How deep can you be traced online?
Most people wrongly think that clearing their cookies and hiding behind a proxy will prevent them from being traced. Let's see why it is erronenous.
Of course, hiding your IP through using a proxy, and clearing cache, is a first step. However, don't think that there isn't any alternatives for third party companies and your ISP to trace you exactly the same.
Let's review some proxy types:
- A Transparent proxy is the proxy that just hides your IP. It hides it only in appearance, for your original IP is being transmitted through HTTP values as an X value* (as it would for an email). What does that mean? Well, anybody can get your IP. *Such can be forged, but its yet another story
- An anonymous proxy is a bit better. It actually hides your IP, and won't forward it as it does with the transparent proxy, However, any OTHER personal information will go through, as we'll see laters on. Hiding the IP is just a portion of the problem.
- Stealth proxies normally hide everything. Your browser name, your IP... All that goes through at the protocol level. But it will NOT hide anything from Java, Java, and third party applications. It "just" plays at the protocol level, ie, your browser.
- Multiproxying, either through several or applications (internet security suites) will often ruin your browsing experience: imagine logging to a website with everytime a new IP and being all the times redirected to the website homepage featuring the language detected by the website that suits your IP, such as Swahili? Another issue is the terribly slow speed, and it isn't necessarily convincing in terms of security either. Stealth proxies should be sufficient in most cases.
Tunneling is a way to prevent your ISP from seeing what you do:
Using a tunneling solution, that encrypts the information between you and a server somewhere on the internet, acting as a proxy (not always a stealth one) is a solution if you want to escape your ISP, but you should understand that you won't escape from the eyes of the distant company/server that lends/sells you the tunneling service.
Furthermore, the encryption protocols used in tunneling are legal, authorized methods, falling under a legislation. It means that government agencies know the "universal pass" to break into the data. You think yourself preserved? Think again.
Many will think 'TOR' is sufficient to protect me, no need to worry! TOR is powerful, but only at the company level. TOR is a project financed (or that used to be financed) by the US Army, to provide a convenient environment for the US soldiers to communicate.
And there are yet other means to determine an identity.
The client sided high level programming languages:
Some people recommend locking Java and Java. It is a good idea if you expect to be invisible at, say, your competitor website, used in conjunction with a stealth proxy (we sometimes see some of ours attempting to connect discretely, which is rather amusing). It will lock from a certain kind of methods used to unveil the IP, or the user, if not both.
Using Java allows for the building of a fairly precise set of infomations, so precise in fact that in the end it could be reliable enough to serve as a fingerprint.
This page shows all the information we can unveil towards you and your computer.
Well, no, it isn't! You wouldn't think this would be sufficient?
A good method to determine if a visitor already came with another IP lies into the HTTP ETag, that checks if a webpage has already been cached; not all proxies filter this value. By logging the uniqueID generated by ETag, we can relate you, your IP, your machine details to previous visits. To prevent this it would need clearing your cache before every connection.
The last and most complex, but often rewarding method lies into pattern analysis. We all have a particular way to browse online, what we click, where we go, how many pages we read in one session, etc. It can be used as a fingerprint.
Applications installed on your computer can also track your browsing habits. Not always applications you'd suspect, too, and even if you aren't being betrayed by your connection at a given time, you might have someone else breach into your privacy, at the least expected level.
Finally, many websites filter or ban proxies. Your browsing experience *will* be much less amusing, especially considering that you can't connect anywhere.
Sadly, for many, "privacy online" is just empty words.
Treveur BRETAUDIERE, Beamreactor 2k10
Go back to the content summary