protection
9.6 Using proxy servers for anonymity
A proxy server is a go-between between one’s computer and whichever server one connects to through the Internet. Depending on the specifics of a proxy, it can serve numerous needs:
1. A lot of people use proxies just to get around slow, nonoptional ISP caching (content stored locally to avoid having to get it from the Internet each time); in so doing, one can get speed improvements even if the proxy used is on the other side of the world.
2. Others establish an encrypted connection with an out-of-country proxy as a means of defeating local censorship or local monitoring. Once connected to a proxy, one can do all other Internet activities in a manner that is not observable by anyone in the path between the user and the proxy. Of course, the fact that one has established an encrypted connection to an out-of-country server will be very much visible to the local service provider and security services, and this is unlikely to endear one to the local regime.
3. Still others use a proxy in order to prevent a Web site that one looks at from knowing who is looking at it. Because Web browsers broad- cast a lot of information about a Web surfer, and especially because there are countless ways whereby a hostile Web site can retrieve any and all information from one’s browser, the motivation to prevent all that is self-evident.
4. Still others elect to use proxies to post anonymously to Usenet forums to avoid the—sadly inevitable—result of ending up on numerous advertisers’ lists or receiving harassing e-mail by assorted strangers.
5. Some proxies allow easier Internet access for the visually impaired: ea.ethz.ch:8080 is one notable example. Still others translate Web pages into languages that the user may understand; for example, mte.inteli.net.mx:3128 translates English Web pages into Spanish and zip-translator.dna.affrc.go.jp:30001 translates English Web pages into Spanish. As such, the often-heard assertions by law en- forcement that proxies are only used by those with criminal intent are totally without merit.
Setting up a proxy on one’s browser is quite simple. In the case of Netscape, go to Edit/Preferences/Advanced/Proxies, select “Manual proxy configuration,” click “View,” and fill in the blanks in accordance with the instructions of the particular proxy you want to use.
In the case of a local proxy (meaning, software in one’s own computer that assumes a go-between filtering role, such as JunkBuster), one merely needs to enter the word “localhost” in the “Address” blank for both the “HTTP” and “Security” fields, and the number “8000” in the blank for “Port.”
Web sites that provide current lists of proxy servers of all sorts or that provide information about a particular proxy include the following:
◗ http://www.webveil.com/matrix.html (highly recommended); ◗ http://www.webveil.com/proxies.html; ◗ http://tools.rosinstrument.com/cgi-bin/fp.pl/showlog; ◗ http://www.somebody.net; ◗ http://www.egroups.com/community/proxy-methods-list; ◗ http://mylad.newmail.ru/howto.htm; ◗ http://proxys4all.cgi.net/public.shtml.
Internet users from oppressive regimes should prefer out-of-country proxy servers, which are ephemeral and unlikely to have been identified as proxy servers by such regimes. Even so, using them involves the consider- able risk of incurring the regime’s wrath.
Caution: Most of the proxies one can find at proxys4all (http://prox- ys4all.cgi.net) actually mask very little and give a false sense of security because they reveal the IP address of the originator to the Web site being visited.
Remember that a remote proxy is nothing more than an untrusted go- between. That server will know precisely who you are (because it must know your IP address to forward to you whatever it is you are browsing through the proxy), and it will also know what you are browsing. Proxy servers usually do keep logs of who did what and when, and such logs can be subpoenaed by the local (to the proxy) authorities whose interest will be piqued by the mere fact that you are using a proxy, especially one that encrypts its connection with you. As such:
1. Try to use a proxy from a suitable country other than your own.
2. Keep in kind that that the lifetime of a proxy is very iffy. Many sur- vive for just one day; others for years. You need a continuously updated list of current ones that you can get as shown above.
3. Be very suspicious of proxy servers that require you to enable JavaScript because they can then see a lot in your computer that they really have no reason to see.
4. Do not overuse any one proxy; spread your online communications over different proxies, preferably located in different countries.
5. If you don’t (and you shouldn’t) trust any one proxy to protect your privacy, consider chaining proxies. According to a posting by Anony- mouse (which has since been sold) on February 5, 1999,
◗ Record your own current IP address (you can get it, for example, by
going to www.tamos.com/bin/proxy.cgi, or by typing netstat—n.
◗ Go to the Anonymizer form at www.anonymizer.com/surf_free.
and press the Enter key. This will take you to http://www.tamos. com/ bin/proxy.cgi.
◗ Now look at the URL displayed for the page http://anon-free.ano-
nymizer.com/www.tamos.com/bin/proxy.cgi.
◗ That prefix (http://anon-free.anonymizer/com) is the prefix that
you must write ahead of any URL you want to chain through Ano- nymizer in the future, for example: http://anon-free.anonymizer .com/www.cnn.com.
◗ Also notice the IP address shown (209.75.196.2); it is the identity
that Anonymizer gives out instead of your real IP address.
