Skip to content

Technical Threats

Tenshi Hinanawi edited this page Apr 28, 2012 · 1 revision

Basic Rule: Use as many security layers as possible. The question is not, whether you are paranoid, but whether you are paranoid enough.

A good beginning is to use a VPN and running Anonymous related Software from USB device or a Live CD. A proxy is ok, but is not as secure as a VPN.

Always use as much security layers as possible, but make sure to use them in the right way. If you don't know how to use them, you have to learn it first.

Most anons use VPN to hide their traces, they use SSL encrypted connections and they use #vhost, when they are on IRC servers.

VPN

When thinking of a VPN service, think first about the legislation of the country. A USA VPN might provide user data upon warrant issue. In other countries, such as Sweden and Iceland, this is unlikely to happen. They have a strong privacy policy, wich makes it harder for law enforcement agencies to get access. In adition, some servers do not keep logs of users. Also try to get VPN services that accept anonymous payments (For those that keep user billing information)

More info: https://secure.wikimedia.org/wikipedia/en/wiki/Vpn

Free VPN -- Not recommended. (see explanation)

If they aren't selling you a service. They are selling you. Additionally, many features are capped, and many free VPN providers will hand user data upon warrant. Also, many free VPNs work with ad companies.

Don't put any sensitive material through it, and you might be fine. Might.

http://cyberghostvpn.comhttp://hotspotshield.com -- Occasionally hijacks your traffic to redirect you to advertisers. ∗ http://proxpn.comhttps://anonymityonline.orghttp://www.bestfreevpn.comhttp://www.your-freedom.nethttp://www.ultravpn.frhttp://www.itshidden.comhttp://www.thefreevpn.comhttp://www.packetix.net

Commercial VPN providers

http://www.swissvpn.nethttp://perfect-privacy.comhttps://www.ipredator.sehttp://www.anonine.sehttps://www.vpntunnel.sehttp://www.relakks.comhttp://www.steganos.comhttp://www.bananavpn.net > logs IPs ∗ http://www.strongvpn.com > logs IPs ∗ http://www.secureix.comhttp://www.secretsline.comhttp://www.findnot.comhttp://www.trackbuster.comhttp://www.vpngates.comhttp://www.perfect-privacy.comhttp://www.trilightzone.orghttp://www.vpnaccounts.comhttp://www.securstar.dehttp://www.witopia.nethttp://www.tiggerswelt.nethttp://www.xerobank.com > logs IPs

VPN Tips

PROTIP: Don't use Commercial pptp on Windows.

It's been said, as telecomix pointed out, that some operating systems (Windows 7, Vista) might be vulnerable to an attack consisting in requesting p2p conns, wich could lead the malicious attacker to get the user real ip.

See https://www.ipredator.se/?lang=en For more information on this matter. Seems flaw has to do with ipv6 conns, so just ensure you use ipv4.

Anything that uses OpenVPN is good. And remember to factor in specific policies on user data storage and policies regarding that data. (Best option, no data loggin + no user billing loggin, + safe payment methods ie: Ukash and similar services).

Guide for installing OpenVPN client

(taken from the FAQ by vpntunnel.se)

VPN Recommendations

Extra info about VPNs

List September 2010 - (Korben source)

http://itshidden.com - PPTP Vpn - 2 offers: Free and Premium ($ 12.99 / month - $ 24.99 / 3 months).

Regarding free: there are regular disconnections every 20 minutes, the P2P is legal but inconceivable. The charge: Premium offers including improved speed for downloading, a static IP and port forwarding. The two options both offer direct access to a VPN secure and anonymous. Servers in the Netherlands in particular.

http://www.bestfreevpn.com

http://www.cyberghostvpn.com - OpenVPN - Installing a software house - 1 GB / month - off after 6h (reconnection possible) - no guarantee of flow

http://www.peer2me.com - PPTP - Provides free and unlimited. French company banned = P2P in France. You can create a private community to share your data.

http://www.hotspotshield.com/ - Software - U.S. servers, adds advertising on web pages. Firefox with adblock and found no ads. Note that you can use it with the public HotSpots New / SFR WiFi.

http://www.ultravpn.fr/ Openvpn - Vpn free. - Server Lynanda France, the United States. P2P forbidden on this vpn.

http://www.hideipvpn.com/ Hide - PPTP - VPN offering 100 free accounts beginning of each month. The paid version allows you to connect to openvpn. P2p is not allowed with this vpn.

http://www.janusvm.com/ - JanusVM VPN Free (open source) and free. - Using VMware virtual machine and based on OpenVPN, Squid, Privoxy and TOR. An old but useful tutorial incompleted is available in French. - A VPN Hardware JanusPA called hardware-based brand Yoggie is also since 2009. P2P forbidden because of the philosophy TOR.

Payable VPNs:

http://www.vpnfacile.fr - VPN - Site in French, without limits or quotas. The web's cheapest (and en) 5 € / month maximum, minimum flow guaranteed 5mb / s! 2048bits encryption and support very responsive!

http://proxydaddy.net - OpenVPN / PPTP - quick access without limitations Europe and USA. Site and support in French and English.

∗ https: / / www.change-my-ip.com - OpenVPN, and PPTP VPN SSTP - From 5 € / month. Servers in the Netherlands, USA and UK. Support and French site. No logs, speed and unlimited tranfer.

https://www.anti-hadopi.com - OpenVPN / PPTP / Routers - Website in french, no speed limits or transfer. The network is fast (the site a bit slow but certainly housed outside U.S.), IP access with Europe or USA for € 4.99 per month. Just the logo on the page worth visiting. Staff nice.

http://s6n.org/arethusa/fr.html - OpenVPN Established by an association campaigning for freedom of expression.

http://xangovpn.com/ - OpenVPN, 4.90 € per month with no speed limit, server in the Netherlands, no logs, SSL key-1024, open enrollment. XangoVPN supports Quadrature du Net qu'FDN well.

http://fvpn.fr/ - OpenVPN, from € 1.35 per week with no speed limit, server in France, 4 ip changeable 24/24, private VPN creates for French, 2048 and encryption keys with AES-256.Inscriptions still open.

http://www.hidemynet.com/ - OpenVPN, L2TP and PPTP VPN using OpenVPN-AS - $ 5 per month is about 3.50 €. Servers in Germany, United Kingdom, Netherlands and USA ∗ https://www.ananoos.com/ - OpenVPN - from € 4.58 per month, registration reopened!

http://ipjetable.net/ - PPTP Vpn - 15 € per quarter, closed Beta invitations.

https://ConnectionVPN.com / en - OpenVPN - Site in French - about 4 € and 5 € per month, unlimited traffic and speed, Key of 2048 bits, a company registered in Greece, servers in Luxembourg, the Netherlands ...

http://www.psilo.fr/ - OpenVPN - 4.50 € per month, servers outside of France (Europe or USA, your choice), P2P servers allowed on Europe, AES-256 encryption, open enrollment.

http://www.IdealVPN.com/ - Site in French - PPTP Vpn - 4.90 € per month, unlimited volume and speed, open enrollment. Quality service for a small price. Servers in the Netherlands, Germany ...

http://www.tonvpn.com - Site in French. SOCKS, PPTP VPN, OpenVPN - 4 to 13 € per month Discount over time. Allopass possible! Speed and unlimited traffic. Free trial of 3 days. Servers in France, Slovenia, Luxembourg, Bulgaria.

∗ https:// www.ipredator.se/ - PPTP Vpn - 149kr or 14.9 € for 3 months, open enrollment. Uses the network Relakks Sweden.

https://www.relakks.com/?lang=en - PPTP Vpn - 149 SEK (about 15 €) per quarter, and 449 SEK (about 45 €) per year. Servers in Sweden.

http://www.anonine.com/ - PPTP VPN, 40Kr or 4 € per month with no log and no speed limit, server in Sweden.

