• Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

The Anonymity Tutorial

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam

View previous topic :: View next topic  
Author Message
Just Arrived
Just Arrived

Joined: 12 Feb 2003
Posts: 4
Location: United States


PostPosted: Sun Apr 13, 2003 6:21 am    Post subject: The Anonymity Tutorial Reply with quote

The Anonymity Tutorial
Author: Raven, founder of SWG.
URL: http://www.securitywriters.org/

Note: this tutorial deals with privacy issues on the net, and how to improve your anonymity, not how one can find details about another person. This topic is discussed in the Information Gathering tutorial, which is the sequel to this tutorial. Issues such as under what conditions some of the details that can be found about you according to this tutorial can be obtained and how to conduct such privacy intrusions will be discussed in the sequel tutorial. In the mean time, you can read a little about the dangers themselves and more about how to avoid them and improve your anonymity on the net. Happy reading!


Preface: ph33r the net

Whether you realize it or not, the Internet is not as anonymous as you might think. Here are a few examples:

1) You enter a website. Once you hit any one of the files on the webserver, the website owners can find out these pieces of information about you, and much more:
  1. Your IP Address.
  2. Your hostname.
  3. Your continent.
  4. The country you live in.
  5. The city.
  6. Your web browser.
  7. Your Operating System.
  8. Your screen resolution.
  9. Your screen color depth.
  10. The previous URL you've been to.
  11. Your ISP.
  12. Your Email address.
  13. Your MAC address. (don't know what a MAC address is? Everything will be explained later)
  14. What kinds of browser plug-ins you have installed.
  15. Wether you have Java and Javascript support turned on or off.
  16. Any information that is stored in your cookies file. (don't know what cookies are? Everything will be explained later)
  17. Other private details.

And that is just the tip of the iceberg.

Can you guess who gives away all of this information?

Well, I'll give you three guesses...

Guess number 1... your web browser?

Yes, that's correct, your web browser gives a lot of information about you because some websites use this information to customize the page depending on your resolution, screen color depth and more, and some sites read the last URL you've been to in order to know whether you reached that page from the author's site or whether you reached that page from a different site (meaning that some other webmaster is "leeching off" their files). Other websites use this information for other purposes...

Just to show you how much information your browser gives away, let me show you how a typical MSIE HTTP request (a request from an HTTP server to download a page or a file) looks like:

GET /texts/internet%20security/anonymity.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel,
application/msword, */*
Referer: http://www.www.securitywriters.org/networking_security.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98) 
Connection: Keep-Alive

See what I'm talking about?

Guess number two... TCP/IP itself? Yup, true, TCP/IP itself provides the website with your IP address and your MAC address (this part will be explained later on), which can then be used to find your hostname, which can be used to find your place of living or at least where your ISP is located.

Guess number three... the user itself? You guessed correctly again, my friend. Wow, you're really getting the hang of this! Anyway, the point is that lots of stupid users tend to trust every site with their private details and fill every form they see without making sure that the site has a valid privacy policy.

So what can we do about it? Well, a lot. But let's leave that to later, shall we? We will discuss anonymous surfing in the anonymous surfing chapter.

2) Another example: you're connected to an IRC network and you are chatting with your friends. Right now all a person who is connected to the same IRC network needs in order to find information about you is nothing but your nickname. He doesn't even have to know you, or be in the same channel/channels you are. Here are a few examples of what anybody can find out about you (in the most optimal conditions) by simply knowing your nickname:
  1. Your Real name.
  2. Your Email address.
  3. Your IP address.
  4. Your hostname.
  5. Your ISP.
  6. Your continent.
  7. Your country.
  8. Your city.

And again, there could be more. The reasons? You name it. TCP/IP, the IRC protocol, Silly users...

There's a lot you could do in order to improve your anonimity on IRC networks, but we'll discuss this issue in it's appropriate chapter.

The same goes for online games, instant messengers, Usenet networks, Emails and everything else you do on the net. Have I convinced you yet?

Some of you are anxious to continue reading and improve their anonymity. Others have been convinced that the Internet is not anonymous, but don't see why they should make any efforts to anonymize themselves - don't worry, you will be given reasons, just keep on reading.

Last but not least, some of you may still be skeptical about whether doing all those things and finding all of this information just by having someone visit your web site or finding someone on ICQ really is possible - for people like you and other curious boys and girls, I have written the information gathering tutorial, which can be found at www.securitywriters.org's texts library as well. It will teach you how to do all of those things and much more!

