Anonymity methods on the net. Part 1. Just about complicated

[DronVR]

Anonymity methods on the net. Part 1. Just about complicated

Proxies
Globally, when they say a proxy server, they mean something that acts as an intermediary between the client and the recipient.

In terms of ensuring anonymity, proxy servers are:

• HTTP (web) proxy servers. Such servers pass only HTTP traffic through themselves, by default adding proxy usage data to the transmitted traffic;
• SOCKS proxies. Unlike HTTP proxies, SOCKS transfers all the information without adding anything from itself. The SOCKS protocol is at the session level of the OSI model, this ensures independence from high-level protocols: HTTP, FTP, POPZ, etc., which allows SOCKS to pass through all traffic, not just HTTP;
• Separately, it is worth mentioning CGI proxies or "anonymizers", which are essentially a web server with a form where the client enters the address of the desired site. After that, the page of the requested resource opens, but the address of the CGI proxy is visible in the address bar of the browser. CGI proxy, like any web server, can use https to protect the communication channel between itself and the client.

You see the scheme of proxy servers in the picture, everything is simple:

Proxy server advantages:

• proxies are cheap, you can find many free proxies on the network.

Cons of proxies:

• Trust proxy server
• for http proxies, you need to filter HTTP headers: "HTTP_X_FORWARDED_FOR: client, ip1 ...", HTTP_VIA, HTTP_FORWARDED, etc .;
• proxy protocols (http, SOCKSx) DO NOT support encryption between HTTP / SOCKS / Elite / Anonymous proxies and the client. And an SSL proxy means only that the client can work with https resources;
• proxy chains are ineffective: " Hi Proxy1, send my message: “forward to Proxy3; forward to proxy4; forward to [DLMURL="https://anonym.to?https://encrypted.google.com/c8e8df895c2cae-%D1%87%D1%82%D0%BE-%D0%BD%D0%B8%D0%B1% D1% 83% D0% B4% D1% 8C-% D0% B5% D1% 89% D1% 91-% D0% B7% D0% B4% D0% B5% D1% 81% D1% 8C-% D0% B7 % D0% B0% D1% 88% D0% B8% D1% 84% D1% 80% D0% BE% D0% B2% D0% B0% D0% BD% D0% BD% D0% BE% D0% B5-166baf "] encrypted.google.com/c8e8df895c2cae- anything- else-here- encrypted-166baf [/ DLMURL] 'for proxy2? " Thank!;
• the need to configure a proxy server for each application or the use of separate socksifier programs, for example, Proxifier.

VPN / SSH
I will talk about VPNs, meaning SSH tunnels as well. Since, despite some differences, the basic principle is the same.

The VPN operation scheme is shown in the picture:

Currently, commercial VPN providers offer the following VPN protocols:

• PPTP - the most widely used, fast, easy to configure, but it is considered the "least secure" compared to the rest;
• L2TP + IPSec. L2TP provides transport, and IPSec is responsible for encryption. This bundle has stronger encryption than PPTP, it is resistant to PPTP vulnerabilities, it also provides message integrity and authentication of the parties;
• OpenVPN - safe, open, and therefore widespread, allows you to bypass many locks, but requires a separate software client;
• SSTP is as secure as OpenVPN, it does not require a separate client, but it is very limited on the platforms: Vista SP1, Win7, Win8.

Almost all commercial VPN providers offer a choice of two protocols: OpenVPN and PPTP. Less commonly, the L2TP + IPSec protocol is offered. And quite a few offer SSTP.

Separately, it is worth noting the services that provide DoubleVPN, when before going to the Internet, traffic passes through 2 different VPN servers in different countries, or even QuadVPN, when 4 servers are used, which the user can choose and arrange in any okay.

A curious study regarding the anonymity and reliability of commercial VPN servers was conducted by torrentfreak.com: torrentfreak.com/vpn-services-that-take-your-anonymity-seriously-2013-edition-130302

VPN providers were asked questions:

• Do you keep logs that allow you or third parties to map the IP address or timestamp with your client? If so, what data do you store?
• Under what jurisdiction does your company operate, and under what circumstances will you disclose data to a third party?
• If you receive a DMCA notice or its European equivalent, what will you do with it?
• What payment systems do you work with, and how are they related to user accounts?

