I've read a few things about 'hiding' your IP address to protect your privacy. Does anyone have any tips about how to go about this? I use Firefox rather than IE.

Presumably this would give any sites you visit a dummy IP address, but your ISP would still know who you are and what you're doing?

Coincidentally I just received an email from Zone Alarm offering "Anonymiser" to hide my IP address for $19.95.
Do I need to hide my IP address?
If so can I do it without spending $19.95?
All comments welcome from those more computer literate than me (i.e all of you).

Thanks
Jeff

You cannot be anonymous on the internet. Just accept the fact and get over it !

(1) Your ISP is governed by the regulatory environment, if the Police ask them to cough up information then they will.
(2) Disgruntled/Insider engineers working for your ISP could see your traffic flows if they wanted to (even though this would be illegal with no suitable justification).
(3) Even if you use a third party service such as "Anonymiser" .... they are still subject to a/ the regulatory environment ... i.e. Police wanting to track you down, and b/ how do you know they are not watching you ?

Basically, if you've got nothing to hide, you've nothing to worry about.


Actually, there is one way you can be anonymous. Go to an internet café, but make sure it's one where you can pay in cash, there are no CCTV cameras and hope that the guy behind the counter is dumb enough not to remember your face, oh, and you had better find a lot of them, because you don't want to go back to the same one twice. That's anonymous, or at least it is until the forensics officers track you down ...

There is no privacy in this world. Tell me, how do you anonymise your phonecalls ..... the withold number feature is worthless you know !

You can get some of the way there for everyday use. Tunneling encrypted proxy service such as Guardster, Proxify, Shadowsurf, Anonymization, Anonymizer, Tor, Snoopblock, etc. Work with a service in a nominally secure country (i.e. not most of the US ones listed above). Sweden's got a couple. As long as the session is encrypted to the proxy, you're 90% done since most logging at the superficial level is done at your local ISP or maybe NIX.

Anyway, hiding your IP address only hides it from the web site logs, etc. Cookies and beacons will still follow you around unless you use a service that strips them out.

After the recent uproar in our neighbour country, I'm not sure I'd put my faith & fate in the Swedes' when it comes to internet privacy.

Swedish law allows tapping of emails and phone.

You still leave that trail behind you .... they know you've been using the proxy even if they can't see the data without requesting it from the anonymising service.... therefore a means to track you down still exists.

A proxy service exposes you to security issues for e-commerce/online banking ....man in the middle attack.....

Think you'll find it's not only Sweden .... you can probably also forget privacy in the US and the UK to start with. Oh, and various countries in an Easterly direction too of course.

You think you’ve got problems! Proxy servers are also illegal.

As of August 23rd 2008 private firms, organisations and government agencies in Thailand will be required to store all internet traffic data for 90 days...


From the Nation

Beginning from August 23, all businesses and government agencies that provide computers and other related services must keep records of computer and Internet use and Internet traffic for the last 90 days.

This is a part of the 2007 Computer Crimes Act, which took effect on July 18 last year. Granted a grace period of one year, only local Internet Service Providers have so far compiled to the law. Now it is time for the remaining entities, designated as the so-called "third and last group", follow the law.
This includes all government agencies, private and government schools, apartments and residential complexes, online game shops and Internet cafes. Those who fail to comply with the law will face a Bt500,000 fine.

The Act indeed applies to operators of both mobile and fixed line telephone services, who have built data storage facilities to record their clients' usage.

Under this law, businesses, schools and government organizations have to provide data storage facilities to collect users' identification details such as names and addresses of people registered with websites or online applications, logs of Internet use and Internet Protocol addresses and URLs to websites surfed by those users.

Pol Colonel Yannaphol Yangyuen, a senior Department of Special Investigation official, said it would be a priority for organisations to prevent employees from harassing people by sending insulting or defamatory messages on web boards or forwarding pornographic material via email by setting up recording procedures for internal computer use. They must make the stored information available every 90 days

The 2007 Computer Crimes Act is the first Thai law that aims to tackle all types of electronic crime committed through the use of computers and information technology.

Serious question. How would you go about complying with this law?

I run a company with approx 50 PCs attached to the net through a server. Massive amount of official traffic as well as ‘social’ use like this. Additionally there is a wireless router (unsecured) for customer use.

That might be true if you use a proxy in say UK or US, but if you are that paranoid you will use a proxy chain that uses at least 2 in places like Rumania or the Ukraine who are unlikely to co-operate with western police.

The discussion here seems to be about hiding dodgy activities from the authorities. The sales pitch from 'Anonymiser' is that you need to be protected from identity theft by hiding your IP address.

Tell me Cunliffe. How does a proxy service (be it 'Anonymiser' or otherwise) protect an idiot from clicking on a link in a phishing spam ? How does a proxy service protect an idiot from entering their credit card details on a not so trustworthy website ?

Much like spammers. Criminals will (eventually) find a way around barriers. It's a vicious circle, you think you fix it, they break it ..... etc. etc.


P.S. Not calling anyone here an 'idiot' .... just incase anyone gets their k's in a twist

P.S.P.S. Identity theft doesn't happen with your IP address ..... it happens from what people put into forms that they shouldn't fill in on websites they shouldn't visit !

(yes, I know, it also happens when data goes missing from reputable websites, but that's becoming rarer now that the Visa & co. have become much more rigerous in their vetting process).

Much the same ways that ISPs comply with the likes of RIPA.

One technique is port mirroring.

If you've got the right kit, it's easy as a quick change to configuration settings.

