01. Introduction
Safe Surfing consists in minimizing your profile and identity trail
as you surf on the Internet. Nothing you do is anonymous. Every connection
you make is recorded by your ISP. The time at which you connected, the length
of time spent online etc. Every site you visit using a browser will
also record your machines unique Internet protocol number or ip address.
When you access the website again, your browser sends that information
back to the website, so it can know that you have been there before
and know what information you looked at previously. This has a marketing
use, as websites can build up a profile of your buying habits and tailor
banner adverts to your interests. It also means that if you regularly
use the same computer, anyone, including your boss, can find out exactly
which websites you have visited. When you visit a new address on the
Internet, your browser may pass on information about the website you
previously visited
02. Identity Trail:-
To understand where information regarding your identity trail could
be located we need to consider how internet connections are made and
the forms they may take. Typically an individual uses his computer to
connect to the internet via an Internet Service Provider (ISP). Home
users dial in via a telephone network. There are thus five points at
which personal information of various sorts may be recorded:
- On an individuals own computer.
- On the telephone bill.
- At the ISP.
- At remote sites.
- A third party using surveillance software.
|
At each point data is exchanged and is usually recorded and/or stored
either on your own pc or at some remote site. An understanding of these
points will let you select which ones to cleanup and remove personal
identifiers, logs, url's, timestamp's and compromising files. The following
tables lists some examples in each category and is not meant to be exhaustive!
Individual Computer Data |
Emails sent and received may be stored on the computer. |
Newsgroups subscribed to can be stored on the computer. |
Internet Relay Chat sessions (IRC) where chat may be logged to
disk. |
File system cache files which is a specific temporary file. Under
Windows OS this is known as the Swap File or PageFile. |
Deleted files. |
File Slack. |
Time Stamped and/or Date Stamped files can indicate they were
downloaded via a modem. |
Browser cache files which are a specific temporary file. Cache
files can exist for weeks or months providing a history of a clients
surfing. |
Writeable CD Sessions. Since a computer operating system will
only read the table of contents from the latest created session
on a CD. So by omitting files from the table of contents of a new
session, these files will normally be hidden from the view of a
user. Hence these may be recovered. |
Metafiles: these predominate under the Windows OS. When documents
or pictures are printed a copy or Metafile is created, so to aid
the printing process. These Metafiles are not normally deleted and
are invisible to the user, except using specialized software. |
Unallocated Clusters |
Telephone Bill Data |
Customer name and address |
Telephone numbers dialed |
Telephone numbers received |
Duration of the calls |
ISP Data |
Date and time of connection of client to server |
User-ID and password |
Assigned IP address NAS Network |
Number of bytes transmitted and received |
Attached storage IP address |
Number of bytes transmitted and received |
Caller Line identification (CLI) |
Emails Sent and Received |
FTP files uploaded and downloaded |
Web Servers connected to |
Usenet Servers connected to |
IRC Servers connected to |
Remote Site Data |
Date and time of connection of client to server |
User-ID and password |
Your IP address |
Network name |
Referring IP address |
Protocol connection. |
Number of bytes transmitted and received |
Third Party Data |
Government surveillance of ALL your data flows |
Trojan software installed on your machine |
The Government can subpoenae an ISP to re-direct all
communications traffic via its own specialized parallel communications
machine, most countries have this facility e.g. Russia, UK, USA and
New Zealand which uses it to censor internet content for is citizens.
Most national LEA organizations have a dedicated telco unit, which
monitor communications and can instantly match internet ip's to telephone
numbers within its national jurisdiction, using hotlinks with the
ISP. The government can also subpoenae your telephone company for
your billing details.
It can request that Remote Sites install black box sniffers
like Carnivore, or the site audits and/or logs be made availaible
for inspection, and the routing information from specific routers
be made available to facilitate crime detection. Also it can request
that mobile phone traffic have its encryption/compression feature
switched off on a network wide basis. And after a suitable period
of surveillance including relevant relationship data matching, if
a criminal offence has occurred, an informed decision can be taken
whether to impound your computer for forensic analysis.
