Get Smart About Going Anonymous Online

Going incognito online is not about being shady. There are many good reasons to conceal your identity. You might want to keep your data safe from hackers, or bypass government censorship. You may simply want to browse privately so your friends don’t tease you, like maybe having a secret fascination with unicorns! The point is that most people will want to be anonymous at times. This guide explores your options, with tips to overcome hurdles along the way.

Incognito Mode

Let’s start with the most basic tool – Incognito Mode in your browser. This lets you hide your online activity from other users on a device. It deletes the history of your visits, cookies, cache files and all the information related to your browsing activity. Two important things to remember though, is that Incognito Mode doesn’t delete your Bookmarks or downloads, and it doesn’t hide your identity from an Internet Service Provider (ISP), government, or even the operator of the WiFi hotspot you’re using.

Proxy Servers

These are probably the cheapest (many are even free), easiest and most common way to make your online traffic anonymous. When your device connects to the Internet using a proxy server, it acts as an intermediary device that redirects data requests.  To put it another way, proxies act as an online mailman behind the scenes, who receives your message, erases the sender details, delivers the data packets you send, and then delivers the response back to you.

A schematic illustration of connection involving a proxy-server

Originally, this technology was created to protect internal corporate networks from the public Internet, but soon their use became more wide-spread.

There are two types of proxy servers:

  • Transparent Proxy (aka Inline, Intercepting, Forced Proxy) – it won’t hide your identity and makes it easy for the proxy administrators to censor / monitor traffic activity.
  • Anonymous Proxy (aka Anonymizer) – accesses the internet on your behalf, hides your IP address (your computer’s identifying info), and makes your online activity untraceable.

Apart from these differences, proxy servers are also highly specialized, so every connection type has its own proxy type too. For example, FTP (File Transfer Protocol) has a specific FTP-proxy.

HTTP and HTTPS proxy servers work only with HTTP traffic. We strongly recommend you only use HTTPS proxies because they’re encrypted. With HTTP, all of the data you send and receive can be monitored, intercepted and edited. In other words, HTTP proxies may hide your IP address, but the data you transmit is unprotected.

You also need to make sure the proxy server you choose doesn’t disclose the information you’re sending to third parties. The best choice, if you don’t use HTTPS, is a SOCKS proxy server. It doesn’t have encryption, but it’s an internet transfer protocol that keeps your online activity anonymous by not disclosing your computer’s IP address. 

SOCKS4 and SOCKS5 are different server versions. It’s best to use the SOCKS5 proxy server because it gives you added features and security enhancements. For example, it supports authentication (using login and password) and DNS requests.

And if you’re looking for even more data protection, Shadowsocks is an open-source project that uses SOCKS5 but also encrypts the data and hides traffic.

Many applications such as Firefox and µTorrent support SOCKS proxies, while Google Chrome has extensions for it. There are also many free HTTPS and SOCKS proxy servers available, so you’ll be spoilt for choice when you search online.

Virtual Private Network (VPN)

VPNs are really popular now for anonymous browsing. They were originally created to connect computers within a single network, even if located far from each other. The key feature of VPNs is encryption, since they were mostly used by corporations for transferring intellectual property and other business communications between multiple branch offices and HQ.

Let’s look at the types of VPN protocols and how they’ve evolved:

  • PPP (Point-to-Point Protocol) – used for privacy on data channels. Its purpose is to ensure a stable connection between two “points” (devices) to deliver encryption and authentication between them.
  • SSTP (Secure Socket Tunneling Protocol) – with the progression of SSL/TLS protocols, PPP has evolved to SSTP. This  transports PPP traffic through an SSL/TLS channel and ensures a reliable encrypted connection for data integrity.
  • PPTP (Point-to-Point Tunneling Protocol) – an extension for PPP that encapsulates PPP packets into IP-packets for further transportation via the Internet. This protocol, created in 1999, has many known security issues and is now obsolete. It has been replaced by L2TP.
  • L2TP (Layer 2 Tunneling Protocol) – more reliable and stable than its PPTP predecessor, L2TP won’t provide any encryption or confidentiality by itself, but it effectively regulates the process of exchanging messages in a network. To protect the transmitted data, IPsec is used alongside it.
  • IKE and IKEv2 (Internet Key Exchange) – these are strong encryption algorithm protocols, used exclusively with IPsec.

These are the most modern VPN protocols we recommend:

  • OpenVPN – the most popular solution for a secure VPN connection. It is open-source and provides the most reliable protection of your data, keeping you anonymous. OpenVPN uses its own custom security protocol based on SSL/TLS, rather than L2TP, IPsec or IKE.

Our sister-company, Namecheap, is a great example of secure OpenVPN with affordable price packages to suit individual needs. Feel free to have a Live Chat with them if you’re not sure what to choose.

  • SoftEther VPN – also an open-source, cross-platform, and multi-protocol solution. It not only works with all the protocols we described above, but also has its own protocol, no less secure than OpenVPN.

