Quick Guide to Online Anonymity: Types of Encryption, Traffic Protection, and Software Selection

No matter your reasons for encrypting your internet communications—whether it’s to protect your personal data, bypass government restrictions, or for other motives—today, ordinary users have access to a wide range of strong encrypted protocols and software. In this article, we’ll cover all the main classes of these solutions (even if some are well-known), discuss their reliability, and look at available implementations.

Proxy Servers

Proxy servers are the most accessible way to anonymize your traffic: they’re cheap and widely available. The principle is simple: a proxy acts like a mail carrier, delivering your letters (data) while erasing the sender’s name, and bringing the response directly back to you.

Originally, this technology was designed to protect internal corporate networks from the wider internet (employees accessed the internet through a gateway), but it became the first historical method for anonymizing traffic.

How Proxy Servers Work

When using a proxy, your computer redirects all its requests through an intermediary (the proxy server), which then requests data from websites on your behalf. Proxy servers are specialized, so each type of internet connection has its own proxy type. For example, FTP (File Transfer Protocol) uses FTP proxies. Let’s look at three main types of proxy servers:

• HTTP and HTTPS Proxies: These only work with HTTP requests. The difference is that HTTPS encrypts data, while HTTP does not. HTTP proxies are not recommended—they only change your IP address and do not protect your data. Be careful when choosing a proxy server, as some may not only fail to protect your data but could also expose your identity.

INFO: Pay attention to the server type—transparent proxies do not hide your identity, while anonymous proxies do.

To use a proxy, simply find or set up a trusted server and enter its details in your browser’s network settings.

• SOCKS Proxies: Used by applications that don’t use HTTP/HTTPS or lack built-in proxy support. SOCKS proxies do not reveal your IP, so anonymity is not a concern. However, SOCKS itself does not provide encryption; it’s just a transport protocol. Tools like Shadowsocks can be used for this purpose.

There are different versions: SOCKS4 and SOCKS5. It’s strongly recommended to use SOCKS5, as it offers more features and better security (like login/password support and DNS requests). Shadowsocks is an enhanced version of SOCKS5, offering strong encryption, traffic obfuscation, and the ability to bypass various blocks. Clients are available for both computers and smartphones.

To use SOCKS in common programs, you don’t need anything special. Firefox and µTorrent have built-in support. For Google Chrome, use the Proxy Helper extension. Universal programs like SocksCap or ProxyCap are also available.

You can find lists of free HTTP, HTTPS, and SOCKS proxies via search engines or on Wikipedia.

VPN

VPN (Virtual Private Network) was not originally designed for traffic protection or anonymity. Its purpose was to connect computers into a single network, even if they were far apart. The key feature is that VPN connections are always encrypted, as they were used in corporations to connect multiple branches to a main office.

VPNs have two modes: connecting two local networks over the internet, and connecting a single computer to a remote local network (remote access). The latter became the basis for personal VPN use. VPN data protection is provided by two main techniques, often used together:

• PPP (Point-to-Point Protocol): Protects at the data link layer, ensuring a stable connection and providing encryption and authentication.
• PPTP (Point-to-Point Tunneling Protocol): An extension of PPP, establishing two connections (main and control). However, PPTP was developed in 1999 and is now considered insecure—its encryption methods are weak and vulnerable to automated decryption. PPTP is not recommended due to serious vulnerabilities in both authentication and encryption.

A newer protocol built on top of PPP is L2TP (Layer 2 Tunneling Protocol). Its main goal is to regulate network communication, not necessarily to protect it. L2TP is also used for connecting ATMs to bank offices, which is a testament to its reliability. However, L2TP itself does not provide encryption.

To protect data within L2TP, IPsec (IP security) is usually used. IPsec encrypts the contents of IP packets, protecting both the data and headers, so outsiders can’t see the sender. Only the tunnel mode is used for VPNs.

IKE and IKEv2 (Internet Key Exchange): These are strict encryption and data protection algorithms used exclusively with IPsec, serving as its security layer. They are the foundation for most modern VPN solutions.

With the spread of SSL and TLS, PPP was extended to SSTP (Secure Socket Tunneling Protocol), which works over SSL, providing strong encryption and packet loss protection. However, SSTP was developed by Microsoft, which collaborates with governments, so use it with that in mind.

OpenVPN is the most popular solution for secure connections. It’s open-source and highly secure, making it trustworthy. Setting it up usually takes just a few minutes.

SoftEther is a multi-client that works with the above protocols, including OpenVPN, and has its own protocol that’s just as secure.

Below is a summary table comparing these VPN protocols:

Tor

Tor (The Onion Router) is one of the best tools for online anonymity. It provides triple-layered data protection and traffic anonymization.

As the name suggests, Tor uses “onion routing”: your data is the core, and each layer of protection is like a layer of an onion. Each intermediate Tor server removes one layer, and only the third (final) server accesses the core and sends the request to the internet.

The system is supported by thousands of volunteers worldwide who fight for privacy and human rights. For each website, a unique chain of Tor servers is built, providing complete protection: every site sees you as a new identity.

Tor’s major advantage is its stability and strong focus on anonymity. Thanks to the efforts of many experts, it even works in China, a country known for strict censorship and harsh penalties for bypassing blocks.

To make things easier, developers created the Tor Browser, based on Firefox, with added extensions to prevent websites from tracking you. For example, HTTPS Everywhere forces websites to use encryption, and NoScript disables scripts, preventing data collection.

You can download Tor and its browser from the official Tor Project website.

DPI (Deep Packet Inspection)

Unfortunately, all these tools can become useless if your ISP uses DPI (Deep Packet Inspection)—a system for deeply analyzing network traffic. DPI aims to block anything that doesn’t look like normal user activity, which includes most anonymization methods. As a result, these programs may fail or not work at all.

However, there are ways to fight back. Most of the above tools have add-ons to help bypass DPI. For example, Shadowsocks has built-in DPI protection and pretends to be a regular connection to a remote server.

OpenVPN is easily detected by DPI, but stunnel can help by masking the VPN tunnel as an SSL connection, making it look like ordinary HTTPS traffic. Blocking such tunnels is difficult, as it risks blocking all HTTPS traffic.

The tls-crypt mode, introduced in OpenVPN 2.4, also helps bypass DPI by encrypting VPN traffic.

Tor Browser developers are actively working on DPI circumvention. When connecting to Tor, you can use a transport layer (bridge) to ensure a smooth connection to the first secure server. You can choose a public bridge or get a personal one from the official Tor Bridges site.

The most effective method is obfs4, an obfuscator that scrambles data so it can’t be identified on the network. DPI usually lets such packets through, as it can’t determine what’s inside.

There are also programs that try to trick DPI by splitting packets or changing headers, such as GoodbyeDPI or Green Tunnel with simple graphical interfaces. These don’t hide your IP or data but can bypass blocks.

A comprehensive solution is the Streisand project (with a Russian description on GitHub). This tool quickly deploys and configures several data protection services on a remote server and provides detailed instructions.

Conclusion

There are many technologies at various levels designed to keep you safe and anonymous online. Some are time-tested, while others help fight the latest censorship methods. Thanks to these tools, we can still remain invisible—just remember to use them.