Equivalently, you can go through other combinations, such as Ano- nymicer as follows:
◗ Go to the Anonymicer form at http://www.in.tum.de/~pircher/ano-
nymicer and type http://www.tamos.com/bin/proxy.cgi into that form’s box (and hit Enter).
◗ This takes you, again, to http://www.tamos.com/bin/proxy.cgi; yet, if
you look at the URL shown for that page, you will see http://www. in/tum.de/cgi-bin/ucgi/pircher/anon-www.pl/www.tamos.com/bin/ proxy-cgi.
◗ The prefix http://www.in.tum/de/cgi-bin/ucgi/pircher/anon-www.pl
is the prefix that you should write in front of whichever URL you want to go to through Anonymicer.
A good current reference of the status of many free Web-based proxies can be found at http://www.webveil.com/matrix.html. It provides about 10 long pages full of detailed information on the current status of such proxies.
For additional information about the strengths and weaknesses of prox- ies, one may consult the following sites:
◗ http://www.ijs.co.nz/proxies.htm;
◗ http://www.ultimate-anonymity.com (don’t believe the name of the
site);
◗ http://tools.rosinstrument.com/proxy/proxyck.htm; ◗ http://proxys4all.cgi.net.
One can find numerous others by searching on the keyword “proxy.”
9.7
Using encrypted connections to ISPs for content
protection
The initial connection to one’s ISP when one logs in is never encrypted. What could (and should) be encrypted is what happens afterwards:
1. In the simplest case, one can connect to any one of many Web pages that support SSL (see Section 9.7.1), and this will establish an end-
to-end encrypted connection between that Web server (which may be on the other side of the Earth) and one’s computer. This prevents anyone else from becoming privy to the content of the data flow. Of course, the primary ISP will know where one has connected to, but not the content of any subsequent information flow.
2. Many corporate computing centers have established secure means whereby employees can log-in to the corporate network from afar. This is useful for traveling employees and those who work from home. This means is known as a VPN (Chapter 12), and it amounts to connection which is also end-to-end encrypted between the indi- vidual’s computer and the remote server. It shares many of the characteristics of SSL above, but many of the technical details are quite different.
3. Encrypted e-mail with or without attachments can always be sent through unencrypted connections. All that is observable to the ISP or anyone else is the outer envelope (i.e., who is sending something to whom). If anonymous remailing techniques are used (see Sec- tions 8.5.2 and 9.6), then that information is not very helpful to an interceptor or ISP, except in a negative sense because it raises the profile of the sender as someone who may be “up to no good” and worthy of more detailed surveillance.
4. Encrypted voice connectivity is a reality using free software (www.fourmilab.ch/speakfree); see Section 10.2.5.
9.7.1 SSL
SSL (now officially referred to as TLS, which is an Internet standard) is a protocol developed by Netscape that allows end-to-end encryption between one’s browser and the Web site one visits.
An SSL connection is verified by looking at the little lock icon on the lower left side of Netscape, as shown in Figure 9.3.
Caution: Recent work at Dartmouth College showed that a malicious remote site can paint your screen to make the lock look locked even when the connection is totally unencrypted.
The process of using Web-browser encryption to send and receive encrypted e-mail is quite straight forward from within either Netscape’s or Microsoft’s browser:
1. One connects to any of a handful of popular certificate-issuing organizations, such as Verisign (http://www.verisign.com), which charges about $10 per year, or to Thawte (http://www.thawte.com), which gives free certificates even though it has been bought out by Verisign.
2. After installing this certificate, one can subsequently exchange en- crypted e-mail with others who have also gone through the same ritual.
Caution:SSL mail does not encrypt the “From” and “To” information or the “Subject” line. Also, outgoing SSL-encrypted e-mail is encrypted so that the sender can also read it after it has been sent. It follows that a sender can be compelled by local authorities to decrypt that mail. By comparison, a user of PGP (which is highly recommended as a superior alternative for e-mail encryption; see Section 11.3) cannot decrypt outgoing e-mail encrypted for some intended recipient who is the only one that can decrypt it.
9.8
SSH
SSH is simply a piece of software that allows one to connect to another com- puter over a network and to do so securely over inherently unsecured chan- nels such as the Internet. As such, it is a secure replacement to Telnet’s rsh, rlogin, and rcp, familiar to old-timers in the Internet world. There are over 2 million SSH users around the world.
SSH is now the de facto standard for remotely logging in to a computer. It solves three key problems of Telnet-based login:
1. Weak authentication based on IP addresses that can be spoofed or reusable passwords that can be sniffed;
2. No privacy as packets can be sniffed and the content of the commu- nication, notably including the log in userid and password, can be seen by unauthorized persons;
3. No integrity protection as connections can be hijacked.
Without SSH, the content of Telnet-based communication between machines can be readily intercepted. This includes passwords as well as all data.
SSH foils such interception by optionally encrypting the packets and by only allowing connections between computers that trust each other by vir- tue of their IP addresses. Rivest-Shamir-Adelman (RSA) public-key technol- ogy, initially published in 1978, is used for the authentication. SSH never trusts the network. Of course, SSH is not a cure-all; it only protects from the three problems listed above.
There are two incompatible versions: SSH1 and SSH2.
There are plenty of software packages available that implement SSH; some are even free to download.
9.8 SSH 171
The interested user is encouraged to use SSH in place of FTP between Internet-connected individuals. It is dependable, secure, and easy to use. One can browse through frequently asked questions (FAQs) on SSH at any of the following sites:
◗ http://www.employees.org/~satch/fq/ssh-faq.html; ◗ http://www.tigerlair.com/ssh/faq/ssh-faq.html; ◗ http://www.onsight.com/faq/ssh-faq.html;
◗ http://www.ayahuasca.net/ssh/ssh-faq.html (in the United Kingdom); ◗ http://member.ctinets.com/~dhackler/ssh/faq/ssh-faq.html (in Hong
Kong);
◗ http://www.cs.univ-paris8.fr/ssh/faq/ssh-faq.html (in France).
9.9
The failed promise of peer-to-peer clouds
During the last 4 to 5 years, a number of independent efforts started—and largely failed—whose basic theme was that an online user could hide in the anonymity afforded by large numbers of concurrent users whose data pack- ets were to be shuffled through a collection of nodes.
The most notable of such efforts the following:
1. The well-regarded (for its technical skills) group Cult of the Dead Cow had promised “peekabooty” over the last 3 or 4 years as a peer- to-peer scheme for defeating interception. The effort has been discontinued.
2. The British libertarian group http://www.m-o-o-t.org had also been promising a bootable CD that would shield users from the invasive power of the British RIP Act.
3. The German J-A-P effort has been extensively reported in numerous Usenet posting in the alt.privacy forum to have been compromised by the German authorities.
4. A commercial effort by a Canadian firm, Zero Knowledge, ended within days after the September 11, 2001, tragedy.
Not all of these efforts were entirely the same. The British m-o-o-t effort emphasized leaving no data on one’s computer that could be forensically found and analyzed.
The rest of the efforts emphasized a cloud of nodes plus encryption. The basic idea behind these schemes has been that a user who is stuck behind a censoring firewall can connect to any point in a “cloud” of many users and that, unless an oppressing organization manages to shut down all the computers in this ad hoc network, it cannot be defeated. Access to the network could be attained by any means, such as posting a message on eBay, an ICQ message, an HTML access, and so forth; a reply could be made by a different scheme.
The problems with this concept are as follows:
1. A censor could block access to all the known nodes (e.g., IP addresses, e-mail addresses) of the cloud that a user is likely to know of and access. Those attempting access to the blocked nodes could be arrested. Worse yet, a censor could not block access but observe, monitor, and eventually arrest all who make access.
2. A censor could create rogue servers pretending to be volunteers helping the cause of freedom.
3. If known APs were to be blocked by a censor, then the users would likely go to “circumventor” nodes, thereby identifying such circum- ventor sites to the monitoring censor.
Is there a fix? Yes, but clouds are not the way. They are a viable solution to a different problem, that of preventing traceback from a destination site, not to the problem of preserving the anonymity of a freedom-minded indi- vidual operating inside a repressive regime.
A possible fix is for the freedom-minded user to have a personally trusted out-of-country site (or sites) from which to request locally banned information in an encrypted or steganographically hidden manner.
9.10
Caller ID traps to avoid
Most countries of the world have leap-frogged interim technology and have migrated from the mechanical “Stromberg Carlson” routers of telephone calls to the latest implementation of what is known as Signaling System 7 (SS7). This all-electronic system allows one to offer such popular features as caller ID, selective call rejection, call forwarding, and so forth. What may not be as evident is that identification of the origin of a telephone call is instantaneous in all cases. Caller ID blocking (i.e., when a subscriber thinks that he blocks his own phone number from being forwarded downstream) is an illusion; the number is still forwarded all the way except—in some cases—that it is not seen by the called party. In many cases (such as when calling a toll-free number, where the called party pays for the call and is pre- sumed to be entitled to know whose call he is paying for), Automatic Num- ber Identification (ANI) which is separate from caller ID, ensures that the called party knows the caller’s phone number regardless. The same applies when calling emergency numbers or some government offices); caller ID blocking does absolutely nothing.
The bottom line is that the initiator of an Internet dial-up connection, whether the call is local or international, is immediately identifiable, and there is nothing that the caller can do about it other than to use someone else’s telephone.2 This applies to cellular calls as well.
9.10 Caller ID traps to avoid 173
2. Some bill-collection agencies faced with the obvious “problem” of having their calls ignored by those they are trying to reach have been reported to be using equipment that allows them to cause a different number to be displayed on the called party’s caller ID box.