AnonIC
Home Internet
Privacy Data
interception
Anonymous Surfing
Internet
Security Solutions Email
Security and Anonymity Computer
Security Online
Business Privacy Internet
Privacy FAQ Privacy
Tools & Resources
|
Before we go to practical recommendations on how to secure
your browsing let us explain browsing process flow and define the potential
risks.
Browsing process flow.
When you enter website address (www.someweb.com for example) in the
browser “Address” field and click “Go”, your browser performs the following
steps:
- Browser will try to resolve the domain name into IP address. To do
so, it will send the following request to Domain Name Server (DNS):
“give me IP address for the host www.someweb.com ”. DNS will reply something
like this: “IP address for the host www.someweb.com is 192.168.3.1”
- Browser will try to establish TCP connection to the www.someweb.com
web server IP address 192.168.3.1.
- Server will accept connection, and store your IP address, i.e. the
address from which the request was sent, in logs.
- After the connection has been established, browser will send the following
query to the server: “GET /”. With this request browser will send some
additional details, like his capabilities (browser software type and
version, accepted file types, your preferred language, your operating
system) and some additional info: referrer website address (in case
you have followed this link from some website) and cookies (if any).
It has to be noted that all this information will be stored in server
logs as well.
- Server will reply with some header data (which can contain cookies)
and page text in HTML format and close the TCP connection.
- Browser will format the HTML and show it to you in the window.
Let us sum this up. Making a click in your browser window you have advised
the server owner the following details: your IP address, browser software
type and version, file types your browser will accept, your preferred
language, your operating system, what site or web page you have visited
before. Additionally, you have passed cookies intended for this site and
accepted cookies from this site. Later in this article we will explain
how safe or unsafe was to pass all this data.
Some potential risks associated with browsing.
1. IP address anonymity.
Web browsing, as any other Internet activity, will give away your IP address
to the web site owner. Giving the IP address is the same as to give your
home address, and if privacy is important for you, you should avoid passing
the IP to webmasters. There are various techniques to hide IP address:
web redirectors, proxy, socks, VPN tunneling. Unfortunately, not all of
them are safe and reliable. The most common and most dangerous way to
hide your IP is using free proxy service. To learn more about IP address
anonymity and about how important it is to hide IP address please read
our "Internet Privacy". In the
"Data interception" article we have compared the IP anonymity and data protection
technologies used.
2. Data interception.
As we explained in "Data interception" chapter,
when accessing non-encrypted pages all the data your browser and web server
exchange (i.e. website visited, data passed to that site) can be easily
intercepted. In some cases even SSL encrypted connection can be intercepted
and monitored. We can refer to the well known “man-in-the-middle” attack
against some poor SSL implementations (see article http://www.pcworld.com/news/article/0,aid,103892,00.asp).
You can avoid data interception only by using third party services. There
are two methods to encrypt your traffic: using proxy through the SSH,
or using VPN tunneling service. You may read more on pros and cons of
using the above methods in our "Data interception" page.
3. Java, JavaScripts, ActiveX controls, plug-ins.
All the features above allow to make the web page dynamic by executing
the downloaded code on your computer. It is very unsafe to allow running
the code downloaded from not trusted/unknown sites. Since most of the
modern websites use JavaScripts, Flash animation, simply disabling the
Java will make it impossible to browse all of them. Fortunately, Internet
Explorer has powerful security options allowing controlling browser behavior.
To configure your browser security settings, start Internet Explorer,
choose “Internet Options…” from “Tools” menu and select "Security"
tab. Here you will be able to assign websites to zones and tweak security
settings for these zones.
For example, you use yahoo.com for mailing, trade on eBay.com and shop
on amazon.com. You can add yahoo.com, ebay.com and amazon.com to the "Trusted
sites", and set "High" security level for any other sites,
e.g. for the "Internet" zone. Default security settings for
the zones are reasonable, but if you need more control click on "Custom
level" button to configure security level details for the chosen
zone.
Click “OK” to exit “Internet Options” menu.
