The Drawbacks of Anonymous Surfing 233
BlueCup writes to tell us that one reporter decided to give anonymous web surfing a shot, and found it to be much more trouble than it was worth. Many users take advantage of Tor and other anonymous web browsing tools, but is the amount of hassle worth the effort it takes to remain anonymous?
Torpark (Score:5, Informative)
If you have a few seconds, download Torpark [nfshost.com] and try it out. It shouldn't take more than half a minute and is Firefox based and pretty much automated.
And if you're worried about having to put Torpark on every machine you use, just put it on a very small USB thumbdrive on your keychain. Plug it into whatever computer you're using and browse the thumbdrive. Double click and go -- no need to worry about leaving personal information on your friend's computer. The application itself is very tiny so it would fit on even very cheap USB drives [newegg.com] and there's a Thunderbird extension for it. I was at a conference once and got a free 512MB thumbdrive. I sharpied it as Torpark and now I can serf anonymously if I need to.
The only hassles I can find is that I have it set to not cache anything at all which means sites don't load as fast when I revisit them normally on my desktop. Also, the Tor servers can sometimes be slow to forward packets or the German ranged IP address it masks me with will cause a page to render in German. Oh gut, das ist wert es wohl.
Re:Torpark (Score:5, Insightful)
Re: (Score:3, Interesting)
I once experimented and added a machine to the Tor network as an exit point for web traffic.
A couple of hours later I wasn't welcome at slashdot any more. You can guess where that experiment ended.
Re: (Score:3, Interesting)
Re:Torpark (Score:5, Interesting)
in the first week i used tor my bank decided to shut me out of online banking for a week and paypal put me through a rigorous 'identity confirmation' protocol that included them depositing money in my cheuqing account, calling me at home and mailing (as in paper and stamps) a magic 5 digit code.
and i still use tor. every day.
because a police state is far less convenient.
Re:Torpark (Score:5, Insightful)
Re:Torpark (Score:4, Insightful)
WHY would you want to risk firther exposure of such sensitive details as your bank acount login by adding ANOTHER leg to its journey out to the bank. If you dont trust your lan, you can use a vpn or ssh tunnel to somewhere better (something i commonly do, especiauly when im using wireless networks, ssh to a wired box, then (for wireless at least) re-ssh again to another wired one from there (a little bit better incase anyone gets my auth over the wireless))
Using a tor server for your most confidential information that is so connected to you as to the level that the parties involved are in posetion of your bank details and phone number and address, is rediculous, unless your the kind of person that uses fake deails of the type above, is constantly moving, and realy doesnt want the bank to know where your using the computer from, WHY THE HELL would you anonymize your logins to these.
To the companies it raises massive red flags, as you experienced first hand what they do its clear they act on such behaviour. If you dont trust your bank, dont bank there.
And ill point out that placing a software routing point between you and your end point, you do increase the potential for man-in-the-middle attacks on your sensitive login information significantly.
Re: (Score:3, Insightful)
As other posters already said, some sites ban tor exit node ips. You can just run your server as a middle-node or restrict acces to those certain sites (slashdot, gsmarena amongst others).
Did you RTFA? (Score:5, Informative)
Seriously.
That about sums up his complaints.
I'm not terribly impressed by the issues he discovered while using an anonymizing service.
Re: (Score:2)
You mean like any ecommerce or membership based site, like, say, /., Amazon, and the like?
Re: (Score:2)
How exactly can you buy from Amazon and remain anonymous?
Re: (Score:2)
Re:Did you RTFA? (Score:4, Informative)
Re:Torpark (Score:5, Funny)
Re: (Score:2)
That website seriously needs to add a sentence about *how* it's doing it. It goes on to talk badly about "all the other services" but then I'm like "So how the f... do you do it?", it sounded about as credible as that "anonymous" IE frontend that was on slashdot not long ago.
Firefox and Tor, both open source, with a little magic to tie them together? I believe in that. But it sure as hell wasn't obvious to find out that it was using Firefox... or wh
Re: (Score:2)
just put it on a very small USB thumbdrive on your keychain. Plug it into whatever computer you're using and browse the thumbdrive. Double click and go -- no need to worry about leaving personal information on your friend's computer.
You had better encrypt that thumbdrive in case the computer owner slurps all the data off it [schneier.com] while it's plugged in.
on every machine you use (Score:2)
Linux and MacOS X? (Score:2)
Re:Torpark (Score:4, Informative)
I think that this must be a joke. Guys, you're missing the entire point of using Tor. Tor usage isn't designed for script kiddies who don't want the FBI on them, child pornography rings afraid of Interpol or nerdy teenagers that don't want their IP logged (although these are all applications of Tor, too). Tor was designed for electronic freedom for people in, for example, totalitarian regimes that don't allow freedom of speech, or whistleblowers on governments, major industry, etc.
