[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] catastrophe: ip-api.com sees me



Roger Dingledine wrote:
Using any browser with Tor besides Tor Browser is usually a bad idea:
https://www.torproject.org/docs/faq#TBBOtherBrowser
I disagree with that statement. It is certainly _not_ a bad idea, provided you know what you are doing.

I don't use TBB, except when I am in "internet cafe" setup/environment (which is pretty rare in my case).

For all other cases, I use regular browser, which routes all traffic locally (using the loopback device only) and traverses it over encrypted tunnel to my tor machine (all using 2 distinctly different subnets), which in turn routes it out via a 3rd machine that is connected to the real world via a VPN.

My "browser traffic" passes through 3 different firewalls before it gets out, so the chances of something going astray are close to nil.

I tend to keep tor at arms length - in my DMZ subnet - and that is how it should be. OK, admittedly, not the garden-variety setup, but it served me well over the years and I have no complaints.

As far as ip-api.com goes, they use the old "rawsocket" trick to bypass normal traffic/firewall rules - pretty amateurish.


You can read more about all the fixes in Tor Browser here:
https://www.torproject.org/projects/torbrowser/design/

Chrome, Opera, and others all have bugs that allow a website to route
traffic around the configured proxy -- and in some cases allow a website
to bypass VPNs too.

Stay safe out there,
--Roger



--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk