Internet Anonymity: All Methods, Pros and Cons (Brief Overview)

Let’s talk about the well-known ways to stay anonymous online. This is useful information for both beginners and experienced users.

Proxy Servers

Generally, a proxy server acts as an intermediary between a client and a destination. In terms of anonymity, there are several types of proxy servers:

• HTTP (web) proxies: These only handle HTTP traffic and, by default, add information about the use of a proxy to the transmitted data.
• SOCKS proxies: Unlike HTTP proxies, SOCKS proxies transmit all information without adding anything. The SOCKS protocol operates at the session layer of the OSI model, making it independent of higher-level protocols like HTTP, FTP, POP3, etc. This allows SOCKS to handle all types of traffic, not just HTTP.
• CGI proxies or “anonymizers”: These are essentially web servers with a form where the client enters the desired website address. The requested page opens, but the browser’s address bar shows the CGI proxy’s address. CGI proxies can use HTTPS to secure the connection between the client and the proxy.

Pros of proxy servers:

• Proxies are cheap, and there are many free options available online.

Cons of proxy servers:

• You have to trust the proxy server.
• For HTTP proxies, you need to filter HTTP headers like “HTTP_X_FORWARDED_FOR,” “HTTP_VIA,” “HTTP_FORWARDED,” etc.
• Proxy protocols (HTTP, SOCKS) do not support encryption between the proxy and the client. An SSL proxy only means you can access HTTPS resources.
• Proxy chains are inefficient.
• You need to configure the proxy for each application or use special software like Proxifier.

VPN/SSH

Here, VPN also refers to SSH tunnels, as the basic principle is the same despite some differences.

Currently, commercial providers offer the following VPN protocols:

• PPTP: Widely used, fast, easy to set up, but considered the least secure.
• L2TP + IPSec: L2TP provides transport, while IPSec handles encryption. This combination offers stronger encryption than PPTP, is resistant to PPTP vulnerabilities, and ensures message integrity and authentication.
• OpenVPN: Secure, open-source, widely used, can bypass many blocks, but requires a separate client.
• SSTP: As secure as OpenVPN, doesn’t require a separate client, but is limited to certain platforms (Vista SP1, Win7, Win8).

Most commercial VPN providers offer a choice between OpenVPN and PPTP, less often L2TP+IPSec, and only a few offer SSTP. Some services provide “DoubleVPN” (traffic passes through two VPN servers in different countries) or even “QuadVPN” (four servers, user-selected and ordered).

According to a study by torrentfreak.com, most VPN providers claim not to keep logs, or if they do, only for a very short time and not enough to identify a user. They also state that it’s very difficult to force them to hand over any data.

Pros of VPN/SSH:

• Fast and convenient; no need to configure each application separately.

Cons of VPN/SSH:

• You have to trust the VPN/SSH server or provider.

Most browser add-ons and “anonymity programs” use proxy or VPN servers to hide the client’s IP address.

Tor: The Great and Terrible

Tor is a system of routers where the client connects to the Internet through a chain of nodes, usually three. Each node only knows its immediate neighbors, so no single node knows both the client and the destination. Tor encrypts messages separately for each node, and only the exit node sees the unencrypted traffic.

Currently, Tor has 10 authoritative (directory) nodes, about 4,200 relay nodes, and around 900 exit nodes.

Note: Return traffic is unencrypted, but at the exit node, it’s encrypted with a temporary symmetric key and passed along the chain. The traffic itself is encrypted with symmetric keys, which are then encrypted with asymmetric keys.

Tor is often criticized for not providing absolute security for all types of traffic or protection against global surveillance. However, it does provide a high level of anonymity for HTTP traffic if all recommended rules are followed. See: Tor Project Download

Pros of Tor:

• High level of client anonymity if all rules are followed.
• Easy to use (download Tor Browser Bundle, run it, and you’re set).

Cons of Tor:

• Exit traffic can be monitored.
• Low speed.
• Presence of directory servers.

There are always doubts about Tor’s reliability and anonymity. A detailed analysis will be provided in future articles.

I2P

I2P is an anonymous network that operates on top of the Internet. It has its own websites, forums, and other services. Architecturally, it is fully decentralized and does not use IP addresses anywhere.

Key concepts in I2P:

• Tunnel: A temporary, one-way path through a list of nodes. There are inbound and outbound tunnels.
• NetDb (network database): Distributed among all I2P clients, it stores information on how to connect to specific recipients.

NetDb stores:

• RouterInfos: Contact data for routers (clients), used to build tunnels (essentially cryptographic identifiers for each node).
• LeaseSets: Contact data for recipients, used to link outbound and inbound tunnels.

As of early 2013, I2P had about 25,000 routers and 3,000 LeaseSets.

I2P can access the Internet through special outproxies, but these are unofficial and generally less secure than Tor’s exit nodes. The I2P developers recommend: “If you want the Internet, use Tor.”

Pros of I2P:

• High level of client anonymity.
• Full decentralization, making the network resilient.
• Data confidentiality: end-to-end encryption between client and recipient.

Cons of I2P:

• Low speed.
• “Own Internet” (separate from the regular web).

Other Tools

There are dozens of other projects dedicated to Internet anonymity, not counting browser add-ons and anonymity programs. Many less popular solutions are either already compromised or not yet widely studied by the global expert community. Some promising projects include:

• Freenet
• GNUnet
• JAP (John Donym, based on Tor)
• RetroShare
• Perfect Dark

There are also anonymous networks based on Wi-Fi, which allow independence from Internet providers. Examples include:

• Byzantium Project
• Netsukuku
• B.A.T.M.A.N (Better Approach To Mobile Ad-hoc Networking)

Conclusion

To quote the I2P project: “There is no clear threshold for anonymity after which you can relax — we are not trying to create something ‘absolutely anonymous,’ but are working to make attacks on such a network increasingly ‘expensive’ for attackers.”

In reality, the technical side is only a small part of Internet anonymity. The reliability of any scheme depends on the resources and time that can be spent to compromise it.