Summarizing, it is worth noting that most VPN providers in their answers are unanimous: “Logs are not stored, and if they are stored, then very briefly, it is impossible to calculate the subscriber from them. It’s very difficult to put pressure on us and make us give out at least something. ” Of course, you should not expect other answers from services whose main purpose is to ensure anonymity of users.

VPN / SSH advantages:

• fast and convenient, no need to separately configure applications.

Cons of VPN / SSH:

• you need to trust the VPN / SSH server / provider.

I note that most of the thematic add-ons for browsers and “programs for anonymity” use proxy servers and VPN servers to hide the client’s IP address.

Tor Great and terrible


Much has been said about Tor, but I will try to tell you simply

Tor is a router system in which a client connects to the Internet through a chain of nodes. As a rule, a chain consists of three nodes, each of them does not know the addresses of the client and resource at the same time. In addition, Tor encrypts messages separately for each node, and open traffic is visible only to the output router.

Now Tor is 10 authoritative (control) nodes, about 4200 intermediary nodes, including about 900 output nodes.

In the picture a simplified scheme of the operation of Tor

I note that the traffic goes back in open form, on the output node it is encrypted with a temporary symmetric key and transmitted along the chain (yes, the traffic itself is encrypted on symmetric keys, and these keys are encrypted on asymmetric keys).

They criticize because they demand too much from him: it is safe to transfer the traffic of any applications to the network, protection from a global observer, confidentiality of transmitted data, etc. But he solves the main problem with his threat model: a rather high level of client anonymity during transmission http traffic only subject to all mandatory rules: www.torproject.org/download/download-easy.html.en

Pros of Tor :

• a high degree of customer anonymity, subject to all the rules;
• ease of use (downloaded Tor Browser Bundle, launched and use).

Cons Tor:

• output traffic is tapped;
• low speed;
• availability of management servers.

In one of the forums I found a poll regarding Tor. The number of respondents does not indicate the reliability of the results, but the winning answer is very correct

Tor's work is invariably accompanied by people's doubts about its reliability and anonymity. Now we will not disassemble it in detail, I promise to do this in the next articles of the series, where I will describe in detail some important Tor details and try to answer all the questions.

I2P

A lot of words have been said about I2P, I will be concise and try to explain everything clearly.

I2P is an anonymous network running on top of the Internet. It has its own sites, forums and other services. By its architecture, it is completely decentralized, and IP addresses are not used anywhere in I2P.

I2P has two main concepts:

• A “tunnel” is a temporary unidirectional path through a list of nodes. Tunnels are incoming and outgoing;
• "NetDb network base", which is more or less distributed across all I2P clients. Its purpose is to store information about how a client can connect to a specific recipient.

NetDb database contains:

• RouterInfos - contact details of routers (clients) are used to build tunnels (simplifying, they are cryptographic identifiers of each node);
• LeaseSets - contact details of recipients used to communicate outgoing and incoming tunnels.

At the beginning of 2013, I2P included 25,000 routers and 3,000 LeaseSets.

I'll tell you about the node interaction algorithm:

Step one. The Kate node builds outgoing tunnels. She turns to NetDb for data on routers and builds a tunnel with their participation.

Step Two Boris builds an input tunnel in the same way as an outgoing tunnel. Then he publishes his coordinates or the so-called “LeaseSet” in NetDb (here, note that the LeaseSet is transmitted through the outgoing tunnel).

Step Three When Kate wants to send a message to Boris, it requests Boris to NetDb LeaseSet. And through outgoing tunnels it forwards the message to the destination gateway.

I2P has the ability to access the Internet through special Outproxy, but they are unofficial and, in combination of factors, are even worse than Tor output nodes. I2P developers say: " Want Internet - Use Thor ".

Pros of I2P:

• high degree of customer anonymity;
• full decentralization, which leads to network stability;
• data confidentiality: end-to-end encryption between the client and the recipient.

Cons of I2P:

• low speed;
• "Your internet."

