Incognito is an open source LiveDistro based on Gentoo Linux assisting you to securely and anonymously use the Internet almost anywhere you go, e.g. your home, work, university, favourite Internet cafe or local library. Incognito can be used from either a CD or a USB drive and has several Internet applications (Web browser, IRC client, Mail client, Instant messenger, etc.) pre-configured with security in mind, and all Internet traffic will be anonymized. To use it, you simply insert the CD or USB that you have installed Incognito on in a computer and restart it. Incognito should then start as an independent operating system instead of Microsoft Windows or whatever operating system you have installed. It is also possible to run Incognito as a guest operating system inside Microsoft Windows by simply inserting the media while Windows is running which should present you with a menu.
Incognito is Free Software released under the GNU/GPL (version 2).Why do you need anonymity?
In case you didn't know, we currently find ourselves in a state of steady decline of our freedoms and privacy, with increasing levels of mass surveillance and repression all over the world (see this report from Privacy International). Without taking any precautions, your Internet service provider, the state, the police and global surveillance systems like ECHELON (which is not a conspiracy theory although some have overstated the extent of its operation; see this report from the European Parliament) can record what you do online: what you read, what you write and who you communicate with etc. This is possible since all messages sent over the Internet contain the IP addresses of both the sender and receiver, much like an ordinary mail sent through the postal system contain addresses of both sender and receiver for two-way communication. IP addresses can easily be traced back to the physical location of the computers and their owners, and from that ultimately back to you.How does Incognito provide with anonymity?
True anonymity is impossible; given enough resources an attacker will get you. But what one can do is to make the cost of doing that so high that it becomes infeasable. Incognito tries to do this by using an application called Tor which makes your Internet traffic very hard to trace by encrypting it and bouncing it around between several other computers (mixing it with the other Tor users' Internet traffic) before the encryption is removed and the traffic is sent to your destination from someone else's computer. If someone tries to trace you while you are using Incognito and Tor, the trail will most likely stop at that point because they will see the other computer's IP address, not your. As at least a rudimentary understanding of Tor currently is essential for using it securely (and knowing its limits) we strongly recommend reading the Tor overview and Understanding and Using Tor - An Introduction for the Layman (also see the note below).Features
- Common Internet applications pre-configured for anonymous use.
- Transparent network filtering which anonymizes all Internet traffic without any configuration needed (TCP only, though).
- Should run on most modern computers (otherwise please consider sending a bug report to help us further improve Incognito).
- Comes in two sizes:
- Incognito Full at ~350 MB, featuring many Internet related applications and security tools using KDE as desktop environment.
- Incognito Tiny at less than 50 MB, a minimal installation using the Fluxbox windows manager, suitable for business card sized CDs and smaller USB drives. [The development of the tiny version is currently halted]
- Ability to run from USB with persistent user settings and file storage, and optional password protected encryption, including TrueCrypt hidden volumes for plausible deniability.
- Publish web sites anonymously as Tor Hidden Services when running from USB with persistent file storage (see above).
- Virtualization - run Incognito Full within Microsoft Windows without the need to restart the computer.
- Anonymous email with Mixminion on Incognito Full.
- Option to randomize your network cards' MAC addresses when connected to untrusted networks.
- Secure deletion of system memory content on shut down to prevent forensic analysis.
- Except for some drivers (which should be OK) all software used by Incognito, including Incognito itself, is open source software and thus open for inspection for bugs, backdoors and bad design features unlike most proprietary software.
As Incognito relies heavily on Tor, and there are many misconceptions about Tor around, we would like to warn you about the fact that by simply using Tor (as all Incognito traffic does per default) your communications should only be considered to be untraceable back to the computer you used, not encrypted or in any other way hidden. While it is encrypted when it leaves your computer, it will only be so until it leaves the Tor network just before the traffic is sent to your destination. This means that an eavesdropper at some later point will be able see your traffic without Tor's encryption, but will not be able to link it back to your computer.
As such, if you are sending or receiving sensitive data whose disclosure would be damaging in itself even if it is untraceable, you need to use end-to-end encryption to hide the meaning of your data to everyone except the recipient. Examples of such sensitive information that you need to protect in this way are your real identity or other information linkable to you, login details and passwords, bank account or financial details, anything illegal and secrets in general.
There are several tools bundled with Incognito offering end-to-end encryption for various applications: Enigmail/GnuPG provides with encryption for email, OTR is for instant messaging (MSN, ICQ etc.) among others. Also, bear in mind that web browsing on sites for whom the addresses begin with "http://" are not encrypted and thus dangerous to transmit sensitive information to, but those starting with "https://" (notice the additional s) are encrypted and thus secure (many web browsers also display a lock or a similar symbol in the address field or status bar indicating that the connection is secure).