Re: Any way to secure/anonymize ALL traffic?
On Thu, 23 Dec 2010 09:21:08 -0500 Praedor Atrebates prae...@yahoo.com wrote: Got it now. Now when I point to 127.0.0.1 I get places. Now the question is, how can one test whether or not their DNS is leaking? There is the tor status page that can tell you whether or not you are using tor but what about something equivalent to test your DNS anonymity? The transparent proxying firewall rules on the Tor wiki are intended to: * not affect any traffic to or from Tor, * redirect all other outbound TCP connections into Tor's TransPort, * redirect all other outbound DNS packets into Tor's DNSPort, and * drop all other outbound packets. But the only way I know of to test whether your computer is leaking DNS packets without disturbing your firewall configuration is to use a packet sniffer. Robert Ransom signature.asc Description: PGP signature
Re: Any way to secure/anonymize ALL traffic?
On Wed, 22 Dec 2010 17:10:32 -0500 Praedor Atrebates prae...@yahoo.com wrote: Would it be possible to have the VM change timezone in some random/semi-random fashion so that any timezone (and other) info that could be otherwise acquired would be just as unreliable an identifier of your system/location as information acquired from a tor session? Maybe, but it would be better to set the time zone to US Eastern Time (America/Detroit on at least glibc-based Linux distributions), so that you'll blend in with English-speaking T(A)ILS users. Robert Ransom signature.asc Description: PGP signature
Re: Any way to secure/anonymize ALL traffic?
Hi, Praedor Atrebates wrote (22 Dec 2010 13:38:27 GMT) : Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? This sounds like T(A)ILS [0]. But T(A)ILS allows direct connections to the LAN. You might want to have a look at T(A)ILS page about such matters [1] (work in progress, YMMV). [0] https://amnesia.boum.org/ [1] https://amnesia.boum.org/contribute/design/Tor_enforcement Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc | Then we'll come from the shadows. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
On 23/12/10 14:21, Praedor Atrebates wrote: Got it now. Now when I point to 127.0.0.1 I get places. Now the question is, how can one test whether or not their DNS is leaking? There is the tor status page that can tell you whether or not you are using tor but what about something equivalent to test your DNS anonymity? praedor It will depend on whether you are using Tor (or, for example, a VPN). If you are using Tor then look at the Message Log (in Vidalia). It will warn you if there is leakage based on your websurfing. If you have set-up Tor properly in Firefox the proxy settings box the you should have no problems. Along with using NoScript and TorButton to prevent Flash problems (as you previously mentioned). If you are using a VPN then try nslookup For example nslookup yahoo.com provides: Server:80.254.79.157 Address:80.254.79.157#53 Non-authoritative answer: Name:yahoo.com Address: 209.191.122.70 Where 80.254.79.157 is my VPN's DNS IP (rather than my ISP's DNS IP or 192.168.2.1#53 if you are using NAT). On Wednesday, December 22, 2010 12:03:49 pm you wrote: Praedor Atrebates, on 12/22/2010 05:41 PM, wrote: and also altered my resolv.conf (linux) so that it reads: namserver 127.0.0.1 as per the instructions, however, when I alter the resolv.conf file thus I lose the ability to resolve any addresses. Something must be missing. Do you have a nameserver running on your localhost, 127.0.0.1, like Bind? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
Check that: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy Regards, Michael 2010/12/22 Praedor Atrebates prae...@yahoo.com I have always been disturbed by the fact that javascript or flash can sidestep tor and give away your real IP. Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? Can any combination of software and hardware prevent software on one's own computer from acting the way someone else wants rather than as the owner wants? I would love to be able to use javascript and flash (some site require one or the other or both to be functional) and know that ANY traffic that exits my own system WILL be directed through the tor network. -- The means of defense against foreign danger historically have become the instruments of tyranny at home. – James Madison *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ -- Michael Gomboc www.viajando.at pgp-id: 0x5D41FDF8
Re: Any way to secure/anonymize ALL traffic?
