your activity are carefully collected and sifted, often by snippets of code that come from other parts of the web. A browser add-on called Ghostery (ghostery.com) can show you just how prevalent this is. Firing up Ghostery on a recent visit to The Los Angeles Times website turned up 102 snippets of code designed to track web activity, ranging from well-known names such as Facebook and Google but also lesser known names such as Audience Science and Criteo.

While some of this tracking has legitimate uses, such as to personalise what you see on a site or to tailor the ads that appear, some trackers, particularly in countries where there are lax or no rules about such things, are working hard to identify you.

The problem is that trackers can work out who you are by jigsaw identification. Imagine you have visited a few places on the web, including reading an online article in a banned publication and then flicking through a controversial discussion forum. A third-party tracker used for serving ads can now learn about this behaviour. If you then subsequently log into another site, such as a social network, that includes your identity, this information can suddenly be linked together. Open-source browser extensions such as Disconnect (disconnect.me) offer a way to disable such trackers.

Use the secure web

A growing number of popular websites force visitors to connect to them securely. You can tell which ones because their addresses begin with https rather than http. Using https means that the website you are visiting will be authenticated and that your communications with the site are encrypted, stopping so-called man-in-the-middle attacks – where a malicious person sits between two people who believe they are communicating directly with each other and alters what is being communicated. Google, as well as using https for both Gmail and search, is also encouraging other websites to adopt it by boosting such sites up the search rankings.

Rather than remembering to check you are using https all the time, some people employ a browser extension created by the Electronic Frontier Foundation and the Tor Project called HTTPS Everywhere  to do it for them. It is available for Chrome, Firefox and Opera and forces browsers to user https versions of sites where available.

Hide your fingerprints

Traditional identification methods on the web rely on things like IP addresses and cookies, but some organisations employ far more sophisticated techniques, such as browser fingerprinting. When you visit a site, the browser may share information on your default language and any add-ons and fonts you have installed. This may sound innocuous, but this combination of settings may be unique to you and, while not letting others know who you are, can be used to associate your web history with your browser’s fingerprint. You can see how poorly you are protected by visiting panopticlick.eff.org.

One way to try to avoid this is to use a commonly used browser set-up, such as Chrome running on Windows 10 and only common add-ins activated and the default range of fonts. Turning off Javascript can also help but also makes many sites unusable. You can also install the EFF’s Privacy Badger browser add-on to thwart invisible trackers.

Mark Frary is a journalist and co-author of You Call This The Future?: The Greatest Inventions Sci-Fi Imagined and Science Promised (Chicago Review Press, 2008)

This article is  from the Autumn issue of Index on Censorship Magazine. You can order your copy here, or take out a digital subscription via Exact Editions. Copies are also available at the BFI, the Serpentine Gallery, MagCulture, (London), News from Nowhere (Liverpool), Home (Manchester), Calton Books (Glasgow) and on Amazon. Each magazine sale helps Index on Censorship continue its fight for free expression worldwide.

From the Archives

The privacy issue, the May 2000 edition of Index on Censorship magazine.

Anonymous now

May 2000

Surfing through cyberspace leaves a trail of clues to your identity. Online privacy can be had but it doesn’t come easy, reports Yaman Akdeniz.

4.-2007-Winter

Evasion tactics

November 2007

Nart Villeneuve provides an overview of how journalists and bloggers around the world are protecting themselves from censorship.

Brave New Words: The Spring 2010 issue of Index on Censorship magazine

Tools of the trade

March 2010

As filtering becomes increasingly commonplace, Roger Dingledine reviews the options for beating online censorship.

The unnamed

The autumn 2016 Index on Censorship magazine explores topics on anonymity through a range of in-depth features, interviews and illustrations from around the world.

With: Valerie Plame Wilson, Ananya Azad, Hilary Mantel

Subscribe

In print, online. In your mailbox, on your iPad.

Subscription options from £18 or just £1.49 in the App Store for a digital issue.

Every subscriber helps support Index on Censorship’s projects around the world.

SUBSCRIBE NOW

Mark Frary

Mark Frary is a regular contributor to Index on Censorship magazine,The Times and Sunday Times. His latest book on cryptology, Codes, is due out later this year
Mark Frary

Latest posts by Mark Frary (see all)

Comments are closed.