Chapter I: testing yourself

How anonymous are YOU?
Yes, you, right there, on the other side of the monitor. What, you think I can't see you?
This is the Internet, not Television! Yes, there's a monitor and there are pictures and
sounds and issues of public interest, but it's completely different! The net controls you!
The net owns you! Everything you say, everything you do, it's all recorded and stored
permenantly on a hundred thousand different servers on the Internet! They control
everything - your computer, your TV set, your phone, your car, your air conditioner, your
nearest Supermarket's price scanner... even your underwear! They know anything and
everything, they know me and you, and they know EXACTLY what you've been hiding in your
socks drawer (naughty naughty you!).

The above part was completely unnecessary. I just felt like rambling. Anyway, this chapter
lets you, the reader, venture into the depths of the net (how melodramatic) and try a few
simple tricks on himself. Let's begin with something easy: a web search.

Point your browser to http://www.whowhere.com/. Now, see if you can find yourself, and see
what kind of information you can find about yourself. Try the different searches, and
click on anything you see. I managed to find my name, Email address, home address, home
phone number and much more, and I suspect that some of the information was given by my
ISP, and the rest was given by GeoCities.com, which I signed up for (sometime in 1996, I
think) when I built my first web site.
Now let's try something else. We've already concluded that web browsers send out a lot of
data about you, and that web servers can run software that logs this information and saves
it for later retrieval. But even people who own small websites and don't have access to
the actual server and can't install such software on it or access it's logs can still get
all of this information about their visitors by subscribing to online web statistics
services. One such service is SuperStats, so point your browser to
At SuperStats and other such services, Webmasters can sign up, and then put a small
portion of HTML code into any of their site's pages and the web stats provider will kick
in and do the rest whenever someone enters that page. The process is fairly simple: the
code contains an instruction to the web browser to retrieve a certain image from the
webstats provider's server. When your browser retrieves that information, it leaves it's
footprint in the webstats provider's server's log files (web browsers give away a lot of
information, remember?) and they do the rest of the work.
Anyway, that site has a "live demo" button which can show you just what kinds of
information this service (and other similar services) can capture.

I have just found a web page with a list of "environment variables checkers". These are
scripts that get those variables that your browser gives away, and can show them to you.
Check that page out at http://proxys4all.cgi.net/env-checkers.shtml, follow one of the
links and see how this web script (and any other web site) can find those details with
extreme ease.

Now let's try some Emails. Send an Email to yourself, and when you get it, access it's
full headers. With MS Outlook, you can do that by right-clicking on the message in your
Inbox and clicking on properties. With Netscape Communicator, this can be done by clicking
view, the headers, then all. So, now you can see how Emails really look like, and guess
what? They contain loads of information about you! They can tell anyone who receives or
intercepts an Email from you lots of details about you, including the Email client you're
using and your operating system (these details can be used to send OS-specific of
mailclient-specific viruses to your mailbox, which could infect your computer), and of
course many other details such as your ISP, the area of your living and more.

Chapter II: the first step in anonymizing yourself - Anonymous Surfing

Why would you want to surf anonymously? Let me give you a short reminder, and explain the
situation a bit further.
First of all, we concluded that TCP/IP hands in your IP address, and this address can be
used to find out who your ISP is, and possibly track your geographical location.
Now you must be asking yourself "why does TCP/IP give this information if people can use
it to find all of this information about me?". Well, the answer is quite simple. TCP/IP
has to put your IP address in the IP header of the packets that you send, because
otherwise, how would the server that you are requesting the web page from know where to
send it back? If your packets won't contain your IP address or will contain a fake address
instead, you won't receive the returning packets.
However, there's a workaround for this. What if you could tell some sort of a public
computer to retrieve the files for you, and then have the public computer send the files
to you? That way, the IP address that will appear in the packets will be the address of
the public computer, and your IP will remain anonymous, right? This is called bouncing,
because you send the packet to the public computer, and then the public computer sends the
packet to the web server, so your packet metaphorically "bounces" from one computer to
another in order to hide your true address. I will explain how to bounce a connection to a
web site in a few minutes.

The other problem with TCP/IP is that it gives away your MAC address too. Oh, wait, I
haven't explained what a MAC address is!

Info Break: What is a MAC address?

