The Hebrew version of this article was published in the digital version of Haaretz newspaper.

Who needs to be anonymous in the Internet?
The Internet is not anonymous. In most cases, virtual users and their activities in the Internet can be identified and associated to their real identity. Usually it is not a problem for the average user but sometimes Internet users want to be anonymous. For example, a journalist that wants to communicate anonymously with his resources, users that want to bypass the censorship that their country impose on the Internet, intelligence organizations that want to participate in forums without revealing their real identity and a blogger that wants to post his content anonymously.

Suppose that you want to leave a comment in a news website. In order to add your comment, you are required to write your name, e-mail address and the comment. Since you don’t want that anyone will know that you are the one that left the comment, you use a fake name and a fake e-mail address and then you leave the comment.
Although you used fake details, can this comment lead back to you? can someone associate and prove that you (the real you) wrote this comment? did this popular “trick” of using fake details helps you to stay anonymous?

The simple answer is, NO. It will be “easy” to find out that you are the one that left the comment. The more general answer is NO, whatever similar trick you use to fake your real identity, you are not anonymous in the Internet and if this news website will really want to find your real identity, it is possible. And in most cases, with the help of the law authorities, it can be really easy to do so.

Anonymity in the physical world
Let’s leave for a moment the virtual world of the Internet, and give an example from the real (physical) world.
Alice, who lives in Dallas, Texas wants to send a package to Bob, who lives in New York, New York. Alice is going to her local post office in Dallas and is asking to send the package. She is filling in the sender address (for example, Alice, PO Box 1111, Dallas, TX) and the recipient address (for example, Bob, PO Box 2222, New York, NY) and then she sends the package.

The local post office sends the package to the post office in New York, who delivers the package to Bob’s PO Box. When Bob gets the package, he knows the sender’s address. Well, actually he knows the name, PO Box, city and state but not the real home address of Alice.

Suppose that for some reason, Bob wants to locate the real details and address of Alice. Bob can call the post office in Dallas and ask for the real details of Alice. He gives them her PO Box (1111) and since they know the real details of every person that purchases a PO Box, they can give Bob the answer. However, they won’t since they keep the privacy of their customers. But what if package contained a ticking bomb and the local police ask them to give the real details? or the government? as you can imagine, of course they will expose Alice’s real details.

Anonymity in the virtual world
Let’s go back to the virtual world.
On 1/1/11 at 11:11 Alice wants to leave a comment on Bob’s website. When Alice connects to the Internet, her ISP, Internet Service Provide (local post office) assigns her an IP address (for example, The IP address is like the PO Box from the physical world example. Bob also has his own IP address (for example, Now, every activity she is doing in the Internet will be identified by her IP address. When Alice is leaving a comment on Bob’s website, she is actually sending the comment from her IP address to Bob’s (from her PO Box to Bob’s).

Like in the physical world, it is possible to locate the real address of Alice based on the IP address that she used. The IP that was assigned to her by her ISP ( is registered on her ISP. Since this information is public on the Internet, anyone can find out the details of her ISP. For example, this website shows that my current IP address ( is registered on Bezeq International ISP in Israel.

Now, Bob can contact Alice’s ISP and ask them for the real details of the person that used IP address on 1/1/11 at 11:11. Every ISP is keeping logs of all the allocations that he made for his IP addresses, so Alice’s ISP can figure out easily that this IP address that was used at this date and time was assigned by him to Alice and since Alice is his customer he has her real details. As in the physical world, due to privacy issues the ISP won’t give these details to Bob but if the local police/governmental authorities will ask for the details the ISP is required to give them.

As we can see, both in the physical and in the virtual worlds, the anonymity of the sender is very limited. Now let’s see how we can improve the anonymity of our dear Alice.

How to be anonymous in the physical world
In order to dramatically improve her anonymity in the physical world, Alice will send her package to Bob using some people that will hopefully help her. Alice opens a global yellow pages directory and picks 3 random people, each one from a different continent. The first one, Frank from Paris, France (PO Box 3333). The second, Debbie from Melbourne, Australia (PO Box 4444). The third, Ali from Rabat, Morocco (PO Box 5555). Then, Alice will send her package to Frank, that will send it to Debbie, that will send it to Ali that will send it to the final destination, Bob. Each hop in this route knows only the address of the previous hop and the next hop and since the package is traveling around the world from one person to another, it will be harder to trace it back from the final destination (Bob) to the original sender (Alice). How is she going to do this:

