Archive | Internet Anonymity RSS feed for this section

Anonymous Internet surfing with Liberté Linux

/ 16 May, 2012 / Internet Anonymity / Permalink

 Liberté Linux review

Liberté Linux is a small (220MB) Gentoo based secure oriented distribution available as a live CD, live USB thumbdrive, installable or Open Virtualization Bundle (.ova) compatible with Virtualbox and VMWare. This operating system enables people to anonymously communicate with others via chat (Pidgin+OTR, XChat) or email and browse the Internet using tor, it supports new and old hardware, including 3G modems, Bluetooth and experimental UEFI booting.

Openbox is the default window manager, from there you can configure your mouse, keybindings, timezone, etc. You will find security software like the open source Figaro password manager and GNU Privacy Assistant (GPA) to manage encryption keys together with tools to read text (ePDFViewer, FBReader), listen to audio (Audacious), watch videos (Movie Player), edit images(Geeqie) and a task manager displaying CPU and RAM. Liberté Linux keep its size small replacing bloated software with lightweight tools that do not carry unnecessary features, for example instead of using LibreOffice to edit text it comes with Abiword.

Liberté Linux Anonymous operating system

Liberté Linux Anonymous operating system

The wireless network card MAC address is randomly changed at boot time, the only thing Liberté Linux asks the user to enter is a passphrase during installation in order to create a LUKS compatible encrypted storage space using otfe  (On-the-fly encryption) where persistent user data will be stored in /mnt/boot/otfe/liberte.vol  using a paranoid 8192 RSA key that will take a couple of minutes to generate. The user is automatically logged in as “anon“, if you need to be root, and it is never a good idea to browse the Internet as root, the root password is “liberte“, entering “gentoo=root” during boot will also unlock it.

Epiphany is the default browser, leaner than Firefox, it comes with HTML5 support, you shouldn’t need flash to view online videos in YouTube, the browser has been configured to surf the Internet through tor,  including links to The Hidden Wiki, Wikileaks and Torcheck on the main page to get you started. The Florence virtual keyboard allows the user to enter text using the mouse, a good way to bypass hardware keyloggers in public computers, RAM memory is wiped when you power off the system to stop cold boot attacks.

Liberté Linux is pioneering the use of Cable Communications for anonymous email exchange, achieved giving the user a cryptic .onion and .i2p address that functions as  personal email address, it requires some configuration in Claws email to use it. Message delivery can take hours or days and you will get a delivery receipt once the message reaches the recipient.

Liberté Linux Florence virtual keyboard

Liberté Linux Florence virtual keyboard

It is possible to run a stand alone VPN or PPTP using the network manager and tor-resolve in console mode, you can run Liberté Linux inside Windows too but I would not advice it as IMHO it weakens your privacy. I have used other Linux distributions for anonymous Internet surfing, like Tails and OccupyOS and I have decided to adopt Liberté Linux as my default distro for secure communications, I find it more suitable for me because it is more lightweight, it comes with detailed documentation, it creates an encrypted storage space for user data and exists the option to disable tor in case I need to login into Paypal or any similar site blocking proxies.

I don’t think you will be disappointed with this operating system. If you are wondering why it does not include Truecrypt I suspect that it might have to do with the fact that Truecrypt is not released under the standard Linux GPL license and this can be a problem. However, you can create your own encrypted containers from command line with otfe.

Visit  Liberté Linux homepage

0 Comments

Host a tor server entirely in RAM with Tor-ramdisk

/ 7 May, 2012 / Internet Anonymity / Permalink

Set up a tor proxy server

Tor-ramdisk is a tiny Linux distribution (5MB) developed by the IT department at D’Youville College (USA) to securely host a tor proxy server in RAM memory, it can run in old diskless hardware and it will stop a forensic analysis from people stealing or seizing a tor server. In the event that a tor server is seized due to ignorance or calculated  harassment, and it would not be the first time, the end user would still safe because the chained nature of the tor proxy network makes it impossible to find out someone’s computer IP by seizing a single server but other data, even if meaningless, can still be recovered, running tor in RAM is an extra security step that can help convince people that the machine is merely acting as a relay as it contains no hard drive.

