How to be anonymous on the internet?
zatox
Posted messages
663
Status
Member
-
zatox Posted messages 663 Status Member -
zatox Posted messages 663 Status Member -
Hello, I am looking for a reliable solution to browse the internet as anonymously as possible. I have been surfing the web for some time, but I need some clarifications regarding anonymous browsing.
From what I understand, you need to go through a VPN server. So my first question is: is it necessary to go through a VPN server, or are there other solutions?
I manage computers on the same network as mine with addresses 192.168.1.x, and others that are remote with IP addresses xxx.yyy.zzz.ttt. On these different computers, I connect from mine via SSH, but I suppose that if, for example, I set up one of these servers (local or remote) as a VPN, I will not be invisible on the internet since the local servers have the same IP as mine, and for the remote one, it is a server that I own, so I won't be any more invisible either.
So if I consider that I must go through a VPN, there are free and paid VPNs. Personally, I have not yet found a free VPN!!! If you could point me to some, I would appreciate it? That said, the comments I have found regarding paid and free ones are mainly that a free VPN will sell my data either to Facebook or others, but what guarantees do I have that a paid one won't do the same thing?!!!!
In summary:
1) To be anonymous on the internet, is it mandatory to go through a VPN? (free or paid) or are there other means?
2) If I go through a VPN (free or paid), how can I verify that I am truly anonymous on the net?!!!
For your information, I use the TOR browser and I have noticed that if I send a message from TOR from one of my email accounts to another, I extract the original message from the received message and when I analyze it on a site that checks this, my IP does not appear; it is presumably the IP of a proxy that appears. However, if I send from Firefox, Chrome, or another browser, my IP appears. This indicates that with TOR, I have a certain level of anonymity (at least in this case), but do I have the same anonymity for all my internet connections even when using TOR?
Thank you for any answers you can provide.
From what I understand, you need to go through a VPN server. So my first question is: is it necessary to go through a VPN server, or are there other solutions?
I manage computers on the same network as mine with addresses 192.168.1.x, and others that are remote with IP addresses xxx.yyy.zzz.ttt. On these different computers, I connect from mine via SSH, but I suppose that if, for example, I set up one of these servers (local or remote) as a VPN, I will not be invisible on the internet since the local servers have the same IP as mine, and for the remote one, it is a server that I own, so I won't be any more invisible either.
So if I consider that I must go through a VPN, there are free and paid VPNs. Personally, I have not yet found a free VPN!!! If you could point me to some, I would appreciate it? That said, the comments I have found regarding paid and free ones are mainly that a free VPN will sell my data either to Facebook or others, but what guarantees do I have that a paid one won't do the same thing?!!!!
In summary:
1) To be anonymous on the internet, is it mandatory to go through a VPN? (free or paid) or are there other means?
2) If I go through a VPN (free or paid), how can I verify that I am truly anonymous on the net?!!!
For your information, I use the TOR browser and I have noticed that if I send a message from TOR from one of my email accounts to another, I extract the original message from the received message and when I analyze it on a site that checks this, my IP does not appear; it is presumably the IP of a proxy that appears. However, if I send from Firefox, Chrome, or another browser, my IP appears. This indicates that with TOR, I have a certain level of anonymity (at least in this case), but do I have the same anonymity for all my internet connections even when using TOR?
Thank you for any answers you can provide.
6 answers
-
Hi,
no VPN or remote NAT in the world makes you anonymous on the net, it just changes your IP address.
But if it reassures you, keep using TOR, it's still the best option in this regard, but you will always leave information that will identify you, for example using an account that requires identification, or using your browser fingerprint, that’s how it is.
--
and ... There you go! -
Good evening and thank you for your somewhat terse but clear response.
If I understand correctly, according to you, we can say that all these VPN merchants are therefore fraudsters?
That said, if I asked this question, it's because I also have a bit of doubt about it.
However, would you agree with me in saying that if I connect to one of my remote servers through an SSH tunnel, I'm indeed securing the data that passes from my computer to the remote server?!!! Because if that's not the case, I don't understand why we find all kinds of explanations online, for example about SSH? What's the point of creating an SSH tunnel between a client computer and a server?!!!! Okay, then there's the part between the server and the destination site, we agree on that.
In other words, what I would like is for someone to tell me if there is absolutely no way to be at least relatively anonymous on the internet? If there truly is no way at all, then we can say that there are a lot of bandits and fraudsters who say anything, including and especially in the free world of GNU/Linux on the internet, because we can read pages and pages about it!!!
Thank you for your answers.-
Whoa,
before calling others frauds, you just need to know what you want and the limits of what you're doing.
What a half VPN / remote NAT provides is nothing more than another IP address besides your ISP's from the final site’s perspective.
