Web / Proxy Anonymizers…

[ST Dragon]

Ciao,
I was wondering which are the best and most reliable Proxy Anonymizers, Anonymizer tools / software & solutions in generals, for one to completely cover his/her online tracks from their ISP, hide your IP, to be able to send / receive e-mails, browse sites like Facebook, download / upload files & surf the web 100% anonymously? (Preferably free)

Thanks in advance

[junkeR]

Tor, Anonymouse.org.
I use Scroogle for SSL Google-scraped searches:
https://ssl.scroogle.org

[ST Dragon]

I just checked anonymouse and concerning the ISP, it says:

http://anonymouse.org/faq.html#7

7. Am I anonymous to my provider?
No, Anonymouse offers anonymity before the target/recipient. However, the provider is of course bound to the respective data protection acts, secrecy of letters, etc. . The provider is usually only allowed to process the data transmitted by the users if it is necessary for the solution of technical problems.

The VIP-Version of Anonymouse supports encryption (HTTPS/SSL/TLS), where the data is transferred encrypted from your browser to the Anonymouse server and your provider can not decrypt this data.
http://anonymouse.org/vip.html

So it’s not that simple to hide from your ISP with proxies… maybe a VPN would probably be better suited?

[ASK]

Yes, it would need to be a VPN or an SSL enabled web based proxy but then you get into an issue of trust (unless all you care about is hiding your traffic from your ISP)

[ST Dragon]

Yes, it would need to be a VPN or an SSL enabled web based proxy but then you get into an issue of trust (unless all you care about is hiding your traffic from your ISP)

What kind of issue of trust are you referring to?

Yeah I want to hide my traffic from my ISP, to be able to send / receive e-mails via yahoo / google e-mails anonymously without my ISP being able to have access to them or see the recipients / receivers and hide my IP from WebPages like face book.

[ASK]

Yes, it would need to be a VPN or an SSL enabled web based proxy but then you get into an issue of trust (unless all you care about is hiding your traffic from your ISP)

What kind of issue of trust are you referring to?

Well in the case of a VPN, you're then putting trust in the VPN provider to not snoop on your traffic or log access details when accessing unencrypted resources. Even when accessing encrypted resources (like a website via HTTPS), unless you host your own DNS server, DNS traffic will always be unencrypted and open to interception or logging, so an ISP or VPN provider can at least know what domains you've resolved (which can lead to the assumption of access).

Also, there's always the danger of Java (different from Javascript) or other embedded applets which generally do not proxy (unless you use a VPN), so in the case of a web based anonymizer, there's the potential for leaking local information, so it's always good to disable them.

[ST Dragon]

So, in the case of VIP-Version of Anonymouse which supports encryption (HTTPS/SSL/TLS), DNS traffic will always be unencrypted and open to interception or logging to my ISP, unless I use my own DNS server!...

I guess the safest way to surf the net 100% anonymously, would be from an internet cafe!

[crithit5000]

Or hack your neighbor's wireless.

[ASK]

So, in the case of VIP-Version of Anonymouse which supports encryption (HTTPS/SSL/TLS), DNS traffic will always be unencrypted and open to interception or logging to my ISP, unless I use my own DNS server!...

I guess the safest way to surf the net 100% anonymously, would be from an internet cafe!

Yes, however there are DNS servers out there that are open to use, it's up to you if you trust their intent and what they log, however. They are 4.2.2.1 & 4.2.2.2 (these have been around forever), and Google's new 8.8.8.8 & 8.8.4.4. Not using these servers would really only be for the ultra paranoid, but I personally would not use Google's, just because their intent is likely data mining, which means hardcore logging.

[antron]

VPNTunnel and Relakks are options, but reviews say they can be slow.

[ST Dragon]

Or hack your neighbor's wireless.

Excellent idea, I completely overlooked that option.
It just so happens that my neighbour has his wireless completely unsecured with no password and I was able to connect @ 24-36Mbps...
But still, wont my ISP be able to identify me, my traffic & log access details from my laptop’s MAC address? After all, I have logged in with this laptop from my own home connection before, so it must have been logged in my ISP’s database and they could still cross compare it.
Maybe I should just get another wireless USB LAN card with a different never before used MAC address.

Also, there's always the danger of Java (different from Javascript) or other embedded applets which generally do not proxy (unless you use a VPN), so in the case of a web based anonymizer, there's the potential for leaking local information, so it's always good to disable them.

Where exactly are these embedded applets and Java installed? Apart from Adobe Flash player for IE8 & firefox, I don’t see anything else of that nature in the Add-Remove programs list in WinXP PRO…

So, in the case of VIP-Version of Anonymouse which supports encryption (HTTPS/SSL/TLS), DNS traffic will always be unencrypted and open to interception or logging to my ISP, unless I use my own DNS server!...

I guess the safest way to surf the net 100% anonymously, would be from an internet cafe!

Yes, however there are DNS servers out there that are open to use, it's up to you if you trust their intent and what they log, however. They are 4.2.2.1 & 4.2.2.2 (these have been around forever), and Google's new 8.8.8.8 & 8.8.4.4. Not using these servers would really only be for the ultra paranoid, but I personally would not use Google's, just because their intent is likely data mining, which means hardcore logging.