Details about I2P, including protection mechanisms, and I2P is doing fine with them, I will also discuss in the following articles of the series.

Other means
In fact, there were and are dozens of individual projects dedicated to anonymity on the Internet, this is not counting the "add-ons in browsers" and "programs for anonymity." Just other, less popular, solutions are either already compromised, or not yet so popular, and therefore not studied by the global expert community to talk about their sufficient reliability. The following most promising projects are being actively developed:

• Freenet freenetproject.org
• GNUnet gnunet.org
• JAP (aka John Donym, based on Tor) anon.inf.tu-dresden.de/index_en.html
• RetroShare retroshare.sourceforge.net
• Perfect Dark www21.atwiki.jp/botubotubotubotu

A separate interesting example of anonymous networks is Wi-Fi-based networks. Whereas with the traditional approach, the Internet performs the transport functions of any anonymous network, the use of wireless solutions allows you to achieve independence from Internet providers:

• Byzantium project: project-byzantium.org
• Netsukuku project - Networked Electronic Technician Skilled in Ultimate Killing, Utility and Kamikaze Uplinking: netsukuku.freaknet.org
• BATMAN project - Better Approach To Mobile Ad-hoc Networking: [DLMURL] https://www.open-mesh.org/projects/open-mesh/wiki [/ DLMURL]

Centralized means of "anonymity"
Immediately, I note the main thing: no centralized solution can provide a high level of anonymity, since it is necessary trust central node.

We will not discuss organizational, political, and bureaucratic difficulties in disclosing anonymity.

Perhaps the VPN server in Panama is indeed more secure than the same server in Spain. Or maybe not.

As well as we will not talk about chains of nodes, since their reliability is difficult to evaluate. On the one hand, in view of organizational difficulties, the risk of disclosure is lower, and on the other, we must be confident enough in each node.

Let's move on to the specifics.



Proxies: http and SOCKSx
Let's take a closer look at http headers in http proxies.

An HTTP header is a string in an http message with some parameters of the form: " Name: Value ". There are quite a few headers; they are exchanged between clients and servers during interaction.

For example, the following field: " Date: Sat, 12 Dec 2012 15:41:52 GMT »Returns the current time and date from the server to the client.

One of these headers: X-Forwarded-For, in fact, is the standard for the server to obtain the original client address when accessing the server through an HTTP proxy. And here in this header, if you do not filter it, the entire chain of proxy servers is transferred from beginning to end, for example:

• X-Forwarded-For: client1, proxy1, proxy2 ...
• X-Forwarded-For: 169.78.138.66, 169.78.64.103 ...

Also, headers that disclose deanonymizing information include: HTTP_VIA, HTTP_FORWARDED, etc.



HTTP proxies that hide the client’s IP address are called anonymous. Such servers are divided into types, this division is very arbitrary, but, nevertheless, there are:

• Simple anonymous proxies (anonymous). These servers do not hide the fact of using the http proxy, however, they replace the client's IP address with their own.
• Elite anonymous (high anonymous / elite). Such servers also hide the fact of using http proxies.

SOCKS proxies, as you recall, do not transmit any headers.



Consider the difference between SOCKS 4, 4a, and 5. There are different versions of SOCKS:

• SOCKS4. Such servers require the client, for example, a web browser, only the IP address of the resource to which it refers (the recipient). Therefore, the client needs to find out this ip-address somehow, and the client can only find out its direct DNS query bypassing the proxy. This can lead to de-anonymization, since the Internet provider can see DNS queries in the clear, this vulnerability is called DNS-leaks, it is described later in the second part of the article.
• SOCKS4a. It is an extension of SOCKS4. The main difference is that the SOCKS4a server accepts from the client only the DNS name of the recipient, and not its IP address. This is necessary when the client cannot independently determine the IP address of the recipient by the DNS name.
• SOCKS5. It is also an extension of SOCKS4. The SOCKS5 server supports UDP, IPv6, authorization, etc. And although SOCKS5 proxies can receive both the IP address and the DNS name of the target resource from the client, some applications that support SOCKS5 can themselves receive the destination IP address before contact the SOCKS5 proxy, which can also lead to a leak of DNS queries.

