How to achieve true online anonymity

There is more. Like cache, links with included identifiers

Even more...
https://www.torproject.org/projects/torbrowser/design/

Depends on your screen. An unusual one more than the default desktop. Those values alone aren't very identifiable. It is the the combination of lots of such values that makes it unique.

Perhaps not that many people with a clock drift of x,xx seconds.

https://panopticlick.eff.org/ and https://ip-check.info/ are really only the beginning. Made by some people as a proof of concept for educational purposes without strong motivation to keep working on it.

 

Nothing within the browser exists after you delete the Sandbox. None of that. It never happened.

I realize that small details when considered with many other small details, plus some more substantial details can truly identify a person. But as far as the ever cookie, flash cookies, browser cache and that sort of thing.....it never existed once the sandbox is deleted and wiped with eraser. And even without Sandboxie, if you have Shadow Defender enabled, when you restart your computer, none of it happened, as far as cookies and browser history are concerned. There may be images on your hard drive, icons or pictures. But not in your browser. No trace of anything.

I have also tested https://panopticlick.eff.org with a bunch of browsers and it made some mistakes. But if I use different browsers configured differently, as I mentioned before, the panopticlck will see different browsers. If I use Cyberfox with certain addons for one identity, Firefox with it's own set of addons, Iron portable etc... I could even run them all poprtable from within separate truecrypt containers, sandboxed. One for each identity. If I only use them for a specific identity, then that is all that panopticlick will ever know.

But again, how common is it that websites use browser fingerprinting? I bet it is very uncommon and very unlikely. And for a browser to be traced across different websites, all of those websites would not only have to be tracking and logging browser fingerprints, but they would also have to be sharing all of this with each other. Do you think they do that?

 

That may be true.

How do you really know that? Once you find something that doesn't get deleted and wiped, you know that you were wrong. That would be a fact. But otherwise, you just have a hypothesis. Generally, it's the unknown unknowns that get you

Again, that may be true, but how do you really know? How much did most of us know about shellbags last year?

And in addition to images on your hard drive, there might also be malware that accesses an adversary's server when it's opened. Or maybe malware dropped a rootkit and botnet. Would Sandboxie and Shadow Defender prevent that?

Multiple Whonix VMs (or even multiple Xubuntu VMs with VPN chains via pfSense VMs) would prevent that. Even if one were irrevocably hosed, the others would be fine. And even the irrevocably hosed one couldn't leak your true IP address, because it has no way to know it (unless malware involved could jump from one VM to another through the host, which is still unlikely, I believe).

I wouldn't be comfortable relying on separate browsers. Using multiple pfSense and Linux VMs on modern hardware doesn't noticeably degrade performance. Each pfSense VM needs 300-500 MB, and each Xubuntu VM needs 600-1000 MB. Bodhi VMs need just 200-300 MB!

Websites share lots of stuff via third party tracking and ad-management services. It's prudent to assume that they're doing all of that, and to operate accordingly.

 

I’m very grateful for the many very helpful posts here.

Sorry to be dense, but I’m just not getting how these anonymity approaches defeat tracking problems with cookies/javascript/etc. If a website requires that you allow a cookie, doesn’t that cookie then “record” your IP address in a way that’s accessible to that website?

In the case of mirimir’s multiple VM’s, I get how each of the VM’s doesn’t know each other’s IP addresses, but doesn’t a website requiring a cookie still need to see an IP address from that cookie? If yes, which of the multiple IP addresses in mirimir’s system is the cookie going to give back to that website, and how does that not somehow connect to one’s actual geolocation?

With caspian’s approach, I get how after deleting everything from Sandboxie, there might well be nothing left. But caspian, when you write “It never happened”, I get lost. It seems like it did happen, even if it’s later deleted. Before you delete Sandboxie, wouldn’t a website requiring a cookie already have recorded your IP address? I don’t get how it protects your geolocation from aggressive evercookies/flash cookies, malicious javascript, etc.

Similarly, adrepanos’ Whonix seems to be a very credible option, but how does it deal with this same problem of cookies/javascript/malware/etc. revealing your IP address? Does it somehow bypass a website’s requirement to allow cookies?




richnrockville: your Remote Desktop Program suggestion sounds very interesting to me. If I’m understanding it correctly, the only IP address involved would be one geographically far away. If that is doable, that seems fantastic; seems so much preferable than having to exert a lot of effort into constantly defending against the endless onslaught of tracking software, malware, etc. trying to figure out IP addresses. Just have an IP address unconnected to my geolocation.
mirimir: it sounds like you agree that this RDP approach is workable? But only with VPN’s/Tor? (and thanks again very much for your help so far, mirimir; you more than anyone, have really taken significant time to help delineate how this all works)



mirimir and others: Which approach suggested on this thread would be best: mirimir’s isolation & compartmentalization approach? richnrockville’s Remote Desktop Program approach? qwax’s chained-vpn approach (on this thread a couple days ago)? adrelanos’ whonix approach? I suppose the answer to this question is dependent on individual needs; what’s most important to me is: effective location anonymity, ease of use, and good online browsing speed.