Alice takes her package and writes Ali’s details (Ali, PO Box 5555, Rabat, Morocco) as the sender and Bob’s details (Bob, PO Box 2222, New York, New York) as the recipient. Then she takes the package and puts it inside a bigger package. She writes Debbie’s details (Debbie, PO Box 4444, Melbourne, Australia) as the sender of this bigger package and Ali’s details as the recipient of this package. Then she locks it with a combination lock, where only Ali knows how to open. Now Alice takes this (double) package and puts it inside a bigger package. She writes Frank’s details (Frank, PO Box 3333, Paris, France) as the sender of this package and Debbie’s details as the recipient. Then she locks it with a new combination lock, where only Debbie knows how to open. Last, Alice takes this (triple) package and put its inside a bigger package. This time she uses her details (Alice, PO Box 1111, Dallas, Texas) as the sender and Frank’s details as the recipient. Then she locks it with another combination lock, where only Frank knows how to open.

The following image illustrates how this multi-layers package looks like. Each layer has its own sender and recipient and its own lock:

Now Alice can send her multi-layer multi-lock package. The first recipient is Frank. Frank gets the package, unlocks it (only he has the right combination) and sees another package inside. He can’t open it (since it’s locked with Debbie’s combination) but he sees that destination of this package is Debbie. So he sends it to Debbie. Debbie gets it, unlocks it (only she can unlock) and sees another package inside. She can’t open it (locked with Ali’s combination) but she can see the next destination, Ali. So she sends it to Ali, who can unlock it (only he) and sees another package inside. This time he sees that the final destination is Bob and he sends him the last inner package. The reason Alice is using locks is to ensure that every middleman will be able to see only the next hop (middleman) on his route and not more than that. So Frank can see only the address of the next hop in his route (Debbie) but not the next next hop (Ali). This way, every middleman has only a partial knowledge of the whole route of middlemen.

Now suppose that Bob wants to trace back the original sender. He knows that the package came from Ali, so first he has to go to the post office of Ali in Morocco, show them the package and ask for the details of the one that sent this package to Ali. Even if they give it to him, Ali (and his post office) doesn’t know who was the original sender. He only knows that he got it from Debbie. So now Bob has to ask the post office in Australia to give him the details of the one that sent this package to Debbie. Again, even if he gets them, he still can’t locate the original sender of the package since Debbie only knows that she got it from Frank. So now Bob has to go to the post office in France and ask for the details of the one that sent this package to Frank. Only then he can trace back the original sender, Alice. Now Bob has to go to Alice’s post office in Texas and ask for her real details.

As you can see, in order to trace back to Alice, Bob (or the governmental authorities in his country), has to get help from the American authorities, the Moroccan authorities, the Australian authorities and the France authorities. This complex cooperation between several countries is time and resource consuming and involves diplomatic aspects as well and the chances for such cooperation are very very slim.

This multi-layer packaging and routing around the world dramatically increases the anonymity of Alice and in most of the cases (if the route and middlemen are chosen carefully) it will be almost impossible to trace the package from Bob back to Alice.
Back to the virtual world.

How to be anonymous in the virtual world
The idea that we described for the physical world is implemented in the virtual world by a system that is called TOR, The Onion Routing. TOR is a system that helps anyone to be anonymous in the Internet.
How does it work?
First, Alice has to install the TOR software on her computer. Then, when Alice wants to connect to the Internet, the TOR on her machine will pick up 3 random TOR relay machines (like Ali, Debbie and Frank from the physical world example). Relay machines are regular Internet users that for the sake of freedom volunteer to relay anonymous Internet activity between TOR users. Now, the TOR on Alice’s computer will take the comment that she wants to leave on Bob’s website, and it will wrap in layers as in the physical world example. In the virtual world, a package from the physical world is called a Packet. In the most inner layer, the packet has Ali’s IP ( address as the sender and Bob’s IP address ( as the recipient. In the next layer, the inner packet is wrapped inside another packet that has Debbie’s IP ( as the sender and Ali’s IP as the recipient. In the next layer, the previous packet is wrapped inside another packet that has Frank’s IP ( as the sender and Debbie’s IP as the recipient. And in the outer layer, the previous packet is wrapped inside an outer packet that has Alice’s IP ( as the sender and Frank’s as the recipient. In addition, as in the physical world example, each layer is encrypted (locked) and only the recipient of this layer can decrypt it. Since every recipient peels his layer (and only his layer), and delivers it to the next recipient, thus providing a multi-layer packeting, this concept is called Onion Routing.

For example, during my current anonymous browsing using the TOR, my real IP address (Bezeq International ISP in Israel) was changed to that is registered on Hetzner Online ISP in Germany. Therefore, from the virtual world point of view, I am in Germany with a German IP address from a German ISP and not in Israel.