Incidentally, it also scrambles your data on your operator's side but does not add anything more compared to the TLS connection (the https) provided by the site to which you're connecting; on https, it's really a scam, but not on http or the Windows network (SMB) or a poor telnet or ftp
Similarly, SSH scrambles your data all the way to the server you're connecting to; if not used in tunnel mode, it merely replaces telnet, which is in clear text.
The thing is,
it's not because you're communicating with an IP address that's not your ISP's and your data is encrypted that you'll be anonymous; for example, if you rush to identify yourself on your bank's website or on a social network under these conditions.
Some use VPNs to deceive stupid sites or Hadopi, equally stupid, in terms of location, but it's increasingly difficult to say who has which IP address.
But that doesn't make them anonymous; the first thing they do is attach a subscriber ID to access their subscription.
However, they're quite useful, for example, in the case of an SSL VPN to bypass a site that blocks access behind a firewall.
Worse, since the VPN captures all your traffic, it really has all your data at hand, and since you don't really know who it is or who controls it, goodbye confidentiality (unless you communicate over https).
So, remote NATs sell one thing, but you shouldn't use them for anything other than what they're really selling.
Afterwards,
there's what they do behind the scenes that they don't sell to their users, but maybe to others ....
SSH doesn't primarily serve to create a tunnel, which is quite impractical as it's limited to the HTTP(S) protocol, not UDP, but to take control of a machine in complete confidentiality.
Lastly, don't confuse confidentiality and anonymity, much like the idiots who call with a blocked number saying "hello, it's so-and-so."
-
-
Hello brupala, and thank you very much for your response which this time is not at all terse but quite detailed instead.
OK I may have exaggerated when I said that VPN providers were crooks, alright...
-----------------------------------
If you don't mind and if you have the time, there are a few points I would like to clarify.
You say: "What a half VPN / remote NAT provides is nothing more than another IP address than that of your ISP seen from the final site."
I don't know what you mean by "half VPN / NAT", then masking the IP address for the final site, I think that TOR or any browser using a proxy must do the same thing. I would be interested to know if I'm being foolish or if you agree with me on this point.
-----------------------------------
Then when you say: "Additionally, also a scrambling of your data from your operator's side but it brings nothing more compared to the TLS connection (the https) provided by the site you connect to; on https, so it's really a scam, but not on http or the Windows network (SMB) or a poor telnet or ftp"
I admit I don't quite understand!
What I believe I understand is that an https connection is for me roughly equivalent to an ssh where the data is encrypted from the client and decrypted upon arrival at the server so that it understands what you want. Again, thank you for letting me know if I'm being foolish or not. In other words, the encryption or the fact of scrambling the data applies on the pipe connecting client and server, then on the server the data is in clear since it must understand what I want, right? For example, when I go to my bank it's an https protocol so no one will be able to retrieve anything in the client -- bank pipe since it's scrambled, but then my bank knows the identifier I've sent as well as the password to give access to my accounts, right? Am I being foolish?
-----------------------------------
When you say "Likewise SSH scrambles your data up to the server you connect to; if not used in tunnel mode, it just replaces telnet which is in clear."
There, too, I don't quite understand because I probably lack a notion since I don't distinguish between ssh and ssh in tunnel mode!!! I thought it was the same thing and it was just a matter of vocabulary!! Personally, I've created my ssh keys on my computer and distributed those that need to be on my servers; I thought I had created what is called an ssh tunnel, and as soon as I connect via ssh to my servers, I think that everything on the pipe is scrambled, encrypted and then decrypted by the keys on the server!! Well, maybe I'm wrong.
-----------------------------------
When you say "It's because afterwards,
it's not because you're communicating with an IP address that is not your ISP's and with encrypted data that you're going to be anonymous, for example if you rush to identify yourself on your bank's site or on a social network under these conditions."
Then I totally agree with you; it's actually what I mentioned earlier, namely security, for example through a VPN or suppose ssh, only exists on the connection between client and server; afterwards, the server must understand what you want, and that's where I think that VPNs may not all be super cool since they have knowledge of your data and can thus do what they want with it. Am I saying foolish things?
-----------------------------------
In the end, I feel like if I take, for example, the TOR browser which hides my real IP or any browser like Firefox, Chrome or another with a proxy, and I connect to a site via https when possible of course, it seems to me that I must be close to the maximum level of security possible on the net. What do you think?
Moreover, when I want to connect to any client area, I have to enter the username/password pair which can be hidden or scrambled during transport but which are visible to the site that receives them.
Thank you for your explanations, if you don't have the time to read and respond to my prose that's fine, I may have been a bit long!!!-
Wow,
it's not my day, I ran into a big chatter :-)
Come on, let's get to it:
Q:
You say: "What a half vpn / distant nat provides is nothing more than another ip address than that of your ISP from the final site."
I don't know what you mean by "half vpn / nat", then masking the IP address for the final site, I think that TOR or any browser using a proxy should do the same thing. I would be interested to know if I'm saying something stupid or if you agree with me on this point.
