I will tell you how you can be found, how to resist this, and at the same time describe the algorithms of proxy, VPN and other anonymization tools in the simplest possible language.
Hello everyone, dear friends!
In this article, I will tell you how you can be found, how to resist this, and at the same time describe the algorithms of proxy, VPN and other anonymization tools in the simplest possible language. This is necessary for understanding, so as not to burden anyone with professional slang and complex terms that can be omitted or replaced with simple analogs.
This article is intended for beginners.
Let's get started...
How VPN and SSH tunnels work
VPN and SSH tunnel are very similar in their algorithm. Tunnels are even called VPN for the poor.
It all works like this: when connecting to a VPN, an encrypted communication channel is created, and all data on the VPN is transmitted encrypted by the SSL protocol version 1/2/3. Maybe you can even find a VPN with TLS encryption on the Internet. And every time you press Enter in the address bar of your browser, the request is sent not to the site you entered in the address bar, but in encrypted form to the VPN. There it is decrypted and executed, and the result (the page in the browser, the VPN works for all requests to the network from all applications on the computer) is sent to you. It looks like a proxy principle. This is it. VPN acts as an encrypted proxy server between you and all Internet connections on your PC.
Dedik, VPN is not a means of anonymity
Many people think that by connecting to a VPN, they become wild anonyms. Well, it is awkward to ruin their wet fantasies, but it is unlikely to save them from the zone. The fact is that almost all VPNs on the Internet keep logs, which they will gladly give to comrade major. Simply because providing VPN services is a business. And when citizens in uniform come to you, you have to comply with their demands in order to maintain the ability to continue doing business.
Are you sure that the person who provides VPN services, his company, and he himself are in another country? Are you sure that the security forces of your country do not have power over the VPN chief? And now the same thing, but about the moderator, or technical worker of this VPN? And what about the option when the special services and the police themselves open such a site for the provision of VPN services during operational-search, or preventive measures? I am not even mentioning the possibility that there is a vulnerability on the server with the VPN, or the admin of this service is so stupid that he sends logs not just by official order, but even by email or phone call. Yes, this happens. Actually, all the same applies to dedicated servers, that's why I mentioned them in the subtitle.
VPN without logs and clearing logs on a dedicated server
It's no secret that various illegal forums promote various VPN services that promise no logs. Firstly, you can only check this if you have the server IP and the root user password. But even here there is a problem in that the VPN provider keeps logs, and so does your Internet provider. It is required by law.
With dedicated servers, in fact, it's the same old story. Only there is also the added factor that you will never know the exact number of places where logs are written on your specific server, whether there is some hidden pool, and whether logs are written above the dedicated server itself. And no software that "cleans logs after you exit" will help you.
How the police will find you hiding behind a VPN or VDS
First, when they establish the IP from which the alleged crime was committed, they look at what country this IP is from. If it is not from yours, then during COPM they will find out the IP address that sent packets (the same encrypted ones that I talked about in the subheading about VPN) to the IP address from which the violation was committed during a given period of time. So, if the offense was committed by an inexperienced user, then at this point there is practically direct evidence against him. Then it's a small matter - ask the provider for logs regarding the suspect, study them, and make an arrest.
SSL Hacking
SSL encryption, which is used by almost all VPNs and tunnels, has been hacked. This means that the traffic that you drive through a VPN can no longer be considered encrypted at all, and anonymity is lost.
TOR
Many are trying to solve all the problems of TOR. And there are a number of problems here. I would say, diagnoses. And the name of this diagnosis is illiteracy. Firstly, you will never hide from the site that you are using TOR, the onion network is open, and the browser settings also expose you.
The second is that TOR output nodes are often logged by the holders of these very nodes. I just want to say that using TOR, all your authorization data (from a bitcoin wallet, for example) can easily be stolen. Or blackmail you with the content of your requests that you sent from TOR. You didn't go through the onion browser to look at funny pictures, right?