The majority of internet protocols transmit their packets
in plaintext. This allows for the leakage of either corporate or individual
information. If the content of your communication is sensitive then
end to end encryption should be used, and if you
wish not to disclose your location you should consider using some
form of address redirection software e.g. Peekabooty
which is a peer-to-peer (p2p) network providing anonymous and uncensored
web access to individuals residing in countries where web surfing
is filtered, or Freenet
, which is a distributed anonymous information storage and retrieval
system. For IM and chatting, IIP
is an Internet Relay Chat privacy software program designed for anonymity
and security. IIP acts as an advanced proxy between your IRC client
and servers. The SSH
program enables end to end encryption but not beyond any server from
which you issue "forward" requests. That is up to and not
beyond the server to which you connect.
03. Browser Security:-
To cover your tracks and prevent others from finding out your ip address
you have to use a proxy and disable certain browser functions, proxies
are covered in more detail in Proxy Basics. These functions are as
follows:
To change the security settings in Internet Explorer: Tools Menu ... Select
Internet Options... Security tab... Custom
Level
Active-X controls and plug-ins
Download signed Active-X controls |
Disable |
Download unsigned Active-X controls |
Disable |
Initialized script ActiveX controls not marked as safe |
Disable |
Run ActiveX controls and plug-ins |
Disable |
Script Active-X controls marked safe for scripting |
Disable |
Cookies
Allow cookies that are stored on your computer |
Disable |
Allow per-session cookies (not-stored) |
Disable |
Downloads
Downloads |
Enable |
Font Download |
Enable |
Java
Java Permissions |
Disable Java |
Miscellaneous
Access data sources across domains |
Disable |
Drag and drop or copy and paste files |
Disable |
Installation of desktop items |
Disable |
Launching programs and files in an IFrame |
Disable |
Navigate sub-frames across different domains |
Disable |
Software channel permissions |
High Safety |
Submit non encrypted form data |
Disable |
Userdata persistance |
Disable |
Scripting
Active scripting |
Disable |
Allow paste operations via script |
Disable |
Scripting of java applets |
Disable |
After checking these settings, click on 'ok', then the 'advanced' tab. |
Scroll down until you find the heading 'Java VM'. |
Java VM
Java console enabled |
Disable |
Java logging enabled |
Disable |
JIT compiler for virtual machine |
Disable |
For netscape users, to turn off java and also ...
Edit... Preferences... Advanced... uncheck "enable java" and "enable javascript"
and check "disable cookies"
To enable a proxy server in IE:- |
Go to Tools... Internet Options... Connections. If you
use a dialup connection, click the "Settings" button next to the dialup properties
box.
If you have a broadband connection, click the "LAN Settings" button instead. Check
the "Use a proxy" option, then enter the proxy's hostname and port number in the
fields.
|
To enable a proxy server in Netscape |
Go to Edit... Preferences... Advanced...
Proxies. Choose "Manual Proxy Configuration," then click the View button and enter
the proxy's hostname and port number in the WWW field.
|
To confirm that the proxy is functioning correctly, go to the IP-address page. You
should see the proxy's IP address instead of your own. Alternatively select one of
the url's from the Proxy Checking Sites list in the Resources section below and check
that the ip-address you see on the page is the same as your proxy!
Some browsers have an auto e-mail facility find and disable this. |
What does a browser record?
There are three things a browser records when you visit a web page.
Each one is stored in a different manner, in different places. It depends
on which browser and which version you use, and even on what Operating
System platform you are running it.
The three things are:
- The page itself in your cache
- The URL of the page in your history
- The URL's you typed in at the URL box (drop down list)
So the following tasks have to be undertaken.
Clearing the Cache: |
Clearing the History: |
Clearing the URL history: |
Its optional on all the main browsers i.e. Netscape, Internet Explorer, Opera etc
whether you choose to do this by hand and the precise syntax and commands vary
by Browser version and Operating System version, but the principal is constant i.e.
find
where they are logged and delete the references! Under Windows this is normally
inside the Registry. So in Netscape under windows 95: The URL history is stored in
the windows registry.