4. Cookies.
Now a few words about cookies. Cookies are the special strings sent by
server to your browser and stored locally at your hard drive. Usually
cookies are “addressed” to some website, e.g. cookie “www.someweb.com:
HelloWorld” will instruct your browser to pass to the server the string
“HelloWorld” when you visit www.someweb.com web site. Also, cookies have
“time to live”, i.e. time they are stored in your system. Basically, there
are two kinds of cookies:
- Session cookies. Session cookies are addressed for one site only,
with limited “time to live” value. They are used to keep the web session
data, in web shops for example, and it is safe to use them. In many
cases, you will not be able to use a web shop or a banking site if you
have cookies disabled.
- “First party” and “Third party” cookies. They are designed to keep
data for the time longer then one web session. In most cases they can
be disabled without loosing the web site functionality. “Third party”
cookies are inserted by one web site to be passed to some another, and
are the most privacy dangerous.
There is a simple method to deal with cookies. Internet Explorer and
many other browsers like Mozilla or Opera can be configured to block cookies.
Here we will explain how to configure Internet Explorer to block undesired
cookies.
To configure cookies behavior, start Internet Explorer, choose
“Internet Options…” from “Tools” menu and select "Privacy" tab.
Using the slider you will be able to set cookies privacy options for websites
in "Internet" zone. You may set “Block All Cookies” to block
all cookies from all web sites. Please note, cookies from web sites in
“Trusted sites” zone will be accepted.
To delete all the stored cookies select “General” tab and click “Delete
Cookies…” button. New window will appear. Click “OK” to delete cookie
files.
Click “OK” to save the changes. Click “OK” to exit “Internet Options”
menu.
5. Other data passed by your browser.
When passing the request for a web page, your browser will give some details
on your operating system and browser capabilities to the web server. For
example: "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)".
Is this dangerous? We believe it is not. There are millions of Internet
users who are using Windows XP operating system and almost all of them
are using Internet Explorer for browsing. But this data can be used by
malicious script code you have downloaded with a web page. To protect
your computer, simply disable dangerous features for the not trusted web
sites as described above. Among the operating system details, your language
preferences are passed to the web server. If you are using German language
as your operating system language, web server will be able to determine
this. It is quite simple to change your language settings.
To change the language setting, start the Internet Explorer, choose
“Internet Options…” from “Tools” menu, select “General” tab and click
“Languages…” button. New window will appear. If you would like your browser
to pass only “English” language preference, highlight all the “Language”
values except “English” and press “Delete” button. Click “OK” to save
the changes. Click “OK” to exit “Internet Options” menu. From now, the
browser will pass only “English” as preferred language.
6. Temporary Internet Files
Browsers are storing the web pages you have viewed on computer hard drive
in cache files. Anybody having physical access to your computer can examine
your browser cache, browser history to find out what sites were accessed,
what pages were viewed and when. Examining cookie files allow finding
the data passed to the websites in many cases. Unfortunately it is not
always possible to disable storing cookies and temporary Internet files.
Even using special cleaning applications is not 100% safe: cleaning applications
will not be able to delete the files during the system crush. The most
effective method to protect temporary files is to encrypt data on your
hard drive. On our "Computer Security" page in “Hard drive data protection”
section we have described the most convenient methods to hide cached files
from prying eyes.
If your security requirements are not too high, and you consider not to
use hard drive encryption, all cached web pages and stored cookies can
be easily deleted by yourself using built in Internet Explorer tools.
To delete all the stored cookies start Internet Explorer, choose
“Internet Options…” from “Tools” menu, select “General” tab and click
“Delete Cookies…” button. New window will appear. Click “OK” to delete
cookie files.
To delete all the temporary (cached) files, click on “Delete Files…” button.
New window will appear. Check the “Delete all offline content” check box
and click “OK” button to delete cached files.
To delete browser history, click on “Clear History” button. New window
will appear. Click “Yes” button to confirm. Click “OK” to exit “Internet
Options” menu.
A few words about various services promising to “block all the dangerous
content”. Most of the above services are using proxies, which allow filtering
out dangerous content like Java, ActiveX, cookies. The problem is that
code and cookies are filtered out for all the sites and customers cannot
control this proxy behavior. If you filter out cookies and Java you will
not be able to browse most of the web sites. Some web redirectors allow
controlling cookies per site, but redirector service has other limitations
that can make browsing process inconvenient (you may read more on web
redirectors on our "Internet Security Solutions" page). In our opinion it is more
convenient to control all the browsing aspects by using browser built
in security options. This will allow making your browsing safe without
loosing usability. |