A MAC (Media Access Control) address (also called an Ethernet address or an IEEE MAC
address) is a 48-bit number (typically written as twelve hexadecimal digits, 0 through 9
and A through F, or as six hexadecimal numbers separated by periods or colons, i.e.
0080002012ef, 0:80:0:2:20:ef) which uniquely identifes a computer that has an Ethernet
interface. Unlike the IP number, it includes no indication of where your computer is
To learn more about MAC addresses, head to whatis.com s definition of a MAC address at

Now, why a dial-up Internet user would have a MAC address is really beyond the scope of
this tutorial, but the point is that you have such a thing, and since it's a 48-bit
number, there are billions of different combinations and your MAC address can be used to
identify you (not in a very reliable way, but it has a good enough success percentage).
This form of identification can be used to track your online shopping habits, for example
(it is known that some online retailers pass this kind of information from one another).
So in other words, exposing your MAC address isn't too good either.
So, the second privacy risk we talked about was your browser giving all this information
about your computer, right? And of course, your cookies file is being exposed to the
entire world. Wait, I haven't even explained what cookies are yet!

Info Break: What are Cookies?

Webster dictionary defines a "cookie" as:
1 : a small flat or slightly raised cake
2 a : an attractive woman <a buxom French cookie who haunts the... colony's one night spot
-- Newsweek> b : PERSON, GUY <a tough cookie>
3 cookie : a small file or part of a file stored on a World Wide Web user's computer,
created and subsequently read by a Web site server, and containing personal information
(as a user identification code, customized preferences, or a record of pages visited)

Uhh... ignore the first two. So that's what a cookie is. Web sites can instruct your web
browser to save information into your cookies file. Ever been to a site that has a login
prompt that offers you to "remember" your password? That's how it works - your password is
saved in your cookies file.
Looking for more information about cookies? Then I suggest that you follow this link:
Now, the problem with the cookies file is that every site can read it, not just the site
that stored the cookie entry in the first place. Today, most sites save passwords and
other kinds of sensitive information in an encrypted form, but encryptions can be
broken... so if you're entering a suspicious site, you might want to access your browser's
preferences and disable cookies, so the suspicious site won't be able to read them.
Now, for the workarounds for these problems:

How to surf anonymously

There are several ways to surf anonymously. Each way has it's pros and cons (advantages
and disadvantages, respectively), and blocks different kinds of information from leaking
The Anonymizer

This is probably the easiest way, but also the least convenient way.
What is the Anonymizer: Anonymizer.com is a service that is given to the web community for
free, and can be upgraded for a certain amount of cash. Anonymizer.com is also a
completely anonymous ISP (costs money. More information about this is available at their
web site).

Pros: * blocks EVERYTHING - IP, browser information, cookies, anything.
* Easy to use.

Cons: * blocks EVERYTHING (what if you wanted to have cookies support or any of the other
things that Anonymizer blocks off? Oops...)
* Annoying ads and page delays, but you can remove them by signing up to their premium
service (costs money).

Anonymous Proxies

A more convenient way, but only blocks your IP and your MAC address.
What are Proxy servers: Proxy servers are bouncers that are meant for people like you and
me who want to surf anonymously. They will create the connection to the web server for
you, therefore eliminating all the privacy issues that derive from TCP/IP, but they won't
protect your cookies file (unless you disable cookies in your browser's preferences dialog
box), and they won't block off all of the information that your browser sends out.
However, Proxies have another purpose. Some ISPs have a Proxy server that caches (stores
on it's hard drive) web sites. The Proxy allows the ISP's users to use it, and when
someone attempts to retrieve a web page that has already been cached on the Proxy server's
hard drive, he can receive the files he requested directly from the Proxy server (MUCH
faster). The Proxy updates it's cache memory several times a day, to make sure that it has
the most recent version of the websites it cached. Such Proxies can only be used by the
users of the ISP which owns the Proxies, and they usually aren't anonymous.
How to use: first of all, you need to find a web Proxy. You can find several working ones
at Cyberarmy's Proxies list (http://www.cyberarmy.com/lists/proxy/ ) or at Proxys4All
( http://proxys4all.cgi.net/ . This site also has links to some other web-based Proxies like
the Anonymizer). Then, once you have a Proxy's address and the port that it uses to accept
connections (usually 8080 and 1080), you need to configure your web browser to use it
(just access the options/preferences page and the rest should be a piece of cake).

