Are We Fully Secure After We Have Secured Ourselves on the Web

in #steemstem6 years ago (edited)

Introduction

From our onset knowledge on securing oneself on the internet, to browse anonymously, one needs to spoof its IP (Internet Protocol) by changing the originally assigned IP address to a different one using third parties software VPN, Web Proxy etc.

There are numerous reasons why we may need to surf the internet anonymously, most of those reasons involve privacy concern in which we use anonymity software such as VPN to secure ourselves for stopping websites from tracking our real visits, or from revealing our credentials/identity to untrusted websites, or prevent marketing databases/Ads based website from creating a profile based on our surfing habits.

Unfortunately, we can't surf the web without an IP address. When we make a request to a server, it's our IP address assigned by ISP that will communicate with the Server’s IP (Web Page), then a request is sent back to us if granted. The only way we can prevent websites from revealing our real identity is to spoof/change our IP address.

The question now is; are we fully secure after we have secured ourselves - changed our IP address with anonymity tools?

IP Address

[Image Source: Wikimedia Commons. Author: Freepik. CC BY 4.0 licensed]

Internet Protocol Address, (also called IP address), is a number assigned to each device connected to a network (internet/extranet), it is used to establish communication between devices over an IP-based network like the internet, it provides an identity to a networked device. IP address has different versions IPv4 and IPv6 and it is written in human-readable notations.

IPv4 is a 32-bit number written in decimal format separated with "." in four segments x.x.x.x ex. 172.16.254.1 which one of the numbers can range from 0-255. We can have 232 IPv4 addresses that are about 4Billion IPv4 addresses, if everyone on earth approximately 8Billion people should have a device each, IPv4 wouldn't be sufficient when IPV4 addresses are getting depleted, IPV6 was invented.
You can imagine IPv4 is finished with the modern day devices (camera, street light etc), bunch of cafes, you and me having more than a device (PC [hp, Apple] and Mobile [Android, iPad, iPhone]) all connected to the internet and assigned different IP each, but with the aid of NAT Network Address Translation, it solves IPv4 completely depletion.

IPv6 uses 128-bit number written in hexadecimal format separated with ":" in eight segments x:x:x:x:x:x:x:x ex. 2001:db8:0:1234:0:567:8:1 We can have about 2128 IPv6 address, that is a whopping number, 340 trillion addresses, meaning that every single person on earth could connect billions of devices to the internet. You can see how effectively IPv6 is, and it solves a problem like IP address collisions caused by private addresses. IPv6 has more efficient routing, easier administration, built-in privacy, superfluous number of IP address that can be generated so, Network Address Translation (NAT) is needless.

We can convert IPv4 address to IPv6 address and back.

In the real Word, IP Address is like the location you reside while TCP/IP is the street address of the house you stay.

IP Address can be categorised into two; Private and Public address;
Private IP address: This is your local IP address, this type of address is used to establish communication offline within your Switch/Router and other devices (printer, scanner etc) connected to your private/home network.

When you are connected with your home network, this address is used to communicate within those devices attached to it e.g Printing a file from the computer or sending a document from one computer to the other.

Public IP address: This is the address assigned to you by your ISP, as you are reading this post, you are assigned a Public address which made it possible for you to communicate with Public devices (i.e the internet), access websites
(steemit, coinmarketcap) and communicate with people's computer.

Both the types of IP address (Public and Private) mentioned above can be used to track users location/credentials.

You can check for your Private IP address and Public IP address by going to Google and type these keywords my private IP address for Private and my public IP address for Public or by using the websites in the table.

Private IP AddressPublic IP Address
ipleakwhatismyipaddress
236fepauon.png
original image
59aifk88wf.png
original image

Anonymity on the Web

To surf web anonymously, we secure ourselves/hide our IP address with the tools mentioned below. By hiding our IP address, we can access geo-blocked websites.

VPN

[Image Source: Wikimedia Commons. Public domain licensed]

VPN (Virtual Private Network) creates a private network, whereby it assigns a new IP address to our device and uses it to spoof the original public address, it spoofs our Public IP address to the new one assigned by the VPN. When we make a request online, instead of communicating to the server directly from our device, firstly it will communicate to the spoofed IP address our VPN assigned to us, the spoofed IP will make a request to the server to and fro and then back to our computer. If VPN is connected, all traffic coming in and out will be tunnelled through the private network.

Proxy Server

[Image Source: Wikimedia Commons. Public domain licensed]

This is one of the simple methods to mask out your real IP address, in related to VPN, proxy server acts as an intermediary "proxy" between your PC and the destination server, this is commonly used in web browsers, there are tons of free proxies on the internet and you can connect to any of it in the world, instead of your browser accessing the website directly, it will access the proxy you are connected to first, then the proxy send connection to the website and the website send back connection to the proxy and the proxy send it to back to your browser as shown in the image, in short, your browser access the website through the connected proxy. However, this is less secure than VPN because it does not encrypt your data and doesn't clear your identification tracks, data can also be leaked in the process, while VPN route all data back and forth on our PC encrypted, proxy only intercept traffic on a per-application basis and most of them are web-based.

Let's assume, you are physically located in Poland and you want to access websites restricted to people in the United State. You could go online, search for United State proxy server and connect through any of the working proxy servers, then connect to the website. The traffic from your web browser would appear to originate from the remote computer and not your own.

