anonymous browsing

Anonymous browsing and online privacy

October 31, 2020

Anonymous browsing isn’t just for criminals. More and more people are raising awareness for online privacy because they don’t want big corporations tracking their every digital step.

The importance of privacy

The web has become a generic platform and takes a serious place in our everyday lives. Several life-like transactions can be done on the web such as browsing items in a web shop, executing financial transactions, booking hotel rooms, while users require a high level of privacy, meaning as strong as they were committing these actions in real life.

However, privacy on the web is not as strong as it is assumed to be. Browsing on webshops for items, or reading magazines online should be done anonymously if desired, but in many cases, users are being observed and information is collected for profiling purposes. In some cases these profiles are used for direct marketing implying targeted advertising, dynamic pricing. Although user profiles can also be useful in determining content relevancy or in creating customized services. Privacy-enhancing technologies (PET) are the solution against privacy vulnerabilities. The necessity of privacy-enhancing technologies for the Internet emerged in the early beginnings of internet browsing, however, there are still a lot of open questions.

online privacy

Web privacy issues can be divided in two main categories, correspondingly to the categorization of passive and active attacks in security: information leaking and technologies used to compromise privacy. However, information shared unknowingly can also result in compromising privacy,can result to tracking, which raises the importance of total user control over shared or leaked information as well, not only preventing and detecting active attacks. Since several services depend on their advertising incomes, some privacy-friendly altering methods should be considered. Like, instead of animated advertising, text based advertisement can be used, which is more audio-visual privacy friendly. On the other hand tracking user activities and profiling, user preferences should be guessed by analyzing the web context in which the advertisement is shown.. Using this method users are classified into general preference groups instead of creating personal profiles. Requesting the users’ consent is also a privacy-friendly approach if individual profiles needed to be created.

Participants, Goals and Motivation

However, in another aspect participants could be classified to be neutral, supportive or endangering user privacy. Basically, actual participants can have several roles at the same time. The users’ objective is to have total control over all their data: any information sent and received, and preserving anonymity. A user should also be aware of the information shared with the service provider any time, and should be able to defend herself against advertising and the leak of private information like e-mail addresses or login names. Neglecting the way the profile was acquired, the advertisers’ goal is to achieve targeted advertising: to get the proper advertisements to the proper users. In some cases advertising is used together with profiling by tracking user activity and storing profile information on click-through bases. Besides overloading system resources, advertisements can violate audio-visual privacy, by expanding over their designated area and playing sound effects or music. Web shops and stores may be using targeted advertising and profiling, however, they might use profiles for dynamic pricing, for extra profit they offer desired products to be more expensive and uninteresting ones to be cheaper.

The user’s profile can be easily updated to match her purchase statistics. Data collectors use special tracking techniques and often associate with service providers for profiling purposes. Their goal is to create accurate databases for some mentioned activities. The categories of service providers may be, Internet Service Providers and web services providers. The Internet Service Providers’ proxies are the bottleneck of the users’ whole traffic, which is ideal for logging user activities and blocking access to web service providers. Web service providers are the link between different participants by applying auditor services, placing advertisements on their pages or associating with other web service providers for merging logs and creating wired networks for tracking purposes. Censoring activities can be motivated by corporate policies or political regulations. In the world of the web the main goal of censorship is to block access to websites with certain URL addresses or any other sites providing specific content. Free Internet service providers may also be censoring web content or several URL addresses containing forbidden words or phrases.

Passive Attacks

Public Information and Abuses Most of the information shared with websites, such as user agent or display properties are intended to be used for customizing services, but this information can also be used to create profiles. Information like the exact browser agent version, list of installed plug-ins can be used to check the existence of specific vulnerabilities, which can be used to install spyware on the user’s computer. There are several websites demonstrating the severity of information leak by listing public information available of the computer which the user uses to access the web.

Revealing the network address is a technical need due to the networking mechanisms of the Internet, however, these addresses are almost unique and allow tracking. The IP address can also be used for geo-locating users quite easily, narrowing down the possibilities to the most likely country or city. Since IP addresses can change and might be referring to several users and devices, there are other ways used for tracking purposes, which are considered to be active attacks against user privacy as they require tracking identifiers bound to the user stack model and information may be used to abuse privacy.

Active Attacks

The main purpose of active attacks is profiling, nevertheless, censorship is key. Profiling is the method of mapping user activities by time and logging preferences and interests altogether. This is done by tracking user activity on the web, but because of caching and history preserving mechanisms built in the browsing agents there are other methods too. In addition, consider the possibility of service providers working together. Tracking web activities is simple, in every context the user visits the profiling party tries to identify the user and if this is successful it creates entries in the profile, based on the user’s information. IP tracking is the simplest method for tracking, since IP addresses are revealed every time a web service is visited. Nevertheless, IP addresses might not be correctly denoting users, since addresses can refer to network devices or groups of users, for example due to the use of Network Address Translation techniques.