Note: if web pages suddenly become unavailable, it means that your Proxy server has gone
down (it was shut off, moved to a different address or no longer accepts connections), and
you must find another Proxy server.
Pros: * very easy to use - Once you have found a Proxy and configured your web browser to
use it, you won't have to worry about it anymore.

Cons: * doesn't block the information that your web browser hands out.
* Proxies can sometimes go down or stop accepting connections from you for different
reasons, and you'll be left alone in the dark (until you switch to a different Proxy or
stop using Proxies at all).
* Using Proxies can sometime result in slower loading times, if the proxy server is

Chaining Proxies

More security, but longer load times.
What is chaining Proxies: remember I explained about bouncing? So if you can bounce your
connection over a Proxy server, why can't you bounce your connection over several Proxy
servers? Your packets can bounce from one Proxy to another on a line. This is called
chaining Proxies.
How to use: it seems that different proxies can be chained in different methods, but most
Proxies can be chained by separating their addresses with -_-. E.g.:
rs.org Try it!
Don't like this method? Fine, you can also tell your browser to set up chaining for you so
you won't have to type those long addresses. For more information regarding how to do that
and pictures explaining exactly what to do, head over to
You can also try using a program called Webonycer. This program
can make some peoples' lives a lot easier.

Pros: * Better security. If someone would really want to trace you, he will have to go
through a lot more effort to track you down.

Cons: * Makes pages load much slower (your packets go through a longer route with each
Proxy in the chain).
* You become dependant on more Proxies, so if one of the Proxies in the chain goes down,
then not only that you will need to find another Proxy, you will also face a new problem -
you won't have a way to tell which Proxy went down (unless you test each Proxy manually).

Surfing from a Shell Account

Slower, does not allow graphics but hides EVERYTHING.
What is surfing from a shell account: you can connect to a free shell account provider and
use Lynx, a text-based web browser to surf the net. This is another form of bouncing,
because again, you request another host on the Internet to retrieve the website for you,
and it sends it back.
How to use: the easiest way is to connect to a telnet server such as the one at the
University of Kansas. Click here (telnet://ukanaix.cc.ukans.edu ) to telnet in, and then
log in as www or lynx and you'll be able to use Lynx to browse.

Pros: * Hides EVERYTHING.

Cons: * Hides EVERYTHING (in case you didn't want to hide some of the details or use your
* Slower than direct surfing (like every kind of bouncing).
* No graphics support (this is Lynx, after all. It does not support graphics, and neither
does it support Java, Flash and other things that require a graphical display).

Those are some of the things you can do in order to surf anonymously. Of course, there are
other methods - there always are. I tried to give you a general taste of the mostly-used
methods. If you wish to learn more about this topic, the web is wide-open, and web
searches (especially at google.com, which is by the way my favorite search engine) could
find you everything.

P.S. don't forget the third reason for privacy intrusions: stupid users! Make sure that a
site has a privacy policy before you enter any private details into a form!

Chapter III: Internet Relay Chat - can it be anonymous?

IRC, Internet Relay Chat, is a great way to expose yourself to the world. Really, IRC and
privacy don't go well together. However, online privacy on IRC has been steadily

The Risks of IRC

Any common IRC'er can easily fetch several details about you. First of all, there's your
IP address. Anyone could type /whois your-nick and see your IP address. Furthermore, that
person can also initiate a DCC (Direct Client Connection) connection with you for a file
transfer or for a DCC chat session and obtain your IP by using a program that comes with
every Internet-enabled Unix/Linux/Windows installation - netstat. Netstat allows you to
view every connection made by or with your system over the Internet, and its status. Once
you accept a DCC request from an attacker, he can find your IP because there is a direct
connection between you and him, so netstat would show your IP.
But the fun doesn't stop there. There's also a big deal with the details you provide the
IRC server with, such as your Email address and your real name, if you have entered those
details. There's also the risk of compromising your passwords: several IRC services, such
as chanserv and nickserv, require you to enter a password which you can choose by yourself.
When choosing your password, DO NOT, I repeat DO NOT choose the same password that you
used for something else. In fact, it is advised not to use any password twice anytime,
anywhere, but IRC is one of the worst places to use a password twice.
If someone manages to get your password by either breaking into the IRC server or by
pretending he's an IRCop and asking for your password, he could use this password to gain
access to anywhere else you may have used this password (other services, your Email
account, your web site, your shell account etc'). Also, it's quite easy to turn in your
password by mistake. Many times I have seen people typing in their passwords into a
channel instead of into a message window, thus revealing their passwords to practically
the entire world!

