Internet anonymity has started to become a mainstream issue, even
by the New York Times (registration required) and a newly released
project is specifically geared towards providing users with a safer, more
anonymous, internet experience.
OpenBSD-based live CD that attempts to provide the average user with the
levels of privacy that are available to more technically savvy users.
Anonym.OS uses a variety of techniques to provide security and anonymity,
starting with changing the TCP parameters to give the impression that it
is running Windows XP in order to blend in. It provides very strong
firewall protections, disallowing any inbound traffic and only allowing
encrypted and/or anonymized traffic outbound.
Tor (aka The Onion Router) provides the
underlying infrastructure for anonymity by routing TCP packets through
random nodes in the Tor network, with separate encryption for each hop in
the route. This routing makes it difficult to determine where a particular
Tor client is connecting to (or from), though large adversaries who can monitor large
sections of the net can still use statistical correlations of the packet
timings to determine source and destination as described in the Tor
Another component of Anonym.OS is Privoxy,
which is a web proxy that provides a variety of privacy features such as
cookie management, 'web bug' disabling, and bypassing various click-tracking
scripts. Privoxy also provides DNS lookup anonymity to mask which domains
a user is looking up.
After booting and configuring a root password, network parameters and the like,
Anonym.OS presents a standard looking desktop with Firefox, Thunderbird and
Gaim as icons. These applications will use Tor and have been configured
to promote privacy, particularly in Firefox, by alerting about cookies and
not saving passwords or form data.
The user experience is fairly slow, largely because of Tor, but loading
programs from the CD also seems to take quite a while. Anonymity is not
free nor particularly fast. Web pages take roughly 5-10 times as long to
load and ssh sessions remind one of the glory days of 110 baud acoustic
coupler modems. Tor is a work in progress and will likely get faster and
find ways to make interactive (ssh) performance better but taking multiple
hops through the network is always going to have a cost.
There are two Linux based projects with similar goals, and which also use Tor:
Phantomix based on KNOPPIX,
and ELE based on
Damn Small Linux. Because of its vaunted "security by default", OpenBSD
advocates would probably scoff at using Linux for a system of this sort, but
the same software and techniques used by Anonym.OS are available for Linux.
Anonym.OS is clearly a boon for people with a strong need for anonymity
on the internet and who either do not have the technical ability to set
this up for themselves or who may use computers that are not under their
control. Anonymous bloggers, folks who are worried that their government
might get access to web logs from their favorite search engine,
whistleblowers and others who might aggravate large, deep-pocketed
organizations could certainly find a use for Anonym.OS. One does need a
strong reason to do so, however, as using it can be very slow and painful.
to post comments)