The principle of TOR is similar to an onion, which is why the logo has an onion, not a hammer. Requests through the TOR browser are transmitted from 1 repeater (the principle of retransmission in TOR is similar to the principle of cellular towers of GSM operators, these are ordinary computers of activists who allowed TOR to use their computer as an intermediate or even final point in multi-layer TOR requests. Such computers are called nodes or repeaters). From your computer it flew to node # 21323, from it to 284, then to 3289, then to 9819, then to 13981 and so on, a lot of layers, different countries of the world. In the end, your request for comrade major is lost somewhere among these nodes and countries, and he no longer has the authority and desire to untangle it further. The onion principle. Got it? And of course, in this network of onion layers, there is a layer that is the last one. That is, the layer that sends the request to the Internet and returns it to you. This "layer" is called the output repeater. And he gets already decrypted data, that is, your logins and passwords in plain text. Well, or at least your cookies. All this is very often collected and people make money on it.
Fingerprints
Different good and not so good sites have a bunch of ways to identify your computer even when you cleared all the cookies, reinstalled the browser 20 times, and generally log in through a virtual machine. All these things are called fingerprints. For example, the unique number of your processor. This is the simplest. And there are also fingerprints based on a set of fonts, and I even saw a fingerprint somewhere that identifies users by their computer mouse. They all have different reaction speeds and other parameters. If you are interested, google it. And there is also Ever cookie, these are the same "eternal" cookies that hide in a large number of places on your computer and are quite difficult to delete.
Double VPN
A VPN chain can consist of not one VPN server to which you connect, but two, three, four (these are Double, Triple, Quadro - respectively) connections. They are more resilient and are no longer affected by the trick described in point 4, when the police simply looked at the IP from which the VPN IP was accessed and figured out who was hiding behind it.
Want to escape the Internet?
Then there are more drastic methods that should be used in particularly critical situations. While some people are tempted by online fame, for others it can become a heavy burden. Completely removing yourself from the Internet is not always possible, but by following these instructions you can definitely get close to it.
Think carefully about your decision before continuing.
Much of what is suggested below cannot be undone. This means that you will lose all information and traces of your presence on the network, and in some cases you will not be able to restore your account using the same name and email address. These are drastic measures, they should be taken to the point.
Delete your accounts
You may not remember all the sites you are registered with. The more popular the site, the more effective it is to delete your personal information from it if you are trying to disappear from the Internet. This will not necessarily clear the deep web's memory of you, but it is a good start. The following list should help you determine your priorities:
Delete yourself from VK, Instagram, Facebook, Twitter;
Delete your Google account;
Delete your account on eBay and any other online auction;
Delete yourself from Avito, Yula and any other "flea market";
Delete your account on the school, college or university website, but only if you are no longer a student there;
Delete information about yourself from all gaming sites. Yes, this includes all the virtual valuables you have won and accumulated over the years. Give all your things to people who need them, if this is provided for by the rules of the site.
Look for workarounds if it's impossible to delete an account
Some sites don't allow you to completely delete an account, instead suggesting that you simply "deactivate" it (while all your data will remain in the system) or abandon it. If there's a real reason for deleting, contact the site's creator or its administrators; at the very least, you should be able to change your first and last name to hide your identity. If the site doesn't respond, here's another way:
Delete any true information about yourself from your account. If leaving the fields blank is impossible (or you suspect that your data is still stored somewhere), replace them with obviously fake (Vasily Oppenheimer, Jr.) or hopelessly hackneyed (Vasya Pupkin) options. Don't associate your abandoned page with some poor guy whose name matches the one you specified. Please note that if you enter a non-existent email address, the system will send a confirmation request there, so this option will not work. This prompts us to the next step;
Create a new email account on a free site. The less similar the login is to your real name, the better (for example: jr7_9![email protected]). Also, do not enter true information. Do not close this page; if the email address is really that ridiculous, you may not remember it later;
Link a non-deletable account to the new email account. Confirm the request to change the email address. Once the data is changed, make sure that your primary email address no longer appears anywhere in this account;
Delete your new account. Your non-deletable account is now linked to a non-existent email address. There is always a chance that someone will choose exactly this login jr7_9![email protected] for an email and want to create an account on the same site. Then there will be confusion, but it will most likely not bother you too much.
