Anonymous browsing (for non technical people)

ezra_ · 28-10-2014 12:54pm #1

Not sure if this is the right forum but I'll try anyway.

If I want to set something up where my personal browsing is kept as private as possible with as little hassle on my side as possible, would the following be ok?

I'm using a macbook pro
Set up a VM running something like debian or ubunutu
when browsing the net, I use the VM and use something like tunnel bear.
When finished for the day, I nuke the VM

I write up some script that installs the right packages that I need to do simple internet browsing so installing the new OS is simplified.

This way, my IP isn't tracked back against my machine and any cookies or other such web dropped items are nuked completely when the VM is shut.

Is this OTT? What I'm trying to do here is recognise that because I use GMail for work and for personal mail, I will have lots of google related tagging going on. This means that my email and work use are completely separated from my personal internet use.

Any comments / thoughts / hard slaps of reality to the face would be greatly appreciated.

Khannie · 28-10-2014 2:18pm

ezra_ wrote: »

when browsing the net, I use the VM and use something like tunnel bear.

Personally I don't trust VPN's. My sceptical view is that you should assume they're run by a government agency because there is an incentive to do that (and history of it happening if memory serves).

AnCatDubh · 28-10-2014 2:45pm

Just one suggestion for you:

ezra_ wrote: »

Set up a VM running something like debian or ubunutu

It won't be perfect but unless *someone* with enough knowledge/resource to go deeper in hunting you down (that might be just a cctv camera in the corner of your place of work), then give tails a try.

Do make yourself aware of their warnings.

Also worthwhile to familiarise yourself with employment law / your work employee/employer policies, and square off anything which you are attempting to do that it is ok with your employer, or they may view it as a very hostile action (even leading to dismissal).

Better still, don't use gmail :eek:

ezra_ · 28-10-2014 4:05pm

Khannie wrote: »

Personally I don't trust VPN's. My sceptical view is that you should assume they're run by a government agency because there is an incentive to do that (and history of it happening if memory serves).

I'm not so worried about the NSA here - its more to stop people like Google, Facebook knowing more about me than say my girlfriend does.

ezra_ · 28-10-2014 4:06pm

AnCatDubh wrote: »

Just one suggestion for you:

It won't be perfect but unless *someone* with enough knowledge/resource to go deeper in hunting you down (that might be just a cctv camera in the corner of your place of work), then give tails a try.

Do make yourself aware of their warnings.

Also worthwhile to familiarise yourself with employment law / your work employee/employer policies, and square off anything which you are attempting to do that it is ok with your employer, or they may view it as a very hostile action (even leading to dismissal).

Better still, don't use gmail :eek:

Thanks - I feel that using TOR is BAD and evil. I'm not sure why I feel this way.

I'm looking to hide data from private companies, I'm not hiding from ECHELON!

ezra_ · 28-10-2014 4:12pm

AnCatDubh wrote: »

Just one suggestion for you:

Better still, don't use gmail :eek:

Gmail is persistent and free (and we use it in work).

Are there many alternatives that have longevity? Surely anything that is successful is going to end up the way of lavabit.

syklops · 28-10-2014 4:39pm

You want to stop Google knowing stuff about you, while still using gmail?

/me gets popcorn.

ezra_ · 28-10-2014 4:54pm

syklops wrote: »

You want to stop Google knowing stuff about you, while still using gmail?

/me gets popcorn.

I don't want any particular large companies to be building up a profile of me.

I also want an email service that is reliable, cheap and works. Gmail does that.

This isn't a 'hide my existence from the world' exercise, but rather a way for me to reduce my digital footprint to commercial their parties.

Needless to say, I won't be firing up gmail within the VM.

AnCatDubh · 28-10-2014 5:09pm

ezra_ wrote: »

Needless to say, I won't be firing up gmail within the VM.

