Detection and Anonymity
The tools to defeat Internet blocking, filtering and monitoring are designed to deal with different obstacles and threats. These tools can improve access to information and people, as well as mitigate risks associated with that access. Different tools may facilitate:
- Circumventing censorship: Reading or authoring documents or other kinds of content, sending or receiving information, or communicating with particular people, sites or services while bypassing attempts to prevent you from doing so. For example, reading a page from a Google cache or an RSS aggregator rather than from the original Web site.
- Preventing eavesdropping: Keeping communications private, so that nobody can see or hear the content of what you're communicating. (However, they might still be able to see with whom you're communicating!) Tools that try to circumvent censorship without also preventing eavesdropping may remain vulnerable to censorship by keyword filters that block all communications containing certain prohibited words. For example, various forms of encryption, such as https or SSH, make the information unreadable to anyone other than the sender and receiver.
- Remaining anonymous: The ability to communicate so that no one can connect you to the information or people you are connecting with — neither the operator of your Internet connection nor the sites or people you're communicating with. For example, anonymous remailers and some proxy services, such as Tor (when certain anonymity precautions are taken), provide this service.
- Concealing what you are doing: Disguising the communications you send so that someone spying on you will not be able to tell that you are trying to circumvent censorship. For example, steganography, the hiding of text messages within an ordinary image file, may conceal that you are using a circumvention tool at all.
Some tools protect your communications in only one of these ways. For example, many proxies can circumvent censorship but don't prevent eavesdropping — they let you view a blocked site, but may not prevent someone from monitoring what you are reading. It's important to understand that you may need a combination of tools to achieve your goal.
Each kind of protection is relevant to different people in different situations. When you choose tools that bypass Internet censorship, you should keep in mind what kind of protection you need and whether the particular set of tools you're using can provide that sort of protection. For example, what will happen if someone detects that you are attempting to circumvent a censorship system? Is it important to you to conceal exactly what you're reading and writing about, or do you just want to get access to a particular site or service?
Sometimes, one tool can be used to defeat censorship and protect anonymity, but the steps for each are different. For instance, Tor software is commonly used for both purposes, but Tor users who are most concerned with one or the other will use Tor differently.
An important warning
Most circumvention tools can be detected with sufficient effort by network operators or government agencies, since the traffic they generate may show distinctive patterns. This is certainly true for circumvention methods that don't use encryption, but it can also be true for methods that do use encryption. It's very difficult to keep secret the fact that you're using technology to circumvent filtering, especially if you use a fairly popular technique or continue using the same service or method for a long period of time. Also, there are ways to discover your behavior that do not rely on technology: in-person observation, surveillance, or many other forms of traditional human information-gathering.
FLOSS Manuals cannot provide specific advice on threat analysis or the choice of tools to meet the threats. The risks are different in each situation, and change frequently. You should always expect that those attempting to restrict communications or activities will continue to improve their methods.
If you are doing something that may put you at risk in the location where you are, you should make your own judgments about your security and (if possible) consult experts:
- If you select a method that requires reliance on a stranger, be careful to do what you can to ensure you can trust that person.
- Remember that the promises of anonymity and security made by different systems may not be accurate. Look for independent confirmation.
- Achieving anonymity or security may require you to be disciplined and carefully obey certain security procedures and practices. Ignoring security procedures may dramatically reduce the security protections you receive.
- Be aware that people (or governments) may set up honeypots -- fake Web sites that pretend to offer secure communication but actually capture the communications from unwitting users.
- Pay attention to non-technical threats. What happens if someone steals your computer or mobile phone or those of your best friend? What if an Internet café staff person looks over your shoulder? What happens if someone sits down at a computer in a café somewhere where your friend has forgotten to log out and sends you a message pretending to be from her?
- If there are laws or regulations that restrict or prohibit the materials you are accessing or the activities you are undertaking, be aware of the possible consequences.
To learn more about digital security and privacy, read: