10.2 Anonymous Browsing

10.2 Anonymous Browsing

Although they're great for blocking advertisements and crushing cookies, there's one thing that HTTP proxies can't do, and that's hide your IP address. Fundamentally, there is no way for a proxy to change your IP address, because if it did, the remote web server wouldn't be able to send you back the web pages that you request!

But despite the apparent difficulty of doing so, there are good reasons for wanting to protect your IP address from other computers on the Internet: IP addresses and hostnames can contain personal information and, like cookies, they can be used for correlating browsing activities across different web sites. Finally, your IP address can be used to track back seemingly "anonymous" web transactions to uncover your true identity something that you may wish to prevent from happening.

Consider these hostnames and IP addresses that were recovered from log files:

daily-bugle.media.mit.edu 18.85.13.120

This hostname and its matching IP address belonged to a desktop computer at the MIT Media Lab in the early 1990s. Because this computer was only used by one person, wherever this person went on the Internet, he left tracks in log files that could be traced directly back to him. As the computer daily-bugle was also used to send mail and post to the Usenet, it was relatively simple to determine the identity of the person using this computer.

h00a0c030202a.ne.mediaone.net 108.21.147.24

This hostname was assigned by Media One to a cable modem subscriber in Cambridge, Massachusetts. Wherever that user goes on the Internet, he leaves his hostname and IP address in the log files. Media One assigns hostnames based on the MAC address of their users' Ethernet cards (e.g., h00a0c030202a). As most Media One users do not run their own mail servers or news servers, it's somewhat harder to map this address to a person's name. However, if you served Media One with a court order, the information would surely be forthcoming.

proxy-1558.public.svc.webtv.net 209.240.221.130

This hostname and its matching IP address belong to a proxy server at WebTV Networks in Palo Alto, California. This hostname and IP address can't be traced back to a specific user, because the proxy server is used by many different users over the course of time. However, the proxy server also keeps log files. Given a court order, WebTV would be forced to reveal this information.

asy5.vineyard.net 199.232.93.24

This hostname and matching IP address belong to a dialup server at Vineyard.NET in Martha's Vineyard, Massachusetts. As with the WebTV proxy, this hostname and IP address is reassigned to different users over time. But as with WebTV, records of who uses the IP address are kept, and when needed, these records can and will be turned over to authorities.

Many web-based email services transmit the IP address of the web browser with every email message that is sent in the mail headers of each message. For example, here are some headers from an email message sent using the Hotmail service:

Received: (from mail@localhost)         by apache.vineyard.net (8.9.0/8.9.0) id BAA18526         for <simsong@vineyard.net>; Mon, 20 Mar 2000 01:28:39 -0500 (EST) Received: from f254.law3.hotmail.com(209.185.240.27) by apache.vineyard.net via smap/ slg (V2.0)         id sma018473; Mon Mar 20 01:28:20 2000 Received: (qmail 36458 invoked by uid 0); 20 Mar 2000 06:28:18 -0000 Message-ID: <20000320062818.36457.qmail@hotmail.com> Received: from 24.1.20.191 by www.hotmail.com with HTTP;         Sun, 19 Mar 2000 22:28:18 PST X-Originating-IP: [24.1.20.191] To: simsong@vineyard.net Date: Sun, 19 Mar 2000 22:28:18 PST Mime-Version: 1.0 Content-Type: text/plain; format=flowed Status: RO

For many people, the small leakage of personal information that comes from IP addresses is tolerable and no cause of real concern. But other people are quite concerned. For example, you may be working at one company and interested in viewing the web site of one of your competitors. Although there's nothing wrong or illegal about viewing a competitor's web site, you might not want that company to know that you are downloading every single page of their web site every day. Or you might be monitoring the web pages of an ex-lover and you don't want to make the person feel anxious about your constant checking.^[3] Or you might simply want to hide your tracks for other, personal reason. But whatever your motivation, if you want to protect your IP address, fear not: you have many alternatives.

^[3] Yes, this could be considered stalking. Obviously, there are occasions where anonymity on the Internet may be a bad idea it can hide stalking, fraud, harassment, libel, and other criminal activities. The community, as a whole, has yet to decide the right balance. But whatever that balance may be, that is beyond the charter of this book.

10.2.1 Simple Approaches to Protecting Your IP Address

Here are some simple approaches that you can use to prevent the disclosure of your IP address:

Browse from a public terminal at a library

One of the best ways to assure anonymity when browsing online is to browse from a public terminal at an organization that is committed to the privacy of its patrons. Internet terminals at public libraries and many university libraries afford excellent opportunities for private web browsing.

Use America Online

When you browse the Internet using AOL's built-in web browser, you are actually viewing the Web through AOL's caching proxy servers. These proxy servers do a great job hiding your IP address. Instead of leaving a descriptive IP address and hostname, you will instead leave a series of caching proxy servers, such as this:

cache-rp03.proxy.aol.com cache-dh03.proxy.aol.com cache-df04.proxy.aol.com cache-dg05.proxy.aol.com cache-fra-aa03.proxy.aol.com cache-fra-ac08.proxy.aol.com cache-fra-aa03.proxy.aol.com cache-mtc-al02.proxy.aol.com cache-mtc-ak08.proxy.aol.com cache-mtc-al04.proxy.aol.com cache-mtc-al02.proxy.aol.com cache-mtc-am03.proxy.aol.com cache-rr07.proxy.aol.com cache-mtc-al02.proxy.aol.com cache-fra-aa03.proxy.aol.com cache-mtc-af06.proxy.aol.com cache-dg02.proxy.aol.com

Although America Online's privacy policies in the past have been somewhat suspect, your privacy with AOL is likely to remain secure unless you are suspected of being involved in illegal activities or you anger a corporation or individual that is likely to bring legal action against AOL. Thus, for many individuals, simply using an AOL account can guarantee a large amount of practical privacy, even though this privacy is not as iron-clad as other available approaches.

