How to Protect Your Privacy While Surfing the Internet
How to Protect Your Privacy While Surfing the Internet
There are essentially two main methods to hide your IP address: using a proxy server or using
a Virtual Private Network (VPN).
Step 1: Hide Your IP Address
There are essentially two main methods to hide your IP address: using a proxy server or using a Virtual Private Network (VPN).
1.1 Proxy Server
A Proxy Server is an intermediary server situated between the client and the target server. Its primary function
is to forward client requests and communicate with the target server on behalf of the client. Generally, there are
two types of proxy servers: HTTP/HTTPS proxies (hereafter referred to as HTTP proxies) and SOCKS proxies
(this article uses SOCKS5 as an example, hereafter referred to as SOCKS proxies). HTTP proxies operate at the
application layer and only provide proxying for HTTP and HTTPS. SOCKS proxies operate at the transport layer and
can forward TCP and UDP traffic.
Below are the key differences between the two proxy types:
Feature |
HTTP Proxy |
SOCKS Proxy |
Layer |
Application Layer (HTTP/HTTPS) |
Transport/Session Layer (TCP/UDP) |
Protocol Support |
HTTP, HTTPS |
All TCP and UDP protocols |
Transparency |
Can modify HTTP responses |
Typically does not modify application layer data |
Security |
Depends on config; HTTPS better |
SOCKS5 supports authentication & encryption |
Caching |
Can cache |
Cannot cache |
Applications |
Web browsers, apps accessing HTTP/HTTPS sites |
Any app needing internet, especially other protocols |
ICMP protocol cannot use proxy servers. ICMP messages are carried directly by the IP protocol
and lack TCP or UDP headers. In other words, ICMP itself is not built on top of TCP or UDP, so it cannot utilize
the above two types of proxy servers.
1.2 Configuring a Proxy Server
Windows: Search for "proxy" in Settings to configure the proxy server.
Linux:
For GNOME and KDE desktops, configure similarly to Windows via Settings.
To set a proxy specifically for the terminal, use commands like:
export http_proxy=http://PROXYHOST:PROXYPORT
export https_proxy=http://PROXYHOST:PROXYPORT
export socks_proxy=socks5://PROXYHOST:PROXYPORT
export all_proxy=socks5://PROXYHOST:PROXYPORT
export http_proxy=http://USERNAME:PASSWORD@PROXYHOST:PROXYPORT # Auth
export http_proxy=socks5://PROXYHOST:PROXYPORT # SOCKS proxy (uses local DNS)
export http_proxy=socks5h://PROXYHOST:PROXYPORT # SOCKS proxy (uses remote DNS)
Environment variables like http_proxy are generally case-insensitive. For simplicity, setting
all_proxy might suffice.
macOS: Configure proxies within the specific network connection settings. Terminal proxy configuration is similar to Linux.
Application-Specific Settings: Some software (e.g., Firefox) provides built-in proxy settings, allowing traffic proxying without system-wide configuration.
1.3 Virtual Private Network (VPN)
A Virtual Private Network (VPN) is another method to hide your IP address and protect your online activity. Unlike
a proxy server, a VPN creates a secure, encrypted tunnel between your device and the VPN server. All data passing through this tunnel is encrypted.
1.3.1 How VPNs Work
VPN software typically virtualizes a network interface card (NIC). Specified traffic is routed to this virtual NIC, where the VPN software encrypts it and transmits it to the VPN server. The traffic then exits to the public internet from the VPN server.
With a VPN, ICMP packets can be proxied.
1.3.2 VPN Protocols
VPNs use different protocols to establish and maintain secure connections. Common VPN protocols include:
OpenVPN: An open-source protocol widely considered one of the most secure and reliable VPN protocols.
IPsec/IKEv2: A fast and secure protocol, commonly used on mobile devices.
WireGuard: An emerging VPN protocol built on UDP, renowned for its high performance and simplicity.
L2TP/IPsec: An older protocol, less secure than OpenVPN or IKEv2.
PPTP: A very outdated protocol with extremely low security;should be avoided.
Step 2: Guard Against DNS Leaks
DNS leaks can occur even after hiding your IP. This happens because DNS requests are not forwarded to the proxy/VPN
server (hereafter referred to as the "remote server"), causing traffic from the remote server to still be sent to the
IP resolved by your local DNS. For example, consider a global service A. Your remote server B is located in Country C,
but you are physically in Country D. Your local DNS resolves service A to an IP in Country D. When you access service A
via remote server B, your traffic originates from B and ultimately goes to Country D. This makes service A perceive anomalous
traffic from server B's IP, as server B's traffic should logically be directed to the IPs serving Country C.
2.1 Preventing DNS Leaks
Using a Proxy Server: Only SOCKS proxies can proxy DNS requests. Ensure you use the format
socks5h://PROXYHOST:PROXYPORT (the h signifies remote DNS resolution).
Using a VPN: Configure the system's DNS server settings to use the VPN provider's DNS servers, ensuring DNS requests are routed through the VPN tunnel.
Step 3: Block WebRTC
WebRTC (Web Real-Time Communication) is an open-source project and technical standard that enables browsers and mobile
applications to implement real-time audio/video communication and data transfer via simple APIs, without requiring plugins
or third-party software. WebRTC impacts privacy browsing primarily through its P2P connection establishment. WebRTC attempts
to establish direct P2P connections between devices whenever possible to minimize latency and improve efficiency.
However, this mechanism can inadvertently reveal your true IP address to remote servers during the connection negotiation process.
3.1 Blocking WebRTC
For Firefox, use the "Disable WebRTC" add-on to block the browser's WebRTC functionality.
Step 4: Modify Your Browser's User Agent
For HTTP-based services, servers can easily extract the User Agent string from traffic at the gateway level. The User Agent
typically contains information such as your browser language and operating system language. This information can easily
undermine the efforts of the previous three steps. For example, if a website denies service to users in Region C
(which uses Language C), it can check the browser and OS language in the User Agent string. If these match Language C,
the website could deny access and flag the traffic originating from your (hidden) IP address.
4.1 Modifying the User Agent
For Firefox, use the "User-Agent Switcher and Manager" add-on to modify the User Agent string sent by your browser.
View more: https://www.blurpath.com/