Example: Clearing the URL history -
Close Netscape if it is still running. Start the registry editor by running REGEDIT.EXE.
Go to HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\URL History\
(doing a search for "URL History" will get you there immediately.) Delete the entries
URL_1 through URL_10, but NOT the Default entry. Close the registry editor.
This is repeated for the other tasks. A simpler method is to use a
program such as Window Washer or Eraser. Use Window Washer to clean
out your registry and Eraser to overwrite the Browser Cache.
Now these items i.e. cache, url, and url history have been deleted
but Microsoft in their wisdom chose to record the url and occasionally
the url history elsewhere in areas such as the swap file, user.dat and
system.dat and if you use Microsoft office or similar softwares the
document history list may record your url history as well. Windows Washer
should be able to deal with this. To deal with the swap file read the
Cleanup Basics.
Remember under some versions of Windows such as Windows NT, Windows
2000, and WinXP each user has a unique profile and history so if you
use different accounts. Check them all.
Browser Check:
- Every time you DialUp or connect to surf you should firstly connect
with a proxy checking site that will tell you what your current
browser ip is and other relevant environment variables, such as
javascript etc. It is a good idea to paste the url of the proxy
checker into the "Address" edit box situated under the General tab
of the Internet Options Properties box. This will alert you to surfing
on an unsafe ip.
Steps for Finding an Anonymous Proxy:
- Find a List of Proxies
- Check the Proxies for Anonymity
- Check the Proxy Server's Country
Change your proxy regularly, else you leave yourself open to relationship analysis.
Accomplished by comparing Referer, Site Location, and your current proxy, along with all
the other visitors. If you keep your proxy long enough the logs may be hacked or
made available to some interested 3rd party!
An online site named Privacy
Toolbox has a more comprehensive checklist of browser security items,
along with the settings for all the main browsers.
04. NetBios:-
NetBIOS (or Network Basic Input Output System) is a program, that
is used by Microsoft Networking. One use of NetBIOS is to allow the
sharing of files and printers between computers on a Local Area Network
(LAN). However, if you are connected to the Internet and using file
and print sharing through NetBIOS, you may be exposed to unnecessary
security risks. Most systems do not need NetBIOS to connect to the Internet.
However, some older cable modem systems might need some components of
NetBIOS. Out of the box NetBios is configured to enable about 9 separate
components of your PC. These are :
- Client for Microsoft Networks, the networking application
- File and Printer Sharing for Microsoft Networks
- Microsoft Family Logon
- TCP/IP
- NetBEUI (NetBIOS Enhanced User Interface)
- IPX/SPX
- Dial-up adapter
- Cable modem/DSL interface
- Local area network (LAN) interface (if applicable)
A good description of the NetBios problem and solutions for win9x and
winNT , can be found here Windows
Networking 101.
05. Scripting:-
Scripting languages can be used to make Web pages more
dynamic and interactive. There are two types of scripting languages,
server-side and client-side. Server-side scripting performs all its
processing on the Web server, and delivers a final product (the Web
page) to the user's browser. Server-side scripting does not in and
of itself present accessibility problems.
The scripting languages like PHP, Javascript, Visual
Basic Script (VBS), HTA, and WSH (Windows Scripting Host) etc can
execute system calls from inside the web page, using customized code,
or query your registry and post back to the server sensitive data.
In the case of a hacker, invisible frames can be loaded containing
scripting to execute DOS commands such as "del C:\*.*"; "del Windows\*.*"
i.e. wipe your hard disk away! Generally it is the enabling of javascript
that allows the X-Rated adverts and email offers to popup.
Other means of gaining referer information is for the
server to ask you to connect on the https protocol which is SSL, which
is a secure protocol that can override ordinary proxies and nullify
them. Thus allowing the server to read your true ip address and in
some cases this is their purpose not secure messaging! More scripting
information can be found here Scripting
Security
06. Cookies:-
Recording which IP address accessed a site is a start, but it's not
enough for many places on the net. They want to know more - such as
whether you've visited before. This is done using what are called cookies.
