Monday, November 29, 1999

Anonymity - a healthy dose of paranoia

Monday, November 29, 1999

I can see you hiding in the shadows over there and so can the logs of all the web sites, FTP servers and other nooks and crannies you visit online. The sort of information gathered by these logs and made available to the webmasters of the sites you visit includes the address of the referring web site, your IP address, your computer's ID name, your physical location and the name of your ISP along with less personal details such as the operating system you're using and your screen resolution. If someone was snooping through your dustbin or surreptitiously tracking your every move to gather information on consumer trends, you wouldn't be too chuffed would you? Well the web is no different - it's still an invasion of privacy and a threat to security and you don't have to put up with it.

Proxy servers

Every time you visit a web site, detailed information about your system is automatically supplied to the webmaster. This information can be used by hackers to exploit your computer or can be forwarded to the market research departments of corporations, who by tracking your activities on the internet are better equipped to pelt more relevant spam at you. Your best defense against such chicanery is to use what is known as a 'proxy server'. These are designed to conceal revealing information from the web sites you visit, allowing you to surf the web anonymously. Proxy servers work by altering the way in which your browser retrieves web pages or connects to remote servers. With a proxy server set up, whenever you ask your browser to fetch a web page, the request is first channeled through an external server - one that is completely independent of your ISP's servers. This third party server then does the requesting on your behalf making it appear that the request came from them rather than you. The upshot of this maneuver is that your real IP address is never disclosed to the sites you visit. There is nothing to download and the whole process takes less than a minute.

There are two different ways you can use proxy servers. The first method is to use a web based service. This involves visiting the proxy's home page each time you want to browse a web site anonymously. The core component of such a system is the dialog box where you enter the address of the web site you wish to visit. Each time you surf the net in this manner, your personal identifying information is encrypted making it indecipherable to its recipient allowing you to preserve your anonymity. Two of the best examples of this type of web based proxy service are Proxify and W3 Privacy. Clearly one disadvantage of using a web based service is that you have to visit the proxy's home page each time you want to surf anonymously. The second main 'con' is that you often have to put up with extra adverts on the pages you visit. These are automatically inserted by the proxy script - they have to pay for the service somehow after all. Note that more sophisticated and convenient solutions are usually made available by free web based proxy server providers if you don't mind paying a premium.

The second method you can use to protect your privacy via a proxy server involves adjusting the settings of your web browser. This will allow you to surf anonymously without having to visit the home page of your proxy at all. To do this you will first need to know the name of your proxy server and the port number it uses. This information can be gleaned from either a public proxy server list or the FAQ referring to a private subscription based service. To achieve this with Internet Explorer, for example, once you have the name of the proxy server you wish to use, select 'Internet Options' from the 'Tools' menu of your browser. Now choose 'Connections' followed by 'Settings' and tick the 'use a proxy server' check box. To finish the job all you have to do now is enter the name of the server in the 'address' box, the port it uses in the 'port' box and go forth and surf anonymously.

Free, manual proxy servers as advertised on anonymity sites, if you can find one at all, are likely to be highly oversubscribed, and as a result the speed at which they retrieve web pages can leave a lot to be desired. One work-around would be to set off in pursuit of a public proxy server list and select an alternative from it. To locate such a list you can investigate dmoz's hand-picked selection of proxy collation sites. Not that this strategy is caveat-free either - before you get too carried away and go jumping on the anonymity bandwagon there are a few things you should be aware of. It's very easy to use proxies to protect your privacy, but often the disadvantages of using them far out weigh the benefits. You see, the problem is that like the proxy servers provided by Rewebber et al, free, public proxy servers are nearly all oversubscribed and so can slow down web browsing considerably. Unearthing fast, reliable proxy servers is an art form in itself - one which takes considerable practice to perfect. If you have abundant time and patience you could find a list of public proxy servers and then experiment with each one until you strike gold. Instead, your search would be much more efficient if you arranged for a dedicated program to carry out this task for you. There are literally dozens of proxy seeking programs available capable of doing just that, and many of them are available as freeware. What these do is scan the internet for public proxy servers and test them for speed and anonymity (not all of them are truly anonymous, even if they claim to be!). Once you find one to match your requirements you can select it as your default proxy with the click of a button.

The best thing about using an automated tool to locate proxy servers is that you do not have to keep editing your proxy settings manually each time you wish to try out a new one. Instead, what you do is enter 'localhost' or '' into the 'address' box and '8088' into the 'port' box of your browser's proxy settings menu and then forget about it. All future proxy switching is then orchestrated from within your proxy seeking software, which subsequently relays the information to your browser or whatever type of application you are attempting to make anonymous. For those of you who are curious, 'localhost' and the IP address '' are the names by which every computer on the internet refers to itself.

Free proxies are fine for a quick and dirty shoehorn into the world of online anonymity, but if you're really serious about protecting your privacy and aren't ecstatic about continuously having to switch servers you'd be best advised to invest in a dedicated, stable proxy such as the ones offered by Ultimate Anonymity.

