Monday, 27 January 2014

Avoiding the NSA, MI6, The man from U.N.C.L.E - Part 3 (Exposure)

EXPOSURE. Now that we have a sense of where our anonymity could be compromised, as we traverse the internet, let’s look at what data we could be giving away and how. With that understanding we can then identify what steps we can take to preserve our anonymity and protect our data. As with all things in these posts, keep your tester / analyst hat on and be thinking of the technology and systems we’re using. There are likely areas where you can feedback and comment on. Let’s re-cap where our data is going and as a minimum what we might be revealing as we go.

Connecting to your ISP
·         ISP account details, your WAN address, your IP address, browsing history

Sending a request for a web site /web resource to your ISP
·         All the above plus; URL requested, browser details, data you send if not encrypted

Website receiving your request
·         URL requested, WAN address, browser details, browsing history via cookies

On top of this information, we could be sending whatever we add in forms, leaking data via silent update and license checks from installed software, etc. as we covered in the previous post [link]. Let’s go over the above to be sure we’re 100% clear on the main ways we’ll typically be compromising our anonymity.

- ISP account details
Most home and small office set-ups no longer need you to log-in to the ISP. Connection is via the modem / router you have to your fixed line and to connect to that you’ll enter a password. Either way, your ISP will then have account details for at least one person. At home, that’ll mean the name of whomever the account holder is, some bank account or card details, an address, contact details such as email and phone number along with other details such as Date of Birth. You might also have answers to questions for security such as Mothers Maiden name, First School, Favourite Food and so on. This is a lot of information about you or someone in your household.

- Your WAN address (is NOT your IP Address)
It’s important to understand that the often asked question of “Does my ISP know my IP address?” is yes and no, because the question is usually asked in an incorrect way. The IP address of your system is a private one allocated by your router (1). The particular IP address you get depends on the manufacturer of your router. You can check the IP address you’ve been given by running a CMD window in Windows and typing ipconfig, for Linux (and OSX) it's ifconfigthen look down the list for the IP4 address. This will be something like 192.168.0.?? If you do the same on another computer connected to your wireless, you’ll see it looks mostly the same except for the last few digits. Remember these are private and are not meant to be seen outside your own network, except they CAN also be seen now.

Not actually, but you get the idea

What about the WAN address / the IP address that the sites you visit can see? The IP address stated on sites like is actually the WAN (Wide Area Network) address allocated to your internet connection by your ISP. Some are static, that is you get the same one every time you connect, others are dynamic meaning you get a different one each time you connect to the ISP. Go to and see what number it shows. See how this is different to your system’s IP address? We can prove the difference. Try doing an ipconfig on another computer connected to your internet connection and note the different internal IP address. Now go to the above site on both systems, same WAN address right? Because all devices are going through the same internet connection via the same router. The router gets your collection of web requests back from the ISP, works out which internal IP address asked for it and sends it on to your PC.

It’s you WAN address, allocated by the ISP you need to be hiding. Does it make sense now why your ISP gets the nasty legal letter, saying you’ve been using torrent to download illegal material first, then they send it onto you? Because the ‘IP address’ everyone can see on the Torrent software is really your WAN address. The ISP gets the letter, looks up who they allocated the WAN address to and sends the letter onto you then – later on we’ll look at how VPNs help us with this issue.

- IP Address
However, times have changed and your internal network IP address is no longer hidden from websites you visit. Have a quick visit to and if you’re using an up-to-date version of Chrome or Firefox, you’ll see your internal IP address… oh dear, thanks to WebRTC (2) we need to make sure we hide that as well now!

- Browsing History
I’m hoping you get that every single web request you make, first goes to your ISP. They work out what the request is, find the resource, fetch the content / data then send it back to you. If you use your internet connection your ISP has full knowledge. Enough said I’m sure and no, 'incognito' has no effect except hiding your surfing from the spouse/partner. It’s something else we need to consider.

As this is a long one already, we’ll leave our exposition of what data is getting exposed and look next at how we can start to get some anonymity back.

Read More

Youtube Channel: [WATCH, RATE, SUBSCRIBE]

Links for the studious