So when Bob sees the comment, he thinks that Ali left it (since it is identified by Ali’s IP address as the sender). Now, if he wants to trace it back to the original sender, he has to go the ISP of the last sender (Ali), show them the packet and its details (Ali’s IP, time and date the packet was sent) and ask them for the IP address of the one that sent Ali this packet (Debbie, Once he gets it he has to do the same process with Debbie’s, Frank’s and Alice’s Internet service providers. So in order to trace back the details of Alice, Bob has to get the cooperation of the Internet Service Providers and the authorities of USA, Morocco, Australia and France. The chances for that to happen are very very slim and in many cases it is even impossible to trace back this route. Actually, tracing back this route in the virtual world can be significantly harder than in the physical world.

The following image shows how our anonymous messages traveled around the world between TOR relay machines.

Who is the owner of TOR?
The TOR project is maintained by a nonprofit organization, based in the USA. TOR is free and open source. It means that anyone can analyze the code and verify that there are no backdoors which compromise the anonymity and privacy of the user. TOR is using a network of more than 2,500 volunteers (relay servers) around the world, that relay the anonymous communication of TOR’s users. There are relay servers in Australia, Argentina, Belgium, Brazil, Canada, Germany, Denmark, France, Switzerland,  Algeria, Czech Republic, Egypt, Spain, Finland, UK, USA, Israel, India, Italy, Japan, Mexico, Latvia, Russia, Panama, Poland, Singapore, Slovenia, Turkey, Ukraine, South Africa, Vietnam, Venezuela and more and more.

Does TOR guarantee 100% anonymity?
No, nobody can guarantee 100% anonymity, however the process of tracing back a TOR route to the user’s computer is very complex and requires technological, governmental and diplomatic resources and cooperation between countries around the world. Therefore, TOR is probably your best way to stay anonymous in the Internet.

It is important to mention that in some cases, for example when there is an evidence of a terrorism activity, such cooperation between countries to locate the user that is using TOR is possible. There are also some documented attacks against the TOR network that try to compromise the anonymity of the users but still they are rare and complex.

How to browse anonymously using TOR?
The simplest way to use TOR is by using the TOR Browser Bundle that can be downloaded here, where you can also read the very simple instructions for using TOR. The TOR Browser Bundle is available for Windows, Mac, Linux and Android. It includes couple of software packages and a special version of Firefox browser. Once you download and extract the bundle, it will create a folder with several sub-folders. In the main folder you will find a file that is called “Start Tor Browser” (for Windows), or “start-tor-browser” (for Linux) or “” (for Mac). Before you run this file, close all the open browsers so you won’t get confused between the regular browser that you are using and the anonymous browser that TOR is using. Once you run this file, TOR will start running and when it will be ready for your anonymous browsing it will open its special version of Firefox. From now on (until you exit the browser), your browsing activity using this browser will be anonymous using the TOR network. Bear in mind that your browsing will be slower since every packet is encrypted and decrypted couple of times and it travels through several computers around the world. Well, this is the small price that you have to pay to be real anonymous in the Internet.


The Hebrew version of this article was published in the digital version of Haaretz newspaper.

You just got your new and shiny iPhone and you are ready to load it with the coolest apps. A minute before you use iTunes store to buy some apps, your friend is calling you.

You: “Hey dude, I’ve just got my iPhone and I’m on my way to iTunes to do some shopping”.
He: “Are you nuts??? Paying for apps???”
You: “Is there any other option?”
He: “Of course there is. You just have to jailbreak your iPhone”
You: “Jail? Break? What do you mean?”
He: “You let your iPhone out of Apple’s jail and then you can do whatever you like. Everything is accessible – the coolest games, the best apps, the most amazing wallpapers and themes – and you don’t have to go through iTunes anymore!”
You: “Wow, I’m going to jailbreak my iPhone!!!”

Credit: Vicky Woodward

What is jailbreak?
In the default configuration of every iPhone, a user can install apps (games, utilities, applications) only from Apple’s official app stores (like iTunes store).
Every app in iTunes store is reviewed and approved by Apple. This way, Apple can make sure that all the installed apps on iPhones (and iPods, iPads, Apple TVs) are harmless. They can make sure that no app in iTunes contains viruses, Trojans or other malware, for example. This is a strong security mechanism that protects the iPhone users.

However, it means that you can’t install apps that are not in Apple’s app store. Many apps are reviewed by Apple and disapproved for different reasons. Basically, every app that does not follow the policy of Apple is banned. For example, apps for donation of money to non-profit organizations are forbidden.
But still, how can you install such apps?
The answer is jailbreaking.

