How to be anonymous online with Incognito
At first glance Incognito may seem suited only for the extremely paranoid, because of the totality of tools it offers to hide your online presence. But those tools, each designed to mask a certain aspect of your online activity, have been around for quite a while. This 430MB-ish live CD has many faithful users, but I can't quote any on its usefulness since their identities couldn't be confirmed. Yes, Incognito is that good.
If you're looking for the ultimate way to encrypt absolutely all your internet communications and be untraceable on the internet, you're looking for Incognito. Find out how to get started by reading on...
Whether you're an anarchist, a covert operative or just someone who wants to exercise their digital rights and hide your online activity, with Incognito you can encrypt your IM conversations and emails, browse securely without the fear of cookies and the browser history revealing your secrets, and best of all, the traffic doesn't reflect in your router logs.
Apart from these methods that keep you safe from those around you, also on offer is Tor, which sits at the centre of Incognito to obscure your online traces. Tor bounces your internet traffic in such a manner that your IP address, which can be traced back to your physical location, is hidden from the outside world. With Tor, you can anonymise web browsing, instant messaging, SSH, and other applications that use the TCP protocol.
The first thing you'll need to do is download the Incognito Live CD then reboot your PC with the disk in your drive. If you find your PC booting into its normal OS, make sure your BIOS is configured to boot from the CD/DVD drive before your hard drive.
By default, Incognito greets you with its documentation served via Firefox on a 1024x768 resolution, so the first thing you might have to do is correct the screen resolution. Select Configure Desktop from the right-click context menu on the desktop. Click Display in the side bar on the left-hand side of the window and choose an appropriate resolution from the drop-down list. Click OK when you're done.
With Firefox already running, you might want to experience browsing the web through Tor. You don't need to do anything, or provide any manner of configuration to anonymise your internet traffic because Tor is already running. To confirm this, hover the mouse over the red onion-shaped button in the bottom-right corner of the screen. Clicking this button launches Tork, the graphical anonymity manager.
An aside: who wants to be anonymous?
It's tempting to think that only Bad People want to be anonymous online - the folks plotting terror attacks, people trading child pornography and such. As a result, it's only these Bad People who need to rely on technologies such as Incognito and Tor, and the rest of us shouldn't need to be anonymous.
Of course, this isn't far from the old saying, "if you've nothing to hide, you've nothing to worry about", otherwise known as "anyone worried about persecution should be persecuted."
Buck the trend. People shouldn't be branded "paranoid" just because they want to opt out of Google's information land grab. Go anonymous online just because you can.
Managing Tor with Tork
Being an anonymity manager, Tork is far more complex than just a graphical tool to manage Tor. For instance, the Anonymous Email entry under the Anonymous tab provides an interface to the Mixminion network, which lets you send and receive anonymous emails.
Since Incognito already offers tools to encrypt emails, both via Thunderbird and the webmail Firefox interface, most normal users need not bother with Mixminion. However, for those operating under - or in hiding because of - an official order, this offers an extra layer of invisibility, since emails are first routed through the Tor network and then via the Mixminion network.
Like the Tor network, Mixminion relies on volunteer-run servers to bounce your emails before they reach their destination. The individual servers, called mixes, receive messages, decrypt them and forward them to the next mix. Effectively, no single mix can determine either the sender or the recipient.
This is because no mix in the chain is aware of mixes other than its immediate mixes. You should always launch Tork from the icon in the taskbar to avoid multiple instances. If you accidentally launch Tork via the Menu > Internet > Anonymity Manager (Tork) entry, close the window without playing around with it.
If you wish to change how you're connected to the Tor network, you'll have to stop Tor. To do this, click on the shiny green onion on the left. By default, the connection to Tor is such that while you can access the other servers to route your internet traffic, people can't use your IP address to route theirs. To change this behaviour, stop Tor and click the Local pull-down button.
If you wish to allow your IP address to serve as an exit node for others, choose Exit from the list. This potentially puts you at risk with law enforcement agencies, as you don't know what traffic you just routed - it could be that you helped someone post some dodgy pictures, or a training manual, or something libellous. It would make a fascinating test case if anyone tried to prosecute you for forwarding illegal content, but, of course, we can't recommend that you do this.
