[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Fwd: Re: Library Defeats Tor

To: or-talk@xxxxxxxxxxxxx
Subject: Fwd: Re: Library Defeats Tor
From: mark485anderson@xxxxxx
Date: Fri, 28 Sep 2007 15:06:48 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 28 Sep 2007 18:06:56 -0400
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
On Fri, 28 Sep 2007 15:02:53 -0700, mark485anderson@xxxxxx said:
> 
> On Thu, 27 Sep 2007 21:20:42 -0500 (CDT), "Scott Bennett"
> <bennett@xxxxxxxxxx> said:
> >      On Thu, 27 Sep 2007 19:05:27 -0700 mark485anderson@xxxxxx wrote:
> > 
> > >On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett"
> > ><bennett@xxxxxxxxxx> said:
> > >>      On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd
> > >>      <watsonbladd@xxxxxxxxx>
> > >> wrote:
> > >> >mark485anderson@xxxxxx wrote:
> > >> >> Then after agreeing to the TOS, you are able to connect to tor servers,=
> > >> >
> > >> >> but all dns requests go through a library computer IP, such that they
> > >> >> can see and record where you are going. I am not sure if they can see
> > >> >> the TCP content, but the UDP (which I assume is the dns lookups are all=
> > >> >
> > >> >> being monitored and probably logged by the library server through which=
> > >> >
> > >> >> you are connected. Firewall logs clearly show the outgoing and incoming=
> > >> >
> > >> >> DNS packets to the library IP. Rest of connections to Tor servers in th=
> > >> >e
> > >> >> firewall log appear normal.
> > >> >Make sure to run DNS queries over tor if anonymity is important.
> > >> 
> > >>      Absolutely.  Check your privoxy configuration file to make sure its
> > >> first line is
> > >> 
> > >> forward-socks4a / localhost:9050 .
> > >
> > >already is
> > >
> >      Okay.  Good.
> > >> 
> > >> If you're using some other port than 9050, change that accordingly. 
> > >> Other
> > >> programs, e.g. PuTTY, will need to be configured, too, if you use them.
> > >> In the case of PuTTY, each remote login site that you configure to be
> > >> proxied through tor will need to be set to use socks5 and to do DNS name
> > >> lookups at the proxy end (see "Proxy" under "Connection").
> > >> 
> > >> >>=20
> > >> >> I have not run a sniffer yet on this, because my laptop is old and it
> > >> >> might not be able to handle it. But tor anonymity is obviously shot whe=
> > >> >n
> > >> >> connecting to their wifi nodes. I believe I tried to block the DNS
> > >> >> lookups to the Library IP with privoxy generic block rules and then I\
> > >> >Using socks-4a should fix this.
> > >
> > >already set to sock 4a
> > >
> > >> 
> > >>      Right.  Or socks5, though privoxy doesn't yet appear to support
> > >>      that.
> > >
> > >did you just start using tor?
> > >
> >      About 2.5 years so far.
> > >> 
> > >> >> could not load any web pages, indicating again that the dns requests ar=
> > >> >e
> > >> >> first being routed to the library machine, where they are, of course,
> > >> >> logged (and maybe sent off to the FBI, if your reading muslim materials=
> > >> >,
> > >> >> haha).
> > >> >Now are these DNS requests for sites you are browsing? It sounds like
> > 
> >      I think the question posed here may reveal the answer.
> 
> Already answered that I think, the dns requests APPEAR to be made each
> time a new url is looked up and not in looking up tor servers, but I
> will only know for certain when I run the sniffer, if that is possible
> on my laptop.
> 
> 
> > 
> > >> >that is the case, but I just want to make sure.
> > >> 
> > >>      Most public wireless locations use no encryption at all.  In these
> > >> situations, things like tor and SSH are about the only significant
> > >> privacy
> > >> protection most users have.
> > >
> > >no problem with tor and other wifi connections, dns goes to tor, hence
> > >my OP title LIBRARY DEFEATS TOR
> > >Tentative Conclusion: Tor cannot be used with any confidence on
> > >publically maintained machines, but there is no reference to this on the
> > >tor website; nor any real illumination from this group, so far.  I
> > >suppose now someone is going to tell me to disable javascript and
> > >cookies, ;-) The encryption is SUPPOSED to occur at the client before it
> > >even gets to any outside server, but obviously this is not happening as
> > >the dns requests are being subverted. Perhaps the traffic is being
> > >shuttled from the kernel OS to a library server. IOW tor should provide
> > >the encryption necessary and no wifi encryption should be needed. I will
> > >see if I can run a sniffer to find out exactly what's happening.
> > >
> >      Yes, and I think that may be why Watson asked the question I noted
> > above.  Tor does its own name server queries for two purposes:  1) to
> > provide exit service when running in server mode, 2) to look up addresses
> > of other tor servers, regardless of mode.  These are normal operations
> > and reveal only those activities.  When you are using it in a public
> > location, I assume that it is running only as a client.  So that returns
> > us to the question of exactly what kinds of addresses is tor looking up?
> 
> the laptop appears to be getting web site dns translations from a
> library node rather than from tor, which allows tracking and profiling.
> each time a new url is introduced I get a firewall dns request in the
> log.
> 
> > Are they only the addresses of other tor servers?  Or do they also
> > include the addresses of the web sites you're trying to reach?
> >      Would you also please double check your browser configuration to
> > make sure it is forwarding everything through privoxy?  If you're using
> > a firefox plug-in module like Torbutton, switchproxy, or foxyproxy, have
> > you accidentally disabled the proxy?
> 
> nope, don't use those, the browser is always set to go through privoxy.
> will do some further testing and try to report back, but suprised not
> more answers to this post. certainly others should have experienced this
> problem.
> 
> > 
> > 
> >                                   Scott Bennett, Comm. ASMELG, CFIAG
> > **********************************************************************
> > * Internet:       bennett at cs.niu.edu                              *
> > *--------------------------------------------------------------------*
> > * "A well regulated and disciplined militia, is at all times a good  *
> > * objection to the introduction of that bane of all free governments *
> > * -- a standing army."                                               *
> > *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> > **********************************************************************
> -- 
>   
>   mark485anderson@xxxxxx
> 
> -- 
> http://www.fastmail.fm - A no graphics, no pop-ups email service
> 
-- 
  
  mark485anderson@xxxxxx

-- 
http://www.fastmail.fm - mmm... Fastmail...
Prev by Author: Re: Library Defeats Tor
Next by Author: Re: Fwd: Re: Library Defeats Tor
Previous by thread: Re: Library Defeats Tor
Next by thread: Re: Fwd: Re: Library Defeats Tor
Index(es):
- Author
- Thread