Surf Safe Basics
Back Home
How to navigate the Internet safely
Introduction 01. Introduction
Security 02. Identity Trail
Check 03. Browser Security
NetBios 04. NetBios
Scripting 05. Scripting
Cookies 06. Cookies
WebBugs 07. WebBugs
Good Housekeeping 08. Spyware
Housekeeping 09. Cleaning Up
Firewalls 10. Firewalls
Providers 11. Anonymity Providers
Resources 12. Resources

01. Introduction
Safe Surfing consists in minimizing your profile and identity trail as you surf on the Internet. Nothing you do is anonymous. Every connection you make is recorded by your ISP. The time at which you connected, the length of time spent online etc. Every site you visit using a browser will also record your machines unique Internet protocol number or ip address.

When you access the website again, your browser sends that information back to the website, so it can know that you have been there before and know what information you looked at previously. This has a marketing use, as websites can build up a profile of your buying habits and tailor banner adverts to your interests. It also means that if you regularly use the same computer, anyone, including your boss, can find out exactly which websites you have visited. When you visit a new address on the Internet, your browser may pass on information about the website you previously visited

02. Identity Trail:-

To understand where information regarding your identity trail could be located we need to consider how internet connections are made and the forms they may take. Typically an individual uses his computer to connect to the internet via an Internet Service Provider (ISP). Home users dial in via a telephone network. There are thus five points at which personal information of various sorts may be recorded:

  1. On an individuals own computer.
  2. On the telephone bill.
  3. At the ISP.
  4. At remote sites.
  5. A third party using surveillance software.

At each point data is exchanged and is usually recorded and/or stored either on your own pc or at some remote site. An understanding of these points will let you select which ones to cleanup and remove personal identifiers, logs, url's, timestamp's and compromising files. The following tables lists some examples in each category and is not meant to be exhaustive!

Individual Computer Data
Emails sent and received may be stored on the computer.
Newsgroups subscribed to can be stored on the computer.
Internet Relay Chat sessions (IRC) where chat may be logged to disk.
File system cache files which is a specific temporary file. Under Windows OS this is known as the Swap File or PageFile.
Deleted files.
File Slack.
Time Stamped and/or Date Stamped files can indicate they were downloaded via a modem.
Browser cache files which are a specific temporary file. Cache files can exist for weeks or months providing a history of a clients surfing.
Writeable CD Sessions. Since a computer operating system will only read the table of contents from the latest created session on a CD. So by omitting files from the table of contents of a new session, these files will normally be hidden from the view of a user. Hence these may be recovered.
Metafiles: these predominate under the Windows OS. When documents or pictures are printed a copy or Metafile is created, so to aid the printing process. These Metafiles are not normally deleted and are invisible to the user, except using specialized software.
Unallocated Clusters


Telephone Bill Data
Customer name and address
Telephone numbers dialed
Telephone numbers received
Duration of the calls

ISP Data
Date and time of connection of client to server
User-ID and password
Assigned IP address NAS Network
Number of bytes transmitted and received
Attached storage IP address
Number of bytes transmitted and received
Caller Line identification (CLI)
Emails Sent and Received
FTP files uploaded and downloaded
Web Servers connected to
Usenet Servers connected to
IRC Servers connected to

Remote Site Data
Date and time of connection of client to server
User-ID and password
Your IP address
Network name
Referring IP address
Protocol connection.
Number of bytes transmitted and received

Third Party Data
Government surveillance of ALL your data flows
Trojan software installed on your machine

The Government can subpoenae an ISP to re-direct all communications traffic via its own specialized parallel communications machine, most countries have this facility e.g. Russia, UK, USA and New Zealand which uses it to censor internet content for is citizens. Most national LEA organizations have a dedicated telco unit, which monitor communications and can instantly match internet ip's to telephone numbers within its national jurisdiction, using hotlinks with the ISP. The government can also subpoenae your telephone company for your billing details.

It can request that Remote Sites install black box sniffers like Carnivore, or the site audits and/or logs be made availaible for inspection, and the routing information from specific routers be made available to facilitate crime detection. Also it can request that mobile phone traffic have its encryption/compression feature switched off on a network wide basis. And after a suitable period of surveillance including relevant relationship data matching, if a criminal offence has occurred, an informed decision can be taken whether to impound your computer for forensic analysis.

The majority of internet protocols transmit their packets in plaintext. This allows for the leakage of either corporate or individual information. If the content of your communication is sensitive then end to end encryption should be used, and if you wish not to disclose your location you should consider using some form of address redirection software e.g. Peekabooty which is a peer-to-peer (p2p) network providing anonymous and uncensored web access to individuals residing in countries where web surfing is filtered, or Freenet , which is a distributed anonymous information storage and retrieval system. For IM and chatting, IIP is an Internet Relay Chat privacy software program designed for anonymity and security. IIP acts as an advanced proxy between your IRC client and servers. The SSH program enables end to end encryption but not beyond any server from which you issue "forward" requests. That is up to and not beyond the server to which you connect.

