[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
internet browsing privacy appliance with tor and privoxy
- To: or-talk@xxxxxxxxxxxxx
- Subject: internet browsing privacy appliance with tor and privoxy
- From: coderman <coderman@xxxxxxxxx>
- Date: Wed, 31 May 2006 16:19:39 -0700
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Wed, 31 May 2006 19:19:50 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=WEzunRZNkILMCjU4IFKYK6xVtV0qqR7mCRRarhNYDKgntLub5RwWfgp6ZdRY42naaipzCk/7HKFne6/gCAWupzkZWk1t0Ko9x3CZGBA3aBGkVijyQgftT781NMEZ7/Fj3XAjXqqH6FDPmU9LwM1K92LhUY76Pr4u329ColC5eMc=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
we've got a proof of concept build of an internet privacy appliance
for windows users available via torrent at:
http://public.peertech.org/jvm/
there are some known issues / deficiencies in this release:
- DNS leaks due to transparent proxy. transparent DNS proxy when in
anonymous mode is in progress (using tor-resolve and a python DNS
server)
- http traffic is identified by outgoing port (80, 8080, etc) rather
than traffic type. L7 matching is also in the works.
- https (SSL/TLS) traffic and most other types is passed through and
not proxied.
- this runtime has not been hardened against malicious peers on the
same internal network and chroot's and other techniques are not yet
implemented.
- if you are behind a restrictive firewall the update check may take a
long time to time out.
- if you are running a restrictive firewall locally the SMB share with
the install script may not be accessible.
- some types of CGI GET requests appear to be mishandled by privoxy or squid.
we're trying to work out logistics for torrent seeding before
distributing the build tools to remaster your own vmware installers
and customize the privacy appliance. we're working on fixing known
issues and anticipate a new build in the next week or so.
how it works in a nutshell:
- start the vmware instance with 128M ram and 200M disk (image is 38M
compressed)
- a public SMB share is provided with a Run.BAT install script
- script installs a MS PPTP VPN connection to forward all traffic
through the appliance
- privacy (privoxy) and anonymity (tor) is enabled by default. you
can select privacy only for a faster browsing experience with ads and
popups filtered.
a note on auto updates:
remove the /etc/janus directory to prevent the automatic update check.
we intend to use this to deploy security critical patches, filtering
updates to privoxy, and other maintenance. you can apply these
changes by hand or disable them completely as desired.
we may be intermittently available in #janusvm on irc.oftc.net for any
additional questions or comments in real-time.
checksums for these files:
JanusVM.zip
MD5: B2 7B 51 C1 09 32 E1 05 73 3A A1 72 3F F3 B6 EC
SHA2-512:
294CE5C3 C9FD4088 4B6DE7D1 E69251F5 45E4A495 4AAD1023 C22E752E D3389E36
10A1FA1F 2C7B6700 EE804318 CE2BBF55 9258E199 A6DE81B3 D76B1F9D 4B4C6FA0
JanusVM_VMWarePlayer.exe
MD5: 5B E9 28 91 A3 76 BD AA 7B E7 43 41 1F CF 30 26
SHA2-512:
1F29137A F86FCECA 1E396962 325F651C AB60EE4C 22571743 C143A986 4A4A35D8
A0911E0E 08A43B6B 44933929 B2A09B85 F6F60969 60046BF1 A3207548 528846CF