Library Defeats Tor Followup Addl Info
Ok, promised I would report back. My testing time has been limited so this information is not complete, but will help I think. Here is what I have found: 1) you cannot connect to any tor server until you connect first to a library server, and accept the library TOS, else you get repeated error messages from each tor server "will try again later..." 2) Once you have accepted the TOS on their web page through a direct browser connection, then all DNS requests are made through that library server, subjecting you to profiling and tracking. Now the more interesting part: You can defeat #2 by not allowing dns/p53 requests in you firewall ruleset-that way all dns requests will then go directly to tor servers (as far as my fw logs seem to indicate). This slows down the web page and other requests considerably. I will have to relookup how to fix Microsuck OS to do it's dns lookups directly from the client as I recall it does not do it simply by putting entries in the hosts file. Even if dns requests are made to the library machine, running a sniffer seems to show that the TCP packets are still encrypted at the client level. I have not had a chance to analyze the sniffer logs yet well yet, but just watching the traffic shows encrypted TCP going to and from tor servers, so that part is safe. You must disable dns requests at the firewall to prevent leaking to the library IP. Once you do that it appears (again, on the surface without too much study) that your traffic, including dns requests is safe. I will do more intensive analysis and testing as time and access to the library connection permits. Any useful comments and feedback appreciated. On Sat, 29 Sep 2007 13:58:37 -0700, [EMAIL PROTECTED] said: > Give me a couple days and I will confirm and report back after running a > sniffer. > I don't use this library node often, so it will be a few days. Besides I > do not have the > firewall logs with me now, so don't want to misstate things until I am > sure and have gathered as much information as I can. > > > > > On Fri, 28 Sep 2007 23:57:17 -0500 (CDT), "Scott Bennett" > <[EMAIL PROTECTED]> said: > > On Fri, 28 Sep 2007 15:06:48 -0700 [EMAIL PROTECTED] wrote: > > > > >On Fri, 28 Sep 2007 15:02:53 -0700, [EMAIL PROTECTED] said: > > >> > > >> On Thu, 27 Sep 2007 21:20:42 -0500 (CDT), "Scott Bennett" > > >> <[EMAIL PROTECTED]> said: > > >> > On Thu, 27 Sep 2007 19:05:27 -0700 [EMAIL PROTECTED] wrote: > > >> > > > >> > >On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett" > > >> > ><[EMAIL PROTECTED]> said: > > >> > >> On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd > > >> > >> <[EMAIL PROTECTED]> > > >> > >> wrote: > > >> > >> >[EMAIL PROTECTED] wrote: > > >> > >> >> Then after agreeing to the TOS, you are able to connect to tor > > >> > >> >> servers,= > > >> > >> > > > >> > >> >> but all dns requests go through a library computer IP, such that > > >> > >> >> they > > >> > >> >> can see and record where you are going. I am not sure if they > > >> > >> >> can see > > >> > >> >> the TCP content, but the UDP (which I assume is the dns lookups > > >> > >> >> are all= > > > > What does your firewall software or other tool at your disposal have > > to > > say about the TCP packets from your browser? Do they go to privoxy? And > > where does it say that packets from privoxy go? To your tor client? > > Somewhere > > else? > > > > >> > >> >> being monitored and probably logged by the library server > > >> > >> >> through which= > > >> > >> > > > >> > >> >> you are connected. Firewall logs clearly show the outgoing and > > >> > >> >> incoming= > > >> > >> > > > >> > >> >> DNS packets to the library IP. Rest of connections to Tor > > >> > >> >> servers in th= > > >> > >> >e > > >> > >> >> firewall log appear normal. > > > > Just to confirm: your firewall log shows that the UDP packets in > > question are destined to some IP address and port 53? > > > > >> > >> >Make sure to run DNS queries over tor if anonymity is important. > > >> > >> > > >> > >> Absolutely. Check your privoxy configuration file to make > > >> > >> sure its > > >> > >> first line is > > >> > >> > > >> > >> forward-socks4a / localhost:9050 . > > >> > > > > >> > >already is > > >> > > > > >> > Okay. Good. > > >> > >> > > >> > >> If you're using some other port than 9050, change that accordingly. > > >> > >> Other > > >> > >> programs, e.g. PuTTY, will need to be configured, too, if you use > > >> > >> them. > > >> > >> In the case of PuTTY, each remote login site that you configure to > > >> > >> be > > >> > >> proxied through tor will need to be set to use socks5 and to do DNS > > >> > >> name > > >> > >> lookups at the proxy end (see "Proxy" under "Connection"). > > >> > >> > > >> > >> >>=20 > > >> > >> >> I have not run a sniffer yet on this, because my laptop is old > > >> > >> >> and it > > >> > >> >> might not be able to handle it. But tor anonymity is obviously > >
