How to Surf the Web Anonymously

BY DAVE ROOS (ABOUT-AUTHOR.HTM)         TECH (HTTP://ELECTRONICS.HOWSTUFFWORKS.COM/TECH) |

HOW-TO TECH (HTTP://ELECTRONICS.HOWSTUFFWORKS.COM/HOW-TO-TECH)

Browse the article How to Surf the Web Anonymously (http://electronics.howstuffworks.com/how-

to-tech/how-to-surf-the-web-anonymously.htm)

(http://computer.howstuffworks.com/internet-connection-
pictures.htm)
(http://computer.howstuffworks.com/internet-connection-
pictures.htm)
Many people have legitimate reasons to conceal their online
identities. See more Internet connection pictures
(http://computer.howstuffworks.com/internet-connection-
pictures.htm).
© ISTOCKPHOTO.COM
(HTTP://WWW.ISTOCKPHOTO.COM)/WEBPHOTOGRAPHEER

The Internet (http://computer.howstuffworks.com/internet/basics/internet-

infrastructure.htm) has a way of lulling you into a false sense of anonymity. After all,
how can anyone know your true identity in a virtual world? The truth is that simply by
connecting to the Internet, you share information about your computer
(http://computer.howstuffworks.com/pc.htm), your geographical location and even
about the Web sites you visit.
The goal of anonymous Web surfing is to circumvent the technologies that track your
online activity and may potentially expose your personal information to others. By
surfing anonymously, no one knows who you are, where you're connecting from or
what sites you are visiting.

When people think of surfing the Web anonymously, they automatically associate it
with extramarital affairs, malicious hacking, illegal downloading and other sordid
behaviors. That's not necessarily the case. In fact, there are many legitimate reasons
why someone would wish to remain anonymous online:
Your employer or school has strict Web surfing policies and filters your
access to the Internet.
You're a staunch free speech advocate and don't want the government
or anyone else to censor your activities.
You believe that the Internet is the perfect forum in which to express
your opinions freely without fear of being harassed or tracked down by
people who don't agree with those opinions.
You believe the Bill of Rights and the United Nations Universal
Declaration of Human Rights empowers you to conduct your private
business without outside intrusion.

You live abroad and want to access streaming video content that's only
available to people living in your home country.
You don't like the idea that search engines
(http://computer.howstuffworks.com/internet/basics/search-engine.htm)
are collecting information about your queries.
You don't want online advertisers to know where you live or what
products you buy.
You want to participate anonymously in Internet forums, perhaps to
speak to other people about a private medical condition or to discuss

As you'll see in the next section, surfing the Web anonymously isn't as easy as erasing
your browser history. Learn more about computer networks and IP addresses
(http://computer.howstuffworks.com/internet/basics/question549.htm) and how
they can expose your identity.
 

IP Addresses and Cookies

IP Addresses and Cookies

Cookies can track your browsing history to help personalize your

online shopping experience.
©ISTOCKPHOTO.COM (HTTP://WWW.ISTOCKPHOTO.COM)/A330PILOT

Every machine connected to the Internet has a unique Internet Protocol (IP) address
(http://computer.howstuffworks.com/internet/basics/question549.htm), including
your computer. You may have a static IP address or it may change each time you go
online. Either way, you are tagged with a unique identifier every time you surf the
Web.
An IP address is necessary for the Internet to work. It is literally the address of your
personal computer on a vast computer network -- like a single house on a crowded
street. The only way a Web server (http://computer.howstuffworks.com/web-
server.htm) can send the contents of a Web page to your browser is if it has your
computer's address on the network.
IP
addresses, in and of themselves, do not contain any personally identifiable
information about you. However, if you're signed up with an Internet Service Provider
(ISP) -- which is the way most of us get our Internet service -- then your ISP can easily
link your IP address with your name, home address, phone number, e-mail
(http://computer.howstuffworks.com/e-mail-messaging/email.htm) address and
even credit card information.
Don't get paranoid just yet: In general, ISPs have fairly strict privacy policies. They
won't give out your personal information to any random person who asks for it.
However, under laws like the U.S. Patriot Act and through subpoenas from the police
and federal agencies, an ISP may have no choice but to supply personal information
related to an IP address.
Cookies (http://computer.howstuffworks.com/cookie.htm) are another way for an
outside source to track your Web surfing habits. Cookies are tiny text files that are
saved in your Web browser when you visit a Web site. The file might contain your login
information, your user preferences, the contents of your online shopping cart and
other identifiers. These cookies make your Web browsing experience more
personalized and customizable. They're designed to save you time when you visit
your favorite sites. They're also designed to help advertisers tailor their messages to
your personal preferences.
First-party cookies are cookies left on your browser from Web sites you visited.
Third-party cookies are files stored on your computer from advertisers and other
parties that have information-sharing agreements with the site you visited. Many
people find third-party cookies to be a particularly egregious breach of privacy, since
you have no control over who collects information about you.
In the next section, we'll taker a close look at how scam artists can use an online data
trail to piece together your identity. 

