Thoughts on ideal privacy and anonymity
Let's say you would like to leave the most anonymous comment in the world on a social network. What do you need for this? VPN? Tor? SSH tunnel? No, it's enough to go to the Internet café, create a mail address, register on the site and write your message. You coped with the task.
But what if you need not just leave a one-time comment, not just hide your IP address from some site, what if you need to have such a level of anonymity that will be the most complex and practically will not provide anybody any opportunity for disclosure at any level, and also to provide secrecy and, to some extent, hide the very fact of using the means of anonymization. That's exactly what I want to talk about here.
Perfect privacy and anonymity, like everything ideal, is more like a dream, but it is quite possible to approach it, and it may come true due to many different layers of protection. When one technology begins to complement and reinforce the other one, and even when fingerprints of system parameters and other methods are used for your identification, you still remain indistinguishable from the total mass of network users. In this article, I will try to tell you how to achieve this.
Basic level of protection
The basic level of protection and anonymity looks like this: client → VPN / TOR / SSH Tunnel → target.
In fact, this is only an advanced alternative to proxy, which allows you to simply change your IP. There is no question of any real and qualitative anonymity here. It is no longer necessary. One incorrect or default configuration of the notorious WebRTC, and your real IP is already known. This type of protection is vulnerable to the compromise of the node, to the fingerprints, to a simple analysis of the logs from the provider, and in the data center.
By the way, often there is also an opinion that a private VPN is better than a public one because people are confident in their system configuration. Let's imagine it for a moment, someone knows your external IP, respectively, the data center is also known, respectively, the data center knows which server this IP belongs to. And now let’s think, is it difficult, on the spot, to find out from which real IP you connected to this server? If you are the only client there, eh? But when there are, for example, 1000 customers, everything get much more complicated.
It's not even about the fact that a rare person will be bothered to encrypt his disks and protecting them from a seizure, one would hardly even notice if their server is rebooted from init level 1 and VPN service start logging, describing it as "small technical problems in the data center." And is it really necessary if one knows all the incoming addresses on the server and the ones outgoing from it?
As for Tor, firstly, its direct use can cause suspicion. Secondly, many of its output nodes are known and many of them are banned. For many sites, it's like a red rag. In addition, Tor is much slower than any paid or free VPN service (the speed in the Tor network currently does not exceed 10 Mbps, and often is at the level of 1-3 Mbps).
Summary: If you just want to bypass the simplest geo restrictions, have a good connection speed, and have the ability to route all traffic through another node, then you should choose a VPN. And for this role, a paid service is the best, for the same money that you would give for your VPS in one country (which you still need to configure and, after all, support) you get dozens of countries and hundreds or even thousands of output IPs. In this case, it makes no sense to use Tor.
Medium level of protection
The medium level of protection looks like a further development of the initial, basic level. Client → VPN → Tor → the target. This is the optimal working tool for any person not indifferent to the substitution of one's IP address, this is exactly the case when a combination of technologies strengthens each of them. But you should not have excessive illusions. Yes, it will be difficult to find out your real address, but you are still subject to all the same attacks as mentioned above. Your weakness is your physical place of work, your computer.
High level of protection
Client → VPN → Remote workstation (via RDP / VNC) → VPN
It is desirable that the computer should not be your own, but a remote one. For example, the one with Windows 8, with Firefox, with a couple of plug-ins like Flash, a couple of codecs, no unique fonts and other plug-ins. A boring one and indistinguishable from millions of others. And even in case of any leakage or compromise of your system you still remain covered by VPN.
There used to be a belief that a high level of privacy and anonymity can be achieved by using Tor / VPN / SSH / Socks, but today I would recommend adding a remote workstation to this scheme, too.
Client → Double VPN (in different data centers, but close to each other) → Remote workstation + Virtual machine → VPN
The proposed scheme suggests a primary connection to the VPN and a secondary connection to the VPN (to avoid leakages in case the 1st VPN gets compromised) This hides your traffic from the provider and does not give out your real IP address in the data center with a remote workstation.
Next goes the installed virtual machine on this server. Why do I need a virtual machine? I think that is clear. To make a roll back to the most standard and banal system with a standard set of plug-ins after every reboot. You need to do it on a machine with a remote workstation, and not locally, because people who used the virtual machine locally, and then TripleVPN on elliptical curves, visiting whoer.net, were very surprised to see their real IP- addresses in the WebRTC field. I do not know what kind of tech trick will be launched tomorrow (maybe updating your browser without alerting you) I do not want to think about it, and you do not think about it, just do not keep anything locally.
On the other hand, for the most people an anonymizer will suffice, but even our suggested method, with a real attempt to make it convenient, is still not too convenient for web surfing. Yes, a typical VPN is a normal and competent solution for circumventing simple geo restrictions and working in the network at a good speed. Do you want more anonymity at the cost of the speed? Add Tor, too. Want more? Do as described above.
Fingerprints, as well as attempts to determine the use of VPN by measuring the time of sending the packet from the user to the website and from the website to the user's IP address (do not take into account such a "issue" as blocking only the incoming requests of a certain type) is not easy to get around. You can get around some of it, one or two checks, but there is no guarantee that tomorrow another "evil" will not appear. That is why you need a remote workstation, that is why you need a clean virtual machine, that is why it is the best advice that one can give you at the moment. The cost of such a solution can start from only $40 per month.
Instead of the epilogue
The most important part and the most important guarantee of success in protecting privacy anonymity is the separation of one’s work with personal data and secret data which have serious value. All these tunnels and built-in schemes will be completely useless if using them you, for example, decide to log into your personal Google account.
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.