Re: Library Defeats Tor Followup Addl Info
This group has not changed. I give information in good faith and then nobody replies. Course in the beginning of this thread, [EMAIL PROTECTED] and Scott Bennett" <[EMAIL PROTECTED] were replying with uninformative answers, but then as soon as I give further information, my posts are ignored. Incidently, Scott Bennett care to tell me why posts to your address bounce (i dont have time for finding out now). This is why more people don't use Tor, it seems to be only the domain of an elite group, who could care less if others join in. On Sun, 07 Oct 2007 14:12:57 -0700, [EMAIL PROTECTED] said: > Ok, promised I would report back. My testing time has been limited so > this information is not complete, but will help I think. Here is what I > have found: > > 1) you cannot connect to any tor server until you connect first to a > library server, and accept the library TOS, else you get repeated error > messages from each tor server "will try again later..." > > 2) Once you have accepted the TOS on their web page through a direct > browser connection, then all DNS requests are made through that library > server, subjecting you to profiling and tracking. > > Now the more interesting part: > > You can defeat #2 by not allowing dns/p53 requests in you firewall > ruleset-that way all dns requests will then go directly to tor servers > (as far as my fw logs seem to indicate). This slows down the web page > and other requests considerably. I will have to relookup how to fix > Microsuck OS to do it's dns lookups directly from the client as I recall > it does not do it simply by putting entries in the hosts file. > > Even if dns requests are made to the library machine, running a sniffer > seems to show that the TCP packets are still encrypted at the client > level. I have not had a chance to analyze the sniffer logs yet well yet, > but just watching the traffic shows encrypted TCP going to and from tor > servers, so that part is safe. > > You must disable dns requests at the firewall to prevent leaking to the > library IP. > > Once you do that it appears (again, on the surface without too much > study) that your traffic, including dns requests is safe. > > I will do more intensive analysis and testing as time and access to the > library connection permits. > > Any useful comments and feedback appreciated. > > On Sat, 29 Sep 2007 13:58:37 -0700, [EMAIL PROTECTED] said: > > Give me a couple days and I will confirm and report back after running a > > sniffer. > > I don't use this library node often, so it will be a few days. Besides I > > do not have the > > firewall logs with me now, so don't want to misstate things until I am > > sure and have gathered as much information as I can. > > > > > > > > > > On Fri, 28 Sep 2007 23:57:17 -0500 (CDT), "Scott Bennett" > > <[EMAIL PROTECTED]> said: > > > On Fri, 28 Sep 2007 15:06:48 -0700 [EMAIL PROTECTED] wrote: > > > > > > >On Fri, 28 Sep 2007 15:02:53 -0700, [EMAIL PROTECTED] said: > > > >> > > > >> On Thu, 27 Sep 2007 21:20:42 -0500 (CDT), "Scott Bennett" > > > >> <[EMAIL PROTECTED]> said: > > > >> > On Thu, 27 Sep 2007 19:05:27 -0700 [EMAIL PROTECTED] wrote: > > > >> > > > > >> > >On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett" > > > >> > ><[EMAIL PROTECTED]> said: > > > >> > >> On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd > > > >> > >> <[EMAIL PROTECTED]> > > > >> > >> wrote: > > > >> > >> >[EMAIL PROTECTED] wrote: > > > >> > >> >> Then after agreeing to the TOS, you are able to connect to tor > > > >> > >> >> servers,= > > > >> > >> > > > > >> > >> >> but all dns requests go through a library computer IP, such > > > >> > >> >> that they > > > >> > >> >> can see and record where you are going. I am not sure if they > > > >> > >> >> can see > > > >> > >> >> the TCP content, but the UDP (which I assume is the dns > > > >> > >> >> lookups are all= > > > > > > What does your firewall software or other tool at your disposal have > > > to > > > say about the TCP packets from your browser? Do they go to privoxy? And > > > where does it say that packets from privoxy go? To your tor client? > > > Somewhere > > > else? > > > > > > >> > >> >> being monitored and probably logged by the library server > > > >> > >> >> through which= > > > >> > >> > > > > >> > >> >> you are connected. Firewall logs clearly show the outgoing and > > > >> > >> >> incoming= > > > >> > >> > > > > >> > >> >> DNS packets to the library IP. Rest of connections to Tor > > > >> > >> >> servers in th= > > > >> > >> >e > > > >> > >> >> firewall log appear normal. > > > > > > Just to confirm: your firewall log shows that the UDP packets in > > > question are destined to some IP address and port 53? > > > > > > >> > >> >Make sure to run DNS queries over tor if anonymity is important. > > > >> > >> > > > >> > >> Absolutely. Check your privoxy configuration file to make > > > >> > >> sure its > > > >> > >> first line is > > > >> > >> >