When a Tor-ramdisk server is powered down all the information is erased with no possibility of recovery, the tor configuration file and private encryption (torrc& secret_id_key) in between reboots can be preserved exporting and importing them using FTP or SSH making the life of a tor node operator easy.

tor server proxy diagram

tor server proxy diagram

One disadvantage of running a tor node entirely in RAM memory is that it can not host hidden services as that requires hard drive space, other than it is a fully functional entry,middle or exit tor node. I would advise you to block all ports (USB,Firewire) in the server with epoxy, there are computer forensic tools that can be plugged into the USB port and make a copy of the RAM memory on the fly. You might have heard about the cold boot attack where someone with physical access to a recently switched off server or computer can still retrieve data remanence from RAM memory, this is not easy to achieve and the recovery timespan is comprised of a few seconds.

Visit Tor-ramdisk homepage

0 Comments

FBI seizes anonymous remailer from Rise Up Network facilities

/ 20 April, 2012 / Internet Anonymity / Permalink

 Mixmaster remailer seized

A server physically located in a collocation facility in New York shared by left leaning organisations Rise Up Networks&May First/People Link was seized two days ago, 18th April, by the FBI turning up with a search warrant. The server belonged to the “European Counter Network“, an Italian group defining itself as “antifascist“,  it provided email accounts, mailing lists, website hosting for activists and remailing to the public. It appears that an anonymous person sent more than 100 bomb threats over a period of months through the mixmaster remailer network to the University of Pittsburgh leading to numerous building evacuations while the police cleared all false alarms. No arrests have been made so far but the investigation remains open.

Riseup press release calls the server seizure an attack on free speech that has left artists, historians, gay rights groups, feminists and others without mailing lists and email accounts, various websites have also been taken offline as a consequence of the seizure. Riseup claims that while sympathizing with the University of Pittsburgh community they do not understand why the FBI has taken the server when “authorities knew that the server contained no useful information that would help in their investigation“.

Remailer

Remailer

Mixmaster remailers resemble the tor proxy network in that they do not log anything and work in chain mode, normally three servers in different jurisdictions are involved routing an email before being finally delivered to an inbox, however more servers could be involved if the sender specifies it in the settings. Mail servers running open source Mixmaster software remove header information to make it impossible finding out the sender, messages are deliberately held for some time to avoid time based attacks and it can take days or hours before an anonymous email is finally delivered.

A Mixmaster remailing server has been designed to make it impossible to trace emails back to the original source for the system to fail it would be necessary to seize all of the servers involved sending a message and recovering erased logs, assuming they ever existed. A new protocol called Mixminion is in development and intended to replace Mixmaster in the future.

More information: RiseUp press release regarding server seizure 

0 Comments

SkypeMorph disguises tor traffic as Skype video calls

/ 17 April, 2012 / Internet Anonymity / Permalink

Hide tor proxy traffic

 Countries like Iran and China routinely block public tor IP addresses, to get around this problem relays called tor bridges are not made public and only facilitated to users living in repressive countries after request. According  to recent research from Internet security firm Team Cymru, China’s Great Firewall can distinguish in between normal traffic and tor traffic using SSL deep packet inspection, one factor used by the Great Firewall of China to detect tor traffic is the tor proxy SSL cipher list, in between others. Communications can not be read because they are encrypted but a bot attempts to connect to the suspected tor server IP passing itself of as a user, when it confirms it is a tor bridge via a successful connection the tor server IP is added to the list of blocked IPs in the firewall.

Iran has also been reported in the past for having an Internet censorship system able to identify the beginning of a tor proxy SSL handshake and interrupting the handshake.