 

LampHigh, the solution that I suggested works by remote with the Keyboard, mouse and screen the only tie to the remote machine. All cookies and the IP for the remote machine is the only IP that anyone can find out. Unless someone gets physical access to the remote machine, they can't find out that you were on via RDP. Works, I do it all the time.

I don't off hand know of anyone that has machines that they will allow you to remote into.

rich

 

Amazon (AWS) does

And there are privacy-friendly VPS providers. Some accept Bitcoins.

 

Hey, it's my pleasure Thanks for asking good questions.

Yes, cookies may include (or more likely, link to server-side records of) your IP address. But that's just the IP address that the server sees you connecting from. If you're using a VPN, it's the IP address of the exit server. If you're using Tor, it's the IP address of the exit relay. It's the same IP address that you see when you visit a "what's my IP address" site.

There are exploits for "deanonymization" -- learning the ISP-assigned IP address of a machine's Internet gateway -- through bypassing proxies, VPNs and Tor. The best that I've seen was -http://decloak.net/, but it's gone. JonDo's -http://ip-check.info/ is now probably the best.

Properly configured, I don't believe that any of the approaches under discussion are vulnerable to such exploits. Approaches using machines or VMs that never see the Internet via your ISP-assigned IP address (adrelanos', richnrockville's and mine) would also resist attacks using "phone-home" malware, unless the malware escapes to an unsecured machine.

Let's say that there are two workstation VMs, each using its own chain of nested VPNs. The final (inner) VPN in VM1's chain has an exit IP address in Amsterdam (let's say 95.211.196.13). The final (inner) VPN in VM2's chain has an exit IP address in Stockholm (let's say 213.65.213.52). All cookies for VM1 are associated with 95.211.196.13, and all cookies for VM2 are associated with 213.65.213.52. None of them are associated with the ISP-assigned IP address. In other words, VM1, VM2 and the host machine that they're running on each have their own apparent IP address and corresponding geolocation.

While the VPN is connected, websites get the VPN exit IP address, and see the signature of the browser being used. While the VPN isn't connected, websites get the ISP-assigned IP address, and see the signature of a different browser. As long as cookies and other tags get wiped between sessions, websites can't correlate the two sets of IP addresses and browser signatures.

Using Tor, every app gets a new exit IP address when it connects, and then periodically thereafter. So your apparent IP address is constantly changing. Also, the Tor Browser Bundle, Tails and Whonix all use the same Firefox profile, so every Tor user looks the same. That's actually not quite true, because the profile has changed over time, reflecting the current Firefox version. But, as I recall, over 50% of Tor users are on the current version, with about 30% () on the previous, and the rest a mix of older ones.

Yes, that's an old standard. But it can be expensive. And there can be a money trail.

Even with a remote server, you need to prevent adversaries from tracing connections back to you. And you also need to protect the remote server itself. There are many ways to go about that. A simple and fairly secure approach is running a Tor client on the remote server, and providing SSH and SFTP as hidden services. You connect to the remote server over Tor, and the remote server connects to sites of interest over Tor. But there's the weakness that, in each case, both the Tor client and apps/services using Tor are running on the same machine. Better is having the Tor client and apps/services on separate VMs, which is what Whonix does.

Again, it's my pleasure

The only way to know is to try them. Learning VirtualBox is arguably the first step, unless you decide that Caspian's approach works for you. Once you have VirtualBox, you might as well try Whonix, because it's ready to use without any setup. If you don't want to reveal that you use Tor, you could use a VPN on the host machine (as quax is doing for chained VPNs).

If you find that Tor isn't fast enough for you, you can easily go with the chained VPN approach that quax is using. Indeed, you could easily do both, with Whonix for some stuff, and the VPN-connected VM for other stuff.

I wouldn't get into remote servers until you're familiar with the basics.

