Surfing anonymously and with little trace

Surfing anonymously
and with little trace

September 17th, 2022
by Kire, Momo, Marlon, Niko
(translated by Panos)

Digitale Gesellschaft
Digital Society

A non-profit organisation that provides information and advice on consumer and legal issues in the digital space, assesses technology impacts with regard to possible effects on basic and human rights and offers services, software projects and workshops on "digital self-defense".

Digitale Gesellschaft fights for our rights of freedom in a networked world.

Introduction
Part 1: Surfing with little trace
Part 2: Surfing anonymously
Summary

Introduction

Where is the danger?

Where do we leave traces?
Who are the actors?

Internet & World Wide Web

A quick overview

We leave diverse traces

At the visited Webservers

and on all other servers from which content is downloaded on behalf of a page visited

During data transfer
Locally on the Computer/Smartphone

Who are the actors?

Server operators

Server's log files analysis
Possibly through Google Analytics
Example:
"Neue Zuercher Zeitung AG" has accessed the page "Call for demonstration" three times today

Who are the actors?

Trackers

Advertisement networks, Google, Facebook & Co.
Traceability & identification
Profile building

Who are the actors?

State surveillance

Within criminal cases
"Prevention" through intelligence services
Data retention & tapping fiber-optic communications

Source: Wikipedia

Illustration: extended ip stack connection

Part 1: Surfing with little trace

Browser traces
Browser settings
Trackers
Search engines

Traces: Webserver Logs

URL: www.digitale-gesellschaft.ch/uber-uns
IP-Address: 80.215.220.52
Browser: Firefox/104.0
Operating System: Ubuntu Linux x86_64
Referrer: www.digitale-gesellschaft.ch/aktiv-werden
Date: 19.07.2022 14:32:01

Traces: Webserver

Cookies and also Device- and User Fingerprinting
Info about extensions, fonts, screen resolution
Metadata
Data content (e.g. Basket, Settings, ...)

Browser traces: data transfer

Routers, Firewalls, Proxies^(*)
Tapping copper and fiber-optic communications (Kabelaufklärung)

Connection data
Data content
Federal Intelligence Service
But also NSA, GCHQ, BND, etc.

Browser traces: Data retention

Obligation to retain the IP address allocation (Status 2021)

CH: 6 months by provider
EU: 0 - 24 months
Also for identification features of the hardware (MAC/IMEI)
Also destination IP addresses (in Mobile networks)

The monitored life of National Councillor Balthasar Glättli

Traces: Local Device

Local Computer

Web-Storage (local or session), Cookies, etc.
Cache memory
Browser history

Smart Device

Traces: Remedy

Server: block trackers, delete cookies, clear "local web storage"
Data transfer: Attention to encryption (https, 🔒)

and do not use mobile phones

Local: Delete regularly Cache and Browser history

Browser settings

Under "Privacy & Security"

Change Enhanced Tracking Protection
from "Standard" to "Strict"

Browser settings: History

Also under "Privacy & Security"

Select "Delete cookies and site data when Firefox is closed"

Manually with key shortcut Ctrl-Shift-Delete

Delete everything, including Offline Website Data

Blocking Trackers

Firefox has Disconnect.me already integrated
Better: uBlock Origin, Ghostery, Privacy Badger
Not recommended: AdBlock Plus

Search engines

startpage (Google-Index)
DuckDuckGo (Meta search engine without Google)
eTools.ch (Swiss Meta search engine)

Part 2: Surfing anonymously

Overview
Software installation
Tor Browser
Onion Services
Tor Server

Anonymity on the net

Use of proxies
Operator must not be able to lift anonymity
All communication layers must be considered

network connection layer
application layer
DNS (domain name services) for resolving hostnames into ip network addresses

Tor Project: Purpose

Tor provides anonymous, secure and censorship-resistant communication (connections)
Hides IP addresses from Client and eventually Server
Tor Browser hardens Browser and eliminates distinguishing features

Cookies and IDs, Fingerprinting

Separation of software development and operation

Tor Project: Overview

Opensource project
Very well documentated and extensively studied
Non-profit Organisation, ~20 employees (2020)
Financed through donations

approx. 2-3 billion users

approx. 6'500 relays, exit traffic volume:

~650 GBit/s advertised
~250 Gbit/s consumed

Tor servers of the Digital Society

Tor Browser installation

Ready to use package with

Tor (Client)
Advanced and customized Firefox

Download from Project website

Windows: exe-file execution and installation
MacOS: through dmg-file installation
Linux: unzip and run "start-tor-browser"

If possible, do not make adjustments or install extensions

Onion Services

Also known as «Hidden Services»
Connecting Tor network with Web servers
Both communication partners are "unknown"
Communication through Rendezvous points
Self-authentication
End-to-End encryption

Example

Whistleblower portal (SecureDrop, GlobaLeaks)
Senders are forced to use Tor and protect themselves
PrivacyBox by Digitale Gesellschaft

The Tor-Server of Digitale Gesellschaft

4 Servers in Switzerland
Total 13 Exit-Node instances (2.5 Gbit/s)
One of the biggest Exit-Node operators
The network is maintained with donations

Summary

The most important tips for secure surfing

The most important tips for secure surfing

Low trace surfing for daily use

Delete often Cookies (and History/Cache)
Block trackers and thus Cookies
Choose privacy friendly search engines
Do not use a mobile phone

The most important tips for secure surfing

Anonymous surfing

for research purposes
As a Whistleblower/Informant
Use the Tor Browser from Torproject.org

Many thanks for your interest!

Slides: digiges.ch/slides/en/surfing.html

Website: www.digitale-gesellschaft.ch

Facebook: DigitaleGesellschaftSchweiz

Twitter: @digiges_ch

Digitale Gesellschaft
4000 Basel
Schweiz

Konto CH15 0900 0000 6117 7451 1