Hi guys.
Lately I have become increasingly suspicious of the internet. Its no longer what it use to be. Every one tracks, monitors, and gathers your information and habits. Social media sites are notorious for this. From a forensics point of view, a quick look on someones computer can tell you their browsing habits, reveal user names to sites such as this, and possibly divulge passwords.
So I would like to share a couple of things that I do to help keep me an anonymous browser. Help keep my computer clean of cookies and history's and add a layer of privacy to my browsing.
First off, I use a laptop for everything. It runs OpenSUSE linux but a lot of things are applicable to windows users too.
My first thing I would like to share is "stop using internet explorer". It really is the most disgusting browser I have ever used. The last thing you want is to be undone by a cheap trick javascript exploit. I am not saying these don’t exist in firefox or chrome. There has historically been more public exploits for i.e. Myself, I use firefox because I like the range of add-ons and the security can be set to a paranoid level.
Because I use firefox I will tell you how I have it set up.
FireFox
-------------------------------------------------------------------------------------------
First thing I do is go to Edit -> Preferences -> Privacy tab
Tick the box that says "Tell web sites I do not want to be tracked"
Under the History header set firefox to "Never Remember History"
Also, When using the location bar, Suggest: Nothing
This will put firefox into an ultra paranoid state. Many users may find this irritating but you get use to it pretty quickly. Firefox will now no longer actively remember where you have visited and what your username was. You'll have to type in your user/pass to all sites manually but consider the alternative:
Your laptop falls into the hands of your adversary (LEO). He manages to fire up your browser and also finds your history. Oh look he visited icmag yesterday. He navigates to ICMAG and in the user/pass field he can see your online identity. A quick search for that username at ICMAG reveals your activity has run over the course of 5+ years. Complete with photos and grow logs. Even if you tell Firefox not to remember you at that site. Cookies on your hard drive can reveal your identity.
Add-On's:
There are a heap of privacy add-on's for firefox. Two that I have installed at the moment are "Ghostery" and "BetterPrivacy".
Ghostery: What a gem of an add-on. Ghostery has a whole heap of tracker sites registered. It is AMAZING to see how many sites try to track your online activity. Most are relatively harmless, but a computer forensic officer could use these to get a profile of your online activity. They serve YOU no purpose. They are just for advertising companies so I suggest you block them all. Click on Ghostery icon -> Options -> Select all -> save (Don't forget to save, its at the bottom of the page)
BetterPrivacy: There are also flash cookies. Not everyone knows about these. You might delete your cookies religiously or use FF settings to do it automatically but there is also another technique called flash cookies. These are hidden better and currently are not removed by any of the major browser's when you delete cookies. They're like a super cookie. BetterPrivacy can help you with these
-----------------------------------------------------------------------------------------------------------
So besides your browser what else can you do?
Well there is a free piece of brilliant software you can use for Hard Drive Encryption. Its called TrueCrypt and is available for Windows and for Linux. I love this program and I use it to encrypt anything that may be a little suspect. For example: I encrypt my entire portable hard drive. This I use to keep all my porn in case I ever lose it and a child finds it or something. I can also throw my personal information, and pictures onto it. It takes a while to encrypt the volume but once its done you can "mount" it in linux as a normal file system and read/write to it at normal speeds with the knowledge that once you unmount it its nice and secure. Same goes for a windows system. You fire up the truecrypt software, choose your encrypted device and once you put in your password truecrypt will give you a virtual drive you can read/write to at normal speed.
You don't need a portable hard drive however. Or a USB thumb drive. You can create an encrypted file on your existing hard drive and mount that the same way.
One other COOL AS SHIT thing you can do with truecrypt is encrypt your entire windows installation. This is not yet functional with linux but it is with windows and this is great because its easy to boot with a CD and crack or clear windows SAM passwords. This would allow anyone to log into your user account (or administrator) in windows and view your data/history etc. With TrueCrypt you can encrypt the entire device and install the truecrypt boot manager which will ask you for your password to unencrypt and boot to windows. This would also stop people from removing your hard drive and mounting it on another operating system to view your unencrypted data.
Oh! and another thing. You can set up the boot manager to boot to something completely stealth like "Missing operating system" or other error message. This would give the impression that the computer is faulty and only a correct password would continue the boot process. Of course this will only fool an untrained eye as the presence of the TrueCrypt boot manager would show something else is up.... If you know how what your looking for...