 

Caspian,

Have you tried Dephormation?
https://www.dephormation.org.uk/?page=2
https://www.dephormation.org.uk/?page=37

 

only happens if your host firwall isnt setup properly to block ALL traffic if the vpn drops, so that not one bit of an byte slips through , vm vpn chain or vpn connection client dont matter, tight firewall rules on all is required goes for vm and host and its easy peasy with comodo firewall and mirimirs vm pfsense firewall rules


and about caspians sandboxing , he is right that once the sandbox is deleted nothing stays on the actual physical drive since its fully virtualized , or just use SD wich allows for its virtualization to be cached in ram making your OS effectively an huge live cd , and its still being improved as we speak ,anyhow if its anti-forensic data security your looking for then go for encryption, thou if youre serious bout your privacy , security ,

anonymity id go with all of the above ive just mentioned , and for the hardcore paranoid , id go with mirmirs compartmentalization strategy if you dont know how to spoof your browsers useragent , tweak its security settings and randomize your hostname and mac

btw mirimir whats this whonix buisness , i thought you didnt like it , but you seem to have figured it out or somethin....

 

Hi Mirmir. I am not going to respond point by point. I know that your approach is far far better than mine and I do want to eventually learn how to use your method. But I think it may be too complicated for me. My point was that I think that even though my approach is less secure, I still think that it is a pretty good approach. Far better than what most people do. And since I don't do anything that is truly sensitive or dangerous, I think it is more than enough. Shadow Defender has had a lot of malware and rootkits thrown at it. And so has Sandboxie. I think they make a good team. But there is always a possibility that they may defeated.

I do want to learn your method. I do have Whonix installed. That was really easy. So when I get a chance I will go back step by step and try to figure it out what you are doing, exactly. It looks really complicated.

I wouldn't be able to use VMs all the time though. I do a lot of downloading and I collect a lot of animated gifs and upload videos and other files etc. So I wouldn't be able to do all of the fun stuff that I like to do with the VM's. But I could sure use your method on certain message boards and discussion groups. Thanks so much for all of the good that you share here. Caspian

 

What I meant by "it never happened" is that nothing is saved. As far as my computer is concerned, it never happened. As an example, I have an HP computer with a lot of games that came pre-installed. I have a younger friend who likes to play them sometimes when he visits. Some of these games are free only a certain number of times, and then you have to buy them. So I enable Shadow Defender. He plays the games, I restart my computer, and my computer no longer has any memory that games were ever played. It never happened, as far as my computer thinks. So I can play them again for free.

When I run a portable browser within a Truecrypt folder, almost everything, as far as I know, stays within the TC container, even in the absence of Sandboxie and Shadow Defender. I did a test a long time ago with sandboxed browsers on my desktop. All of the cookies and stuff were deleted when I deleted the sandbox, but images showed up on my hard drive. I ran several tests. So I then did the same tests with a portable browser running from a USB stick. Nothing showed up. Not a speck. Not even when I ran the browser unsandboxed. So when I run a portable browser from within a TC contained configured with Eraser, and with Shadow Defender enabled, I am willing to bet that no trace of my browsing is left anywhere on the computer. And I challenge anyone to prove me wrong.

As for my IP address. I always use a VPN. Well, not always. I do have accounts that I opened many years ago that I still use for family and close friends. And I don't use a VPN with Facebook. But I have 2 VPNs right now. And for added privacy I can also run the Tor Browser Bundle sanboxed, from within a truecrypt container. So my VPN sees that I am connected to Tor and that's it. And my ISP *only* sees my connection to the VPN. You mentioned ever cookies and persistent flash cookies. Those cookies do not exist when I delete the sandbox. So there is nothing special about them. With Sandboxie configured with Eraser, I challenge anyone to find a cookie that survives this. And I challenge anyone to find a cookie that survives a reboot when Shadow Defender is enabled.

 

No.

Cookies and Javascript do not reveal IP addresses. Not even in TBB. They are "only" used for linking one session to another, i.e. profiling. (Ever)Cookies are deleted every time you close Tor Browser (in Whonix). Other IP leaks (applications partially not honoring proxy settings) are impossible*, because the Whonix Design enforces, that everything must go through Tor and this isn't ensured on the Workstation, but independently on the Gateway.

Malware is a real issue, because the attacker can see the whole Desktop, what you type, all files etc. everything you can do, can link everything together. In Whonix case, "only" that particular VM is affected - The attacker still can't see the external ISP IP address, because it's not known to the VM. - The attacker would have to break out of the VM first.

Whonix Standard Download version (host+vm+vm) fails, as in IP discovery, against vm exploits, exploits against the Tor process, attacks against the Tor network and clever hypothetical proxy bypass bugs / design flaws. (No one ever reported finding a way to bypass Tor from Whonix-Workstation.)

There is detailed in the attack comparison matrix:
https://sourceforge.net/p/whonix/wiki/Comparison with Others/#attacks

 

Not at all ,i should share the knowledge gained.

