Protecting Your Privacy Online, Anonymously

By Sean Kerner
published

While the Internet is not anonymous, with a little help you can make yourself less obvious and hidden from public view.

Anonymizer

Anonymizer

The Anonymizer software product is one of the best-known Web solutions in this space. Over the years, it has morphed from a simple online-only service that lets users type in an address they wanted to visit anonymously to a full desktop suite. The full Anonymizer suite includes anonymous Web surfing, spyware scanning, anonymous email addresses and spam protection. For the purposes of this review, we’re primarily concerned with just the anonymous Web surfing application called Anonymous Surfing.

Installing Anonymizer’s anonymous Web surfing application is relatively easy and painless. Anonymizer has a free seven-day trial, which installed without incident for our evaluation and was up and running within minutes without the need to reboot the PC. The trial also includes Anonymizer Spyware scanner, digital shredder cookie/cache cleaner and the Nyms anonymous email service. You don’t need to actually run all of them, and in our test, we actually just installed the Web surfing component which provides a great deal of functionality on its own.

Anonymizer: Anonymous Surfing main dashboard

Anonymizer: Anonymous Surfing main dashboard

Anonymizer : Anonymous Surfing main dashboard

A main feature of the anonymous surfing application is the ability to mask your IP address. Anonymizer really makes this easy to control with a simple On/Off button setup. They also clearly show you what your actual IP address is and then show what your “anonymized” IP address is without having to activate the service.

You don’t get a choice of what the new IP address will be with Anonymizer ; it’s changed automatically by Anonymizer every 24 hours. You also cannot choose geography either, so your new IP will always be located in the United States.

Beyond just providing you with a different IP address, Anonymizer also offers a check box where you can filter the sites you browse for malicious content. There is also an option to have the connection SSL encrypted, which provides another degree of security as it encrypts your traffic between your location and the proxy server.

By virtue of having the traffic SSL encrypted, Anonymizer also claims that it offers Wi-Fi security since all your traffic is encrypted and not open for prying eyes to look at. As an added bonus, all the sites that you visit while surfing when Anonymizer is activated are also validated against phishing (fake address sites) and pharming (where the DNS is pointing you to the wrong site) as well. The phishing, pharming, SSL protection and malicious Website protection service are all part of the core Anonymous Web Surfing application, so no need to buy anything else to get those features.

While it’s great that Anonymizer clearly communicates the address of what it calls your “anonymous” IP address, it’s always a good idea to check and see if that’s how others actually see it. Among the most basic ways of testing Anonymizer’s IP address claims is by visiting a site like WhatIsMyIp.com or Ipexposed.com where your public IP address is displayed. With Anonymizer there was no incident ; the IP address the program claimed it was providing was the one that others saw too.

Not all proxies are anonymous though, and there are a number of ways by which a site can detect whether or not you are using a proxy (and then potentially block you). As such, it’s also a good idea to use a form of a ProxyJudge script that tests the information sent from your local PC in the HTTP header information in order to validate whether or not you actually are anonymous (or just seen to be using a proxy).

For this review we opted for a free online ProxyJudge script at : http://www.proxyserverprivacy.com/adv-free-proxy-detector.shtml to validate the various services. In the case of Anonymizer, the result was that no proxy was detected at all - which is result you want to see. It means that from the outside world’s point of view you are who you say you are and there is no obvious reason to suspect otherwise.

Now to be fair, there are other mechanisms by which your real IP could perhaps be discovered including a rogue JavaScript or flash file. Anonymizer does not offer the option of blocking those types of files in the dashboard, but as a user, it’s something that you might want to consider doing on your own in your own local browser.

The other issue to consider is speed. In limited testing we found that using Anonymizer resulted in a bandwidth speed decrease ranging from 25% to 50% (using third-party speed test tools at Broadbandreports.com and Whatismyip.com). In general, most of the anonymous-IP services we tested had some performance hit over running a naked (“non-anonymized”) connection.

Sean Kerner
7 Comments Comment from the forums
  • I found using a product like SafeSpace much better for protecting my privacy and it prevents malware infection too. Kinda two birds with one stone so to speak.
    Reply
  • Fbender
    You forgot to mention email privacy like Mailinator !!! (which I just used to sign up for this tom's acct (but had to use an alternate domain :) - you guys write about privacy but don't believe in allowing it?))
    Reply
  • bberson
    I think this proxy stuff is over-rated and the concept of privacy is distorted. There are plenty of ways to toss your privacy out the window on the Internet and your IP address is at the very bottom of that list. And if you really need to hide your IP then (a) I can't help but wonder about the legality or propriety of what you're up to, (b) your first inquiry should be whether your anonymizing service is subpoena-proof. Many are not. The Tor network is interesting in this respect, since if nothing else it substantially complicates inquiry efforts.

