The Hebrew version of this article was published in the digital version of Haaretz newspaper.
Who needs to be anonymous in the Internet?
The Internet is not anonymous. In most cases, virtual users and their activities in the Internet can be identified and associated to their real identity. Usually it is not a problem for the average user but sometimes Internet users want to be anonymous. For example, a journalist that wants to communicate anonymously with his resources, users that want to bypass the censorship that their country impose on the Internet, intelligence organizations that want to participate in forums without revealing their real identity and a blogger that wants to post his content anonymously.
Suppose that you want to leave a comment in a news website. In order to add your comment, you are required to write your name, e-mail address and the comment. Since you don’t want that anyone will know that you are the one that left the comment, you use a fake name and a fake e-mail address and then you leave the comment.
Although you used fake details, can this comment lead back to you? can someone associate and prove that you (the real you) wrote this comment? did this popular “trick” of using fake details helps you to stay anonymous?
The simple answer is, NO. It will be “easy” to find out that you are the one that left the comment. The more general answer is NO, whatever similar trick you use to fake your real identity, you are not anonymous in the Internet and if this news website will really want to find your real identity, it is possible. And in most cases, with the help of the law authorities, it can be really easy to do so.
Anonymity in the physical world
Let’s leave for a moment the virtual world of the Internet, and give an example from the real (physical) world.
Alice, who lives in Dallas, Texas wants to send a package to Bob, who lives in New York, New York. Alice is going to her local post office in Dallas and is asking to send the package. She is filling in the sender address (for example, Alice, PO Box 1111, Dallas, TX) and the recipient address (for example, Bob, PO Box 2222, New York, NY) and then she sends the package.
The local post office sends the package to the post office in New York, who delivers the package to Bob’s PO Box. When Bob gets the package, he knows the sender’s address. Well, actually he knows the name, PO Box, city and state but not the real home address of Alice.
Suppose that for some reason, Bob wants to locate the real details and address of Alice. Bob can call the post office in Dallas and ask for the real details of Alice. He gives them her PO Box (1111) and since they know the real details of every person that purchases a PO Box, they can give Bob the answer. However, they won’t since they keep the privacy of their customers. But what if package contained a ticking bomb and the local police ask them to give the real details? or the government? as you can imagine, of course they will expose Alice’s real details.
Anonymity in the virtual world
Let’s go back to the virtual world.
On 1/1/11 at 11:11 Alice wants to leave a comment on Bob’s website. When Alice connects to the Internet, her ISP, Internet Service Provide (local post office) assigns her an IP address (for example, 188.8.131.52). The IP address is like the PO Box from the physical world example. Bob also has his own IP address (for example, 184.108.40.206). Now, every activity she is doing in the Internet will be identified by her IP address. When Alice is leaving a comment on Bob’s website, she is actually sending the comment from her IP address to Bob’s (from her PO Box to Bob’s).
Like in the physical world, it is possible to locate the real address of Alice based on the IP address that she used. The IP that was assigned to her by her ISP (220.127.116.11) is registered on her ISP. Since this information is public on the Internet, anyone can find out the details of her ISP. For example, this website shows that my current IP address (18.104.22.168) is registered on Bezeq International ISP in Israel.
Now, Bob can contact Alice’s ISP and ask them for the real details of the person that used IP address 22.214.171.124 on 1/1/11 at 11:11. Every ISP is keeping logs of all the allocations that he made for his IP addresses, so Alice’s ISP can figure out easily that this IP address that was used at this date and time was assigned by him to Alice and since Alice is his customer he has her real details. As in the physical world, due to privacy issues the ISP won’t give these details to Bob but if the local police/governmental authorities will ask for the details the ISP is required to give them.
As we can see, both in the physical and in the virtual worlds, the anonymity of the sender is very limited. Now let’s see how we can improve the anonymity of our dear Alice.