TOR

[Image Source: Wikimedia Commons. Author: Tor project. CC BY-SA 3.0 licensed]

The Onion Router, short TOR, is an anonymous software developed by United States Naval Research Laboratory employees, for protecting U.S. intelligence communications online, later Tor was released to the public as an open source. Tor Browser is a browser similar to Chrome, Firefox that let you connect to a volunteer network which then assign you a new IP address, similar to a VPN client basis. Tor Browser allows you to access websites "dark web" which other browsers cannot.
Dark web are websites end in .onion accessible through Tor Browser only which people now use as a medium to sell hacking tools, drugs etc. Tor traffic is not encrypted and it can be traced or monitored by high profiles such as the Governments.


How Location Is Leaked After The Anonymity

You still wonder how our real-location is leaked after we have used anonymity software like VPN, Proxy server, TOR to safeguard our real-location to be known?

[Image Source: Wikimedia Commons. Author: Tsahi Levent-Levi. CC BY 2.0 licensed]

Web Real-Time Communications, short WebRTC, is a technology, an API integrated into our modern browsers (Chrome, Firefox, UC web) and mobile application which allow a web application to stream optionally audio or video media using Real-Time Communication. This API communicate with our devices(Mobile/PC) hardware directly (direct peer-to-peer communication) which allows streaming of audio or video to work in web pages without users installing an internal or external plugin. WebRTC incorporates lots of tools and API to achieve that and also has access to our identity management and it can leak our local IP address which can be traced back to get our real-location after we have used any of the anonymity processes to hide our location.

How to Disable WebRTC

The good news is that we can disable WebRTC on our various browsers, which will stop our browsers from revealing our real local IP address.

Here are steps taken to disable WebRTC leakage on Firefox Chrome for both PC and Android;

Chrome PC

Chrome Browser does not support disabling of WebRTC, but by using an extension, Easy WebRTC Block we can disable it. Download Easy WebRTC Block extension from Chrome Store, install and enable it. Yeh! you just disabled your Chrome Browser WebRTC.

Chrome Android

Since mobile Chrome Browser does not support installing of a plugin, here are steps to follow to disable WebRTC;

Access this URL: chrome://flags/#disable-webrtc with your Chrome, it will bring out a page, scroll down until you see WebRTC Stun origin header, click text box under, by default it is Disabled select Enabled, it will ask you to relaunch your browser for changes to take effect, click RELAUNCH NOW. Yeh! you just disabled your Chrome Browser WebRTC.

StepsResult
eduasaxwaq.png
original image
zph3cutxwy.png
original image

Firefox

Unlike Chrome, Firefox allows users to disable WebRTC, here are the steps;
Type about: config into the URL and hit enter, a page will load up, click on I accept the risk! to proceed, search for media.peerconnection.enabled, double click the preference name to change the value to false, by default it is true. Done!
This method works for both PC and Android Firefox Browser.

Step 1Step 2Result
027q876qlw.png
original image
xzvnucbeyw.png
original image
n02u9fn3no.png
original image

Proof

The images shown below are screenshots of Opera and Chrome Browser on ipleak website, which the Opera shows my Private IP address because WebRTC was not disabled but Chrome doesn't show my Private IP address because WebRTC was disabled.

Opera withouth WebRTC blockedChrome with WebRTC blocked
j6c5ezk42p.png
original image
ppfq1asilt.png
original image

Conclusion

We can browse anonymously using anonymity tools (VPN, TOR, Proxy Server). Despite using an anonymity tool, our Browsers can still reveal our local IP address through WebRTC vulnerability, the local IP address can then be traced back to reveal our real identity by copying the local IP address and paste in any IP location tool. However, we can stop our browsers from revealing our real Private IP address by disabling WebRTC. Firefox supports WebRTC disable while Chrome Browser does not unless with the help of a plugin.

Thanks for reading, Browse anonymously!!!

REFERENCES


Sort:  

I do agree with the fact that we need to change our IP address in other to prevent tracking so we can surf the internet anonymously
But recently there are so many IP changing app to the extent that you can know the one that actually operates it's function what app or website do you think can enable the masking of IP successfully? Thanks for this nice post really learnt a lot and please visit my post maybe you gonna love it like I love yours
https://steemit.com/steemstem/@thunderstruck1/wonders-of-science-adhesive-force
Thanks again and have a fantastic day.

Many VPN, Proxies are popping out everyday, but the best I could recommend is Zenmate VPN available for all OS and Mobile [Android and iOS] and don't forget to disable WebRTC for efficient anonymity.

Thanks for stopping by. surely, I will check it out.

After reading through this post, I've come to realize that some of my online activities are actually not as secured as I think.
Thanks for this eye-opening post

I'm glad you came around, you're appreciated.

Hmmmmm... This is a very great post horpey, I never knew your information can still be leaked even after using the anonymity tool... But it's cool we've learnt about the WEBRTC, I'm sure most people don't know about it, yet they think they've secured themselves on the internet....

Thanks for this very educative post, this is a banger

WebRTC can be the culprit to leak someone private details. Thanks for stopping by Boss.

what a beatifully designed post - upvoting for this fact! :D

Cheers.. you're appreciated!



This post has been voted on by the steemstem curation team and voting trail.

There is more to SteemSTEM than just writing posts, check here for some more tips on being a community member. You can also join our discord here to get to know the rest of the community!

Hi @horpey!

Your post was upvoted by utopian.io in cooperation with steemstem - supporting knowledge, innovation and technological advancement on the Steem Blockchain.

Contribute to Open Source with utopian.io

Learn how to contribute on our website and join the new open source economy.

Want to chat? Join the Utopian Community on Discord https://discord.gg/h52nFrV