Jailbreak is the process of removing the builtin restrictions in iPhone that were imposed by Apple and giving a full control to the user. For example, the user can download and install any app, extension or theme he wants from non-Apple stores like Cydia store.
Developers of apps can bypass the policy of Apple for the development of apps, they can create almost any app they want and then distribute it through non-Apple stores, like Cydia.

We guess you got the idea – Apple puts restrictions on you iPhone, you can’t install whatever you want from wherever you want. Jailbreaking will set you free and now there are no restrictions on your iPhone anymore and you are free to install and run whatever you like.

What about unlocking your SIM-locked iPhone to use with another provider? Unlock software allow you to to use a SIM card from any provider but sometimes the unlock and jailbreak are bundled together so when you unlock your iPhone you also jailbreak it.

Is jailbreaking good or bad?
Actually we are not going to answer this question. It used to be illegal but not anymore (at least in the USA). Some are saying that after jailbreaking the iPhone, everything went much slower, the battery was exhausted quickly, the system became unstable and they could hardly operate it. Others say that it changed their life and now their iPhone can do amazing things.

So jailbreaking is legal, I can get tons of apps, I am the master of my iPhone – where is the problem?
The problem is, as usually in security issues, you – the human factor.
It is very easy to jailbreak an iPhone and you don’t really need to understand much about this process. Anyone can do it and it takes only couple of minutes. There are several methods for jailbreaking and you can find the popular ones easily.
And here is the catch – some methods for jailbreaking install a small software on your iPhone that is called SSH Service. This software gives you a way to communicate with your iPhone remotely and with full access to any part of the system. You don’t have to know what is SSH and what is a service and actually most of the jailbroken iPhone users never heard about it before.

However, this SSH service also opens a small window to the world…

Let’s try to simplify it by using an analogy – suppose you have a nice and well-protected house. You have doors, windows, steel grates and an alarm system that protects all the entries to the house. Now someone tells you that you if you remove the windows, doors and grates and disconnect the alarm system in the first floor, you will be able to walk freely into your house, you will see the view clearly and your cat will come and go as he likes.
Unless you live in an Israeli Kibbutz, your response will be – “are you nuts? everyone will be able to come inside, steal whatever they want, see everything I’m doing, eat my food and sleep in my bed.”

Did you ask the same question before you jailbroke your iPhone?
Probably not. Let’s see what can be the result of opening this small window in your iPhone.

When you connect your iPhone to the Internet via WiFi, for example using the Internet access in the airport, restaurant, train, coffee shop, hotel or university, every other user in this place can try to hack your iPhone remotely. When your iPhone is protected, it will be almost impossible to hack into it.
The SSH service on your jailbroken iPhone opens a small window to the world and now the nice guy in the first floor in your hotel can hack into your iPhone through the SSH service.

What can such hacker do? Everything!!!
He can read your documents, steal your bank/facebook/gmail passwords, see the pics and watch the naughty movies that you took with your iPhone…
He can read your sms messages and emails, eavesdrops your phone calls and track your GPS locations. He can install in less than a minute a tiny software that will send him every day all of the above and much more. And everything will be very stealthy – you won’t even know about it.

OK, relax, it is not so simple. Every SSH service has a password. So unless the hacker knows the password, you are protected.
Are you relived now? You shouldn’t be.
Every SSH service comes with a default password. For jailbroken iPhones with SSH service installed, the default password is usually ‘alpine’. When you jailbroke your iPhone, it was written somewhere in small letters that for security reasons you better change the SSH service password. Since most of the users don’t know what is SSH and why they even need it, they won’t bother to do it. And actually, even if they want, they probably don’t know how to do it.

To make a long story short, if you jailbroke your iPhone and SSH was installed and you didn’t change the default password – you can be hacked in seconds almost everywhere you go.
The funny thing is that it is very easy to hack into jailbroken iPhones using non-jailbroken iPhones and you don’t even have to be a computer geek to do it – we’ll see how to do it shortly.

What is the percentage of jailbroken iPhones?
The numbers are not absolute – there are different statistics from different sources.
According to Pich Media (2009), the percentage of iPhone users running their phones jailbroken is 8.43%.

More recent numbers are talking about 10-15%.
According to Chinese market research company Umeng (2011), 35% of iOS devices in China are jailbroken.

