# Internet Track: how to be safe?

## john745

Hullo:

Well, my question is: is possible to track somebody internet movement on internet -i have read many version on the web, so i am a little bit confused-. If this is possible, how is the mechanism of this beggardy (im asking not for "evil" pouposes, just for general knowledge). And of course how can we be secure. 

I mean, how the "police" catch this hackers or whatever, how is possible?..................and we can defend our privacy? (I am, of course, agree that the "evil" users of internet must have punishment, but im uncertain about the vulnerability of all the users also)

Well, thats all. Maybe im just another victim of the "hollywood effect", for watching so many movies   :Shocked:  ...........or maybe not........

Waiting for anwsers.

Greetings

----------

## bluepass

There's no one definite answer for your question. There are different cases. It's probably the reason you are confused about it -- you hear some stories say it's possible and some say it's not. You can think of it this way. If the hacker knows what he's doing, and it's often not only a matter of knowing what he's doing, but also a matter of knowing other things not directly related to the hacking technique he attempts, he is able to hide his traces. Over here we're talking about people who are really knowledgeable, not just some kid who just found out how to port scan a server and find and compile an exploit. We're talking about a person who has spent a big part of his life just studying computer technology and read about the vulnerabilities found in various services/daemons and what not. Often things are not as easy as they appear in movies, and the more you try the more you increase the possibility of screwing up something and leaving a clue which can be traced back to you behind. As for how they are able to track you down, well, there are lots of different ways. If they've got a way to trace an attack back to your IP address, they'll go directly to the ISP and get all the information they need to get to you. Sometimes people think they're safe because they're bouncing through a couple of proxies but sometimes the proxy servers will keep logs or simply forward your IP along with information saying that you are using a proxy to whatever remote you're trying to connect to -- so you have to know what proxy you're using. There's just thousands of possibilities. If you have something specific in mind that you'd like to know about ask ahead. Otherwise, the answer is that yes they are able to trace your internet activity back to you and often that'll happen because a stupid mistake you made. As for how to keep your online activity secure, do a little bit of research on VPNs and Tor. So far they're the two most secure ways of keeping yourself anonymous on the internet, but just remember that as long as you're using an ISP that keeps logs of your activity you'll never be entirely anonymous.

----------

## john745

Thank you for your anwser.

wow, is really brutal and disconcerting!

So, no matter what we do, we are always exposed in some degree? NOTHING to do?...we are this "easy target"?  :Confused: 

Im using Tor, i read what and how this program do the things, but i also read some critics of it, which says that still is not extremly secure. Tor is great, but it slow my connection greatly.

Do you have some other "tips" for not to be "traced"?

Greetings

PD: well, this is rather ironic, we can not use Tor in the gentoo Forums, so maybe the forum contribute for our vulnerability? lol, well, i supose that not really!

----------

## bluepass

Well first of all, I guess, there can never be such thing as extremely secure. There will always be a weakness somewhere waiting to be found. Also, about being traced, unless you do something that's giving "the people in power" a reason to come after you, you have nothing to worry about. It is impossible for any government organization or agency to follow every single person's online activity. The only thing that they are able to do is use filters and log activity. Filters will be there to alert them in case something my sound threatening or worth taking a look at. A very simple example of that would be someone chatting with someone about, say, killing the president or planting a bomb in a certain place. Now, their systems clearly don't work exactly like that and they have more complex algorithms for figuring out whether that something is threatening (think how much activity there would've been since Bush was elected president in the US if they only did that  :Laughing: ). And the logging would be there for them to see what else happened around the time these filters detected the threats and also for them to have proof of what happened in case it goes to court. Often the logging is done by the ISPs, though, not the government. A big ISP would prefer to talk to the government and clear their side of things by saying "we'll log traffic that goes in and out of our side so we don't become, in a way, an accomplice to whatever misuse of the internet is detected".