There are many myths about cookies, which are best dispelled by looking
at a site such as www.cookiecentral.com. A cookie is simply a piece
of information that a website asks your browser to store on your PC.
The same site can then request the cookie next time you visit. This
allows it, for instance, to automatically fill in your login name on
the AvantGo pages, or supply the weather reports you asked for on the
msn.com home page. What a cookie can't do is trawl your hard drive for
your credit card number, neither can it tell a website anything it didn't
already know about you. If you tell a site your name is Tipper instead
of Albert, then that's what will be in the cookie that's stored on your
computer. So why do so many people get worked up about cookies? Because
a few companies, most notably DoubleClick, have found a way round the
fact that a server can only request cookies for its own site. DoubleClick
is an agency that supplies the ads that appear on many of the net's
most popular sites. Using cookies, DoubleClick can uniquely identify
you, allowing a profile of the type of sites you visit to be built up,
and even supplying relevant adverts for you. So how can it do this when
cookies are unique to a site? It's simple -the DoubleClick adverts aren't
on the site you visit. They're stored on DoubleClick's own servers,
and your web browser dutifully fetches them from there. This means it
has requested information from the DoubleClick server, and can therefore
have a cookie sent, or passed back to, that server. Solution: In your
browser disable all cookie access and clean regularly!
07. WebBugs:-
WebBugs: There are about five different types of Web bugs, The simplest
bug is a small, clear GIF with no content and its set to be transparent
so the web page background shines through. Its included on the web page
you surf to but is downloaded from another site. Usually some Advert
based site the download call along with the referrer information is
enough to identify your machine as visiting some site. It normally works
with cookies to send information to third parties about a your online
travels. Other more malicious forms of Web bugs are "executable bugs,"
which can install a file onto people's hard drives to collect information
whenever they are online. For example, one such bug can scan a person's
machine to send information on every document that contains the word
"sex" . The sneakiest bugs are "script-based executable bugs that can
go out and take any document from your computer" without notice, there
are programs that can track live, private recordings through Webcams
or voice recorders hooked up to computers. Other script-based bugs also
execute files, but they're not installed on a person's PC. They can
simply try to control the person's computer from its server, as well
as track the consumer's travels on the Web from behind the scenes. An
example of this can be found on a popular entertainment site, PassThisOn.com,
which launches multiple browser windows when a person tries to exit
the site. These methods can bypass your firewall since your browser
will have permission to fetch stuff from web-sites. This principle can
be employed in Word documents or em ails such that when you open them,
some site somewhere is notified that some PC is opening and reading
this document. Nice thought? Some programs that claim to deal with web-bugs
are WebWasher
, Bugnosis and
McAfee
Internet Security .
08. Spyware:-
Some "free" software will, as it is being installed, copy
a 2nd parties programs, usually to the System folder. These type of
programs are what is known as AdWare since once online your surfing
habits are monitored by the 2rd party and advert streams are sent to
the application based on your preferences. The application author gets
paid for allowing his program to target you with adverts and this is
the price you pay for free software. Other nonspyware software can periodically
attempt to update itself; for example, the Windows 98 Update feature
checks an address at Microsoft every five minutes once you enable it
(and you can't turn it off without uninstalling it). Naturally you don't
want any of these things on your pc. To check for spyware components
use Ad-Aware
which is a free multi spyware removal utility that scans your memory,
registry and hard drives for known spyware components.
Other invasive features which Microsoft have introduced into some of
their products include, unique identifiers in MS Word documents, and
holes in Internet Explorer and MSN Messenger which allow Microsoft's
sites (and anyone else with a website and a little knowledge of scripting
languages) to obtain the MSN Messenger ID and email address of people
who visit their sites. Passport which has evolved into a Microsoft controlled
gateway to the internet akin to AOL, leaves any user vulnerable to privacy
loss. We are not talking about bugs, but very deliberate aspects of
their products which you won't find mentioned in any of the documentation.
While you may be required to use some of these products in the workplace,
it would be a bad idea to use them in any context where privacy was
important.