How to be anonymous in the physical world
In order to dramatically improve her anonymity in the physical world, Alice will send her package to Bob using some people that will hopefully help her. Alice opens a global yellow pages directory and picks 3 random people, each one from a different continent. The first one, Frank from Paris, France (PO Box 3333). The second, Debbie from Melbourne, Australia (PO Box 4444). The third, Ali from Rabat, Morocco (PO Box 5555). Then, Alice will send her package to Frank, that will send it to Debbie, that will send it to Ali that will send it to the final destination, Bob. Each hop in this route knows only the address of the previous hop and the next hop and since the package is traveling around the world from one person to another, it will be harder to trace it back from the final destination (Bob) to the original sender (Alice). How is she going to do this:
Alice takes her package and writes Ali’s details (Ali, PO Box 5555, Rabat, Morocco) as the sender and Bob’s details (Bob, PO Box 2222, New York, New York) as the recipient. Then she takes the package and puts it inside a bigger package. She writes Debbie’s details (Debbie, PO Box 4444, Melbourne, Australia) as the sender of this bigger package and Ali’s details as the recipient of this package. Then she locks it with a combination lock, where only Ali knows how to open. Now Alice takes this (double) package and puts it inside a bigger package. She writes Frank’s details (Frank, PO Box 3333, Paris, France) as the sender of this package and Debbie’s details as the recipient. Then she locks it with a new combination lock, where only Debbie knows how to open. Last, Alice takes this (triple) package and put its inside a bigger package. This time she uses her details (Alice, PO Box 1111, Dallas, Texas) as the sender and Frank’s details as the recipient. Then she locks it with another combination lock, where only Frank knows how to open.
The following image illustrates how this multi-layers package looks like. Each layer has its own sender and recipient and its own lock:
Now Alice can send her multi-layer multi-lock package. The first recipient is Frank. Frank gets the package, unlocks it (only he has the right combination) and sees another package inside. He can’t open it (since it’s locked with Debbie’s combination) but he sees that destination of this package is Debbie. So he sends it to Debbie. Debbie gets it, unlocks it (only she can unlock) and sees another package inside. She can’t open it (locked with Ali’s combination) but she can see the next destination, Ali. So she sends it to Ali, who can unlock it (only he) and sees another package inside. This time he sees that the final destination is Bob and he sends him the last inner package. The reason Alice is using locks is to ensure that every middleman will be able to see only the next hop (middleman) on his route and not more than that. So Frank can see only the address of the next hop in his route (Debbie) but not the next next hop (Ali). This way, every middleman has only a partial knowledge of the whole route of middlemen.
Now suppose that Bob wants to trace back the original sender. He knows that the package came from Ali, so first he has to go to the post office of Ali in Morocco, show them the package and ask for the details of the one that sent this package to Ali. Even if they give it to him, Ali (and his post office) doesn’t know who was the original sender. He only knows that he got it from Debbie. So now Bob has to ask the post office in Australia to give him the details of the one that sent this package to Debbie. Again, even if he gets them, he still can’t locate the original sender of the package since Debbie only knows that she got it from Frank. So now Bob has to go to the post office in France and ask for the details of the one that sent this package to Frank. Only then he can trace back the original sender, Alice. Now Bob has to go to Alice’s post office in Texas and ask for her real details.
As you can see, in order to trace back to Alice, Bob (or the governmental authorities in his country), has to get help from the American authorities, the Moroccan authorities, the Australian authorities and the France authorities. This complex cooperation between several countries is time and resource consuming and involves diplomatic aspects as well and the chances for such cooperation are very very slim.
This multi-layer packaging and routing around the world dramatically increases the anonymity of Alice and in most of the cases (if the route and middlemen are chosen carefully) it will be almost impossible to trace the package from Bob back to Alice.
Back to the virtual world.
How to be anonymous in the virtual world
The idea that we described for the physical world is implemented in the virtual world by a system that is called TOR, The Onion Routing. TOR is a system that helps anyone to be anonymous in the Internet.
How does it work?