The distribution of the  jailbroken iOS devices in China is as follows:

Our field experiment
In order to understand better this phenomenon, we did an experiment in a small airport in Europe. It was a midweek day, around noon, where the airport was very quiet and not so busy.
We connected our non-jailbroken iPhone to the Internet via the free WiFi service and scanned the network. We found out that about 6% of the Apple devices had SSH service installed and waiting for remote connections. We tried to hack into them using the default password (in our experiment, once the default password was accepted, we logged out and disconnected immediately without violating the privacy of the user).
The result was amazing: about 80% of them where hacked immediately!!!
It means that about 5% of the iPhones in the airport were jailbroken with SSH service installed and a default password that was never changed.
We repeated this experiment in a small university and the results where about the same – 4-5% of the iPhones were jailbroken with SSH service installed and a default password.

It means that about 1 of 20 iPhones/iPads in use can be easily hacked and the most sensitive and confidential data can be stolen.

How to hack into iPhones?
In order to show how easy it is for every non-technical user to hack into iPhones around him (as long as they are connected to the Internet through WiFi), we will demonstrate this process using two free iPhone apps. It is important to mention that during the hacking procedure, the victim (the jailbroken iPhone user) is not aware to the hacking, he doesn’t see anything special on his screen and the whole process is stealthy and transparent. Our goal is to increase the awareness of the iPhone users to their security and privacy, and not to encourage hacking of iPhones, which is definitely illegal.

The first free app, Fing, can be downloaded through iTunes store. This app is used to scan a network and look for connected devices.
As you can see in the following picture, the app shows a list of devices that were found, and the name of their vendor.

List of connected devices

Every device in the list also has a number. For example, the last device in the above list has the number This is its IP address. You don’t have to know what is an IP address. You just have to remember this number for the next step (for privacy reasons, all the real IP addresses that were used in this demo were changed to fake ones).

As you can imagine, all the Apple devices are good candidates for our demo.
Then, we use the same app to check whether these Apple devices have  SSH service installed. Basically you just have to click on each Apple device in the above list and you get the following screen:

Scan the device

Then you have to click on “Scan services” at the bottom and after couple of seconds you will get a list of all the open “windows” in this device (they are called ports). If you see an entry that says “22 SSH”, as shown in the next picture, it means that this device has an SSH service installed and ready for accepting remote communication.

SSH is open

You can repeat this process for every Apple device in the list and at the end you’ll have a list of devices, where each device has its own IP address (in our example, was the IP of the last device).

Now we are going to use the second free app, Mobile Admin, which can also be downloaded from iTunes store.
This app lets you communicate with the remote SSH service.
Once you start it you get this screen.

Mobile Admin

Click on SSH and then click on “New Connection”.

Add a new SSH connection

In the next screen, in the Host box you should enter the IP address of the Apple device that you found ( in our demo), in the User Name you should enter ‘root’ and in the Password you should enter ‘alpine’.

SSH connection details

Then you just have to hit Connect at the bottom of the screen.

A new SSH connection

On the next screen you should click “Accept Once”.

Accept the SSH connection to the iPhone

If this iPhone was configured with the default password, you should get the a black screen, where you see some text and a blinking prompt, like here.

It means that now you are the master of this device and you have full control over every part of its system. You can browse all the stored data in this iPhone. You can even change its default password…

How to protect your jailbroken iPhone?
If you have a jailbroken iPhone, you can use Fing to find your IP address. Just start Fing, let is scan (hit the refresh button at the top-right) and look in the list for the entry that says “You”. This is your IP address. In the following screen, our IP is

Now use Mobile Admin as described above but enter your IP address in the Host box. Enter the User Name (root) and Password (alpine) as before and hit Connect.
If you get a screen similar to the following one, it means that your iPhone is not using SSH service. You are done here – you are protected.

No SSH service

If you get a screen similar to the following one, it means that your iPhone is using SSH service. But you still have to check that you are not using the default password. Click “Accept Once”.

If you get a screen similar to the following one, it means that your SSH service is not using the default password. You are done here – you are protected (as long as the password that you configured in the past is not weak).

If you get a screen similar to the following one, where you see some text and a blinking prompt, it means that your iPhone is using SSH service with the default password. Your iPhone can be hacked in seconds!

Now let’s change your default password.
Where you see the blinking prompt, type the following word and then click enter:

You’ll get a screen similar to the following one – you will be asked to enter your new password. Choose a strong password, write it, click enter. You will be asked to re-type your password. Type it again and click enter.

Then you should get a screen similar to the following one:

It means that your password was changed successfully – your iPhone is protected now!

© 2015 Brainstorm Private Consulting Blog Suffusion theme by Sayontan Sinha