Anonymizing yourself on IRC

There are several steps you can take in order to assure your online anonymity on IRC:

  1. Don't type in your real name and your real Email address when your IRC client asks you
    to, unless you want them revealed.
  2. Don't use any passwords you use on IRC for anything else.
  3. Choose IRC networks that hide your IP address! Also, when connecting to a new network,
    read the motd (Message Of The Day) by typing /motd and see if there's anything about
    hiding your IP address. IRC servers that claim to hide your address usually spoof the last
    part of your address (the last 8-bit digit), like that - 62.0.75.spoofed, which is enough
    in most cases.
  4. Do not accept DCC requests from people you don't know. Even if the IRC server hides
    your IP, it will be revealed through a DCC connection since DCC is direct, and does not go
    through the IRC server (that's why it is called Direct Client Connection).
  5. Many servers hide your real IP address, but some require you to tell them to do so. In
    order to do that, you must type either /mode your-nick +x (replace your-nick with your
    nickname) or /mode your-nick +z , depending on the server.
    If you want further anonymity, you may also want to use www.suid.net , the world's only (as far
    as I know) encrypted IRC network. It is also considered secure because of the considerably
    low number of netsplits, but that's beyond the scope of this tutorial.

Chapter IV: ICQ - the worst thing that ever happened to privacy

ICQ is considered by most to be a security threat to its users. During the course of its
evolution, it has suffered from many serious bugs and vulnerabilities, such as
vulnerabilities that allowed malicious users to probe another user for a lot of
information, or to launch attacks with serious effects, ranging from flooding the user's
ICQ client with messages, causing it to crash, stealing his password or even breaking into
his computer.

Vulnerabilities have come and gone, but many have stayed. During this tutorial, we will
focus on the simple vulnerability, which is caused by the way that ICQ works, and
therefore hasn't been patched. It's the vulnerability that allows anyone to view your IP
address, and it exists because ICQ is a client-to-client program.

Even if you tell ICQ not to reveal your IP in the preferences dialog box, under privacy,
there are other ways a malicious user might try to find it other than looking at your info
and expecting to find it there. Since ICQ is a client-to-client program, messages and
other ICQ events are transferred directly from one host to another, without the
interference of a server, meaning that if you send someone a message or someone sends you
a message, a socket is created between your computer and the other person's computer. What
does this mean? This means that anyone who sends or receives an ICQ event from you can use
programs such as netstat to view all existing connections, spot the one that belongs to
you and get your IP address!
Go ahead, try it. Press start, run, and then type command. A DOS window will appear. Type
netstat -A and you will receive a list of existing connections, their status and other
basic information about them, as well as the IP of the other host which is connected to
you through that socket (unless this is a listening socket, which is waiting for a host to
connect to it. A listening socket will not give you a "Foreign Address".

So why doesn't Mirabilis change that? Why doesn't it change ICQ so all events are
transferred through the server, so attackers will send and receive events to and from the
server and thus will be unable to find other people's IPs? Simple. Because what kind of a
mad man would want all those millions of ICQ users moving their traffic through his
server? And though AOL (the current owners of Mirabilis) has a lot of money and can
probably pay for all this bandwidth, why would they do that? They don't care about your
security, and they won't spend an extra cent to improve it. As a result to that, new
versions of the ICQ client are released without being properly tested, and new holes are
being frequently discovered.
Of course, the fault is not Mirabilis's alonel. There are also several user-inherent
problems, caused by users that reveal private information by writing it into their user
account info. Everyone can view your info, so don't reveal anything that you wouldn't like
to when you fill out the form in the ICQ account preferences dialog box.

Chapter V: Electronic Mail - encryption and headers

Email, too, is not as innocent as it may seem. In order to teach you why, and how to make
your Emails a bit more anonymous, you should learn about Email headers.