Re: Library Defeats Tor Followup Addl Info
On 10/14/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > This group has not changed. I give information in good faith and then > nobody replies. Course in the beginning of this thread, > [EMAIL PROTECTED] and Scott Bennett" <[EMAIL PROTECTED] were > replying with uninformative answers, but then as soon as I give further > information, my posts are ignored. Incidently, Scott Bennett care to > tell me why posts to your address bounce (i dont have time for finding > out now). This is why more people don't use Tor, it seems to be only the > domain of an elite group, who could care less if others join in. Are you on crack dude?
Re: Library Defeats Tor Followup Addl Info
On Sat, Oct 13, 2007 at 05:30:30PM -0700, [EMAIL PROTECTED] wrote 13K bytes in 288 lines about: : This group has not changed. I give information in good faith and then : nobody replies. Actually, you seemed to be doing just fine without needing help. If there were explicit questions you wanted answered, I missed them in the descriptions of what you encountered. : out now). This is why more people don't use Tor, it seems to be only the : domain of an elite group, who could care less if others join in. Hardly. Tor can be difficult to correctly configure for fantastic anonymity. Many applications, operating systems, and networks conspire against you to reveal your tcp traffic destinations. Many people have problems comprehending the real threats to anonymity versus movie-plot threats as seen on the Internet. We're working to make it easier to correctly configure and use. No matter how easy we make it, the next hop will always be in an arms race to defeat Tor's gains. Sorry you felt un-loved on or-talk. You seem to be doing fine reverse engineering your local library's network. -- Andrew
Re: Library Defeats Tor Followup Addl Info
On Sat, 13 Oct 2007 17:30:30 -0700 [EMAIL PROTECTED] wrote: >This group has not changed. I give information in good faith and then Well, at least *you* haven't changed: you're still top-posting. >nobody replies. Course in the beginning of this thread, >[EMAIL PROTECTED] and Scott Bennett" <[EMAIL PROTECTED] were >replying with uninformative answers, but then as soon as I give further Actually, we were responding primarily with questions, not answers at all, in many cases in an attempt to get you to post the information with which you should have begun the thread. I continue that effort below. >information, my posts are ignored. Incidently, Scott Bennett care to >tell me why posts to your address bounce (i dont have time for finding >out now). This is why more people don't use Tor, it seems to be only the I'm not clairvoyant, so I can't read the error messages you got from here unless you post them. That having been said, however, I will mention that the administrator of this system graciously blocks most source addresses of massmail when a) there is no functioning abuse or postmaster address at that source, b) there is no valid MX RR for the source, or c) the source comes from a part of the world that is currently a disaster area of massmail sources for which reporting the massmail is nearly always a completely wasted effort. Attempts to send mail to users on this system from addresses so blocked normally result in some sort of error message being returned to the sender that provides a clue as to why the mail is being rejected. >domain of an elite group, who could care less if others join in. > At least some of the people on this list do not live according to the same schedule you live by and may have different obligations upon their time than you have. > >On Sun, 07 Oct 2007 14:12:57 -0700, [EMAIL PROTECTED] said: >> Ok, promised I would report back. My testing time has been limited so >> this information is not complete, but will help I think. Here is what I >> have found: >> >> 1) you cannot connect to any tor server until you connect first to a >> library server, and accept the library TOS, else you get repeated error >> messages from each tor server "will try again later..." Yes, that is typical. So either wait to start tor until after you do that, or ignore the messages that are issued up until your session is authenticated via their web server. I generally do the latter in those situations. >> >> 2) Once you have accepted the TOS on their web page through a direct >> browser connection, then all DNS requests are made through that library >> server, subjecting you to profiling and tracking. The