Tor, Jondo, and filtering proxies.



  • I had a crash course in privacy issues several years ago. I was working in a remote area. The company had a satelite system they allowed workers to share. The fellow looking after the system let it slip he was viewing websites accessed by others. It didn't take me long to get setup with tor. I chained polipo(proxy) to tor for some time then moved on to privoxy(proxy). They do provide some handy configuration options. Privoxy was especially nice that it filtered huge amounts of unwanted advertising. The proxies were necessary to prevent data leaked by browsers. Not so important now with modern browsers setup properly. I'm sure the above combos gave the administer some grief. Bjorgvin supplies a good link describing the routing and encryption protocols. The big problem with tor was losing connection to the nodes and surfing in the open. Disconnects are less common now. Hostile nodes are always a possibility so never access https over tor. I use torbrowser now. Its a no-brainer all-in-one setup. Every thing is pre-configured for privacy. Jondo is another method. Easy setup and can be chained to proxies or even tor. Free use is limited. During busy times a connection may not be possible. Jondo will stop browsing and warn you if the secure connection is dropped. Everything coming and going is encrypted. There is no way of quarantying complete privacy with the above so exchange data carefully. You could find nekkid pics of your wife in a porn site somewhere ... lol.



  • If one wants fairly reliable privacy, vpn/pptp solutions are out there.

    Public vpn offerings can be pretty pricey but essential for exchanging large files such as torrents. You are completely anonymous. The only info gathered by outside forces should only be the vpn's. A good vpn service does not keep logs of user's ip addresses or other info.

    You want to use a vpn with a 'kill switch'. Meaning it will not allow you to be exposed if the vpn connection is lost. Disconnects with vpn are quite common and can be disastrous.

    Free vpns are very limited. There are some decent ones if you search and search.

    You can run tor, jondo, whatever through a vpn as well. Extra insurance if you are really paranoid. Might be a good idea if you want to send a nasty message to the NSA.


  • Vivaldi Team

    I think what the guy looking after the satellite system did should be illegal, the scary thing is that things like that are probably going on all the time.

    The Tor Browser is definitely the way to go and easiest with no configuring. It has no disconnection problems as with VPNs… everything is always going through Tor, period. People just have to realize that exit nodes could possibly be malicious, so do sensitive stuff on HTTPS sites (as you do when not using Tor).

    You are mistaken when you say "Data between tor nodes is not encrypted." Actually, there is a layer of encryption for each hop in the Tor network, see: https://www.torproject.org/about/overview.html.en#thesolution



  • Thanks bjorgvin. You are absolutely right. Corrected.

    Good point. Never use tor for https connections.


  • Vivaldi Team

    You are welcome,

    My point was that you should visit https sites as much as possible, both when you use Tor and not. That way a malicious network operator (such as an exit node operator when you use Tor or your ISP when you don't use Tor) only sees your traffic as gibberish encrypted https traffic, not the sensitive http traffic.

    The Tor Browser comes with an extension called HTTPS Everywhere to make sure you use the https version of popular websites when available: https://www.eff.org/https-everywhere

    Your satellite operator was also not able to see the content of https sites you were visiting because the communication was encrypted. But, he knew that you were browsing those sites, just not the content. Once you turned Tor on, he could not know which sites you were visiting.



  • The problem with Tor and the likes is that an individual will find himself on a watchlist simply by using it, whether he knows it or not. A piece of software with a huge user base might dare implement such a feature, as the resulting volume of secured traffic would present a significant hurdle. This would make interception more expensive, which is what at least one security expert advises. What are the risks to a smaller community, and if(when) a weakness is found in the implementation?



  • A bit off topic:

    For me the main problem with TOR is that there are never enough exit nodes and that in many countries there is no legal base for a person who provides an exit node. I know a case where a person who provided an exit node from his private computer got prosecuted because someone from somewhere came over that exit node and used it to hack into foreign computers. The IP In the logs of the hacked computers was of course the exit node IP, guess what happened next …

    I my opinion the TOR network is only as secure and private as the mass of exit nodes is. Every government or commercial agency interested in intercepting traffic can swamp the network with new exit nodes. While that alone might not be enough to find out who the surfer is, some profiling of the surfed sites and the left comments might be enough to find out who the user is.

    But in the end the main weakness is not in the TOR network but in the physical structure of the Internet. It could be a web - theoretically - but in reality it resembles more of a tree structure - there are only so many routes to the next hub. If I look at my routes I can see that the first 4 hops never change and that the 6th is one of three main nodes in our country in 80 to 90% of all cases. Hard to stay anonymous if someone really wants to find out what I am doing (he would be bored :lol: )

    In the end:
    Do I want to stay anonymous all of the time or do I want to be anonymous in certain places or for specific reasons?
    Is there a real reason to be anonymous?
    Do I know why I use TOR or do i use it for the wrong reasons?

    I would never (ab)use the TOR network for the usual bread and butter traffic, especially not for I posting perfectly legal things in a perfectly legal forum like this. The standard TLS connection is enough security for me in this case, there is really no need for a "onionified" connection.

    I have seen people using the TOR browser for facebook. While that might be fully justified in certain societies with strong censorship, I can see no reason for people in "normal" countries to do so (one of them even used the real name and real address in facebook).



  • @QuHno:

    For me the main problem with TOR is that there are never enough exit nodes and that in many countries there is no legal base for a person who provides an exit node. I know a case where a person who provided an exit node from his private computer got prosecuted because someone from somewhere came over that exit node and used it to hack into foreign computers. The IP In the logs of the hacked computers was of course the exit node IP, guess what happened next …

    That's pretty much the same for all illegal activities. Providing a relay node is relatively risk free, but providing an exit node… I'm surprised there are any at all, really.



  • @Frenzie:

    I'm surprised there are any at all, really.

    IMO, it's a political deliberation … and no it's not aimed for Western countries in the first place.

    As for hacking through Tor, no hacker with half a brain would do it. There are better ways for a pro ...

    Besides, wonder how many of the nodes are operated by state agencies.

    As for secure connections they are overrated as well. They are mandatory in some cases (e.g. banking) but other than that wonder who of you would put his arm into the fire for a server other than one operated by himself ;)



  • Hello all,

    If anyone's looking for a free VPN solution, I would recommend CyberGhostVPN. It's fast and reliable, they don't keep logs either. :)

    Not sure if my post is related to this topic or not, forgive me if it doesn't.



  • Tor is not secure, it is anonymous.
    A VPN is not anonymous, it is secure.
    -Use Tor for anonymity
    -Use a VPN for security
    -Use Tor+VPN for security and anonymity.



  • Hi all,

    i think that is better use tor browser and tails, this is a linux distribution. i don't know your comments.



  • Firstly I wanna say that mostly people use proxy servers only for bypassing filters, Bypassing filter’s isn’t the main reason why proxies were invented. A basic advantage of using them is that they make you more anonymous and being anonymous is some time very useful for protection & security.
    Second thing is can you explain why https is not preferable in tor browser? I was thinking that it is safe but if not, then why?


  • Vivaldi Team

    I believe I corrected rusty-nails on this already, https is preferable with and without Tor. This diagram explains the situation well: https://www.eff.org/pages/tor-and-https



  • Oops. Thanks alot.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.