First, Alice has to install the TOR software on her computer. Then, when Alice wants to connect to the Internet, the TOR on her machine will pick up 3 random TOR relay machines (like Ali, Debbie and Frank from the physical world example). Relay machines are regular Internet users that for the sake of freedom volunteer to relay anonymous Internet activity between TOR users. Now, the TOR on Alice’s computer will take the comment that she wants to leave on Bob’s website, and it will wrap in layers as in the physical world example. In the virtual world, a package from the physical world is called a Packet. In the most inner layer, the packet has Ali’s IP (126.96.36.199) address as the sender and Bob’s IP address (188.8.131.52) as the recipient. In the next layer, the inner packet is wrapped inside another packet that has Debbie’s IP (184.108.40.206) as the sender and Ali’s IP as the recipient. In the next layer, the previous packet is wrapped inside another packet that has Frank’s IP (220.127.116.11) as the sender and Debbie’s IP as the recipient. And in the outer layer, the previous packet is wrapped inside an outer packet that has Alice’s IP (18.104.22.168) as the sender and Frank’s as the recipient. In addition, as in the physical world example, each layer is encrypted (locked) and only the recipient of this layer can decrypt it. Since every recipient peels his layer (and only his layer), and delivers it to the next recipient, thus providing a multi-layer packeting, this concept is called Onion Routing.
For example, during my current anonymous browsing using the TOR, my real IP address 22.214.171.124 (Bezeq International ISP in Israel) was changed to 126.96.36.199 that is registered on Hetzner Online ISP in Germany. Therefore, from the virtual world point of view, I am in Germany with a German IP address from a German ISP and not in Israel.
So when Bob sees the comment, he thinks that Ali left it (since it is identified by Ali’s IP address as the sender). Now, if he wants to trace it back to the original sender, he has to go the ISP of the last sender (Ali), show them the packet and its details (Ali’s IP 188.8.131.52, time and date the packet was sent) and ask them for the IP address of the one that sent Ali this packet (Debbie, 184.108.40.206). Once he gets it he has to do the same process with Debbie’s, Frank’s and Alice’s Internet service providers. So in order to trace back the details of Alice, Bob has to get the cooperation of the Internet Service Providers and the authorities of USA, Morocco, Australia and France. The chances for that to happen are very very slim and in many cases it is even impossible to trace back this route. Actually, tracing back this route in the virtual world can be significantly harder than in the physical world.
The following image shows how our anonymous messages traveled around the world between TOR relay machines.
Who is the owner of TOR?
The TOR project is maintained by a nonprofit organization, based in the USA. TOR is free and open source. It means that anyone can analyze the code and verify that there are no backdoors which compromise the anonymity and privacy of the user. TOR is using a network of more than 2,500 volunteers (relay servers) around the world, that relay the anonymous communication of TOR’s users. There are relay servers in Australia, Argentina, Belgium, Brazil, Canada, Germany, Denmark, France, Switzerland, Algeria, Czech Republic, Egypt, Spain, Finland, UK, USA, Israel, India, Italy, Japan, Mexico, Latvia, Russia, Panama, Poland, Singapore, Slovenia, Turkey, Ukraine, South Africa, Vietnam, Venezuela and more and more.
Does TOR guarantee 100% anonymity?
No, nobody can guarantee 100% anonymity, however the process of tracing back a TOR route to the user’s computer is very complex and requires technological, governmental and diplomatic resources and cooperation between countries around the world. Therefore, TOR is probably your best way to stay anonymous in the Internet.
It is important to mention that in some cases, for example when there is an evidence of a terrorism activity, such cooperation between countries to locate the user that is using TOR is possible. There are also some documented attacks against the TOR network that try to compromise the anonymity of the users but still they are rare and complex.
How to browse anonymously using TOR?
The simplest way to use TOR is by using the TOR Browser Bundle that can be downloaded here, where you can also read the very simple instructions for using TOR. The TOR Browser Bundle is available for Windows, Mac, Linux and Android. It includes couple of software packages and a special version of Firefox browser. Once you download and extract the bundle, it will create a folder with several sub-folders. In the main folder you will find a file that is called “Start Tor Browser” (for Windows), or “start-tor-browser” (for Linux) or “TorBrowser_en-US.app” (for Mac). Before you run this file, close all the open browsers so you won’t get confused between the regular browser that you are using and the anonymous browser that TOR is using. Once you run this file, TOR will start running and when it will be ready for your anonymous browsing it will open its special version of Firefox. From now on (until you exit the browser), your browsing activity using this browser will be anonymous using the TOR network. Bear in mind that your browsing will be slower since every packet is encrypted and decrypted couple of times and it travels through several computers around the world. Well, this is the small price that you have to pay to be real anonymous in the Internet.