private network address of the ISP's name server is usually used as a forwarder address, and that address gets passed to your computer in the DHCP lease. I've forgotten exactly how to go about setting a permanent address under Windows XP, but it should be fairly easy to do. If you haven't figured it out by the next time I shut down my FreeBSD system and boot WinXP, I'll dig around in it to see what has to be changed. >> >> Now the more interesting part: >> >> You can defeat #2 by not allowing dns/p53 requests in you firewall >> ruleset-that way all dns requests will then go directly to tor servers >> (as far as my fw logs seem to indicate). This slows down the web page >> and other requests considerably. I will have to relookup how to fix >> Microsuck OS to do it's dns lookups directly from the client as I recall >> it does not do it simply by putting entries in the hosts file. The slowdown is most likely the wait for the six-second timeout (or however long it may be these days) before trying the next name server in the list. So the trick to doing that is to find the way to restrict the DHCP client's ability to change the name server list and to set the name server list only to those addresses you have chosen. Do not assume, though, that bypassing their chosen name server means that you are safe. In the U.S., for example, an unconstitional (which is to say, "illegal under the Supreme Law of the Land") Act of Congress requires ISPs to keep logs of all name server queries, as well as HTTP requests, so they are likely to log all outbound port 53 traffic, regardless of its destination. Also, the /WINDOWS/system32/drivers/etc/hosts file is not the location you're looking for. What you need to look for is the WinXP equivalent of a UNIX /etc/resolv.conf file. (I've forgotten where it is or even if it is in only one place; a quick search of my WinXP system did not turn up a file by that name, so I'll try looking into it a bit more after I get some sleep. I've been up about 27 hours at the moment, and it's getting hard to focus on the screen.:-) >> >> Even if dns requests are made to the library machine, running a sniffer >> seems to show that the TCP packets are still encrypted at the client >> level. I have not had a chance to analyze the
Re: Library Defeats Tor Followup Addl Info
Sorry for my pertubation. It just seems everything is more difficult than it should be. And I guess I am po'd at myself also for discovering too late that dns requests were leaking. I guess I should be happy that my tcp requests appear to have been encrypted. Good thing I am not a terrorist, haha. On Sat, 13 Oct 2007 22:41:31 -0400, [EMAIL PROTECTED] said: > On Sat, Oct 13, 2007 at 05:30:30PM -0700, [EMAIL PROTECTED] wrote > 13K bytes in 288 lines about: > : This group has not changed. I give information in good faith and then > : nobody replies. > > Actually, you seemed to be doing just fine without needing help. If > there were explicit questions you wanted answered, I missed them in the > descriptions of what you encountered. > > : out now). This is why more people don't use Tor, it seems to be only > the > : domain of an elite group, who could care less if others join in. > > Hardly. Tor can be difficult to correctly configure for fantastic > anonymity. Many applications, operating systems, and networks conspire > against you to reveal your tcp traffic destinations. Many people have > problems comprehending the real threats to anonymity versus movie-plot > threats as seen on the Internet. We're working to make it easier to > correctly configure and use. No matter how easy we make it, the next > hop will always be in an arms race to defeat Tor's gains. > > Sorry you felt un-loved on or-talk. You seem to be doing fine reverse > engineering your local library's network. > > -- > Andrew -- [EMAIL PROTECTED] -- http://www.fastmail.fm - IMAP accessible web-mail
Re: Library Defeats Tor Followup Addl Info
On Sun, 14 Oct 2007 01:53:52 +0100, "KT" <[EMAIL PROTECTED]> said: > On 10/14/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > This group has not changed. I give information in good faith and then > > nobody replies. Course in the beginning of this thread, > > [EMAIL PROTECTED] and Scott Bennett" <[EMAIL PROTECTED] were > > replying with uninformative answers, but then as soon as I give further > > information, my posts are ignored. Incidently, Scott Bennett care to > > tell me why posts to your address bounce (i dont have time for finding > > out now). This is why more people don't use Tor, it seems to be only the > > domain of an elite group, who could care less if others join in. > > Are you on crack dude? Yes, thank you, and it is far superior to your airplane glue sniffing ;-) -- [EMAIL PROTECTED] -- http://www.fastmail.fm - mmm... Fastmail...
