[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Another Method to Block Java Hijinks

norvid wrote:

I have another method that may block Java hijinks that can allow a
site to determine your real IP.  This one allows you to use the normal
default browser settings.  You do not have to turn off all sorts of
scripts.  You probably should still block cookies.

Use a firewall with settings which block the browser from accessing
the internet but allows Privoxy access.  Set up your firewall this
way.  Now to test obviously all you need do is turn the firewall off
and on.

Go to this page to test:
This page uses a Java applet to reveal your real IP.
It will guess mine when the firewall is off but fails to when the
firewall is on.

Now test your IP without the firewall but while turning off Java.  You
should see that the test will not reveal your IP.  Don't worry about
javascript.  It has nothing to do with it on this particular page.

I'm throwing this out here as potentially another way to protect your
privacy while using Tor and depending on the firewall used it may be
easier to set up than turning off all sorts of browser functionality.

I've heard that properly configuring a firewall can be tricky. In any case, using a firewall still doesn't protect from Java applets reading identifying information locally and sending it back through the anonymous connection.

In my opinion, I think its best just to disable Java, and all the other plugins mentioned in the warning on the download page.

You may be interested to know that there is a Live CD which bundles Tor and some ipchains rules. It is mentioned in the Tor FAQ -- see "Virtual Privacy Machine":