Before splashing out though it may be worth checking if your current ISP has a proxy server of its own you can use. These aren't there to help you to commit cyber crimes and get away with it; they actually have a legitimate purpose as well - otherwise they wouldn't exist. Let me explain: proxy servers were originally designed to help speed up web page loading times. Proxy servers contain a cache of all the web pages that have been requested by anyone utilizing the proxy. When someone surfs the web using a proxy, the proxy first checks to see if it already has a copy of the web page stored in its cache. If this version of the page is bang up to date it is sent to your computer and appears in your browser. If the page found in the cache of the proxy server is older than the one stored on the server hosting the page, a new request to the web server is made and the page is updated in the cache of the proxy before being relayed to you. Because these servers use very fast internet connections they can retrieve web pages at much greater speeds than you can via your modest home setup. If these servers are located physically nearer to your home than the web host servers you wish to retrieve web pages from, the speed at which you browse the web will be accelerated.

One last important point you need to be aware of before jumping in with both feet is that different programs have to be setup in different ways before being able to make external connections via a proxy server. For example, you can surf the web anonymously by modifying the settings in Internet Explorer or Firefox as explained earlier in this tutorial, but this will only affect your web browser. If you then used Flash FXP to transfer your web site from one server to another or to distribute your latest home brew movie, you wouldn't benefit from the potential speed boost engineered by the proxy server. What you have to do is enter the name of the proxy server into each application you wish to make anonymous before making any external connections. This can usually be done by browsing through the preferences of your program to see if there is a 'use proxy server' option available.


You have little to fear from the edible variety, but the digital ones can be a major threat to your security and privacy. A cookie is a tiny text file (usually less than 1kb in size), which is created and stored on your hard drive whenever you visit a dynamic (or an interactive if you like) web site. These are used to log your personal details so that you can access members-only areas of web sites without having to re-type login details, or to retain your customized preferences for future use. If you're using a shared computer, anyone who visits the same site that you have previously logged into can access your accounts. This can be particularly worrying if you have entered your credit card details into a form on an e-commerce site. If your browser is set to automatically fill in these details whenever you return to a previously visited site, this information could be clearly visible - you don't need me to explain the problems this could entail.

The solution is to delete any cookies containing sensitive data once you have completed your transactions. Your cookies will be stored in a different place depending on which operating system you are using so you will have to use your detective skills to find them. As an example, in Windows XP they are located in your 'c:\Documents and Settings\Kylie Minogue\Cookies' directory (that is if your name is Kylie Minogue. Mine isn't in case you're wondering). If you peer into this directory, in some cases it is easy to identify which cookie is associated with which web site. In other cases it's not so obvious. The cookie created when you visited to check your email may be called kylie minogue@yahoo.txt for example. Unfortunately some cookies refer to the IP address of the site you visited and so look more like kylie minogue@ These cookies can be selectively deleted one at a time if it's obvious which ones are causing a threat to your security, or you can just wipe out the whole lot in one fell swoop and have them recreated as and when they are required. However, if you're really struggling to find your cookie jar, you could delete them via your browser's tool bar instead. In Internet Explorer this can be done through the 'Tools' > 'Internet Options' menu items. In Firefox cookies can be managed by navigating through the following menus: 'Preferences' > 'Privacy' > 'Cookies'.

If all this sounds like too much hassle you can always find a labour saving application which will be happy to take the job off your hands. These 'cookie crunching' programs allow you to be more selective when editing, viewing and deleting cookies from your system, and some of them will even prevent cookies from being created in the first place.


Nope, that's not safe either! Each time you send an email, an ID header is attached to it and sent along with your message. This header contains your IP address, your computer's name (did you even know it had one?), the name of the client used to send the message amongst other less crucial information. If you sent a nasty email to someone, all they would have to do to track you down and get their revenge is find out your IP address from the header of your email and then launch an attack. The moral of this story is obvious - don't send nasty emails to people! Or if you really must, make sure you use a proxy server. If you've already arranged for Internet Explorer to connect to the net via a proxy server, Outlook Express will also be protected because they share the same settings. However, if you're using a different browser and/or email client you may have to set your proxy options independently for each application - so using IE does have some advantages after all!

Another way to protect yourself when sending email is to use an anonymous email address rather than the one provided by your ISP. In fact, this isn't just a recommendation, it's a necessity. What you should do is sign up for an account at Yahoo or Hotmail and then have all your mail forwarded to your real address, or simply check your free account using the web interface provided. So what's wrong with giving out your real address? Well, if you tell someone to get in touch with you using the address for example, they will instantly know that your ISP is Freeserve. They could then go along to the Freeserve home page and look you up in the user database to find out your full name and address. Worse still is the fact that many ISPs will pass their user's contact information onto independent database listing companies such as Info Space, Big Foot and Who Where. If possible it would be wise to have these entries removed altogether. Otherwise you will just have to make do with just using your anonymous email account.

