Re: You think you can hide your ip?

[Anthony DiPierro <or@xxxxxxxxx>]

On 1/17/06, Oliver Niesner <digi_news@xxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ...not if you have java enabled check this out!
>
> > http://www.inet-police.com/cgi-bin/env.cgi
>
> Does anyone know a way to check sites for such applets?
> Or is the only way to disable java, which surely breaks
> some of our favorite sites :-/
>
>
> Oliver

I'm assuming what is being done is that java is being used to connect
back to the site - this will reveal the IP address because java
doesn't go through the proxy.

I looked really quickly, and there doesn't seem to be an easy way to
disable just this one java feature (to make TCP connections) without
disabling java completely (at least not on firefox, there *might* be a
way to do it on IE which has differing java security levels, but I
didn't really look into it because I don't really use IE with tor).

Another option would be some sort of restrictive firewall.  There is
software for Unix and Windows that can restrict the ability to make
connections on a program by program basis.  Limit connections only to
Tor and you know you won't make any leaks (this could be turned on and
off when switching Tor on and off).

Personally I have java on my firefox browser turned off, party for
security reasons and partly for performance reasons.  I've found it
really doesn't affect many sites that I use.  For those few sites it
does affect, I use IE.  Now that I think about it there is likely a
firefox extension which can easily turn java on and off (maybe even on
a site-by-site whitelist basis), though until Interactive Brokers
decides to support something other than IE (or someone else offers $1
stock trades) I'm kind of stuck.

I'm curious, what are the favorite sites you have which insist on
java?  The only one I really go to more than rarely is Yahoo Games,
and it's pretty obvious why they need java.  Now if only there were
enough sites which don't require javascript...