Having a little bit of "a hassle" is fine for the designed type of use. People trying to communicate anonymously out of the Great Firewall of China don't worry if it takes an extra few seconds. The nerdy teenager that thinks anonymity is cool (not that I have anything against this guy), might think it's not quite so cool to wait forever to have a site load, and be banned from things like Slashdot and Wikipedia (via the Exit Nodes).
The article is inherently flawed, since it's looking at Tor from the wrong perspective.
- dshaw
Re:Torpark (Score:5, Funny)
Re: (Score:3, Informative)
Plus, using someone elses WiFi without permission is a grey area legally.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
It depends (Score:5, Insightful)
Re:It depends (Score:4, Interesting)
or is already in politics for that matter.
The value of annonymous surfing to be worth overcoming hasstles is directly proportional to the damage you habits would cause should they get out.
Lost job? -> possibly
Divorce? -> maybe
Prison time? -> likely
loss of big money? -> yes
execution? -> Certainly.
-nB
That's about as I rank it.
Re: (Score:3, Insightful)
Re: (Score:2)
The placement of money was actually hard for me. I ultimately figured anything that cost big money would likely also end a marrage and possibly result
NOOOOO (Score:2)
Re: (Score:2, Funny)
depends on who you are (Score:3, Insightful)
Yes if you are going to lose your freedom, or be executed because of it, probably not if you are a general user who does nothing that could ever be used against them, and only use it in instances where you actually need anonymity rather than using it for all activity.
That's the rub though... (Score:2, Insightful)
The nature of the internet and the records kept means you could pay for something you did last night, 10 years from now. Take the whole steroid hysteria right now. 3 years ago, if you used andro, you did nothing illegal, it wasn't considered a steroid and was available at practically every health shop. If there is an internet record of you talking about using andro and the great results you got from it now, NOW YOU'RE A STEROID USER
So. (Score:5, Insightful)
What a useless article. You mask your IP and use proxies if you want to become *untraceable*. And this guy's crying about how he has to remember his passwords for every site. Bloody lout.
Re: (Score:2)
What a useless article. You mask your IP and use proxies if you want to become *untraceable*. And this guy's crying about how he has to remember his passwords for every site. Bloody lout.
Why bother even masking your IP for most passworded sites? The sites I use that require passwords (i.e: my credit union, credit cards, car loan, electric company, etc) already know who I am.
Heck, why even mask your IP? I'm happy to reject cookies and know that my IP will change in a few days. That's all I need for pr
Re: (Score:2)
Tor speed (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2, Informative)
Lots of times you'll wind up with an exit node halfway around the world. So if you connect to a site down the street, the traffic has to go to Germany and back. Sucks, but it's the price you pay for a potentially large benefit. Whether or not it's worth it depends on what you're doing.
Re: (Score:3, Informative)
Re:Tor speed (Score:5, Informative)
Re: (Score:2)
Re: (Score:3, Interesting)
Torrenting on tor is selfish.
Yes, it's faster (Score:2)
The quickest way to give it a speed test (after all, if you're testing speed you probably don't want to be slow about it
If you want to help the speed even more, be a good citizen and run a Tor server.
Not truly anonymous surfing (Score:5, Insightful)
Also, since he had to relogin when he went to Amazon or other sites, he was giving up his anonymity because now the site can track when he last visited, what he went to and so forth.
As far as sites balking that he didn't have a cookie, um, so what? That is the whole point of trying to be anonymous, right?
Had the author simply stuck with sufing around and not registering with sites he would have a better case for his article. As it stands, not so much. He needs to look up the word anonymous and see why he wasn't.
Re: (Score:2)
Anonymity is the degree of how hard it is to spot you in a crowd. I can't see how having cached files affects that.
Re: (Score:2)
If the police take your laptop, then they know every website you have visited. That isn't very anonymous.
Now, say you are a blogger, and you are interested in finding out how easy it is to find info on building a bomb, for instance. So you spend 4 hours Googling(tm) and looking at sites before drawing your conclusion. Your goal is to find out how accessible the info is only, but now the poli
Re: (Score:3, Informative)
I don't know why you would delete cookies when you're done, rather than prevent them in the first place.
I prefer to block all cookies, then set exceptions for the sites I need to login to. It's pretty easy to do in Firefox, especially if you block-by-default and install Permit Cookies [mozilla.org]. With that extension, just press Alt-C when you actually want to allow a cookie.
