Tuesday, 18 June 2013

Online Anonymity

     Anonymity over the Internet is trying to hide your identity while using the Internet so that it becomes difficult to backtrack the source.

     Let us take an example. Say you are trying to access a website, the request sent from your browser first goes to the DNS for name resolution. Then the request passes through your ISP's router and finds its way (passing through a number of routers) to the web server hosting the website. The request may have to pass through a web application firewall before it actually reaches the application. 


    In the given case your request (source IP, time stamp and other parameters) will be logged at all the intermediate points mentioned above and of course by the web application itself. By using the logged information you may be tracked back by the authorities or anybody having access to the information by using your source IP address. This article will discuss some of the popular techniques that may help you achieve anonymity over internet. In case you are a part of an enterprise network, your activities will also be logged by the proxy/firewall of your organization.

Using a proxy website

    All the requests made by your browser will go to a proxy server (belonging to the proxy website) and this proxy server makes request for web resources on your behalf. if you are routing your traffic through a proxy then your IP address is hidden from the Internet (beyond the proxy). Logs of web servers and ISP routers will reveal only the IP address of the proxy server. There are several websites out there (proxy sites) which do it for free.

    Always keep in mind that your activities are being logged by the proxy itself. This by no means is going to secure you from being caught because these services will share their logs with authorities when asked to do so. One more important thing to note about proxies is that you are routing your Internet traffic through the proxy and technically they can see all the (unencrypted) data passing through them. Basically you are trusting a third party with your data.

You may use a proxy website or even the following techniques mentioned here to bypass access control lists of your local network because for the local firewall you are not connecting to a blocked website but to the proxy. Of course a smart administrator should block the known proxy websites.

Proxy Switching

    You can use a tool like ProxySwitcher to switch between multiple proxies while you do your regular Internet browsing . Again the idea is to try and make the backtracking difficult. There are many countries in the world where people set up proxies and these proxies are live for a very short duration (difficult to find logs) . You will normally see more proxies in the countries where the government restricts free access to Internet.

    Basically for an outsider trying to track you back, the source of traffic may change from Australia to China and then to Africa in a matter of seconds. 

The Onion Router project
(from Wikipedia)

"Tor directs Internet traffic through a free, worldwide volunteer network consisting of thousands of relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis."
    As the end user you just have to install a TOR client browser which makes requests to a random TOR node (Onion router) and your IP is exposed to the first node only. This node asks another node to relay the traffic. This goes on till the traffic reaches its destination. The destination sees that the request is coming from the last TOR node.

   The TOR client finds out the route and gets the public keys for all the nodes. Your message is encrypted with all the keys starting from the key of the last node (hence the name Onion). Let us see the working in detail.

    Let us say there are 3 TOR nodes A,B and C involved (selected randomly by client) and the message is m. We assume the corresponding public keys of these nodes to be Pa,Pb and Pc.The message is repeatedly encrypted by the client starting with the public key of the exit node (Pc) followed by Pb and in the end Pa (Onion Routing).



Data received by node A: Pa(Pb(Pc(m))) 
Data received by node B: Pb(Pc(m)) 
Data received by node C: Pc(m) 
   The data is decrypted at each node by using their corresponding private key. After decryption each node gets some plain-text information about where to forward the remaining data. This makes sure that no single node knows the entire path. Each node only knows about the previous and the next node. 

    In such a case you never know who you are trusting (proxies and TOR nodes). I have heard the governments setting up TOR nodes to catch the cyber criminals. All I want to say is don't do anything stupid because you can only delay the trace you can't get away with it. 

    Always remember that you can not
completely hide yourself on the Internet but you can definitely make things difficult for the people who are tracking you.

Saturday, 18 May 2013

HTML and XML

     This article talks about two of the most popular markup languages of IT world, HTML (Hyper Text Markup Language) and XML (eXtensible Markup Language)We are going to have a look at their differences ,similarities and the problems that they try to solve. If you are looking for a complete tutorial, go to W3C : ).

    Even if you are not a web developer you must have come across HTML during your college days and XML is something that is a hot topic in the world of web services (we will see that later). Now let us try to define some terms.

markup language is used to embed the real data with tags. The tags are nothing but metadata (data about data) that may contain information about the presentation or meaning of data.  

Hypertext document contains links to other information.

Extensibility, in the domain of Information Technology , is a property that allows the end users or developers of a system to add more to its capabilities.

     HTML finds its use in the development of  web pages. HTML tells the web browser how the information contained in the page is to be displayed to the end user. Almost all the static content that you see on a web page is generated with help of HTML. Other technologies like JavaScript and flash take care of the dynamic content. On the other hand XML is a cross platform hardware/software independent standard which can be used as a data carrier across two different systems or it can be used as a way to store data. So basically HTML was designed to focus on the presentation of data and XML was designed to describe what data is and to be used as a means of data exchange. One more important point to note is that in HTML tags are already defined but in XML the developer has to define custom tags according to his requirements (extensibility). We can also look at XML as a framework that allows us to define a new markup language.One more thing to keep in mind is that HTML is case-insensitive but XML is case sensitive. Now let us take a few examples.

HTML example:


<h1>Seiko wrist watch</h1>
<p>The price is 100000 rs.</p>

XML example:

<product>
<item>Seiko wrist watch</item>
<cost>100000</cost> 
</product> 


      The examples are by no means ideal. The purpose is to show how the same data may be represented in both the languages. The HTML tags take care of the presentation of data and in the XML example the tags are describing the data itself. XML provides a very powerful way of storing data in an application independent format.Many standard software can generate their output in XML format which can be read by a different application. 


    When we communicate with a web application using a browser the HTML files are sent over HTTP (carrier) to the browser which renders the data as described by HTML. Now let us try to imagine a case where two web applications need to communicate with each other (e.g. while shopping online the vendor talks to the payment gateway then the gateway talks to your bank). Again we may use HTTP as the carrier but what about HTML? Can a machine understand bold text or the plain English used to convey data to humans? The answer is no and this is where XML comes in to picture.In simple words we can say that web services are nothing but web apps talking to each other. XML messages are sent over HTTP which are understood by applications using predefined rules. The involved applications may have been developed using different web development platforms but they all understand XML. Of course XML has competitors in the domain of web services but that goes beyond the scope of this article.

      Basically web applications are designed to be consumed by humans and and web services are designed to be consumed by other applications.