Registration open.

http://www.blackvpn.com/ - Vpn unlimited speed available with openvpn or pptp server choice in europe or the usa for 5 € a month or two for 10 € a month, entries open ..

http://www.mullvad.net - OpenVPN - 5 € / month with 50 GB of traffic - Free Trial 3h - Company in Sweden, servers in the Netherlands in particular - Redirection of a port.

http://unblockvpn.com - PPTP Vpn - $ 5 per month but only 2GB per day guaranteed.

http://www.vpnboy.com - PPTP Vpn - $ 5 per month or about 3.5 € - Reviews free 7d.

http://www.torrentfreedom.com/ - VPN is the only specially configured for P2P applications - and BitTorrent in particular. OpenVPN on all accounts and subscribers can use both public and private trackers. 2048bit key that changes automatically every 20 minutes. $ 17 per month ∗ http://www.perfect-privacy.com - $ 24.95 per month with an additional setup fee of $ 10. The VPN also offers solutions with keys of 4096 bits: PPTP, OpenVPN, 4096 bit SSH-2, 4096-bit SSL / TLS, Squid Proxy, CGI Proxies, Servers and more ... all over the world. In the peak of the servers (usually between 7am and 11am)

subscribers are "encouraged" not to exceed 100GB per month. The rest of the time no limits. Anonymous payments possible (Liberty Reserve, Web Money, Cash ... and PaySafeCard).

http://vpngates.com - $ 15/month. No setup fees. PPTP, L2TP IPSec VPN services.

http://www.linkideo.com - PPTP - From 2 € to 10 € / month depending on connection speed and getting or not to open ports. Support friendly and responsive enough. Servers in the U.S., France, the Netherlands.

http://www.flashvpn.com - Starting from $ 5/month for VPNs, and $ 8 for OpenVPN. Found in the forums of people screaming for the scam that VPN (payment and no account), so caution.

http://www.purevpn.com - PPTP and L2TP/IPSec VPN. From $ 6 per month. Servers in the U.S., Britain, Germany and Canada. Dedicated IP VPN for $ 15/month. "There are no limits to our VPN service. However, we do not recommend using it for torrents and p2p in violation of copyright. "According to the administrator. Is it to cover themselves or to protect its bandwidth ...

http://www.securenetics.com - From $ 9.49 per month to $ 39.45. Opportunity also to use the proxy only for $

5.49 per month. A choice between the Secure Anonymous OpenSSH Proxy, OpenVPN, PPTP VPN, Socks Proxy, or HTTP proxy servers. An industry first to offer this variety of options. Free anonymous email included in all accounts. Servers in the U.S., Britain, Canada, Germany, Netherlands, Malaysia. Anonymous payments by Liberty Reserve, Pecunix, and PaySafeCard.

http://vpnprivacy.com/ - PPPTP Vpn - $ 15/month, $ 5 for a week. Gladly accepts P2P (the owner says). Servers in the U.S. and Canada.

http://www.smallvpn.com - From $ 19.95/month to $ 34.95 depending on the OpenVPN server (2048 bits) ∗ http://www.lamnia.co.uk/ * - From £ 6.5 per month. Servers in the U.S., Britain and Canada.

http://vpnpronet.com/ - A nice selection of alternatives. Per month, $ 8, there is a good classic. At the time (10h, 20h etc. ..) handy when you will spend the weekend with friends and we do not want "" rot "their IP. Or as the limit of the bandwidth required

∗ https: / / www.cryptocloud.com/ - $ 17/month. 2048bit key. Very reliable (a disconnection in six months). About once a week, your server output changes (transparently) so that your IP changes and it is also extra security. It's not always easy to install OpenVPN client type. This provides a vpn setup very simple, just enter the username and password. This vpn is very committed to the freedom of the internet worldwide. He collaborates with the Electronic Frontier Foundation and opened free accounts for militants threatened in their country. If you fear a VPN keeps your logs, this one is one of the safest.

http://www.bananavpn.info - PPTP and L2TP/IPSec Vpn - $ 15/month, $ 60 per semester. Servers in the U.S., Britain and Germany. "P2P and Other Illegal use it Not Allowed. Filesharing ports, protocols and sites are blocked.