As for ways of not having your internet activity traced back to you, the best one I think would be wardriving. If you have a laptop with a good wireless card and you drive around neighborhoods looking for unsecured access points, you can sometimes just connect to those and use their internet connection and do whatever you want. And on top of that, alternating places and networks will work in your advantage. But like I said before, nothing is "extremely secure". Your wireless network card has a MAC address which never changes and access points may log DHCP activity. When you connect to their network and they lease you an IP address for your session, they keep your MAC address in the logs.

You shouldn't be worried about your online activity being watched all the time, especially if you don't intend on doing anything bad. You can try to avoid it by using Tor, but to a certain degree they'll always know what you're doing. They control the internet, unfortunately, not the end-user.

----------

## MrUlterior

 *bluepass wrote:*   

> You shouldn't be worried about your online activity being watched all the time, especially if you don't intend on doing anything bad. You can try to avoid it by using Tor, but to a certain degree they'll always know what you're doing. They control the internet, unfortunately, not the end-user.

 

I certainly don't believe Tor is perfect; but do you care to validate that statement beyond opinion? Tor works by encrypting your traffic through a certain ammount of nodes, there was a vulnerablity to several forms of attack that could identify a node statistically -- I don't think this is the case presently though.

If you're careful about :

1. Ensuring your endpoint is not physically in the same country as you (if it's a non-tor node)

2. The security of your PC (no keyboard loggers, no trojans, no van eck vulnerability, local disk encryption to ensure that physical access to the hard disks doesn't mean access to your data + really strong passphrases)

3. Configure your Tor *NOT* to be an endpoint (you don't want someone else's incriminating traffic spewing out unencrypted from your PC much to the delight of your friendly local totalitarian regime, do you?)

4. Preserving your anonymity (eg. don't run hidden apache if it announces your webmasters email address to the world in the 404 message, don't run 3rd party scripts that could leak information, etc)

5. Switch your tor port between several different ports daily, and alternate it with your bittorrent client. Ensure the torrent client is encrypted, if people are going to snoop on your traffic, you may as well give them LOTS OF IT, and encrypt it all  :Smile: 

Imagine this conversation::

 *Quote:*   

> Yes sir! It took us 33,021 years and cryonic preservation; but we've finally cracked the first 4.5 mb of the traffic intercept! It was an mp3 titled "Oops I Did It Again", archaeological records show this as being the intellectual property of one Ms. Spears. Shall we commence work on the RIAA funded time-machine, return to 2006 and prosecute the evil-doer?

 

Unlikely ...   :Smile: 

----------

## john745

Well, the awnsers are very interesting, really.

So what i can conclude: use Tor, do not do stupid things on internet, and get away of my psicosis of persecution?, lol.

Im flatter with the anwsers. Never the less , as you say: "but to a certain degree they'll always know what you're doing"   :Sad: 

 *Quote:*   

> 
> 
> Yes sir! It took us 33,021 years and cryonic preservation; but we've finally cracked the first 4.5 mb of the traffic intercept! It was an mp3 titled "Oops I Did It Again", archaeological records show this as being the intellectual property of one Ms. Spears. Shall we commence work on the RIAA funded time-machine, return to 2006 and prosecute the evil-doer?
> 
> 

 

my god!.......lol

Thank you

----------

## bluepass

Alright, I know I haven't been posting for a while. I've been busy with things. I was, though, able to read the replies to this topic. I'm hoping that this reply will explain what the vulnerability in Tor is. Here it goes...

Consider government organizations such as the NSA or CIA setting up Tor on a bunch of their own machines. Now the way Tor works is that you are using their service but at the same time you allow other people to use your machine to route online traffic -- in a way it's like a peer-to-peer application -- you use the service and at the same time provide others with the same service. That's the basis of this project. Now consider the government setting up Tor on, say, a whole computer lab -- they don't need any strong fast machines to do this, even a simple 500 MHz machine would do it with enough RAM to run an operating system and the software needed for Tor to run. Now between the who-knows-how-many machines out there routing traffic, we have 30-40 government machines listening in and each having equal chances of being pulled as the last hop in the routing process -- which is the machine that is able to fully decrypt the packets sent and the machine that receives packets from the server to whom the request was made. So this does not only see what you send but also what you receive. Now 30-40 machines out of the thousands (I'm not certain about the number of users using this and at the same time allowing others to route traffic through their machines) might seem like a tiny number, so you think that the government doesn't get to see as much, but considering the amount of money that the NSA, for example, is spending on technology just to be able to keep up with the new security technology out there, they could set up hundreds if not thousands of machines to listen up on the Tor network which will also increase their probabilty of becoming that last Tor node which will get them the information they need.

