Anonym.OS: providing internet anonymity [LWN.net]

January 25, 2006

This article was contributed by Jake Edge.

Internet anonymity has started to become a mainstream issue, even covered by the New York Times (registration required) and a newly released project is specifically geared towards providing users with a safer, more anonymous, internet experience. Anonym.OS is an OpenBSD-based live CD that attempts to provide the average user with the same levels of privacy that are available to more technically savvy users.

Anonym.OS uses a variety of techniques to provide security and anonymity, starting with changing the TCP parameters to give the impression that it is running Windows XP in order to blend in. It provides very strong firewall protections, disallowing any inbound traffic and only allowing encrypted and/or anonymized traffic outbound.

Tor (aka The Onion Router) provides the underlying infrastructure for anonymity by routing TCP packets through random nodes in the Tor network, with separate encryption for each hop in the route. This routing makes it difficult to determine where a particular Tor client is connecting to (or from), though large adversaries who can monitor large sections of the net can still use statistical correlations of the packet timings to determine source and destination as described in the Tor FAQ.

Another component of Anonym.OS is Privoxy, which is a web proxy that provides a variety of privacy features such as cookie management, 'web bug' disabling, and bypassing various click-tracking scripts. Privoxy also provides DNS lookup anonymity to mask which domains a user is looking up.

After booting and configuring a root password, network parameters and the like, Anonym.OS presents a standard looking desktop with Firefox, Thunderbird and Gaim as icons. These applications will use Tor and have been configured to promote privacy, particularly in Firefox, by alerting about cookies and not saving passwords or form data.

The user experience is fairly slow, largely because of Tor, but loading programs from the CD also seems to take quite a while. Anonymity is not free nor particularly fast. Web pages take roughly 5-10 times as long to load and ssh sessions remind one of the glory days of 110 baud acoustic coupler modems. Tor is a work in progress and will likely get faster and find ways to make interactive (ssh) performance better but taking multiple hops through the network is always going to have a cost.

There are two Linux based projects with similar goals, and which also use Tor: Phantomix based on KNOPPIX, and ELE based on Damn Small Linux. Because of its vaunted "security by default", OpenBSD advocates would probably scoff at using Linux for a system of this sort, but the same software and techniques used by Anonym.OS are available for Linux.

Anonym.OS is clearly a boon for people with a strong need for anonymity on the internet and who either do not have the technical ability to set this up for themselves or who may use computers that are not under their control. Anonymous bloggers, folks who are worried that their government might get access to web logs from their favorite search engine, whistleblowers and others who might aggravate large, deep-pocketed organizations could certainly find a use for Anonym.OS. One does need a strong reason to do so, however, as using it can be very slow and painful.

(Log in to post comments)