SkypeMorph disguises tor proxy traffic

SkypeMorph disguises tor proxy traffic

SkypeMorph uses traffic shaping to convert tor packets into UDP (User Datagram  Protocol) traffic preventing deep packet inspection of tor data from being recognized as such. SkypeMorph traffic shaping mimics the sizes and packet timings of a normal Skype video call, the developers of this tool at the University of Waterloo in Canada chose a VoIP client to hide tor traffic because the flow of data packets, sending a request and waiting for a response with a long pause during transmission resembles how a tor proxy server works.

SkypeMorph is a pluggable transport that will work with the own tor project developed obfsproxy, a program for Mac, Windows and Linux users masking tor traffic as a different protocol specified using pluggable transports.

Visit SkypeMorph homepage

0 Comments

Top 8 websites for self-destructing email and notes

/ 21 March, 2012 / Internet Anonymity / Permalink

 Self-destructing messages

Sending a self-destructing note or email is a good way to  to make it difficult for someone to forward your message, saving it to a hard drive or stop a third party email server from keeping the message archived for years. The only way around for someone to copy a self-destructing email would be taking a screenshot, the message would still have to be associated with the sender to compromise your privacy, some of the services below make it difficult to make a readable screen grab.

OneShar.es: Allows you to compose a text only message on their servers via SSL, you are then given a unique URL that can be copied into any email message, IM or chatroom, after someone views the URL to read the message it will automatically self-destruct. i.e. erase itself from the server

PrivNote: Web service using SSL to send secure self-destructing notes without any registration needed. The text message will be made unavailable through the link after someone reads it once, there are no configuration options other than leaving your email address to be notified when someone reads the note.

QuickForget: Designed to compose an online note through a SSL connection from your browser to their severs and easily set it up to expire after a specific number of views or length of time after which your note will be purged from the database for ever.

QuickForget secure online note

QuickForget secure online note

OneTimeSecret: After creating a self-destructing note you will be given two links, one that will display the message once and another link for you that will inform you if the message has been read when you visit it. Optionally you can set up a password to protect the message.

BigString: Advanced email tracking with self destructing and erasable email even after sending, it can be set up to stop forwarding, saving and printing. There is an option to make it difficult to take a screenshot of the message. It can be used to self-destruct attachments as well as text and sending password protected messages.

BurnNote: With SSL connection to write text notes your message will be erased after it has been viewed once, the time it remains on the screen is timed. You can use the spyglass option to force the receiver to use a virtual magnifying glass to read the whole message, this makes it tough for someone to take a screenshot.

BurnNote self-destructing note

BurnNote self-destructing note

PointOfMail: A paid for service that works with any webmail or email client, it allows you to track your emails giving you details about where your message was forwarded, when it was read, if a link was clicked on and much more. It can be used to send self-destructing email and limit what a recipient can do with it.

VaporStream: Emails are only stored in RAM on the server and kept in volatile memory until someone reads them after which the messages are erased. To stop attributable screen grabs the email header is separated from the message and it can not be forwarded. Everything is encrypted during transit and in the server.

0 Comments

Review offshore VPN provider VPN4All

/ 19 January, 2012 / Internet Anonymity / Permalink

VPN4All review

VPN4All is one of the few big VPN providers that I had not tried yet, it attracted me that they are located offshore, a loosely used term, offshore literally means in a foreign country,VPN4All offshore location is to be found in the privacy friendly Seychelles, a sovereign archipelago of islands with 85.000 habitants in the Indian Ocean. Seychelles privacy laws make it very difficult for its government and banks to share information with other countries about companies there, it is a place often used to establish companies in secrecy as there are no requirements for shareholders to be listed in the registry, local laws do not require VPN providers to keep logs either, and VPN4All claims to have turned off logging in all of their servers, they textually mention in their privacy policy that “any requests by law enforcement can be met without providing any information about clients or their data. Even a court order would not provide any personal data about users.

Their VPN software runs on Windows and Mac, Linux computers could use PPTP, but it is not as secure, the mobile version of VPNAll can be used on the iPhone, iPad, Android,  and Windows Mobile. Running a VPN on a mobile device will encrypt Instant Messenger chat communications and Voice over IP calls besides hiding your IP when connecting to the Internet.