You end up with 10-20 cookies that you really want, and none that you don't want. Easy to
Re: (Score:3, Informative)
Couldn't the cahce and cookies just be located on a temporary encrypted filesystem? Just use your favorite harddisk/folder encryption utility, generate a cryptographically secur
Re: (Score:2)
...and what's the point of deleting your Amazon cookies anyway, if you're going to shop there? You aren't going to be anonymous in any case.
Really, I'm all in favor of blocking cookies. I hate getting cookies from doubleclick.com when clearly I've never visited the site. I hate going to a random site and finding that it's given me a cookie for no reason that I can figure out. However, if you go to a site regularly, log in anyway, and like the services that they're providing by giving you a cookie, the
Typical (Score:2, Insightful)
There are plenty of legitimate reasons not to want your personal information all over the place, barely any of which were touched on in the article.
Tracking is good (Score:2, Interesting)
- from article
This is not true as javascripts can read your normal IP address. It can even get your local IP address. Except I've noticed that if you setup a local webserver and set that webservers IP address to 127.0.0.1 then the javas
Re: (Score:3, Interesting)
Bullshit. Maybe I don't want my surfing habits tracked because no one else needs to know where I've been. Just because I visit CNN's site rather than Faux is not evidence of criminal intent. Next thing you know you'll be telling me I can't use cold hard cash to pay for something but must instead use a credit car
Re: (Score:3, Insightful)
What activities do I want tracked? Where does that benefit me? So I get annoying local advertisements, or that I get annoying tech advertisements? In what way is this different from getting annoying generic advertisements?
Here's the real tinfoil hat scenario that has me not liking tracks: what are the chances that an RIAA investigator is paying for Google AdWords targeting the search words "mp3" and/or "download music"? Goog
Re: (Score:2)
That is a really amazingly ignorant question that could trivially be answered by, you know, reading some of the material on t
Re: (Score:2)
What a guy. (Score:5, Funny)
- Surfing anonymously is hard, and therefore not worth it.
- Oh noes! My Amazon purchase list is broken! This is stupid!
- Evil criminals can use it!
An excellent thing for a reporter to be saying to his readers. I'd sure love to be one of this guy's sources.Re: (Score:2)
Convenience trumps security. News at Eleven.
If the geek hasn't learned this lesson by now, it can only be because he has beem sleeping in class.
Dumb reporter (Score:5, Insightful)
For him, he should add. If all you need anonymity for is so websites can't point personalised ads at you, guess what: you don't want military-grade anonymity through Tor, you want Adblock or Privoxy. While he continues his convenient existance, more and more people rely on Tor for their democratic right to free unpopular speech. Tor may slow you surfing down, but it sure beats political imprisonment or being outed for being whatever is unpopular where you live.
Re: (Score:2)
Re: (Score:2)
That's not even true, since this guy actually complained about Amazon not showing him his suggested items. It seems he apparently does want targeted advertising.
best anonymous surfing (Score:2)
Re: (Score:2)
Re: (Score:2)
and remember son.. (Score:2)
Surfing anonymously is easy (Score:3, Funny)
Freenet (Score:2)
The article is incomplete! (Score:2)
Quite seriously, if you have troubles setting up TOR, it might be good for the net as a whole if you stayed out.
anonymizing via noise (Score:3, Interesting)
Re: (Score:2)
Try http://www.google.com/webhp [google.com]
Placing a price on privacy (Score:2, Interesting)
I don't think the author of the article has a handle on this whole privacy thing. People who care about privacy don't sign up for "loyalty" cards at grocery stores, don't give out their phone numbers to every retail clerk who asks for it, don't put their names in telephone directories, don't enter contests that require you
Using tor easily (Score:2)
Now turn Tor off when not needed, and turn it on with a click when you like to.
Since you go through other hosts, it is often slow, but usually OK.
Also, if a lot of your Google searches returns Wikipedia pages, just search directly in Wikipedia and so on.
Re: (Score:2)
Whew (Score:2)
Thank god they can't find out who I am based on my payment details . . . oh . . wait.
Password wallet + cookie management software (Score:2)
Wallet software (i use kwallet) that auto-fills login forms from a local encrypted storage.
Software that blocks all cookies from ad agencies (blacklist, anyone?) and auto-deletes the rest when closing the last window viewing a given site. (I don't know of any way to set this up in konqueror, please suggest. Privoxy perhaps?)
For the all-important slashdot login, a way to tick off sites that "can keep cookies for a year".
Tor's slow, but not a hassle (Score:5, Informative)
To use Tor, simply install it, then tell your browser (or privoxy proxy) to use the socks proxy on port 9050 (or wherever). Nothing much can be done about the sluggish latency and low bandwidth, though, because for true anonymity to work you just HAVE to relay through a certain random number of random nodes of various quality. So instead of taking 15 fast intra-country hops to reach Google, it might take 100+ hops all over the globe and back, with each hop being another weak link in the chain.