03. Browser Security:-
To cover your tracks and prevent others from finding out your ip address you have to use a proxy and disable certain browser functions, proxies are covered in more detail in Proxy Basics. These functions are as follows:

To change the security settings in Internet Explorer: Tools Menu ... Select Internet Options... Security tab... Custom Level

Recommended Settings:
Active-X controls and plug-ins
Download signed Active-X controls Disable
Download unsigned Active-X controls Disable
Initialized script ActiveX controls not marked as safe Disable
Run ActiveX controls and plug-ins Disable
Script Active-X controls marked safe for scripting Disable

Allow cookies that are stored on your computer Disable
Allow per-session cookies (not-stored) Disable

Downloads Enable
Font Download Enable

Java Permissions Disable Java

Access data sources across domains Disable
Drag and drop or copy and paste files Disable
Installation of desktop items Disable
Launching programs and files in an IFrame Disable
Navigate sub-frames across different domains Disable
Software channel permissions High Safety
Submit non encrypted form data Disable
Userdata persistance Disable

Active scripting Disable
Allow paste operations via script Disable
Scripting of java applets Disable

After checking these settings, click on 'ok', then the 'advanced' tab.
Scroll down until you find the heading 'Java VM'.

Java VM
Java console enabled Disable
Java logging enabled Disable
JIT compiler for virtual machine Disable

For netscape users, to turn off java and also ... Edit... Preferences... Advanced... uncheck "enable java" and "enable javascript" and check "disable cookies"

To enable a proxy server in IE:-

Go to Tools... Internet Options... Connections. If you use a dialup connection, click the "Settings" button next to the dialup properties box. If you have a broadband connection, click the "LAN Settings" button instead. Check the "Use a proxy" option, then enter the proxy's hostname and port number in the fields.

To enable a proxy server in Netscape

Go to Edit... Preferences... Advanced... Proxies. Choose "Manual Proxy Configuration," then click the View button and enter the proxy's hostname and port number in the WWW field.

To confirm that the proxy is functioning correctly, go to the IP-address page. You should see the proxy's IP address instead of your own. Alternatively select one of the url's from the Proxy Checking Sites list in the Resources section below and check that the ip-address you see on the page is the same as your proxy!

Some browsers have an auto e-mail facility find and disable this.

What does a browser record?

There are three things a browser records when you visit a web page. Each one is stored in a different manner, in different places. It depends on which browser and which version you use, and even on what Operating System platform you are running it.

The three things are:

  1. The page itself in your cache
  2. The URL of the page in your history
  3. The URL's you typed in at the URL box (drop down list)

So the following tasks have to be undertaken.
Clearing the Cache:
Clearing the History:
Clearing the URL history:

Its optional on all the main browsers i.e. Netscape, Internet Explorer, Opera etc whether you choose to do this by hand and the precise syntax and commands vary by Browser version and Operating System version, but the principal is constant i.e. find where they are logged and delete the references! Under Windows this is normally inside the Registry. So in Netscape under windows 95: The URL history is stored in the windows registry.

Example: Clearing the URL history - Close Netscape if it is still running. Start the registry editor by running REGEDIT.EXE. Go to HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\ (doing a search for "URL History" will get you there immediately.) Delete the entries URL_1 through URL_10, but NOT the Default entry. Close the registry editor.

This is repeated for the other tasks. A simpler method is to use a program such as Window Washer or Eraser. Use Window Washer to clean out your registry and Eraser to overwrite the Browser Cache.

Now these items i.e. cache, url, and url history have been deleted but Microsoft in their wisdom chose to record the url and occasionally the url history elsewhere in areas such as the swap file, user.dat and system.dat and if you use Microsoft office or similar softwares the document history list may record your url history as well. Windows Washer should be able to deal with this. To deal with the swap file read the Cleanup Basics. Remember under some versions of Windows such as Windows NT, Windows 2000, and WinXP each user has a unique profile and history so if you use different accounts. Check them all.

Browser Check:

  • Every time you DialUp or connect to surf you should firstly connect with a proxy checking site that will tell you what your current browser ip is and other relevant environment variables, such as javascript etc. It is a good idea to paste the url of the proxy checker into the "Address" edit box situated under the General tab of the Internet Options Properties box. This will alert you to surfing on an unsafe ip.

Steps for Finding an Anonymous Proxy:

  1. Find a List of Proxies
  2. Check the Proxies for Anonymity
  3. Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis. Accomplished by comparing Referer, Site Location, and your current proxy, along with all the other visitors. If you keep your proxy long enough the logs may be hacked or made available to some interested 3rd party!