On 12/22/10 08:38, Praedor Atrebates wrote: I have always been disturbed by the fact that javascript or flash can sidestep tor and give away your real IP. Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? Can any combination of software and hardware prevent software on one's own computer from acting the way someone else wants rather than as the owner wants? I would love to be able to use javascript and flash (some site require one or the other or both to be functional) and know that ANY traffic that exits my own system WILL be directed through the tor network. Any and ALL suggests a machine that allows only HTTP/S activity to/from a TOR process; to/from a TOR entry node; all other traffic (e.g. UDP from some sneaky plugin) is blocked. An iptables script or Windows firewall could do that. Presumably a second script would be invoked for normal operation. Alternatively, VMs dedicated to TOR applications could achieve your goal, plus protect your box if something grabs your e.g. browser and tries to sniff around. HTH *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
Just as a reminder, the problem with Flash and Javascript is not only that they might be able to cirvumvent network settings. Both can gather local information and give it away - in that case it doesn't matter if the channel itself is anonymous. Moritz Am 22.12.2010 14:38, schrieb Praedor Atrebates: I have always been disturbed by the fact that javascript or flash can sidestep tor and give away your real IP. Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? Can any combination of software and hardware prevent software on one's own computer from acting the way someone else wants rather than as the owner wants? I would love to be able to use javascript and flash (some site require one or the other or both to be functional) and know that ANY traffic that exits my own system WILL be directed through the tor network. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
Praedor Atrebates, on 12/22/2010 05:41 PM, wrote: and also altered my resolv.conf (linux) so that it reads: namserver 127.0.0.1 as per the instructions, however, when I alter the resolv.conf file thus I lose the ability to resolve any addresses. Something must be missing. Do you have a nameserver running on your localhost, 127.0.0.1, like Bind? -- http://www.predicatori.it/marco/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
On 22/12/10 13:38, Praedor Atrebates wrote: I have always been disturbed by the fact that javascript or flash can sidestep tor and give away your real IP. Are you sure that JavaScript can give away your IP? Flash can - but my understanding is that JavaScript cannot. As another poster noted though: JS is great for providing browser and system information such as the local time zone. Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? Can any combination of software and hardware prevent software on one's own computer from acting the way someone else wants rather than as the owner wants? I would love to be able to use javascript and flash (some site require one or the other or both to be functional) and know that ANY traffic that exits my own system WILL be directed through the tor network. Three suggestions: a) Use Tor with TorButton and NoScript which will deal with your Flash / JavaScript issues. It is impractical to turn JavaScript off and a few sites like YouTube demand Flash. b) Make sure you wipe your cache and your Flash Cookies. Are you using Windows or Linux? For Ubuntu you need to wipe the .adobe and .macromedia folders. c) Why not use Tor with a commercial VPN. The VPN (providing it does DNS resolution) will route all traffic and then you can use specific applications like Firefox or Pidgin to work with Tor. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
On 12/22/10 17:10, Praedor Atrebates wrote: Could one setup a VM with some arbitrary timezone for it alone and run tor and bind there so that flash and javascript cannot get such info as local timezone, etc? Would it be possible to have the VM change timezone in some random/semi-random fashion so that any timezone (and other) info that could be otherwise acquired would be just as unreliable an identifier of your system/location as information acquired from a tor session? Then, even if flash or javascript did try to pull information outside tor it would be totally bogus and ever-changing. It would still be nice to be able to squelch any attempt by flash to find your REAL IP address by forcing it to ALWAYS exit via tor no matter what. Yes. Feed the VM either random, or standardized (every TOR VM has the same fingerprint) data. As mentioned earlier, a firewall (in this case within the VM) can block all connections, except between TOR and TOR entry modes; the VM insulates any unique user info from a roving plugin/extension. The VM also protects the host, should the application within be compromised (e.g. memory attack). JAVA is capable of more identity-revealing mischief than JS; within a VM you could safely run even JAVA. HTH *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
On Wed, Dec 22, 2010 at 8:39 AM, 7v5w7go9ub0o 7v5w7go9u...@gmail.comwrote: On 12/22/10 08:38, Praedor Atrebates wrote: I have always been disturbed by the fact that javascript or flash can sidestep tor and give away your real IP. Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? Can any combination of software and hardware prevent software on one's own computer from acting the way someone else wants rather than as the owner wants? I would love to be able to use javascript and flash (some site require one or the other or both to be functional) and know that ANY traffic that exits my own system WILL be directed through the tor network. Any and ALL suggests a machine that allows only HTTP/S activity to/from a TOR process; to/from a TOR entry node; all other traffic (e.g. UDP from some sneaky plugin) is blocked. An iptables script or Windows firewall could do that. Presumably a second script would be invoked for normal operation. Alternatively, VMs dedicated to TOR applications could achieve your goal, plus protect your box if something grabs your e.g. browser and tries to sniff around. JanusVM(.com) does exactly this and works with any OS. Best regards, Kyle
Re: Any way to secure/anonymize ALL traffic?
On 12/22/10 20:32, Kyle Williams wrote: On Wed, Dec 22, 2010 at 8:39 AM, 7v5w7go9ub0o7v5w7go9u...@gmail.comwrote: Any and ALL suggests a machine that allows only HTTP/S activity to/from a TOR process; to/from a TOR entry node; all other traffic (e.g. UDP from some sneaky plugin) is blocked. An iptables script or Windows firewall could do that. Presumably a second script would be invoked for normal operation. Alternatively, VMs dedicated to TOR applications could achieve your goal, plus protect your box if something grabs your e.g. browser and tries to sniff around. JanusVM(.com) does exactly this and works with any OS. Dang. I went to that site and was impressed; yet I was not at all inclined to try it out. WHY? .Suddenly it dawns on me that my closed-minded attitude was because of VM-prejudice ( :-) ) - I'm a Linux user and so am oriented toward QEMU and VirtualBox (I presume that VMware is a favorite and best choice for Windows users). I'd guess there are a number of us who have never checked out JanusVM because we don't want to learn VMware just to experiment with a single application. A quick google came up with this: http://www.ubuntugeek.com/howto-convert-vmware-image-to-virtualbox-image.html JanusVM seems an important application; and I don't want to reinvent the wheel putting TOR into a VM!So I hope to play with conversion sometime next week. But if you already know how to do this (convert), how about putting a note on your web page telling VB and Qemu users how to use JanusVM on their VM host of choice? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/