Hadopi Acta: laws that monitor Internet
multiply. Instructions for the use of non-geeks to use the web without leaving
a trace.
A hooded man
Surfing the Internet is like jumping with
both feet into the fresh concrete: it leaves traces (almost) everywhere
indelible. It is also said that Bruce Schneier, security expert:
"If you think technology can solve
your security problems, then you do not understand the issues or technology.’
The computer and particularly the Internet,
is a great way to freedom of expression, but also a machine to be monitored.
Or, browse anonymously may be desirable for many reasons, not just for the
paranoid. It may be necessary to want to be anonymous on the Internet at some
point in his life. List is not exhaustive and not exclusive:
flicage escape from his boss;
Avoid the prying eyes of his wife / her
husband;
Thwart surveillance by the authorities
(this only applies if you live in an authoritarian country, of course), as do
many dissidents, Belarus to Syria;
Prevent large companies - preferably
American - to collect a wealth of personal data;
Protect his work or sources (if you're a
journalist or activist).
Strengthen its anonymity on the Internet,
this is not a "geek thing" is often said that the solution (or
problem) is between the chair and the keyboard.
It can be very simple and always free to
protect their privacy and surf anonymously on the Internet. The following
solutions are not applied to "block", but more of a catalog in which
draw according to his needs.
1
Browser
History
It is sometimes as simple as that. Most
browsers store all the pages that you visit. Many indiscretions on your online
activities for those who have access to your computer (boss, spouse (s) ...).
Available in the options or by typing Ctrl
(Command) + H on most browsers, it is also possible to delete the history with
Ctrl (Command) + Shift + Delete.
Cookies
These are small files created by certain
websites you visit and are stored in your browser. They swarm (among others)
personal details: some store the username and password (so you do not have to
re-enter), others store a shopping cart on an e-commerce site.
They are all your tracks and crossings on
the web. It is possible to disable or remove them (via the menu
"Preferences" on your browser).
Most modern browsers have a feature that
allows you to navigate without a trace (history and cookies). But beware, this
connection method has no impact on your software for sending e-mail or instant
messaging, only the history and cookies from your browser.
2
Connection
To view a web page, the HTTP protocol is
most often used (yes, the one which is in your address bar): data exchanged
with this protocol are not encrypted.
Sometimes, especially on commerce sites
online, an "s" is added to "http" in the address bar. This
means that communication between your computer and the website is encrypted, so
much more secure.
But to avoid his identity compromised on
the Internet, this precaution should not be confined to business services
online. In 2010, a developer was developing a small program that could add to
the Firefox browser, which allowed for example, particularly via the WiFi
network, steal Facebook or Twitter IDs of those who were connecting to the
network.
A simple precaution to avoid such mishaps,
installing the Firefox extension "HTTPS Everywhere", which is aptly
named: it forces all sites to communicate with your computer in encrypted form.
A good way to prevent prying eyes knows what you're doing with your connection.
Note that some sites do not allow a secure connection (check if the presence of
a small padlock in the address bar or one of he’s after 'http').
However, the safety of navigation lies in
HTTPS certificates that authenticate sites using this technology. These
certificates are increasingly stolen and forged, even pushing to change the
WikiLeaks submission system of its confidential documents.
3
IP
The IP address is a central element to
understand in order to be discreet on the Internet.
It's a little identity card of your
Internet connection (which means that several computers that share the same
connection have the same IP) all sites or services you visit keep track of your
connection (or more less long according to the laws of the country where they
are located) - the 'logs': it is possible to know who is connected, where and
when.
When you leave a comment or post a photo
online, the IP address is 'stored'. Providers are generally able to make the
connection between an IP address and a real identity (in the U.S., the
retention period 'logs are usually one year).
Fortunately, several solutions exist to be
discreet.
The proxy
A proxy is a computer which will pass your
connection to hide your IP address.
Reporters without Borders, in its guide to
blogging anonymously, explain (through the example of Sarah, a servant who
wants to expose through his boss using a proxy):
'Instead of connecting directly to
Hotmail.com, it connects to the proxy, which in turn connects to Hotmail. When
Hotmail sends a page, it is initially received by the proxy server, which sends
back. '
This is the IP address of the proxy, and
not that of the computer that is strewn everywhere on the Internet.
