Don't Fear Internet Anonymity Tools

Thanks for the info, Gerard. See pic for details on what I'm using.


Edit: Apparently the Basic Anon 2004 service does not include Secure Tunnelling. Sorry...

 

Hi there D&C! (we gotta stop meeting like this or this thread will get as long as the Two Word Story... )

As Gerard has said, an encrypted tunnel will encode all traffic sent using it. This encryption is done without the applications concerned knowing about it (hence why you don't see any indication in your browser). If you connected to an https site though, the browser would indicate this as normal and would do its own encryption (giving you 2 levels of encryption, not that it should be necessary for most purposes). This means that tunneling can be used with almost any networking application without the need to alter it.

It is fairly easy to check whether a connection is encrypted or not. You could use a packet sniffer like Ethereal to examine the packets leaving your system (if they were unencrypted then you should be able to see readable text - in the case of a web page request it would include the URL). Another option (and probably an easier one) is to use Port Explorer's Socket Spy feature - with this you should be able to see the unencrypted traffic going into the application creating the tunnel and encrypted traffic being sent out.

As for determining which encryption method is being used, this is much harder. Some techniques can be easily identified by the characters used (e.g. ROT-13 which is trivial to break), others may include header information that identifies the algorithm used. However identifying this from looking at the data only is very much a job for a cryptanalyst.

 

Thanks, P2K. I already use PE, so I'll check it out and see what I can find. But I incorrectly stated above that Anon 2004 includes Tunnelling - it doesn't. It only encrypts traffic, without the tunnell. To get the tunnelling you have to subscribe to their "Total Net Shield" product.

 

As a follow-up to the post above....Here is a look at one of the packets as Port Explorer is seeing it. Sure looks encrypted to me. At least it doesn't appear to be any language that I understand...


So as a follow-up question for P2K - what more would tunnelling give me if I already have encryption?

 

Yep, that looks encrypted - if this was outgoing traffic from the Anonymizer software then checking the incoming traffic (from your browser) to see the difference is worth doing.

Tunneling would allow you to use almost any network application (e.g. Usenet, IRC, P2P) and have its data encrypted between you and the other end of the tunnel.

 

I have one of them on my pc too..give u a wrong isp no?.. guess it has advantages to not showing ur real isp?... its like giving out your phone no i guess any thoughts on these programs?? mind u if u do nothing wrong u have nothing to fear ways to look at it..maddawgz

 

It was outgoing traffic, I believe. I'll do that.

OK. Just to make sure I understand...

1. Right now the service I have (Anon 2004) simply offers encryption. That means all traffic between my browser and the Anon server (right through my ISP) is encrypted, right?
2. Tunnelling means ALL CONNECTIONS are encrypted between MY PC (browser, email, P2P) and the Anon server, right?

 

Correct.

 

Thanks, P2K. Regarding encryption, one thing still confuses me. Please refer to the pic below regarding Anon's privacy settings. Note there is a control for SSL that is separate from a control for URL's and another for Cookies. This seems to imply that for a connection that is secure, the data is encrypted but cookies and the URL is not. Is this right? Confusing.

 

Regarding P2K's comparison between simple SSL Encryption and Tunnelling above, I am seeing something completely different using Port Explorer. Please bare with me while I explain.

When I start the Anon application, using PE I see 2 ports opened by Anonymizer 2004. Both are TCP connections listening to the Local Host.

Once I open my browser, I see traffic routed from my browser to a port on the LocalHost, and then by AnonProxy from that same port to their server port 443. I assume port 443 implies a secure connection.

All of this goes along with P2K's explanation above. However, I am seeing something very similar when I send email. Traffic is being routed from msimn.exe to that same port 443 on Anon's server (see Pic) Why?

And regarding my weather application (WeatherWatcher). All traffic from that app is also being routed to port 443 on Anon's server. Why?

All of this sounds like secure tunnelling is at work. But SecureTunnelling is not part of the service I subscribe to (I am told).