Re: Library Defeats Tor Followup Addl Info
copy of bounced message to scott bennett, keep forgetting to not send him mail. On Mon, 15 Oct 2007 15:47:03 -0700, [EMAIL PROTECTED] said: > welcome back, more inline below: > > On Sun, 14 Oct 2007 04:36:54 -0500 (CDT), "Scott Bennett" > <[EMAIL PROTECTED]> said: > > On Sat, 13 Oct 2007 17:30:30 -0700 [EMAIL PROTECTED] wrote: > > > > >This group has not changed. I give information in good faith and then > > > > Well, at least *you* haven't changed: you're still top-posting. > > > > >nobody replies. Course in the beginning of this thread, > > >[EMAIL PROTECTED] and Scott Bennett" <[EMAIL PROTECTED] were > > >replying with uninformative answers, but then as soon as I give further > > > > Actually, we were responding primarily with questions, not answers > > at all, in many cases in an attempt to get you to post the information > > with which you should have begun the thread. I continue that effort > > below. > > > > >information, my posts are ignored. Incidently, Scott Bennett care to > > >tell me why posts to your address bounce (i dont have time for finding > > >out now). This is why more people don't use Tor, it seems to be only the > > > > I'm not clairvoyant, so I can't read the error messages you got from > > here unless you post them. > > That having been said, however, I will mention that the > > administrator > > of this system graciously blocks most source addresses of massmail when > > a) there is no functioning abuse or postmaster address at that source, > > b) there is no valid MX RR for the source, or c) the source comes from > > a part of the world that is currently a disaster area of massmail sources > > for which reporting the massmail is nearly always a completely wasted > > effort. Attempts to send mail to users on this system from addresses so > > blocked normally result in some sort of error message being returned to > > the sender that provides a clue as to why the mail is being rejected. > > don't know, no time to research that, all I know is it does not happen > with anyone elses email address on this list so far. > > > > > >domain of an elite group, who could care less if others join in. > > > > > At least some of the people on this list do not live according to > > the same schedule you live by and may have different obligations upon > > their time than you have. > > whatever, I researched the problem and gave a possible solution for > those who might be similarily effected. seems the list the group could > do is comment on my findings. > > > > > > > >On Sun, 07 Oct 2007 14:12:57 -0700, [EMAIL PROTECTED] said: > > >> Ok, promised I would report back. My testing time has been limited so > > >> this information is not complete, but will help I think. Here is what I > > >> have found: > > >> > > >> 1) you cannot connect to any tor server until you connect first to a > > >> library server, and accept the library TOS, else you get repeated error > > >> messages from each tor server "will try again later..." > > > > Yes, that is typical. So either wait to start tor until after you > > do > > that, or ignore the messages that are issued up until your session is > > authenticated via their web server. I generally do the latter in those > > situations. > > prolly the quy running this library network is on this mailing list, no > doubt. > I am guessing they want the library IP sent out with all your traffic > and that is why they are assigning a library ip to your outgoing > requests. also, they probably want to track and profile your traffic, > hence the dns requests made to the library lookup file. Also the mac > address of the wireless connection I am using identifies the exact > computer making all these requests. how's that for privacy invasion? > guess I will have to start changing my mac address also. > > > >> > > >> 2) Once you have accepted the TOS on their web page through a direct > > >> browser connection, then all DNS requests are made through that library > > >> server, subjecting you to profiling and tracking. > > > > > The private network address of the ISP's name server is usually used > > as a forwarder address, and that address gets passed to your computer in > > the DHCP lease. I've forgotten exactly how to go about setting a > > permanent > > address under Windows XP, but it should be fairly easy to do. If you > > haven't > > figured it out by the next time I shut down my FreeBSD system and boot > > WinXP, > > I'll dig around in it to see what has to be changed. > > Who said XP? I never said XP. I said windows crap. the dhcp is assigning > a library IP. I have no control over that I think as it is done by a > library router or computer. > > > >> > > >> Now the more interesting part: > > >> > > >> You can defeat #2 by not allowing dns/p53 requests in you firewall > > >> ruleset-that way all dns requests will then go directly to tor servers > > >> (as far as my fw logs seem to indicate). This