An online site named Privacy Toolbox has a more comprehensive checklist of browser security items, along with the settings for all the main browsers.

04. NetBios:-

NetBIOS (or Network Basic Input Output System) is a program, that is used by Microsoft Networking. One use of NetBIOS is to allow the sharing of files and printers between computers on a Local Area Network (LAN). However, if you are connected to the Internet and using file and print sharing through NetBIOS, you may be exposed to unnecessary security risks. Most systems do not need NetBIOS to connect to the Internet. However, some older cable modem systems might need some components of NetBIOS. Out of the box NetBios is configured to enable about 9 separate components of your PC. These are :

  1. Client for Microsoft Networks, the networking application
  2. File and Printer Sharing for Microsoft Networks
  3. Microsoft Family Logon
  4. TCP/IP
  5. NetBEUI (NetBIOS Enhanced User Interface)
  6. IPX/SPX
  7. Dial-up adapter
  8. Cable modem/DSL interface
  9. Local area network (LAN) interface (if applicable)

A good description of the NetBios problem and solutions for win9x and winNT , can be found here Windows Networking 101.

05. Scripting:-

Scripting languages can be used to make Web pages more dynamic and interactive. There are two types of scripting languages, server-side and client-side. Server-side scripting performs all its processing on the Web server, and delivers a final product (the Web page) to the user's browser. Server-side scripting does not in and of itself present accessibility problems.

The scripting languages like PHP, Javascript, Visual Basic Script (VBS), HTA, and WSH (Windows Scripting Host) etc can execute system calls from inside the web page, using customized code, or query your registry and post back to the server sensitive data. In the case of a hacker, invisible frames can be loaded containing scripting to execute DOS commands such as "del C:\*.*"; "del Windows\*.*" i.e. wipe your hard disk away! Generally it is the enabling of javascript that allows the X-Rated adverts and email offers to popup.

Other means of gaining referer information is for the server to ask you to connect on the https protocol which is SSL, which is a secure protocol that can override ordinary proxies and nullify them. Thus allowing the server to read your true ip address and in some cases this is their purpose not secure messaging! More scripting information can be found here Scripting Security

06. Cookies:-
Recording which IP address accessed a site is a start, but it's not enough for many places on the net. They want to know more - such as whether you've visited before. This is done using what are called cookies. There are many myths about cookies, which are best dispelled by looking at a site such as A cookie is simply a piece of information that a website asks your browser to store on your PC. The same site can then request the cookie next time you visit. This allows it, for instance, to automatically fill in your login name on the AvantGo pages, or supply the weather reports you asked for on the home page. What a cookie can't do is trawl your hard drive for your credit card number, neither can it tell a website anything it didn't already know about you. If you tell a site your name is Tipper instead of Albert, then that's what will be in the cookie that's stored on your computer. So why do so many people get worked up about cookies? Because a few companies, most notably DoubleClick, have found a way round the fact that a server can only request cookies for its own site. DoubleClick is an agency that supplies the ads that appear on many of the net's most popular sites. Using cookies, DoubleClick can uniquely identify you, allowing a profile of the type of sites you visit to be built up, and even supplying relevant adverts for you. So how can it do this when cookies are unique to a site? It's simple -the DoubleClick adverts aren't on the site you visit. They're stored on DoubleClick's own servers, and your web browser dutifully fetches them from there. This means it has requested information from the DoubleClick server, and can therefore have a cookie sent, or passed back to, that server. Solution: In your browser disable all cookie access and clean regularly!

07. WebBugs:-
WebBugs: There are about five different types of Web bugs, The simplest bug is a small, clear GIF with no content and its set to be transparent so the web page background shines through. Its included on the web page you surf to but is downloaded from another site. Usually some Advert based site the download call along with the referrer information is enough to identify your machine as visiting some site. It normally works with cookies to send information to third parties about a your online travels. Other more malicious forms of Web bugs are "executable bugs," which can install a file onto people's hard drives to collect information whenever they are online. For example, one such bug can scan a person's machine to send information on every document that contains the word "sex" . The sneakiest bugs are "script-based executable bugs that can go out and take any document from your computer" without notice, there are programs that can track live, private recordings through Webcams or voice recorders hooked up to computers. Other script-based bugs also execute files, but they're not installed on a person's PC. They can simply try to control the person's computer from its server, as well as track the consumer's travels on the Web from behind the scenes. An example of this can be found on a popular entertainment site,, which launches multiple browser windows when a person tries to exit the site. These methods can bypass your firewall since your browser will have permission to fetch stuff from web-sites. This principle can be employed in Word documents or em ails such that when you open them, some site somewhere is notified that some PC is opening and reading this document. Nice thought? Some programs that claim to deal with web-bugs are WebWasher , Bugnosis and McAfee Internet Security .