There may be times when you experience frequent timeouts or other errors when accessing certain websites. For example, any time Tor connects me via a German server, I can't access certain websites, including Gmail.com, since Gmail is not permitted to ply under that name in Germany. I have to instead connect to mail.google.com/mail, which is a bother.
This happens because the circuit that Tor builds to route my traffic has a German exit node. You can however, force Tork to build new circuits to bypass such problems. In the Tork window, click the More Options button. You can now use the Citizen Of button to select a different region.
Tor (The Onion Router) is a bit like a wormhole for the internet. You enter with your own IP but exit with some other IP address and in between you cross the streams, switch intertubes and become anonymous.
Onion routing is a process whereby messages are encrypted and transmitted through several network routers before they arrive at the destination. Because of the encryption involved, the routers know neither the origin nor the final destination of the messages. Each router peels off a layer of encryption to determine the instructions meant for that router.
Tor offers second-generation onion routing, whereby traffic is sent from router to router within the Tor network before reaching an exit node. From here it is transmitted to the intended destination. From the destination's POV, the traffic appears to originate at the exit node. The Tor network is a network of relays run by volunteers spread across the world. You access the Tor network by installing an onion proxy software (which is also called Tor) on your own machine.
Read more here: www.torproject.org.
Firefox and Tor
Incognito ships with Firefox 22.214.171.124, and offers a secure browsing experience thanks to extensions such as Adblock Pro, FireGPG, Torbutton and more. There are however, no Flash or Java plugins, so you can't anonymously browse YouTube, or maybe even access your favourite news sites. Don't fret though, Slashdot renders easily enough.
Perhaps the most striking feature is the inclusion of FireGPG, which lets you send encrypted emails from any webmail service including Gmail. There's any number of documentation on public key encryption, but here's the no-fat Olive Oyl version of it: when sending a message to Alpha, you encrypt it using Alpha's public key. To read the message, Alpha uses his private key to decrypt the message.
Give me the keys...
If you prefer a full-blown client over the browser interface for processing your emails, Incognito comes with Thunderbird, with the Enigmail extension already installed and ready to sign and encrypt your emails.
To begin, launch Thunderbird from the icon on the taskbar. You'll be asked to configure an account, so follow the instructions on the wizard and you'll be done soon.
When you first configure your email account, you need to configure OpenPGP for it. To do this, click on the Write button, and in the Compose Mail dialog box, click the OpenPGP button to launch the OpenPGP configuration wizard. In the OpenPGP Option dialog box, click the Enable OpenPGP support checkbox and click OK. You're now free to choose whether to sign and/or encrypt the message.
If you've already created keys for the account you just configured with Thunderbird, you can send signed messages straight away. Plus, if you have the public key of the recipient, you can even encrypt the message. Click the Write button, provide the recipient's address and subject, and after writing your message click on the OpenPGP button and select Sign. Similarly select Encrypt to encrypt the message in addition to signing it.
If you haven't already created keys for your account, you can do so from within Thunderbird itself by clicking OpenPGP > Key Management. Since you don't have any keys yet, the OpenPGP wizard. Exit the wizard and click Generate > New Key Pair. In the Generate OpenPGP key dialog box, type in a passphrase for your keys and then click Generate. It might seem like nothing happened, but look closely at the bottom of the Generate OpenPGP key for the progress bar.
Whatever you're up to, whether you're browsing the web or sending encrypted emails and would rather they stay encrypted, Incognito is your best cloaking device.
Step by step: Encrypt mails with FireGPG
FireGPG menu: Select the text you wish to encrypt and click on Encrypt from the FireGPG options under the right-click context menu. FireGPG works only on the selected text, so any part of the body that's not selected will not be encrypted.
Select a public key: FireGPG will ask you to select the public key of the recipient from the list. After selecting a key, click OK at the bottom of the Public Key dialog box. It's not visible in this screen grab, but it's there. Honest!
Encrypted text: You're now ready to send the encrypted email. Remember, when you're decrypting a message sent via FireGPG, select the entire message body, including the BEGIN PGP MESSAGE and the END PGP MESSAGE lines.
First published in Linux Format magazine