"Says the site in red.

http://ivacy.com/ * - Price: 10 € / month, 25 € / 3 months, € 0.5 / 1Gb, 100 Mb free for testing - Payments: Paypal, Visa, MasterCard, Ukash - Connection: OpenVPN, PPTP, IPsec - Encryption: MPPE PPTP 128, IPSec ESP 3DES, AES-256 Firefox Extension, OpenVPN 2048bits RSA for authentication and Blowfish 128 for the data - Servers: Great Britain, Russia, United States (down at the moment, seems Is it because of the DMCA notices ...) - P2P: Port forward from 5 random ports, TCP and UDP-Bonus: Firefox Extension, usenet server, internal ivacy sites, utilities ivacy.

http://www.drakker.com/ * - Price: 25 € / year, 1 week free evaluation - Data encryption via VPN to 1024 bits certificates exchanged are unique to each user. Changing the IP address: IP address is replaced by that of Drakker servers. Servers in Great Britain, Netherlands, Sweden, Canada. Confidentiality: The network collects and Drakker do not have any data about its users. Portability: it takes is a username / password to use his account Drakker

worldwide. The network Drakker promotes freedom of expression and press freedom worldwide. He is a partner of Amnesty International, Reporters without Borders, and the project 'Enough' for Africa.

http://www.yourprivatevpn.com - PPTP. Site in French, Price: 6 to 15 € per month free trial. Servers in Great Britain, Netherlands, United States. Changeable servers at each connection. Ideal for sites like hulu.com geo-limits, BBC iPlayer. Very reliable and has great speed.

Proxies

You may use them in conjunction with a VPN. They're absolutely not secure for sensitive stuff (as the Sarah Palin Email break-in shows), so just use them for spamming or something.

http://www.freeproxies.orghttp://www.socks24.orghttp://www.samair.ru/proxy

I2P - Anonymizing Network

More info: I2P

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

Many applications are available that interface with I2P, including mail, p2p, IRC chat, instant messaging and others. All anonymous.

Make sure you start by launching I2P with the I2P Launcher button in the portable apps tray icon.

You can then use the integrated PChat client, it automaticaly connects to the I2P IRC server anonymously.

Join #anonops for to keep track of Anonymous activity. Many Operation channels are relayed between I2P and anonops.ru.

Enjoy your anonymity and privacy!

Websites

IRC with I2P

  • irc://127.0.0.1:6668
  • Channels: #anonops , #opegypt , #opitaly, #opmesh
  • Sites: (currently all down) anonops.i2p qr.i2p
  • Telecomix IRC allows i2p tunnel

For more and active I2P sites visit

The ports I2P is using

I2P installation and running on Linux

  • Download and extract the installation files, no need for separate install (such as apt-get install).

  • Run the router from /i2p folder with sudo sh i2prouter start. In seconds, I2P should open

a Konqueror-browser page of I2P-main console.

  • Configure your bandwith settings. You might also consider opening some ports on your firewall for

optimising the use of your bandwith.

Portable I2P (windows only)

contains I2P, several plugins (email, torrentclient), preconfigured browser, preconfigured IRC client and messenger.

Before you can use anything on I2P, you have to start the I2P router from the portableapps tray icon-menu

with the button I2P Launcher.

Anonymous surfing with I2P

  • Go to your browser options/preferences (depending on your browser) -> network/connection settings

  • Select manual proxy configuration

  • In http insert 127.0.0.1 , for port insert 4444

  • In https insert 127.0.0.1, for port insert 4445

Make sure that you have No proxy for as localhost, 127.0.0.1 so you'll be able to reach your I2P configuration page. To test your anonymity, go eg. to: cmyip.com.

Tor Onion Router

Basic Rule: Tor does not encrypt the data you send. It just hides your IP by means of cascaded Proxies. Just installing Tor does not mean you're safe. For example, if you use Tor and log in to your real-life-email-account, you're doomed.

Download Tor

Download Torbutton for Firefox (enable or disable the browser's use of Tor)

Anonymous provides so called Care Packages. It contains Tor as well as a bunch of other usefull things. If you cannot access the Torproject website, you may ask in the IRC channels for the Care Package.

How to IRC

Basic Rule: Use SSL Port (in this case 6697). Always. Use #vhost. Always. IRC is public, if don't want an information to be spread in public, don't give this information in the first place. Ignore trolls. Always.

What is IRC? IRC is a free chat program that people around the world can use to communicate. It features multiple rooms for different chat topics, and private messaging between users.