Close your personal pages
If you have created websites on the Internet, you will have to delete them completely. This includes:
Blogs. If you had a popular blog, remember that fragments of it may have already flown around the Internet. Nothing can be done about it;
Blogs on social networks. Many sites offer blogging as an additional option when registering; do not forget about this if you have ever created such a blog;
Groups like Ning, Gro.ups, Yahoo Groups, etc. How successfully you manage to leave such groups depends on the other participants;
Posts on forums. This may be almost impossible on some sites, but try your best;
Articles that you have added to specialized sites. Success will depend on the terms and conditions of these sites.
Check if you are listed as a customer of the phone company
If so, ask them to delete your details completely. Do the same for any other customer databases online that may contain your name and other information.
Unsubscribe from all emails sent to you
This should be fairly easy and can be done by clicking on a direct link provided in the body of the email. Follow the individual instructions. If you cannot find such instructions, contact the site administrators directly.
Delete web search results that refer to you
Search for variations of your name or nickname to find anything you may have forgotten and delete it manually. Remember that search engines display cached data (including references to you) from old pages that have since been modified or deleted; it is not in the search engine's interest to display expired information in results, so it will disappear over time. In some cases, however, you may need to contact the search engine administrators directly for expedited removal.
Be prepared that removing yourself from search engine results may require more work, including real-world paperwork (e.g. faxes, etc. to verify your identity). The main search engines and people search engines you should check are:
Google;
Yandex;
Mail.ru Search;
Yahoo;
Bing;
White Pages;
Intelius;
Yahoo People Search;
Acxiom;
People Finder;
Zaba Search.
Be polite
Even if you are angry, afraid, or frustrated, don't let it color your tone when dealing with website managers. They are human beings and will respond to a reasonable request with a valid reason. If you want to remove your name because you are looking for a job, say so; at least they will know you have a real reason.
Avoid raising your voice, threatening to sue (unless they refuse to cooperate and you are truly willing to do so), or other unflattering tactics.
Delete your email
The method for deleting will depend on whether you are using a paid or free service. If you decide to take this extreme measure, wait until you have completed the rest of the steps in this article, as you may still need your email to complete them.
If the service is free (e.g. Gmail, Hotmail, etc.), delete the email following the site's instructions.
If the service is paid, contact the relevant company for instructions. Even completely electronic organizations should be run by real people who can be contacted.
Some free email accounts are automatically deleted after a certain period of inactivity.
Before deleting your email, always check if there is any important information on it that is worth keeping. Transfer all necessary materials to a flash drive or other storage method.
Accept that you will not be able to delete absolutely everything.
There may be some things that cannot be done about. In such cases, it is best to accept everything as it is. If echoes of your virtual life haunt you, you can always pretend that it is not you (especially if you have a very common name).
You should be aware that deleting references to yourself will be extremely difficult in the following cases:
Mentions about you in news, blogs, audio files, etc.;
Comments left by you anywhere;
Your photos uploaded by other users to their albums;
Photos you have taken that have ended up on someone else's website or blog;
Information from government sources that require the legitimate provision of public data (except in cases where there is a court order to remove such information).
Tips
There are special programs that will help you remove information about yourself from various sites. Find them on the Internet;
Using the "whois" service or a domain search engine, you can determine who owns a particular website so you know who to contact if necessary. This is especially useful when the site does not list the owner's email address. Look for "admin email" and "database server" in the information provided;
Contact Google webmasters to remove certain pages and sites from search results. Be prepared to explain the reason;
Change your name. The advantage is that those who know you by your new name will not search for information about you using the old one. But everyone you knew before knows you by your old name. Moreover, changing your first or last name will entail difficulties with business, legal and other official documents. This is not an ideal solution.
Warnings
Be prepared for some developers to grumble and insist on their "right" to leave public information freely available to the public. Some of them simply do not want to look at the issue from a different angle and take it as a personal insult. Be persistent and, if necessary, contact a lawyer;
Some sites use mailings that try to put emotional pressure on you and make you stay. Phrases like "all your friends will lose track of you" are aimed at making you think twice; after all, the site does not want to lose you as a customer.
Remember the rule "what gets online once, stays online forever." Be careful about the information you are going to share on the Internet. The best cure is prevention.