Ssh. Comparing SSH and VPN
An SSH tunnel is a tunnel created through an SSH connection and used to encrypt transmitted data. As the Wikipedia article of the same name states: “ SSH (Secure SHell) is an application-level network protocol that allows remote control of the operating system and tunneling of TCP connections (for example, for file transfer) ".

When using the SSH tunnel, the open traffic of a protocol is encrypted on one end of the SSH connection, the client, and decrypted on the other, SSH server.

The operation scheme of the SSH tunnel is shown in the figure:

SSH protocol supports several options:

• In the first embodiment, the tunneled application must have the HTTP / SOCKS proxy settings for directing traffic through the local proxy server to the SSH tunnel. If there are no such settings, then you can use socksifier programs that send traffic through a proxy server.
• In the second case, you can organize an almost full-fledged VPN connection and do without setting up SOCKS. Starting with version 4.3, the open implementation of SSH, OpenSSH, can use the tunnel network interfaces of the 2nd and 3rd levels of the OSI model, that is, organize analogs of VPN connections.

Compare VPN and SSH in terms of anonymity.



Goals

Historically, VPN and SSH have been designed for different purposes, which explains their pros and cons.

• VPN is designed to provide secure remote access to corporate network resources. As soon as the computer connects to the VPN server, it becomes part of the “local” network and, therefore, can receive all its services: shared resources, local VoIP service, NetBios-, UDP-, and broadcast requests, single VPN- also become possible politics etc In most cases, a traffic of the entire operating system and applications is sent via VPN.
• SSH was originally designed for secure remote device management. An SSH connection is a connection to a “specific device”, not a “network”. Although SSH masters can do a lot of cool things with it.

Safety

The VPN and SSH protocols are fairly secure except for PPTP. Most possible attacks boil down to [DLMURL="https://anonym.to?https://en.wikipedia.org/wiki/Man-in-the-middle_attack"] Man-in-the-middle [/ DLMURL] and substitution of certificates or keys, however, this is a problem of authentication and user attentiveness.

Convenience

Convenience is a conditional and subjective concept, it depends on your goals and experience.

It’s easy to connect to a VPN server, but for beginners it can be difficult to configure it.

While the SSH server is easier to configure, but, for example, manually setting up the SSH tunnel for each application may not seem convenient to someone.



Speed

The speed of each tool depends on the particular implementation and protocols used. If we compare SSH and OpenVPN, I will share the research [DLMURL="https://anonym.to?https://inportb.com/2009/09/04/ssh-or-vpn/"] [/ DLMURL]:

• network - 96.5 Mbps.
• network / SSH - 94.2 Mbps.
• network / VPN - 32.4 Mbps.

To summarize, it is worth noting that VPN servers are more popular than SSH. There are many commercial VPN providers on the Internet. However, SSH tunnels are also sold in abundance on specialized forums.

What to deploy on your server in Antarctica is your business.



Useful advice


Sometimes there is a situation when the VPN connection for some reason can be broken. If in the case of a proxy server, network communication is terminated, then in the case of a VPN, traffic will continue to go directly. The most reliable option to prevent this is to use a routing table where only the VPN server gateway is specified as the default default gateway.

This is done simply:

1. We remove any default routes:

2. Allow access to the Internet only to the address of the VPN server:

3. Add the default route with the gateway - VPN server:

Where: 192.168.0.1 - Internet gateway, 55.55.55.55 - VPN gateway.

Another way is to install non-existent DNS servers in the properties of an open Internet connection, for example, 127.0.0.1. In this case, web surfing and other similar tasks become impossible without connecting to a VPN server.

There are also special programs, for example, VPN-watcher, which for given applications checks the VPN connection several times per second and stops their work if the VPN connection is disconnected.

