Internet Track: how to be safe?

[john745]

Hullo:

Well, my question is: is possible to track somebody internet movement on internet -i have read many version on the web, so i am a little bit confused-. If this is possible, how is the mechanism of this beggardy (im asking not for "evil" pouposes, just for general knowledge). And of course how can we be secure.
I mean, how the "police" catch this hackers or whatever, how is possible?..................and we can defend our privacy? (I am, of course, agree that the "evil" users of internet must have punishment, but im uncertain about the vulnerability of all the users also)

Well, thats all. Maybe im just another victim of the "hollywood effect", for watching so many movies ...........or maybe not........

Waiting for anwsers.

Greetings

[bluepass]

There's no one definite answer for your question. There are different cases. It's probably the reason you are confused about it -- you hear some stories say it's possible and some say it's not. You can think of it this way. If the hacker knows what he's doing, and it's often not only a matter of knowing what he's doing, but also a matter of knowing other things not directly related to the hacking technique he attempts, he is able to hide his traces. Over here we're talking about people who are really knowledgeable, not just some kid who just found out how to port scan a server and find and compile an exploit. We're talking about a person who has spent a big part of his life just studying computer technology and read about the vulnerabilities found in various services/daemons and what not. Often things are not as easy as they appear in movies, and the more you try the more you increase the possibility of screwing up something and leaving a clue which can be traced back to you behind. As for how they are able to track you down, well, there are lots of different ways. If they've got a way to trace an attack back to your IP address, they'll go directly to the ISP and get all the information they need to get to you. Sometimes people think they're safe because they're bouncing through a couple of proxies but sometimes the proxy servers will keep logs or simply forward your IP along with information saying that you are using a proxy to whatever remote you're trying to connect to -- so you have to know what proxy you're using. There's just thousands of possibilities. If you have something specific in mind that you'd like to know about ask ahead. Otherwise, the answer is that yes they are able to trace your internet activity back to you and often that'll happen because a stupid mistake you made. As for how to keep your online activity secure, do a little bit of research on VPNs and Tor. So far they're the two most secure ways of keeping yourself anonymous on the internet, but just remember that as long as you're using an ISP that keeps logs of your activity you'll never be entirely anonymous.

[john745]

Thank you for your anwser.

wow, is really brutal and disconcerting!

So, no matter what we do, we are always exposed in some degree? NOTHING to do?...we are this "easy target"?

Im using Tor, i read what and how this program do the things, but i also read some critics of it, which says that still is not extremly secure. Tor is great, but it slow my connection greatly.

Do you have some other "tips" for not to be "traced"?

Greetings

PD: well, this is rather ironic, we can not use Tor in the gentoo Forums, so maybe the forum contribute for our vulnerability? lol, well, i supose that not really!

[bluepass]

Well first of all, I guess, there can never be such thing as extremely secure. There will always be a weakness somewhere waiting to be found. Also, about being traced, unless you do something that's giving "the people in power" a reason to come after you, you have nothing to worry about. It is impossible for any government organization or agency to follow every single person's online activity. The only thing that they are able to do is use filters and log activity. Filters will be there to alert them in case something my sound threatening or worth taking a look at. A very simple example of that would be someone chatting with someone about, say, killing the president or planting a bomb in a certain place. Now, their systems clearly don't work exactly like that and they have more complex algorithms for figuring out whether that something is threatening (think how much activity there would've been since Bush was elected president in the US if they only did that ). And the logging would be there for them to see what else happened around the time these filters detected the threats and also for them to have proof of what happened in case it goes to court. Often the logging is done by the ISPs, though, not the government. A big ISP would prefer to talk to the government and clear their side of things by saying "we'll log traffic that goes in and out of our side so we don't become, in a way, an accomplice to whatever misuse of the internet is detected".

As for ways of not having your internet activity traced back to you, the best one I think would be wardriving. If you have a laptop with a good wireless card and you drive around neighborhoods looking for unsecured access points, you can sometimes just connect to those and use their internet connection and do whatever you want. And on top of that, alternating places and networks will work in your advantage. But like I said before, nothing is "extremely secure". Your wireless network card has a MAC address which never changes and access points may log DHCP activity. When you connect to their network and they lease you an IP address for your session, they keep your MAC address in the logs.

You shouldn't be worried about your online activity being watched all the time, especially if you don't intend on doing anything bad. You can try to avoid it by using Tor, but to a certain degree they'll always know what you're doing. They control the internet, unfortunately, not the end-user.

[MrUlterior]

[john745]

Well, the awnsers are very interesting, really.

So what i can conclude: use Tor, do not do stupid things on internet, and get away of my psicosis of persecution?, lol.

Im flatter with the anwsers. Never the less , as you say: "but to a certain degree they'll always know what you're doing"

[bluepass]

Alright, I know I haven't been posting for a while. I've been busy with things. I was, though, able to read the replies to this topic. I'm hoping that this reply will explain what the vulnerability in Tor is. Here it goes...

Consider government organizations such as the NSA or CIA setting up Tor on a bunch of their own machines. Now the way Tor works is that you are using their service but at the same time you allow other people to use your machine to route online traffic -- in a way it's like a peer-to-peer application -- you use the service and at the same time provide others with the same service. That's the basis of this project. Now consider the government setting up Tor on, say, a whole computer lab -- they don't need any strong fast machines to do this, even a simple 500 MHz machine would do it with enough RAM to run an operating system and the software needed for Tor to run. Now between the who-knows-how-many machines out there routing traffic, we have 30-40 government machines listening in and each having equal chances of being pulled as the last hop in the routing process -- which is the machine that is able to fully decrypt the packets sent and the machine that receives packets from the server to whom the request was made. So this does not only see what you send but also what you receive. Now 30-40 machines out of the thousands (I'm not certain about the number of users using this and at the same time allowing others to route traffic through their machines) might seem like a tiny number, so you think that the government doesn't get to see as much, but considering the amount of money that the NSA, for example, is spending on technology just to be able to keep up with the new security technology out there, they could set up hundreds if not thousands of machines to listen up on the Tor network which will also increase their probabilty of becoming that last Tor node which will get them the information they need.

I hope it makes sense. And again I appologize for the late reply.

[madisonicus]

[GNUtoo]

[GNUtoo]

[GNUtoo]

[GNUtoo]