Even if you're using a free pop 3 email account, your real IP address will still be included in the headers of every message you send. If you're very security conscious you may want to prevent people from seeing these headers by making use of what is known as a remailer. Whenever you send an email through a remailer, it is first sent to various random mail servers before being dispatched to the final recipient using the anonymous Mixmaster remailer system. Although the process can take up to 12 hours, your messages will be encrypted and all trace of your IP address and computer ID will be removed from the headers granting you complete anonymity. While you can send anonymous messages in this way using your email client, it is much simpler to go along to a web based remailer and relay your message from there. If you wanted to send an email which requires a reply while maintaining your anonymity, what you would do is type your Yahoo or Hotmail email address into the 'from' box. On the other hand, if you do not require a reply you can enter any address here and the message will still arrive safely. Some remailers will even allow you to enter fake information into the header section to confuse the recipients of your messages even further! A similar service is offered by Advice Box who also provide the means to receive anonymous replies without revealing an email address of any kind.

If you suspect that miscreants might be able to intercept your email, a good way to bring the shutters down on their prying eyes is to use a Pretty Good Privacy (PGP) key. This is fundamentally a ridiculously long password no-one could possibly decipher in a million years (well not without a NASA ninja PC anyway!). To make use of PGP you would encrypt any messages you wish to send and then (in a separate email) selectively forward the PGP key used to decrypt the message to anyone who is on your 'trusted' list. Unless the recipients of your messages have this key in their possession they will not be able to make sense of your correspondence - all they will see is gobbledegook ascii characters.

Yet another option is to sign up for a free email account with Hush Mail. Hush Mail supports both web mail and the pop 3 protocol used for sending mail via your email client, and protects your anonymity by scrambling the headers of all the messages you send so as to ensure that they cannot be traced back to your computer.


Fairly recently it came to light that certain shareware and freeware programs contain modules capable of monitoring your activities on the net and then sending the information they gather back to the producer of the software! Many of the programs you assume are completely free are actually being funded by the revenue generated from the sale of your personal information to market research companies. As if that wasn't bad enough, there are also rumours circulating to suggest that it is this spyware causing many of the operating system crashes experienced whilst surfing the net. Obviously we're not going to take this lying down. The solution is to use a spyware remover to eradicate the dubious files responsible for this invasion of privacy. More often than not this causes the programs utilizing these files to cease functioning. Who cares? Why would you want to use software made by such unscrupulous snoopers anyway when there are plenty of 'clean' alternatives available? People are literally falling over themselves to create anti-spyware programs at the moment so they shouldn't be too difficult to locate. Some do nothing aside from look pretty. Others are actually spyware or malware delivery mechanisms masquerading as anti-spyware tools. One you can certainly trust unreservedly is Ad-Aware. This is the number one spyware removal tool recommended by those in the know.

Another option is to make sure that whatever software you install contains no spyware before you download and run it. You can do this by typing the name of the software into the spyware lookup database at Spy Checker. If clean file sharing clients are what you seek, try searching Google using the keywords "Dr Damn" and "clean clients".

The full monty

I can't promise you naked men, sorry. I'm talking about all-in-one utilities used to cover your tracks both on and offline. Typically if someone comes up with a great idea it's replicated many times over until you become completely lost in an ocean of seemingly identical products. Well fear not, I'm here to separate the wheat from the chaff, to steer you towards those worthy of a closer look. Window Washer is one program which stands head and shoulders above the competition. It excels at both preserving your privacy and conserving disk space by automatically cleaning up your browser's cache, cookies and history. It also spruces up the Windows document menu, temp directory, recycle bin, ICQ history, and much more. You can even define your own list of files, folders and registry entries and then have them swept clean at periodic intervals.

Another exceptional program that springs to mind is Evidence Eliminator. This security tool eliminates all evidence (you'd never have guessed would you?) from your PC in a single click of a button. According to the web site blurb, "in tests, Evidence Eliminator defeats forensic analysis software as used by investigators, law-enforcement etc." and what's more, "it protects you from unwanted data becoming permanently hidden in your PC." Furthermore it includes 'Stealth Mode' invisibility and securely under-writes your existing files to defeat forensic hardware analysis. I'd dread to think what you might have been using your computer for if you have to go to these lengths to cover your tracks, but nevertheless this program seems to be the best of the breed so if you can find a use for it, go fetch! You won't be disappointed.

I suppose I should really conclude this tutorial by saying something mature and responsible. OK, well I'll give it my best shot - cyber crime isn't big and it's not clever girls and boys so don't do it. Do you think that covers it? Seriously though, all this information isn't intended to provide the means to allow you to get away with hacking into other people's computers. In fact it's here to serve as the antithesis to such malicious activities - to reveal the ways in which you could be hacked so that you are better prepared to counteract other people's attempts to hack you.


◄Design by Pocket, BlogBulk