My final paranoid tip:
SSH Tunnels: I am lucky enough to have access to a few off shore nix/BSD servers. It is possible to create a secure encrypted SSH tunnel to these boxes and have them fetch your web traffic for you. What would the advantage of this be you might ask. Well, if your being watched at your ISP level or even at an upstream providers level then all they will see is traffic over SSH. All encrypted. I've noticed that some of my American friends are worried over something called the Patriot Act. I dont know what this is but I can only guess. Having a server in a country other than your own does add another layer of security in my eyes.
In firefox do this:
Edit -> Preferences -> Advanced -> Network Tab -> Settings
Select "Manual Proxy Configuration"
Set Socks Host = "localhost" and Port = "8080" (or another free port on YOUR computer)
Also, enter "about:config" into your address bar and hit enter.
toggle network.proxy.socks_remote_dns to true (this sends DNS requests through your SSH connection too)
At this stage, firefox is ready to use your tunnel. Windows users will have to download and use Putty to set up their SSH tunnel but linux users can issue the following command in a terminal window.
woody@linux-0hhk:~> ssh -C2qTnN -D 8080 woody@admin.woody.com
Password: ***********************************
Leave this window open and use your browser as normal.
Notice that I used 8080. If you set up firefox to use a different port then use that number instead.
If you don't have access to a server which is off shore you may be interested in looking up the TOR network. Its unencrypted so it offers no protection if you're being watched but it will provide a layer of protection if the site you are visiting is being watched as your IP address will be masked. There is a TOR add-on for firefox but I find it slow and a solid connection is very hard to find. Also, I would not log into anything through the TOR network as it is more vulnerable than most methods to a man in the middle attack. Also, you might want to look up the cost of a good virtual server. You can use the SSH tunnel method with a virtual server too and they are not very expensive.
So that is about all I can say at the moment. I am really hoping other people will chime in with their paranoid methods of security. I am open to criticisms so if you think one method is weak or can be improved I would love to hear from you.
I'm very interested in peoples thoughts about the direction social media is headed with google recently adjusting its privacy policy. Also interested in any thoughts on Android privacy issues seeing as its a google product.
And for a good google alternative I suggest everyone have a look at duckduckgo.com. They dont track you, or bubble your search results (read links at the bottom of their page).
Peace - out
Lately I have become increasingly suspicious of the internet. Its no longer what it use to be. Every one tracks, monitors, and gathers your information and habits. Social media sites are notorious for this. From a forensics point of view, a quick look on someones computer can tell you their browsing habits, reveal user names to sites such as this, and possibly divulge passwords.
So I would like to share a couple of things that I do to help keep me an anonymous browser. Help keep my computer clean of cookies and history's and add a layer of privacy to my browsing.
First off, I use a laptop for everything. It runs OpenSUSE linux but a lot of things are applicable to windows users too.
My first thing I would like to share is "stop using internet explorer". It really is the most disgusting browser I have ever used. The last thing you want is to be undone by a cheap trick javascript exploit. I am not saying these don’t exist in firefox or chrome. There has historically been more public exploits for i.e. Myself, I use firefox because I like the range of add-ons and the security can be set to a paranoid level.
Because I use firefox I will tell you how I have it set up.
FireFox
-------------------------------------------------------------------------------------------
First thing I do is go to Edit -> Preferences -> Privacy tab
Tick the box that says "Tell web sites I do not want to be tracked"
Under the History header set firefox to "Never Remember History"
Also, When using the location bar, Suggest: Nothing
This will put firefox into an ultra paranoid state. Many users may find this irritating but you get use to it pretty quickly. Firefox will now no longer actively remember where you have visited and what your username was. You'll have to type in your user/pass to all sites manually but consider the alternative:
Your laptop falls into the hands of your adversary (LEO). He manages to fire up your browser and also finds your history. Oh look he visited icmag yesterday. He navigates to ICMAG and in the user/pass field he can see your online identity. A quick search for that username at ICMAG reveals your activity has run over the course of 5+ years. Complete with photos and grow logs. Even if you tell Firefox not to remember you at that site. Cookies on your hard drive can reveal your identity.
Add-On's:
There are a heap of privacy add-on's for firefox. Two that I have installed at the moment are "Ghostery" and "BetterPrivacy".