Offshore VPN provider VPN4All

Offshore VPN provider VPN4All on my NASA wallpaper

I was very pleased with the VPN client highly configurable options, encryption is set up at the highest possible level, AES256 and RSA2096bits key, the interface and installation is multilingual, you can choose in between English, Spanish, Arabic, Chinese, German and others. At the moment of writing, VPN4All has VPN servers in Finland, Seychelles, USA, UK, Canada, Lithuania, Russia, Germany, Hong Kong and a long etc, over 50 VPN servers with thousands of IPs.

Being myself on a home 6MB Internet connection in Europe I was able to get a little over 4MB in their USA servers with a 150ms ping, the closer European servers at their lowest load gave me my full ISP speed. I contacted VPN4All support a couple of times, once opening a ticket which was replied to me in under 24 hours and the other time using their online live chat which was answered by a friendly support team member in just a few minutes.

In countries in which there is more than one server they can be found spread out, along the US West and East coast and UK South and North for example, this is obviously advantageous. You can also select a special test TCP server from the list to make sure that no firewall is blocking your traffic and troubleshoot problems, VPN4All states that they will go as far as using Teamviewer to help you out if necessary, the VPN client comes with a clear to understand offline manual with screenshots, but I did not have to use it.

VPN4All connection

VPN4All connection

To send email via SMTP you can whitelist a mail server adding it to the VPN client email options. During the time I have been using this VPN service I did not experience any disconnection issues, a green/red icon located in the Windows toolbar allows you to quickly see the VPN connection state.

The good stuff

 The VPN can be set up to always use a static IP (fixed) if you wish so, right clicking on the server and choosing “Anchor IP“, from then on the selected server will show a blue Anchor, this is useful to stop certain websites from blocking people out of their accounts when they detect the IP has changed, like for example Paypal. In the settings one can choose to do exactly the opposite and instruct the VPN client to automatically rotate the computer IP every hour, 30min, 5min. If you have a favourite server it is possible to bookmark it in the drop down list, it will then appear with a yellow star next to it.

A small green bar appears next to each server allowing you to see the load in real time, a common problem with VPN providers owning multiple servers is that you have to waste time swapping servers once you realise the one you have chosen is too slow, with VPN4All you will always be able to get onto the best performing server, a green arrow automatically indicates the fastest VPN for your location, and if any of the servers goes temporarily offline, it will be greyed out from the list, server load can also be seen using the control panel through your VPN4All web account.

VPN4All running on mobile device

VPN4All running on mobile device

 The bad stuff

The file sharing unlimited bandwidth package pricing is on the high side, however the VPN4All 50GB/month package is acceptable and buying a yearly account gives you a seizable discount, mobile licenses for smartphones need to be bought separately. There is a problem with some servers identifying themselves as being located somewhere else due to server registration details being used by websites to identify location, this problem is common in all VPN providers I have used before but VPN4All has a slight above the average rate.

Conclusion VPN4All

If you are after a VPN with a solid no logging privacy policy located outside US and European Union jurisdiction look no further than VPN4All. If you need a VPN provider that will give you a choice of static or dynamic IPs for web surfing and watching online TV with servers worldwide for a reasonable price and good 24/7 support, VPN4All will do that nicely, but test the VPN first if you badly want a location, just to make sure that it is really showing to websites as being located there. I have used this VPN widely to watch US and UK online TV with no problems, though. There is a 30 money back guarantee (subjected to 100MB usage) that should give you piece of mind.

The big selling point of this VPN over others is the headquarters location in a country with strong privacy laws (Seychelles), dozens of worldwide servers, and a free static IP throw into the package. I give this VPN a personal score of 8 out of 10, once they solve the VPN server geolocation ID problem they should be entitled to a 10 out of 10.

Visit VPN4All homepage

Special discount: VPN4All is now kindly offering a 15% discount to anyone who enters the word hacker10 at the checkout! This code can be used to buy an already discounted yearly package too.