 

Daisey,

I find that very odd about OE. P2K is 100% correct in his post above. He seems really sharp on these things. The only thing I could add about the tunneling is that it is generally much faster. Anon 2004 doesn't come with secure tunneling, but some of what you post makes me wonder what you have. For their secure tunneling you must use their own branded tunneling software, or use F-Secure. Are you using either one of those? That's the ticket for tunneling. If you're not running SSH software, there's no tunneling. I'm really curious now as your "about" box showing Anon 2004 and some of the other things seem to be at odds. UNLESS, do you remember adding something called "Anonymizer Private Surfing" onto your package? They no longer offer it as an add-on, you have to get Total Net Shield. maybe that's what is going on? I just thought of that.

Good weekend to 'ya!
Gerard

 

The software appears to offer a choice of whether to encrypt the URLs. I assume that, if disabled, page requests are sent in the clear with only replies being encrypted - this can be confirmed using Port Explorer. Sending queries in the clear may offer performance benefits but a lot can be deduced about your online activities from the URLs - especially since terms supplied to search engines are normally included in the URL (e.g. a Google search on "Internet" and "Privacy" gives a URL of http://www.google.com/search?q=Internet Privacy).

As for the other settings (cookies, ads, referers), these are included because your firewall cannot filter these if the traffic is encrypted, so the Anonymizer client software provides an alternative. However the firewall may be able to do such filtering on traffic between the client and the browser (which should be in the clear) and Proxomitron should also work as normal (provided you have a chain set up of Browser->Proxomitron->Anonymizer).

As for Outlook Express making a connection via Anonymizer, the most likely cause is that you have an email with web content (images from an external website) - in this case OE would use the same proxy settings as Internet Explorer and make a separate connection to download each page element.

These do pose a privacy issue in that the email sender could include unique URLs with each email and track (by noting incoming connections) from where and when you read the emails - this is a more serious problem with spam since you most certainly do not want to confirm your address as being live! I would suggest that you restrict Outlook Express to ports 110 (POP3, for reading email - if you use IMAP then you need port 143 instead) and 25 (SMTP, for sending email) only using a ZoneAlarm expert rule. Alternatively consider switching to an email client that allows you to disable such downloads (though XP SP2 does add this feature to OE I believe).

WeatherWatcher is most likely using HTTP (and the IE proxy settings) like your browser to retrieve its data and you will find many programs' update utilities use HTTP also (and will therefore be Anonymized).

 

Thanks, Gerard. Please understand that I am not doubting P2K. He is definitly the authority on these issues. Just trying to understand what I'm seeing.

Good morning, P2K.

Are you saying that if URLs are not encrypted that only received traffic is, and all data sent out FROM browser may not be (including passwords, etc.)?

I'm not sure how familar you are with Anonymizer.

They have a Private Surfing product which allows you to log into their web site, and surf around the net. Those options I showed above in the pic can be selected when Private Surfing from their site. When surfing via this method, with privacy level set to MAX, one is using SSL, and the LOCK is ALWAYS displayed in the brower status bar. The URL in the address box is also a jumble of letters (implying encryption).

They also have an app called Anonymizer 2004, which you install on your PC. Once installed, you simply turn it on and start surfing. No need to navigate to their site or log in. If you enable "Surfing Security", it says all traffic is encrypted with 128bits (see pic). When using Anonymizer, this is the method I primarily use. However, as stated above, no lock in the status bar; URL are NOT garbled letters. And I'm seeing connections as stated above using PE.

I'm wondering if URL's and Cookies are also being encrypted as possible when using the Safe Surfing option from their web site.

I have added these restrictions to my firewall rule. Thanks for the suggestion.

 

I tried this, P2K. With Anon 2004 on, OE wants a connection to Anon's server, port 443, according to ZA. Otherwise, I get nothing from OE.

 

Hi Daisey,

Just so you know, I didn't think you were doubting him. That thought never occurred to me. I was just stating my confidence in his posts. He's just really good on these issues.