I hope it makes sense. And again I appologize for the late reply.

----------

## madisonicus

 *bluepass wrote:*   

> Consider government organizations such as the NSA or CIA setting up Tor on a bunch of their own machines. 
> 
> ...  
> 
> they could set up hundreds if not thousands of machines to listen up on the Tor network which will also increase their probabilty of becoming that last Tor node which will get them the information they need.

 

Tor does have some very real vulnerabilities via flash, javascript, and (shockingly) ActiveX: PacketstormSecurity PDF article.  It is also potentially vulnerable to a timing attack if both ends of your connection are being monitored.  These vulnerabilities are described fully in the FAQ at the Tor website.

However, your description confuses a couple things and misunderstands something about Tor.  Tor is designed solely to defeat a traffic analysis attack, not to provide stronger encryption.  The overview is very clear what they do and do not protect against.

If, for instance, you were to use Tor to telnet to your email server and check your mail, it would record a telnet session from the Tor exit node's IP address, not yours.  However, all your email would arrive at the exit node totally unencrypted.  The only reason to send unencrypted packets through a Tor network would be to prevent your ISP from knowing what it was you were doing or to obscure the origin of the request.  And, of course, your email server will clearly know you are.

Also, using Tor means that your HTTP/S requests are first SSL encrypted and then sent through at least 3 anonymizing Tor servers before exiting to the internet.  So, all your ISP knows is that you're talking to the Tor network.  Within the network all your traffic is encrypted.  All an exit node knows is which Tor server to send the requested packets to.  Only your entry Tor server knows who you are.  Entry and exit servers are anonymized from one another.

So, with Tor, yes, some nefarious bloke masquerading as an exit node could be monitoring your unencrypted traffic, but he wouldn't know what IP address you were using to log on.  

With on-line anonymity, you really have to ask yourself whom you're hiding from and what are you trying to hide.  Oftentimes, the problem is not more anonymity but stronger encryption and authentication.

----------

## GNUtoo

 *Gromlok wrote:*   

> Thank you for your anwser.
> 
> wow, is really brutal and disconcerting!
> 
> So, no matter what we do, we are always exposed in some degree? NOTHING to do?...we are this "easy target"? 
> ...

 

use tor+PRIVOXY if you don't it will keep your ip in the tcp-ip header

----------

## GNUtoo

 *bluepass wrote:*   

> 
> 
> As for ways of not having your internet activity traced back to you, the best one I think would be wardriving. If you have a laptop with a good wireless card and you drive around neighborhoods looking for unsecured access points, you can sometimes just connect to those and use their internet connection and do whatever you want. And on top of that, alternating places and networks will work in your advantage. But like I said before, nothing is "extremely secure". Your wireless network card has a MAC address which never changes and access points may log DHCP activity. When you connect to their network and they lease you an IP address for your session, they keep your MAC address in the logs.
> 
> 

 

you can change your mac adress...mabe it's in the gentoo handbook

----------

## GNUtoo

 *MrUlterior wrote:*   

> 
> 
>  Ensure the torrent client is encrypted, if people are going to snoop on your traffic, you may as well give them LOTS OF IT, and encrypt it all 
> 
> 

 

how do you do that?

----------

## GNUtoo

 *madisonicus wrote:*   

>  *bluepass wrote:*   Consider government organizations such as the NSA or CIA setting up Tor on a bunch of their own machines. 
> 
> ...  
> 
> they could set up hundreds if not thousands of machines to listen up on the Tor network which will also increase their probabilty of becoming that last Tor node which will get them the information they need. 
> ...

 

realy?

when i go to my.dk with tor+privoxy it gives me the ip of another machine than mine

----------