Very interesting! I was not aware that public DNS servers actually existed.
By the looks of it there are a whole lot of them out there:
http://theos.in/windows-xp/free-fast-pu ... rver-list/

I also did a Google search on the 4.2.2.1 & 4.2.2.2 DNS servers, but could not find any info on what they actually log / intercept and what info they keep in their database, apart from this:

http://forums.techguy.org/networking/27 ... 2-1-a.html

They're the IP addresses of the DNS server, obviously these are public IP addresses. Here's the WHOIS entry associated with one of them:

4.2.2.1

OrgName: Level 3 Communications, Inc.
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US
Comment:
RegDate: 1998-05-22
Updated: 2003-11-06

AbuseHandle: APL8-ARIN
AbuseName: Abuse POC LVLT
AbusePhone: +1-877-453-8353
AbuseEmail: abuse@level3.com

AdminHandle: APL7-ARIN
AdminName: ADMIN POC LVLT
AdminPhone: +1-877-453-8353
AdminEmail: ipaddressing@level3.com

TechHandle: TPL1-ARIN
TechName: Tech POC LVLT
TechPhone: +1-877-453-8353
TechEmail: ipaddressing@level3.com

TechHandle: ARINC4-ARIN
TechName: ARIN Contact
TechPhone: +1-800-436-8489
TechEmail: arin-contact@genuity.com

# ARIN WHOIS database, last updated 2004-09-24 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.
OrgID: LVLT
Address: 1025 Eldorado Blvd.
City: Broomfield
StateProv: CO
PostalCode: 80021
Country: US

NetRange: 4.0.0.0 - 4.255.255.255
CIDR: 4.0.0.0/8
NetName: LVLT-ORG-4-8
NetHandle: NET-4-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: NS1.LEVEL3.NET
NameServer: NS2.LEVEL3.NET
Comment:
RegDate:
Updated: 2004-06-04

OrgAbuseHandle: APL8-ARIN
OrgAbuseName: Abuse POC LVLT
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com

OrgTechHandle: TPL1-ARIN
OrgTechName: Tech POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipaddressing@level3.com

OrgTechHandle: ARINC4-ARIN
OrgTechName: ARIN Contact
OrgTechPhone: +1-800-436-8489
OrgTechEmail: arin-contact@genuity.com

# ARIN WHOIS database, last updated 2004-09-24 19:10

What about the DNS servers at OpenDNS?
http://www.opendns.com/
208.67.222.222
208.67.220.220
What’s their intent and what do they log?

Some one else mentioned…

Remember that nothing is free – all these DNS servers, especially Google, will keep all your search history, IP address, timestamp, computer name, userid, etc – all stats on you and everything you search – forever in their database.

So it would seem that the better choice would be to either hack someone’s wifi & let them get busted if something goes horribly wrong, or surf anonymously at an internet café, provided that they don’t have cameras of course.

[crithit5000]

But still, wont my ISP be able to identify me, my traffic & log access details from my laptop’s MAC address? After all, I have logged in with this laptop from my own home connection before, so it must have been logged in my ISP’s database and they could still cross compare it.

Just manually change/spoof your MAC address.

So it would seem that the better choice would be to either hack someone’s wifi & let them get busted if something goes horribly wrong

I'd say probably, as long as you're smart about it. If you're super-paranoid about things, find a few vulnerable signals you can gain access to. Don't stick to any of them for long periods of time, change your MAC address a bunch, and just generally try not to stick out like a sore thumb.

[ASK]

If you're going to use someone's Wifi, best to get a new USB Wifi adapter and use that after disabling your on-board wireless nic. Also, you should make sure if using windows that your computer name is not something that identifies you. Generally you'll be asking their DHCP server for your IP address which will give up your assigned hostname. That is potentially stored along with your MAC address in the DHCP lease database on their router for about a week (DHCP lease time is often configurable). Keep in mind that MAC addresses identify manufacturers, so if you're ultra-mega-double paranoid, spoof your MAC address to a legitimate MAC of a manufacturer other than your Wifi adapter's.

There should also be a way to stop your Wifi adapter from automatically connecting to access points. Don't leave stuff up to chance.

But still, wont my ISP be able to identify me, my traffic & log access details from my laptop’s MAC address?

If you're connected from behind a residential gateway router, no. MAC addresses are layer 2 and node to node, IP is layer 3 and end to end. What this basically means is as a packet passes router to router, the MAC address on the frame is modified to be that of the current node while the IP address is what stays the same. Your MAC is never exposed past your gateway.

[ST Dragon]

OK, a few more queries...

By disabling my on-board wireless nic, you mean the pre-existing onboard wireless lan card of my laptop, right?

And how exactly do I change / spoof my MAC to a legitimate MAC of a manufacturer other than my Wifi adapter's? Is there actually a list with all the legitimate MAC addresses for all manufacturers out there?

Also, there's always the danger of Java (different from Javascript) or other embedded applets which generally do not proxy (unless you use a VPN), so in the case of a web based anonymizer, there's the potential for leaking local information, so it's always good to disable them.

OK, so I disabled “Scripting of Java applets” in the internet zone security settings, custom level, of IE8 in WinXP Pro & Win Vista Business (Security level for this zone: Medium-High), but there are also many Active X controls & plug-ins, .NET Framework, active scripting, filters and a bunch of other components that are enabled, but I’m not quite sure what each one does and weather I should disable them or not?
What other applets should I disable?
Should I just set the Security level for this zone to: "High" and disable everything?

Or Maybe Mozilla firefox would be the safest way to go as far as privacy is concerned?

Thanks in advance