E-mail headers appear at the top of every Email message that you receive, although you may
not see them unless you tell your Email client to show them (Outlook users: right-click on
the message in the inbox window and choose properties, then details. Netscape Messenger
users: press view, then headers, then all). Email headers contain all sorts of details,
some of which are collected by the SMTP server which the sender used to send his Email,
some have to do with the process of the delivery of the message and some are other
details, like the MID (Message ID). Let's take a typical header for example:

Envelope-to: raven-at-mail.box.sk
Received: from [] (helo=mailgw2.netvision.net.il)
by dwarf.box.sk with esmtp (Exim 3.20 #1 (Debian))
id 155wUP-00015d-00
for <raven-at-mail.box.sk>; Fri, 01 Jun 2001 23:29:50 +0200
Received: from ***sender's name removed*** (ras1-p88.hfa.netvision.net.il [])
by mailgw2.netvision.net.il (8.9.3/8.9.3) with SMTP id AAA14549
for <raven-at-mail.box.sk>; Sat, 2 Jun 2001 00:32:06 +0300 (IDT)
From: "***sender's name removed***" <***sender's address removed***>
To: "Raven" <raven-at-mail.box.sk>
Subject: securitywriters.org
Date: Sat, 2 Jun 2001 00:24:30 +0200
Message-ID: <MABBIBPFAKENJLPBHEDLAEAHCAAA.***sender's address removed***>
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200

Well, that's nice. Look at all this information which is hidden in every Email message you
send! Everyone with a bit of knowledge about Email headers can find out lots of details
about you. Of course, I had to remove the sender's name and Email address in order to
preserve his privacy, but I left the rest of the details untouched.
So, what do we have here? Except for the regular details (sender's Email address and his
name, which he defined for his Email client when he first configured it), we also have the
sender's IP address (or the IP address he had while he sent the mail, in case he has a
dynamic IP address).

Another thing you should do if you wish to achieve maximum privacy is to encrypt your
Emails. That way, you can assure that noone who intercepts your message in one way or
another, or breaks into the recipient's Email account will be able to read it. PGP is the
most common mean of encrypting Email. Get it from PGP International.
Info Break: What is a dynamic IP address

Dynamic IP addresses, as opposed to static IP addresses, change every time you go online.
While users with a permanent connection have a static IP which does not change, dial-up
users and other kinds of users which don't have a permanent connection receive a different
IP address each time they go online.

But that's not all. In addition to the sender's IP address, we can also tell what Email
client software he used (unless he forged these details, but that's beyond the scope of
this tutorial. If you wish to learn how to do that, consult Raven's Introduction to
Complete Newbies and Hacker Wannabes, Episode I). There are several steps you can take in
order to hide those and other details about yourself.

  1. Use an Email client that doesn't identify itself (there are several ones on the net. Do
    a web search), or send Emails by connecting to an SMTP server with Telnet and sending the
    Emails manually. If you wish to learn how to do that, consult the Hack FAQ.
  2. Use anonymous remailers.
  3. Use any other method of bouncing your connection, such as bouncing it over a shell
    account or a Wingate computer or any other kind of proxy that will allow you to bounce a
    connection to port 25 (that's the port which SMTP servers listen to, and that's the port
    an Email client connects to when sending Emails).

Chapter VI: Usenet - not just news anymore

Once a huge Internet community, Usenet is now known by a very small percentage of the
users in the world. Usenet is like a BBS, which is a Bulletin Board System. Basically it's
very much alike today's forums, which every self-respecting site or portal now has.
Messages, also known as articles or posts are stored in a central database where users can
browse through the articles to find the piece they want. Indexing and cross-referencing
options are also available. This is very helpful because it is easy to find the
information you need, and it's much more convenient to have a central server than having
all of this content stored on your computer.
By posting to Usenet, you reveal your Email address. This means two things:

  1. You cannot post anonymously.
  2. You are very likely to receive junk mail.

How do we get rid of that problem and post to Usenet while keeping our Email addresses
private, then?
Well, there are several methods.
  1. Use a commercial service for posting messages anonymously. Some are free, some cost
    money, but anyway, it's worth it. I recommend trying services such as
    http://www.mailanon.com/ (has a 7 day trial period) and
  2. Don't post with your real Email address. Instead, open up another address for posting
    on Usenet at Hotmail, for example.
  3. Use a mail-to-news gateway service to post. Such services allow you to post to Usenet
    by Email. But instead of sending your Emailed posts from your real address, send it from a
    fake address or using an anonymous remailer.
  4. Last but not least, some of the services listed above will still reveal your IP
    address. In order not to reveal it, use a proxy server to bounce your connection over it,
    so only the proxy's IP address will be revealed.