The main thing to understand is that VPNs use a tunneling method which secures transmitted data packets, making it impossible to identify the sender. Here’s a quick summary of all the VPN protocols:

BadOKGood
PPPL2TP/IPsecOpenVPN
PPTP IKEv2/IPsec SoftEther
SSTP

The Onion Router (Tor)

The name might sound strange, but if you think of the many layers of an onion protecting the core, it makes sense. Tor is one of the best ways to ensure your anonymity online. It uses three levels of data and traffic protection called onion routing. Your data is the core of the onion and the layers above protect it.

Each of the three Tor servers takes off one layer, while the last one takes your data core and sends it to the Internet. The Tor network is supported by thousands of enthusiasts around the globe that uphold the right online privacy. Every session you initiate using this technology is routed through a unique set of intermediary nodes. This means when you visit multiple sites with Tor, each site sees you as a completely different identity.

A schematic illustration of connection via Tor Network

The biggest advantage of Tor is its reliability for robust online anonymity, thanks to the efforts of digital security specialists around the world who contribute.

Tor developers have now made it easy to use this technology. For users who are not tech savvy, they’ve created the Tor Browser based on Firefox, and it’s free! Not only does it provide all of the benefits of onion routing, it has lots of extra security and privacy enhancements. For example, NoScrtipt disables all scripts running on websites, making it almost impossible for websites to track and monitor your actions. 

One of the features we love about Tor is that it comes with the HTTPS Everywhere extension installed by default. When you see ‘https://’ in your browser, this means the site has been secured. With this extension, your browser will check for the secure HTTPS version of the site and automatically redirect you to it. That said, always check to make sure you see the secure padlock and ‘https://’ in the address bar that comes with an SSL Certificate. If you don’t see this, it means the site is not encrypted and any data you provide can be compromised.

There are ups and downs to almost everything, so now let’s look at the disadvantages and glitch fixes when using Tor:

  • Tor is generally slower than regular connection speeds.
  • There are potential ‘Sniffers’ who can look at the HTTP traffic in the last node of the three phase Tor circuit. But the sniffer won’t be able to tell who this data belongs to, unless it contains identifying info. This is another reason not to visit HTTP sites that aren’t encrypted with an SSL Certificate. 
  • Some IPs (computer addresses) on the last nodes may be blocked or blacklisted, which can cause errors when you try to access certain sites. For example, you may be faced with annoying Captchas (those weird strings or wavy letters you have to type out to prove you’re not a robot) on Google or Bing. If this happens, visit ‘search.disconnect.me’, which prevents search engines from tracking you. It can be used to search safely on DuckDuckGo, Bing and Yahoo.
  • If you receive timeouts or errors when using Tor, you can create a ‘new identity’ in the Options section or by opening a new tab. This will change your allocated IP address.

You can download Tor for free on the Tor Project website.

Deep Packet Inspection (DPI)

Unfortunately, privacy and security measures we’ve discussed so far may be rendered useless if your internet provider is using DPI. This is a system of deep traffic analysis that inspects data in granular detail, as well as block, re-route or log it. 

DPI is designed to detect and block any suspicious activity that does not seem to be made by a regular computer user. In theory, all types of traffic anonymization are suspicious, so they can be made unstable or ineffective if DPI is deployed.

That said, there are ways to trick DPI. Almost every technology we’ve described so far has a security feature that allows you to bypass DPI by pretending these incognito methods are simply connecting to a remote server.

OpenVPN, for example, is easily identifiable as traffic anonymization, but Stunnel can bypass DPI data packet analysis. Stunnel does this by masking the VPN channel to make it look like a simple SSL/TLS connection, not suspicious because it looks like a browser accessing an HTTPS website. 

Another thing that helps mask OpenVPN traffic is ‘tls-crypt’ mode, available in OpenVPN version 2.4. It encrypts the connection with the OpenVPN server even before the SSL/TLS connection is made, so the connection is encrypted twice.

Tor Project is also working hard to develop and improve ways to bypass DPI. Another example is you can use Tor Bridges which ensure a direct and reliable connection to the first node in the onion routing. That way, even if your Internet Provider is blocking connections to the Tor network, they won’t be able to block all bridges because there is no such thing as a complete list of them.

Other technologies used to trick DPI act to replace data headings and fractionize (divide) traffic. Examples are GoodbyeDPI and Green Tunnel. Instead of masking your IP or encrypt the data, they act to bypass DPI filtering. 

At the moment, the best known way to bypass DPI is called ‘obfs4’. This is a technology that obfuscates or jumbles data, so it can’t be understood by people and becomes difficult for computers to unscramble. DPI usually ignores obfuscated data packets because it cannot begin to assess what they contain.

Wrap Up

As you now know, there are many ways to protect your privacy and personal data online. Free Proxy servers are easy but can be unreliable (the paid-for ones are better). VPNs are really popular these days but you need to find a good one with multiple servers that have high speeds. Tor can be slow but it’s much easier to use now than when it started, and it’s very robust. Ultimately your choice will depend on the level of privacy you want. The good news is you have lots of options for going incognito, and there are comparison review websites to help make the best choice.

Share on Twitter, Facebook, Google+