Use your ISP's web cache or proxy server

Many ISPs make web caches or proxy servers available to their customers. When you view a web page through a cache, the remote web server frequently is given the IP address of the proxy server and not the end user. Thus, using an ISP's web cache or proxy server can be a good way to protect your IP address from remote servers.

Unless your ISP has specifically made a claim to protect your privacy, using the ISP's web cache to protect your privacy can actually backfire. If you are using the ISP's web cache or proxy server, then every one of your web requests goes through the ISP's software before it goes to the Internet. This allows the ISP to monitor every web page that you view. This information can also be recorded in the ISP's log files. Further, some web caches can be configured to report to the remote system the IP address of the browser that is accessing the cache. Thus, unless there is a specific claim of privacy being made, using the ISP's web cache or proxy server may actually decrease your privacy.

10.2.2 Anonymous Web Browsing Services

While all of the simple approaches described in the previous section work, none of them are foolproof. If you are truly in need of secure, anonymous web browsing, then you should use an anonymous web browsing service.

Most anonymous web browsing services operate as proxy servers. That is, your web browser speaks to the anonymous web browsing service, and then the web browsing service speaks to other web sites on the Internet, as shown in Figure 10-6. As with the web proxies and caches, somebody looking at their log file sees a request coming in from the anonymous web browsing service, but they can't track the request back beyond that without asking the company operating the proxy for help. But unlike an ISP that might operate a proxy or a cache, the anonymous service guarantees that they will not keep any log files, so there's no way they can render assistance in the event of a lawsuit or a court order.

Figure 10-6. An anonymous web browsing service acts like a proxy server or a cache, except that no records are kept by the operator

There are several anonymous web browsing services available today, each with its own special twist.

Anonymizer.com

Anonymizer.com was one of the first anonymous web browsing services. Unlike other services, Anonymizer requires no special software to be installed on your computer and no configuration changes to be made. Instead, users click to the web site http://www.anonymizer.com/ and enter the URL of the site that they wish to visit. The Anonymizer server fetches the web page and displays it within your browser. What's particularly clever about Anonymizer is that it rewrites the URLs for images and links that it finds in the downloaded HTML, so that when you click on a link, it continues to fetch subsequent web pages through the anonymous web browsing services.

For example, if the Anonymizer finds this HTML tag on a web page:

<a href="http://www.simson.net/">Simson's home page</a>

it might rewrite the URL to be this:

<a href="http://anon.free.anonymizer.com/http://www.simson.net/">Simson's home page</a>

When we clicked on the link, the following entry showed up in our web server log:

anon-ascella.proxy.anonymizer.com - - [13/May/2001:16:01:58 -0400] "GET / HTTP/1. 0" 200 18581 "-" "Mozilla/4.0  (TuringOS; Turing Machine; 0.0)"

Figure 10-7 shows a web page viewed through the Anonymizer. Anonymizer.com operates both a free service and a commercial service. The free service is slow and subsidized by commercials (which are shown to you anonymously). As of May 2001, the commercial service was roughly $5/month. Anonymizer also offers a secure tunneling service, which gives you a cryptographic tunnel between your browser and the anonymizer server. This tunnel prevents your ISP or others from seeing the contents of the traffic between your computer and Anonymizer.

Figure 10-7. The Anonymizer web privacy service uses URL rewriting to provide anonymous web browsing

Freedom, by Zero Knowledge Systems

The ZKS Freedom system takes a more cautious, but also a more expensive, approach than Anonymizer to providing anonymous web browsing. Instead of running all web traffic through a single server, which might be compromised by its owner, the Freedom Network is designed so that each packet is sent through at least three separate servers, each one operated by a different organization (and in many cases, each one in a different country or political entity), as shown in Figure 10-8. When a person using the Freedom Network starts up his computer, the user's client identifies a path through the Freedom Network that encrypted communications will follow. Each packet sent over the Freedom Network is encrypted with three distinct layers of encryption. The packets are sent from the user's computer to the first computer in the path. The first computer decrypts the outer cryptographic shell and then passes the packet to the second server. The second server decrypts the middle cryptographic shell and passes the packet to the third server. The third server decrypts the innermost cryptographic shell and sends the packet to its ultimate destination.

Figure 10-8. Each packet of data sent through the Freedom Network is encrypted with three distinct layers of encryption

In addition to anonymous browsing and chat, the Freedom Network offers "untraceable encrypted email." The Freedom Internet Privacy Suite control panel can keep track of multiple identities, which ZKS calls nyms, to the point of filling out different "names" and "addresses" on web-based forms when different nyms are being employed. Each nym can have its own set of cookies or, alternatively, have cookies blocked.

The system is quite comprehensive. The cost is currently $49.95 per year, which includes 5 nyms.

safeWeb

safeWeb is an anonymous web browsing service that is similar to Anonymizer.com. The key differences are that safeWeb is free (supported by non-tracking banner advertisements), it uses SSL encryption to prevent eavesdropping, and it has more customization capabilities (see Figure 10-9).

Figure 10-9. safeWeb's customization panel allows you to control how much information about your computer is revealed when you browse "anonymously"