Sorry, I'm puzzled now. Did I misunderstand your original post was that somehow you would fire up a VM, tunnel it through something or other [to give a non similar traffic source to the non VM] - this, for the purposes of accessing GMail such that google wouldn't put two and two together and potentially (or likely) link you to the non VM (Mac) a/c.

ezra_ · 28-10-2014 5:17pm

Apologies if I'm not explaining myself properly.

I use Gmail a lot from my laptop and from work. Given that my work email is also run through gmail you have traffic from my personal and work account on both my work and my own laptop.

however, when I use the web in a personal capacity, I try to do so in as private capacity as possible (icognito browser, clear cookies etc etc).

The aim here (and it could be completely pointless) was to use the VM/VPN combo so that my personal browsing was as private as possible (nuking the VM each time you use it and using the VPN to obscure IP and country).

I don't see much point in accessing emails through this set up as it would just undo the work done to create some privacy.

Khannie · 28-10-2014 6:54pm

ezra_ wrote: »

however, when I use the web in a personal capacity, I try to do so in as private capacity as possible (icognito browser, clear cookies etc etc).

Unfortunately, using the same browser means they already know it's you for both (even in incognito mode). Check out Panopticlick for some more information (it's quite interesting).

ezra_ · 28-10-2014 8:58pm

Thanks Khannie.

I use Chrome for emails and Firefox for browsing so I have some separation. Not sure if it actually has an effect or not though...

Keyzer · 31-10-2014 10:19am

ezra_ wrote: »

This way, my IP isn't tracked back against my machine and any cookies or other such web dropped items are nuked completely when the VM is shut.

What virtualisation SW are you using and how have you got the VM connected to the internet?

Unless you go to absolutely ridiculous extremes (I'm talking TOR, multiple VPN's, remote systems around the world that you can utilise, ISP's who don't give a toss what your up to) anyone can be tracked if the prize for tracking said person is valuable enough.

AnCatDubh · 31-10-2014 2:48pm

Um... OP, as you are accepting and proposing to not be completely anonymous, you have in your opening and subsequent posts drawn a level of anonymity from those that may be profiling the user - proxying through something will get you a public ip different to your work ip. Running a VM machine should get you a different browser fingerprint. Stopping cookies will prevent a webserver from knowing what functionality you/your browser has been doing previously (though they could still know [log] that the browser was there with successful fingerprinting of same - Addthis for example, are actively doing this as far as I recall and you'll encounter them all over the web). This may not matter to you if it is completely random browsing that you are doing so long as you never encounter anything that will yield up an online or other identity. So, you should never log in to anything within the VM/proxy setup or the game is up as far as the expectation of privacy/separation might be (not sure in reality how much retrospective analysis that the big companies are doing but you'd have to assume that this is a possibility/being actively exploited).

For what its worth, turn on "do not track" in the browser though i'm not sure the big guys are obeying that -- assume they aren't but ethical companies may well be - its more of a 'i would like you not to track me' than an enforced rule. Install some of the browser add ons to kill analytics code, and also worthwhile to kill javascript which typically is being used for web page tracking.

Stepping up a level of paranoia and you could kill the preloading of graphics to kill any old school '1x1 pixel transparent images' which can be used for tracking. Tell the browser to not store history and to not suggest anything when you type into the address bar or search box to avoid unforeseen leakages.

But.... of course the more you kill the options within the browser, the more unusable the web may become for you so there may be a tradeoff.

And even in the above scenario, 'stuff' can be logged at the server side which could be used to generate a profile over time and eventually compromise you. Depends what your personal browsing contains as to whether that is a concern or not.

A final gotcha - apart from the above and assuming a scenario at work, your employer will see traffic to your chosen proxy. They *may* not see the content of what you are browsing but they certainly will see traffic which you might need to explain. If you browse a lot for personal purposes during a day then a disproportionate amount of traffic may be detected from your machine ip on their network to your proxy - that is if your employer is monitoring their network (which may or may not be the case).

So, yes what you propose will give a level of separation between work and personal however may not be entirely anonymous.

Anonymous browsing (for non technical people)

Comments