When you join the Anonymous IRC network, do so only via SSL (point you IRC client to port 6697). Port 6697 is an unusual SSL port, just checking the Always use SSL box will not function. By connecting to SSL-Port 6697 your IRC-Client may give you a warning, because the SSL-Certificate is self-signed. That is OK, it simply means that it hadn't yet been registered to the VeriSign company.

After connection you register you nickname by using a fake email adress, then you /join #vhost and AFTER that procedure you join the channels.

Basic list of IRC Commands

  • /join #channelname

Joins #channel

  • /part

Parts active #channel

  • /query nick

Opens private conversation with nick

  • /msg nick

Sends to nick

  • /whois nick

Displays info on nick

  • /msg nickserv identify

Identifys your nick

  • /ignore

to ignore a troll

  • /topic

to see the topic of a channel

  • /list

to see a listing of available channels

Extended commands

Where to find current IRC information incase you can't connect

Security

  • Use SSL to connect to the IRC. Server port is 6697.
  • Use VPN software, or accounts to hide your IP. IRC servers are pretty secured, but not invulnerable.
    • Tor software is NOT an option (It's banned in the network due to malicious abuse).

Extra security consists in getting a vhost (Virtual Host)

  • Register your nick:

    /msg nickserv register password fake@email.com

  • /join #vhost

  • when in #vhost type: !vhost any.fake.host

IRC-Clients

Mac

Download Colloquy from one of these:

Get a webproxy, one of these. Make sure you connect with SSL. ("ipadress:port")

Usage

  • Start Colloquy

  • Click on New

  • Enter a Nickname (not your real name)

  • Enter a Chat Server, for our purpose, irc.anonops.ru.

  • Click on Details

  • Select the Secure Web proxy and check the SSL option, use port 6697

  • Don't put your real name in either User/Real Name. Invent something.

  • If you want, click: Remember Connection

  • Hit Connect

  • Click Join Room and enter the Chat Room #tunisia, for example.

  • Or, one of these: #opTunisia #LobbyView Macintosh instructions below.

Xchat (Linux Gnome)

Usage

  • Start X-Chat

  • Click Add button on the network list, and rename to whatever you choose.

  • Click the Edit button with new network selected, change the server entry from

newserver/6667, to irc.anonops.ru/6697 (or use one of the newer domains found from links

below).

  • Then select the two check boxes that say Use SSL for all servers on this network and

Accept invalid SSL certificate.

Click Close, then Connect http://konversation.kde.org

Konversation (Linux KDE)

  • Debian/Ubuntu/Knoppix. . : sudo apt-get install konversation

Usage similar to X-Chat

Windows

X-Chat2

XChat

Mirc

Usage

(x86)\mIRC ) or in the Windows System folder (typically C:\Windows\System32).

  • By running mIRC it should find and use the OpenSSL library automatically. To confirm whether

mIRC has loaded the OpenSSL library, you open the Options dialog and look in the

Connect/Options section to see if the SSL button is enabled.

  • Type /server irc.anonops.ru:6697

Webbased

http://01.chat.mibbit.com

  • In the mibbit page, click on server, and enter in the box:

webirc.anonops.ru:+6697

  • How do I know if it is working? Just do /whois your_nick and it should inform you that you are using a secure connection.

http://www.anonops.ru

  • click Chans

How to Vhost

On the anon IRC servers you can ask for a Vhost. This will ensure that you are anonymous on the irc

network. By default you will have a host based from you ISP, something like this:

mynick@theservicefrom.125.comcast.suck.net or a hash if you've logged in by SSL:

mynick@6969E1A1T1COCK152.69.IP.

After setting a desired vhost you could be identified as: mynick@myvhostRocks.org.

  1. You must own a registered nick to get a vhost.

    /msg nickserv register password fake@email.com

Explanation: This will tell the register service to reserve your nickname for later use

  1. You must identify on that nickname to get it working.

    /msg nickserv identify password.

Explanation: Once you do this step you are ready to set up a vhost.

  • Output: services.anonops.net sets mode +r Yournick

Explanation: The +r flag states a given nick is effectively registered and identified.