Chapter VII: Spyware

Since the collapse of the NASDAQ, software companies have been trying to find new ways to
make money. They realized that shareware doesn't work - most people prefer not to buy the
full program or download a crack for the program and get all of its features rather than
to pay for it, and only a few people actually buy software. Several solutions were
invented. One of those is Adware.
Adware is software that contains advertisements, which earn revenue for the software
company that distributed the program. However, the Internet advertising business is
sinking, and advertisers pay less for advertisement space on the Internet. This is why
Spyware was invented.
Spyware is a program that literally spies on its user. There are different kinds of
Spyware programs, which differ from one another by the kind of information they collect.
Some collect information about what kinds of programs are installed on your computer,
others collect information about your surfing habits and others may get your Email address
and the addresses of all those in your address book and sell them to spammers for tons of
cash (as far as I know, the standard fee for a thousand valid Email addresses is
approximately 100$). As far as I know, some may go as far as recording conversations you
have over the Internet.
This information is later sold for a lot of money to different companies that may be
interested in this kind of information (trust me, there are a lot). This is bad because:

  1. This hurts your privacy.
  2. Transmitting the data which the program collected wastes your bandwidth.

To fight Spyware, you can use programs that detect and remove Spyware from your computer,
such as OptOut and Ad Aware. You can find these programs at every self-respecting download

Here's how to remove Spyware:
There are many online forums, chatrooms and websites that deal with Spyware. Google.com,
the best search engine in the world (in my opinion) lists over 32,000 different webpages
that mention the word Spyware at the moment, and that's a lot, considering the fact that
this is a relatively new topic.
Many sites offer lists of Spyware programs and information about them (including
information on which files to remove in order to disable the program's spying abilities).
Do a web search, you'll find plenty.

Chapter VIII: Browser History, Cache, Cookies and Autocomplete

Your own Internet browser can turn you in! Imagine what would happen if your girlfriend
would find out about all those sex sites you surf to, or if your boss would find out where
you've been surfing while you were supposed to do some work, or some idiot posting some
embarrassing items out of your browser's history. Unless you know how to properly clean
your browser's history, you'd never know when you'd get caught with your pants down
Your browser's cache database is also a problem. But first of all, we have to understand
what cache means.
Info Break: What is cache?

Cache is defined as a storage area that contains data that your computer will need to use
in a short time. There are different hardware and software that use cache. For example,
every modern CPU (Central Processing Unit) has a cache memory chip installed next to it,
which stores data that the CPU will need shortly. Accessing the cache is much faster than
accessing any other kind of storage device, and takes a lot of load off your RAM.
Internet browsers also use a certain form of cache memory. They save web pages, including
pictures, on your hard drive. Then, the next time you access those sites, your computer
will access the site from the local cache instead of from the Internet. In order to assure
that the version of the site which is stored on your local cache on your hard drive is up
to date, your browser compares the size of the files in your cache to the size of the
files on the web server and download whatever has been changed. If you wish to download a
site from the Internet completely and overlook the local cache, you can either set your
browser's preferences to do so or press Refresh (IE) or Reload (Netscape).
The size of your browser's cache can be limited to a certain amount, if you wish to save
disk space, but know this about any kind of cache space - the bigger, the better.

Now that you know what your browser's cache is used for, you have probably realized that
cache is a privacy risk. People can search your cache memory to find out which sites are
cached, therefore learn where you've been surfing recently. However, unlike clearing your
browser's history, clearing your cache has a drawback to it - you'll have to download the
pages that were deleted from your cache again the next time you go there instead of being
able to load them from your cache.
Another risk is cookies. We've already established what these are in the first chapter, so
let's suppose that you know what they're for. So obviously, if you have a cookie that,
say, saves your username and password for some sex site so you won't have to type them in
every time you enter the site, won't anyone who is able to lay hands on your cookies file
know that you've been there? Unfortunately, clearing your cookies has its drawback as well
- you'll have to delete all those stored preferences and passwords, so do this only if you
wish to obtain maximum privacy at this high cost.

And finally, there's another risk that only exists for IE users. This is called
Autocomplete. Autocomplete is a new IE feature that allows IE to remember what you typed
into web forms and allow you to enter the same data into them the next time you visit that
site in a mouseclick. I'm sure you can already imagine what huge privacy risks this
I will explain how to clear your browser's history, your cache and your cookies to IE and
Netscape users, and how to turn off Autocomplete to IE users, since these are the most
common Internet browsers. Those using other browsers will have to look up information on
their own.