Identifying users by their browser agent is better because users might be using even a computer which only has one IP address. Following techniques realize browser-based user tracking. Cookies are used to store user’s settings on the computer for web services, to do so the browser agent sends all cookies belonging to the visited website, this means the site only accesses its own cookies, and cookies cannot be created for foreign sites. Sometimes cookies only store session identifiers which refer to database entries stored at the web service provider. However, cookies also store tracking identifiers, which are called tracking cookies. Service providers cannot read each others’ cookies so they use web bugs or advertisements placed on the other service providers site to detect users visiting a tracked website.

The visited website’s content can be downloaded in two steps: the browser agent downloads the content descriptor file in Hypertext Markup Language format and then downloads images and other resources marked in the page’s descriptor which may have to be downloaded from somewhere else, setting the basic idea for web bugs. Modern browser agents offer the possibility for privacy-aware users to manage, and also delete cookies. Possibly this was the reason why Flash Persistent Identification Elements was introduced. They are based on a cookie-like client-side storage element called Local Shared Object (LSO). These objects are harder to check and detect changes, and even to delete, however, tracking possibilities are limited. These elements are utilized with Flash advertisements accordingly to web bugs.

Furthermore, Filling Profiles Collaborating websites can create comprehensive profiles merging web activity logs and analyzing context: visited pages, downloaded files, followed links, click-through statistics of advertisements. Audit provider services might be behind these collaborations and permanently tracking users promising personalized content and services. The URL-referrer string carries the URL that the user visited previously before following a link, some information can be extracted from URL-referrers besides the acknowledgment of referring sites if the user is tracked: the time she visited the referring site, possibly the content the user visited and most importantly if the referrer was a search engine, the keywords the user was using to locate the site in question. E-mail addresses can be attached to profiles by sending links, embedding a special identifier into the URL referring to the recipients address. When the user opens the mail and decides to download the images or opens a link her IP address will be instantly revealed and by opening an URL in a browser her tracking identifier will be linked to her e-mail address.

Guaranteeing the state of anonymity for web users requires these properties

Unobservability: unobservability of requests and content sent is required for anonymity. This equals to creteria of confidentially, practically meaning that sent messages should be ciphered.
 Unlinkability: neither a web service provider nor an observer should be able to tell if two messages sent by the same anonymous user. This also applies for pseudonyms used through communication.
Pseudonymity: the user is pseudonymous if she is referred by an identifier string, which cannot be related to any personal information, for example like a tracking identifier.
 Anonymity: the user is anonymous if it is not possible to identify her in a set of users identified by pseudonyms and also activities cannot be linked to users within this set.

Unlinkability of messages requires the unobservability of message content, since clear text messages do not hide message header information, which can be useful to link messages to a user. Anonymity property requires a set of pseudonyms that cannot be linked to the users. Anonymity can be guaranteed on two separate levels: network level and application level. On these levels, different types of information are leaking and also different types of active attacks have to be prevented and detected when securing the related layers.

Anonymous web browsers offer complex preventive solution to reviewed privacy issues. Using these services, the state of anonymity can be preserved, and in some cases, certain unwanted contents, like advertisements, can be filtered out. Basically there are two types of anonymous browsers: web based and regular proxies with client-side filtering functions. The main difference between them is suggested by their names: web-based anonymous browsers can be reached through websites, their control panel is in the visited pages, while regular proxies do not have that much of transparency: an intermediary agent needs to be installed.

Using MIX networks is the basic technique for granting sender anonymity. A MIX node outputs messages in random and uses cryptographic methods for preserving the linking ability of messages received and sent. MIXes are used in cascades for stronger privacy, or settings have to be changed in the web browser agent. Both have special filtering systems to remove malicious code from the downloaded content, also narrowing the scope of revealed information about the user.

Anonymous web browsers are based on two basic functions, MIX services and a proxy serving filter functions. In practice, filtering can be implemented client-side as well, and MIX may not be utilized leaving a simple anonymous proxy . However, for quality privacy-enhancing service MIX services should not be left out. There are several types of mix services in numerous aspects, there is a review of web privacy-enhancing services including a comparison of mix services. However, most anonymous web browsers use onion routing technology, varying mainly in security and architecture issues such as users-based mix nodes. Due to the client-server architecture of web applications, anonymous routing protocols providing only sender anonymity can be accepted. For preserving unobservability the traffic between the user and the first proxy should be secured.

