privoxy

Anonym Surfen mit Tor (Teil 1 - Installation)

Nicht immer möchte man z.B. beim Surfen seine IP-Adresse bekannt geben. TOR bietet eine gute Möglichkeit diese zu verstecken.

Zur installation:

su -c 'yum install tor privoxy'

Nun Muss noch eine Konfigurationsdatei angepasst werden. Den “.” nicht vergessen!

su -c 'vi /etc/privoxy/config'

Hier fofgendes einfügen:


forward-socks4a / 127.0.0.1:9050 .

Nun kann TOR und Privoxy gestartet werden:

su -c 'service tor start && service privoxy start'

Wenn man TOR und Privoxy nicht nach jedem Systemstart manuell starte möchte kann das auch automatisch geschehen:

su -c 'chkconfig --levels 35 tor on'
su -c 'chkconfig --levels 35 privoxy on'

Fertig.

Nun fehlt nur noch ein Plugin für den Firefox damit man mit einem Mausklick TOR an und aus schalten kann. Bewährt hat sich hier der Torbutton. Für den Firefox 5 die letzte Alpha von dieser Seite installieren:

https://www.torproject.org/torbutton/index.html.en

Überprüfen kann man dans ganze auf diversen Webseiten wie z.B. http://www.wieistmeineip.de

Viel Spass!

March Madness - Protect your Privacy

Your business and promoting your business is important.   So is your privacy.  You do not want competitors to know what you may be currently researching.  You do not want to provide any avenue where they could potentially find out what your plans are.  As a business, you may be interested to learn what your competitors are doing or what your customers think.  There remains the dilemma and conflict.

On March 1st, Google added a unified privacy policy affecting data Google has collected on you prior to March 1st as well as data it collects on you in the future. Your Google Web History (your Google searches and sites visited) was cordoned off from Google’s other products. This protection was especially important because search data can reveal particularly sensitive information about you, including facts about your location, interests, age, religion, health, and more. If you want to keep Google out of your life by combing your Web History you may want to remove all items from your Web History and stop your Web History from being recorded.

Here’s how:

Sign into your Google account.

Go to https://www.google.com/history

Click “remove all Web History.”

Click “ok.”

In the Six Tips to Protect Your Search Privacy, available from September 14, 2006 By Peter Eckersley, Seth Schoen, Kevin Bankston, and Derek Slater describes way to protect yourself.

The Electronic Frontier Foundation has developed the following search privacy tips. They range from straightforward steps to more complicated measures offering near-complete safety.

1. Don’t put personally identifying information in your search terms (easy)

Don’t search for your name, address, credit card number, social security number, or other personal information. These kinds of searches can create a roadmap right to your doorstep. They could also expose you to identity theft and other privacy invasions.

2. Don’t use your ISP’s search engine (easy)

Because your ISP knows who you are, it will be able to link your identity to your searches. It will also be able to link all your individual search queries into a single search history. So, if you are a Comcast broadband subscriber, for instance, you should avoid using http://search.comcast.net.

3. Don’t login to your search engine or related tools (intermediate)

Search engines sometimes give you the opportunity to create a personal account and login. In addition, many engines are affiliated with other services. When you log into the search engine or one of those other services, your searches can be linked to each other and to your personal account.

 •Install two different web browsers to separate your search activities from your other accounts with the search provider.

•For Google and its services, you can use the Mozilla Firefox web browser and the CustomizeGoogle plugin software. Go to http://www.customizegoogle.com/ and click “Install.” Restart Firefox and then select “CustomizeGoogle Options” from the “Tools” menu. Click on the “Privacy” tab and turn on “Anonymize the Google cookie UID.” You must remember to quit your browser after using GMail and before using the Google search engine. In addition, be sure not to select the “remember me on this computer” option when you log into a Google service.

If you are using a browser other than Firefox, you can use the GoogleAnon bookmarklet, which you can obtain at http://www.imilly.com/google-cookie.htm. You will need to quit your browser every time you finish with a Google service. Unfortunately, we currently do not know of similar plugins for other search providers.

 4. Block “cookies” from your search engine (intermediate)

If you’ve gone through the steps above, your search history should no longer have personally identifying information all over it. However, your search engine can still link your searches together using cookies and IP addresses.

Cookies are small chunks of information that websites can put on your computer when you visit them. Among other things, cookies enable websites to link all of your visits and activities at the site. Since cookies are stored on your computer, they can let sites track you even when you are using different Internet connections in different locations. But when you use a different computer, your cookies don’t come with you.

Use the following steps to allow only “session cookies,” and remember to quit your browser at least once a day but ideally after each visit to your search provider’s site.

Mozilla Firefox - apply these settings:

• From the “Edit” menu, select “Preferences”

 • Click on “Privacy”

 • Select the “Cookies” tab

 • Set “Keep Cookies” to “until I close Firefox” 12

 • Click on “Exceptions,” type in the domains of all of your search sites, and choose “Block” for all of them

If you use Microsoft Internet Explorer to surf the web:

 • From the Internet Explorer “Tools” menu, select “Internet Options”

 • Click on the “Privacy” tab and then press the “Advanced” button

 • Click on “Override automatic cookie handling”

 • Set both “first party” and “third party” cookies to “Block”

 • Select “Always allow session cookies”

5. Vary your IP address (intermediate)

 When you connect to the Internet, your ISP assigns your computer an “IP address”  Search providers – and other services you interact with online – can see your IP address and use the number to link together all of your searches. IP addresses are particularly sensitive because they can be directly linked to your ISP account via your ISP’s logs. Unlike cookies, your IP address does not follow your computer wherever it goes; for instance, if you use your laptop at work, it will have a different IP address than when you use it at home.