  1. Join the #vhost channel in order to get the vhost working.

    !vhost fake.host.here

Explanation: After you apply for a vhost, the service will ban your nick from that channel for a

given ammount of time. Reasons are many. Lurkers can get real ip's from people. Switching vhosts

each 2 seconds might lag the server, and so on.

  1. Eventually you can directly ask for the vhost via command without getting in the specific channel.

    /hs request vhost@hosthere

Explanation: this will avoid getting into the specific channel. But is not enough to get it working.

The vhost@ part is optional, the important part is the hosthere part.

Considering the previous explanation, use the following: /hs request hosthere

/hs on

Explanation: This will effectively activate the vhost.

Vhost Trouble Shooting

Q: I have registered my vhost, but once I log in it doesnt activate.

A: Have you identified with your nick? You will only get your regular vhost back once

your nick

is correctly identified, redo step 2.

Q: I just changed my vhost but it wont apply, why?

A: You need to update your status, in order to make it fully working. Use this:

/msg nickserv update
  • Output: HostServ- Your vhost of hosthere is now activated.

  • Output: NickServ- Status updated (memos, vhost, chmodes, flags

Once you do that, you normally should have a fully functional vhost.

Analyzing your Interwebz

Glasnost: Bringing Transparency to the Internet

„ISPs are increasingly deploying a variety of middleboxes (e.g., firewalls, traffic shapers, censors, and redirectors) to monitor and to manipulate the performance of user applications.“

GTNOISE Network Access Neutrality Project

„NANO identifies performance degradations that result from network neutrality violation by an Internet

service provider (ISP), such as, differential treatment of specific classes of applications, users, or

destinations by the ISP.“

The ICSI Netalyzer

„What's up with my network? Some services seem broken? Things are very slow? Is there something

wrong?“

What your browser reveals

„BrowserSpy.dk is the place where you can see just how much information your browser reveals about you

and your system.“

How unique and trackable is your browser?

„Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits“

Is this website censored?

„Have you ever come across a web site that you could not access and wondered, "Am I the only one?"

Herdict Web aggregates reports of inaccessible sites“

General Browsing Safety

Basic Rule: Always browse in "Private Mode" so that fewer traces of your web history remain on your HDD. Opera, Chrome, Firefox, Safari, and Internet Explorer all include a form of Private Browsing.

Using a free VPN will ensure your privacy in most situations online. If possible, use USB drives. You can nuke them if needed and if leaves no traces on your harddrive.

Use a different VPN for each of your online personas. When checking real email accounts, FaceBook, use a different VPN than from the one you use for Anonymous activities.

Recycle your online accounts as needed. A virtual name is just that, something people use to refer to you in given situations.

When creating accounts, use VPN or TOR bundle, that will give a bogus origin as well and make use of then Throw-away-emails.

Useful (mandatory) plugins/extensions for Firefox

  • BetterPrivacy (Removes persistent cookies from flash stuff >> *.sol)
  • NoScript (blocks Javascript)
  • AdBlock Plus (blocks Ads) (Subscribe to Easylist and Fanboy's List)
  • Element Hider for Adblock Plus
  • Ghostery (tracking pixels)
  • TACO (More adblocking)
  • Redirect Controller
  • Refcontrol
  • WorldIP (know your country, know your rights)
  • Flagfox (tells you the country of the IP, don't use on Tor)
  • GoogleSharing (GoogleProxy, i use it because Google is censored where i live, anonymizes the search) - Scroogle.org is also a very viable (and worthwhile) alternative
  • User Agent Switcher: Sends bogus browser identity to servers.
  • Optimize google: Allows to block loads of scum google uses to track searchs.
  • Outernet explorer (MacOS) : Searches for a whole pile of shit on the net every 10 seconds or so, ensures anyone tapping packets will have a hell of a time.
  • https://www.eff.org/https-everywhere: automatically loads https on a site if avaliable.
  • Scroogle SSL search (Google anonymously): https://ssl.scroogle.org

Bibliotheca Anonoma

Note: This wiki has moved to a new website. Please update your links.

Stories

Check the Workroom for content we're still reviewing.

Art

History

Books

Collections

Website Archives

Encyclopedia

Clone this wiki locally
You can’t perform that action at this time.