Piecing Together Your Online Identity

Cookies (http://computer.howstuffworks.com/cookie.htm) and IP addresses
(http://computer.howstuffworks.com/internet/basics/question549.htm) alone may
not give away your personal information, but when these clues are combined with
other Web surfing data -- like your search history -- you could unwittingly disclose
your identity to hackers (http://computer.howstuffworks.com/hacker.htm), scam
artists or government investigators.
Search engines routinely store search queries associated with your IP address. Google
(http://computer.howstuffworks.com/internet/basics/google.htm) stores search
queries for nine months and MSN stores them for 18 months [source: Privacy Rights
Clearinghouse (http://www.privacyrights.org/fs/fs18-cyb.htm)]. By examining
hundreds or thousands of search queries from the same IP address, it's possible to
deduce someone's identity, particularly if they have done map searches on their
home address or entered their Social Security number.

Another threat to online privacy involves Web e-mail accounts. If you use the same
Web site for both your e-mail service and Internet searches, you might be leaving a
very clear trail for hackers and cybercriminals to follow when you go online.
For example, if you use Google as your e-mail provider, then you need to log in to
Gmail.com for each e-mail session. Any Google Web searches you conduct while
logged in to your e-mail account will be associated with the same IP address as your
e-mail account. From there, it would be easy for a hacker or other third party to
associate your searches with your e-mail address -- and to use this information to
send you customized spam or other e-mail scams.
The simplest and most direct way for someone to track your Web surfing is to view the
history on your Web browser. Your Web browser keeps a chronological list of every
Web site you visit. Most Web browsers will save your browsing history for at least a
week by default. If someone wanted to monitor your Web surfing, all that person
would have to do is open your browser and search your history.
If you're surfing the Web from a work computer, your boss doesn't need to physically
turn on your computer and check your browser history. Since you're working on an
office network, your employer has the right to monitor what sites you are visiting.
In the next section, we'll talk about anonymous proxy servers, one of the most
effective ways to hide your identity online.

You Are What You Search

In 2006, AOL posted 20 million of its users' search histories for research purposes.
Each search history was tagged with a number, not a name. Still, journalists were
able to successfully deduce the identity of several of these "numbers" simply from
examining their search queries. More than 100 people had searched for their
Social Security numbers [source: Privacy Rights Clearinghouse
(http://www.privacyrights.org/fs/fs18-cyb.htm)].

Anonymous Proxy Servers

Every time you type a URL into your Web browser and click Enter, your computer
sends a request to a Web server (http://computer.howstuffworks.com/web-
server.htm), which then delivers the Web page back to you. To do this, the Web server
needs to know your IP address
(http://computer.howstuffworks.com/internet/basics/question549.htm). So much
for surfing anonymously, right?
Not necessarily: One way to avoid revealing your IP address to every Web server you
contact is to use a proxy server. A proxy server is a machine that sits between you
and the rest of the Internet. Every page request you make goes through the proxy
server first.

An anonymous proxy server is a special kind of proxy loaded with software that
erases your IP address from any page requests and substitutes its own. When the
page is sent back by the Web server, the proxy server then forwards it along to you
free of any additional software scripts that might compromise your identity.
The most popular kind of anonymous proxy servers are Web-based proxies. All you
have to do is go to the Web site of the proxy service, enter the desired URL in a special
address box and the service will relay the request to the Web server anonymously.
There are some downsides to anonymous proxy servers. Because each incoming and
outgoing page needs to be processed by the proxy server, this can often result in slow
page loading times. And since the proxy server attempts to delete or bypass any
suspicious elements on the returning Web page, a lot of pages will load with errors.
Make sure that you use a recognized Web proxy with a clear privacy policy. There have
been cases of malicious hackers who have set up phony anonymous Web proxies to
collect information from unwitting clients. When you use a proxy server, the
information often travels unencrypted, allowing hackers
(http://computer.howstuffworks.com/hacker.htm) to see things like usernames,
passwords and other sensitive information [source: WhatIsMyIPAddress.com
(http://whatismyipaddress.com/)].
You should also avoid so-called "open proxies." These are proxy servers that claim to
have been abandoned and accidentally left "open" for one reason or another. Many of
these proxies are booby traps set up by malicious hackers who want to steal
personally identifiable information. Some open proxies are actually living on the
computers of unwitting users who have been infected by a computer virus.
Now that you know how to hide your IP address online, it's time to check your Web
browser settings.