6. Use web proxies and anonymizing software like Tor (advanced)

To hide your IP address from the web sites you visit or the other computers you communicate with on the Internet, you can use other computers as proxies for your own – you send your communication to the proxy; the proxy sends it to the intended recipient; and the intended recipient responds to the proxy. Finally, the proxy relays the response back to your computer. All of this sounds complicated, and it can be, but luckily there are tools available that can do this for you fairly seamlessly.

Tor (http://www.torproject.org) is a software product that encrypts then sends your Internet traffic through a series of randomly selected computers, thus obscuring the source and route of your requests. It allows you to communicate with another computer on the Internet without that computer, the computers in the middle, or eavesdroppers knowing where or who you are. Tor is not perfect, but it would take a sophisticated surveillance effort to thwart its protections.

You also need to make sure your messages don’t reveal who you are. Privoxy (http://www.privoxy.org) helps with this, because it strips out hidden identifying information from the messages you send to web sites. Privoxy also has the nice side benefit of blocking most advertisements and can be configured to manage cookies. (Privoxy comes bundled with Tor downloads.)

You can also use web proxies like Anonymizer’s (http://www.anonymizer.com) Anonymous Surfing. This option is more user-friendly but possibly a less effective method of anonymizing your browsing. Anonymizer routes your web surfing traffic through their own proxy server and hides your IP address from whatever web sites you visit.

Tor and Privoxy downloads and instructions can be found here: http://www.torproject.org/download.html.en

Ad blocking done right

If you’re like me, you’ve probably been running adblock plus in Firefox for years. It’s not because you don’t want to support the sites you visit: maybe you specifically unblock domains that you know use unintrusive ads, like reddit. Rather, it is usually the implementation of most web ads that is problematic. Maybe they:

  • Are flash and play sound
  • Take up screen real-estate
  • Slow down your internet connection
  • Set hundreds of cookies and track your browsing
  • Slow your web browser, eating CPU cycles

Regardless of the reason, Adblock extensions to the web browser are a reasonable first step toward speeding up and maintaining control of your browsing experience. Ghostery and NoScript are two other fine extensions that take further steps toward this goal.

Why Adblock Plus isn’t good enough

Adblock Plus isn’t perfect. I don’t just mean its blocking abilities; the filter lists are very good. The problem is we are filtering content at our web browser. This impacts Firefox’s overall responsiveness, it is detectable (Adblock doesn’t replace ads, only removes them), and it is not very cross-browser. My Adblock Plus on Firefox and Adblock Plus on Chromium are not synchronized. If I block some content on one, I must either devise a system for them to automatically share filter lists (a waste of time) or manually synchronize them (a bigger waste of time).

It also is antithetical to what a web browser should be doing: browsing the web. Not filtering content. Filtering is simply not the job of the browser.

Moreover, I cannot implement Adblock Plus in any sort of gateway format. Maybe this doesn’t matter to you, but it impacts one of my future projects: my plan is to eventually use a powerful single-board computer in conjunction with a pair of Ethernet switches, openvpn, DNSMasq, and iptables to create a powerful, centralized filtering service for my network traffic. This lets me offload filtering services from my main computer, which needs its CPU power to compile things and crunch numbers with mathematica, not filter, secure, and log network traffic.

This is why Adblock Plus on Android is implemented as a local proxy and not any other design choice. It is simply more powerful that way, and it means Adblock does not care what the web browsers are doing, and the web browser does not care about the logic of the content filtering service.

A better adblock

I use a localized privoxy for my filtering. It is customizable and uses powerful regex-based filtering like Adblock does, but it is wholly separated from the guts of your web browsers. This means you can share the filter lists between browsers, choose which browsers use it and which don’t on the fly, use the same popular filter lists from Adblock Plus, and much, much more.

All content that enters your web browser is now at the mercy of your filtering software. This includes cookies, HTTP headers, and even DNS requests if you’re willing to go the SOCKS route.

Privoxy is completely customizable, in all of these areas, from both simple and well-documented configuration files or a web interface that is disabled by default. It offers multiple levels of default configurations, from basic, very safe settings to filtering-rich configuration to all-out complete control over HTTP behavior.

To use it, you just start the service, then change your browser’s proxy settings to point HTTP and HTTPS traffic to

 localhost:8118

Then you will want to edit the configuration files. Then, to configure blocking, you can use privoxy-blocklist.sh and set it as a cronjob if you want regular updates. Otherwise, Privoxy provides great defaults at the medium level of filtering, and user customizations can be added in the file

/etc/privoxy/user.action

in the form of regex + actions as documented in the default action file. Ideas can be found in the various adblocking filterlists out there, but the final decisions are yours.

This is the method I use, since it forces me to regularly spend time in the privoxy configurations, tweaking and improving the more advanced features that are provided. I suggest playing around with Panopticlick and wireshark to get an all-around idea of how your browser is behaving, then adjusting the privoxy settings to taste.

If you are not willing to tinker with this software, then the improvement gained over Adblock Plus is worthwhile but minimal. But for the power user or system administrator, the difference is huge.