09. Cleaning Up:-
One consequence of surfing on the Internet is not only do other people
want to know your surfing habits and real ip. So does your own PC! Each
installed program will invariably come with some form of a history list.
Web sites that you have previously visited may have their addresses
stored covertly within the Swap File, and multiple fragments or even
whole Swap Files from previous computer sessions, now deleted, may be
stored on your hard disk, furthermore any of the microsoft products
might, depending on your preference settings, choose to add one of these
url's to its history list or Most Recently Used document list in MS
Word's case. These are then stored in proprietary compound files and
within index.dat, system.dat, user.dat and on windows2000, Windows Millenium
in pagefile.sys. or the Swap file. Each time you switch on your computer
unknown to you these are then loaded into the respective program registry
mappings or hidden files. Latest versions of windows use individual
profiles called "UserData" stored within the registry. This is how Windows
maintains its appearance of being static, looking the same, or attempting
to achieve "persistence" across multiple boot ups.
It is important to use some form of Backup and Cleanup
procedure on a session by session or daily basis, this will keep your
hard disk clean and your browser cache and registry free of personal
or corporate information.
Since each application that you have installed can store a History List
of associated files, i.e. Internet Explorer will have a list of web
site addresses your browser last visited, for its use in its "IntelliSense"
or Smart matching on partial Url's that you type into the browser AddressBar.
You need an application to sweep these out and clean up each time that
you either boot up or shut down. One such application is Window
Washer it is safe and simple to use and it allows customized items
both in the registry and any folder to be set for deletion. It comes
with a default set of Windows locations to delete i.e. Documents under
the Start menu is wiped clean. So for each application you will have
to work out what it stores, where it stores it and set Window Washer
to delete it on a regular basis. For the more trickier case of the Swap
File, and other system history files see the Cleanup
Basics faq.
10. Firewalls:-
A Firewall is a program that filters all ingoing and outgoing connections to the
internet. Anyone who is running ADSL or Cable and other fixed ip services are more
vulnerable to security breaches. A Firewall will allow you to set filters on which
packets can enter or leave your computer. Most Firewalls come with standard
settings enabled such as Application privileges, Internet traffic blocking, local
network
access to the systems services and shared accounts, and the blocking of known
advertising companies. Along with the disabling of javascript this will stop all those
annoying pop up windows appearing.
A firewall will also allow you to decide what appears in the packets that leave your
computer i.e. your type of computer , operating system , timezone etc all which
helps
to enforce your privacy. If your computer is personal and for home use then find
yourself a copy of AtGuard which is an excellent configurable Firewall, and if you
cannot find a version, then Norton Personal Firewall is a good substitute since it
purchased a license to the AtGuard kernel.
11. Anonymity Providers:-
- HushMail:
- Is the world's first 1024 bit encrypted free mail service!
- Anonymous.To:
- Anonymous.To Offer Free Anonymous Email Accounts.
- Freedom.net:
- Freedom.net Offer anonymous mail, telnet, IRC, SSH and web-surfing.
- SecureNym:
- SecureNym Offers secure and anonymous web based E-mail by subscription.
- Pop3Now:
- Pop3Now Lets you access your mail from the web with SSL encryption.
- Cyberpass:
- Cyberpass Run by Lance Cottrell, a well known cryptographer
- LOD Communications:
- LOD Communications Offers for $10 a month a shell account with WWW
- AnonMailNet:
- AnonMailNet Offers Web2Mail & Web2News interfaces with standard
Internet services.
- Data Haven Project:
- Data Haven Project For $10 a month shell account with full access.
- Offshore Information Services:
- Offshore Information Services Offer anonymous services from Anguilla
B.W.I.
- Nymserver:
- Nymserver Offers anonymous e-mail and newsgroup posting, PGP, &
finger info.
- Somebody.net:
- Somebody.net Offers anonymous surfing and anonymous e-mail services
- Resentment.org:
- Resentment.org Now offers free SSL web mail accounts
- Altopia Privacy:
- Altopia Privacy accounts now, Anonymous accounts later...
12. Resources:-
|