K7

K7Blog

须知少年凌云志 曾许人间第一流.
proton
telegram

How to protect privacy and security on the Internet? How to prevent tracking?

Here is my personal experience, hoping to help you with privacy protection and anonymity!

First, let's talk about the most common and universal method of anonymity, which is to use a pseudonym when surfing the internet. It can be in English or Chinese, but it must not be related to your real name. Also, do not use the same username and password on the internet, and avoid using weak passwords, as this poses a significant security risk.

Internet Privacy Protection

Avoid downloading software randomly and granting excessive permissions to software. Also, avoid revealing important information related to work and personal life. Of course, being a mysterious person is not enough. We also need to use some tools and techniques to help us browse the internet anonymously.

1. Tor Browser#

There is not much to say about the Tor Browser. It is very secure. Another alternative is Brave, which can open a separate window that supports the Tor protocol.

When using the Tor Browser, there are usually three layers of proxies. If you use a VPN, there will be four layers of proxies. Accessing Tor domain names involves three layers of obfs4 protocol bridges and three layers of relay servers. If you enable a front-end proxy, there will be a total of seven layers.

Although it is secure for daily use, the speed is relatively slow. You can refer to my tutorial on Setting up a Tor Bridge on Debian/Ubuntu to build your own bridge. However, I do not recommend using the same bridge all the time. It is better to change it frequently. The bridge you build can be used as a backup.

Official bridge acquisition: https://bridges.torproject.org/bridges?transport=obfs4 After entering the verification code, you can obtain two bridges. Then you can go to https://metrics.torproject.org/rs.html to view the relevant information of the bridges. Some bridges will indicate the bandwidth.

We use Tor to access clearnet websites, such as my blog: https://k7blog.com. If you still feel it is not secure and can tolerate the slow speed of accessing the darknet, you can refer to my tutorial on Setting up a Darknet Website or Reverse Proxy with Baota to create a reverse proxy for the clearnet.

We cannot visit only one website every time we go online. You can refer to my Hideipnetwork v2 Online Web Proxy. This program mainly provides a reverse proxy function, but it is not limited to reverse proxying specific domain names. After setting it up, bind a darknet domain name and access it. All content accessed within this darknet domain name will be reverse proxied by the server and transmitted through Tor's 7-layer proxy.

If you only want to access specific websites through the darknet and do not understand the tutorial for setting up the reverse proxy mentioned above, I have another solution for you. According to my tutorial, you will install Baota. The directory for creating a Baota reverse proxy will be located at /www/server/panel/vhost/nginx/proxy/. Find your reverse proxy file (ending with .conf) and copy the path. Modify and save it as a sh file using the code below.

#!/bin/bash

# File path
conf_file="/www/server/panel/vhost/nginx/proxy/abc.com/proxy.conf"

# Display menu options
echo "Please select an operation:"
echo "1. Proxy Website 1"
echo "2. Proxy Website 2"
echo "3. Proxy Website 3"
echo "4. Proxy Website 4"
read -p "Please enter the option number: " choice

# Check user input and update proxy_pass
if [ "$choice" = "1" ]; then
    new_proxy_pass="http://127.0.0.1"
elif [ "$choice" = "2" ]; then
    new_proxy_pass="http://127.0.0.2"
elif [ "$choice" = "3" ]; then
    new_proxy_pass="http://127.0.0.3"
elif [ "$choice" = "4" ]; then
    new_proxy_pass="http://127.0.0.4"
else
    echo "Invalid option"
    exit 1
fi

# Replace the value of proxy_pass
sed -i "s|proxy_pass .*;|proxy_pass $new_proxy_pass;|" "$conf_file"

echo "Updated proxy_pass in $conf_file to: $new_proxy_pass"

# Notify Nginx to reload the configuration
nginx -s reload

Upload the created .sh file to the /root directory of the Linux server, for example, tordl.sh. Then, link to the server and execute chmod +x tordl.sh. If you want to use the script, execute ./tordl.sh.

