Why You Should Care
These websites track you and build up entire profiles about who you are. See the attached infographic from http://www.backgroundcheck.org/.
You are being tracked online, everywhere.
Even on this blog. I use Google Analytics to see what visitors to this blog actually read and how you get here. I don’t have any ads on this site, though.
If you follow the steps below, you can keep visiting websites without them being able to compile a full profile on you.
1. How To Connect to the Internet
A proxy of some sort is absolutely crucial if you want to remain anonymous. Your IP can be tied to you personally. A proxy is much more difficult, if not possible, to tie to a person.
There are a couple of options here:
- VPN service
- Private VPN/proxy/SSH tunnel
- Private remote desktop
Tor is a decentralized network of computers and servers (called nodes), between which your connection is bounced before actually reaching the public internet. Your connection enters the Tor network on one end and comes out on another (via an exit node). This is suitable for casual browsing, but expect significantly slower bandwidth speeds. Every time you connect to Tor, you will get a new IP and often even a new country. This is good and bad. It will trigger anti-fraud system with payment companies (PayPal and their ilk).
Tor gives you access to .onion (dot onion) websites, which are notorious for being anonymous websites used for various clandestine or downright illegal purposes.
Some websites block Tor IP addresses and will deny you access, but most webmasters and system administrators recognize Tor as a legitimate means to avoid surveillance or don’t know or don’t care about it.
1.2 VPN service
While technically a lot older, these sprung up and reached the public eye a few years ago, starting around the time of The Pirate Bay trial and various filesharing websites getting taken down. They were more or less marketed towards filesharers seeking to share their files anonymously.
The way VPN service providers work is that they place or rent servers in what they think are good (or easily marketable) jurisdictions, such as Canada, Netherlands, France, Germany, Romania, Russia, Singapore, and Hong Kong, and install a VPN server software. Users then pay to connect to these servers and browse through VPN clients. This makes it look to the outside world that the client is browsing from said jurisdiction.
A VPN service is a good start if you want to ensure privacy, but you are at the mercy of the provider not storing logs and not supplying logs to authorities if requested. Since each VPN server will have more customers than IP addresses, you will share IP address with other customers. This can trigger anti-fraud systems with payment providers, gambling companies, and so on.
Cost: Usually starts at around 5 EUR/USD per month. Pay anonymously (BitCoins, Liberty Reserve, using fake details, or other).
1.3 Private VPN, Proxy, or SSH tunnel
This requires a fair amount of technical know-how or willingness to learn.
In short, you will need a server and install a VPN server or other proxy software yourself. In the case of a Linux server, you can quite easily use it as an SSH tunnel.
The cheapest option is to get a VPS (Virtual Private Server). VPS come in many shapes and colors. For this, you only need the bare minimum. A VPS with more than 128 MB RAM, 5 GB harddisk space, and 200 GB monthly traffic is overkill, unless you know you need more bandwidth.
I prefer VPS that use the virtualization technology KVM, since it lets you encrypt the server filesystem for that extra layer of security. When selecting operating system on your VPS, I recommend Debian (a form of Linux). It uses a very conservative approach to updates, only using tried and tested versions of software. It is also very lightweight and, of course, free of charge. It’s one of the most popular forms of Linux and there is thousands of websites with information and tutorials.
The advantage to this over a VPN service is that you control what gets logged and you have your own IP, making it suitable for virtually anything.
If all of this sounded like a foreign language to you, this option is not for you unless you are willing to spend some time researching the terms and phrases below:
- KVM LVM encryption Debian
- SSH tunnel VPS Debian
- Set up VPN server on Debian VPS
- How to secure Debian
- How to keep Debian updated
Link: Offshore VPS providers can be found on http://www.exoticvps.com/
Cost: 2 to 20 EUR/USD per month depending on location and requirements. Pay anonymously (BitCoins, Liberty Reserve, using fake details, or other).
1.4. Private Remote Desktop
This can be accomplished with either a VPS or a dedicated server. I would recommend a VPS with at least 1 GB of RAM, since this will not just be an ordinary server. Again, KVM is preferred since you’ll want to encrypt the filesystem.
For a dedicated server, there is no reason to settle for anything less than 2 GB of RAM. It’s going to cost extra, but I strongly recommend a dedicated server with KVM, IPMI, or equivalent so that you can install the operating system yourself step-by-step and encrypt the filesystem using LVM.
The difference to the previously discussed Private VPN, Proxy, or SSH tunnel is that with a Remote Desktop you use the server as a regular computer. You connect to it using VNC or RDP (Windows only; not recommended). Once connected, you can use it as a regular computer. When you close your connection, everything stays and you can resume working whenever. Perfect for the frequent traveler.
When it comes to private remote desktop, it is beneficial to have it as geographically close to you as possible to minimize lag (delay).
Recommended operating systems:
- Windows (if you absolutely have to)
Phrases to research:
- Set up encrypted VNC on (insert operating system)
- How to secure (insert operating system)
Link: Offshore VPS providers can be found on http://www.exoticvps.com/ (many VPS providers also have dedicated servers).
Cost: 15 EUR (VPS) or 50 EUR (dedicated) and up. Pay anonymously (BitCoins, Liberty Reserve, using fake details, or other).
2. How to Browse the Internet
While you can find privacy-enhanced versions of other browsers – such as SRWare’s Iron (based on Chrome) – none of them have the native, at-the-core privacy capabilities of Mozilla browsers.
The reason Mozilla browsers are the only acceptable browsers to the privacy-minded is its phenomenal support for extensions. Yes, Chrome has extensions, but they are limited in how much they can do. Mozilla browser extensions can do anything.
The following extensions are essential to any Mozilla browser user who wants privacy:
- AdBlock Plus – this legendary add-on blocks ads and, as such, tracking of your behavior.
- Ghostery – blocks even more tracking than AdBlock Plus.
- Redirect Cleaner – cleans up links, making it much harder to track you based on what links you click. Can sometimes upset the user experience.
- Modify Headers – use this to change the user-agent header of your browser so that websites do not know what browser or operating system you use.
- HTTPS Everywhere – looks for an attempts to use HTTPS (encrypted web traffic) wherever possible, even on websites that don’t use HTTPS by default.
Another important thing to do is to disable referrers. This is used by websites to track from what side you came. This is used for tracking. Type
about:config in your address bar. Click the button to continue to the settings. In the Search bar, enter
network.http.sendRefererHeader. Double click the entry and change the 2 to 0.
- 0 = do not send referer.
- 1 = only send for clicked links.
- 2 = always send.
You should also disable all plugins under Tools > Add-ons > Plugins. Disable every single one. This includes Flash and Java. You will see why later.
If you do all of this and browse via proxy, VPN, SSH tunnel, or remote desktop – your identity is protected online and you essentially become an online ghost.
The Tor Project has a preloaded version of Firefox called Tor-Browser which comes with many of these settings by default.
3. Don’t Be Stupid
All of your hard work becoming an online ghost can become completely null and void if you commit a mistake, such as using this structure to log in to your Facebook, LinkedIn, personal email, work email, bank, school, or government service… The list goes on. These are services we all use at least some of and that’s fine, if you follow this simple rule:
Use separate browsers.
I advocate using at least two different browsers. One for personal things (the aforementioned SRWare Iron, for example) and one for things that you want to keep private.