How to clear your browser's history:

There are several ways to do this. First of all, you can do this manually. Instead of
explaining here, I've decided to refer you to this site, because it has images along with
the explanations of how to clear your history. Make sure that the cleanup removed the
records of the sites you've been to both from your history page and the address pulldown
box, which also shows the last places you've been to.

If you'd rather automate the process, you can use a number of very useful tools, such as
Evidence Eliminator (a very famous program. It also cleans up other kinds of evidence that
don't have anything to do with Internet surfing), Cover Your Tracks, Don't Panic, Siege
Washer, Webwasher (a personal favorite) and ComClear (for those who use Netscape under
Linux and other Unix variants. Has both a graphical, GTK+-based interface and a textual
interface). Many of the programs listed above can also delete your cookies and clear your

How to clear your browser's cookies:

Cookies are very easy to get rid of. The safest way to get rid of your cookies is to
delete the cookies file, a plain text file often found somewhere under the directory where
your browser has been installed. If you wish, you can also use programs such as Deleting
Cookies, which does the job.

How to clear your browser's cache:
To delete your cache, just do as follows:
Internet Explorer users, go to the Control Panel, then choose Internet Options and choose
to delete your temporary Internet files (that's how IE calls your cache).
Netscape users, go to the preferences dialog box, then open the advanced category, click
on cache and choose to clear both the disk cache and the memory cache.
How to turn off Autocomplete:
Open up Control Panel, click on Internet Options, then go to the advanced tab and remove
the tick mark from Autocomplete (turned off by default).

A Final Word

The object of this tutorial was to teach you how unsafe the Internet is and how many
privacy risks there are on the net, in hope to educate the average net user to become more
aware of risks and take steps to improve his privacy.
I believe that online privacy is very important, because if your computer is exposed,
everyone in the world can peek in. Just like you won't give away your house key to
strangers, you should preserve your anonymity and privacy on the net. After all, it's your

Last edited by Epikal on Mon Apr 14, 2003 5:52 pm; edited 2 times in total
Back to top
View user's profile Send private message AIM Address
Just Arrived
Just Arrived

Joined: 29 Jul 2003
Posts: 0


PostPosted: Tue Jul 29, 2003 7:21 am    Post subject: Reply with quote

Very Interesting but its amazing how many people dont know that you can clean all your tracks in windows all you want but a record is still their and you can only delete these records in DOS as you boot as I Do.

So there HA HA!
Back to top
View user's profile Send private message Send e-mail
Just Arrived
Just Arrived

Joined: 07 Jul 2003
Posts: 0
Location: US


PostPosted: Tue Jul 29, 2003 9:49 pm    Post subject: Reply with quote

I think you missed a few of Epikal's salient points...

...it really doesn't matter how good you are at cleaning up your own machine. Unless you are using randomly accessed, frequently changed, somewhat obscure proxies, while maintaining a low activity profile, there's a good chance that your traffic is all that is necessary to identify and track your movement on the net. Increasingly, rapid, real-time statistical analysis can reveal unusual traffic on a net segment making even the use of proxies somewhat less than robust. Collect enough of that traffic and your identity, whereabouts, and activity will be revealed.

Anything that establishes a session is traceable.
Back to top
View user's profile Send private message
Just Arrived
Just Arrived

Joined: 23 Jul 2003
Posts: 0


PostPosted: Sun Oct 05, 2003 3:44 pm    Post subject: Reply with quote

Many thx. to u for this.
Wanted something like this for my presentation.
Very Happy
Back to top
View user's profile Send private message
cisco student
Just Arrived
Just Arrived

Joined: 07 Sep 2003
Posts: 8
Location: SFDC USA: Chico, California


PostPosted: Sun Oct 05, 2003 9:55 pm    Post subject: Reply with quote

Very nice post, I really got a lot out of this article. I will have to try a couple of those things to see how well they work.
Back to top
View user's profile Send private message
Just Arrived
Just Arrived

Joined: 07 Aug 2003
Posts: 0
Location: USA


PostPosted: Mon Oct 13, 2003 10:46 pm    Post subject: Reply with quote

Just thought you guys might want to know this thread was mentioned in joatBlog. Saw it in my RSS feed.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Anonymity // Privacy // Spam All times are GMT + 2 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register