Thanks for another way. [DLMURL="https://anonym.to?https://habrahabr.ru/users/Pongo/"] Pongo [/ DLMURL]: " Another way to protect yourself from breaking vpn is to configure a firewall. Suitable including the standard windows firewall. there is [DLMURL="https://anonym.to?https://practicalrambler.blogspot.ru/2011/05/how-to-block-all-internet-traffic.html"] instruction with pictures [/ DLMURL] . Moreover, blocking rules can not be created, but limited to the 10th paragraph. For individual programs (for example, for openvpn), you can separately create enabling rules so that these programs work even if the VPN is not connected. "

Thanks for another way. [DLMURL="https://anonym.to?https://habrahabr.ru/users/amarao/"] amarao [/ DLMURL]: " I think, if you build a secure structure, then you just need to distinguish two sessions - secure and not secure. The session leader is put in cgroups, from where the non-vpn interface is simply not available for use - in this case information will be sent only through this interface. "

Deanonymizing data and possible vulnerabilities

Let's see what identification information about ourselves we can transfer to the Internet. I will not consider vulnerabilities (including 0day) in programs whose operation can lead to complete control over the computer in general.

General


IP address . The most "popular" identifier on the network. Its value may be different in different situations, but as a rule, it is customary to frighten the network “anonymuses” by disclosing the IP address.

Decision : the means described in the first part of this article cope with hiding the ip address

DNS leaks occurs [DLMURL="https://anonym.to?https://www.dnsleaktest.com/what-is-a-dns-leak.php"] then [/ DLMURL] when the application can send its DNS queries using the DNS servers of the Internet service provider. This often happens when people through a local proxy server (hi, SOCKS 4, 5!) Try to send traffic to the Tor network of various applications that resolve DNS names bypassing Tor.

You can check if you are affected by this leak here: [DLMURL] https://www.dnsleaktest.com [/ DLMURL]

Decision : when working with a VPN connection, the most convenient option is to use static DNS servers of the VPN provider or, if you have a personal VPN server, use OpenDNS (208.67.222.222, 208.67.222.220) or Google DNS (8.8.8.8, 8.8.4.4).

To prevent such leaks in Tor, it is recommended to use the Tor Browser Bundle or, if you really want to send traffic to another application to Tor, then the most safe and universal option is the isolation proxy, which will be discussed in one of the following articles.

There are no DNS queries on the I2P network. When working with outproxy, DNS queries are performed on outproxy itself.

thanks for the advice [DLMURL="https://anonym.to?https://habrahabr.ru/users/Rulin/"] Rulin [/ DLMURL]: " ... when using the Socks proxy in Firefox, DNS-leaks will happen by default, to get rid of it, you need: In the address bar, type about: config, click "I'll be careful, I promise!",

We find the option network.proxy.socks, Double-click to change the value to true,

Everything, now when using socks proxy, dns requests will also go through socks "

The “network.proxy.socks_remote_dns” setting determines where DNS queries will be executed when using SOCKS5. A value of “True” sets that they will be executed through a SOCKS proxy, and not on the client.



Profiling arises when most of the traffic goes online for a long time through one node, for example, Tor. Then it becomes possible to attribute the activity seen to one alias. The output host may not know your ip address, but it will know what you are doing.

Decision : Do not use Tor constant chains, regularly change output nodes (VPN servers, proxies), or, looking ahead, use the distribution [DLMURL="https://anonym.to?https://sourceforge.net/projects/ whonix / "] Whonix [/ DLMURL].

MitM attacks aimed at listening and modifying traffic on the output node, such as Tor or any proxy server. An interesting option is the modification by the output node of digital signatures, GPG or SSL fingerprints, hashes of downloaded files.

Decision : Be careful when warnings about the validity of certificates and keys appear.

Deanonymizing activity in an anonymous session . For example, when a client from an anonymous session visits his page on the social network, his Internet provider will not know about it. But the social network, despite the fact that it does not see the real IP address of the client, knows exactly who has logged in.

Decision : Do not allow any left activity in an anonymous session.

Simultaneous connection via anonymous and open channel . In this case, for example, when the Internet connection is cut off, both client connections with the same resource will break. By this fact, it will be easy for the server to calculate and match two simultaneously completed connections and calculate the real address.

Decision : Prevent simultaneous connection to the resource via anonymous and open channel.



