Surfing anonymously
and with little trace

7. Juni 2020, Kire

(translated by Panos)

digiges.ch/slides/en/surfing.html

Digitale Gesellschaft
Digital Society

A non-profit organisation that provides information and advice on consumer and legal issues in the digital space, assesses technology impacts with regard to possible effects on basic and human rights and offers services, software projects and workshops on "digital self-defense".

Digitale Gesellschaft fights for our rights of freedom in a networked world.

Contents

  • Introduction
  • Part 1: Surfing with little trace
  • Part 2: Surfing anonymously
  • Summary

Introduction

  • Where is the danger?
    • Where do we leave traces?
    • Who are the actors?
  • Internet & World Wide Web
    • A quick overview

We leave diverse traces

  • At the visited Webservers
    • And on all other servers from which content is downloaded
  • During data transfer
  • Locally on the Computer/Smartphone

Who are the actors?

  • Server operators
    • Server's log files analysis
    • Possibly through Google Analytics
      • "Neue Zuercher Zeitung AG" has accessed the page "Call for demonstration" three times today

Who are the actors?

  • Trackers
    • Advertisement networks, Google, Facebook & Co.
    • Traceability & identification
    • Profile building

Who are the actors?

  • State surveillance
    • Within criminal cases
    • "Prevention" through intelligence services
    • Data retention & tapping fiber-optic communications

                     Source: Wikipedia

Part 1: Surfing with little trace

  • Browser traces
  • Browser settings
  • Trackers
  • Search engines

Browser traces: Webserver Logs

  • URL:   www.digitale-gesellschaft.ch/uber-uns
  • IP-Adresse:   80.215.220.52
  • Browser:   Firefox/63.0
  • Operating System:   Ubuntu Linux x86_64
  • Referrer:   www.digitale-gesellschaft.ch/aktiv-werden
  • Date:   18.11.2018 14:32:01

Browser traces: Webserver

  • Cookies, also Flash-Cookies, DOM-Storage etc.
  • Info about extensions, fonts, screen resolution
  • Metadata (but also data content)

Browser traces: Data retention

  • Obligation to retain the IP address allocation
    • CH: 6 months through Internet Provider
    • EU: 0 - 24 months
    • Also for identification features of the hardware (MAC/IMEI)
    • Also destination IP addresses (in Mobile networks)

Browser traces: data transfer

  • Tapping fiber-optic communications (Kabelaufklärung)
    • Data content
    • Federal Intelligence Service
    • But also NSA, GCHQ, BND, etc.

Browser traces: Local

  • Local Computer
    • Cache memory
    • Browser history

Browser traces: Remedy

  • Server: block trackers, delete cookies
  • Data transfer: Attention to encryption (https, 🔒)
    • and do not use mobile phones
  • Local: Delete regularly Cache and Browser history

Browser settings

  • Under "Privacy & Security"
    • Change Enhanced Tracking Protection
      from "Standard" to "Strict"

Browser settings: History

  • Also under "Privacy & Security"
    • Select "Delete cookies and site data when Firefox is closed"
  • Manually with key shortcut Ctrl-Shift-Delete
    • Delete everything, including Offline Website Data

Blocking Trackers

Search engines

Part 2: Surfing anonymously

  • Overview
  • Software installation
  • Tor Browser
  • Onion Services
  • Tor Server

Tor Project: Purpose

  • Tor provides anonymous, secure and censorship-resistant communication (connections)
  • Hides IP addresses from Client and eventually Server
  • Tor Browser hardens Browser and eliminates distinguishing features
    • Cookies and IDs, Fingerprinting
  • Separation of software development and operation

Tor Project: Overview

  • Opensource projekt
  • Non-profit Organisation
  • Very well documentated and extensively studied
  • 21 employees (2017)
  • Financed through donations
  • 7’000 Relays & over 30 Gbit/s exit traffic

Tor Browser installation

Onion Services

  • Also known as «Hidden Services»
  • Connecting Tor network with Web servers
  • Both communication partners are "unknown"
  • Communication through Rendezvous points
  • Self-authentication
  • End-to-End encryption

Example

  • Whistleblower portal (SecureDrop, GlobaLeaks)
  • Senders are forced to use Tor and protect themselves
  • PrivacyBox by Digitale Gesellschaft

The Tor-Server of Digitale Gesellschaft

  • 4 Servers in Switzerland
  • Total 13 Exit-Node instances (2.5 Gbit/s)
  • One of the biggest Exit-Node operators
  • The network is maintained with donations

Summary

  • The most important tips for secure surfing

The most important tips for secure surfing

  • Low trace surfing for daily use
    • Delete often Cookies (and History/Cache)
    • Block trackers and thus Cookies
    • Choose privacy friendly search engines
    • Do not use a mobile phone

The most important tips for secure surfing

  • Anonymous surfing
    • for research purposes
    • As a Whistleblower/Informant
    • Use the Tor Browser from Torproject.org

Many thanks for your interest!

Slides: digiges.ch/slides/en/surfing.html

Website: www.digitale-gesellschaft.ch

Facebook: DigitaleGesellschaftSchweiz

Twitter: @digiges_ch

Digitale Gesellschaft
4000 Basel
Schweiz


Konto CH15 0900 0000 6117 7451 1