Re: Library Defeats Tor Followup Addl Info
On Monday 15 October 2007 23:58:37 [EMAIL PROTECTED] wrote: > > > > well then explain to me how they can monitor dns traffic if all dns > > requests are made within the originating client box and not to any > > outside source. maybe all you tor gurus can explain how clients usually > > make dns requests through tor and WHY IT IS THAT TOR ALLOWS COMPUTERS TO > > LEAK DNS REQUESTS AT ALL TOR SOFTWARE SHOULD NOT ALLOW THIS AND > > SHOULD FAIL TO WORK IF DNS REQUESTS ARE MADE TO ANY NODE OTHER THAN TOR > > THROUGH PRIVOXY. OH THAT'S RIGHT TOR IS "EXPERIMENTAL" AND "NOT FOR > > GENERAL USE". FUNNY HOW LONG IT HAS BEEN EXPERIMENTAL. MAYBE THE FAULT > > HERE IS WITH TOR, NOT WITH ME OR THE LIBRARY? > > Whether a dns request gets routed through privoxy (or any other privacy proxy you use) and then tor depends on the system call the application uses to perform the request. The problem is that some applications perform system calls that by-pass their own proxy settings. This is more by happenstance than design. It's important for Tor users to know how to guard against this and even prevent it and the tor devs have put a lot of work into making it easier for tor's helper applications to do so. It sounds like in your situation some windows equivalent of a kernel module is hooking system calls like dns requests and doing something funky with them, the result being that DNS requests that would get routed to Tor on a normal installation are being forwarded to a big display board in the staff common room or whatever. Tor can't manage and inspect your system the way you would like it to. Other apps have to help it do this. For browsing purposes, on an OS that you can't control and don't own, the only real solution may be something like janusvm or a livecd like incognito. Hope this helps, and apologies if I'm repeating stuff elsewhere in the thread or have misunderstood your query. signature.asc Description: This is a digitally signed message part.
Re: Library Defeats Tor Followup Addl Info
Yeah ok, thanks for explaining that, I am understanding it now. I think my problems will be solved once I fix the dns/hosts file bug in Windows so that it makes dns requests to my internal hosts file first. But I will take a look at JanusVM also. On Tue, 16 Oct 2007 20:46:10 +0100, "Robert Hogan" <[EMAIL PROTECTED]> said: > On Monday 15 October 2007 23:58:37 [EMAIL PROTECTED] wrote: > > > > > > > well then explain to me how they can monitor dns traffic if all dns > > > requests are made within the originating client box and not to any > > > outside source. maybe all you tor gurus can explain how clients usually > > > make dns requests through tor and WHY IT IS THAT TOR ALLOWS COMPUTERS TO > > > LEAK DNS REQUESTS AT ALL TOR SOFTWARE SHOULD NOT ALLOW THIS AND > > > SHOULD FAIL TO WORK IF DNS REQUESTS ARE MADE TO ANY NODE OTHER THAN TOR > > > THROUGH PRIVOXY. OH THAT'S RIGHT TOR IS "EXPERIMENTAL" AND "NOT FOR > > > GENERAL USE". FUNNY HOW LONG IT HAS BEEN EXPERIMENTAL. MAYBE THE FAULT > > > HERE IS WITH TOR, NOT WITH ME OR THE LIBRARY? > > > > > > Whether a dns request gets routed through privoxy (or any other privacy > proxy > you use) and then tor depends on the system call the application uses to > perform the request. > > The problem is that some applications perform system calls that by-pass > their > own proxy settings. This is more by happenstance than design. It's > important > for Tor users to know how to guard against this and even prevent it and > the > tor devs have put a lot of work into making it easier for tor's helper > applications to do so. > > It sounds like in your situation some windows equivalent of a kernel > module is > hooking system calls like dns requests and doing something funky with > them, > the result being that DNS requests that would get routed to Tor on a > normal > installation are being forwarded to a big display board in the staff > common > room or whatever. > > Tor can't manage and inspect your system the way you would like it to. > Other > apps have to help it do this. For browsing purposes, on an OS that you > can't > control and don't own, the only real solution may be something like > janusvm > or a livecd like incognito. > > Hope this helps, and apologies if I'm repeating stuff elsewhere in the > thread > or have misunderstood your query. > > > -- [EMAIL PROTECTED] -- http://www.fastmail.fm - Email service worth paying for. Try it for free