Staying anonymous in the internet jungle
Is it possible?
The opening passage to True Names, a novella written by noted science fiction author Vernor Vinge nearly 25 years ago, delivers an eerily prescient summary of modern Internet usage.
"In the once upon a time days of the First Age of Magic, the prudent sorcerer regarded his own true name as his most valued possession but also the greatest threat to his continued good health, for - the stories go - once an enemy, even a weak unskilled enemy, learned the sorcerer's true name, then routine and widely known spells could destroy or enslave even the most powerful."
Criminals pursuing identity theft, phishing scams, and spam rings are running rampant on the internet. Just a few years ago our major concerns were more to do with securing servers and avoiding virus outbreaks. Now anonymity and protecting one's information has become paramount.
Anonymity on the Internet is a heated subject. It's also amazing the cross section of interested parties, too. We have the old-school cypherpunks, and the hacker community on both sides of the law. There are teams of lawyers, and of course, governments everywhere trying to protect the average person's anonymity and privacy. And then we have the average internet user himself, bombarded with alerts and warnings but is unsure what he should do.
If you ask me, the problem started with Caller ID. All joking aside, this now ubiquitous technology really opened our eyes at the time to the concepts of identity and location. Fast forward past all the war-dialing and the insecure, open networks of yesteryear. With pervasive broadband access, one's IP address is virtually his Caller ID. It begs the question: is anonymous internet usage even possible? The answer of course is, it depends.
I wrote a SecurityFocus article on IP spoofing over two years ago, and to this day I still get many emails about it. It causes a lot of confusion, especially for non-technical users because the casual term "IP spoofing" seems to imply a technique that hides one's IP address. As we know, this isn't the case. It's relatively easy to modify the bits of an IP packet encapsulating some other protocol, specifically the source address. However, this also means the modifier cannot receive a response, since a fake source address is used. Therefore, IP spoofing cannot be used to effectively protect one's identity on the Internet. It works wonders for attacks like Denial of Service floods and passive fingerprinting techniques during network scans, but doesn't add much to our debate on anonymity.
Proxies and chaining
One of the most popular methods for protecting an identity would be the use of a proxy. A proxy is something that acts as a buffer for communications between two machines. Many companies use web proxies to monitor employee access, filter restricted content, improve performance via caching and protect the internal network. These might be transparent proxies, where the user does not even know their content is being watched.
Virtually any network application, such as the web, FTP, SSH or email can communicate through a proxy. Several companies sell anonymous proxy services, primarily for web surfing, aimed at people looking to obscure their identity without the hassle of setting up and maintaining a server. There are also several free proxies open to the public, generally geared towards privacy groups. However these machines tend to be unstable, slow and are constantly changing.
The catch-22 with any proxy are the log files. While the destination machine never sees the client it is truly interacting with, the proxy certain does and records this interaction in a log file. Several commercial companies and the public proxies promise anonymity and claim to destroy log files, however, it's nearly impossible to guarantee or verify such claims. And there have been multiple instances of court orders issued for proxy logs that were supposedly destroyed.
Taking this approach further, many people employ proxy chains, using multiple proxies that further obscure their identity. Instead of a single proxy, they might use six, each one making it increasingly more complex to trace back. This approach is as old as the Internet itself, but it's still quite effective. It's very similar to a cracker who might have shell accounts on a dozen compromised machines. He logs into machine 1, then connects to machine 2 and so on, until he is using a shell 12 links down the chain. Such chaining techniques make it extremely difficult for investigators to determine the true identity of an end user. Malicious hackers often employ chains spanning several countries, using the differing legal complexities of various nations to create an impenetrable wall of red tape. Even with a legal army and the government on your side, tracing an attack through such a maze is a nearly impossible task.
The next generation of privacy and anonymous services lies in a concept known as onion routing. Combining aspects of proxies, peer-to-peer networking and encryption, onion routing looks to create a method for virtually any application to communicate securely and anonymously via the internet.
Conceived in 1996 and now in its second generation of design, the most popular implementation of the onion routing concept is Tor. Initially funded by the US Navy, it works as follows. An initiator obtains a list of nodes via a centralized server. A path to the destination is randomly generated, and each server in the path only knows where the request came from and where it is going. Individual encryption keys are negotiated at each point.
The beauty of the Tor design is that the content, source and destination of a message are protected at all points in the link. No single machine can see beyond where it received a message from and where it is forwarding it to, it can only peel away one layer - hence the term 'onion' routing. Someone analyzing the traffic could only acknowledge that communication is taking place, but what or between whom remains completely protected. It's extremely difficult to track someone using Tor.
The problem with Tor is that complaints about performance are common. I'm not sure how usable it is for regular surfing because of this, and of course it might be rendered ineffective by sites that use free IP-to-country filtering, if the site is extensively filtering by country and the final node in the routing list is in a banned country. But this is unlikely for most sites, and since the project is still relatively new it should scale to handle increased bandwidth as more people offer up their computer resources so that nodes come online. Unfortunately, many ISPs would seek to restrict such usage from their customer accounts.
My favorite way to stay anonymous is also one of the easiest – simply by using unsecured wireless hotspots. They're everywhere. They're useful and convenient in coffee shops and restaurants for people doing legitimate work, but honestly if someone wanted to attack a network or communicate anonymously (although not necessarily securely), this is the easiest way. A quick drive through virtually any metropolitan area will reveal hundreds of open networks, some by design, others by negligence. The majority of these networks operate using inexpensive SOHO routers with minimal logging capabilities, and they are virtually never monitored. The only real identifying component would be a MAC address.
Why is privacy important?
A vocal minority always claims that one must be doing something wrong if he prefers to remain anonymous. That's most often not the case and it troubles me when people employ such reasoning. There will always be those who abuse certain privileges or liberties, but those few cannot ruin an entitlement for the rest.
There are many factors why privacy is important. First there are repressive governments that forbid access to certain sites, censor the internet, and then track users who show interest in particular topics. There are people who want to tell the truth without fear of repercussion, such as corporate whistleblowers and bloggers. There are intelligence needs, in both corporate and government sectors. But most importantly, we live in an age where our names, social security numbers, phone numbers, dates of birth, buying habits, credit reports, demographics and surfing tendencies are traded like commodities amongst big companies. We all knew this day was coming, the information age has been upon us for some time. But even in these digital times, it remains our right to protect our privacy, our identities, our true names.
Copyright © 2005, SecurityFocus
Matthew Tanase is president of Qaddisin, a services company providing nationwide security consulting.