Service Type Taxonomy and Comparison Anonymous web browsing services can be classified into two types: anonymous proxies and anonymous web browsers. Anonymous proxies have filtering functions and only grant poor network-level anonymity by hiding IP addresses, used port numbers and using no encryption or traffic analysis protection. These can be sorted into two groups: web-based and client based. Web based services can be accessed through their websites and no client-side settings need to be done, all filtering functions takes place server-side while by using client-based services filtering functions take place locally, and in some cases local proxies may need to be installed.

Protect your digital identity with these four easy steps to online anonymity

When data and privacy scandals are a daily occurrence in the news, learning how to secure your identity online is essential.

This guide will help you learn ways to gain anonymity for the majority of your web-based communications and activities. But before we get started, it should go without saying that if you’re trying to stay anonymous, you shouldn’t use your real name when creating any online account. That’s the first step to take with your social media accounts.

Once that’s done, here are the four levels of anonymity we’d recommend next.

LEVEL 1: BROWSE IN PRIVATE WHENEVER POSSIBLE

Browsing in private mode is simplest thing you can do to make some of your general internet usage a bit more anonymous.

Here’s how it works: You leave cookies every time you visit a website. These cookies are stored on your computer and hold a modest amount of data based on what websites you’ve visited, allowing other web pages to deliver an experience tailored to you. That could be Facebook showing you an ad for that new MacBook you searched for on Google, or YouTube seeing that you’ve been looking up videos about the new Samsung Galaxy Note 9 phone. These cookies can be used to create a unique fingerprint based on the data that’s been collected.

Just browse in private mode to avoid all that. All modern browsers have a private browsing feature, including on mobile.

LEVEL 2: AVOID GOOGLE (OR BING OR YAHOO)

Google, Bing, and Yahoo might be the three most popular search engines, but the trio also collects the most data about you in order to serve relevant ads and personalize services. Especially when logged in with your account, these search engines can collect your name, email address, birthday, gender, and phone number. Asides from that, Google and Bing can also collect important data such as device location, device information, IP address, and cookie data.

To avoid being tracked when searching on the web, we recommend you use a service like DuckDuckGo. This an independent search engine which doesn’t give you personalized search results. Everyone who searches sees the same results, and anything you search for won’t be collected or stored. The search engine also claims it has nothing to sell to advertisers, which means you won’t ever be subject to targeted ads seen when using Google and other websites.

LEVEL 3: HIDE YOUR IP ADDRESS

The next important thing you can do to stay anonymous is to hide your IP address, which is the easiest way to trace online activity back to you. If someone knows your IP address, they can easily determine the geographic location of the server that hosts that address and get a rough idea of where you’re located. Broadly speaking, there are three ways to obscure your IP address and hide your location.

First off, you can use a proxy server. If you want all of your online activity to be anonymous, the best way to do it is to pretend to be someone else. This is basically what a proxy server does: It routes your connection through a different server so your IP address isn’t so easy to track down. You also can use a virtual private network (VPN). For most intents and purposes, a VPN obscures your IP address just as well as a proxy does – and in some cases even better. A VPN is a private network that uses a public network (usually the internet) to connect remote sites or users together.

Finally, you can use TOR. Short for The Onion Router, TOR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Browsing with TOR is a lot like simultaneously using hundreds of different proxies that are randomized periodically.

Also read: Tor vs VPN.

LEVEL 4: USE ANONYMOUS EMAIL AND COMMUNICATION

Using proxies, VPNs, and TOR will obscure your IP address from prying eyes, but sending emails presents a different anonymity challenge. Let’s say you want to send somebody an email, but you don’t want them to know your email address. Generally speaking, there are two ways to go about this.

The first is to use an alias. An alias is essentially a forwarding address. When you send mail through an alias, the recipient will only see your forwarding address, and not your real email. Since all mail is forwarded to your regular inbox, this method will keep your real email address secret, but it will not, however, keep you from being spammed like crazy.

Secondly, you can use a disposable email account. This can be done in two ways: Either you can just create a new email account with a fake name and use it for the duration of your needs or you can use a disposable email service. These services work by creating a temporary forwarding address that is deleted after a certain amount of time, so they’re great for signing up for stuff on sites you don’t trust and keeping your inbox from being flooded with spam.

Also, using a VPN and communicating through an anonymous email address will keep your identity hidden, but it still leaves open the possibility of your emails being intercepted through a middleman. To avoid this, you can encrypt your emails before you send them using HTTPS in your web-based email client, which adds SSL/TLS encryption to all your communications. For webchats, you also can consider using TOR chat or Crytopchat, which are encrypted chat services that are hard to break.

So, there you have it, a simple four level guide to staying anonymous online. Some of these methods might be more extreme than others, but all put you in control of your privacy and should give you an extra peace of mind when browsing the web.

Share this post: