What is the best way to keep your web access on a network untraceable?
October 4, 2012 6:55 PM Subscribe
What is the best way to keep your web usage on a network hidden from anyone who might be snooping packet traffic?
If I setup Firefox to use a web proxy, could the owners of a gateway I use track my web usage beyond me having a connection to a web proxy?
Essentially I'm looking for the best way to not get picked up by any sort of analysis software (for instance, router logs or even packet sniffers) running on a network. Or at minimum only have the appearance of being connected to a web proxy address to anyone who may be monitoring traffic.
I have a VPN connection that I've setup on my home network, and currently that is what I use. I think (err..hope) it is a secure tunnel that shields me to some extent... I don't like it though because I don't like the constant connecting/disconnecting. It would be nice if I could just configure a web browser, such as Firefox, to go through a secure web proxy so I know that activity done in that window cannot be seen by whoever might be monitoring traffic.
Are there any particular web proxy services you can recommend? I'm considering setting up one using my home connection but I only have a 3mbps upload stream (but I'm already paying for the connection so why not). I don't really care if a connection to my home IP address is logged. Its a pretty useless number, and I suppose it links to my identity but I don't really care about that because I'm not doing anything illegal (I just want an extra layer of privacy when operating on public networks for instance). This isn't to get around any internal firewall blocks; nothing like that.
Thanks for your advice.
If I setup Firefox to use a web proxy, could the owners of a gateway I use track my web usage beyond me having a connection to a web proxy?
Essentially I'm looking for the best way to not get picked up by any sort of analysis software (for instance, router logs or even packet sniffers) running on a network. Or at minimum only have the appearance of being connected to a web proxy address to anyone who may be monitoring traffic.
I have a VPN connection that I've setup on my home network, and currently that is what I use. I think (err..hope) it is a secure tunnel that shields me to some extent... I don't like it though because I don't like the constant connecting/disconnecting. It would be nice if I could just configure a web browser, such as Firefox, to go through a secure web proxy so I know that activity done in that window cannot be seen by whoever might be monitoring traffic.
Are there any particular web proxy services you can recommend? I'm considering setting up one using my home connection but I only have a 3mbps upload stream (but I'm already paying for the connection so why not). I don't really care if a connection to my home IP address is logged. Its a pretty useless number, and I suppose it links to my identity but I don't really care about that because I'm not doing anything illegal (I just want an extra layer of privacy when operating on public networks for instance). This isn't to get around any internal firewall blocks; nothing like that.
Thanks for your advice.
Do you mean "I don't want anyone to see what data I'm moving up and down"? Forcing SSL can do that, especially if you couple that with a proxy that guarantees SSL between you and it. There are, however, weaknesses in SSL/TSL that are beyond the scope this reply that can compromise this. I'll also mention that if it's a corporate configured machine, all bets are off.
Do you mean "I don't want anyone to see what URL I go to"? That's a VPN.
Be aware, however, that these techniques are usually very, very easy to spot. So anyone interested in knowing what you are doing will know pretty much immediately you're trying to hide what your doing.
posted by kjs3 at 7:07 PM on October 4, 2012
Do you mean "I don't want anyone to see what URL I go to"? That's a VPN.
Be aware, however, that these techniques are usually very, very easy to spot. So anyone interested in knowing what you are doing will know pretty much immediately you're trying to hide what your doing.
posted by kjs3 at 7:07 PM on October 4, 2012
I have one browser on my computer that's set to use a secure tunnel to my private proxy server that I use for private browsing. I also have the browsers on my laptop and phone set to use that proxy server for all traffic to prevent snooping.
What I use is a Squid web proxy on the server and Stunnel on both ends to secure the traffic to and from the proxy server.
posted by atrazine at 7:14 PM on October 4, 2012
What I use is a Squid web proxy on the server and Stunnel on both ends to secure the traffic to and from the proxy server.
posted by atrazine at 7:14 PM on October 4, 2012
> I have a VPN connection that I've setup on my home network, and currently that is what I use. I think (err..hope) it is a secure tunnel that shields me to some extent... I don't like it though because I don't like the constant connecting/disconnecting. It would be nice if I could just configure a web browser, such as Firefox, to go through a secure web proxy so I know that activity done in that window cannot be seen by whoever might be monitoring traffic.
Yes, you're right about the VPN. Anyone packet sniffing will simply see a encrypted traffic to the VPN's IP address and not know anything else about it. (By comparison, simply visiting, say, gmail over HTTPS, the data will be encrypted -- so they can't read your email -- but they do see that it's between your computer and gmail).