ProtonMail#

You may be familiar with terms like phishing emails and email tracking. Emails can deliver files and embed HTML code, which makes it easy to be tracked if you don't have a secure email.

ProtonMail focuses on security and anonymity, both during registration and receiving emails. It also has a darknet address: https://account.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion

Let's take a simple tracking method as an example. I embed an image file in an email. As long as someone opens the email, I can view browser models, IP addresses, and other information through website logs. Currently, most email services have a feature that displays externally linked files through reverse proxies. When I tested it using Google, it showed the browser model. Perhaps there are other methods to prevent Google from proxying image files, but I haven't tested them.

The main reason I like it is that it can be accessed using the Tor Browser.

VPN and Shadowsocks (Proxy)#

Shadowsocks, V2ray, and Trojan are services that provide dedicated proxy nodes for bypassing censorship, while VPNs generally provide dedicated VPN protocols such as PPTP, SSPT, OpenVPN, and Wire Guard VPN. The applications of the two are completely different.

The nodes provided by Shadowsocks are specifically designed for bypassing censorship, while VPNs are not. VPN protocols are not specifically designed for bypassing censorship but focus on encryption. Therefore, VPNs are not as good as using proxy nodes in terms of dealing with censorship and traffic diversion. VPNs can only be used with their own software, while proxy nodes generally use third-party clients such as Clash, V2rayN, Quantumult X, Surge, and Surfboard. You can use multiple proxy nodes at the same time and specify different nodes for different websites. They have good traffic diversion rules. Using proxy nodes does not affect the access to domestic websites, and you can keep them enabled all the time. However, after using a VPN, you need to disable it, otherwise it will affect the speed of accessing domestic websites.

Which one is safer, proxy nodes or VPNs? Analyzing from the protocol perspective, VPNs are generally safer. However, regardless of security, it is useless if the connection cannot be established. Due to the obvious characteristics of VPN protocols, it is difficult to connect to overseas VPN servers in China, so even if they are secure, they are useless. In addition to using SS/SSR/V2ray/Trojan and other dedicated protocols, proxy nodes provided by proxy services can effectively bypass censorship. Proxy services also provide optimized routes, such as transit tunnels, IPLC, IEPL routes, etc., which have better connectivity. Although they are not as secure as VPNs, they are encrypted with TLS and are sufficient for daily security needs. Since most websites have enabled HTTPS, the security of VPNs has been overly exaggerated. In other words, even if ISPs know which website we are accessing, they do not know which page of the website or the specific content of the page.

Suggestions for Website Owners#

Whether it is connecting to a server or a remote Windows jump server, I recommend using Next Terminal Jump Server System. I believe everyone will use a proxy when browsing the internet. Connect to the jump server system through a proxy. The jump server can also add a relay server, and then connect to the final server through the relay server.

What we need to pay attention to is that it is better for the jump server and the main server to have different service providers and different account registration information.

When managing website content or logging into the control panel, you can also use the reverse proxy I mentioned earlier and access it through a darknet address. Cutting off access to the clearnet can not only protect yourself but also improve website security.

Next is about fund security. USDT payment has become mainstream, but some people still have some knowledge gaps in this area. Do not think that using USDT means that the destination of the funds cannot be traced. USDT is decentralized in wallets, and anyone could be the owner of the wallet. However, to cash out, it can only be done through centralized means. Usually, people may send the coins to an exchange, receive payment through a foreign account, and then transfer it to a domestic account. At this point, C2C transactions have been authenticated, making it easier to track. In recent years, there have been many cases of virtual currency crimes, and WJ will continue to iterate its technology. Once the coins enter the exchange, it is equivalent to showing the cards.

If we want to safely withdraw funds, we must master the techniques of mixing and laundering coins. In this regard, I recommend:

For cryptocurrency mixing and laundering, please chooseTelegram@A7_188

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.