~ Staying Anonymous in 2002 ~
         Petit image    Woodmann
Republished @ searchlores.org in January 2002
Staying Anonymous in 2002
by Woodmann, First version: January 2002
A nice present for all beginners... read, understand, use, enjoy!
My friend Woodmann should not need any presentation among reversers.
He's a very kind person, that inter alia takes care of the 'kids' still playing protection reversing games.
Let's hope he'll soon send more contributions...


Staying Anonymous in 2002

By:
Woodmann
  Tools:
 Your Brain

Preface

This is intended to help you protect your identity and your hard drive. Every few months "they" devise a new way to try to obtain information from you. Stop giving it away!


Essay

I am a person who desires to be somewhat anonymous. Sometime ago I decided to find out what information I was unknowingly giving away on the internet. As you all know (or should), just about every program on your computer has the ability to upload information without your knowledge.

"They" will try anything to get your information. Who are "they"? Advertisers, software makers, just about every entity wants information from you. With this information each will custom tailor what you see on your screen. We don't all see the same things all the time.

The first thing you need is a personal firewall. I use Zonealarm. It is a free download, go get it and install it. Set security to medium. Now If you have something like Winamp, run the program and watch what happens. A box should have popped and is asking for permission to let xxx(your prog goes here) have access to the internet. You might be wondering why does xxx want access to the internet? Why do you think? To upload information from your computer. Try all your programs. How many wanted access that did not need it? On my home pc Quickbooks wants access, why? There is no reason that anyone needs to know what I doing with my Quickbooks. Why let them see it? Maybe they are checking reg numbers, who knows. The bottom line is the only programs that need access to the internet are the ones that NEED to exchange information. Winamp is playing an mp3 on your hard drive, it doesn't need access to the internet to operate.

How do you set Zonealarm up? 'Tis an easy task :-) After you have installed it, open it and take a look around. As I said, I set my security levels to medium. If you set them to high you will have troubles with some file transfers and chat/voice programs. I have never seen anything escape with it set to medium. All the settings under the "programs" heading should have a green question mark . Check them all and make sure they are set this way. Red X's will block a program from access. Your computer will not even ask you, it will just disregard it. Alerts is where all your "intrusions attempts" are kept. Sometimes people or other entity's desire to get INTO your computer from the OUTSIDE. With your security set to at least medium, when "they" attempt to get in it will pop a box that says: The internet firewall has blocked access to your computer from :111.1.1.11:5555(something like this). Zonealarm keeps these in a log file so you can peruse them at your leisure. If you are like me and just have to know who/what is trying to get in, fire up your favorite tool suite(finger,traceroute,whois, blah blah blah) And have a look at who it is. You should also note the different ports these people want. Why is someone trying to get SSH access? Why are they trying high port numbers? These bastards will do whatever it takes to get in.

After you have the zonealarm the way you like it, go and find an online port scanner that will scan YOUR ports for you. I should tell you to first look at your own computer. At a command prompt,(remember what that is?) type netstat -a or just plain netstat. It will show you what ports are open and what type they are, TCP, UDP, FTP etc. It will show you what you are connected to (established) or what is idle (listening). Unless you are currently in the middle of an FTP session, FTP better not be active, same goes for the others. Close those damn ports!!

There are a lot of ways information is "leeched" off of you. Safe ports is just plain common sense. A personal firewall should be required.

The next issue is browsers. I will bet that at least 85% of you dont use a proxy. Do you know what is contained in your browser header? It contains all kinds of nifty information about your computer and it gives the "cookie man" a free pass to your hard drive. There are plenty places to check your browser to see what information it is giving out. Go and check your header here

Well, does it bother you to know what you are giving away to every page you ever visit? Every single page you have been to knows this information and you didn't even know that it is happening. It is hidden behind the theory that if you give up this information it will make your browsing time easier. Thats bullshit. Why do you think they call it a cookie? Because it sounds nice and warm and is supposed to make you think safe thoughts. It is actually an internet eavesdropping device. Do you like it when the boss looks over your shoulder? No, so we need to put a stop to all this free information that is contained in your browser header.

When you get your new and improved browser that "will make your internet time better" You need to go in and change some of the settings that they kindly turned on for you. Go and poke around "preferences" or "options" and see what is set "on". All the things that you don't need on, unless you like your internet warm and fuzzy and full of Java scripts and other flashing lights and scroll bars with witty messages on them. This is where things start to get interesting. Lots of options that you may not quite understand what they do. The easiest thing is to just set them all to "prompt". The better way is to try and learn what they all do. That will take a bit of effort so I will try to make it a little easier for you. If you are on the internet for information then shut off all that crap like gifs and java and animation and audio. Shut it all off or at least set it to "prompt". That stuff is the number 1 reason why websites take to long to load(especially for you dial-up peeps.)

