By Rainer Wichmann rainer@
la-samhna.de (last update: Jul 30, 2020)There are many reasons why one would want to remain anonymous and keep their privacy while using the internet, ranging from the need to escape surveillance in an oppressive state to the personal discomfort at being tracked always and everywhere.
There are actually several parts to that problem: one, hiding your IP address, i.e. the address that identifies your computer and can be tracked to you (with the help of your WLAN/DSL/.. provider). Second, hiding information that provides a unique "fingerprint" of you even though it may not give away your name or location. Third, one may want or need a fully anonymous email account for communication. And furthermore, it is often desirable to be able to make fully anonymous payments, e.g. for acquiring information (press articles, science papers, etc.).
Part I: Hiding your IP address
If you want to hide your IP address (which can be tracked to you and your location), you need to connect to the outside world via another machine, i.e. a proxy. There are two popular ways to do this, with different pros and cons.
Using a VPN (Virtual Private Network) Proxy
Basically, this means that all network traffic from or to your machine is sent through an encrypted connection (the VPN) to another machine (the proxy). This has two important consequences:
- Nobody except the VPN provider will see your IP address. Anyone you connect to will see the IP address of the VPN proxy instead.
- Nobody between your machine and the proxy will be able to read your traffic, since the connection is encrypted.
It is recommended to choose a VPN provider who supports OpenVPN using port 443 (HTTPS). This has the following reason: the HTTPS port is in common use for secure (encrypted) browsing, e.g. when doing online banking. Therefore sending encrypted traffic via this port is nothing suspicious. Also, for the same reason it is unlikely to be blocked by a firewall (e.g. on a hotel WLAN).
A significant advantage of a VPN proxy is that it is a system-level solution, i.e. all traffic is automatically routed through the VPN, without the need to configure individual applications. Also, it is reasonably fast (testing indicates download speeds of approximately half of that without the VPN proxy) and inexpensive (on the order of a few Euro per month).
However, there are also a few caveats:
- If the VPN connection is not set up, or disconnects for some reason,
traffic may be sent unprotected. To avoid this, you need to configure
the connection to always use VPN. In Linux:
- start nm-connection-editor
- highlight the connection you want to edit
- click on the settings icon
- in the 'General' tab, choose your VPN (you have to set it up first, of course), then tick 'Automatically connect to VPN when using this connection'
- The VPN provider (usually a commercial entity) who operates the proxy knows your IP address. Even worse, there is no way to exclude that it might actually be wiretapped by some state's secret service, or even operated by any such. It should not be considered a safe solution for civil right activists in oppressive states.
Using TOR (The Onion Router)
TOR is a network of proxies run by many different entities in many different countries. Traffic is routed not through a single proxy but through a chain of several proxies (like the layers of an onion) and is encrypted from your machine up to the last TOR proxy on the chain (the exit node).
While this provides more security than a VPN, it also has the disadvantage of being slower. In testing, TOR was between three and six times slower than an unsecured connection.
An additional disadvantage of TOR is the fact that unlike a VPN it is not a system-wide solution. To make use of TOR, applications (e.g. the web browser) must be configured correctly. With some applications (the TOR website specifically mentions BitTorrent) it may even be impossible to configure them such that all traffic goes through TOR.
To alleviate this problem, the TOR project prominently advertises and encourages the use of the TOR Browser, which is a special edition of the Firefox browser preconfigured for TOR and complete with all neccessary TOR utilities.
The TOR protocol uses a variety of ports, including 80 (http) and 443 (https), so it should be possible to use TOR even in a firewalled site (unless the site uses a list of TOR entry nodes to block those addresses specifically). To evade port blocking, you can add the line "FascistFirewall 1" to the torrc configuration file. If you installed the TOR Browser, this file is Browser/TorBrowser/Data/Tor/torrc
Comparison of VPN proxy and TOR
VPN Proxy | TOR | |
---|---|---|
Security | Moderate (VPN provider knows your IP address) | Very high |
Speed | Approx. 2x slower | 3-6x slower |
Cost | Low (few Euro/month) | Free |
Usability | Good (comprehensive setup guide supplied, system-wide solution, can be enforced by firewall rules). | Good for web usage (pre-configured TOR browser), otherwise problematic (needs per-application configuration, not all applications might be configurable as needed). |
Resilience |
Unlikely to get blocked by hotels etc. if OpenVPN over port 443 (https)
is used. Larger entities (e.g. governments) may have comprehensive
lists of VPN providers for blocking traffic from/to them. No added protection against fingerprinting your browser. |
Port blocking can be evaded as TOR can work with ports 80 (http) and
443 (https) only. The TOR browser not only comes pre-configured for TOR usage, but also is pre-configured to thwart attempts to obtain a unique fingerprint. |
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.0 Germany License.