Privacy Settings in Your Browser

There are many easy and effective ways to preserve your online
anonymity.
© ISTOCKPHOTO.COM/ (HTTP://WWW.ISTOCKPHOTO.COM)MELHI

Anonymous proxy servers are a great way to mask your IP address

(http://computer.howstuffworks.com/internet/basics/question549.htm) online,
but there is still plenty of information about your Web surfing habits stored on your
computer (http://computer.howstuffworks.com/inside-computer.htm). Luckily, it's
easy to control your privacy settings directly in your Web browser.
One of the simplest ways to cover your online tracks is to manually delete your
browser history. All Web browsers -- like Internet Explorer
(http://computer.howstuffworks.com/internet/basics/internet-explorer-8.htm),
Firefox (http://computer.howstuffworks.com/internet/basics/firefox.htm), Safari or
Google Chrome -- allow you to delete your Web surfing history.

Follow these instructions to delete your browser history:

In Safari, go to the History menu, scroll all the way down to the bottom
and click "Clear History."
In Firefox, open the Preferences box from the Firefox menu. Choose the
Privacy tab. Go down to the section on Private Data and click "Clear Now."
 In Google Chrome, go to the Tools menu, select "History," select a
recent Web site and click "Delete history for this day."
In Internet Explorer 7 and 8, this process is a little more complicated. Go
to support.microsoft.com and follow the directions there for assistance.

Note, however, that any network administrator -- at the office or even at your ISP --
can access your surfing history on the network level, even if you erase it on your
computer.
You can also control how your browser handles cookies
(http://computer.howstuffworks.com/cookie.htm). The default setting on most
browsers is to accept cookies from all sites. You can either block cookies entirely --
which might prevent you from using certain online banking and shopping sites -- or
you can choose only to block third-party cookies.
Since anonymous Web surfing is becoming more and more popular, the latest
versions of Internet Explorer, Firefox, Safari and Google Chrome include special
settings for surfing without a trace. By enabling these settings, your browser won't
save your surfing history, search queries, cookies, download history or passwords.
Here is how you activate anonymous surfing in some the more popular Web browsers:
In Internet Explorer 8, open a new tab and select "Browse with
InPrivate."
In Safari, under the main Safari menu, you can check a setting called
"Private Browsing."
In Google Chrome, click on the page icon next to the URL window and
select "Open New Incognito Window."

In the next section, we'll talk about ways to get around the thorny problem of Web
sites that force you to register.

Anonymous Registration
Many free and subscription Web sites require you to register before using their
services. This usually requires three basic things: an active e-mail
(http://computer.howstuffworks.com/e-mail-messaging/email.htm) address, a
username and a password.
Aside from the security risks of giving your e-mail address and other personally
identifiable information to a random Web site, a lot of people simply don't want every
Web site they visit to know who they are, and certainly not how to contact them.

For security purposes, experts recommend that you don't use the same username
and password to access all of your Web sites and services. The danger, of course, is
that one of these sites will -- either maliciously or accidentally -- hand your
information over to identity thieves (http://money.howstuffworks.com/identity-
theft.htm) who will use your universal username and password to access your online
bank account or other highly sensitive Web services.
Another annoyance is that many Web sites have no problem with selling your
information to third parties who will then load your inbox with spam
(http://computer.howstuffworks.com/internet/basics/spam.htm). Some sites allow
you to opt out of receiving e-mails from partners, but it isn't always clear which boxes
to check or uncheck.
If you don't want to give your real e-mail address to every Web site that requires
registration, you can always create multiple e-mail accounts using free services like
Yahoo! Mail (http://computer.howstuffworks.com/e-mail-messaging/yahoo-
mail.htm) or Google Mail. For most Web sites, the only real purpose of the e-mail
address is to confirm registration, so it's OK if you never check the e-mail account
again.
However, if you register with many different Web sites and want to keep track of all of
your different usernames, passwords and e-mail addresses, don't create an Excel or
Word file and save it on your computer. If someone is able to access that file, they'd
have more than enough information to steal your identity.
A better solution is to use a secure, Web-based service like ShopShield or Anonymizer.
These services automatically generate temporary e-mail addresses with unique
usernames and passwords for any site you wish. Whenever a new e-mail message is
received at one of these temporary accounts, it is scrubbed for viruses and spam and
then forwarded to your real e-mail address. You can also delete unwanted accounts
with a click of a button.
Another clever solution is a Web site called BugMeNot.com, in which users post free
usernames and passwords for shared access to popular Web sites like newspapers
and video sharing sites. If a username and password stops working, it is voted down