The other day, a guy I work with asked me about maintaining his privacy on the internet and if there was a way to mask his IP address. This seemed to be a good topic for a post, especially with my recent lack of ideas for the blog.
First off, masking your IP address is a concept, not a technology. There is no way that you could write a program on your machine to make it appear to others that you were originating from a different IP. What you need is an intermediary to take your requests and then make them on your behalf. In other words you need a proxy.
There are several proxy servers available on the internet. Some available proxies are simply corporate proxies that are miss configured and allow public incoming traffic, while others are free or pay for use services designed solely to protect your privacy. Either way, I don’t trust them.
Honey pots are a wonderful, time tested tactic in the world of security. If I was the government and wanted to know what someone who doesn’t want me to know what they are doing on the internet, then I’d set up a proxy server and advertise it to my intended audience. But the one I use is in Russia! Yeah….ok….the feds can’t set up a proxy server in Russia….you’re safe pal. Even if it is an innocent miss configured corporate proxy server and not a honey pot, you have no idea what type of logging they are doing or if they have been compromised and are now being actively monitored.
If you were to set up your own proxy server and configure it properly, then you could trust it. However, now you leave yourself vulnerable to timing attacks, where someone could monitor the incoming and outgoing traffic. Part of the security a proxy server gives you lies in the amount of volume which passes through it. If it’s your proxy and only you use it, then there is now a one to one relationship between your requests and the proxy server’s requests. You could open it up to others, but then how would they ever be able to trust you. If you watch “The Scene”, you know that even within a tight group of internet miscreants, you can’t even trust your partners in crime, so how can you possibly trust someone you don’t know advertising a free proxy?
Your best bet is to use Tor. Tor is The Second Generation Onion Router. I will not go into too many details on how Tor works (you can find a very good explanation here), but I will say the strength of its security lies in the fact that you are passed through several routers and each one only knows where it got a communication from and where it’s sending it to. No one router can be compromised which would reveal the true source of a communication. It is still possible for a timing attack to be launched against the server, but this is far more remote of a possibility than with a proxy server.
It is fairly simple to configure your machine to use Tor. You can download it from here and there are very good instructions for installing and configuring it here. You will also need to use Privoxy in combination with Tor so A) your browser will use the Tor network, and B) it changes your HTTP headers to prevent you from accidently leaking your DNS info. The Tor installation instructions will step you through the setup of Privoxy as well.
Privoxy is a local proxy server (read it does not mask your IP address by itself) that scrubs HTTP requests and responses. It prevents cookies, malicious scripts, and other such items. You can think of it as a pop-up blocker on steroids. It will however break certain sites, but the documentation is thorough and it’s fairly simple to allow certain actions from certain sites (all you have to do is change the text based configuration files).
The combination of Privoxy and Tor definitely leads to a poor user experience when surfing the net. Tor will slow down and add significant latency and Privoxy will again, break most sites. I personally have one machine I use for browsing the internet and another for securely browsing the internet. It’s not that I am doing something illegal on one vs. the other, but more of what I need to do. If I want to do some shopping, read controversial material (read hackers’ sites), do some online banking, etc. then I will use the secure box. If I want to do some coding and use MSDN Online, read blogs, play a little Battlefield 2, etc. then I will use my main, insecure box.
About the only thing you can’t do with Tor is use Peer to Peer networks such as Bittorrent. While technically possible, you would have a hard time seeding (which is a requirement in most torrent networks) and getting good download speeds for leaching. Your best bet is if you don’t want to be caught doing anything illegal is not to do it at all (I know, I know, it’s the same advice they gave you in sex ed). Other than that, you can try protecting yourself the best you can. First off, don’t engage in high risk activities. If you see in the news that there is outrage due to Star Wars III being released, stay as far away from it as possible until things die down. Especially stay away from items that have not been released to the general public yet as this is a much more severe felony. You can also try using something like Peer Guardian. DO NOT TRUST Peer Guardian to completely protect you. All it does is block your machine from engaging in TCP/IP sessions with KNOWN banned IP addresses. The list of banned addresses range from government to ad-ware organisations and is constantly evolving. It will prevent you from contacting a known honey pot and downloading material that is part of a sting operation, but it does not prevent the torrent tracker from giving this same banned IP your IP. The banned IP will not be able to contact you, but now they can be fairly certain you have the content and are sharing it with others.
No Bit torrent site is safe, but some are safer than others. Ones with controlled lists of members are generally better than open public trackers. Even with a controlled member list though, anyone could be a mole. Again, I strongly urge you not to do anything illegal. The only reason I am providing you with this information at all is because I have no sympathy for the media industry as a whole.
There is no other industry where the rights of the consumer are so lacking and it’s simply tragic. They want to be able to produce absolute crap like Gigli or Man of the House and make money off of it. No refunds folks, we tricked you into paying for it fair and square. They also want to force us to use certain mediums. It’s a new, high-tech world, and we need more options. I absolutely detest movie theaters and will probably never go to one for the rest of my life. I have seen maybe 3 movies at a theater in the past 5 years. I don’t know if my absolute hatred of theaters comes from the fact you have to listen to 15 year old kids’ witty banter (i.e. “No way!”, “Like totally”, etc.) in the multiple long lines before the movie, paying $12 for twenty cents worth of sugar, water, corn, and artificial preservatives when I rather have a nice steak, walking on floors that try to steal your shoes, sitting in chairs from a recent hobo convention, waiting for the lights to go down so the infants can begin crying in unison, debating about how bad you really have to go to the bathroom and how long it would take only to learn once you commit that you have gum on your ass which blows your whole time table and ruins a $40 pair of jeans, or missing the punch line to a joke because some idiot was laughing way to hard at the setup. What the hell, let’s just say my hatred comes from all of them. I wait until movies come out on DVD. I’ll rent it, watch it, and either return it to Netflix within 15 minutes of starting the movie, struggle through the end, enjoy the movie, or really enjoy the movie and purchase the DVD so I can watch it again at my leisure.
Call it theft, sticking it to the man, or innocent use of technology, but I think it’s a good thing for the consumer. Look at how the music industry has changed. If I like a song, I can purchase it and play it on an MP3 player. I don’t have to pay $20+ for a whole CD because I liked 1 song and feel screwed because the artist phoned in the other 8 tracks….or worry about my car being broken into and having my CD case stolen again….or try to remember if “Let It Bleed” was number 28 or 47 in the CD changer....