6 Comments

How to use tor proxy with the Advanced Onion Router

/ 27 December, 2011 / Internet Anonymity / Permalink

 Onion Router proxy network

Advanced Onion Router is a free portable tor proxy server and client for the Onion Routing network, a distributed proxy network run by volunteers designed to anonymize traffic and bypass Internet filters. Advanced Onion Router is meant to be an all in one application replacement for the classic Tor+Vidalia+Privoxy Windows bundle, highly configurable, it can fake your browser headers and operating system, as well as the computer regional settings which can be used to pinpoint your location by looking at something like local time.

There is support for encrypted SSL connections, Socks4/5, corporate NTLM (NT Lan Manager) proxies, banning of addresses and routers, plugin support, hotkeys, multilingual, circuit length can be determined from 1 up to a chain of 10 proxies with priorities set, separate browsing profiles can be set by erasing identities cookies and creating new fake browser and operating system headers. You can use this tool to help the onion routing network donating some bandwidth for others or host your own hidden service, it only requires some easy re-configuration to make sure that your real location is not revealed and create your own .onion address. A tor hidden service is a way to host your own content making it impossible for a Government or powerful enemy to take it down.

Advanced Onion Router tor proxy

Advanced Onion Router tor proxy

Advanced Onion Router lets you add your favourite program to a list making sure that when you start it all traffic will be forced through a tor proxy tunnel, each program can have its own separate settings running inside a sandbox. Configuration files can be encrypted using AES, adding another layer of security against noisy people, even better is the read only mode, where you can run this portable tor proxy from read only media, like a CD-Rom, and no personal data (history, cookies, etc) will be stored anywhere.

Visit Advanced Onion Router homepage

2 Comments

Review free VPN provider RiccoVPN

/ 13 December, 2011 / Internet Anonymity / Permalink

Free VPN tunnel

RiccoVPN seems to finance their free VPN service by getting some of those free users to upgrade to their premium service but you are not being pushed too hard on this and unlike HotShopShield, there are no advertisements served while you surf the Internet, the only limitation that RiccoVPN free has is speed, capped at up to 512kb/s (64kB/s) both ways, and server location, you are stuck with an IP from Poland, which means it will not be of use to watch Hulu or listen to Pandora radio, however I tried to stream Sky.fm music online and it worked, the free VPN does not block streaming, the only problem is geolocation, the paid for version provides you with a USA IP getting around this.

During installation of RiccoVPN (5MB) you will be prompted to download Microsoft .NET Framework 4, without it RiccoVPN will not work, this is an extra 100MB download from Microsoft website, Windows will also give you a scary red warning saying that RiccoVPN drivers publisher could not be verified, for a developer to be able to sign their software drivers for Windows they have to pay Microsoft an exorbitant fee, it can be understandable some choose not to do it and it all comes down about if you trust Privacy Protector, the makers of RiccoVPN to install sofware in your computer or not.

Free VPN provider RiccoVPN

Free VPN provider RiccoVPN

Once you have the VPN software installed in your computer you can set it up to Autostart every time the computer boots or just launch it using a right click on Windows toolbar. This VPN makes for an excellent tool for the occasional web browsing at Wifi hotspots or when you are abroad and need to bypass Internet censorship, if you intend for large file downloads forget about it because the free version speed is only enough to browse the Internet. I was quite pleased the way it worked, I would imagine there must be a maximum bandwidth allocated to free users and there weren’t too many online during the time I used it, I reached the promised 512kb/s most days.

Future development of the paid for version of RiccoVPN includes time based IP change and hiding your operating system and browser identification, once you have installed the free version activating the premium version with more servers and unlimited bandwidth it is as easy as buying it using Paypal and entering a code. RiccoVPN privacy policy is a standard nobody knows how long they keep connection logs for because their terms and conditions do not say, but they promise not to sell your data and only use archived logs for statistical purposes and troubleshooting, and not to spy on users. The company is based in Poland and subjected to Polish laws.