R:
I agree: seen from the outside, TOR does a bit of the same thing, but it goes deeper by stacking several caching servers, at the expense of performance.
-----------------------------------
Q:
Then when you say: "Additionally, also a scrambling of your data on your operator's side which doesn’t add anything more compared to the TLS connection (https) provided by the site where you connect, on https, it’s really a scam, but not on http or the Windows network (SMB) or a poor telnet or ftp"
I admit I don’t quite understand!
What I believe I understand is that an https connection is for me roughly equivalent to an ssh where the data is encrypted from the client and decrypted upon arrival on the server so that it understands what you want. Again, thank you for letting me know if I’m saying something stupid or not. In other words, the encryption or the fact of scrambling the cards applies on the pipe that connects client and server then on the server the data is in clear because it has to understand what I want, right? For example, when I go to my bank it's an https protocol so no one will be able to retrieve anything in the client -- bank pipe since it's scrambled but then my bank knows the identifier I sent as well as the password to grant access to my accounts, right? Am I saying something stupid?
R:
Absolutely,
https goes to the web server, it processes data in clear behind of course, except for passwords, whose hash is the only thing transmitted and compared.
Q:
When you say "Similarly, SSH scrambles your data to the server you connect to; if we don't use it in tunnel mode, it merely replaces telnet which is in clear."
Here again I don’t quite understand because I must be missing a concept in that I don’t differentiate between ssh and ssh in tunnel mode!!! I thought it was the same thing and it was just a vocabulary issue!! Personally, I created my ssh keys on my computer and distributed those that need to be on my servers, I thought I had created what we call an ssh tunnel and as soon as I connect in ssh to my servers I think that everything is scrambled, encrypted on the pipe and then decrypted by the keys on the server!! Well maybe I’m wrong.
R:
Yes, you're a bit mistaken, basic ssh is just a crypted telnet, but we have grafted a lot of functions on it like SFTP, SCP, SSHFS or SSH tunnels,
a SSH tunnel is actually a VPN through which we can pass other network protocols over TCP, like ftp for example or http (but it’s not ftps or https, which are based on SSL/TLS and not on SSH)
-----------------------------------
Q:
When you say "It's just that afterwards,
it’s not because you’re communicating with an ip address that is not that of your ISP and encrypted data that you will be anonymous, for example, if you rush to identify yourself on your bank's site or on a social network under these conditions."
Well, I totally agree with you on that, it's actually what I said above, namely that security, for example, via a VPN or assuming ssh, only exists on the linkage part between client and server, then the server must well understand what you want and that’s where I think some VPNs may not be super cool as they have knowledge of your data and can do what they want with it. Am I saying stupid things?
-----------------------------------
In the end, I feel that if I take for example the TOR browser which hides my real IP or any browser like Firefox, Chrome, or another affected by a proxy, and I connect to a site in https when possible, I feel that I should be not far from the maximum security possible on the net. What do you think?
R:
Absolutely, but the https encryption is the natural functioning of the internet today, to the point that we are building a kind of internet of hosting behind that of ISPs: All traffic provided to ISPs on TCP port 443, like DOH (DNS over HTTPS) and behind another world is being built in a relatively blurred cloud.
Q:
Then when I want to connect to any client space I still have to enter the username/password pair which can be hidden or scrambled during transport but which are visible to the site that receives them.
R:
Of course.
-
-
Yeah !!!! Awesome, thanks for taking the time to read me and also to respond.
In the end, it seems that we agree on quite a few points. However, I have one or two small questions or comments:
You say: "I agree: from the outside, TOR does a little bit of the same thing, but it goes deeper by stacking multiple cache servers, at the expense of performance."
That's right about performance; I had noticed that. Totally agree.
You say "https goes to the web server, which obviously processes data in clear text behind the scenes, except for passwords, for which only the hash is transmitted and compared."
I assume that the "hash" is the encrypted password?
If that's the case, I don't quite understand how that works; does that mean that the comparison is done on 2 encrypted zones?!
Thanks for all this information.-
The hash (hashing) is not the herbs that make you laugh,
It is a unique condensed version of a phrase, a password, or a text, which can replace it at the comparison level.
In the case of a password, it is transformed into a hash and stored as such; the system knows the hash, but not the password, it only compares the hashes.
-
-
Hi,
Look here: https://www.malekal.com/vpn-tor-meilleur-choix/
It will be clearer between VPNs and Tor.
--
Please press any key to continue the disinfection...-
Hi,
there is the essential in your article, especially on TOR, but the VPN part is incomplete:
A VPN is software that installs on your PC or web browser.
You must not forget routers and firewalls, as this is one of their main functions, after all.
Similarly,
we should definitely separate half VPNs / remote NATs from real VPNs that reach the destination private network and which are generally provided by firewalls or applications that complement them in the case of a roaming user on a private network.
-
-