Thursday, August 17, 2023

How to browse the internet as safely and anonymously as possible

It doesn't really matter why one would want to browse the internet as anonymously and safely as possible, it is within everybody's rights to do so, if they so wish. The motivations behind it don't really matter, it's not anybody's business. There can be completely legit reasons why you want to do so, browsing the internet with complete anonymity, leaving no trace behind, and keeping your computer completely safe from any malicious software that you might encounter online.

Important note: No method can ever be 100% sureproof, with 0% of malicious actors, hackers, governments or other people getting hold of your PC and/or seeing what you are doing. If you connect your PC to the internet (and sometimes even if you don't, if it has any sort of wireless capabilities) you always take some risk.

That being said, following all these steps will significantly reduce such risks and make it extremely hard for any malicious actors or software from seeing what you are doing or getting some kind of access to your computer, and will make it much harder for any malware to invade your computer.

Another important note: Employing only one or two of these steps, while it already may add some safety, will not be sufficient. The more of these steps you use, the safer and more secure it will be.

1: Use a VPN

By this point it almost sounds like a cliche, but it does help: Using a VPN makes it significantly harder (although not 100% impossible) for anybody to connect what you are browsing as coming from your computer. It will (at least ostensibly) stop your internet service provider from seeing what you are browsing (because your ISP will only see an encrypted connection to some VPN server somewhere, not what you are actually connecting to at the end of the chain.)

Note that using a VPN will introduce significant lag to your internet connection (which is something VPN service providers will often lie about), so you might not want to have it constantly on, but only when you want to go private.

Also note that, as far as I know, there exists no good free-of-charge VPN services out there, so if you want to use one you'll have to buy a subscription. There's probably no (legal) way around this, but depending on your needs it may be worth it.

2: Use a virtual machine software

Way too few people know and understand how incredibly handy and versatile virtual machines are.

A virtual machine (such as VirtualBox or VMware) allows installing and running a second operating system in such a manner that it's completely encapsulated in its own hardware sandbox (and all of its files in its own directory in the host operating system). Modern processor architectures allow running a guest OS at pretty much effectively the same efficiency as a natively-installed OS.

There are many advantages in a virtual machine: Whatever you do inside the virtual machine stays within the virtual machine, and has no effect on your natively-installed host operating system. (There may exist "jailbreak" exploits for some virtual machines, but these are unlikely. And, as said earlier, no system can ever be 100% safe, you can only try to increase safety to the maximum you can.)

Additionally, a virtual machine allows effectively taking "snapshots" of the entire guest system, and later restore the entire thing to what it was at the time of this "snapshot". In other words, it's effectively an absolutely perfect 100% backup that will move time back and restore the system to exactly what it was before, bit-by-bit. If you ever want to undo something you have done inside the virtual machine, you can just restore this backup snapshot, and everything done after that will be gone. (The easiest way to take such a "snapshot" is to simply copy the directory where the virtual machine files are located somewhere else. You can then later copy it back, which will restore the guest system to what it was.)

Also, a virtual machine allows running Linux inside it, even if your natively-installed host OS is Windows. Linux in itself adds a layer of protection as it's less targeted and less vulnerable to attacks (eg. by trojans, viruses, etc.)

3: Use an encrypted partition in the virtual machine

When installing the guest operating system into a virtual machine, choose in the installer to use an encrypted partition. Most Linux distros offer this possibility in their installers (and if one doesn't, either choose a distro that does, or look up tutorials on how to make the partition encrypted.)

When the guest operating system has been installed in an encrypted partition inside the virtual machine, whatever you do inside the virtual machine will leave no recoverable trace anywhere in your hard drives / SSDs. Anything that saves anything to disk inside the virtual machine will be encrypted, leaving no recoverable trace behind. (Remember that simply deleting a file does not necessarily remove its bits from the storage device. Not even if you use some kind of "file shredder" application that tries to completely eliminate the original data by overwriting the file: In modern SSDs these overwrites may be written to a different location in the physical storage device. When the partition is encrypted to begin with, nothing will be written to the storage device unencrypted, and thus there will be no unencrypted trace of it anywhere.)

For the extra paranoid you might want to use an encrypted partition for your natively-installed host OS as well (be it Linux or Windows), and this too will add an extra layer of security, but it's up to you whether you want to go through this. Doing it inside the virtual machine is hassle-free.

4: (Optionally) use a Tor browser inside the virtual machine

While the Tor network is often associated with the "dark web" and all kind of illicit and illegal activities, it's not in principle designed for that, and it's a legitimate way to browse the internet anonymously, and can be used to browse the regular normal internet.

It shouldn't really be relied on by its own, without anything else, but in addition to all the above, it will add yet another layer of protection.

Note that Tor may be a form of communication that's alternative to VPN, so using both at the same time might not add one form of protection on top of the other. However, it may still be useful to use both at the same time, especially if you are going to use a normal web browser in addition to a Tor browser.

If you are going to use a regular web browser inside the virtual machine, it's recommended to use the "incognito mode" provided by the browser. This is not because it would add any security or anonymity (because it doesn't), but because it's a convenient way of erasing whatever your browsing left behind on your disk, like tracking cookies, scripts, etc. If any dubious website attempts to do something to your system (even if it's just the guest system running inside the virtual machine), this adds a layer of safety in that the browser will remove all of what that website did when the browser window is closed. This is a very mild form of security, but it still doesn't hurt to use it. This is much more convenient than doing a full virtual machine snapshot restore.

Even with regular web browsers, not all browsers are equal. Some browsers have been specifically fine-tuned to make things like fingerprinting and tracking by websites as difficult as possible. An example of such web browser (and widely preferred by privacy-conscious people) is LibreWolf, which is a fork of Firefox.