Copyright
Publisher: Steve Elliot
Development Editor: Benjamin Rearick
Project Manager: Mohana Natarajan
Syngress is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
First published 2013
Copyright 2013 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-410404-4
For information on all Syngress publications visit our website at www.syngress.com
Preface
Google CEO Eric Schmidt ignited a firestorm in 2009 when he declared Privacy is dead. He said:
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and its important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.
For those with legitimate reason to use the Internet anonymouslydiplomats, military and other government agencies, journalists, political activists, IT professionals, law enforcement personnel, political refugees, and othersanonymous networking provides an invaluable tool, and many good reasons that anonymity can serve a very important purpose.
Anonymous use of the Internet is made difficult by the many websites that know everything about us, by the cookies and ad networks, IP-logging ISPs, and even nosy officials may get involved. It is no longer possible to turn off browser cookies to be left alone in your online life.
For many, using any of the open source, peer-reviewed tools for connecting to the Internet via an anonymous network may be (or seem to be) too difficult, as most of the information about these tools is burdened with discussions of how they work and how to maximize security. Even tech-savvy users may find the burden too greatbut actually using the tools can be pretty simple.
For many users, being able to use the Internet anonymously can literally be a matter of life and death, so no one should be prevented from using anonymity tools because they can be too confusingparticularly if the need is urgent. This book will provide the know-how to get vulnerable users online, anonymously, as quickly and safely as possible.
Read on to discover how to use the most effective and widely used anonymity toolsthe ones that protect diplomats, military and other government agencies, journalists, political activists, law enforcement personnel, political refugees, and others. This practical guide skips the theoretical and technical details and focuses on getting from zero to anonymous as fast as possible.
Acknowledgments
I would like to thank all those who have contributed to the Tor Project for their important contributions to this important enterprise. In particular, I want to express my gratitude to those people connected with the Tor Project who were kind enough to help me complete this project:
Karsten Loesing, Metrics Researcher and Project Manager, who was kind enough to find time in his busy schedule to review this book for technical correctness.
Runa A. Sandvik, Developer, Security Researcher, and Translation Coordinator, who was gracious and helpful in answering some of my peskier questions about Torand shared some insights into the difficulties of writing about Tor.
Roger Dingledine, Project Leader and one of the original developers of Tor, who very patiently spent close to an hour explaining to me how Tor works at the 2013 Tor Project hack day in Boston.
Andrew Lewman, Executive Director, without whose assistance I would not have been able to complete this project.
As always, I am grateful for the skilled professionals at Elsevier, starting with Syngress publisher Steve Elliot who convinced me to start writing books again, and Ben Rearick, Editorial Project Manager, and Mohana Natarajan, Production Manager, who helped guide the whole project to completion.
Chapter 1
Anonymity and Censorship Circumvention
Despite appearances, the Internet is not now (nor has it ever been) an anonymous medium. People often behave as if they are anonymous, for example, by posting obnoxious comments on websites or browsing objectionable content with a browsers incognito or private browsing modes.
However, whenever you connect to the Internet you are announcing your identity through your computers Internet Protocol (IP) address, which identifies you: through your Internet service providers (ISPs) account to find your home address, or through your companys network to identify your computer at work.
When you connect to the Internet from someone elses IP address (e.g., from a hotel wi-fi account, a computer cafe, or a borrowed PC), you can still be identified by anyone monitoring your session when you log in to social networking sites or check your webmail.
People continue to discover that using the Internet leaves forensic evidenceevidence which, if someone wants it, can be easily collected and linked to you. Given the revelation in June 2013 of the PRISM program, under which the National Security Agency (NSA) was working with nine of the biggest providers of Internet services (including Google, Microsoft, Apple, Facebook, and several others) to collect and store data, concerns about privacy protectionincluding in the USare far from paranoid fantasies.