What are the best ways for employees to surf the Web anonymously?
I work for a non-profit organization that provides fellowships. Recently we visited a website of a particular fellow, and when we followed up with a phone call, he already knew that we were at his website. Can you explain how he knew we were on his website, what tools he may have used, and what the best ways are for our users to use the Web anonymously?
There are a couple ways the fellow could use to find out if you visited his website. The same tools used for website analytics can profile individual Web visitors. He could have quickly looked at his website analytics report while he was on the phone with you. What the man most likely did was look in his website analytic report and see that someone from your IP address space had looked at his website. He could have even gotten your IP address from an email that you sent to him. The IP addresses used in organizations many times can be looked up in the Whois domain search and can also map from your organization IP space to your ISP.
There are two basic types of tools he may have used to identify you as a visitor. He could have had a Web-based tool like Google Analytics or tools he installed on his website, like the open source AWStats or the commercial WebTrends. He could have also manually looked up your organization's IP space and searched for it in his logs.
There are a couple different ways for your employees to surf the Web anonymously, depending on the technical sophistication of your end users and your specific needs. You can either implement a Web proxy for anonymous Web browsing, like those at Anonymizer.com or an anonymity network like Tor. Both types of tools need to be configured on your local computers for maximum effectiveness in case you have mobile computers. If all of your computers access the Internet through your local network, you could also configure a local Web proxy on your network and then tunnel this proxy though an anonymous proxy service
This was first published in May 2010