Speed is the #1 reason I don't use Tor much... except for the rare occasion when I need to upload beheading videos^W^W^W send ransom notes^W^W^W troll IRC^W^W hide p2p downloads^W^W^W research something privately.
Re: (Score:2)
Could you expand on that? I've run Tor and I've run Freenet. Tor is slow, sure, but tolerable. Freenet, otoh, is unuseable. I've installed and run Freenet on three different occasions in the past. I've dedicated a machine to it. I've given it lots of space. I've left it on the network for a week before using it. I've done all the little procedural and configuration tweaks that I've been able to find in all the
as long as you arent doing shady things (Score:2)
Shopping Anonymously (Score:4, Interesting)
Tor is Easy via Transparent Proxy (Score:4, Informative)
http://januswifi.dyndns.org:85/ [dyndns.org]
When you start the Windows VPN connection to the VMWare virtual machine that PPTP network becomes you default route. All DNS lookups, http requests, and other TCP traffic is now transparently routed through Tor. Simply disconnect the VPN to terminate anonymous onion routing...
Also see the user documentation: http://januswifi.dyndns.org:85/Instructions.htm [dyndns.org]
Transparent proxy avoids many common problems with explicit SOCKS configuration and DNS leaks. Worth a look...
The real problem with Tor... (Score:2)
And yes, I know that both of those sites allow Tor-based browsing, just not Tor-based posting. However, they both have user login systems, and there's no good reason to not allow those through Tor. If you don't trust your password protections enough to allow Tor-based users to access them, why do you trust regular users?
Re:Moo (Score:4, Insightful)
you're kidding right?
Even if you erase history your machine is littered with footprints of where you've been, nevermind un-erase utilities.
-nB
Re: (Score:3, Informative)
Re:Moo (Score:5, Interesting)
Re: (Score:3)
Well, that's where criptography comes in... someone posted this link [iq.org] in response to a post of mine a few days ago... seems very interesting...
They cannot find the data if it's all covered with garbage...
Re: (Score:2)
Seriously, what good reason is there to keep a list of all visited websites?
Not to mention that the list can't be easily deleted.
Re:Moo (Score:5, Funny)
It's not about (Score:5, Informative)
It's about what trace you leave across the Internet/Googlesphere/SkyNet.
Re: (Score:2)
Even then I bet if I said "clear history" I would find crumbs to follow. Like a lower poster I have an encrypted volume where such stuff goes, and no swap file (I'm on windows, sorry).
Paranoia is only bad if they are not out to get you. (but you can never be too sure
-nB
Re: (Score:2)
First try it, then come back
IE leaves crumbs (typed URLs, history, cokies, recent), Netscape left crumbs (history.dat), Mozilla doesn't. If it did, i'd sure be suprised. At least after turning off history and remebering URLs.
Re: (Score:3, Insightful)
Re: (Score:2)
If you're doing something a fascist regime might find objectionable, you can just run off a live CD, so there will be no evidence of your browsing activity on your computer at all.
But as you point out, if you're targetted by a fascist regime (and the US, for the most part, is not), then your best hope is not to be targetted in the first place, which is where anonymising services actually do some good.
Re: (Score:2)
Not all people are the same, and not everyone values their (or someone else's) privacy the same. Some are willing to give up a bit of convenience in the name of privacy, others, however, are willing to trade off a bit of privacy for extra convenience; some are willing to trade off more, some less. But the important thing is, you cannot have them both at once. At least not yet. And not on the Internet.
I know how easy
sacrificing freedom for security (Score:2)
I won't condemn anyone for it, but I'll definitely ridicule some of the chicken-littles here wear their paranoia like a badge of honor. I take some measures to ensure my privacy, but I'm not about to waste my time and energy worrying about the possibility that someone somewhere someday might want to track down what web sites I've visited. Sure, some of them would be embarassing, but I'm man enough to live wi
Yes and no (Score:2)
E.g., I'd be hard pressed to see anything bad in what I buy on Amazon. If a prosecutor with a search warrant wants to see that this month I've preordered Neverwinter Nights 2 on Amazon, by all means, be my guest.
Mind you, I don't see any use in Amazon's recommendations either. But if anyone finds them useful, it's bloody stupid to ask -- nay, _demand_ -- that they give that up in the name of pr
Re: (Score:2)
That the author didn't look at using another browser, is reason enough to discredit his opinion.
Mod parent up! (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you live under an oppressive regime, using an anonymous proxy or whatever is asking to beaten with a rubber hose, and have your computer confiscated and dismantled. And if you live outside the US, it could be almost as bad.
Re: (Score:2)