That's all for today. Take care of yourself and your anonymity. Thank you for your attention!
Hello everyone, dear friends!
In this article, I will tell you how you can be found, how to resist this, and at the same time describe the algorithms of proxy, VPN and other anonymization tools in the simplest possible language. This is necessary for understanding, so as not to burden anyone with professional slang and complex terms that can be omitted or replaced with simple analogs.
This article is intended for beginners.
Let's get started...
How VPN and SSH tunnels work
VPN and SSH tunnel are very similar in their algorithm. Tunnels are even called VPN for the poor.
It all works like this: when connecting to a VPN, an encrypted communication channel is created, and all data on the VPN is transmitted encrypted by the SSL protocol version 1/2/3. Maybe you can even find a VPN with TLS encryption on the Internet. And every time you press Enter in the address bar of your browser, the request is sent not to the site you entered in the address bar, but in encrypted form to the VPN. There it is decrypted and executed, and the result (the page in the browser, the VPN works for all requests to the network from all applications on the computer) is sent to you. It looks like a proxy principle. This is it. VPN acts as an encrypted proxy server between you and all Internet connections on your PC.
Dedik, VPN is not a means of anonymity
Many people think that by connecting to a VPN, they become wild anonyms. Well, it is awkward to ruin their wet fantasies, but it is unlikely to save them from the zone. The fact is that almost all VPNs on the Internet keep logs, which they will gladly give to comrade major. Simply because providing VPN services is a business. And when citizens in uniform come to you, you have to comply with their demands in order to maintain the ability to continue doing business.
Are you sure that the person who provides VPN services, his company, and he himself are in another country? Are you sure that the security forces of your country do not have power over the VPN chief? And now the same thing, but about the moderator, or technical worker of this VPN? And what about the option when the special services and the police themselves open such a site for the provision of VPN services during operational-search, or preventive measures? I am not even mentioning the possibility that there is a vulnerability on the server with the VPN, or the admin of this service is so stupid that he sends logs not just by official order, but even by email or phone call. Yes, this happens. Actually, all the same applies to dedicated servers, that's why I mentioned them in the subtitle.
VPN without logs and clearing logs on a dedicated server
It's no secret that various illegal forums promote various VPN services that promise no logs. Firstly, you can only check this if you have the server IP and the root user password. But even here there is a problem in that the VPN provider keeps logs, and so does your Internet provider. It is required by law.
With dedicated servers, in fact, it's the same old story. Only there is also the added factor that you will never know the exact number of places where logs are written on your specific server, whether there is some hidden pool, and whether logs are written above the dedicated server itself. And no software that "cleans logs after you exit" will help you.
How the police will find you hiding behind a VPN or VDS
First, when they establish the IP from which the alleged crime was committed, they look at what country this IP is from. If it is not from yours, then during COPM they will find out the IP address that sent packets (the same encrypted ones that I talked about in the subheading about VPN) to the IP address from which the violation was committed during a given period of time. So, if the offense was committed by an inexperienced user, then at this point there is practically direct evidence against him. Then it's a small matter - ask the provider for logs regarding the suspect, study them, and make an arrest.
SSL Hacking
SSL encryption, which is used by almost all VPNs and tunnels, has been hacked. This means that the traffic that you drive through a VPN can no longer be considered encrypted at all, and anonymity is lost.
TOR
Many are trying to solve all the problems of TOR. And there are a number of problems here. I would say, diagnoses. And the name of this diagnosis is illiteracy. Firstly, you will never hide from the site that you are using TOR, the onion network is open, and the browser settings also expose you.
The second is that TOR output nodes are often logged by the holders of these very nodes. I just want to say that using TOR, all your authorization data (from a bitcoin wallet, for example) can easily be stolen. Or blackmail you with the content of your requests that you sent from TOR. You didn't go through the onion browser to look at funny pictures, right?