The proxy has four problems:
It is the proxy that stores IP addresses:
this is not without problems;
A proxy parameter directly from the web
browser or applications (e-mail, instant messaging ...): these do not provide
all this functionality (it is possible to force them to do so);
Navigation becomes slower, since the
connection is constantly going back and forth;
Communications with the proxy are generally
not encrypted.
A list of proxies (as well as how to
install) is available on this collaborative platform.
The Tor network
Tor is a network of multiple nodes (or
layers, hence its name, which means 'onion' in English). A computer that
connects to access the Internet (websites, as well as messaging, emails ...)
through a 'path' route randomly in these nodes: it cannot know where the
connection - encrypted, although course - comes or what it contains.
This system is often used by dissidents in
countries where Internet is monitored.
Flowsheet Tor (Torproject / CC)
Tor is in the form of software quite easy
to install. It is widely used in authoritarian countries, was even funded by
the U.S. government and has been used by WikiLeaks. Problems:
Using navigation software is sometimes
slow;
Security of Tor is not complete, and faults
were discovered.
4
Cryptography
Until the end of the 90s, cryptographic
software were seen as a weapon of war, and therefore subject to strict
regulation.
Since anyone can encrypt its communications
(e-mail, chat, or even its files and entire hard drive).
Several solutions exist to encrypt
communications.
IM
Many 'plugins' (small modules are added to
software) says OTR ('off the record') let you enable encryption of
communications.
Some software on which this feature can be
enabled: Adium, Pidgin, Miranda ...
E-mail
The e-mails are often monitored. Same as
instant messaging: plugins can be enabled on many programs, including the
famous Thunderbird.
Most of the time, the PGP is used and
provides the quality / usability most interesting.
Files
Software TrueCrypt to encrypt a file
easily, folder or even his entire hard drive.
This is often the AES algorithm, approved
by the NSA (an intelligence service in the United States) for encrypting
information top secret U.S. government is used. Officially, we are just
beginning to find flaws in this algorithm, deemed inviolable.
5
Various precautions
Operating system on USB ultra discreet
It is possible to use a computer without
leaving any trace. Tails is a variant of the Linux operating system, which
combines the tools mentioned above to encrypt e-mails and surf the Internetanonymously.
It starts very easily from a CD or USB
stick, without leaving any trace of his passage on the computer used.
Free Software
Generally, to strengthen its
confidentiality, it is advisable to focus on free software. Source code is
available and modifiable wish: tens of thousands of programmers who are the 'open
source community' have dissected and analyzed most of this software.
There is therefore much less likely that
these programs contain features' malicious' as' backdoors that could threaten
the security or anonymity. In contrast, only companies that have developed
software called owners' access to the source code of these.
Framasoft site maintains a list of over
1500 free software.
Paid services and cloud computing
For purposes of anonymity, it is obviously
necessary to avoid all the services that require bank details. Problem: many
free services (like Gmail or Facebook) are subject to U.S. law (including its
Patriot Act), and can be fed on demand justice, to transmit personal data (like
Google, that communicates a lot about this issue).
Many paid services are services of cloud
computing - a buzzword. These techniques, which include host and process data
online rather than on your own computer (Gmail or Google Docs includes, for
example) are obviously used with caution.
Data 'in the cloud' does not belong to you
more fully, and you do not have full control over who does what and are not
immune to a bug or negligence.
Multiple digital identities
Another precaution, if you use many
different services, is to use a large number of aliases and different email
addresses in order to make more complicated the intersection between databases
and compromise anonymity.
Metadata
Details contained in Word, PDF, Excel or
images may compromise the identity of the creator of the document or its
issuer.
This is called 'metadata': these can
indicate which computer created the document, what software was used, or is its
owner! There are ways to delete [PDF] little discrete data.
Impossible to be completely anonymous
These precautions may seem unnecessary.
However, threats to the freedoms of Internet users have multiplied:
WikiLeaks has revealed the ability of some
firms to monitor Internet across an entire country;
And initiatives such as Acta Hadopi and
increase monitoring of state and corporate users.
Despite all these techniques, anonymity and
security generally are not absolute concepts: it is impossible to be completely
anonymous on the Internet, as noted by the journalist Jean-Marc Manach:
"Security is a process, not a product,
and nothing is worse than a false sense of security created by an accumulation
of things, or because they bought a particular 'product' or security
software."