What about cookies? Shut them off. Now watch who is trying to set them on your computer. Guess what? You don't need cookies to cruise the internet. Even if you do need to set cookies "on" you have settings that can discard them when you close your browser. You can even "fake' them ;)

Let me try to give you a brief idea about what is going on with your browser. IE first. I have IE 5.0. Up top of your toolbar open tools then internet options. This is where most of your settings are. You will set your browser settings to whatever you need, not the defaults. They "kindly" set your defaults for you when you install/buy new. They do this because they can take advantage of YOUR laziness. After all, you only want the thing to show you all that is wonderful right? Security then custom settings is where you will find some of the important stuff. See how you can set it to "prompt"? Set them to prompt. You should take the time to experiment with each of the settings to find out how they effect your "browsing" I can't take the time to explain every setting, you have to figure some of this out on your own.

I want you to learn how to use an anonymous proxy. One of the easiest programs to help you browse anonymously is Proxomitron. It has a ton of options to play with and you can set your header message to whatever you want. I will skip through this part quickly. Set the proxy server settings in you browser to localhost:8080. In IE 5.0, up top, tools then internet options then connections then lan settings. Now we need to find an anonymous proxy address. There are a few resources available. Search anonymous proxy lists in Google. (without the localhost set to 8080. just uncheck the box) Once you find a place that has a list, open the Proxomnitron, open the log window and open the proxy check box. Type in an address and watch the log box. If it returns your IP address then its not anonymous. What is your ip address? Remember the command prompt? ipconfig should show you your IP address. there are different ways to obtain this for different OS. Unless you are using Win95, ipconfig should do the trick on all Win boxes. Write down the number. Not the 255.255 one. Not the default gateway, the one that says IP address. I can write a whole chapter on IP address but Not today. Just know that some of you will have IP address that will change daily, weekly, monthly or whenever your provider wants to change it. Always check your IP before you check your header against an online header checker, You need to know if it has changed and what it is.

OK, Despite the fact that the site you are using says the proxy's are anon, most times they are not. Keep checking addresses until you find one that comes back clean. Your IP address should be NOWHERE in the results the Proxomitron has returned. Next you need to check it against an online header checker. I use 2 different ones to verify that it's anonymous. Once you have found one or 5 anon proxy's, click on the save disk on the proxomitron.Go back and check the header again to make sure.

One thing you need to know about proxy's is they are not stable. That is why I say get at least 3 to 5 of them if you can. I consider it a victory if I can find an anon proxy that lasts more then a week. Most of them only last a day or 2 or, they just get so overloaded they slow wayyyyyyy down. For people on a dial-up, this will be your most trying time, enduring a slow proxy on top of a slow dial-up. It may become too unbareable for some of you but, you must decide if you want the world to know all your "stuff" or if you want to be anonymous.

Open your Proxomitron and click on headers. This is where we can change some info or just stick with the defaults. The defaults will give you adequate protection. Open web pages. Here is another place where you can control how you browser displays websites. Open it up and poke around. Yes I want to kill blinking text. Yes I want to kill midi(shit awful stuff) You have control now, use it. If you doulbe click on a particular line, in headers click on x-forwarded. You can chage what your browser displays for that particular line.

There will also be times where a website needs to see some information to let you in. Think about what it is they want to see. Micro sometimes wants to see that you are using their browser. I dont use IE but I put in the header that I do. Along with some other tweaking I made M sites think I was using their browser and they let me in. Opera while using Proxomitron will take some setting up to get it the way you want it. Do people still use Netscape? I shall write an addendum if neccesary for Netscape users. For Opera users, I figured if you are using Opera then you are familiar with "tweaking" settings to make things work.

Now what you have done is stripped away all the chances they have to collect information. It won't always be easy browsing but if you need full browser power then you can just check the bypass box on the Proxomitron while you gather the information that you need. Or, uncheck the localhost box in your IE settings. Hotmail, for example, Needs to see that your browser is IE 4.0 or better. Even though I use Opera, I put in the header that I am using MSIE 5.0, Now it works ;)

M$ mail programs are of course full of bugs. Almost all the viri, trojans and worms are written for M$. Java exploits are another thing you should be aware of. ActiveX is another. If you are willing to learn something new as opposed to using what is easy, the internet will be a much safer place for you.

No one said it would be easy, proxy's change everyday, so don't shitty malwares designed to infiltrate your computer. Stop making their job easier. Protect yourself.

Questions,comments send them here.



Petit image

(c) III Millennium: [fravia+], all rights reserved