The principle of TOR is similar to an onion, which is why the logo has an onion, not a hammer. Requests through the TOR browser are transmitted from 1 repeater (the principle of retransmission in TOR is similar to the principle of cellular towers of GSM operators, these are ordinary computers of activists who allowed TOR to use their computer as an intermediate or even final point in multi-layer TOR requests. Such computers are called nodes or repeaters). From your computer it flew to node # 21323, from it to 284, then to 3289, then to 9819, then to 13981 and so on, a lot of layers, different countries of the world. In the end, your request for comrade major is lost somewhere among these nodes and countries, and he no longer has the authority and desire to untangle it further. The onion principle. Got it? And of course, in this network of onion layers, there is a layer that is the last one. That is, the layer that sends the request to the Internet and returns it to you. This "layer" is called the output repeater. And he gets already decrypted data, that is, your logins and passwords in plain text. Well, or at least your cookies. All this is very often collected and people make money on it.
Fingerprints
Different good and not so good sites have a bunch of ways to identify your computer even when you cleared all the cookies, reinstalled the browser 20 times, and generally log in through a virtual machine. All these things are called fingerprints. For example, the unique number of your processor. This is the simplest. And there are also fingerprints based on a set of fonts, and I even saw a fingerprint somewhere that identifies users by their computer mouse. They all have different reaction speeds and other parameters. If you are interested, google it. And there is also Ever cookie, these are the same "eternal" cookies that hide in a large number of places on your computer and are quite difficult to delete.
Double VPN
A VPN chain can consist of not one VPN server to which you connect, but two, three, four (these are Double, Triple, Quadro - respectively) connections. They are more resilient and are no longer affected by the trick described in point 4, when the police simply looked at the IP from which the VPN IP was accessed and figured out who was hiding behind it.
Want to escape the Internet?
Then there are more drastic methods that should be used in particularly critical situations. While some people are tempted by online fame, for others it can become a heavy burden. Completely removing yourself from the Internet is not always possible, but by following these instructions you can definitely get close to it.
Think carefully about your decision before continuing.
Much of what is suggested below cannot be undone. This means that you will lose all information and traces of your presence on the network, and in some cases you will not be able to restore your account using the same name and email address. These are drastic measures, they should be taken to the point.
Delete your accounts
You may not remember all the sites you are registered with. The more popular the site, the more effective it is to delete your personal information from it if you are trying to disappear from the Internet. This will not necessarily clear the deep web's memory of you, but it is a good start. The following list should help you determine your priorities:
Delete yourself from VK, Instagram, Facebook, Twitter;
Delete your Google account;
Delete your account on eBay and any other online auction;
Delete yourself from Avito, Yula and any other "flea market";
Delete your account on the school, college or university website, but only if you are no longer a student there;
Delete information about yourself from all gaming sites. Yes, this includes all the virtual valuables you have won and accumulated over the years. Give all your things to people who need them, if this is provided for by the rules of the site.
Look for workarounds if it's impossible to delete an account
Some sites don't allow you to completely delete an account, instead suggesting that you simply "deactivate" it (while all your data will remain in the system) or abandon it. If there's a real reason for deleting, contact the site's creator or its administrators; at the very least, you should be able to change your first and last name to hide your identity. If the site doesn't respond, here's another way:
Delete any true information about yourself from your account. If leaving the fields blank is impossible (or you suspect that your data is still stored somewhere), replace them with obviously fake (Vasily Oppenheimer, Jr.) or hopelessly hackneyed (Vasya Pupkin) options. Don't associate your abandoned page with some poor guy whose name matches the one you specified. Please note that if you enter a non-existent email address, the system will send a confirmation request there, so this option will not work. This prompts us to the next step;
Create a new email account on a free site. The less similar the login is to your real name, the better (for example: jr7_9![email protected]). Also, do not enter true information. Do not close this page; if the email address is really that ridiculous, you may not remember it later;
Link a non-deletable account to the new email account. Confirm the request to change the email address. Once the data is changed, make sure that your primary email address no longer appears anywhere in this account;
Delete your new account. Your non-deletable account is now linked to a non-existent email address. There is always a chance that someone will choose exactly this login jr7_9![email protected] for an email and want to create an account on the same site. Then there will be confusion, but it will most likely not bother you too much.
