Anonymous Surfing

There is no cause for paranoia, but most IT security professionals will agree that using the internet has serious security and privacy deficits.

If you point your web browser to a website or use any internet related-program, such as Mail, FTP, p2p filesharing services or an MP3 media player, a server at the other end uses your IP address in order to send you the information you requested. It wouldn’t make sense to fake your IP address because then you would never get any reply from the internet. All internet servers and services run some sort of logging, identifying your IP address, the exact access time and your complete surf history at their site. Companies use these log files for statistical, marketing, technical or legal purposes . While accessing the internet at work, your company’s proxy server and firewall will most likely also trace everything you do. Finally, your computer itself also keeps track of many operations.

Even if you were able to control your PC, proxy and firewall completely, you would still never have control over the internet servers you visit. This means, strictly speaking, that there is no such thing as anonymous surfing. All you can do is making it harder to find you. But before you go out and download tons of privacy software packages, consider at least four things:

* Running privacy tools on your computer at work without approval of the IT department is against the rules and can get you fired.
* No matter how much technical knowledge you may have, there is always someone out there who is smarter than you, so don´t become careless.
* Think of the high value of the Human Right to Privacy. Don´t abuse it for unethical purposes.
* Is it really worth the money and effort? Added security comes at a price: the more software you install, the more problems will arise; some sites may need time consuming tweaking and some solutions are really slooooow...

Thus forewarned, let´s take a look at some techniques to hide your web traffic from suspicious eyes.

During a web browsing session, most data is transferred using the HTTP protocol, which is just plain text and not protected in any way. Just replace the “http” string with “https” in your web browser, and all information transferred is encrypted using the Secure Socket Layer (SSL) protocol. SSL was introduced by Netscape in the early Internet days. It uses the proven RSA public / private key exchange mechanism to encrypt all http traffic between your browser and the destination web server. All modern web browsers support SSL encryption out of the box but many web servers have disabled this protocol because the encryption process would mean additional processing burden for their equipment. Unless you work at the NSA, you can safely assume that neither your employer nor your provider have the resources to break this encryption algorithm.

SSL browser encryption by itself only secures web traffic while travelling through the internet. In order to hide your identity from the destination server, you may use anonymizing HTTP proxy services. With these anonymizers, you are not contacting a destination website directly, but rather use one or more proxy severs, which are located between your computer and the final destination web server.

Anonymizing proxies remove your IP Address (and possibly additional information) from each and every TCP/IP packet and substitutes it, on the fly, with their own IP address. This way, a website visited through an anonymizing proxy has no way of knowing where you are located, because all requests look like originating from the proxy server.

In practice, however, things are not quite that simple:

* If your anonymizer doesn´t block or spoof cookies and you have visited a specific website before without an anonymizer, this site may still be able to identify you.
* Companies offering anonymizing services are promising not to disclose their log files to anyone. But can you really trust them? Law enforcing agencies do have access to these logs, and in these days of terrorist threat, it would be quite unrealistic to assume that secret service agencies would confine themselves from using this excellent surveillance instrument.
* Your employer will definitely notice that you are using anonymizing services, he might even see the websites you are visiting embedded in the URL sent to the proxy or from DNS queries. This will at least put you on a watch list.