 

Agreed.

 

An HTTP request has 2 parts - a header (which includes the URL requested plus information on your browser and computer, as shown on Analyze Your Connection along with any cookies) and a data portion. For most page requests, the data portion will be empty but when a form is being sent (such as when posting at a forum or sending a password) this will be included in the data section.

I don't know the inner workings of Anonymizer's products, but if the option of not encrypting the URL is offered then it would seem highly likely that the rest of the HTTP header would be in the clear also with only the data being encrypted (which would include passwords, if supplied). Note that if connecting to a site via HTTPS all such data would be encrypted regardless of Anonymizer's settings.

However, you can easily check this by altering settings and using Port Explorer to monitor the results.

The Private Surfing options apply to the traffic between your PC and Anonymizer's server - data from the server to the destination webpage cannot have encryption added since the destination web server is not expecting it (this applies to JAP, Tor and similar systems also - data from the last mix server to the destination website is sent without any encryption added).

Anonymizer 2004 is acting like a tunnel - all encryption is taking place without the knowledge of the network applications running over it which explains which you don't see any indication of it on your browser. The Private Surfing service on the other hand is more like a webpage - your browser connects to it and sets up a connection (which can only be used to retrieve web pages). It offers the option of encryption so you can choose between a faster service or a more secure one. The faster service will just hide your IP address from websites you visit and the secure one should hide your activities from your ISP (or anyone else with access to your network connection) also.

If SSL is enabled then they should be encrypted between your PC and Anonymizer's server.

Are you using OE to access a Hotmail account? This would require OE to access webpages and would in turn need a connection via Anonymizer. If not, then does blocking OE from accessing Anonymizer have any noticeable effect?

 

There are some strange things happening here. Yesterday when I setup the rules for OE, it would not get any mail at all before I gave it HTTPS rights to the AnonServer's IP. And ZA told me it blocked a request from OE for that. So I added the rule.

Today I removed the rule, and OE now doesn't mind not having the connection. And I think I have a clue why.

See pic below. Yesterday when OE was wanting a connection to Anon, PE showed my browser as a Parent process of OE. In the pic below, one is not a parent of the other.

I'm not sure what all of this means, but I wonder why it would do this?

 

Did you start OE via IE? (e.g. by clicking on an email link on a webpage). That is the most likely cause.

 

No. As a matter of fact, I've removed that icon from my toolbar. Never use it. See pic - it happened again...

 

Whoa there - according to that screenshot, Windows Explorer is the parent process! This is to be expected since Windows Explorer is what provides your desktop - so when you click on an icon or select an entry in the Start Menu, it is Windows Explorer that fires up the related program. Internet Explorer's filename is iexplore.exe - you could try confirming this by closing any existing copies of OE and clicking on an email link in a webpage with IE (like this one) and seeing if it then starts OE and gets listed as the parent process.

 

Please help guys

Hi all

so how do you connect

firefox > proximitron > Anonymizer ??

i have tried:

firefox (127.0.0.1: 8080 - removed any entries for "no proxy for") > proximitron (127.0.0.1: 80)> Anonymizer

but it still doesnt look like proximitron is having any effect.....eg when i try to change the user agent as 'in' this is not showing up

what am i doing wrong? please help

TC

 

Ok,

ignore the above,

she's working now.

Thanks anyway

tc

 

Thanks, P2k. I'm not that familiar with the terminology, but in my last pic above, isn't OE the parent process of NetCaptor, my browser? Seems like there are nested levels of parenting (did I say that? ) going on here. With Windows Explorer the parent of numerous other processes, including OE, and OE a parent of NetCaptor. Or am I misunderstanding what this display is showing?

P.S. I think I may have confused you and led you to believe I am using IE as my browser - I am instead using what I believe is called an IE Shell ( ), (NetCaptor).

 

D&C,

In order to keep this thread on-topic, would you consider following this issue up in the Port Explorer forum? Thanks!