Archive for July, 2013

In my previous post I lamented the increasing loss of our personal privacy and anonymity due to the efforts of both malignant marketers and our own government.  Now I’ll propose some solutions to get a handle on how much of your communications and Internet behavior you want to expose to these vermin.

Selecting the appropriate approach is a function of perceived costs including the cost of failure, that is, a breach of anonymity or privacy.  There are different penalties, obviously Google figuring out who you are may be an irritation, but the secret police’s discovering you may have desperate consequences.

We’ll be looking at three general options: encrypt the traffic between you and a server you are accessing, using a private Virtual Private Network, and finally using an anonymizing network such as Tor.  These are in increasing order of complexity but provide increasing levels of security, too.  This is a focus on network security, there are some other security-related things you can do right in your own PC, I’ll deal with them in a later post.

1.  SSL between the User and the Server

This is the standard “HTTPS” technology that encrypts everything between your computer and the website or server.   SSL is what your bank uses, or Amazon, when you are doing financial transactions.  You are using SSL when the web address bar starts out “HTTPS://”. Once the tunnel is set up (which is completely invisible to the user), the data moving between them in either direction is encrypted in what is a practically-unbreakable cypher.  The data is therefore safe from anyone.  There are ways for a hostile party to insert themselves between you and the server and thus capture the data, but there are also defenses against this.  This is a good technology, the following options in this discussion all assume the User is using SSL to talk through the network.

Most of the big email providers such as Gmail, Yahoo Mail, or Hotmail use SSL in all their activity.  If you are not sure, you can always try typing the “https://www. . .” at the beginning of the URL and see if the site takes it.

But if SSL is all you are using, although the data is hidden the identities of you and the server are not – in fact, they are completely in the open because the actual network addresses need to be unencrypted so the data can be routed.  By capturing the packets that encapsulate the messages between the User and the Server, although the adversary can’t read the data their sources and destinations are clearly visible.  And of course if a government (or an ISP operating under a court order) may prevent the user from getting to some websites at all.

So in this case, the data is private but your identity is not.

2.  An anonymizing Virtual Private Network (VPN)

Several services market themselves to users wishing to anonymize their Internet access.  You pay a subscription fee which allows you to connect (via an SSL connection) to the VPN company’s server, of which there may be several in various locations around the world.  The VPN provider then gives you a new IP address, and forwards your traffic to the destination website.  So the destination website in effect thinks that you are located at the VPN’s server, instead of where you actually are.  To use a VPN you have to install a piece of software on your machine that supports your end of the VPN’s tunnel.

Once the SSL connection to the VPN is set up, the conversations with the real destination websites may be encrypted as an additional SSL layer, or they may be unencrypted – in the clear.  In either case, an adversary who can see the user’s packets can see that they are talking to one of the VPN’s public IP addresses, but they cannot decrypt the contents so they can’t see what the ultimate destination is.  This would be the case if the User’s ISP has been compromised and is handing User’s packets to someone for analysis.

At the destination web server, they know that the user’s traffic is coming from a VPN’s public exit node, but they don’t know where or who the originating user is ( unless of course the User has logged in with a real identity and the Server has been compromised).  So, in the main, privacy and anonymity have been preserved.  There are threats to this in the situation where a sufficiently powerful adversary (e.g. a government) is involved, see below.

The very weak link in this approach, though, is the VPN provider itself.  If the VPN provider keeps records of which User IPs were mapped to which exit-node IPs, the link between User and Server is suddenly available to subpoena or to malicious recording.  Even if the VPN provider vows to keep no persistent records, a hacker could penetrate their systems and record this data anyway.  Or the provider could err in erasing the active-session data and it could suddenly become available.

This is a lot of protection compared to just plain SSL, and it hides your data even if the site you are talking to is not encrypted. And you are somewhat further obfuscated because the VPN provider has a large pool of outbound IP addresses, so marketing schemes that capture your IP address as a way of identifying you will be at least partially foiled because you will likely have a new IP every time you show up.  And because it’s a single hop (you through the VPN to the provider to the destination) it’s quite fast.

A good example of this is ProXPN (this is not an ad, they don’t know me from Adam). There are other good solutions, but this one has the imprimateur of security fussbudget Steve Gibson, for what that’s worth.

3.  A multi-stage anonymizing network, such as Tor

Now we start to get serious. Tor was invented by the US Naval Research Laboratory, as the Onion Routing Project. The goal was to invent a technology that would allow the US government to visit whatever websites they wanted to, and have this access never forever traced back to the government.  Tor (The Onion Router) is a public, not-for-profit implementation of that technology. It’s called “onion routing” because it uses multiple layers of encryption and routing (like the layers of an onion) to totally obfuscate your identity. And the cool part is it’s free (your tax dollars at work). Right now Tor is extensively used by dissidents and journalists in the Middle East, China, and southeast Asia, as well as more mundane commercial users.

Tor operates much like the VPN at the start: the user contacts a Tor entry server and sets up an SSL connection with it.  However, instead of connecting to the destination web server right away, Tor wraps the User’s data packets in another layer of encryption and forwards them to another intermediate Tor server, which again re-encrypts the packets and routes them to yet another server, and so on.  Eventually, the layers of encryption are peeled off and at the Tor exit server the User’s packets are sent to their destination.  The paths through the Tor network are randomly selected so an adversary has a virtually impossible task to track them.  By its design, every one of these intermediate servers in this temporary chain knows only the address of the previous server, so the compromise of one does not compromise the whole chain.  And each server uses different keys in performing their encryption, so an adversary is presented with an essentially impossible decryption challenge several times over.

Like the VPN service solution, your anonymity and privacy are protected, but because of the multiple layers of encryption and the lack of any centralized provider (the intermediate nodes are independent of each other and do not know the totality of the route to and from the user) you are completely anonymized and there is no attack point even with a court order or physical access to the server or any intermediate network provider’s records.

Tor requires the same kind of VPN tunnel software on your end, as well as some other specialized software, and the Tor package includes a customized version of Firefox that guarantees not to keep cookies or history.  Their website offers you a complete bundle, you just install it and you are on.

So there you have it: three network-based privacy solutions that will cause even the NSA some headaches.  Browse in peace!

Read Full Post »