ANONYMOUS SURFING
“HIDING YOUR IDENTITY: ANONYMOUS SURFING”
Anonymous web browsing is browsing the World Wide Web without making ones IP Address or any other personally identifiable information available to the websites that one is visiting. A degree of anonymity can be achieved by using a proxy server. If the proxy server is trusted, anonymity will be retained because only the information on the proxy server is visible to outsiders. Anonymous web browsing is generally useful to anyone who wants to ensure that their sessions cannot be monitored. For instance, it is used to circumvent traffic monitoring by organizations which want to find out or control which web sites employees visit.
When communicating with others over the Internet, it is frequently preferred to not use any sort of identifiable handle (such as a user name or other arbitrary way of identifying who is speaking). The most popular worldwide example of this is within the Japanese forum 2channel. The forum prides itself on the total anonymity of those who post to the channel. The administrators of 2channel see the anonymous posting as a real benefit to those who post to the forum, because it is the argument, not the credibility of the author that is being debated. This is in stark contrast to other Internet forums, such as Slashdot. In Slashdot-style forums, the ability to post anonymously is available, but other users of the forum tend to hold the content of the post in a lower regard than they would if the same post was sent by a user with a registered username. The Slashdot forum encourages this tendency by attributing posts like this to Anonymous Coward‘, implying that the poster lacks the courage to stand by his or her statement.
When sending messages over the Internet, many people enjoy a sense of anonymity (or at least pseudonymity). Many popular systems, such as Usenet, e-mail, instant messaging, and web forums, and P2P systems, foster this perception because there is often no obvious way for a casual user to connect other users with a ̳real world‘ identity. On a technical level, all computers on the Internet use the Internet Protocol to speak to each other. Two-way communication at the protocol level requires that both parties know the IP Address of the other.
If communications are logged (for example, by the owner of a web-based bulletin board) or intercepted, the IP Address of otherwise anonymous recipients may be discovered. Sometimes IP Addresses are exposed directly as a feature of the communication system (often the case on Internet Relay Chat networks). Casual users often do not feel that knowledge of their IP Address is enough for other participants to connect their online activities to their ̳real world‘ identities. Depending on their technical, physical, and legal access, a determined party (such a government prosecutor or plaintiff in a lawsuit, or a determined stalker) may be able to do so, especially if they are assisted by the records of the Internet Service Provider which has assigned the IP Address. Some IP Addresses represent a specific computer. Others, due to proxies and Network Address Translation may represent any number of computers or users. It is usually easy to identify which ISP assigned the address, and this may reveal some identifying information about a person, such as geographic location or with the use of geo software the affiliation with a certain organization. To achieve strong anonymity, intermediate services may be employed to thwart attempts at identification, even by governments. These attempts to use cryptography, passage through multiple legal jurisdictions, and various methods to thwart traffic analysis to achieve this. Examples include anonymous remailers, Anonymous P2P systems, and services of the Anonymizer Company, among others. Anonymizer is shareware software, which can help to protect the IP Address identity over the web and offer a variety of consumer information security services including:
- Web Proxying
- Encrypted E-mail Services
- Anti-Spyware
- Anti-Phishing / Anti-Pharming
- Enterprise Class Competitive Intelligence Tools
Anonymity through proxy servers is also debatable issue over its relative nature for the following reasons. In using a proxy server (for example, anonymizing HTTP proxy), all data sent to the service being used (for example, HTTP server in a website) must pass through the proxy server before being sent to the service, mostly in unencrypted form. It is therefore possible, and has been demonstrated (see, for example, Sugarcane) for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords. By chaining proxies which do not reveal data about the original requestor, it is possible to obfuscate activities from the eyes of the users destination. However, more traces will be left on the intermediate hops, which could be used or offered up to trace the user ̳s activities. If the policies and administrators of these other proxies are unknown, the user may fall victim to a false sense of security just because those details are out of sight and mind. The bottom line of this is to be wary when using proxy servers, and only use proxy servers of known integrity (e.g., the owner is known and trusted, has a clear privacy policy, etc.), and never use proxy servers of unknown integrity. If there is no choice but to use unknown proxy servers, do not pass any private information (unless it is properly encrypted) through the proxy. More of an inconvenience than a risk, proxy users may find themselves being blocked from certain websites, as numerous forums and websites block IP Addresses from proxies known to have spammed or trolled the site.