I don't think people are trying to hide something they should not be doing. The point is that the bloody Government or anyone else should but out and mind their collective business'. It has nothing to do with crime or Terrorism, It's about control of the people.
Anything that can possibly be done to thwart anyone nosing into my privacy will be taken as I see fit.
I know it's like pi$$ing in the wind but it makes me feel better. All this nonsense about ISP's keeping stuff is just smoke.
The Government and the US use 'Echelon' A super snooping system that snoops on all communication in the UK and US. B@st@rds...

Sorry......Rant Over..

mixture
I am aware of the dangers of responding to dodgy emails and iffy sellers and as such I have control over whether I publish my personal details. However, the implication from the people who are trying to sell me software is that my identity can be stolen simply because I am broadcasting my IP address. I take it that you are advising that this is untrue.

Cunliffe,

First, my apologies. Second time today I've spent too little time wording a response to a forum posting and making it sound like I'm having a dig at someone when I'm not. So sorry about that, unintentional, I'll spend a few more minutes typing next time !

Generally speaking (and attempting to summarise a rather complex topic in a short post) :

IP addresses are there for the purposes of "routing", that is they provide a unique identifier for every possible destination on the internet. Depending on what service you have subscribed to, there are two ways in which you can be allocated an IP address, "dynamic" or "static".

With "dynamic", as is usually the default service for residential customers, your IP address is randomly selected by your ISP's equipment out of a large pool. There is no way for you or anyone else to predict what IP address you will be allocated, how long you will be allocated it for, and all the publicly available information relating to that IP address is in the ISPs name. Obviously the ISP keeps a log of who was allocated what when, so they can track you down if they receive a complaint or law enforcement warrant, but otherwise it's pretty much impossible for the average Joe to track you down.

With "static", your ISP allocates you a set of IP addresses, which remain yours as long as you remain a subscriber. For residential customers, most ISPs will respect the word of the Data Protection Act, and refer to you by simply your account reference number when registering your static IP address in the public databases, so only they and law enforcement can find out who you are.

If we asssume the worst case scenario that they put your name and address in the database, the only thing that can really happen is that a malicious website operator can see your static IP address has browsed their website and look up your name and adddress. But as I said earlier on, the real damage is done if you put your credit card or other information into a form on that site. Your name and address can be found in many other ways (e.g. directory enquiries, the government loosing a disk etc. etc.) and so on its own would not be much more of a risk than it would be if you were not on the internet at all.

That's my 2p worth anyway. I doubt I'm wrong, but willing to be proven wrong !

Thanks mixture.
No apology necessary.

On the other hand Mixture I find it quite disconcerting when you go on to some "adult" sites to have adverts for escort/dating agencies in your local town appear on the screen, if you use a proxy it then puts the ads up for the proxies local town, so the site must be able to deduce your approximate location from your ip address.

green granite,

You are correct - but I believe that this depends on the reverse DNS entry for the IP addresses, and this is not always provided by the ISP.

In my case, my IP address resolves (ping -a address) to:

cable.ubr02.mort.blueyonder.co.uk

The "mort" is Mortlake in W London, so that's as close as I can be located (without asking my ISP)*. I assume that a whois on the RIPE database will provide similar information.

These details are compiled by various organizations and then they sell access to their databases, which is probably the way these sites "locate" you.

There is a resource record in DNS for specifying geolocation data for a host, where the latitude, longitude and altitude are specified. However, I do not believe that type of record is widely used - and again, this is the ISP location, not you!

SD

*Actually, my public PPRuNe profile locates me closer than that, but that is not relevant!

Green granite, you've got it in one there. "Approximate" is the word.

The mobile phone companies can track you down much closer than that !

Deducing location from IP addresses, or "geolocation", as Saab points out, is (a) an artform, (b) not always accurate.

It is the holy grail. There are lots of companies out there that have a genuine need for accurate geolocation, and would pay millions for the data. Companies such as Akamai, who provide local hosting services for websites with heavy traffic such as large e-commerce sites. They would love to have a magic list that would be guaranteed to point you to their nearest server cluster so that you can browse the busy website of your choice at higher speeds, but instead, they have to take a best guess and hope for the best that they've sent you to the right place. Google too would love to do a better job of balancing search traffic around their global network. But it's just not possible to be that precise. I believe Akamai offer their clients a 99% guarantee on geolocation accuracy when using their technology, but the small print limits that guarantee to country code level, and they can only offer that guarantee because they have some very fancy algorithms that amalgamate data from their 34000 servers plus various other bits of kit spread around 70 countries !

Akamai will show you what they know about your location on this page :
How Our Personalization Works

Saab,

Bear in mind that the WHOIS data is not the stuff that's compiled, any non-authorised use of that (whether commercial or otherwise) is prohibited. What does get compiled is, for example, the lists of IP adddresses that the regional organisations such as RIPE have been allocated by IANA. This is then mixed with other scraps from elsewhere, but WHOIS itself is a no no.*


* = won't stop spammers, I know

Only works sometimes. You're taking a punt that your neighbour isn't recording the MAC addresses of people who do this ...

... or even recording all their traffic, including emails sent in the clear and that sort of thing.

Not sensible, basically. Setting up an unsecured wireless connection as a trap precisely so as to spy on any traffic from anyone daft enough to use it, with a view to committing identity theft, is hardly a new idea.

Communications Act 2003
Computer Misuse Act 1990

Not a good idea.

And anyway, if you kept on using the same neighbor's connection, you would not stay anonymous for long !



Indeed.

It's known as a man in the middle attack.

And don't think just because you're visiting a "secure" page such as online banking you're safe. The man in the middle can intercept the secure communications, effectivley relaying on your behalf and capturing passwords and everything else in the process.