    Let's separate fact from fiction and potential from practice...

    Is your IP anonymous? Mostly, unless you have your own assigned address space (I do) or you're doing your surfing from a business or enterprise that has its own assigned address space. Finding out who is behind an ISP's dynamically assigned IP takes a letter from an attorney. Hardly an automated process.

    Can your IP address reveal your geographic location? Yes, but only roughly. It will not reveal your address. At best it will reveal your town and in some cases, even that may be somewhat inaccurate depending on how your service is provisioned.

    On the other hand if you fake your IP, any web site that uses geolocation services to target advertising, will offer you ads that are irrelevant. I'm on the fence with this. Which is worse? Relevant ads or irrelevant ads? Those of us who are experienced pretty much ignore all ads anyway.

    Can your IP address be used to track you? Absolutely not. I can walk out the door right now and although I'll have to stop typing, I can guarantee you that nothing about my IP address will have given away the fact that I went to get a bottle of Coca-Cola from across the street.

    Can your IP address be used to track your activities? Yes, to a limited extent, but due to the prevalence of dynamic IP addressing and the number of proxy -based systems (frequently used more for security in large companies than for privacy), generally nobody bothers. Cookies are a more reliable way to associate a person (or at least a computer) with their browsing habits. But for that to happen successfully some cooperation is required among the sites that place those cookies on your computer. Don't even get me started about cookies - another overblown source of panic.

    SSL proxy connections. All very well and good for keeping prying eyes out of your local data stream but useless once the data leaves the proxy and finds its way to the web server. So at least it'll keep your ISP and your neighbor's young hacker kid off your bits 'n bytes.

    Some of the other options really slay me. Why block info about your OS and your browser version? Seriously! And why strip HTTP Referer header info? A lot of this is used to help improve the web browsing experience for a viewer and in the case of referers, helps protect the site from abuse.

    There are some other interesting purposes for web proxies that aren't directly related to privacy, such as circumventing ridiculous limitations on certain web services. It might help with the quality of your search results during your stay in China, or help facilitate access to P2P applications that are blocked from USA IP addresses, or help travelers gain access to USA web services that block or offer reduced functionality to offshore IP addresses.

    A final note is that web browsing these days often involves a lot of extra plug-ins, multimedia widgets, peer to peer gadgets and so on. Not all of these blindly play along with proxy settings or proxy stacks. Some will do their own thing and some simply won't work at all. You'll have no idea if one of those pieces are dancing to their own beat until you run packet capturing software - a job not well-suited to those without propellor beanies. Those of us with the beanies know better than to care.
    Reply
  • Man, there are so many things wrong with the comment above..too lazy to list them personally. But he's obviously not up with current times on what you can do with an ip address.
    Reply
  • You can do whatever you like
    Reply
  • scout123
    IP Check makes anonymouse.org & Co look really naked

    The privacy test IP Check uncovers that web proxy providers like Anonymouse.org can indeed not provide any privacy protection. Any arbitrary website is able to circumvent web proxies and to uncover the user's IP address and browser data, which should be actually protected by the proxy.

    The respective security leaks are supposed to be present since up to 10 years in the code of these services. The question arised, whether anybody had seriously checked them for attacks before... You may find a demo of the numerous possible attacks here:

    http://anonymouse.org/cgi-bin/anon-www.cgi/http://ip-check.info/?lang=en

    In the following, you moreover find a detailed description of the tests:
    http://ip-check.info/description.php#WebProxyDeanonymization

    You find the main page of the IP Check itself here:
    http://ip-check.info?lang=en

    The question is: are web proxy providers intentionally deceiving their users regarding the security of their systems? Or do they simply lack the necessary competence in the area of IT security? Is it all about making money, or also about collecting detailed data about the users? In any case, it should be clear that the currently available web proxies are at the best suitable for the circumvention of Internet censorship, but in neither case for anonymous surfing.

    It is possible that the IP check wil be blocked by some web proxy providers because of this demonstration. This would not be astonishing, as there is even in theory no protection against some of the used leaks. Whoever wants to make himself convinced should therefore do it now, before censorship will take place. However, you might realize any censorship of the Ip check as a confession that the web proxy providers are helpless against the attacks that are shown.
    Reply
  • In a very short answer to Mr. I question the legality of what you're doing: stalkers. It's not what I'm doing, it's what I'm trying to avoid being done to me. I can move around, or I can move my IP around. Can someone tell I've stepped out for a Coke? No. Can someone sit on a corner, in the general area of the IP, waiting for the day I come by? Sounds stupid, yes? Ask law enforcement tasked with picking up the pieces when the stalker finds the stalked, even after very elaborate steps have been taken to protect the stalked. Stalkers are obsessed, and tracking an IP is only one of their tools. I choose not to give it to them.
    Reply