Ghostery: What a gem of an add-on. Ghostery has a whole heap of tracker sites registered. It is AMAZING to see how many sites try to track your online activity. Most are relatively harmless, but a computer forensic officer could use these to get a profile of your online activity. They serve YOU no purpose. They are just for advertising companies so I suggest you block them all. Click on Ghostery icon -> Options -> Select all -> save (Don't forget to save, its at the bottom of the page)
BetterPrivacy: There are also flash cookies. Not everyone knows about these. You might delete your cookies religiously or use FF settings to do it automatically but there is also another technique called flash cookies. These are hidden better and currently are not removed by any of the major browser's when you delete cookies. They're like a super cookie. BetterPrivacy can help you with these
-----------------------------------------------------------------------------------------------------------
So besides your browser what else can you do?
Well there is a free piece of brilliant software you can use for Hard Drive Encryption. Its called TrueCrypt and is available for Windows and for Linux. I love this program and I use it to encrypt anything that may be a little suspect. For example: I encrypt my entire portable hard drive. This I use to keep all my porn in case I ever lose it and a child finds it or something. I can also throw my personal information, and pictures onto it. It takes a while to encrypt the volume but once its done you can "mount" it in linux as a normal file system and read/write to it at normal speeds with the knowledge that once you unmount it its nice and secure. Same goes for a windows system. You fire up the truecrypt software, choose your encrypted device and once you put in your password truecrypt will give you a virtual drive you can read/write to at normal speed.
You don't need a portable hard drive however. Or a USB thumb drive. You can create an encrypted file on your existing hard drive and mount that the same way.
One other COOL AS SHIT thing you can do with truecrypt is encrypt your entire windows installation. This is not yet functional with linux but it is with windows and this is great because its easy to boot with a CD and crack or clear windows SAM passwords. This would allow anyone to log into your user account (or administrator) in windows and view your data/history etc. With TrueCrypt you can encrypt the entire device and install the truecrypt boot manager which will ask you for your password to unencrypt and boot to windows. This would also stop people from removing your hard drive and mounting it on another operating system to view your unencrypted data.
Oh! and another thing. You can set up the boot manager to boot to something completely stealth like "Missing operating system" or other error message. This would give the impression that the computer is faulty and only a correct password would continue the boot process. Of course this will only fool an untrained eye as the presence of the TrueCrypt boot manager would show something else is up.... If you know how what your looking for...
My final paranoid tip:
SSH Tunnels: I am lucky enough to have access to a few off shore nix/BSD servers. It is possible to create a secure encrypted SSH tunnel to these boxes and have them fetch your web traffic for you. What would the advantage of this be you might ask. Well, if your being watched at your ISP level or even at an upstream providers level then all they will see is traffic over SSH. All encrypted. I've noticed that some of my American friends are worried over something called the Patriot Act. I dont know what this is but I can only guess. Having a server in a country other than your own does add another layer of security in my eyes.
In firefox do this:
Edit -> Preferences -> Advanced -> Network Tab -> Settings
Select "Manual Proxy Configuration"
Set Socks Host = "localhost" and Port = "8080" (or another free port on YOUR computer)
Also, enter "about:config" into your address bar and hit enter.
toggle network.proxy.socks_remote_dns to true (this sends DNS requests through your SSH connection too)
At this stage, firefox is ready to use your tunnel. Windows users will have to download and use Putty to set up their SSH tunnel but linux users can issue the following command in a terminal window.
woody@linux-0hhk:~> ssh -C2qTnN -D 8080 woody@admin.woody.com
Password: ***********************************
Leave this window open and use your browser as normal.
Notice that I used 8080. If you set up firefox to use a different port then use that number instead.
If you don't have access to a server which is off shore you may be interested in looking up the TOR network. Its unencrypted so it offers no protection if you're being watched but it will provide a layer of protection if the site you are visiting is being watched as your IP address will be masked. There is a TOR add-on for firefox but I find it slow and a solid connection is very hard to find. Also, I would not log into anything through the TOR network as it is more vulnerable than most methods to a man in the middle attack. Also, you might want to look up the cost of a good virtual server. You can use the SSH tunnel method with a virtual server too and they are not very expensive.
So that is about all I can say at the moment. I am really hoping other people will chime in with their paranoid methods of security. I am open to criticisms so if you think one method is weak or can be improved I would love to hear from you.
I'm very interested in peoples thoughts about the direction social media is headed with google recently adjusting its privacy policy. Also interested in any thoughts on Android privacy issues seeing as its a google product.
And for a good google alternative I suggest everyone have a look at duckduckgo.com. They dont track you, or bubble your search results (read links at the bottom of their page).
Peace - out
- smooch it MS.