 

I have been busy ,and had some hiccups getting Comodo right, but i should have some spare time the coming days.
EDIT:
look here

 

I do like it. It's the best ready-to-go Tor implementation that I've used.

But it is much harder to use the gateway VM with other Linux VMs (not that doing so would be wise). And I never did get a pfSense VM to connect through a Whonix gateway VM.

 

Some extremely helpful info on this thread; many thanks to all who have contributed. Some of it’s a bit confusing for me, so I’ve just downloaded a bunch of articles about concepts mentioned here, and will spend several hours reading that tonight and tomorrow, and when I post again on this thread tomorrow (or the next day), I’ll be able to do so from hopefully not quite as clueless a place as I am now. I’m feeling encouraged because it seems like the location anonymity I seek online may be doable after all…

 

That's true. But sites can link persistent cookies to logs that include IP addresses.

Right. And profiles include IP addresses.

Just to be clear, this is a far less serious issue for Tor, because Tor changes exit IP address so frequently. Even if new magic cookies persisted between browser sessions, particular cookies would be associated with random sets of unassociated IP addresses.

That's possible with any Firefox install.

The same is true for Linux VMs with pfSense OpenVPN clients.

However, I'm not saying that Tor doesn't provide far better anonymity than any VPN chain ever could. Anonymity with VPNs depends on trusting providers, while anonymity with Tor depends primarily on trusting the design and implementation. Tor vs VPNs has been the subject of many heated arguments on Wilders. But I don't think that it's an argument worth having. As I see it, they complement each other.

The same is true for Linux VMs with pfSense OpenVPN clients.

One could argue that Debian is more secure than Xubuntu. So then one would use Debian.

I'm not seriously concerned about vulnerabilities in OpenVPN and pfSense. Both have become quite mainstream, and have undoubtedly undergone intense scrutiny. I'm sure that zero-days are available for both, but only fools would use them on folks like me

 

Okay. So If I install Virtualbox and import the operating system Xubuntu 12.04 in it. Then I can install OpenVPN within that OS?

You said "Anyway, set up Network Manager to connect to it. There are instructions for doing that in a recent thread on Wilders." I have no idea where this thread is. But how difficult is this to understand?

So anyway, let's say my entire OS is running through airVPN . And when I fire up the VM, it is automatically connecting to the internet through airVPN. But I can install yet another VPN from within the VM which will travel through airVPN and then exit the second VPN. And so if I install the TBB inside of the VM, then Tor will travel through the free VPN which is traveling through airVPN.

I know this is a simplistic attempt to grasp your method. But am I on the right track? Is this at least a viable starting point?

 

Yes, you install VirtualBox. Then you create a Xubuntu 12.4 (long-term release) VM. Instructions for that are in one of my old tutorials. I'm sure that there are many others online.

I'm not finding the thread trying now. I'm very tired.

But check the Private Internet Access support page. Their instructs for Linux are pretty good.

That's correct.

You could also use the Whonix VMs, but then you'd be using Tor via one VM instead of two. But Whonix is more secure, because the Tor client and user apps are in separate VMs. And you can do many cool things in Whonix, without fear that you'll leak around Tor. The Whonix workstation has no way to see the Internet except via Tor.

Yes, it is.

I'll post more tomorrow when I'm more coherent.

 

Deleting evercookies...

How to delete all of them?

http://samy.pl/evercookie/

Specifically, when creating a new cookie, it uses the
following storage mechanisms when available:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-cached
PNGs using HTML5 Canvas tag to read pixels (cookies) back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite

TODO: adding support for:
- Caching in HTTP Authentication
- Using Java to produce a unique key based off of NIC info

I haven't seen a guide keeping care about all of them.

 

Hello,

here is the PrivaZer Team.

Most of the mechanisms used to store cookies are already cleaned by PrivaZer (look into "Cookies" in the scan list of PrivaZer)
but we will have a deeper look into this and keep us informed
of what we can do.

 

thought so , so it still holds true

 

So are you saying that Tor version of Firefox has some anti-evercookie magic that's not available for regular Firefox?

But I don't worry about that stuff. Mirimir doesn't care about anyone tracking what he does on this VM. Whenever he cares, he uses a different VM, or a LiveCD VM. My other pseudonyms use their own VMs, and my anons use Whonix

 

You say "most".

Could you ever get everything that samy does?

 

Yes. Tor Browser (includes TorButton and Firefox Patches) defeats evercookies and succeeds the evercookie tests.

Not saying it's not available for regular Firefox. Tor Browser is nothing more than regular Firefox + Java Script magic (TorButton) + Firefox Patches. It's certainly possible, maybe not trivial, I just haven't seen anyone documenting it, hence asking for it.