Researchers have lots of options to manage their anonymity while performing online investigations, but not all solutions are created equally.
As researchers, we are always looking for ways to protect not only ourselves but also our organizations from becoming vulnerable to anything that can happen on the internet. In the early 2000s, all a researcher had to do was use The Onion Router (Tor) browser in order to hide their IP address and other information; and while virtual private networks (VPNs) were around, they were not as common as they are now. When you mix a VPN and Tor browser together you are able to protect your identity — for the most part — when you surf the internet. Now add in the use of a virtual machine (VM), in conjunction with a VPN and TOR browser and many would think you have the most protection possible. Sadly that is not the case.
In the late 1990s and early 2000s, while there were bad people out there on the internet, they had to know what they were doing in order to gather any personal identifiable information (PII). This is different today, as you do not need to be a computer scientist to find or pull PII from the internet.
For researchers, this is a big concern. If their identity, affiliation to their organization or intent of their research can be deciphered, bad actors can spoil their investigation. This is a problem that has outgrown the capabilities of cobbled together VMs and VPNs — and one which managed attribution is designed to solve.
What VMs and VPNs are good at
VMs give users a virtual environment that is not associated with their actual workstation or endpoint. This means that a user can be working on a Windows computer as their actual workstation but be running programs using a Linux operating system, for example; this particular scenario is extremely important in many organizations, as there is the need for security engineers to be up to date on their Windows computers but use Linux or other operating systems to access key systems in the organization.
VPNs are also a virtual environment, providing a virtual network to connect users into the businesses’ internal network (intranet). They have become commonplace in nearly every business for users to see on a daily basis and understand if their network connection is secure. VPNs are used for providing either a secure, point-to-point connection to a certain network or they are available to provide a secure, private connection to the internet. The private connection to the internet allows a user to be sure that they are protected when browsing the internet but also provides a level of privacy or anonymity for the users.
What VM and VPN services miss
While VMs and VPNs have their place in the tech stack for average users, they show their limitations when used for anonymous research or investigative purposes.
The first misconception with VMs is that if you are using a different operating system, you’re adding a layer of privacy, security and anonymity. This is not the case, especially if you’re just running a VM on your standard workstation that you do your normal work on, as you’re still using the same network card. This means that you’re still presenting yourself to the internet as your work computer and not that new VM (even though you may think that you are).
Secondly, you still have the potential to go to a malicious website that could not only infect the VM but also your endpoint, as they are connected.
VPNs are a little different, in that you are now representing yourself on the internet as coming from a different network or IP space. While this may provide some anonymity and privacy, there are still concerns about using the same endpoint you do your normal work on for research/investigative purposes, even with the VPN in place. If you are looking at malicious websites, your endpoint is still at risk.
Additionally, pairing a VPN service with a VM doesn’t really add any significant protections, even if the VM is network-based: you could be using a corporate VM or virtual desktop infrastructure (VDI) that appears to be coming from the corporate network. Malicious actors are sophisticated enough to identify that corporate network and ban that IP space from accessing their sites.
One last consideration with VPN services is that they state they do not monitor or collect logs of users using their service, but this is known to be false. They capture everything that you are doing while using their service and have the potential to sell that information or potentially leak that information to malicious actors.
Why managed attribution is the best solution for researchers
A managed attribution solution can help an organization mitigate these security risks, privacy concerns and threats to investigative integrity. To do so, the solution needs the following components:
A managed attribution solution accessible via a remote, cloud-based browsing environment allows users to surf the internet with the same experience as any traditional browser but with added protections and security. No web code ever touches the endpoint or network, eliminating the risk of malware infection.
Customized online appearance
Managed attribution should allow a researcher the ability to completely customize how they appear to sites and people they may interact with online by manipulating device details including:
- Time zone
- Keyboard settings
- Operating system
- IP address
Logging and audit trails
As I discussed previously, VPNs do have access to what’s done on their services, and that information has the potential to be sold or leaked. That’s why it’s critical that the work of mission-critical research only be logged within the organization. The customer — not the vendor — should be the only one able to access, view or download any logs that may be generated by using the managed attribution solution.
How Silo can help
The Silo Web Isolation Platform executes all web-native code remotely, so that it never reaches the endpoint, keeping your device and network safe from malware. Its purpose-built online investigation solution, Silo for Research, gives users complete control of their digital fingerprint and leverages a global network of non-attributable IP addresses to provide in-region access. All evidence can be safely collected, stored, translated and shared through one solution. And with Silo, logs can only be accessed and managed by customer admins, providing added protections for users to keep their research secure and compliant.
To learn more and try the solution for yourself, visit our experience center.