My understanding is that a web proxy is not as secure. It many cases only HTTP and HTTPS traffic is forwarded through the proxy. Other types of traffic, say DNS lookups (which map domain names to IP addresses) do not go through the proxy. So someone packet sniffing will see "Hm, that computer just issued a DNS request for gmail.com. Ah, and now that computer has encrypted traffic to a web proxy, which out of context tells me nothing but in context I can deduce is gmail."
But why don't you test it? Download Wireshark, fire it up, connect to your VPN, and see what kind of data leaks out.
If your scenario is: "I'm at a coffee shop, and I want to wrap all my outgoing and incoming internet traffic in a nice secure tunnel, with only the IP addresses of each endpoint exposed", then a VPN is the way to go. The connecting/disconnecting shouldn't be too much of an issue. Mine takes maybe 10 seconds to get configured whenever I open my laptop, or re-enable it after disabling it, and then I don't notice it anymore. I use tunnelblick to manage the VPN connection, and host my own openvpn server on my Linode which I'm already paying $20/mo for, for other reasons, but apparently you can set up an openvpn on AWS for about $0.50/mo.
I followed this tutorial to set mine up.
posted by losvedir at 7:34 PM on October 4, 2012 [7 favorites]
Yes, you're right about the VPN. Anyone packet sniffing will simply see a encrypted traffic to the VPN's IP address and not know anything else about it. (By comparison, simply visiting, say, gmail over HTTPS, the data will be encrypted -- so they can't read your email -- but they do see that it's between your computer and gmail).
My understanding is that a web proxy is not as secure. It many cases only HTTP and HTTPS traffic is forwarded through the proxy. Other types of traffic, say DNS lookups (which map domain names to IP addresses) do not go through the proxy. So someone packet sniffing will see "Hm, that computer just issued a DNS request for gmail.com. Ah, and now that computer has encrypted traffic to a web proxy, which out of context tells me nothing but in context I can deduce is gmail."
But why don't you test it? Download Wireshark, fire it up, connect to your VPN, and see what kind of data leaks out.
If your scenario is: "I'm at a coffee shop, and I want to wrap all my outgoing and incoming internet traffic in a nice secure tunnel, with only the IP addresses of each endpoint exposed", then a VPN is the way to go. The connecting/disconnecting shouldn't be too much of an issue. Mine takes maybe 10 seconds to get configured whenever I open my laptop, or re-enable it after disabling it, and then I don't notice it anymore. I use tunnelblick to manage the VPN connection, and host my own openvpn server on my Linode which I'm already paying $20/mo for, for other reasons, but apparently you can set up an openvpn on AWS for about $0.50/mo.
I followed this tutorial to set mine up.
posted by losvedir at 7:34 PM on October 4, 2012 [7 favorites]
SSL doesn't conceal endpoints, so an observer could still tell you're connecting to metafilter.com although they couldn't tell which pages you're viewing on Metafilter or what content you're uploading/downloading.
To conceal endpoints from a local area observer, you need to VPN outside of the local net. So you're on the right track with that. And then the observer, will still be able to tell your volume of data, although it will be opaque.
You could also use a cellular connection like tethering your computer to your smartphone or one of those Netzero access points to bypass the local network entirely.
posted by qxntpqbbbqxl at 8:13 PM on October 4, 2012
To conceal endpoints from a local area observer, you need to VPN outside of the local net. So you're on the right track with that. And then the observer, will still be able to tell your volume of data, although it will be opaque.
You could also use a cellular connection like tethering your computer to your smartphone or one of those Netzero access points to bypass the local network entirely.
posted by qxntpqbbbqxl at 8:13 PM on October 4, 2012
If you do go the proxy route, make sure you tell Firefox to do DNS lookups through the proxy as well. (For some reason this isn't the default behavior for that browser.)
posted by ethand at 8:55 PM on October 4, 2012 [1 favorite]
posted by ethand at 8:55 PM on October 4, 2012 [1 favorite]
Just to second something qxntpqbbbqxl mentioned -- You might be able to hide what you're doing from someone who might be watching you but whoever that is will still be able to see that you're moving x amount of data through their network.
posted by Gev at 5:10 AM on October 5, 2012
posted by Gev at 5:10 AM on October 5, 2012
« Older Fillin' in the Nilsson Schmilsson | Not trying to be in control for the actions of... Newer »
This thread is closed to new comments.
posted by duckstab at 6:59 PM on October 4, 2012