Hacker explains how you really surf the Internet anonymously

The private mode in the browser is everything but private. A security researcher explains how you can really get through the net without leaving any traces. The Germans are creeping away at Big Data: on Facebook, Martins conceal their last name and call themselves “Mar Tin” to deceive Mark Zuckerberg. The Germans delete cookies and encrypt their e-mails more frequently than people in neighbouring European countries. At least that’s what they said in a representative Infratest-survey. Nevertheless, very few people know how they really get through the net anonymously.

In the eleventh grade, he hacked the administrator account of the school computer. Later he looked for security holes in hacking challenges and found them, for example in a project for smart satchels in Wolfsburg. He is now 29 years old and researches in the working group “Security and Privacy” at the University of Hamburg. Together with colleagues from Dresden, he develops fast and convenient anonymization software.

Let’s be honest: Do you always surf anonymously?

It all depends. When I’m out and about using open WLANs, I often switch on a VPN or gate so that the WLAN provider doesn’t learn so much about my surfing behavior. At work or at home, I’m often not on the go anonymously.

What data do you reveal when surfing without protection?

When I visit a website just like that, I contact it directly. My IP address tells her where I come from. She gets information about which browser I use, how big my screen is, which fonts I have installed and so on.

That sounds boring, but you can identify me and my computer with this wealth of data. If my computer regularly goes online at certain places, you can create a motion profile: I live there, work there, Tuesday in the gym, Friday in the pub. Many sites use tracking services and have plug-ins from Facebook or other social networks. This makes it easier to link movement patterns with identities.

Better learn how to protect your iPhone www.iPhonevpn.net/ and Xbox www.vpnXBOX.com/ as soon as possible!

How can this actually harm me?

In authoritarian regimes, the secret service could trace who is criticizing the government on the Internet and when and from where. Anonymity there is a question of life and death. But there are also consequences here: If insurance companies know everything about me, my tariff may become more expensive. The advertising industry analyses my surfing behaviour and overwhelms me with tailor-made advertising.

  • The data collected about me can fall into the wrong hands. Someone could derive my illnesses, sexual preferences or affairs from this and blackmail me.
  • I also believe that it is important for a democracy to be able to express its opinion anonymously without fearing reprisals.
  • Now there are different services, which advertise with anonymity in the net.
  • One popular example is Ghostery, a small mini program for the browser, an add-on that blocks trackers.
  • Mozilla offers something similar with a special browser, Firefox Klar.

Is it possible to surf undetected with such programs?

These add-ons or plug-ins block cookies, a kind of identification mark on the network, and tracking services. So the browser cannot create a chronicle. This makes sense. But the services only protect superficially. They do not hide my IP. This means that my approximate location and my browser data are still transferred to the website.

VPN services are one stage more complex. Some of them cost a few euros a month, but promise to conceal my location in return.

Do they make me anonymous now?

When I use a virtual private network service, a computer is connected between me and the website. He calls the site with his IP address for me. This allows me to use streaming services that are limited to certain countries: With a VPN, for example, I could subscribe to US Pay-TV HBO and watch Game of Thrones, or watch games in the Champions League, which only broadcasts the Austrian ORF media library and not the German ZDF. Providers like Netflix are therefore trying to block known VPNs for their services.

  • But when it comes to anonymization, VPN has a weakness: I have to trust the provider not to mess with my data.
  • There are cases where VPN providers have not only inserted advertising, but even malware into the websites they visit.
  • Maybe the service also has an interest in selling my data directly or works with the authorities.
  • Then I will be at the mercy if I do more than just watch a series.

How do you avoid these risks?

I connect several computers in a row and give each of these computers only a part of my request. Conclusions on my identity are only possible if all involved calculations

Can I actually do something wrong and still betray myself?

This is possible. Tor anonymizes the IP address that reveals my location. But other details also reveal a lot about my identity: installed fonts, browser type and window size. The Tor browser therefore tells me not to drag the window to full screen – and I should stick to that.

Also, I shouldn’t be logged in with my Facebook or Google account if I want to surf anonymously with Tor – even if I’m using a fake account. The service simply links my surfing behavior to the IP address and browser information I’m normally logged in from. From this it can then draw conclusions about my rough location and my identity.

Is there an alternative to Tor?

If I want to have multiple nodes that really make me anonymous, I’ll inevitably end up in the Tor browser right now. There is almost no alternative at the moment. Check out Tor here: https://www.torproject.org/.

Why do so few people use Tor?

Many people don’t know they’re leaving so much data behind. Others may know, but they think Tor is rocket science and don’t want to get involved. For others, the Tor browser isn’t comfortable enough because it slows me down while I’m surfing. There are technological reasons for this. Several layers of encryption are built up around the data, which means I have to send larger quantities and the transfer rate is often weak: two megabits per second are more like peaks than averages.

I can’t watch HD videos with it or have to buffer for a long time, which can be annoying. But it should be enough for normal surfing. Some websites block access from servers in the Tor network. For example, I can’t edit on Wikipedia.