08. Spyware:-
Some "free" software will, as it is being installed, copy a 2nd parties programs, usually to the System folder. These type of programs are what is known as AdWare since once online your surfing habits are monitored by the 2rd party and advert streams are sent to the application based on your preferences. The application author gets paid for allowing his program to target you with adverts and this is the price you pay for free software. Other nonspyware software can periodically attempt to update itself; for example, the Windows 98 Update feature checks an address at Microsoft every five minutes once you enable it (and you can't turn it off without uninstalling it). Naturally you don't want any of these things on your pc. To check for spyware components use Ad-Aware which is a free multi spyware removal utility that scans your memory, registry and hard drives for known spyware components.

Other invasive features which Microsoft have introduced into some of their products include, unique identifiers in MS Word documents, and holes in Internet Explorer and MSN Messenger which allow Microsoft's sites (and anyone else with a website and a little knowledge of scripting languages) to obtain the MSN Messenger ID and email address of people who visit their sites. Passport which has evolved into a Microsoft controlled gateway to the internet akin to AOL, leaves any user vulnerable to privacy loss. We are not talking about bugs, but very deliberate aspects of their products which you won't find mentioned in any of the documentation. While you may be required to use some of these products in the workplace, it would be a bad idea to use them in any context where privacy was important.

09. Cleaning Up:-
One consequence of surfing on the Internet is not only do other people want to know your surfing habits and real ip. So does your own PC! Each installed program will invariably come with some form of a history list. Web sites that you have previously visited may have their addresses stored covertly within the Swap File, and multiple fragments or even whole Swap Files from previous computer sessions, now deleted, may be stored on your hard disk, furthermore any of the microsoft products might, depending on your preference settings, choose to add one of these url's to its history list or Most Recently Used document list in MS Word's case. These are then stored in proprietary compound files and within index.dat, system.dat, user.dat and on windows2000, Windows Millenium in pagefile.sys. or the Swap file. Each time you switch on your computer unknown to you these are then loaded into the respective program registry mappings or hidden files. Latest versions of windows use individual profiles called "UserData" stored within the registry. This is how Windows maintains its appearance of being static, looking the same, or attempting to achieve "persistence" across multiple boot ups.

It is important to use some form of Backup and Cleanup procedure on a session by session or daily basis, this will keep your hard disk clean and your browser cache and registry free of personal or corporate information.

Since each application that you have installed can store a History List of associated files, i.e. Internet Explorer will have a list of web site addresses your browser last visited, for its use in its "IntelliSense" or Smart matching on partial Url's that you type into the browser AddressBar. You need an application to sweep these out and clean up each time that you either boot up or shut down. One such application is Window Washer it is safe and simple to use and it allows customized items both in the registry and any folder to be set for deletion. It comes with a default set of Windows locations to delete i.e. Documents under the Start menu is wiped clean. So for each application you will have to work out what it stores, where it stores it and set Window Washer to delete it on a regular basis. For the more trickier case of the Swap File, and other system history files see the Cleanup Basics faq.

10. Firewalls:-
A Firewall is a program that filters all ingoing and outgoing connections to the internet. Anyone who is running ADSL or Cable and other fixed ip services are more vulnerable to security breaches. A Firewall will allow you to set filters on which packets can enter or leave your computer. Most Firewalls come with standard settings enabled such as Application privileges, Internet traffic blocking, local network access to the systems services and shared accounts, and the blocking of known advertising companies. Along with the disabling of javascript this will stop all those annoying pop up windows appearing.

A firewall will also allow you to decide what appears in the packets that leave your computer i.e. your type of computer , operating system , timezone etc all which helps to enforce your privacy. If your computer is personal and for home use then find yourself a copy of AtGuard which is an excellent configurable Firewall, and if you cannot find a version, then Norton Personal Firewall is a good substitute since it purchased a license to the AtGuard kernel.

11. Anonymity Providers:-

Is the world's first 1024 bit encrypted free mail service!
Anonymous.To Offer Free Anonymous Email Accounts. Offer anonymous mail, telnet, IRC, SSH and web-surfing.
SecureNym Offers secure and anonymous web based E-mail by subscription.
Pop3Now Lets you access your mail from the web with SSL encryption.
Cyberpass Run by Lance Cottrell, a well known cryptographer
LOD Communications:
LOD Communications Offers for $10 a month a shell account with WWW
AnonMailNet Offers Web2Mail & Web2News interfaces with standard Internet services.
Data Haven Project:
Data Haven Project For $10 a month shell account with full access.
Offshore Information Services:
Offshore Information Services Offer anonymous services from Anguilla B.W.I.
Nymserver Offers anonymous e-mail and newsgroup posting, PGP, & finger info. Offers anonymous surfing and anonymous e-mail services Now offers free SSL web mail accounts
Altopia Privacy:
Altopia Privacy accounts now, Anonymous accounts later...

12. Resources:-

Back Home