Online Privacy Basics

[ Internet ]
Tor Network
Socket Proxys
Wingates

[ Computer/Files ]
Privacy Basics
OpenPGP/GPG
Steganography
Secure Deleting


Privacy Basics

Never give out your real name, phone #, or address unless you have no other choice. Be sure to get free email accounts that again have false information. Use this same mind set for all your online accounts when ever possible. Use Tor or Proxys of some kind to hide your tracks. Use encryption. Ask goog how you can manage your cookie intake so you only get cookies from sites that absolutely need to have cookies to function, like gmail or yahoo. Be sure you know what your downloading and scan it before you run or install it. Keep your OS and other software patched and up to date. Be sure your not being pharmed when you login to your online accounts. Scan your computer for unwanted software weekly. Trust NO ONE!!

Top——————————————————————————–
Tor Network

Tor used with Privoxy has been said to offer the best anonymity one can get online.
Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data, managing HTTP cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. Privoxy has application for both stand-alone systems and multi-user networks.

Privoxy is based on Internet Junkbuster.

You can download Tor and Privoxy from tor.eff.org. If you use the Tor network i request that you also set up tor to run as a rely for the network

It has been said that if you can control a very large amount of Tor node servers you can still track users traffic but i have not seen any really evidence of this. It has also been said that the worlds governments control many Tor nodes. The only way to combat this is to get more relays in the wild. So again i say if your going to use Tor set it up as a relay, it will only imporve your anonymity and make it harder for big brother to track our every e-move.

Remember Tor is not to be used for p2p traffic, that much load would likely break the network and fuck it up for the rest of us so keep your Tor usage to http, chat, and email ok. Thats a good boy.

Top——————————————————————————–
SOCKET Proxys

Socket proxys “the kind of proxys you need to configure you browser to use”. To learn how to set proxys in your browser try looking in the help files or ask goog. Now the wikipedia def of a proxy is:

“In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client. A proxy server may optionally alter the client’s request or the server’s response, and sometimes it may serve the request without contacting the specified server. In this case, it would ‘cache’ the first request to the remote server, so it could save the information for later, and make everything as fast as possible.

A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.

A proxy server can be placed in the user’s local computer or at specific key points between the user and the destination servers or the Internet.”

The key words here are “The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client.” So in other words you tell the proxy server you want google.com’s home page and the proxy server will ask goog for the info then send it back to you, so you never connect to google so google never knows it was you or more specifically your ip that made the request. That being said not all proxys offer anonymity, some just forward your request to the intended target with out altering the ip or other header information, which is some times called a passthru proxy. Later i will go into how to tell if you have a anonymous proxy or just a passthru one, but first we have to find a proxy to use. There are a number of site that actively keep up-to-date lists of proxy servers. Many programs exist that scan the internet to sniff out proxy servers, you can search goog for both.

There are also a number of so called “web proxy” services in the wild that do offer some extra options and or anonymity functions like the option to edit the user agent data in the headers and more. For the most part however these are really nothing more then a front end to a proxy server.

Once you find a proxy and configured your browser to use it you can test it to make sure it provides the kind of anonymity your looking for HERE

There is also a lot of programs that set up proxy chains “connecting to multi proxy servers in the same session before connecting to the target” for even greater browsing anonymity. Try goog to find a few.

Remember proxys are not to be used for p2p traffic, that much load would likely break the proxy and fuck it up for the rest of us so keep your proxy usage to http, chat, and email ok. Thats a good boy.

Top——————————————————————————–
Wingates

One of the greatest advantages telnet has over ssh, well the only advantage is that it can use wingates to get around the internet and hide your IP. Wiki says:

“WinGate is an Integrated Gateway Management system for Microsoft Windows, providing firewall and NAT services, along with a number of integrated proxy servers and email services (SMTP, POP3 and IMAP servers).

In the mid to late 1990s, WinGate was almost ubiquitous in homes and small businesses that needed to share a single Internet connection between multiple networked computers. The introduction of Internet Connection Sharing in Windows 98 however, combined with increasing availability of cheap NAT-enabled routers, forced WinGate to evolve to provide more than just internet connection sharing features. Today, focus for WinGate users is primarily access control, reporting, bandwidth management and content filtering.”

