Wednesday, February 22, 2012

I ain't no pirate... But stay outta my face...

 With the recent events that unfolded including the SOPA and PIPA and Anonymous hacking some very important US Govt sites, even the average surfer has become conscious about their online anonymity and its legal complications. Now, I'm no expert in either of them, and as the title says, I am not encouraging illegal actions of any sort. But I think that revealing your online identity for every single service you request from a site, and letting someone monitor all your online activities is like, going to the bathroom at a stranger's house at the expense of letting him monitor what you do in it. Of course, it is his house and his rules, but it's best to avoid such encounters at all possible circumstances (for both users of the bathroom and the world wide web).

Your Online Identity


When you're connecting to the internet, use the world wide web particularly, you're revealing a lot of information.

A simple and crude way to demonstrate this will be to go to the following link to 'Stay Invisible'. As you will see, they can have a whole lot of information about you, from the screen resolution and the system fonts of your computer, to a reasonable lead on your location.

The solution? Well, there are many, but one of the most frequently used is to use a proxy server.






Now,  I have used a crude proxy for this demonstration purpose. As you can see, after enabling the 'remove scripts' and ' no cookies' options, I have made the site stop at 'Gathering  Information'.

Proxy Server
I am sure there are many online resources you can access to get a clear enough picture of what a proxy server is. In this case, I will give a small contextual explanation so that you can save a bit of your time. The World Wide Web usually deploys (still) a client-server model. Where you and I, the average web users are clients and the web servers are, well, the servers. Now, when you want some resource, a web page, or a video or something, you're asking the server to send you the data. In this case, you must submit information about your IP address. And giving an IP address means, you are giving out your current location, because even with DHCP( Dynamic Host Configuration Protocol-where you are assigned a random IP address at the time of connection) your ISP and DHCP Server should ( I'm not 100% on this, but they should) hold information that needs to find your whereabouts.  

What a proxy server does is, it acts as an intermediary. In short, you tell the proxy to get the resource for you. And you only provide your information to the proxy, and they don't mess with that, at least not as much as the other side of the game would. The proxy will fetch the data you need ( some may even temporarily hold the data to serve other user requests- a.k.a. cache it) and forward it to your host. Such a proxy server is known as a 'forward' proxy. And if the server allows users of WWW to connect it from anywhere in the world, it is also known as an 'open proxy'.

So now you can see why they haven't been able to track the IP address, my location, time zone, ISP when I used the Proxy Server. Next, let's look into why they couldn't find out the other information about me such as the colordepth and resolution of my monitor, my fonts, and so on.

JavaScript Tracking

 Suppose there is a certain page in a certain website that you visit. If the service providers/site owners want to track where that page goes, who visits them, what they do with it, they can add a JavaScript code to the page that acts as a tracker. When you go to the page, the page is loaded to your web browser and run. And that means the Script also runs. And there is a third party server that collects information from your web browser and statistics. Usually, this is used for simply hit generation which is a harmless purpose. But there is the risk of them being used for other malicious/undesired purposes.

Note that when I enabled 'Remove Scripts' , I have essentially removed the code that needs to execute to get the information from your browser. So now we can also see that it's the browser that holds the information for your screen and your System.

Please be noted that there are other purposes that the proxy server can be used for, more often than not, that are illegal. I am not prompting any of you guys to go ahead and break the laws. (if you really want to, properly conceal yourself and don't get caught... ) :D
Posted by at

4 comments:

  1. UnknownFebruary 23, 2012 at 3:55 AM

    This comment has been removed by the author.

    ReplyDelete
  2. UnknownFebruary 23, 2012 at 3:56 AM

    Great work! I have something to add here. These are some down sides of the proxies. First one it makes your internet connection very slow. Second is that you still have to send your identity to the proxy. Some of the free public proxies are run by hackers and they watch your back well so there is a potential threat in it. And the other golden rule is that do not facebook using a proxy i mean don't use a proxy to login to well known sites. Cause you know there is no big risk in it. But if you logged through a proxy there is a threat that you could be hacked! cause proxy people can see your passwords. Proxy server works well when you are surfing and browsing unknown sites. Great post good luck :)

    ReplyDelete
    Replies
    1. Damith SenanayakeFebruary 23, 2012 at 7:42 AM

      Noted machan. Thank you. :) And I think I should have mentioned the downsides as well... :/

      Delete
  3. SanjithFebruary 23, 2012 at 9:56 AM

    Thanks for the information. But i think there is no 100% secure option.

    ReplyDelete

Subscribe to: Post Comments (Atom)