How to keep your internet traffic safe and secret

​​Option #1


The Onion Router (Tor) is a specially designed Internet routing system that routes traffic while encrypting the IP address of where it came from. To enable routing, only the last and next IP addresses are available at each hop. The original and all other hops along the way are encrypted and can only be decrypted by a Tor router.

Tor can evade detection from nearly everyone except the most powerful state-owned surveillance machines. Even then, the NSA has some challenges in breaking Tor, but they have and still can. In general, Tor is safe for most traffic, but if someone or some agency wants to spend the time and resources to watch you, they can and will.

You can access the Tor network by using the Tor browser, which is simply a plug-in to the open-source browser Firefox.

​​Option #2


Using proxies is a tried and true method of obscuring your identity on the Internet. Although your traffic is not encrypted and can be sniffed, the traffic cannot be attributed to any person as the proxies use their IP addresses rather than yours. Of course, this does not prohibit your traffic being tracked by your cookies.

Option #3


As the name implies, a virtual private network, or VPN, is a private way (encrypted) to connect over a public network (Internet) to a private network. It requires an authentication mechanism and then encrypts all the traffic between the client-to-server or peer-to-peer communication. It can encrypt all communication including the control channels, making it very hard to crack or identify the user.

You can access private VPN services where you will connect to their VPN server through an encrypted tunnel and then browse the Internet with their IP address. All of your traffic appears to be from their IP address and your communication to the service is encrypted so the traffic can not be traced back to you.

By default, VPN capabilities are NOT included in Kali, but I will be doing a tutorial on installing and stetting up VPN services on Kali in the near future.

Option #4

Encrypted P2P Chat or Encrypted VoIP

Often, people want to chat or use voice communications over the Internet. Both can be intercepted and read. There are at least two technologies available to encrypt these types of communications that makes it very difficult to intercept and read.


For Internet chats, CSpace is among the best. Like so many of these technologies, CSpace relies upon encryption. CSpace uses a 2048-bit RSA key for authentication and each user has a unique public key to identify themselves. Users are only identified by a hash of their public key on a central server. All communication is encrypted with TLS (Transport Layer Security). You can find more information about CSpace here(
 though, it is no longer in active development.

If the members of Anonymous had been using this service, many of those now serving time in prison (Jeremy Hammond received a 10 year sentence for hacking Stratfor and releasing the information to WikiLeaks) would still be free.


For VoIP, consider ZRTP for private voice communication. ZTRP is an open-source (thank the heavens for open-source developers) technology for VoIP communication that authenticates both ends of the communication with Diffie-Hellman and then encrypts the communication with a pre-shared key and salting.

For those of you not familiar with cryptography and password-cracking, salting makes it more difficult for a third-party to break the encryption. This technology (ZRTP) was developed by Philip Zimmerman, the same guy who developed PGP and a longtime advocate for privacy rights (Zimmerman fought the U.S. government all the way to U.S. Supreme Court when the NSA demanded a backdoor to his PGP). As a result, I have a lot of trust in ZRTP.

ZORG is an implementation of ZRTP and is available on the Android, BlackBerry, iOS, Linux, Mac OS X, Symbian, and Windows platforms.

Option #5

Combine All of the Above for Ultimate Privacy

When Edward Snowden released confidential NSA documents in 2013, we got some insights into this super-secret snooping agency. In one of these documents, the kindly folks at the NSA rated their ability to snoop on communications when users were using any number of different anonymity technologies. On a scale from 1 to 4, 1 was the least difficult and 4 the most difficult.

According to the NSA, the combination of Tor, a VPN, and either CSpace or ZRTP basically blinds, so this combo received a 4 rating. In their own words, the "good" folks at NSA described these circumstances when trying to surveil users combining these technologies as "near-total loss/lack of insight to target communications, presence."

A Word of Caution

I am very reluctant to use any proprietary, commercial product for purposes of maintaining anonymity. The reason is that these companies easily bow to pressure from state authorities to enable snooping on their networks and products. Although not perfect, open-source products are more likely to give you a greater level of assurance for maintaining your anonymity and privacy.