Visit RiccoVPN homepage

3 Comments

Uncensored decentralized search engine YaCy

/ 9 December, 2011 / Internet Anonymity / Permalink

Private custom Internet search engine

YaCy is an open source community based search engine written in Java with no central server indexing the results, search queries are produced using a worldwide peer to peer computer network, in the same way that torrent downloads work, the quantity and quality of the results will depend on the number of peers connected at the time, on top of the search results YaCy lets you know how many peers are providing them, it can be used to search text or images. Unlike Google or Bing, where the company managing the search results is open to subpoenas and censoring links (e.g. DMCA complaint, offensive images, etc), YaCy results can not be censored as no single central authority is responsible for them and there are thousands of servers (personal computers) in multiple countries providing results, with some seed list servers including accurate p2p node information to be found in the source code.

You will need to download YaCy software to your computer to use it, during installation Windows default firewall will be configured to allow YaCy queries pass through, if you are using a different firewall you will have to set it up manually to allow YaCy to connect to the Internet. The search engine will be accessed in your browser clicking on YaCy’s logo or visiting http://localhost:8090 (default port can be changed), YaCy can be set up to crawl an specific website or FTP server creating your own search index, the crawling can be scheduled to as often as you like or limited to a single time to save computer resources.

yaCy anonymous search engine

yaCy anonymous search engine

To protect your privacy after performing a search the words used are sent to a peer in the form of distributed hash tables, peers store crawled search results as cryptographic hashes and these are all mixed in between peers, making it impossible to pinpoint search queries to a certain host. Search is not limited to the public Internet, YaCy can be used in Intranets, the configuration settings had so many options that it can take a long time to understand what everything is for, the best is to leave the defaults.

In my experience YaCy Internet results were not very good, with a tendency to link to deep pages instead of the main portal, my main predicament is that it did not have too many pages indexed and it took a couple of seconds to finish each search query, this can be improved once YaCy manages to reach a seizable number of users/peers. Until then, this search engine will be better suited for Intranets or custom crawling of forums and wikis, admittedly, their plan is not to beat Google results, but to provide a truly private search engine experience. There is no need to erase logs, because there are no logs and companies do not have to rely on a third party server to run their private search queries. In the future the developers plan on indexing tor node pages and Freenet sites.

Visit YaCy search engine homepage

0 Comments

OccupyOS anonymous operating system for activists

/ 5 December, 2011 / Internet Anonymity / Permalink

OccupyOS review

OccupyOS is a live CD distribution based on Gentoo Linux and inspired by the occupy Wall Street movement, it has been designed to allow activists from all over the world to anonymously edit and publish documents on the web, as well as managing Twitter and Facebook accounts, securely communicating with other activists while bypassing any ISP Internet filter, this is accomplished using tor or a VPN for web browsing and general internet access, encrypted voice chat using Mumble, encrypted instant messenger with Pidgin-OTR (Off The Record Plugin) and Xchat with OTR for anonymous IRC chat, MAC address changer to stop others from linking your computer network card with ISP logs , VNC to remotely connect to other computers, OpenSSH, OpenSSL, sfdisk to manage disk partitions and The Gimp to edit images.

You can also use this Linux distribution to directly trash your hard disk beyond recovery using DBAN, instead of having a pile of CDs, OccupyOS comes with additional tools that can be selected at boot time, like DBAN, a Windows NT password and registry editor and FreeDOS , an open source DOS compatible operating system for IBM-PC systems that should work with old hardware.

OccupyOS anonymous Linux distro

OccupyOS anonymous Linux distro

It doesn’t look as if OccupyOS has reinvented the wheel, it pretty much overlaps Tails, a better established live CD for anonymous internet browsing, but it might have a couple of utilities that Tails doesn’t have, it could come in handy if for some reason Tails does not work in your computer. OccupyOS roadmap includes adding a reactive firewall (a reactive firewall has the ability to react to malicious hacking attempts whereas passive firewalls only alert the user and logs the attempt), using Samhain, a file integrity utility to check system changes, implementing low power boot up mode, finding an email client supporting GnuPG encryption and others.

Note: This distribution is still in development, you can only download a beta version for testing.

Visit OccupyOS homepage

0 Comments