Hello everyone,

I would like to dedicate this article to discussing the topic of anonymity on the Internet and some of the techniques currently available to try to ensure it. I would also like to share some thoughts on this topic.

Before diving into the subject of Internet anonymity, it is essential to understand some basic concepts related to computer networks and the security risks we face simply by being connected to the Internet.

The IP address and MAC address of the devices connected to our home/private network (including virtual machines) are not directly exposed to the Internet.

To connect to the Internet, we need a device called a router, which, generally speaking, connects our home/private network to other networks that make up the Internet. All the devices connected to our home/private network have a private IP address that is only accessible by other devices on the same network. Therefore, to connect to the Internet, these devices must do so through the router, which has a specific public IP address used by all the devices on our private network.

This can easily be verified by visiting websites that display your public IP address from different devices connected to your home network (e.g., your mobile phone and computer). You’ll notice that the public IP address is the same for both devices.

That said, where does the concept of anonymity come into play?

By using methods to ensure anonymity, such as a VPN, a proxy, or the Tor network, we are generally tunneling our network traffic and applying encryption from a device on our local/home network to a server on the Internet. This server decrypts the traffic and forwards the request to its intended destination. It’s important to understand that even though the network traffic is encrypted, it still passes through our router to reach the server that decrypts it. Thus, our router remains exposed to the Internet.

The security risk we all face, whether we use anonymity mechanisms or not, is the potential exploitation of a security vulnerability in our router that could grant unauthorized access to systems connected to our local network. This risk cannot be entirely mitigated because the router must be exposed to the Internet to enable the devices in our private network to connect.

So, what are we trying to achieve with techniques that aim to ensure anonymity on the Internet?

These techniques and tools aim to protect the privacy and confidentiality of our connections. When we connect to a machine on the Internet, such as a web server, we do so through one or more intermediary machines with which we establish an encrypted connection.

Here are some important considerations: Machines that serve as intermediaries for anonymous connections (e.g., VPN servers) must decrypt your network traffic and can, therefore, monitor and log it. They know what you’re doing and the origin of your connection. If you use a free proxy or VPN service found online, it’s possible they are monitoring your activity and might even steal your information. If you engage in illegal activities using these mechanisms, there is no guarantee you won’t be identified, especially when using free services.

With all this said, I would like to emphasize that, in my opinion, these tools are very useful and can help ensure confidentiality and privacy for certain actions. However, as I often reiterate throughout the course, no hacking technique should be used illegally on a system or organization without a contract for ethical hacking. Otherwise, whether or not you use techniques to ensure anonymity, you risk being identified.

In the first sections of this course, anonymity tools are not introduced because passive information-gathering techniques are not illegal and do not require hiding your public IP address. These techniques rely on searching for information in open sources and are not aimed at any specific target. From section 6 onwards, when we begin covering active information-gathering techniques directed at specific targets, we establish a virtual lab where all tests are conducted on servers and machines in our controlled environment, never on the Internet. I strongly advise against using active hacking techniques on targets found on the Internet unless you have a prior contract for ethical hacking, even if you use anonymity tools.

Having shared this thoughts on techniques to ensure anonymity online, I would like to discuss their importance for certain tasks. One of the most clear-cut examples of where techniques like VPNs are useful is when connected to an untrusted local network, such as a café or airport Wi-Fi. In these cases, we don’t know what devices are connected to the same local network or whether someone might be monitoring our communications (as explained in section 10 of the course). Using a VPN, which encrypts network traffic from your device to a server on the Internet, ensures that anyone intercepting your communication cannot view its contents.

To conclude this article, I would like to highlight some of the most popular solutions and tools for ensuring anonymity online:

  1. Proxy servers: The simplest option is to use a proxy. If you use a free and public proxy, be aware that the destination machine used to connect to the Internet may monitor your browsing activity.

  2. VPNs: Another common mechanism is using a VPN. There are many free VPN services available. Based on my personal experience, I recommend ProtonVPN, which offers a free version that you can use securely.

  3. The Tor network: Although less common, you can connect to the Internet via the Tor network. This ensures that the exit nodes to the Internet belong to this network and, therefore, your public IP address differs from your own. However, be aware that Tor exit nodes are frequently blocked by popular search engines like Google.

  4. Personal jump server in the cloud: You can set up your own jump server in the cloud. For example, you can create a free AWS (Amazon Web Services) account and deploy an instance to use as your personal proxy for Internet connections.

These are some of the available alternatives. If you’d like to dive deeper into this topic, I recommend my Udemy course, Cybersecurity and Online Privacy: VPN, Proxy, TOR, where all these technologies and more are explored in detail.

As a final thought, I want you to understand that these tools do not always guarantee anonymity online and, in certain cases, might expose you to new security risks. It’s crucial to be aware of the limitations of these techniques and to use them intelligently in situations where they genuinely provide security benefits.

Thank you all for choosing this course, and I’ll see you in the next section!

Santiago.