Close your personal pages
If you have created websites on the Internet, you will have to delete them completely. This includes:
Blogs. If you had a popular blog, remember that fragments of it may have already flown around the Internet. Nothing can be done about it;
Blogs on social networks. Many sites offer blogging as an additional option when registering; do not forget about this if you have ever created such a blog;
Groups like Ning, Gro.ups, Yahoo Groups, etc. How successfully you manage to leave such groups depends on the other participants;
Posts on forums. This may be almost impossible on some sites, but try your best;
Articles that you have added to specialized sites. Success will depend on the terms and conditions of these sites.
Check if you are listed as a customer of the phone company
If so, ask them to delete your details completely. Do the same for any other customer databases online that may contain your name and other information.
Unsubscribe from all emails sent to you
This should be fairly easy and can be done by clicking on a direct link provided in the body of the email. Follow the individual instructions. If you cannot find such instructions, contact the site administrators directly.
Delete web search results that refer to you
Search for variations of your name or nickname to find anything you may have forgotten and delete it manually. Remember that search engines display cached data (including references to you) from old pages that have since been modified or deleted; it is not in the search engine's interest to display expired information in results, so it will disappear over time. In some cases, however, you may need to contact the search engine administrators directly for expedited removal.
Be prepared that removing yourself from search engine results may require more work, including real-world paperwork (e.g. faxes, etc. to verify your identity). The main search engines and people search engines you should check are:
Google;
Yandex;
Mail.ru Search;
Yahoo;
Bing;
White Pages;
Intelius;
Yahoo People Search;
Acxiom;
People Finder;
Zaba Search.
Be polite
Even if you are angry, afraid, or frustrated, don't let it color your tone when dealing with website managers. They are human beings and will respond to a reasonable request with a valid reason. If you want to remove your name because you are looking for a job, say so; at least they will know you have a real reason.
Avoid raising your voice, threatening to sue (unless they refuse to cooperate and you are truly willing to do so), or other unflattering tactics.
Delete your email
The method for deleting will depend on whether you are using a paid or free service. If you decide to take this extreme measure, wait until you have completed the rest of the steps in this article, as you may still need your email to complete them.
If the service is free (e.g. Gmail, Hotmail, etc.), delete the email following the site's instructions.
If the service is paid, contact the relevant company for instructions. Even completely electronic organizations should be run by real people who can be contacted.
Some free email accounts are automatically deleted after a certain period of inactivity.
Before deleting your email, always check if there is any important information on it that is worth keeping. Transfer all necessary materials to a flash drive or other storage method.
Accept that you will not be able to delete absolutely everything.
There may be some things that cannot be done about. In such cases, it is best to accept everything as it is. If echoes of your virtual life haunt you, you can always pretend that it is not you (especially if you have a very common name).
You should be aware that deleting references to yourself will be extremely difficult in the following cases:
Mentions about you in news, blogs, audio files, etc.;
Comments left by you anywhere;
Your photos uploaded by other users to their albums;
Photos you have taken that have ended up on someone else's website or blog;
Information from government sources that require the legitimate provision of public data (except in cases where there is a court order to remove such information).
Tips
There are special programs that will help you remove information about yourself from various sites. Find them on the Internet;
Using the "whois" service or a domain search engine, you can determine who owns a particular website so you know who to contact if necessary. This is especially useful when the site does not list the owner's email address. Look for "admin email" and "database server" in the information provided;
Contact Google webmasters to remove certain pages and sites from search results. Be prepared to explain the reason;
Change your name. The advantage is that those who know you by your new name will not search for information about you using the old one. But everyone you knew before knows you by your old name. Moreover, changing your first or last name will entail difficulties with business, legal and other official documents. This is not an ideal solution.
Warnings
Be prepared for some developers to grumble and insist on their "right" to leave public information freely available to the public. Some of them simply do not want to look at the issue from a different angle and take it as a personal insult. Be persistent and, if necessary, contact a lawyer;
Some sites use mailings that try to put emotional pressure on you and make you stay. Phrases like "all your friends will lose track of you" are aimed at making you think twice; after all, the site does not want to lose you as a customer.
Remember the rule "what gets online once, stays online forever." Be careful about the information you are going to share on the Internet. The best cure is prevention.
That's all for today. Take care of yourself and your anonymity. Thank you for your attention!