Text attribution . More details [DLMURL="https://anonym.to?https://habrahabr.ru/post/165435/"] here [/ DLMURL]. The application can compare the text written anonymously and other plain text, exactly belonging to the author, and determine with a high degree of probability the authorship coincides.

Decision : jokes, jokes, but this topic has not yet been sufficiently studied. You can advise to hide the text, which can be uniquely associated with you. Then there will be nothing to compare with the anonymous text.



MAC address The network interface becomes known to the Wi-Fi access point when a client connects to it.

Decision : if you worry that the access point will remember the MAC address of your interface, just change it before connecting.

On this resource dedicated to our “digital shadow”: myshadow.org/trace-my-shadow, among other things, we can see what data we transmit about ourselves to the network:

What can Browsers say?


Cookies - these are text files with any values stored by the application (often the browser) for various tasks, for example, authentication. It often happens that the client first visited the resource from an open session, the browser saved cookies, and then the client connected from an anonymous session, then the server can match cookies and calculate the client.

Moreover, there are so-called 3rd-party cookies that are stored with us, for example, after viewing an advertising banner from another site (3rd-party). And the website owner of this banner is able to track us on all the resources where its banners are located.

For those who want to learn more about cookies, I advise you to read the articles:

• [DLMURL="https://anonym.to?https://habrahabr.ru/post/190488/"] Cookie without cookies [/ DLMURL].
• [DLMURL="https://anonym.to?https://habrahabr.ru/post/126643/"] Permanent non-blocking cookies using HTTP headers [/ DLMURL].
• [DLMURL="https://anonym.to?https://habrahabr.ru/post/104725/"] Evercookie are the most persistent cookies [/ DLMURL].

Flash, Java, Adobe . These plugins are essentially separate applications that run on behalf of the user. They can bypass proxy settings, store their separate long-lived cookies (Flash - Local Shared Objects), etc. It is unnecessary to talk about vulnerabilities published regularly in them.

Browser fingerprint . The browser provides the server with dozens of categories of data, including the so-called [DLMURL="https://en.wikipedia.org/wiki/User_agent"] user agent [/ DLMURL]. All this can form a rather unique “digital fingerprint of the browser”, by which it can be found among many others already in an anonymous session.

What kind of data your browser sends to the server can be viewed, for example, here, here (aka panopticlick.eff.org) and here .

Javascript Scripts executable on the client side can collect even more information for the server, including clearly identifying it. Moreover, if the site we visit is subject to [DLMURL="https://en.wikipedia.org/wiki/Cross-site_scripting"] XSS [/ DLMURL], then the included Javascript scripts will help the attacker to conduct a successful attack with all the ensuing consequences .

Web bugs - these are invisible details of web pages used to monitor site visits, they can additionally send different data about the client to the server. Google Web Bugs are widespread all over the Internet.

HTTP referer - This is the http header with which the website can determine where the traffic is coming from. That is, if you clicked on the link that the http referer passes, then the site to which the link leads will be able to find out which site you went to from.

Decision : about the secure configuration of each browser, including blocking each of the above categories of identifying data, is written in great detail and clearly on the resource: fixtracking.com, from the wonderful DuckDuckGo search engine:

Applications


It is important to understand that initially many applications were conceived and designed not so much to ensure anonymity, but rather for normal and efficient operation in “difficult” network conditions: bypassing blocking firewalls, proxies.

As an example, I will give only a small part of applications that can independently transmit data identifying us to the network.

• Some BitTorrent clients ignore proxy settings, sending traffic over open channels.
• Windows Update sends a dozen categories of data to the server, including a unique 128-bit identifier (GUID). Windows Update is also vulnerable to MitM, and therefore, an output node, such as Tor, can be a source of attack.
• License keys of paid or serial numbers of free applications can also be transferred to the Internet, for example, during activation or updating, thereby identifying the user.
• Windows Media Player can independently request music information or exchange service data.
• Time zone data can be transmitted using IRC chat via the CTCP protocol, Client-to-client protocol.
• The Windows RAM dump sent in case of an error also contains identifying data.
• File metadata can include important data: creation date, authorship, etc.

Decision : Do not use any untrusted and unverified application in an anonymous session.