We are most interested in the fact that so many different services can use this proxy and it works very well with telnet. There is a few scanners out there that look for wingates. Try goog with Winscan or Wingate Scan 3.0

Once you find a open wingate or two open telnet and connect to the wingate ip and port 23 “the default wingate port” and you should get something that looks like:

wingate>

Now you can connect to your target or other wingate server like this:

wingate> www.google.com:80

or

wingate> oth.er.wingate.ip //No port number is needed, wingate send connects to port 23 by default

All the while the target never sees your real ip.

Remember wingates are not to be used for p2p traffic, that much load would likely break the wingate and fuck it up for the rest of us so keep your wingate usage to telnet hacking. Thats a good boy.

Top——————————————————————————–
OpenPGP/GnuPG

OpenPGP/GnuPG is one of our greatest tools to maintain top notch privacy and our best weapons against the man. OpenPGP/GnuPG can encrypt files on your hard drive, Email messages, IM, and more. It was once said that OpenPGP/GnuPG is the ultimate in privacy. Wiki says:

“GNU Privacy Guard (GnuPG or GPG) is a replacement for the PGP suite of cryptographic software. GnuPG is completely compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis’ Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. Although some older versions of PGP are also interoperable, not all features of newer software are supported by the older software.
GPG is a part of the Free Software Foundation’s GNU software project, and has received major funding from the German government. Released under the terms of version 3 of the GNU General Public License, GPG is free software.”

OpenPGP/GPG uses Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. In public key cryptography, a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed. Incoming messages would have been encrypted with the recipient’s public key and can only be decrypted with his corresponding private key. The keys are related mathematically, but the private key cannot be practically derived from the public key. So you give out your public key to your friends, they encrypt a file using your public key and send it to you. From there you take the file and decryption it using your private key.

OpenPGP/GnuPG software is available for both Linux and Windows operating systems. It has been built into many chat, and IM programs. There have even been a few operating systems built around these types of software like WHAX and the new GnuPG operating system. The OpenPGP/GnuPG community also have access huge public key databases to make sharing keys much easier. OpenPGP/GnuPG has move then proved it self in wild and will likely be a main stay in personal privacy for many years to come.

Top——————————————————————————–
Steganography

We have all seen this in the movies and on TV. The spy hides stolen government files in pictures or an email to elude the half witted adversarys and saving the world as we know it. Its all so cool and sexy that it doesnt seem real, its more like movie magic then life. The truth is that its all real and you can do it sexy just like 007. Its called steganography, there are a number of programs out there to aid in your persuite of privacy i will show you a truly hacker way to implement steganography with the software you likely already have on your computer. First heres what wiki says about steganography.

“Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. By contrast, cryptography obscures the meaning of a message, but it does not conceal the fact that there is a message. Today, the term steganography includes the concealment of digital information within computer files. For example, the sender might start with an ordinary-looking image file, then adjust the color of every 100th pixel to correspond to a letter in the alphabet — a change so subtle that someone who isn’t actively looking for it is unlikely to notice it.”

Now like i said there are lots of software packages out there some are free, some are not so go ask goog where to find one. As promised i will show you the hacker way of implementing steganography with software you likely already have on your PC, this only works in winblows 🙁

Basically, you create a .rar archive of your to-be-hidden file, then run a copy command from the Windows command line (with the /b binary switch) to embed your secret file in your image. After you complete the process, you can open and view the JPEG like any other image – the only thing that might tip off that the image has got a secret is a potentially bloated file size. To grab the secret file, you just use WinRAR to extract the file from the image. Heres what it looks like when you do it in the command line:

C:\>copy /b anyimage.jpg + secret.rar leetsecret.jpg

anyimage.jpg is the original everyday jpg file. secret.rar is the stuff we want to hide and leetsecret.jpg is the file that holds them both. And that my friends is how hackers do steganography.

Top——————————————————————————–
Secure Deleting

Secure deletion is a tricky thing, see when you “delete” a file from your OS you only delete references to the real raw data on your hard drive and not the actual data on the disks. Then over time as the hard drive writes new data over the so called deleted data starts to degrade, leaving plenty of time for the data to be recovered by the bad guys if your hard drive were to fall in the wrong hands. To securely delete the data from your hard drive it requires several passes of writing data of your hard drives read/write head to make the data unrecoverable. There are a number of programs for both windows and linux that do that and often go a step further by encrypting the data with a random key. A good secure delete app will over write the data you wanted securely deleted 35 or more times to ensure it can never be recovered. Ask goog about secure delete to a get a nice long list of programs to do all this for you.

Top——————————————————————————–

EOF

2 thoughts on “Online Privacy Basics

Leave a Reply

Your email address will not be published. Required fields are marked *