Arch Linux

keratos

Member

Registered: 2008-04-27

Posts: 138

[SOLVED] what are the options for secure browsing

Hi

I would like to setup a secure browsing environment. By this I am refering to general surfing of internet sites and the completion of online forms (banks, user ids, passwords etc) is all secure, regardless of whether the server is a secure link (https) or whatever. I would like to make absolutely sure at the client end.

I've spent many hours on goolge trying to understand these and so far as I can tell, the reasons I cannot use them can be sumarised viz:-

SOCKS
I am not behind a "firewall" as such, but behind a router (okay a sort of firewall) but does this not require a server?

SSL
Requires account on the server.

Anonymizers (web sites).
Slow. ping times of around 700ms.

SSH
Requires serverside SSH daemon. Can I set up sshd on my box, connect to it, or is this defeating the object?

Any ideas please?

Last edited by keratos (2008-05-05 09:52:05)

elide

Member

From: Russia

Registered: 2007-12-02

Posts: 40

Re: [SOLVED] what are the options for secure browsing

TOR?
Rented VDS + vpn?

keratos

Member

Registered: 2008-04-27

Posts: 138

Re: [SOLVED] what are the options for secure browsing

TOR?
Rented VDS + vpn?

what? do not understand?

skymt

Member

Registered: 2006-11-27

Posts: 443

Re: [SOLVED] what are the options for secure browsing

Your goal seems to be to ensure that the information you send and receive is encrypted all the way to the other end of the connection. This is only possible if the other end has set up encryption-- that is, if they're using SSL (https). Any other option will send the information in cleartext (unencrypted) at least part of the way. That's simply the way it works; there's no way around it.

Three of the technologies you mentioned (SOCKS, SSH, and anonymizer sites) can be lumped into one solution group: proxies. That is, you connect to the proxy, the proxy connects to the endpoint and forwards data back and forth between you and your destination. They all have the same inherent problem: all your traffic is routed through the proxy server. This makes public proxies a step backwards in security: if the proxy is compromised or untrustworthy, they now have everything you were trying to keep secret. Private proxies are a step up, as they're presumably controlled by a trusted party (though they can of course be compromised). But the data still needs to be sent in cleartext from the proxy to the endpoint, so they provide zero security gain compared to an ordinary connection.

Proxies can be useful for security if you don't trust your network. For example, you could run an SSH server on your home computer and connect to it as a proxy from your laptop at a public hotspot. Then all your data would be encrypted until it gets to your home computer and is sent out from your presumably trustworthy home connection. This obviously still has the fault of trusting your home connection.

Finally, a word of warning: someone will likely (edit: already did) suggest Tor. Don't waste your time. It suffers from the same problems as other proxy solutions, plus one very special one: because of how tor works, anyone can offer to proxy your connection and thus read your data. The Tor network is known to have quite a few rogue nodes that look for passwords or other confidential information.

tl;dr: SSL (https) is your only option.

Last edited by skymt (2008-05-05 08:00:20)

bangkok_manouel

Member

From: indicates a starting point

Registered: 2005-02-07

Posts: 1,556

Re: [SOLVED] what are the options for secure browsing

Tor is slow as hell and would be just an anonymizer... I experienced very good speed with relakks VPN, you can try it for free for few days, monthly fees are quite low (EUR 5/Month)

skymt

Member

Registered: 2006-11-27

Posts: 443

Re: [SOLVED] what are the options for secure browsing

A VPN like relakks can be thought of an advanced proxy. You still trust your data to a third party, and said third party still sends it in cleartext to the endpoint. Unless you have a specific reason not to trust your ISP (and would prefer to trust the proxy provider plus their ISP), a VPN service is a waste of money.

keratos

Member

Registered: 2008-04-27

Posts: 138

Re: [SOLVED] what are the options for secure browsing

thanks guys for the posts. lots to think about there.

skymt: thank you for the insighful assessment of the options, together with the explanations.

I heard on the BBC news24 programme "Click!" that surfers could - with a "little know-how" - setup a secure browsing system connecting through a port over the internet using some form of encryption. I didnt understand it and did not record the programme, however does anyone have an inclin what the programme might be referring to ??

skymt

Member

Registered: 2006-11-27

Posts: 443

Re: [SOLVED] what are the options for secure browsing

Either Click! was referring to the case where a proxy would be useful (that is, when you trust their network more than yours), or they were severely misinformed (possibly by salesmen for a proxy service).

k.mandla

Member

From: Japan

Registered: 2006-05-16

Posts: 86

Website

Re: [SOLVED] what are the options for secure browsing

skymt: thank you for the insighful assessment of the options, together with the explanations.

+1. I learned something today. Thanks, skymt.

---

Linux user No. 409907

keratos

Member

Registered: 2008-04-27

Posts: 138

Re: [SOLVED] what are the options for secure browsing

Either Click! was referring to the case where a proxy would be useful (that is, when you trust their network more than yours), or they were severely misinformed (possibly by salesmen for a proxy service).

Ah.  I see.

It wouldn't be the first time the BBC were misinformed about something.

So, just to understand you fully, are you saying then that proxies are pointless unless they are a trusted machine on a trusted network?

skymt

Member

Registered: 2006-11-27

Posts: 443

Re: [SOLVED] what are the options for secure browsing

So, just to understand you fully, are you saying then that proxies are pointless unless they are a trusted machine on a trusted network?

Exactly. Or more precisely, a proxy is useless unless you trust it and its network more than you trust your own network.

Last edited by skymt (2008-05-05 09:15:52)

unregistered

Member

Registered: 2008-04-09

Posts: 134

Re: [SOLVED] what are the options for secure browsing

thanks skymt, please post somemore

unregistered

Member

Registered: 2008-04-09

Posts: 134

Re: [SOLVED] what are the options for secure browsing

the way i see it, proxy/tor provides anonymity but not privacy

Last edited by unregistered (2008-05-05 09:21:58)

skymt

Member

Registered: 2006-11-27

Posts: 443

Re: [SOLVED] what are the options for secure browsing

the way i see it, proxy/tor provides anonymity but not privacy

That's correct. It should be noted that proxies don't provide total anonymity: the endpoint can't identify you, but anyone who can examine the data on both ends of the proxy can. It would probably government-level access to the network, but it's worth considering.

Tor is better, but you can still be identified if enough nodes work together. The US government is rumored to run enough nodes to make some currently theoretical attacks work in practice. Summary: proxies (especially Tor) will hide you (but not your data) from everyone but the feds.

keratos

Member

Registered: 2008-04-27

Posts: 138

Re: [SOLVED] what are the options for secure browsing

thanks skymt.

changing to [SOLVED]

unregistered

Member

Registered: 2008-04-09

Posts: 134

Re: [SOLVED] what are the options for secure browsing

the way i see it, proxy/tor provides anonymity but not privacy

That's correct. It should be noted that proxies don't provide total anonymity: the endpoint can't identify you, but anyone who can examine the data on both ends of the proxy can. It would probably government-level access to the network, but it's worth considering.

Tor is better, but you can still be identified if enough nodes work together. The US government is rumored to run enough nodes to make some currently theoretical attacks work in practice. Summary: proxies (especially Tor) will hide you (but not your data) from everyone but the feds.

nothing provides total anonymity. as for examining both ends of data, proxy chains with proxies outside the jurisdiction of the feds can be used to increase the workload of people trying to track you